On Fri, Jun 16, 2023 at 6:57 PM Andrii Nakryiko andrii.nakryiko@gmail.com wrote:
On Thu, Jun 15, 2023 at 7:56 AM Florent Revest revest@chromium.org wrote:
When building a kernel with LLVM=1, LLVM_IAS=0 and CONFIG_KASAN=y, LLVM leaves DWARF tags for the "asan.module_ctor" & co symbols. In turn, pahole creates BTF_KIND_FUNC entries for these and this makes the BTF metadata validation fail because they contain a dot.
In a dramatic turn of event, this BTF verification failure can cause the netfilter_bpf initialization to fail, causing netfilter_core to free the netfilter_helper hashmap and netfilter_ftp to trigger a use-after-free. The risk of u-a-f in netfilter will be addressed separately but the existence of "asan.module_ctor" debug info under some build conditions sounds like a good enough reason to accept functions that contain dots in BTF.
I don't see much harm in allowing dots. There are also all those .isra and other modifications to functions that we currently don't have in BTF, but with the discussions about recording function addrs we might eventually have those as well. So:
Acked-by: Andrii Nakryiko andrii@kernel.org
Thanks Andrii! :)
Cc: stable@vger.kernel.org Fixes: 1dc92851849c ("bpf: kernel side support for BTF Var and DataSec")
So do you think these trailers should be kept ? I suppose we can either see this as a "new feature" to accommodate .isra that should go through bpf-next or as a bug fix that goes through bpf and gets backported to stable (without this, BTF wouldn't work on old kernels built under a new clang and with LLVM_IAS=0 and CONFIG_KASAN=y so this sounds like a legitimate bug fix to me, I just wanted to double check)