Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp1372561rwd; Wed, 7 Jun 2023 15:25:59 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5NbeHCobRi0RygRJnBCUBhPzmilfnsTtf9rHigXIljRzTyLj0oANmN2Cp36MNO1u9XU0i5 X-Received: by 2002:a17:90a:8f05:b0:256:2056:ee3a with SMTP id g5-20020a17090a8f0500b002562056ee3amr2883451pjo.35.1686176759209; Wed, 07 Jun 2023 15:25:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686176759; cv=none; d=google.com; s=arc-20160816; b=p6/3bg1KYEl2vKCZOBa5lho9Lj6x3aDPa5wSeXCsPrgrIS0SiFKTqKCjQCyHth9Rvo I4Yha7HdVtkJypvwNViNAlpozbn6XyQtM9w1ORLGH1zISZXcAOTA4uQ3HnIuB/+SR5Bw X1wCwztRQxsAKJGU3yYIBsYTGhM/p5Q9dpBd2+KjhiUIkHBHdfG0Kt8QNn3okmuW7LrJ xHCFTLAIIPMNt+S2J6uDcWowS6GIO63K5UpQwHakIaabusFaIT4yr8UA9qXiGj24X9BZ i3zKb9WkrwGeWCssdn0PlobbNWndefzJhkNz1TQqflnnxASJ5P2BbGzxHCnYRSDz+O/H TZaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=6/P6uze0Ga7vW3Z/CgXfKZmf9JEKn/Cz4dqyzssDdzw=; b=W+qjp4q63irML3L9FOfBB1wyEKb0hNSPQwPGK8m/qKU5zCIuo1uedMeimAxmjDd2qR m+IO4d+P5+OgBrf7p4pLrnRg6jjsQ9md54ReWqeNi1bqENGMFXOy0AAxOCXr75WhZU54 oULj2WFkWV0owFpCE+XU7WlBhF86o9Hi5rzfN5LHYmUBDU2sm94HISdVXcTxflDMM0eE NNO1uKpy2knUvTd/8jAPtshhIBjCYArSAvwhI7WzrDVz5DYxqkP6rO8PK8YTTnvI6muN 6HJ9iUO+9flMtex0QMzXqUPFV55yN+96C8bYR5TV/wozqmfdxvP2VFMXTZyaLrMEs5XH 0RbA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=d2LKoCPK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w4-20020a656944000000b0053fee209655si9656101pgq.664.2023.06.07.15.25.45; Wed, 07 Jun 2023 15:25:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=d2LKoCPK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232125AbjFGWUc (ORCPT + 99 others); Wed, 7 Jun 2023 18:20:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36266 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232322AbjFGWUK (ORCPT ); Wed, 7 Jun 2023 18:20:10 -0400 Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9605B271B; Wed, 7 Jun 2023 15:19:36 -0700 (PDT) Received: by mail-ed1-x52e.google.com with SMTP id 4fb4d7f45d1cf-5149b63151aso2344463a12.3; Wed, 07 Jun 2023 15:19:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1686176374; x=1688768374; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=6/P6uze0Ga7vW3Z/CgXfKZmf9JEKn/Cz4dqyzssDdzw=; b=d2LKoCPKdC9GPUgnkEyQfOgTjq9YeKvOaIQal6TvSmcM/EzUfv7+Wrzo9bsC+ZWQWY GUs0gd7V1J1U5dPpN64S524v6Q23lN+BtByC7G6VrgB4dOmOsevqQFRUVbnQJRa3wm5P NbnW78ipMAQ8UzorF1is/qmU6n39va/7M97RiTrnjINCO4vAGttx6orhq4TTUOqUtBW3 td2QC4t53LJF7HX9V5YjxExm2wS23waNpYDM/aA0LA/IkJ/nLbKtV3W1Ebl8evwN1/VJ DX7Y4qHVTE/suYCz95FUl3TYdfoMGsE5+dgRBCPTWH4v7eniU7WMdyY6cGBtAQMHtwPz qqFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686176374; x=1688768374; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6/P6uze0Ga7vW3Z/CgXfKZmf9JEKn/Cz4dqyzssDdzw=; b=djxQOgg5m4M3H2Z6NTamPQUBoCDQJayErgFHHY023eVuZMGjqyBg84HkC2N9x9Gxd9 3LlU4+WiANf5a2Lyn0cNx83yYknVthM+71G5wwyVbJFOU9Ep6BTNCUA9Z4bwT/Vbn5Ad CEbiOsNdv5pa/5tVhcViY3L648YL06dnivcSxFO5dOvBP7QMpppiRBlxHHHl8dE5TjtI Q/wek196P7WZUdoZrmf9bHqJMEHu+C6w5GMksz5OgxzcLINEOqpuGP5Uya5NDW2jG0U6 bM4wdy+bDR7M+6MFH0INZXVa9aVz9+z2kdYh2v7abElRCOfs/gUYLMdmXSngbP5FfOJm SrMA== X-Gm-Message-State: AC+VfDys4UeFRcy+XY1VhBPWkBzbB4X/i3Pl5sz10DX1d7tZCii2Joz5 ZeNwH4GYmMo14YMmoJ1aUZPEmzSvwWwH7qaedCI= X-Received: by 2002:aa7:c1cd:0:b0:516:459d:d913 with SMTP id d13-20020aa7c1cd000000b00516459dd913mr6646005edp.37.1686176374094; Wed, 07 Jun 2023 15:19:34 -0700 (PDT) MIME-Version: 1.0 References: <20230606042802.508954-1-maninder1.s@samsung.com> <20230606042802.508954-2-maninder1.s@samsung.com> <20230607034028epcms5p8ed013806c42bd79b76368ac015a7b6ba@epcms5p8> In-Reply-To: <20230607034028epcms5p8ed013806c42bd79b76368ac015a7b6ba@epcms5p8> From: Andrii Nakryiko Date: Wed, 7 Jun 2023 15:19:22 -0700 Message-ID: Subject: Re: [PATCH v4 2/3] bpf: make bpf_dump_raw_ok() based on CONFIG_KALLSYMS To: maninder1.s@samsung.com Cc: "ast@kernel.org" , "daniel@iogearbox.net" , "john.fastabend@gmail.com" , "andrii@kernel.org" , "martin.lau@linux.dev" , "song@kernel.org" , "yhs@fb.com" , "kpsingh@kernel.org" , "sdf@google.com" , "haoluo@google.com" , "jolsa@kernel.org" , "thunder.leizhen@huawei.com" , "mcgrof@kernel.org" , "boqun.feng@gmail.com" , "vincenzopalazzodev@gmail.com" , "ojeda@kernel.org" , "jgross@suse.com" , "brauner@kernel.org" , "michael.christie@oracle.com" , "samitolvanen@google.com" , "glider@google.com" , "peterz@infradead.org" , "keescook@chromium.org" , "stephen.s.brennan@oracle.com" , "alan.maguire@oracle.com" , "pmladek@suse.com" , "linux-kernel@vger.kernel.org" , "bpf@vger.kernel.org" , Onkarnath Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 6, 2023 at 8:46=E2=80=AFPM Maninder Singh wrote: > > Hi Andrii Nakryiko, > > >> > >> bpf_dump_raw_ok() depends on kallsyms_show_value() and we already > >> have a false definition for the !CONFIG_KALLSYMS case. But we'll > >> soon expand on kallsyms_show_value() and so to make the code > >> easier to follow just provide a direct !CONFIG_KALLSYMS definition > >> for bpf_dump_raw_ok() as well. > > > > I'm sorry, I'm failing to follow the exact reasoning about > > simplification. It seems simpler to have > > > > static inline bool kallsyms_show_value(const struct cred *cred) > > { > > return false; > > } > > > > and control it from kallsyms-related internal header, rather than > > adding CONFIG_KALLSYMS ifdef-ery to include/linux/filter.h and > > redefining that `return false` decision. What if in the future we > > decide that if !CONFIG_KALLSYMS it's ok to show raw addresses, now > > we'll have to remember to update it in two places. > > > > Unless I'm missing some other complications? > > > > Patch 3/3 does the same, it extends functionality of kallsyms_show_value(= ) > in case of !CONFIG_KALLSYMS. > > All other users likes modules code, kprobe codes are using this API > for sanity/permission, and then prints the address like below: > > static int kprobe_blacklist_seq_show(struct seq_file *m, void *v) > { > ... > if (!kallsyms_show_value(m->file->f_cred)) > seq_printf(m, "0x%px-0x%px\t%ps\n", NULL, NULL, > (void *)ent->start_addr); > else > seq_printf(m, "0x%px-0x%px\t%ps\n", (void *)ent->start_ad= dr, > (void *)ent->end_addr, (void *)ent->start_addr= ); > .. > } > > so there will be no issues if we move kallsyms_show_value() out of KALLSY= MS dependency. > and these codes will work in case of !KALLSYMS also. > > but BPF code logic was complex and seems this API was used as checking fo= r whether KALLSYMS is > enabled or not as per comment in bpf_dump_raw_ok(): > > /* > * Reconstruction of call-sites is dependent on kallsyms, > * thus make dump the same restriction. > */ > > also as per below code: > (we were not sure whether BPF will work or not with patch 3/3 because of = no expertise on BPF code, > so we keep the behaviour same) I think bpf_dump_raw_ok() is purely about checking whether it's ok to return unobfuscated kernel addresses to user/BPF program. So it feels like it should be ok to just rely on kallsyms_show_value() and not special case here. If some of the code relies on actually having CONFIG_KALLSYMS and related functionality, it should be properly guarded already (or should enforce `SELECT KALLSYMS` in Kconfig). > > if (ulen) { > if (bpf_dump_raw_ok(file->f_cred)) { > unsigned long ksym_addr; > u64 __user *user_ksyms; > u32 i; > > /* copy the address of the kernel symbol > * corresponding to each function > */ > ulen =3D min_t(u32, info.nr_jited_ksyms, ulen); > user_ksyms =3D u64_to_user_ptr(info.jited_ksyms); > if (prog->aux->func_cnt) { > for (i =3D 0; i < ulen; i++) { > ... > } > > earlier conversation for this change: > https://lkml.org/lkml/2022/4/13/326 > > here Petr CC'ed BPF maintainers to know their opinion whether BPF code ca= n work with patch 3/3, > if not then we need this patch. > > Thanks, > Maninder Singh