Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp7200179rwr; Wed, 10 May 2023 05:25:12 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ51ogxMRd8BVuytoVZKRU3lfjiVh0AK+cJh+Z2v3Y0XQCXvpXxjdeC8lzPHk5K9PMp63Re4 X-Received: by 2002:a17:90a:3485:b0:247:2d9d:4722 with SMTP id p5-20020a17090a348500b002472d9d4722mr17959794pjb.0.1683721512496; Wed, 10 May 2023 05:25:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683721512; cv=none; d=google.com; s=arc-20160816; b=IOR6sD6wkrAdIfU+5vka7gsEwruDwCkY91oVZGmDQqOdGM2sAcn1ZuMaNZLZsss7Us EaVZn9c7j+I3ocTwhu/9zhXWEVoJZ+s02HK+BBeUpNRHs2F/zZA5TFRivwLvm2eerMiu v72LaHnBtZWQCZtIbnbfzT64CB5byykC9yTIJryxFakoh6SsDkSRIC56HBFGPDyi3Xxo qGFfNLvF6yNBvrpNazWcDdq91fB+0Z+NDYtEj9OrXnm2WoCgsORrTVZs9h15Ed6sqoI/ bb600O/9ZCtCcL56PPIJ597ZgWBz8jToaMCD/hyWKx9Mf4VuzfQXy9IyxvaZECjKD2x3 hTXA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=K7dp685KgRykaIBOrjfOnIF3gqnjlqK+bB6pT5rHUIE=; b=qsHNjRIuRd9URyltzAW1AlLlHgQFvEuRrnSvjYfX/t3LSYWUDKUufJLnkveqB46nhK bvXhfuLv20evKymKezGVVjwReEaQTCrau8Mpmu1IZt+JWSks8b6dGIQ2se+MQeel8K9S NDa72zu3muQpEUrbU80I5uStvKqJctcmslwwz7vpjQT2KmebnT/joO2g25md/0UhJD9Z 2kc8Awyg6QBkZ9OwCFroHNoIBSi/ivQwPGBZTlvNqtQePKd+H5eygVsU0WVzfkdQ9RKF BpYVPtshLaEgRC6cRDxqklWhqgqWoOSZsERSu/Qt+OXs7IdfraVXfvQsuzvAZeslSrQL giOw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=nJYye+Iy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j63-20020a638042000000b0053009feb3b0si3911584pgd.218.2023.05.10.05.24.58; Wed, 10 May 2023 05:25:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=nJYye+Iy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236978AbjEJMVV (ORCPT + 99 others); Wed, 10 May 2023 08:21:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58204 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236972AbjEJMVU (ORCPT ); Wed, 10 May 2023 08:21:20 -0400 Received: from mail-pl1-x633.google.com (mail-pl1-x633.google.com [IPv6:2607:f8b0:4864:20::633]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 224122718; Wed, 10 May 2023 05:21:19 -0700 (PDT) Received: by mail-pl1-x633.google.com with SMTP id d9443c01a7336-1ab01bf474aso54704435ad.1; Wed, 10 May 2023 05:21:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1683721278; x=1686313278; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=K7dp685KgRykaIBOrjfOnIF3gqnjlqK+bB6pT5rHUIE=; b=nJYye+IyZSqyEJZf0XcSmzkOb+mvnJ9kc2rwai8v1Xs6/Vj5YtVplF9Sv73GVGFNqq h5tfDTH0UdDzcyBEcChdqATnKiYl/5q/ZPZXnx08e5MdGP4vvxHJ3OY5Q/pjH+YiEAfL HeZVrnYUHCYqta9CY9HriS2cQLQXph/7sqDz1UuF2F1UD3hRl2LLwfZPCxQ7Km3DaxsY LBIlOXw1t+Xi/ywqPKYWTZehhVRBP/qfaJh7OKZUrsOBeUNe1lz6Lsq5b1cyxMaQODgk mHPzzq3weV9J5cQPzczQSwis3qM2TzPzN7wHuvMXDiR+M00b/bkuqzGqOj8dRt9/sdbS WQXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683721278; x=1686313278; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=K7dp685KgRykaIBOrjfOnIF3gqnjlqK+bB6pT5rHUIE=; b=DUQaC6AWI+udn0/kk2tMHdx9DdYOvGKOcg0W3sEN5Cn2OKd7oJztJxb3C9O7CZIRrZ aFfnB8tGBqO9PWlskypFZtgboE9sl34Ai6YY+391ltbyytl8hXo0aybfdtFgNIoMoCYa FOU6qf7w3KkOaRZ14VQBrwxEmINldj/mjMnFZqcLC88/+DV9lvrSvoO17+bxpRfYt1ut AhOwTzd5mdgwJmLRqmYxToEzuXGqjD8VbKLIvHRjDw12juCny7AlaqBmL+3IeJ/TQp4d s7WN8GOOaAIWVjuLnU/ifSFSyYlnZmKPIUjg5ixP/2lSMT62Vvz1xi7qMCwSdH9zzEgj JTEA== X-Gm-Message-State: AC+VfDxH1b1zwU5U5TVKFqzHKzDNRsX4xmP4da27dzXqbjzQHnK6+u3J 1W2aMHI4/gRFUPrZrtVTzZU= X-Received: by 2002:a17:903:185:b0:1a9:6bd4:236a with SMTP id z5-20020a170903018500b001a96bd4236amr22043323plg.69.1683721278561; Wed, 10 May 2023 05:21:18 -0700 (PDT) Received: from localhost.localdomain ([203.205.141.15]) by smtp.googlemail.com with ESMTPSA id u1-20020a170902e80100b001a95680eecesm3611395plg.297.2023.05.10.05.20.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 10 May 2023 05:21:18 -0700 (PDT) From: Ze Gao X-Google-Original-From: Ze Gao To: Song Liu , Jiri Olsa , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Steven Rostedt , Masami Hiramatsu Cc: Ze Gao , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org Subject: [PATCH] bpf: reject blacklisted symbols in kprobe_multi to avoid recursive trap Date: Wed, 10 May 2023 20:20:45 +0800 Message-Id: <20230510122045.2259-1-zegao@tencent.com> X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org BPF_LINK_TYPE_KPROBE_MULTI attaches kprobe programs through fprobe, however it does not takes those kprobe blacklisted into consideration, which likely introduce recursive traps and blows up stacks. this patch adds simple check and remove those are in kprobe_blacklist from one fprobe during bpf_kprobe_multi_link_attach. And also check_kprobe_address_safe is open for more future checks. note that ftrace provides recursion detection mechanism, but for kprobe only, we can directly reject those cases early without turning to ftrace. Signed-off-by: Ze Gao --- kernel/trace/bpf_trace.c | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index 9a050e36dc6c..44c68bc06bbd 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -2764,6 +2764,37 @@ static int get_modules_for_addrs(struct module ***mods, unsigned long *addrs, u3 return arr.mods_cnt; } +static inline int check_kprobe_address_safe(unsigned long addr) +{ + if (within_kprobe_blacklist(addr)) + return -EINVAL; + else + return 0; +} + +static int check_bpf_kprobe_addrs_safe(unsigned long *addrs, int num) +{ + int i, cnt; + char symname[KSYM_NAME_LEN]; + + for (i = 0; i < num; ++i) { + if (check_kprobe_address_safe((unsigned long)addrs[i])) { + lookup_symbol_name(addrs[i], symname); + pr_warn("bpf_kprobe: %s at %lx is blacklisted\n", symname, addrs[i]); + /* mark blacklisted symbol for remove */ + addrs[i] = 0; + } + } + + /* remove blacklisted symbol from addrs */ + for (i = 0, cnt = 0; i < num; ++i) { + if (addrs[i]) + addrs[cnt++] = addrs[i]; + } + + return cnt; +} + int bpf_kprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *prog) { struct bpf_kprobe_multi_link *link = NULL; @@ -2859,6 +2890,12 @@ int bpf_kprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr else link->fp.entry_handler = kprobe_multi_link_handler; + cnt = check_bpf_kprobe_addrs_safe(addrs, cnt); + if (!cnt) { + err = -EINVAL; + goto error; + } + link->addrs = addrs; link->cookies = cookies; link->cnt = cnt; -- 2.40.1