From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EA90BC3DA4A for ; Mon, 29 Jul 2024 16:57:41 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 788526B00B7; Mon, 29 Jul 2024 12:57:41 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7113E6B00B9; Mon, 29 Jul 2024 12:57:41 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 58B186B00BB; Mon, 29 Jul 2024 12:57:41 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 3661A6B00B7 for ; Mon, 29 Jul 2024 12:57:41 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id D40284048C for ; Mon, 29 Jul 2024 16:57:40 +0000 (UTC) X-FDA: 82393396680.15.66631BF Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com [209.85.216.53]) by imf06.hostedemail.com (Postfix) with ESMTP id 0102318000C for ; Mon, 29 Jul 2024 16:57:38 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b="m8Q/gzzd"; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf06.hostedemail.com: domain of andrii.nakryiko@gmail.com designates 209.85.216.53 as permitted sender) smtp.mailfrom=andrii.nakryiko@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1722272255; a=rsa-sha256; cv=none; b=it8jBStxKq+fhhPsm+uFY5bRkExTrQuCdIyiRPl1K5UVldeMD7ndfJgesZFh1yFYriOtS5 cPgD10XqvzGftyuzitt16sTQGTR83jN9JMLH+rQB4Zqcj39PT+NeCfW0cNomNfAbtyOVSC ZzbXwUC9032Nfi4nmxk0vP9MlVOWvvA= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b="m8Q/gzzd"; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf06.hostedemail.com: domain of andrii.nakryiko@gmail.com designates 209.85.216.53 as permitted sender) smtp.mailfrom=andrii.nakryiko@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1722272255; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=2zUZFG2f84o6sNKu/3go7HffEdyYUToXbHI3tdtq1BA=; b=pcSa4JSjXMiUbD5a6PtJJOOVTIXUvAWF2f81DS7+1SjtVu8bAy5gPhuCZ7MMd8Luet59pU Xcy9QyIoGfXVk88P6P85zsQqMUxR3s8bwweKfK6gSRvwcUIM2QFtwoLg3uEYMZtd+x5oZD s1TBmbtVkt90gcXDU/I4kbEkBzFty2Q= Received: by mail-pj1-f53.google.com with SMTP id 98e67ed59e1d1-2cb7cd6f5f2so2690733a91.2 for ; Mon, 29 Jul 2024 09:57:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1722272257; x=1722877057; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=2zUZFG2f84o6sNKu/3go7HffEdyYUToXbHI3tdtq1BA=; b=m8Q/gzzdJUwYEUzyQK2sfszLCUX8nY7ShhMoQlGfCuZppI8BcEXRT4iqg0bobwbLTa w7nN9QGC8xS6Yx+AFHA4JeMhL19xYH8s9m7bUfgrHaNaOAb6n4xWc1nfa01hnAVWv6UD oP1E+xKHOT+xmRYXWhw0OdzbM6dV3zmb4EA2rJUqfIlXXq1zd4ESCof8E9iWXPbFal6k hZW7AWAX9vuOvh9AOvAQjH1CsQGnY5yj/AiRmHSO+KPy1fqE0mY9l4fvOOsNR5fj09kf w0dTm82GLPvsDIc4bRxHcn8yWSGKxxOi+HlxCMhuOWzb7hZLA1EaZtycjBy4e7U8E1ng 9UmA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722272257; x=1722877057; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2zUZFG2f84o6sNKu/3go7HffEdyYUToXbHI3tdtq1BA=; b=gBi4yMilPkbOnT8holYXwRxos9LFqexi9AgQIRXKFTmieU0JJcEwHqgNRrI5ZQEiNv 0K5bb/oLGPWI1v+Fpi/tleuIE6sIKtMsKPDU39WzJPc2wfCcLb/rGC9gvuSLxQPctNo/ x22cTibd7zgktTBZrznlFjobuyfkRL/vqoPLMgqo7u5Irczt10aj4yYC1wvlEOYxLdCw wWyrVz3qUoRDF6WgyjLnvlV5yg+idJshB3IHuinkzYACgnHijVyRoLebx/RF5uzNTWDV aDlKwawEOEM8Ig6mVg3lM1cJNK9kJcKaWwaP5ZHBwVVQDZB0Zz+O+Lbewjo2altKeM5Z DXtQ== X-Forwarded-Encrypted: i=1; AJvYcCUjMgqHqFjTMs8TUGFXbkHQhL2zwaM8WzsXB82xv0GBMuyB6/eoYhEufde95aF+vRBvbC5mp3FQkDcsh968wTEKTZY= X-Gm-Message-State: AOJu0YybgyeVPK2hQX3CLIijWBIc9VBxmEh5Prour4ln0i6q6IqWWIeG bNcvhkpr8qXJBFteaDpHZwCEwkzx3jFxSyklsW5iPyjG8tnu1GmpnWW1T4YlkuIshj2TFD27+3U HLRg/pw/e3zPWejMSv0KAdU8B21c= X-Google-Smtp-Source: AGHT+IFoZBfuBvE9anAJU2bQ8AgwDiVO4Fly1G7+FGb8C1xyeqLKUXCUtilK59ZgzVZPMZpP/ww9M370qO8o9V4GHQo= X-Received: by 2002:a17:90a:ae17:b0:2cf:28c1:4cc2 with SMTP id 98e67ed59e1d1-2cf7e1ac75cmr10052230a91.3.1722272257650; Mon, 29 Jul 2024 09:57:37 -0700 (PDT) MIME-Version: 1.0 References: <20240724225210.545423-1-andrii@kernel.org> <20240724225210.545423-8-andrii@kernel.org> In-Reply-To: From: Andrii Nakryiko Date: Mon, 29 Jul 2024 09:57:25 -0700 Message-ID: Subject: Re: [PATCH v2 bpf-next 07/10] lib/buildid: harden build ID parsing logic some more To: Jann Horn Cc: Andrii Nakryiko , bpf@vger.kernel.org, linux-mm@kvack.org, akpm@linux-foundation.org, adobriyan@gmail.com, shakeel.butt@linux.dev, hannes@cmpxchg.org, ak@linux.intel.com, osandov@osandov.com, song@kernel.org, Jiri Olsa Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Rspamd-Queue-Id: 0102318000C X-Rspamd-Server: rspam01 X-Stat-Signature: ysps8sfzw7xak61tu1ncspg5kbpppg8x X-HE-Tag: 1722272258-993860 X-HE-Meta: U2FsdGVkX1/0UWXxMTyP106dAbaUore/gqYaaUjqP7qse6jM0wD0+gP2kRQ3gAcJHJuxLgNKtZu0tPwNEx+9JqEJBZE4oLr2MfWQt3Hhvzh4z1/FarhrVnG62h+kSGA1p9gXdaqEocQ2Bv+WGwc+F9+GENkRD8c97F47vUlcp2pQ4cg9KosFfEfSmXC+09caBUPLx8lXaz2RTiJlu4cXgg9WJ1AT9o3nNiu6mNYexII7tSliym99OSf5AgjM2gDujRu4LDwF/rd6Az3VZ19Ew46ewEYJRG6ct9DnXd3AWIG1it8PyZ3kGdqhBDv3XnlOa4JGUmNpC/zwAI1aji+3xg4qEcB5yGGz2finBAiWMFcy/fxFQ/ce3Di6ET6jifxuablOfztPmj0ot2Fdup8Fl1/+YDQcBkwE3fg8pM5sGaYlwh6FtYBqK712LmAnjymw91IN9E7KcXACaTEJOxMoAcltUSIAEx02g4zGrXWJjN4wxHtb4rOAo0O77uAo4+H0UF/COWjPixPhtywaSBt8ZAAxc32YZtiEkO9X/8MESY3/zrX/Hdd0CS35EUkwNZa0X+ejahD2j8fC8lodWdUWynTzPDpyhWP5z33SUoioSbvI1d8NBcuJoHlR8gys2QD+yjX/XFM+Cs1Vw2oGqIdlyMn/woQ18FeCzRcTyDEKXwxBQ7TocdVvA6VeyOqSee2fvH6FtWP+6zKzmCdKLlIbhptkNd7WGnUNRuOvELrDFotx7FolgjRnzm34N1b6bGkyPGTa6WUa7DIEtr3es2NE3EVimtEWMjovtPZ9ByetWcnnM2z9d4klYhA9TpfQPnFTHMUgQyFMSDEhKxqEj6yyH+Wy7AllrCuJfgNk2cb8bOgLALBPGmbMB7vQgrszl0QF19i7+/JVnrixGrAGG+HV5vvWqAionUspXJrh3QEj1Qmtc+RI7BzXIGaX2UOLoSkRNeDVqU73Y8MGHXMUuI0 3zOUSA54 ItvMlLRLAn1N6/RnQ0BNOygF+bbpTzgGEwA62O5eCRSOegTpfi/dgDru52xjS5Hr5/NCJ7iRF04tcVyGQZbpGQmWTGmuwWsIi6XdObArl/DjdEbfAtZ3FeEaD5icItps0tcBuyTYwWQ9DN9RpXjTg2etLtoGk5mXzriHtx+52y+vIlkG0S9IZuVTX7reAVTQ6a8gkcg+ExANi1rsY13J97h5gr/+HDSWW4lF8VRT8HBO2E8VRiZ7eL7rUQGgYFFQDeJbK1x8iwBebU12y+RapUe9+gTutcdzztuln44w0PKFxZGwrvEuJe+eQUKNbD8YGtCk7ygqk69zWATg/F4HP0r8bwpp70+UJ/S1CYMafJpy4Xo/r2fvpAHr4TDWb2rleiY6024hFQuzS3BmuLEXcH6UOLurTpluxDp3xyVsTJ3ifhQDxjgfYCBhLXA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Jul 29, 2024 at 9:16=E2=80=AFAM Jann Horn wrote: > > On Thu, Jul 25, 2024 at 12:52=E2=80=AFAM Andrii Nakryiko wrote: > > Harden build ID parsing logic some more, adding explicit READ_ONCE() > > when fetching values that we then use to check correctness and various > > note iteration invariants. > > > > Suggested-by: Andi Kleen > > Signed-off-by: Andrii Nakryiko > > If I understand correctly, build ID parsing is already exposed to > untrusted code since commit 88a16a130933 ("perf: Add build id data in > mmap2 event"), which first landed in v5.12, right? Can you put fixes > for parsing build IDs from untrusted memory at the start of your > series with stable backport markers, so that we can fix this on > existing systems? Or should this be fixed on existing stable trees > with a separate stable-only fix? Ok, I'll try to refactor to have fixes upfront before we do the freader_fetch changes. If that turns out to be too convoluted, we can think about separate stable-only fixes.