Open chenhengqi opened 2 years ago
After reading this commit, I think this is not a bug but a limitation of BPF.
@yonghong-song Could you help confirming this ?
A second thought:
Though arg1 and arg2 of int security_path_chown(struct path *path, kuid_t uid, kgid_t gid);
have type struct, but both fit in an u64:
[507] STRUCT '(anon)' size=4 vlen=1
'val' type_id=56 bits_offset=0
[508] TYPEDEF 'kuid_t' type_id=507
[509] STRUCT '(anon)' size=4 vlen=1
'val' type_id=57 bits_offset=0
[510] TYPEDEF 'kgid_t' type_id=509
Maybe add an allowlist to kernel for these types would work.
@chenhengqi You are correct. btf_ctx_access
only allows scalar or pointer. The kuid_t, after removing typedef, it is a structure and hence verifier returns a failure.
It is tricky to handle structure argument. If the structure is small, which is the case for the above example, the compiler might pass the value. But if the structure is big, the compiler will allocate the structure on the caller stack and pass a reference. So this makes is hard to support structure argument. The potential implementation here COULD become compiler version dependent.
Let us do a little more research to see whether a suitable solution is possible.
Ah, thanks. I didn't realize that compiler would do pass by reference for structure arguments.
This small program failed with the following error messages:
Did not figure out what causes this error. Changing the function
security_path_chown
tosecurity_path_chmod
works fine.