Commit 0de4f50d authored by Chuyi Zhou's avatar Chuyi Zhou Committed by Martin KaFai Lau

bpf: Let verifier consider {task,cgroup} is trusted in bpf_iter_reg

BTF_TYPE_SAFE_TRUSTED(struct bpf_iter__task) in verifier.c wanted to
teach BPF verifier that bpf_iter__task -> task is a trusted ptr. But it
doesn't work well.

The reason is, bpf_iter__task -> task would go through btf_ctx_access()
which enforces the reg_type of 'task' is ctx_arg_info->reg_type, and in
task_iter.c, we actually explicitly declare that the
ctx_arg_info->reg_type is PTR_TO_BTF_ID_OR_NULL.

Actually we have a previous case like this[1] where PTR_TRUSTED is added to
the arg flag for map_iter.

This patch sets ctx_arg_info->reg_type is PTR_TO_BTF_ID_OR_NULL |
PTR_TRUSTED in task_reg_info.

Similarly, bpf_cgroup_reg_info -> cgroup is also PTR_TRUSTED since we are
under the protection of cgroup_mutex and we would check cgroup_is_dead()
in __cgroup_iter_seq_show().

This patch is to improve the user experience of the newly introduced
bpf_iter_css_task kfunc before hitting the mainline. The Fixes tag is
pointing to the commit introduced the bpf_iter_css_task kfunc.

Link[1]:https://lore.kernel.org/all/20230706133932.45883-3-aspsk@isovalent.com/

Fixes: 9c66dc94 ("bpf: Introduce css_task open-coded iterator kfuncs")
Signed-off-by: default avatarChuyi Zhou <zhouchuyi@bytedance.com>
Acked-by: default avatarYonghong Song <yonghong.song@linux.dev>
Link: https://lore.kernel.org/r/20231107132204.912120-2-zhouchuyi@bytedance.comSigned-off-by: default avatarMartin KaFai Lau <martin.lau@kernel.org>
parent d84b139f
...@@ -282,7 +282,7 @@ static struct bpf_iter_reg bpf_cgroup_reg_info = { ...@@ -282,7 +282,7 @@ static struct bpf_iter_reg bpf_cgroup_reg_info = {
.ctx_arg_info_size = 1, .ctx_arg_info_size = 1,
.ctx_arg_info = { .ctx_arg_info = {
{ offsetof(struct bpf_iter__cgroup, cgroup), { offsetof(struct bpf_iter__cgroup, cgroup),
PTR_TO_BTF_ID_OR_NULL }, PTR_TO_BTF_ID_OR_NULL | PTR_TRUSTED },
}, },
.seq_info = &cgroup_iter_seq_info, .seq_info = &cgroup_iter_seq_info,
}; };
......
...@@ -704,7 +704,7 @@ static struct bpf_iter_reg task_reg_info = { ...@@ -704,7 +704,7 @@ static struct bpf_iter_reg task_reg_info = {
.ctx_arg_info_size = 1, .ctx_arg_info_size = 1,
.ctx_arg_info = { .ctx_arg_info = {
{ offsetof(struct bpf_iter__task, task), { offsetof(struct bpf_iter__task, task),
PTR_TO_BTF_ID_OR_NULL }, PTR_TO_BTF_ID_OR_NULL | PTR_TRUSTED },
}, },
.seq_info = &task_seq_info, .seq_info = &task_seq_info,
.fill_link_info = bpf_iter_fill_link_info, .fill_link_info = bpf_iter_fill_link_info,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment