提交 f56407fa 编写于 作者: A Alexei Starovoitov 提交者: Daniel Borkmann

bpf: Remove bpf_lsm_file_mprotect from sleepable list.

Technically the bpf programs can sleep while attached to bpf_lsm_file_mprotect,
but such programs need to access user memory. So they're in might_fault()
category. Which means they cannot be called from file_mprotect lsm hook that
takes write lock on mm->mmap_lock.
Adjust the test accordingly.

Also add might_fault() to __bpf_prog_enter_sleepable() to catch such deadlocks early.

Fixes: 1e6c62a8 ("bpf: Introduce sleepable BPF programs")
Fixes: e68a1445 ("selftests/bpf: Add sleepable tests")
Reported-by: NYonghong Song <yhs@fb.com>
Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20200831201651.82447-1-alexei.starovoitov@gmail.com
上级 b69e56cf
...@@ -409,6 +409,7 @@ void notrace __bpf_prog_exit(struct bpf_prog *prog, u64 start) ...@@ -409,6 +409,7 @@ void notrace __bpf_prog_exit(struct bpf_prog *prog, u64 start)
void notrace __bpf_prog_enter_sleepable(void) void notrace __bpf_prog_enter_sleepable(void)
{ {
rcu_read_lock_trace(); rcu_read_lock_trace();
might_fault();
} }
void notrace __bpf_prog_exit_sleepable(void) void notrace __bpf_prog_exit_sleepable(void)
......
...@@ -11006,7 +11006,6 @@ static int check_attach_modify_return(struct bpf_prog *prog, unsigned long addr) ...@@ -11006,7 +11006,6 @@ static int check_attach_modify_return(struct bpf_prog *prog, unsigned long addr)
/* non exhaustive list of sleepable bpf_lsm_*() functions */ /* non exhaustive list of sleepable bpf_lsm_*() functions */
BTF_SET_START(btf_sleepable_lsm_hooks) BTF_SET_START(btf_sleepable_lsm_hooks)
#ifdef CONFIG_BPF_LSM #ifdef CONFIG_BPF_LSM
BTF_ID(func, bpf_lsm_file_mprotect)
BTF_ID(func, bpf_lsm_bprm_committed_creds) BTF_ID(func, bpf_lsm_bprm_committed_creds)
#else #else
BTF_ID_UNUSED BTF_ID_UNUSED
......
...@@ -36,14 +36,10 @@ int monitored_pid = 0; ...@@ -36,14 +36,10 @@ int monitored_pid = 0;
int mprotect_count = 0; int mprotect_count = 0;
int bprm_count = 0; int bprm_count = 0;
SEC("lsm.s/file_mprotect") SEC("lsm/file_mprotect")
int BPF_PROG(test_int_hook, struct vm_area_struct *vma, int BPF_PROG(test_int_hook, struct vm_area_struct *vma,
unsigned long reqprot, unsigned long prot, int ret) unsigned long reqprot, unsigned long prot, int ret)
{ {
char args[64];
__u32 key = 0;
__u64 *value;
if (ret != 0) if (ret != 0)
return ret; return ret;
...@@ -53,18 +49,6 @@ int BPF_PROG(test_int_hook, struct vm_area_struct *vma, ...@@ -53,18 +49,6 @@ int BPF_PROG(test_int_hook, struct vm_area_struct *vma,
is_stack = (vma->vm_start <= vma->vm_mm->start_stack && is_stack = (vma->vm_start <= vma->vm_mm->start_stack &&
vma->vm_end >= vma->vm_mm->start_stack); vma->vm_end >= vma->vm_mm->start_stack);
bpf_copy_from_user(args, sizeof(args), (void *)vma->vm_mm->arg_start);
value = bpf_map_lookup_elem(&array, &key);
if (value)
*value = 0;
value = bpf_map_lookup_elem(&hash, &key);
if (value)
*value = 0;
value = bpf_map_lookup_elem(&lru_hash, &key);
if (value)
*value = 0;
if (is_stack && monitored_pid == pid) { if (is_stack && monitored_pid == pid) {
mprotect_count++; mprotect_count++;
ret = -EPERM; ret = -EPERM;
...@@ -77,10 +61,26 @@ SEC("lsm.s/bprm_committed_creds") ...@@ -77,10 +61,26 @@ SEC("lsm.s/bprm_committed_creds")
int BPF_PROG(test_void_hook, struct linux_binprm *bprm) int BPF_PROG(test_void_hook, struct linux_binprm *bprm)
{ {
__u32 pid = bpf_get_current_pid_tgid() >> 32; __u32 pid = bpf_get_current_pid_tgid() >> 32;
char args[64];
__u32 key = 0;
__u64 *value;
if (monitored_pid == pid) if (monitored_pid == pid)
bprm_count++; bprm_count++;
bpf_copy_from_user(args, sizeof(args), (void *)bprm->vma->vm_mm->arg_start);
bpf_copy_from_user(args, sizeof(args), (void *)bprm->mm->arg_start);
value = bpf_map_lookup_elem(&array, &key);
if (value)
*value = 0;
value = bpf_map_lookup_elem(&hash, &key);
if (value)
*value = 0;
value = bpf_map_lookup_elem(&lru_hash, &key);
if (value)
*value = 0;
return 0; return 0;
} }
SEC("lsm/task_free") /* lsm/ is ok, lsm.s/ fails */ SEC("lsm/task_free") /* lsm/ is ok, lsm.s/ fails */
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册