• Viktor Malik's avatar
    bpf: Fix attaching fentry/fexit/fmod_ret/lsm to modules · 31bf1dbc
    Viktor Malik authored
    This resolves two problems with attachment of fentry/fexit/fmod_ret/lsm
    to functions located in modules:
    
    1. The verifier tries to find the address to attach to in kallsyms. This
       is always done by searching the entire kallsyms, not respecting the
       module in which the function is located. Such approach causes an
       incorrect attachment address to be computed if the function to attach
       to is shadowed by a function of the same name located earlier in
       kallsyms.
    
    2. If the address to attach to is located in a module, the module
       reference is only acquired in register_fentry. If the module is
       unloaded between the place where the address is found
       (bpf_check_attach_target in the verifier) and register_fentry, it is
       possible that another module is loaded to the same address which may
       lead to potential errors.
    
    Since the attachment must contain the BTF of the program to attach to,
    we extract the module from it and search for the function address in the
    correct module (resolving problem no. 1). Then, the module reference is
    taken directly in bpf_check_attach_target and stored in the bpf program
    (in bpf_prog_aux). The reference is only released when the program is
    unloaded (resolving problem no. 2).
    Signed-off-by: default avatarViktor Malik <vmalik@redhat.com>
    Acked-by: default avatarJiri Olsa <jolsa@kernel.org>
    Reviewed-by: default avatarLuis Chamberlain <mcgrof@kernel.org>
    Link: https://lore.kernel.org/r/3f6a9d8ae850532b5ef864ef16327b0f7a669063.1678432753.git.vmalik@redhat.comSigned-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
    31bf1dbc
syscall.c 129 KB