Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bpf2c should embed the program info in native program instead of hash #3429

Closed
shankarseal opened this issue Apr 3, 2024 · 3 comments · Fixed by #3559
Closed

Bpf2c should embed the program info in native program instead of hash #3429

shankarseal opened this issue Apr 3, 2024 · 3 comments · Fixed by #3559
Assignees
@Alan-Jowett
Labels
P1 triaged Discussed in a triage meeting
Milestone
2405

Comments

@shankarseal
Copy link
Collaborator

shankarseal commented Apr 3, 2024
edited

Bpf2c should embed the program info in native program instead of hash. This will be useful in cases where the program info has flags fields. This was necessitated by #3344 .
@dahavey dahavey added the triaged Discussed in a triage meeting label Apr 15, 2024
@dahavey dahavey modified the milestones: 2404, 2405 Apr 15, 2024
@Alan-Jowett
Copy link
Member

The program information used to verify programs is hashed and the hash is written into the PE image. When loading a native image, the hash is compared with a hash of the current program information. If they don't match the program fails to load.

The issue is that when new fields are added, the hash will change even when the new field is not relevant to this specific instance of program information.

The proposal is to use the version information from the native image to compute a version specific hash of the current program information.

@dthaler
Copy link
Collaborator

dthaler commented Apr 15, 2024

If "the new field is not relevant" then it could be the same as a value of 0 in that field.
We could use a hash function that computes the same hash if there are trailing 0 bytes and then the hash would not change if irrelevant fields were added.

@saxena-anurag saxena-anurag mentioned this issue May 1, 2024
Open
@shankarseal
Copy link
Collaborator Author

The program information used to verify programs is hashed and the hash is written into the PE image. When loading a native image, the hash is compared with a hash of the current program information. If they don't match the program fails to load.

The issue is that when new fields are added, the hash will change even when the new field is not relevant to this specific instance of program information.

The proposal is to use the version information from the native image to compute a version specific hash of the current program information.

This may not work, as program info can be updated without change to the version number.

@shankarseal shankarseal added the P1 label May 1, 2024
@Alan-Jowett Alan-Jowett mentioned this issue May 20, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Alan-Jowett Alan-Jowett

Labels
P1 triaged Discussed in a triage meeting
Projects
None yet
Milestone
2405
Development

Successfully merging a pull request may close this issue.

Add documentation to eBpfExtensions.md to clarify use of hash Alan-Jowett/ebpf-for-windows
4 participants
@dthaler @Alan-Jowett @dahavey @shankarseal