https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114431
Bug ID: 114431
Summary: bpf: GCC generates unverifiable code for systemd
restrict_fs_bpf
Product: gcc
Version: 14.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: target
Assignee: unassigned at gcc dot gnu.org
Reporter: jemarch at gcc dot gnu.org
Target Milestone: ---
GCC generates unverifiable code for systemd restrict_fs_bpf and the kernel
verifier complains with the error log below. The corresponding systemd issue
is https://github.com/systemd/systemd/issues/31888.
Mär 21 11:01:44 H systemd[1]: bpf-firewall: Got EBADF when using
BPF_F_ALLOW_MULTI, which indicates it is supported. Yay!
Mär 21 11:01:44 H systemd[1]: libbpf: elf: skipping section(3) .data (size 0)
Mär 21 11:01:44 H systemd[1]: libbpf: elf: skipping unrecognized data
section(9) .comment
Mär 21 11:01:44 H systemd[1]: libbpf: prog 'sd_bind4': failed to attach to
cgroup: Bad file descriptor
Mär 21 11:01:44 H systemd[1]: libbpf: elf: skipping section(3) .data (size 0)
Mär 21 11:01:44 H systemd[1]: libbpf: elf: skipping unrecognized data
section(10) .comment
Mär 21 11:01:44 H systemd[1]: libbpf: prog 'sd_restrictif_e': BPF program load
failed: Permission denied
Mär 21 11:01:44 H systemd[1]: libbpf: prog 'sd_restrictif_e': -- BEGIN PROG
LOAD LOG --
Mär 21 11:01:44 H systemd[1]: 0: R1=ctx(off=0,imm=0) R10=fp0
Mär 21 11:01:44 H systemd[1]: 0: (61) r0 = *(u32 *)(r1 +40) ;
R0_w=scalar(smin=0,smax=umax=4294967295,var_off=(0x0; 0xffffffff))
R1=ctx(off=0,imm=0)
Mär 21 11:01:44 H systemd[1]: 1: (bf) r2 = r10 ; R2_w=fp0
R10=fp0
Mär 21 11:01:44 H systemd[1]: 2: (18) r1 = 0xffff992d011eec00 ;
R1_w=map_ptr(off=0,ks=4,vs=1,imm=0)
Mär 21 11:01:44 H systemd[1]: 4: (07) r2 += -4 ; R2_w=fp-4
Mär 21 11:01:44 H systemd[1]: 5: (63) *(u32 *)(r10 -4) = r0 ;
R0_w=scalar(smin=0,smax=umax=4294967295,var_off=(0x0; 0xffffffff)) R10=fp0
fp-8=mmmm????
Mär 21 11:01:44 H systemd[1]: 6: (85) call bpf_map_lookup_elem#1 ;
R0_w=map_value_or_null(id=1,off=0,ks=4,vs=1,imm=0)
Mär 21 11:01:44 H systemd[1]: 7: (18) r1 = 0xffffbf18005c2000 ;
R1_w=map_value(off=0,ks=4,vs=1,imm=0)
Mär 21 11:01:44 H systemd[1]: 9: (69) r3 = *(u16 *)(r1 +0)
Mär 21 11:01:44 H systemd[1]: invalid access to map value, value_size=1 off=0
size=2
Mär 21 11:01:44 H systemd[1]: R1 min value is outside of the allowed memory
range
Mär 21 11:01:44 H systemd[1]: processed 8 insns (limit 1000000)
max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0
Mär 21 11:01:44 H systemd[1]: -- END PROG LOAD LOG --
Mär 21 11:01:44 H systemd[1]: libbpf: prog 'sd_restrictif_e': failed to load:
-13
Mär 21 11:01:44 H systemd[1]: libbpf: failed to load object
'restrict_ifaces_bpf'
Mär 21 11:01:44 H systemd[1]: libbpf: failed to load BPF skeleton
'restrict_ifaces_bpf': -13
Mär 21 11:01:44 H systemd[1]: restrict-interfaces: Failed to load BPF object:
Permission denied
Mär 21 11:01:44 H systemd[1]: restrict-interfaces: Failed to load BPF object:
Permission denied
Mär 21 11:01:44 H systemd[1]: Controller 'cpu' supported: yes
Mär 21 11:01:44 H systemd[1]: Controller 'cpuacct' supported: no
Mär 21 11:01:44 H systemd[1]: Controller 'cpuset' supported: yes
Mär 21 11:01:44 H systemd[1]: Controller 'io' supported: yes
Mär 21 11:01:44 H systemd[1]: Controller 'blkio' supported: no
Mär 21 11:01:44 H systemd[1]: Controller 'memory' supported: yes
Mär 21 11:01:44 H systemd[1]: Controller 'devices' supported: no
Mär 21 11:01:44 H systemd[1]: Controller 'pids' supported: yes
Mär 21 11:01:44 H systemd[1]: Controller 'bpf-firewall' supported: yes
Mär 21 11:01:44 H systemd[1]: Controller 'bpf-devices' supported: yes
Mär 21 11:01:44 H systemd[1]: Controller 'bpf-foreign' supported: yes
Mär 21 11:01:44 H systemd[1]: Controller 'bpf-socket-bind' supported: yes
Mär 21 11:01:44 H systemd[1]: Controller 'bpf-restrict-network-interfaces'
supported: no
Mär 21 11:01:44 H systemd[1]: Set up TFD_TIMER_CANCEL_ON_SET timerfd.
Mär 21 11:01:44 H systemd[1]: libbpf: elf: skipping section(3) .data (size 0)
Mär 21 11:01:44 H systemd[1]: libbpf: elf: skipping unrecognized data
section(8) .comment
Mär 21 11:01:44 H systemd[1]: libbpf: prog 'restrict_filesystems': missing
.BTF.ext function info for the main program, skipping all of .BTF.ext func
info.
Mär 21 11:01:44 H systemd[1]: libbpf: prog 'restrict_filesystems': missing
.BTF.ext line info for the main program, skipping all of .BTF.ext line info.
Mär 21 11:01:44 H systemd[1]: libbpf: prog 'restrict_filesystems': BPF program
load failed: Permission denied
Mär 21 11:01:44 H systemd[1]: libbpf: prog 'restrict_filesystems': -- BEGIN
PROG LOAD LOG --
Mär 21 11:01:44 H systemd[1]: 0: R1=ctx(off=0,imm=0) R10=fp0
Mär 21 11:01:44 H systemd[1]: 0: (62) *(u32 *)(r10 -20) = 0 ; R10=fp0
fp-24=0000????
Mär 21 11:01:44 H systemd[1]: 1: (bf) r0 = r1 ;
R0_w=ctx(off=0,imm=0) R1=ctx(off=0,imm=0)
Mär 21 11:01:44 H systemd[1]: 2: (79) r1 = *(u64 *)(r1 +8) ;
R1_w=scalar()
Mär 21 11:01:44 H systemd[1]: 3: (79) r3 = *(u64 *)(r0 +0)
Mär 21 11:01:44 H systemd[1]: func 'bpf_lsm_file_open' arg0 has btf_id 651 type
STRUCT 'file'
Mär 21 11:01:44 H systemd[1]: 4: R0_w=ctx(off=0,imm=0)
R3_w=trusted_ptr_file(off=0,imm=0)
Mär 21 11:01:44 H systemd[1]: 4: (67) r1 <<= 32 ;
R1_w=scalar(smax=9223372032559808512,umax=18446744069414584320,smin32=0,smax32=umax32=0,var_off=(0x0;
0xffffffff00000000))
Mär 21 11:01:44 H systemd[1]: 5: (bf) r6 = r1 ;
R1_w=scalar(id=1,smax=9223372032559808512,umax=18446744069414584320,smin32=0,smax32=umax32=0,var_off=(0x0;
0xffffffff00000000))
R6_w=scalar(id=1,smax=9223372032559808512,umax=18446744069414584320,smin32=0,smax32=umax32=0,var_off=(0x0;
0xffffffff00000000))
Mär 21 11:01:44 H systemd[1]: 6: (c7) r6 s>>= 32 ;
R6_w=scalar(smin=-2147483648,smax=2147483647)
Mär 21 11:01:44 H systemd[1]: 7: (55) if r1 != 0x0 goto pc+49 ; R1_w=0
Mär 21 11:01:44 H systemd[1]: 8: (b7) r2 = 168 ; R2_w=168
Mär 21 11:01:44 H systemd[1]: 9: (bf) r1 = r10 ; R1_w=fp0
R10=fp0
Mär 21 11:01:44 H systemd[1]: 10: (0f) r3 += r2 ; R2_w=168
R3_w=trusted_ptr_file(off=168,imm=0)
Mär 21 11:01:44 H systemd[1]: 11: (07) r1 += -8 ; R1_w=fp-8
Mär 21 11:01:44 H systemd[1]: 12: (b7) r2 = 8 ; R2_w=8
Mär 21 11:01:44 H systemd[1]: 13: (85) call bpf_probe_read_kernel#113 ;
R0=scalar() fp-8=mmmmmmmm
Mär 21 11:01:44 H systemd[1]: 14: (b7) r4 = 40 ; R4_w=40
Mär 21 11:01:44 H systemd[1]: 15: (b7) r2 = 8 ; R2_w=8
Mär 21 11:01:44 H systemd[1]: 16: (79) r3 = *(u64 *)(r10 -8) ;
R3_w=scalar() R10=fp0 fp-8=mmmmmmmm
Mär 21 11:01:44 H systemd[1]: 17: (bf) r1 = r10 ; R1_w=fp0
R10=fp0
Mär 21 11:01:44 H systemd[1]: 18: (0f) r3 += r4 ;
R3_w=scalar() R4_w=40
Mär 21 11:01:44 H systemd[1]: 19: (07) r1 += -8 ; R1_w=fp-8
Mär 21 11:01:44 H systemd[1]: 20: (85) call bpf_probe_read_kernel#113 ;
R0_w=scalar() fp-8=mmmmmmmm
Mär 21 11:01:44 H systemd[1]: 21: (b7) r5 = 96 ; R5_w=96
Mär 21 11:01:44 H systemd[1]: 22: (b7) r2 = 8 ; R2_w=8
Mär 21 11:01:44 H systemd[1]: 23: (79) r3 = *(u64 *)(r10 -8) ;
R3_w=scalar() R10=fp0 fp-8=mmmmmmmm
Mär 21 11:01:44 H systemd[1]: 24: (bf) r1 = r10 ; R1_w=fp0
R10=fp0
Mär 21 11:01:44 H systemd[1]: 25
Mär 21 11:01:44 H systemd[1]: libbpf: prog 'restrict_filesystems': failed to
load: -13
Mär 21 11:01:44 H systemd[1]: libbpf: failed to load object 'restrict_fs_bpf'
Mär 21 11:01:44 H systemd[1]: libbpf: failed to load BPF skeleton
'restrict_fs_bpf': -13
Mär 21 11:01:44 H systemd[1]: bpf-lsm: Failed to load BPF object: Permission
denied
