On Fri, Oct 4, 2019 at 10:04 PM Alexei Starovoitov <ast@xxxxxxxxxx> wrote: > > Disallow bpf_probe_read() and bpf_probe_read_str() helpers in > raw_tracepoint bpf programs that use in-kernel BTF to track > types of memory accesses. > > Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxx> > --- > kernel/trace/bpf_trace.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c > index 52f7e9d8c29b..7c607f79f1bb 100644 > --- a/kernel/trace/bpf_trace.c > +++ b/kernel/trace/bpf_trace.c > @@ -700,6 +700,8 @@ tracing_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) > case BPF_FUNC_map_peek_elem: > return &bpf_map_peek_elem_proto; > case BPF_FUNC_probe_read: > + if (prog->expected_attach_type) > + return NULL; This can unintentionally disable bpf_probe_read/bpf_probe_read_str for non-raw_tp programs that happened to specify non-zero expected_attach_type, which we don't really validate for kprobe/tp/perf_event/etc. So how about passing program type into tracing_func_proto() so that we can have more granular control? > return &bpf_probe_read_proto; > case BPF_FUNC_ktime_get_ns: > return &bpf_ktime_get_ns_proto; > @@ -728,6 +730,8 @@ tracing_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) > case BPF_FUNC_get_prandom_u32: > return &bpf_get_prandom_u32_proto; > case BPF_FUNC_probe_read_str: > + if (prog->expected_attach_type) > + return NULL; > return &bpf_probe_read_str_proto; > #ifdef CONFIG_CGROUPS > case BPF_FUNC_get_current_cgroup_id: > -- > 2.20.0 >
