On Fri, Jun 16, 2023 at 6:57 PM Andrii Nakryiko
<andrii.nakryiko@xxxxxxxxx> wrote:
>
> On Thu, Jun 15, 2023 at 7:56 AM Florent Revest <revest@xxxxxxxxxxxx> wrote:
> >
> > When building a kernel with LLVM=1, LLVM_IAS=0 and CONFIG_KASAN=y, LLVM
> > leaves DWARF tags for the "asan.module_ctor" & co symbols. In turn,
> > pahole creates BTF_KIND_FUNC entries for these and this makes the BTF
> > metadata validation fail because they contain a dot.
> >
> > In a dramatic turn of event, this BTF verification failure can cause
> > the netfilter_bpf initialization to fail, causing netfilter_core to
> > free the netfilter_helper hashmap and netfilter_ftp to trigger a
> > use-after-free. The risk of u-a-f in netfilter will be addressed
> > separately but the existence of "asan.module_ctor" debug info under some
> > build conditions sounds like a good enough reason to accept functions
> > that contain dots in BTF.
>
> I don't see much harm in allowing dots. There are also all those .isra
> and other modifications to functions that we currently don't have in
> BTF, but with the discussions about recording function addrs we might
> eventually have those as well. So:
>
> Acked-by: Andrii Nakryiko <andrii@xxxxxxxxxx>
Thanks Andrii! :)
> > Cc: stable@xxxxxxxxxxxxxxx
> > Fixes: 1dc92851849c ("bpf: kernel side support for BTF Var and DataSec")
So do you think these trailers should be kept ? I suppose we can
either see this as a "new feature" to accommodate .isra that should go
through bpf-next or as a bug fix that goes through bpf and gets
backported to stable (without this, BTF wouldn't work on old kernels
built under a new clang and with LLVM_IAS=0 and CONFIG_KASAN=y so this
sounds like a legitimate bug fix to me, I just wanted to double check)
