From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id BE1F4C3DA41
	for <linux-mm@archiver.kernel.org>; Wed, 10 Jul 2024 20:45:10 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 0A6A76B007B; Wed, 10 Jul 2024 16:45:10 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 056056B00A1; Wed, 10 Jul 2024 16:45:10 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id E604D6B00A4; Wed, 10 Jul 2024 16:45:09 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10])
	by kanga.kvack.org (Postfix) with ESMTP id C796D6B007B
	for <linux-mm@kvack.org>; Wed, 10 Jul 2024 16:45:09 -0400 (EDT)
Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay09.hostedemail.com (Postfix) with ESMTP id 6958780290
	for <linux-mm@kvack.org>; Wed, 10 Jul 2024 20:45:09 +0000 (UTC)
X-FDA: 82325022738.24.66D3014
Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.19])
	by imf06.hostedemail.com (Postfix) with ESMTP id AC255180007
	for <linux-mm@kvack.org>; Wed, 10 Jul 2024 20:45:06 +0000 (UTC)
Authentication-Results: imf06.hostedemail.com;
	dkim=pass header.d=intel.com header.s=Intel header.b=Axd42Jxs;
	spf=none (imf06.hostedemail.com: domain of ak@linux.intel.com has no SPF policy when checking 198.175.65.19) smtp.mailfrom=ak@linux.intel.com;
	dmarc=pass (policy=none) header.from=intel.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1720644276;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=RAu8tQF7GEeY8dFrDNg56ROIqHVuiZogFOnrDjkHSFw=;
	b=udYZTKCRz245lsVWtApKtelydlwOKUmkZ2Oazc0auyVH3XWFxrIYdEt148Da3v6En2izHV
	sm4FSEZTgVpOr/f+ESvbzGC405PDeiP5scgdM882AkLugLs2cU3z+C12b+Al56ZNulDe7v
	5u5f5kx0nSZFsZMBFPLAN++L1uOb4WE=
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1720644276; a=rsa-sha256;
	cv=none;
	b=qHL91p1IX5e609czz+bGdiMkkAsu1kssPujOrROoZO8ErLes87RDkIGSC0i6Ape/83Jfl+
	oqIUnE0u37Q1/ny6nsQgw0N5aw9pl9twpxRBQ5F7+O6BWSkPnWSfn7s947HNr8EFvgTSEp
	hV4U7Aj7Tua/7XN2pCWX63Asi9x+F84=
ARC-Authentication-Results: i=1;
	imf06.hostedemail.com;
	dkim=pass header.d=intel.com header.s=Intel header.b=Axd42Jxs;
	spf=none (imf06.hostedemail.com: domain of ak@linux.intel.com has no SPF policy when checking 198.175.65.19) smtp.mailfrom=ak@linux.intel.com;
	dmarc=pass (policy=none) header.from=intel.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1720644307; x=1752180307;
  h=date:from:to:cc:subject:message-id:references:
   mime-version:in-reply-to;
  bh=vSvqtdK6n6V1yNOytpD4tCWtA293L2IoxKj1bm+MFw0=;
  b=Axd42Jxs9onE+7cYhzlUK8HKLZJZvw6UASJecanflTAgb+TpzfXGVLdH
   p7Mp7hZwtZcDTewBoyC7Xa2mCambB9I/3IcmRnhff8PVIoShJm0Z8C4cp
   vgFPUBn/nAw87uGkGU67VdzzJ/6LglQd/9r0VQ0RZXRpBvZLvRxgDCxmM
   Vo1h56wW+YY25xzUQuz8H0nLgc7U+kbKQXO1FnFdKYx2PLHni6CpPmE3n
   r70QPJDr6ZEGK3dYCmfZT3xPJ5XnC/xIBFLVO+QY76kirStypUcMU9bXB
   tVEx7dyRCt0Nb6rCGl7T6XKL7C0MvqM8nGbSQQybyuNQ8TB0T8A+gKGCT
   g==;
X-CSE-ConnectionGUID: LEohZBPFRFm+CYymvxBWtA==
X-CSE-MsgGUID: GAWhB2b2SpyT6XGbapqtoQ==
X-IronPort-AV: E=McAfee;i="6700,10204,11129"; a="17834608"
X-IronPort-AV: E=Sophos;i="6.09,198,1716274800"; 
   d="scan'208";a="17834608"
Received: from orviesa007.jf.intel.com ([10.64.159.147])
  by orvoesa111.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Jul 2024 13:45:05 -0700
X-CSE-ConnectionGUID: SzGh56rcQ+mNZ1tq8snT7Q==
X-CSE-MsgGUID: xTFXgzvcQMi6tSIpOrkQAQ==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.09,198,1716274800"; 
   d="scan'208";a="48996086"
Received: from tassilo.jf.intel.com (HELO tassilo) ([10.54.38.190])
  by orviesa007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Jul 2024 13:45:05 -0700
Date: Wed, 10 Jul 2024 13:45:04 -0700
From: Andi Kleen <ak@linux.intel.com>
To: Andrii Nakryiko <andrii@kernel.org>
Cc: bpf@vger.kernel.org, linux-mm@kvack.org, akpm@linux-foundation.org,
	adobriyan@gmail.com, shakeel.butt@linux.dev, hannes@cmpxchg.org,
	osandov@osandov.com
Subject: Re: [PATCH bpf-next 07/10] lib/buildid: harden build ID parsing
 logic some more
Message-ID: <Zo7y0O8wm0_xZ0li@tassilo>
References: <20240709204245.3847811-1-andrii@kernel.org>
 <20240709204245.3847811-8-andrii@kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20240709204245.3847811-8-andrii@kernel.org>
X-Rspamd-Queue-Id: AC255180007
X-Stat-Signature: zi6tf4rc58gog18a36kzr34sa33sxfu8
X-Rspamd-Server: rspam09
X-Rspam-User: 
X-HE-Tag: 1720644306-646905
X-HE-Meta: U2FsdGVkX1+jj6QNCExDkbfI0FmqAaDGm8Y9jtKfjb63/hvgevgX0cy6gR0KYZcW+lukoYAeP1nq8GC1RZLSTbRfM1drwwD5DG9KR3llAa0cBCHJ5jmRKZeyuZ3eNiDdIj+vo8vmKBjWBguc913rlsfgrPkua3Jj+9HSuR9UPmQzYeo/otLEZk1IuPsai0VBr+YfuDlE+Tkrw8sGOGaUmz0KqNyg1DJulXdWgohtibv4Aur2j+fdXjN7XYozDM8sqAq8KknRQRmQDDkWyvKDei3GwFQmadA1sDBAn1g+n19ALVy57P2NGK6C6FYcfHsEYX4vqZmS9tEfp1jGGfYUpBzQ1T4ni6MhPNuelKGqx3PUysG+7Q3ih/X2+ZcmRda6TC3biAjqE8chU6fiKhyuXAo/nq7KKaQ7g7YlGT/JHxV+2wV+ytqFEVHvPesfWJkZlhyznagntBy+KvyAPi0J9d2KjlV+C8Hdb7Z3TfsNh9czw/qHR05zyWuH+ZF910gbXlj/Ntu4d1cpiqcJXooGZ6N8NdiKSVlKflbaanRNIqquO6ah0Azj70FStz05IJqtsTTngKp6Vls+hcetYSJrpLssWDrszQsDkvC8H6Dydl7jQOG+w37aP67ipaMexzkkwPs30O1f4txYJAfAx9o1N6U4GkMR3CpNGo15gqNCa3nBW+Te+Y+KQa0L1O9dFmnXkPDhcG0YB3qyceZbudyec3wOiZ1aghK4E04Ferxan9RSX/cXUixp7QpNnSjsM45l9c74AuFiSreD+WRVHYx89lRVpBp+bMOP4bCn3w6pPry0q3ciALGPo4aN9K4RrneYOtUKdOO8cz6mVQrphtbgSX6+55HfUDGm7X75GGOZtPfGiQ+U/Q4PfUdI+6c+AjzL5kRlEqbfj7mS4ccCPMf/nU9oqa02ySlJcaooMRx3V3zE4w8P0BoT3aZKVe+7AsTglQL+bm7+kraLc1eQcmh
 /qKp+rCr
 jTZzkrckBhtfsUUm9zXDglhDBURBYWUqX3WJEIyciWcYy4LvQV9Mje2w/NNR2FVkK3ygZSqUE0hSJCfmao0aUy1PEP0J0uLrxMpNklJkvXVk9cMDM2Tykk899KtC/yPdtWbR4VJ3/rVrK0mAAm6a8HFgUl1f3uqXX9p+k
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Tue, Jul 09, 2024 at 01:42:42PM -0700, Andrii Nakryiko wrote:
> Harden build ID parsing logic some more, adding explicit READ_ONCE()
> when fetching values that we then use to check correctness and various
> note iteration invariants.

Just sprinkling READ_ONCE all over doesn't necessarily fix the code.
It is only needed for values that affect a loop or reference.

You have to fix stuff like this 

static inline int parse_build_id(const void *page_addr,
                                 unsigned char *build_id,
                                 __u32 *size,
                                 const void *note_start,
                                 Elf32_Word note_size)
{
        /* check for overflow */
        if (note_start < page_addr || note_start + note_size < note_start)
            ^^^^^^^^^^^^^^^^^^^^^^
                return -EINVAL;


which is C undefined (at least without -fwrapv-pointer) and can easily
be miscompiled if it isn't already.

I suspect the code will need more work, especially since you're
unwilling to consider any defense in depth measures.

-Andi