Skip to content

Commit

Permalink
tetragon: Make sure lsm programs return bounded value
Browse files Browse the repository at this point in the history
There's recent kernel change forcing LSM bpf programs return value
range [-4095, 0]. Making sure we follow that in generic lsm sensor.

[1] 5d99e198be27 bpf, lsm: Add check for BPF LSM return value

Fixes: 41b8889 ("bpf: Add lsm.s/* bpf programs for IMA hash collection")
Signed-off-by: Jiri Olsa <[email protected]>
  • Loading branch information
olsajiri committed Oct 23, 2024
1 parent 61b575c commit c0e513f
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 28 deletions.
15 changes: 1 addition & 14 deletions bpf/process/bpf_generic_lsm_core.c
Original file line number Diff line number Diff line change
Expand Up @@ -79,19 +79,6 @@ static struct generic_maps maps = {
.override = (struct bpf_map_def *)&override_tasks,
};

FUNC_INLINE int try_override(void *ctx)
{
__u64 id = get_current_pid_tgid();
__s32 *error;

error = map_lookup_elem(&override_tasks, &id);
if (!error)
return 0;

map_delete_elem(&override_tasks, &id);
return (long)*error;
}

#define MAIN "lsm/generic_lsm_core"

__attribute__((section((MAIN)), used)) int
Expand Down Expand Up @@ -172,7 +159,7 @@ generic_lsm_actions(void *ctx)

// If NoPost action is set, check for Override action here
if (!e->lsm.post)
return try_override(ctx);
return try_override(ctx, (struct bpf_map_def *)&override_tasks);

return 0;
}
15 changes: 1 addition & 14 deletions bpf/process/bpf_generic_lsm_output.c
Original file line number Diff line number Diff line change
Expand Up @@ -50,19 +50,6 @@ struct {
__type(value, struct event_config);
} config_map SEC(".maps");

FUNC_INLINE int try_override(void *ctx)
{
__u64 id = get_current_pid_tgid();
__s32 *error;

error = map_lookup_elem(&override_tasks, &id);
if (!error)
return 0;

map_delete_elem(&override_tasks, &id);
return (long)*error;
}

__attribute__((section("lsm/generic_lsm_output"), used)) int
generic_lsm_output(void *ctx)
{
Expand All @@ -89,5 +76,5 @@ generic_lsm_output(void *ctx)
#endif
if (e->lsm.post)
generic_output(ctx, (struct bpf_map_def *)&process_call_heap, MSG_OP_GENERIC_LSM);
return try_override(ctx);
return try_override(ctx, (struct bpf_map_def *)&override_tasks);
}
26 changes: 26 additions & 0 deletions bpf/process/types/basic.h
Original file line number Diff line number Diff line change
Expand Up @@ -2656,4 +2656,30 @@ read_call_arg(void *ctx, struct msg_generic_kprobe *e, int index, int type,
return copy_path(args, path_arg);
}

#define __STR(x) #x

#define set_if_not_errno_or_zero(x, y) \
({ \
asm volatile("if %0 s< -4095 goto +1\n" \
"if %0 s<= 0 goto +1\n" \
"%0 = " __STR(y) "\n" \
: "+r"(x)); \
})

FUNC_INLINE int try_override(void *ctx, struct bpf_map_def *override_tasks)
{
__u64 id = get_current_pid_tgid();
__s32 *error, ret;

error = map_lookup_elem(override_tasks, &id);
if (!error)
return 0;

map_delete_elem(override_tasks, &id);
ret = *error;
/* Let's make verifier happy and 'force' proper bounds. */
set_if_not_errno_or_zero(ret, -1);
return ret;
}

#endif /* __BASIC_H__ */

0 comments on commit c0e513f

Please sign in to comment.