Merge branch 'Let BPF verifier consider {task,cgroup} is trusted in bpf_iter_reg'

Chuyi Zhou says: ==================== The patchset aims to let the BPF verivier consider bpf_iter__cgroup->cgroup and bpf_iter__task->task is trusted suggested by Alexei[1]. Please see individual patches for more details. And comments are always welcome. Link[1]:https://lore.kernel.org/bpf/20231022154527.229117-1-zhouchuyi@bytedance.com/T/#mb57725edc8ccdd50a1b165765c7619b4d65ed1b0 v2->v1: * Patch #1: Add Yonghong's ack and add description of similar case in log. * Patch #2: Add Yonghong's ack ==================== Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>

Merge branch 'Let BPF verifier consider {task,cgroup} is trusted in bpf_iter_reg'
Chuyi Zhou says: ==================== The patchset aims to let the BPF verivier consider bpf_iter__cgroup->cgroup and bpf_iter__task->task is trusted suggested by Alexei[1]. Please see individual patches for more details. And comments are always welcome. Link[1]:https://lore.kernel.org/bpf/20231022154527.229117-1-zhouchuyi@bytedance.com/T/#mb57725edc8ccdd50a1b165765c7619b4d65ed1b0 v2->v1: * Patch #1: Add Yonghong's ack and add description of similar case in log. * Patch #2: Add Yonghong's ack ==================== Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
8e1b8025 · Martin KaFai Lau · d84b139f · 3c5864ba · 8e1b8025 · 8e1b8025
Commit 8e1b8025 authored Nov 07, 2023 by Martin KaFai Lau
Showing with 6 additions and 14 deletions

kernel/bpf/cgroup_iter.c kernel/bpf/cgroup_iter.c +1 -1

kernel/bpf/task_iter.c kernel/bpf/task_iter.c +1 -1

tools/testing/selftests/bpf/progs/iters_css_task.c tools/testing/selftests/bpf/progs/iters_css_task.c +4 -12

No files found.
--- a/kernel/bpf/cgroup_iter.c
+++ b/kernel/bpf/cgroup_iter.c
@@ -282,7 +282,7 @@ static struct bpf_iter_reg bpf_cgroup_reg_info = {
 	.ctx_arg_info_size	= 1,
 	.ctx_arg_info		= {
 		{ offsetof(struct bpf_iter__cgroup, cgroup),
-		  PTR_TO_BTF_ID_OR_NULL },
+		  PTR_TO_BTF_ID_OR_NULL | PTR_TRUSTED },
 	},
 	.seq_info		= &cgroup_iter_seq_info,
 };

--- a/kernel/bpf/task_iter.c
+++ b/kernel/bpf/task_iter.c
@@ -704,7 +704,7 @@ static struct bpf_iter_reg task_reg_info = {
 	.ctx_arg_info_size	= 1,
 	.ctx_arg_info		= {
 		{ offsetof(struct bpf_iter__task, task),
-		  PTR_TO_BTF_ID_OR_NULL },
+		  PTR_TO_BTF_ID_OR_NULL | PTR_TRUSTED },
 	},
 	.seq_info		= &task_seq_info,
 	.fill_link_info		= bpf_iter_fill_link_info,

--- a/tools/testing/selftests/bpf/progs/iters_css_task.c
+++ b/tools/testing/selftests/bpf/progs/iters_css_task.c
@@ -56,12 +56,9 @@ SEC("?iter/cgroup")
 int cgroup_id_printer(struct bpf_iter__cgroup *ctx)
 {
 	struct seq_file *seq = ctx->meta->seq;
-	struct cgroup *cgrp, *acquired;
+	struct cgroup *cgrp = ctx->cgroup;
 	struct cgroup_subsys_state *css;
 	struct task_struct *task;
-	u64 cgrp_id;
-
-	cgrp = ctx->cgroup;

 	/* epilogue */
 	if (cgrp == NULL) {
@@ -73,20 +70,15 @@ int cgroup_id_printer(struct bpf_iter__cgroup *ctx)
 	if (ctx->meta->seq_num == 0)
 		BPF_SEQ_PRINTF(seq, "prologue\n");

-	cgrp_id = cgroup_id(cgrp);
-
-	BPF_SEQ_PRINTF(seq, "%8llu\n", cgrp_id);
+	BPF_SEQ_PRINTF(seq, "%8llu\n", cgroup_id(cgrp));

-	acquired = bpf_cgroup_from_id(cgrp_id);
-	if (!acquired)
-		return 0;
-	css = &acquired->self;
+	css = &cgrp->self;
 	css_task_cnt = 0;
 	bpf_for_each(css_task, task, css, CSS_TASK_ITER_PROCS) {
 		if (task->pid == target_pid)
 			css_task_cnt++;
 	}
-	bpf_cgroup_release(acquired);
+
 	return 0;
 }