On Wed, Feb 12, 2020 at 08:33:49AM -0800, Andrii Nakryiko wrote:
SNIP
> > > > tr->image = image;
> > > > + INIT_LIST_HEAD_RCU(&tr->ksym.lnode);
> > > > out:
> > > > mutex_unlock(&trampoline_mutex);
> > > > return tr;
> > > > @@ -267,6 +277,15 @@ static enum bpf_tramp_prog_type bpf_attach_type_to_tramp(enum bpf_attach_type t)
> > > > }
> > > > }
> > > >
> > > > +static void bpf_trampoline_kallsyms_add(struct bpf_trampoline *tr)
> > > > +{
> > > > + struct bpf_ksym *ksym = &tr->ksym;
> > > > +
> > > > + snprintf(ksym->name, KSYM_NAME_LEN, "bpf_trampoline_%llu",
> > > > + tr->key & ((u64) (1LU << 32) - 1));
> > >
> > > why the 32-bit truncation? also, wouldn't it be more trivial as (u32)tr->key?
> >
> > tr->key can have the target prog id in upper 32 bits,
>
> True, but not clear why it's bad? It's not a security concern, because
> those IDs are already exposed (you can dump them from bpftool). On the
> other hand, by cutting out part of key, you make symbols potentially
> ambiguous, with different trampolines marked with the same name in
> kallsyms, which is just going to be confusing to users/tools.
ugh ok, I did not see the target bpf program case clearly,
will include the whole tr->key
thanks,
jirka
