From nobody Mon Dec 1 20:56:03 2025 Received: from mail-yx1-f54.google.com (mail-yx1-f54.google.com [74.125.224.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 378883164BC for ; Mon, 1 Dec 2025 14:38:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.224.54 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764599918; cv=none; b=qGspzv5wW7xinaUkicjWBZyJ+2rUGm672+xhz7H1XWX2Jvq6ZUuK/OQXunJeFLe7jFAl9vMcXPckn431jGGWteKwZjLrYpIpgxGQgFXyIqFL7vqapjn+ID6WJwtciafIERAIMovfEaJefRWUy0Rbivz3b62jxWe3XeU/0XZrmgU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764599918; c=relaxed/simple; bh=HDJieKVU1OPAPmWICR7jITnRxxHe+vYqQPrTd5IfbEM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ZoReYaJjeSANp/GOd+TyhjFIJ/Y11FD+lfewmIu9w7xrll3UUMy9DsRDeqRp4DU2rxCDaPbxZ1qhsmTq+/HuHgw95FSyT2uunSd/pM3E8lRG5U76eKm6NJX2++eeg18nrgJabpTDYfO/Zmohm6Va3udUkE/BcA6oNspKkwyLSPo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=GS1Yp/Jz; arc=none smtp.client-ip=74.125.224.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="GS1Yp/Jz" Received: by mail-yx1-f54.google.com with SMTP id 956f58d0204a3-640e065991dso3521783d50.3 for ; Mon, 01 Dec 2025 06:38:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764599916; x=1765204716; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=nhV+wF32u4YWe4M1PbEZf3RsFPpmY7QIKhhlfIeHA4U=; b=GS1Yp/Jzhz5JCvYq7FdQms2sl/KVTBHemdR6laLuVDo2q40I9i3C9SUitNA39Gy9dL hlP2X+iAht1JWbydeeZltXELRfp1+cIt3NibrG13aF1VtKw6hPAZl2yMRQbVWFLgQJE4 NGtJl2u7LMf2eorIYqcm9RpCUH5PX7bev/xKzWFngU9wGw0MtBpFKgXm54e7OSo8B3Z0 lJWFB6PC/6wzf0CGO+Qxv7URIrUYLxgLuSfQHZ+rI2357Wbuku9WmD7f9KBVkyv+oOSI DhLPNJOXgWQg9Sq6Z9HsMcbuS7DXV9bwzHo8M4/6h3gpe/6Svu8PCFZd/D72OdozVS5O l/VQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764599916; x=1765204716; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=nhV+wF32u4YWe4M1PbEZf3RsFPpmY7QIKhhlfIeHA4U=; b=W7IrZhEbNJ3ovbYv+hnCbHoioFOz56jILJQ6jqklDQ3P0ISlYsbdBaW6yjV4UJMDHw I+b08fFjh38Thl17sKNvyHMxDdv9UcKdUzT84W2ycvmsHvCTfVp5GltRtGW72sXh8U8Q mArC/rLW7/HOVl+DyTlGy3DZY1j2wdwW6P7ZpOrXIcP9CPQBSYUWfNzRAvB/Fz0C+Yma Zkupt8oy1w2QTSpnoIF63atuORD8EBY3y208pLjItOqDFviSULnRBPntIqMqtbrI/wz/ Xl2PEooY/6TXTZPgm+OXj7AOYw9sY56UZZyQt9KAe2vpBPJfF0whwmM3OAKy0DFanZcA Ke4Q== X-Forwarded-Encrypted: i=1; AJvYcCWb3shvH+wA2+cOaOKxVjZRq7dRFeOuUL6X+jK43p9S7BzLGME96eT5JK6htBszpBn4ZECsttC6N0cCxbA=@vger.kernel.org X-Gm-Message-State: AOJu0Ywn89MCpYuU01UEK1rB+OvO8AoH6oXiXiFg8WBPyUaRAr3p1YHF do8QpNXwuQxou/Vpsji8x+ybVN98rt5yjsFR0Z8pWqp8K1DDebBF7+5F X-Gm-Gg: ASbGncs93eBJCOz8LJSWyZ9XajgMY39FD8JhsUFlekDOjdZYUTK/6ovLEgnZxFAy1cx cjQMyjRfnkS/mZfM+jdkysxz1ingmQ9gLb98J9IfJ69ywPIvvLz1ns3qf6NQXESok3sidl6Hqfs RMxUjb/jAQfD7d5D23l8RcP1Eb7ycLSr9R86nwoJ6FhTgTKVTnq0Lj9TIWwbzIrYW7KCmDuFc/l gINQaPk38bsaK2q4E6TeeoN9E8QFTMplf0Tvv3z/fncdBvt3DPz92tJh+fCBPDhLXBVmhT6j11l IugAzCfNpi7QkI7sVyvttUtEOOpXPui8wZMvRe5LehL6N7sUiCRiZkhn2XURuJ+sveh6EEVvVcX a6QO3QjJY0vfV5GT2eJPc9R9nlGyWhWOn5jf0dvPEq17dvh36Kv8IbopTFs/49FOfMn5cAg+nai gfUGuWQv3N69Stk494bh9gkgm11FrXUAEaMjFFFBjAiQFYu+E2WqA= X-Google-Smtp-Source: AGHT+IGcQ9jCsPCNuCGcwtyK2voFJsZm0s38+03mKZJ/R8oA5ommDWOal1w4eF2QNct+gCkN7wdkhw== X-Received: by 2002:a53:acd6:0:20b0:641:73e:c50b with SMTP id 956f58d0204a3-64302ab7be9mr24371456d50.47.1764599915963; Mon, 01 Dec 2025 06:38:35 -0800 (PST) Received: from localhost.localdomain (45.62.117.175.16clouds.com. [45.62.117.175]) by smtp.gmail.com with ESMTPSA id 956f58d0204a3-6433c078297sm4889911d50.9.2025.12.01.06.38.30 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Mon, 01 Dec 2025 06:38:35 -0800 (PST) From: Shuran Liu To: song@kernel.org, mattbobrowski@google.com, bpf@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, martin.lau@linux.dev, eddyz87@gmail.com, yonghong.song@linux.dev, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@fomichev.me, haoluo@google.com, jolsa@kernel.org, rostedt@goodmis.org, mhiramat@kernel.org, mathieu.desnoyers@efficios.com, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, electronlsr@gmail.com, Zesen Liu , Peili Gao , Haoran Ni Subject: [PATCH bpf 1/2] bpf: mark bpf_d_path() buffer as writeable Date: Mon, 1 Dec 2025 22:38:12 +0800 Message-ID: <20251201143813.5212-2-electronlsr@gmail.com> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20251201143813.5212-1-electronlsr@gmail.com> References: <20251201143813.5212-1-electronlsr@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Commit 37cce22dbd51 ("bpf: verifier: Refactor helper access type tracking") started distinguishing read vs write accesses performed by helpers. The second argument of bpf_d_path() is a pointer to a buffer that the helper fills with the resulting path. However, its prototype currently uses ARG_PTR_TO_MEM without MEM_WRITE. Before 37cce22dbd51, helper accesses were conservatively treated as potential writes, so this mismatch did not cause issues. Since that commit, the verifier may incorrectly assume that the buffer contents are unchanged across the helper call and base its optimizations on this wrong assumption. This can lead to misbehaviour in BPF programs that read back the buffer, such as prefix comparisons on the returned path. Fix this by marking the second argument of bpf_d_path() as ARG_PTR_TO_MEM | MEM_WRITE so that the verifier correctly models the write to the caller-provided buffer. Fixes: 37cce22dbd51 ("bpf: verifier: Refactor helper access type tracking") Co-developed-by: Zesen Liu Signed-off-by: Zesen Liu Co-developed-by: Peili Gao Signed-off-by: Peili Gao Co-developed-by: Haoran Ni Signed-off-by: Haoran Ni Signed-off-by: Shuran Liu Reviewed-by: Matt Bobrowski --- kernel/trace/bpf_trace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index 4f87c16d915a..49e0bdaa7a1b 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -965,7 +965,7 @@ static const struct bpf_func_proto bpf_d_path_proto =3D= { .ret_type =3D RET_INTEGER, .arg1_type =3D ARG_PTR_TO_BTF_ID, .arg1_btf_id =3D &bpf_d_path_btf_ids[0], - .arg2_type =3D ARG_PTR_TO_MEM, + .arg2_type =3D ARG_PTR_TO_MEM | MEM_WRITE, .arg3_type =3D ARG_CONST_SIZE_OR_ZERO, .allowed =3D bpf_d_path_allowed, }; --=20 2.52.0 From nobody Mon Dec 1 20:56:03 2025 Received: from mail-yx1-f50.google.com (mail-yx1-f50.google.com [74.125.224.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6A5812F2607 for ; Mon, 1 Dec 2025 14:38:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=74.125.224.50 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764599929; cv=none; b=CJwAe5HKOuCbR8hw/xRagqulg18QVZZCRgeAcZQ0NJIiRTXih94XYn6vAlHjXrN/+tbCeCiacSCJdESKEoXo72s0tvqVREkOffQLcMocBwxdPgMhl17OcNpx9meExiN4hChVgLapDvgrCF9iD/2BHcbgtGIwu4LxWJewk9FMRNQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764599929; c=relaxed/simple; bh=qM7RV0MVgKkPuugCJA5gyjnZ7ZMfHWsak5/IcOuknMc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Hi+lo7qq41JhDDJm/1DxIhG0t8GH1z61G+1wPVajVusIUJSsc+zz1TFic9Tnjj6B56KeZThmChKZnMV0MUya1sLjJDkFMPQiPogkQPc188/4As2u1kPMExVsOyb4aCZb1LdEQi7Hze1yS5uJ8VeUUHVWFKL9mZdcQL22xDAnVzs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=c+On5pTo; arc=none smtp.client-ip=74.125.224.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="c+On5pTo" Received: by mail-yx1-f50.google.com with SMTP id 956f58d0204a3-640f2c9ccbdso3384323d50.1 for ; Mon, 01 Dec 2025 06:38:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764599926; x=1765204726; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=xo9YRGLlIAYiT7xnWNZFnCqDAVAkIBY4ckpgELisi8o=; b=c+On5pToj0s8Zh0VmKNPJd9+P2w9n1RI9c/dWLLGXUGFYh+tkcEbDRI8gk524d+bqo /J3j0QtRjeHrAHwue29f+RUrPigjGYHAKdtieim92Gz5uTPOmWta8lxNjpDI0+U4Fq78 Yd0QjgxJiAtmw6llq4fz8RJLQlwhPVlYLzThLvO2/m9a/agS3Lls4nsTqfKfME5Jsxlv cCP+zqOOEKeD+EYMX7ThSyuTyRgF281A/dMSAN79gTiTQiAd10M3gnaY1jR+T+k2b7uD AhSDNBm/qZeGxSMkGM7d3L4SD9Sw7q2v4QbR8IPxRGLiyE4XCE+lfZFD0PGyUT4XgBmE st9w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764599926; x=1765204726; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=xo9YRGLlIAYiT7xnWNZFnCqDAVAkIBY4ckpgELisi8o=; b=VlEeE9X3s1TxWWTDBUVaQkrhvPXSG9W1YpGXjgcDMYizTjauFTOJKU5h+F1BT/m/on bjgTshLl6oapQbAGgvaPy5AjNBOnhMkfNJBIDt9S8keIEncfA2Y/r6/efYmdkYIJxxfD JLiEfV+z/N3meCfucLNo3C/XIJtOQy6LfodYEtUBMzJk6MtjQ3poMJARJAbFnZNk66a6 0gSog1nmVxZiqIpPYWAVbrvPSdaOFvjCQbLYaHcrbSbZhFqMzALxfaGjZFBlFEvl73yK Fe+GCvy36k8vYu2dUwAze4N+LtE9EsVYNRg5+unKD45V0WR2RyAYjYk3A/yS/95+TSu8 ipXA== X-Forwarded-Encrypted: i=1; AJvYcCW+Aub82s2G4XloftfkDnwlTpvUkQo4WWVdGxrPPOROKwKdgZh2aAjMM+q9FedYnm+aDIEuW9fW/4+6CYQ=@vger.kernel.org X-Gm-Message-State: AOJu0YzktzdHvbpy1u8RNFQWFVCYZTV5rzWg6sQQiV/aUMYqGQ8pylEn lEfordk2no4bcjZhg6sp1v/oEfVlMXqTim50KhScrsUL/4L0I9QMvZCw X-Gm-Gg: ASbGncuAroC57ydx3VZ+lEv25veSj2cVoVibU2GF859rpmid6qilHyxiGLGvJryGSzt isRqtAcTFNZWbrSZ+ck3V7krRabFJ1L1O4H18kEPW04gmf30Q3VYT2CnP15libQhElO1x97kC+h sXCrYvY0KKYKrmrsfSnV59e6vLC4nrY3k8xZp4H5bhjFz/RtBEwhL2CNNAWi07RpUyW1yF6HiF4 sIKeeHIwzWFL56bqs+mw77BUXVue/7CPzf8I6eTDxNYsdLlE/b0k9UBHGzjrN2G7DswPOwQAjyw Yb3ZyZ8G2mCl0K85j/8Wr28f7rBERlkR8J/hvJ9qXjEttZT6V70wG/vpYM4pstDTqbA4Rc4iUuI x9FfNxtbHNUmWEqPQcVffFx0s1qPiCLgD9Pqf2sUCa4cP9WjPB5NjvSDXC0Ph1nPeiV8/z+nXV7 1LB8o0p//DQs1pkTFXmzRaEmHz1Qm3P01/fgxqy/SwiQxNmT/8dQA= X-Google-Smtp-Source: AGHT+IEIrSHba8FocFc5Gk3MFeTWxBnLr3J1VTXOHJr+YqTAbJw73W+9zD/FtWppzYACtNAQhWj4iQ== X-Received: by 2002:a05:690e:1187:b0:63f:b445:6a0a with SMTP id 956f58d0204a3-643293b7773mr16916167d50.54.1764599926388; Mon, 01 Dec 2025 06:38:46 -0800 (PST) Received: from localhost.localdomain (45.62.117.175.16clouds.com. [45.62.117.175]) by smtp.gmail.com with ESMTPSA id 956f58d0204a3-6433c078297sm4889911d50.9.2025.12.01.06.38.41 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Mon, 01 Dec 2025 06:38:46 -0800 (PST) From: Shuran Liu To: song@kernel.org, mattbobrowski@google.com, bpf@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, martin.lau@linux.dev, eddyz87@gmail.com, yonghong.song@linux.dev, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@fomichev.me, haoluo@google.com, jolsa@kernel.org, rostedt@goodmis.org, mhiramat@kernel.org, mathieu.desnoyers@efficios.com, linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org, electronlsr@gmail.com, Zesen Liu , Peili Gao , Haoran Ni Subject: [PATCH bpf 2/2] selftests/bpf: add regression test for bpf_d_path() Date: Mon, 1 Dec 2025 22:38:13 +0800 Message-ID: <20251201143813.5212-3-electronlsr@gmail.com> X-Mailer: git-send-email 2.50.1 In-Reply-To: <20251201143813.5212-1-electronlsr@gmail.com> References: <20251201143813.5212-1-electronlsr@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add a simple LSM BPF program and a corresponding test_progs test case to exercise bpf_d_path() and ensure that prefix comparisons on the returned path keep working. The LSM program hooks bprm_check_security, calls bpf_d_path() on the binary being executed, and compares the returned path against the "/tmp/" prefix. The result is recorded in an array map. The user space test runs /tmp/bpf_d_path_test (copied from /bin/true) and checks that the BPF program records a successful prefix match. Without the preceding fix to bpf_d_path()'s helper prototype, the test can fail due to the verifier incorrectly assuming that the buffer contents are unchanged across the helper call and misoptimizing the program. With the fix applied, the test passes. Co-developed-by: Zesen Liu Signed-off-by: Zesen Liu Co-developed-by: Peili Gao Signed-off-by: Peili Gao Co-developed-by: Haoran Ni Signed-off-by: Haoran Ni Signed-off-by: Shuran Liu --- .../selftests/bpf/prog_tests/d_path_lsm.c | 27 ++++++++++++ .../selftests/bpf/progs/d_path_lsm.bpf.c | 43 +++++++++++++++++++ 2 files changed, 70 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/d_path_lsm.c create mode 100644 tools/testing/selftests/bpf/progs/d_path_lsm.bpf.c diff --git a/tools/testing/selftests/bpf/prog_tests/d_path_lsm.c b/tools/te= sting/selftests/bpf/prog_tests/d_path_lsm.c new file mode 100644 index 000000000000..92aad744ed12 --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/d_path_lsm.c @@ -0,0 +1,27 @@ +// SPDX-License-Identifier: GPL-2.0-only +#include +#include "d_path_lsm.skel.h" + +void test_d_path_lsm(void) +{ + struct d_path_lsm *skel =3D NULL; + int err, map_fd, key =3D 0, val =3D 0; + + skel =3D d_path_lsm__open_and_load(); + if (!ASSERT_OK_PTR(skel, "open_and_load")) + return; + + err =3D d_path_lsm__attach(skel); + if (!ASSERT_OK(err, "attach")) + goto out; + + system("cp /bin/true /tmp/bpf_d_path_test 2>/dev/null || :"); + system("/tmp/bpf_d_path_test >/dev/null 2>&1"); + + map_fd =3D bpf_map__fd(skel->maps.result); + err =3D bpf_map_lookup_elem(map_fd, &key, &val); + ASSERT_OK(err, "lookup_result"); + ASSERT_EQ(val, 1, "prefix_match"); +out: + d_path_lsm__destroy(skel); +} diff --git a/tools/testing/selftests/bpf/progs/d_path_lsm.bpf.c b/tools/tes= ting/selftests/bpf/progs/d_path_lsm.bpf.c new file mode 100644 index 000000000000..36f9ff37e817 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/d_path_lsm.bpf.c @@ -0,0 +1,43 @@ +// SPDX-License-Identifier: GPL-2.0-only +#include "vmlinux.h" +#include +#include + +char LICENSE[] SEC("license") =3D "GPL"; + +#define FILENAME_MAX_SIZE 256 +#define TARGET_DIR "/tmp/" +#define TARGET_DIR_LEN 5 + +struct { + __uint(type, BPF_MAP_TYPE_ARRAY); + __uint(max_entries, 1); + __type(key, int); + __type(value, int); +} result SEC(".maps"); + +SEC("lsm/bprm_check_security") +int BPF_PROG(d_path_lsm_prog, struct linux_binprm *bprm) +{ + char path[FILENAME_MAX_SIZE] =3D {}; + long len; + int key =3D 0; + int val =3D 0; + + len =3D bpf_d_path(&bprm->file->f_path, path, sizeof(path)); + if (len < 0) + return 0; + +#pragma unroll + for (int i =3D 0; i < TARGET_DIR_LEN; i++) { + if ((u8)path[i] !=3D (u8)TARGET_DIR[i]) { + val =3D -1; /* mismatch */ + bpf_map_update_elem(&result, &key, &val, BPF_ANY); + return 0; + } + } + + val =3D 1; /* prefix match */ + bpf_map_update_elem(&result, &key, &val, BPF_ANY); + return 0; +} --=20 2.52.0