Adding bpf_vma_build_id_parse function to retrieve build id from
passed vma object and making it available as bpf kfunc.
We can't use build_id_parse directly as kfunc, because we would
not have control over the build id buffer size provided by user.
Instead we are adding new bpf_vma_build_id_parse function with
'build_id__sz' argument that instructs verifier to check for the
available space in build_id buffer.
This way we check that there's always available memory space
behind build_id pointer. We also check that the build_id__sz is
at least BUILD_ID_SIZE_MAX so we can place any buildid in.
Signed-off-by: Jiri Olsa <jolsa@xxxxxxxxxx>
---
include/linux/bpf.h | 4 ++++
kernel/bpf/verifier.c | 26 ++++++++++++++++++++++++++
kernel/trace/bpf_trace.c | 31 +++++++++++++++++++++++++++++++
3 files changed, 61 insertions(+)
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index 8b32376ce746..7648188faa2c 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -2805,4 +2805,8 @@ static inline bool type_is_alloc(u32 type)
return type & MEM_ALLOC;
}
+int bpf_vma_build_id_parse(struct vm_area_struct *vma,
+ unsigned char *build_id,
+ size_t build_id__sz);
+
#endif /* _LINUX_BPF_H */
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 195d24316750..e20bad754a3a 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -8746,6 +8746,29 @@ static int check_kfunc_args(struct bpf_verifier_env *env, struct bpf_kfunc_call_
return 0;
}
+BTF_ID_LIST_SINGLE(bpf_vma_build_id_parse_id, func, bpf_vma_build_id_parse)
+
+static int check_kfunc_caller(struct bpf_verifier_env *env, u32 func_id)
+{
+ struct bpf_func_state *cur;
+ struct bpf_insn *insn;
+
+ /* Allow bpf_vma_build_id_parse only from bpf_find_vma callback */
+ if (func_id == bpf_vma_build_id_parse_id[0]) {
+ cur = env->cur_state->frame[env->cur_state->curframe];
+ if (cur->callsite != BPF_MAIN_FUNC) {
+ insn = &env->prog->insnsi[cur->callsite];
+ if (insn->imm == BPF_FUNC_find_vma)
+ return 0;
+ }
+ verbose(env, "calling bpf_vma_build_id_parse outside bpf_find_vma "
+ "callback is not allowed\n");
+ return -1;
+ }
+
+ return 0;
+}
+
static int check_kfunc_call(struct bpf_verifier_env *env, struct bpf_insn *insn,
int *insn_idx_p)
{
@@ -8797,6 +8820,9 @@ static int check_kfunc_call(struct bpf_verifier_env *env, struct bpf_insn *insn,
return -EACCES;
}
+ if (check_kfunc_caller(env, func_id))
+ return -EACCES;
+
/* Check the arguments */
err = check_kfunc_args(env, &meta);
if (err < 0)
diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index f2d8d070d024..7f08e6c3a080 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -23,6 +23,7 @@
#include <linux/sort.h>
#include <linux/key.h>
#include <linux/verification.h>
+#include <linux/buildid.h>
#include <net/bpf_sk_storage.h>
@@ -1383,6 +1384,36 @@ static int __init bpf_key_sig_kfuncs_init(void)
late_initcall(bpf_key_sig_kfuncs_init);
#endif /* CONFIG_KEYS */
+int bpf_vma_build_id_parse(struct vm_area_struct *vma,
+ unsigned char *build_id,
+ size_t build_id__sz)
+{
+ __u32 size;
+ int err;
+
+ if (build_id__sz < BUILD_ID_SIZE_MAX)
+ return -EINVAL;
+
+ err = build_id_parse(vma, build_id, &size);
+ return err ?: (int) size;
+}
+
+BTF_SET8_START(tracing_btf_ids)
+BTF_ID_FLAGS(func, bpf_vma_build_id_parse)
+BTF_SET8_END(tracing_btf_ids)
+
+static const struct btf_kfunc_id_set tracing_kfunc_set = {
+ .owner = THIS_MODULE,
+ .set = &tracing_btf_ids,
+};
+
+static int __init kfunc_tracing_init(void)
+{
+ return register_btf_kfunc_id_set(BPF_PROG_TYPE_TRACING, &tracing_kfunc_set);
+}
+
+late_initcall(kfunc_tracing_init);
+
static const struct bpf_func_proto *
bpf_tracing_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
{
--
2.38.1
