From patchwork Wed May 10 12:20:45 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ze Gao <zegao2021@gmail.com>
X-Patchwork-Id: 92071
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp3586502vqo;
        Wed, 10 May 2023 05:34:59 -0700 (PDT)
X-Google-Smtp-Source: 
 ACHHUZ5DVw4+sHdqurq5l6ARFUT4U8EsNM8AWlshGip8d2h25LvuOYSFhmtm2GH6eh+K9vZN+/4W
X-Received: by 2002:a05:6a20:7da9:b0:100:95ca:b1e1 with SMTP id
 v41-20020a056a207da900b0010095cab1e1mr13594205pzj.37.1683722099353;
        Wed, 10 May 2023 05:34:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1683722099; cv=none;
        d=google.com; s=arc-20160816;
        b=maZ7EoOz6H4JCAoseISq1gOxaccZGMKm4zQkB02nzLcrJ2MEp0YDLLSUBqKGN+Jcz6
         RK4yELo1dnYT1ANwY0ilkTAIiWmEq0NpHMGRnCu61V7oeVTbBk6IvnKGJoxwgvzFmM77
         m22gYDEl6uvhR9fTPQgDaidpgThJhuXs8ojvwIvQCvoiIxffeTp2DDZU0edpjWO6g4O5
         Mfzt5OjmUDq5tQqlM8ui4+2rhdpk2eInZvS618LqakXCaTOBecRVixbhtwRfDduuymnN
         316gPQmDddV3qvE0iJ3Z4nNSgfVb7KQYVLsxsA2DwXJGSJSqqIjOrAYHi4OYRHpZLF6y
         tKNw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=K7dp685KgRykaIBOrjfOnIF3gqnjlqK+bB6pT5rHUIE=;
        b=qsHNjRIuRd9URyltzAW1AlLlHgQFvEuRrnSvjYfX/t3LSYWUDKUufJLnkveqB46nhK
         bvXhfuLv20evKymKezGVVjwReEaQTCrau8Mpmu1IZt+JWSks8b6dGIQ2se+MQeel8K9S
         NDa72zu3muQpEUrbU80I5uStvKqJctcmslwwz7vpjQT2KmebnT/joO2g25md/0UhJD9Z
         2kc8Awyg6QBkZ9OwCFroHNoIBSi/ivQwPGBZTlvNqtQePKd+H5eygVsU0WVzfkdQ9RKF
         BpYVPtshLaEgRC6cRDxqklWhqgqWoOSZsERSu/Qt+OXs7IdfraVXfvQsuzvAZeslSrQL
         giOw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20221208 header.b=nJYye+Iy;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 bv1-20020a632e01000000b0051b6ee8bdd0si3774801pgb.687.2023.05.10.05.34.44;
        Wed, 10 May 2023 05:34:59 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20221208 header.b=nJYye+Iy;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231874AbjEJMVV (ORCPT <rfc822;jeantsuru.cumc.mandola@gmail.com>
        + 99 others); Wed, 10 May 2023 08:21:21 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58204 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S236972AbjEJMVU (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 10 May 2023 08:21:20 -0400
Received: from mail-pl1-x633.google.com (mail-pl1-x633.google.com
 [IPv6:2607:f8b0:4864:20::633])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 224122718;
        Wed, 10 May 2023 05:21:19 -0700 (PDT)
Received: by mail-pl1-x633.google.com with SMTP id
 d9443c01a7336-1ab01bf474aso54704435ad.1;
        Wed, 10 May 2023 05:21:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20221208; t=1683721278; x=1686313278;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=K7dp685KgRykaIBOrjfOnIF3gqnjlqK+bB6pT5rHUIE=;
        b=nJYye+IyZSqyEJZf0XcSmzkOb+mvnJ9kc2rwai8v1Xs6/Vj5YtVplF9Sv73GVGFNqq
         h5tfDTH0UdDzcyBEcChdqATnKiYl/5q/ZPZXnx08e5MdGP4vvxHJ3OY5Q/pjH+YiEAfL
         HeZVrnYUHCYqta9CY9HriS2cQLQXph/7sqDz1UuF2F1UD3hRl2LLwfZPCxQ7Km3DaxsY
         LBIlOXw1t+Xi/ywqPKYWTZehhVRBP/qfaJh7OKZUrsOBeUNe1lz6Lsq5b1cyxMaQODgk
         mHPzzq3weV9J5cQPzczQSwis3qM2TzPzN7wHuvMXDiR+M00b/bkuqzGqOj8dRt9/sdbS
         WQXQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683721278; x=1686313278;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=K7dp685KgRykaIBOrjfOnIF3gqnjlqK+bB6pT5rHUIE=;
        b=DUQaC6AWI+udn0/kk2tMHdx9DdYOvGKOcg0W3sEN5Cn2OKd7oJztJxb3C9O7CZIRrZ
         aFfnB8tGBqO9PWlskypFZtgboE9sl34Ai6YY+391ltbyytl8hXo0aybfdtFgNIoMoCYa
         FOU6qf7w3KkOaRZ14VQBrwxEmINldj/mjMnFZqcLC88/+DV9lvrSvoO17+bxpRfYt1ut
         AhOwTzd5mdgwJmLRqmYxToEzuXGqjD8VbKLIvHRjDw12juCny7AlaqBmL+3IeJ/TQp4d
         s7WN8GOOaAIWVjuLnU/ifSFSyYlnZmKPIUjg5ixP/2lSMT62Vvz1xi7qMCwSdH9zzEgj
         JTEA==
X-Gm-Message-State: AC+VfDxH1b1zwU5U5TVKFqzHKzDNRsX4xmP4da27dzXqbjzQHnK6+u3J
        1W2aMHI4/gRFUPrZrtVTzZU=
X-Received: by 2002:a17:903:185:b0:1a9:6bd4:236a with SMTP id
 z5-20020a170903018500b001a96bd4236amr22043323plg.69.1683721278561;
        Wed, 10 May 2023 05:21:18 -0700 (PDT)
Received: from localhost.localdomain ([203.205.141.15])
        by smtp.googlemail.com with ESMTPSA id
 u1-20020a170902e80100b001a95680eecesm3611395plg.297.2023.05.10.05.20.59
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 10 May 2023 05:21:18 -0700 (PDT)
From: Ze Gao <zegao2021@gmail.com>
X-Google-Original-From: Ze Gao <zegao@tencent.com>
To: Song Liu <song@kernel.org>, Jiri Olsa <jolsa@kernel.org>,
        Alexei Starovoitov <ast@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>,
        Andrii Nakryiko <andrii@kernel.org>,
        Martin KaFai Lau <martin.lau@linux.dev>,
        Yonghong Song <yhs@fb.com>,
        John Fastabend <john.fastabend@gmail.com>,
        KP Singh <kpsingh@kernel.org>,
        Stanislav Fomichev <sdf@google.com>,
        Hao Luo <haoluo@google.com>,
        Steven Rostedt <rostedt@goodmis.org>,
        Masami Hiramatsu <mhiramat@kernel.org>
Cc: Ze Gao <zegao@tencent.com>, bpf@vger.kernel.org,
        linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org
Subject: [PATCH] bpf: reject blacklisted symbols in kprobe_multi to avoid
 recursive trap
Date: Wed, 10 May 2023 20:20:45 +0800
Message-Id: <20230510122045.2259-1-zegao@tencent.com>
X-Mailer: git-send-email 2.40.1
MIME-Version: 1.0
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT,
        FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,
        T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1765510584043433741?=
X-GMAIL-MSGID: =?utf-8?q?1765510584043433741?=

BPF_LINK_TYPE_KPROBE_MULTI attaches kprobe programs through fprobe,
however it does not takes those kprobe blacklisted into consideration,
which likely introduce recursive traps and blows up stacks.

this patch adds simple check and remove those are in kprobe_blacklist
from one fprobe during bpf_kprobe_multi_link_attach. And also
check_kprobe_address_safe is open for more future checks.

note that ftrace provides recursion detection mechanism, but for kprobe
only, we can directly reject those cases early without turning to ftrace.

Signed-off-by: Ze Gao <zegao@tencent.com>
---
 kernel/trace/bpf_trace.c | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index 9a050e36dc6c..44c68bc06bbd 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -2764,6 +2764,37 @@ static int get_modules_for_addrs(struct module ***mods, unsigned long *addrs, u3
 	return arr.mods_cnt;
 }
 
+static inline int check_kprobe_address_safe(unsigned long addr)
+{
+	if (within_kprobe_blacklist(addr))
+		return -EINVAL;
+	else
+		return 0;
+}
+
+static int check_bpf_kprobe_addrs_safe(unsigned long *addrs, int num)
+{
+	int i, cnt;
+	char symname[KSYM_NAME_LEN];
+
+	for (i = 0; i < num; ++i) {
+		if (check_kprobe_address_safe((unsigned long)addrs[i])) {
+			lookup_symbol_name(addrs[i], symname);
+			pr_warn("bpf_kprobe: %s at %lx is blacklisted\n", symname, addrs[i]);
+			/* mark blacklisted symbol for remove */
+			addrs[i] = 0;
+		}
+	}
+
+	/* remove blacklisted symbol from addrs */
+	for (i = 0, cnt = 0; i < num; ++i) {
+		if (addrs[i])
+			addrs[cnt++]  = addrs[i];
+	}
+
+	return cnt;
+}
+
 int bpf_kprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *prog)
 {
 	struct bpf_kprobe_multi_link *link = NULL;
@@ -2859,6 +2890,12 @@ int bpf_kprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr
 	else
 		link->fp.entry_handler = kprobe_multi_link_handler;
 
+	cnt = check_bpf_kprobe_addrs_safe(addrs, cnt);
+	if (!cnt) {
+		err = -EINVAL;
+		goto error;
+	}
+
 	link->addrs = addrs;
 	link->cookies = cookies;
 	link->cnt = cnt;