[PATCH bpf-next v5 0/2] Check cfi_stubs before registering a struct_ops type.

thinker.li@xxxxxxxxx · Wed, 21 Feb 2024 18:11:03 -0800

From: Kui-Feng Lee <thinker.li@xxxxxxxxx>

Recently, cfi_stubs were introduced. However, existing struct_ops
types that are not in the upstream may not be aware of this, resulting
in kernel crashes. By rejecting struct_ops types that do not provide
cfi_stubs properly during registration, these crashes can be avoided.

---
Changes from v4:

 - Remove changes of check_member.

 - Remove checks of the pointers in cfi_stubs[].

Changes from v3:

 - Remove CFI stub function for get_info.

 - Allow passing NULL prog arg to check_member of struct
   bpf_struct_ops type.

 - Call check_member to determines if a CFI stub function should be
   defined for an operator.

Changes from v2:

 - Add a stub function for get_info of struct tcp_congestion_ops.

Changes from v1:

 - Check *(void **)(cfi_stubs + moff) to make sure stub functions are
   provided for every operator.

 - Add a test case to ensure that struct_ops rejects incomplete
   cfi_stub.

v4: https://lore.kernel.org/all/20240221075213.2071454-1-thinker.li@xxxxxxxxx/
v3: https://lore.kernel.org/all/20240216193434.735874-1-thinker.li@xxxxxxxxx/
v2: https://lore.kernel.org/all/20240216020350.2061373-1-thinker.li@xxxxxxxxx/
v1: https://lore.kernel.org/all/20240215022401.1882010-1-thinker.li@xxxxxxxxx/

Kui-Feng Lee (2):
  bpf: Check cfi_stubs before registering a struct_ops type.
  selftests/bpf: Test case for lacking CFI stub functions.

 kernel/bpf/bpf_struct_ops.c                   |  5 ++
 tools/testing/selftests/bpf/Makefile          | 10 ++-
 .../selftests/bpf/bpf_test_no_cfi/Makefile    | 19 +++++
 .../bpf/bpf_test_no_cfi/bpf_test_no_cfi.c     | 84 +++++++++++++++++++
 .../bpf/prog_tests/test_struct_ops_no_cfi.c   | 38 +++++++++
 tools/testing/selftests/bpf/testing_helpers.c |  4 +-
 tools/testing/selftests/bpf/testing_helpers.h |  2 +
 7 files changed, 159 insertions(+), 3 deletions(-)
 create mode 100644 tools/testing/selftests/bpf/bpf_test_no_cfi/Makefile
 create mode 100644 tools/testing/selftests/bpf/bpf_test_no_cfi/bpf_test_no_cfi.c
 create mode 100644 tools/testing/selftests/bpf/prog_tests/test_struct_ops_no_cfi.c

-- 
2.34.1