- 10 Feb, 2021 2 commits
-
-
Andrei Matei authored
The verifier errors around stack accesses have changed slightly in the previous commit (generally for the better). Signed-off-by:
Andrei Matei <andreimatei1@gmail.com> Signed-off-by:
Alexei Starovoitov <ast@kernel.org> Link: https://lore.kernel.org/bpf/20210207011027.676572-3-andreimatei1@gmail.com
-
Andrei Matei authored
Before this patch, variable offset access to the stack was dissalowed for regular instructions, but was allowed for "indirect" accesses (i.e. helpers). This patch removes the restriction, allowing reading and writing to the stack through stack pointers with variable offsets. This makes stack-allocated buffers more usable in programs, and brings stack pointers closer to other types of pointers. The motivation is being able to use stack-allocated buffers for data manipulation. When the stack size limit is sufficient, allocating buffers on the stack is simpler than per-cpu arrays, or other alternatives. In unpriviledged programs, variable-offset reads and writes are disallowed (they were already disallowed for the indirect access case) because the speculative execution checking code doesn't support them. Additionally, when writing through a variable-offset stack pointer, if any pointers are in the accessible range, there's possilibities of later leaking pointers because the write cannot be tracked precisely. Writes with variable offset mark the whole range as initialized, even though we don't know which stack slots are actually written. This is in order to not reject future reads to these slots. Note that this doesn't affect writes done through helpers; like before, helpers need the whole stack range to be initialized to begin with. All the stack slots are in range are considered scalars after the write; variable-offset register spills are not tracked. For reads, all the stack slots in the variable range needs to be initialized (but see above about what writes do), otherwise the read is rejected. All register spilled in stack slots that might be read are marked as having been read, however reads through such pointers don't do register filling; the target register will always be either a scalar or a constant zero. Signed-off-by:
-
- 09 Feb, 2021 8 commits
-
-
Andrii Nakryiko authored
Jiri Olsa says: ==================== hi, resolve_btfids tool is used during the kernel build, so we should clean it on kernel's make clean. v2 changes: - add Song's acks on patches 1 and 4 (others changed) [Song] - add missing / [Andrii] - change srctree variable initialization [Andrii] - shifted ifdef for clean target [Andrii] thanks, jirka ==================== Signed-off-by:Andrii Nakryiko <andrii@kernel.org>
-
Jiri Olsa authored
The resolve_btfids tool is used during the kernel build, so we should clean it on kernel's make clean. Invoking the the resolve_btfids clean as part of root 'make clean'. Signed-off-by:
Jiri Olsa <jolsa@kernel.org> Signed-off-by:
Song Liu <songliubraving@fb.com> Link: https://lore.kernel.org/bpf/20210205124020.683286-5-jolsa@kernel.org
-
Jiri Olsa authored
We want this clean to be called from tree's root Makefile, which defines same srctree variable and that will screw the make setup. We actually do not use srctree being passed from outside, so we can solve this by setting current srctree value directly. Also changing the way how srctree is initialized as suggested by Andrri. Also root Makefile does not define the implicit RM variable, so adding RM initialization. Signed-off-by:
-
Jiri Olsa authored
We want this clean to be called from tree's root clean and that one is silent if there's nothing to clean. Adding check for all object to clean and display CLEAN messages only if there are objects to remove. Signed-off-by:
-
Jiri Olsa authored
Setting up separate build directories for libbpf and libpsubcmd, so it's separated from other objects and we don't get them mixed in the future. It also simplifies cleaning, which is now simple rm -rf. Also there's no need for FEATURE-DUMP.libbpf and bpf_helper_defs.h files in .gitignore anymore. Signed-off-by:
-
Jiapeng Chong authored
Fix the following coccicheck warning: ./tools/bpf/bpf_dbg.c:893:32-36: WARNING: Comparison to bool. Reported-by:
Abaci Robot <abaci@linux.alibaba.com> Signed-off-by:
Jiapeng Chong <jiapeng.chong@linux.alibaba.com> Signed-off-by:
-
Brendan Jackman authored
Add missing skeleton destroy call. Fixes: 37086bfd ("bpf: Propagate stack bounds to registers in atomics w/ BPF_FETCH") Reported-by:
Yonghong Song <yhs@fb.com> Signed-off-by:
Brendan Jackman <jackmanb@google.com> Signed-off-by:
-
Yang Li authored
Eliminate the following coccicheck warning: ./tools/testing/selftests/bpf/test_flow_dissector.c:506:2-3: Unneeded semicolon Reported-by:
Yang Li <yang.lee@linux.alibaba.com> Signed-off-by:
-
- 08 Feb, 2021 1 commit
-
-
Yang Li authored
Eliminate the following coccicheck warning: ./tools/testing/selftests/bpf/benchs/bench_ringbufs.c:322:2-3: Unneeded semicolon Reported-by:
-
- 05 Feb, 2021 7 commits
-
-
Yonghong Song authored
There is no functionality change. This refactoring intends to facilitate next patch change with BPF_PSEUDO_FUNC. Signed-off-by:
-
Andrii Nakryiko authored
KP Singh says: ==================== - Use ring_buffer__consume without BPF_RB_FORCE_WAKEUP as suggested by Andrii - Use ASSERT_OK_PTR macro Sleepable programs currently do not have access to any ringbuffer and since the perf ring buffer is a per-cpu map, it would not be trivial to enable for sleepable programs. Our specific use-case is to use the bpf_ima_inode_hash helper and write the hash to a ring buffer from a sleepable LSM hook. This series allows the BPF ringbuffer to be used in sleepable programs (tracing and lsm). Since the helper prototypes were already exposed the only change required was have the verifier allow BPF_MAP_TYPE_RINGBUF for sleepable programs. The ima test is also modified to use the ringbuffer instead of global variables. Based on dicussions we had over the BPF office hours and enabling all the possible debug options, I could not find any issues or warnings when using the ring buffer from sleepable programs. ==================== Signed-off-by: -
KP Singh authored
Instead of using shared global variables between userspace and BPF, use the ring buffer to send the IMA hash on the BPF ring buffer. This helps in validating both IMA and the usage of the ringbuffer in sleepable programs. Signed-off-by:
KP Singh <kpsingh@kernel.org> Signed-off-by:
-
KP Singh authored
The BPF ringbuffer map is pre-allocated and the implementation logic does not rely on disabling preemption or per-cpu data structures. Using the BPF ringbuffer sleepable LSM and tracing programs does not trigger any warnings with DEBUG_ATOMIC_SLEEP, DEBUG_PREEMPT, PROVE_RCU and PROVE_LOCKING and LOCKDEP enabled. This allows helpers like bpf_copy_from_user and bpf_ima_inode_hash to write to the BPF ring buffer from sleepable BPF programs. Signed-off-by:
-
Andrii Nakryiko authored
KP Singh says: ==================== # v4 -> v5 - Use %Y (modification time) instead of %W (creation time) of the local copy of the kernel config to check for newer upstream config. - Rename the script to vmtest.sh # v3 -> v4 - Fix logic for updating kernel config to not download the file if there are no upstream modifications and avoid extraneous kernel compilation as suggested by Andrii. - This also removes the need for the -k flag. # v2 -> v3 - Fixes to silence verbose commands - Fixed output buffering without being teed out - Fixed the clobbered error code of the script - Other fixes suggested by Andrii # v1 -> v2 - The script now compiles the kernel by default, and the -k option implies "keep the kernel" - Pointer to the script in the docs. - Some minor simplifications. Allow developers and contributors to understand if their changes would end up breaking the BPF CI and avoid the back and forth required for fixing the test cases in the CI environment. The se ==================== Signed-off-by: -
KP Singh authored
Add a short note to make contributors aware of the existence of the script. The documentation does not intentionally document all the options of the script to avoid mentioning it in two places (it's available in the usage / help message of the script). Signed-off-by:
-
KP Singh authored
The script runs the BPF selftests locally on the same kernel image as they would run post submit in the BPF continuous integration framework. The goal of the script is to allow contributors to run selftests locally in the same environment to check if their changes would end up breaking the BPF CI and reduce the back-and-forth between the maintainers and the developers. Signed-off-by:
Jiri Olsa <jolsa@redhat.com> Link: https://lore.kernel.org/bpf/20210204194544.3383814-2-kpsingh@kernel.org
-
- 04 Feb, 2021 3 commits
-
-
Alexei Starovoitov authored
PTR_TO_BTF_ID registers contain either kernel pointer or NULL. Emit the NULL check explicitly by JIT instead of going into do_user_addr_fault() on NULL deference. Signed-off-by:
Daniel Borkmann <daniel@iogearbox.net> Acked-by:
-
Andrii Nakryiko authored
Libbpf's Makefile relies on Linux tools infrastructure's feature detection framework, but libbpf's needs are very modest: it detects the presence of libelf and libz, both of which are mandatory. So it doesn't benefit much from the framework, but pays significant costs in terms of maintainability and debugging experience, when something goes wrong. The other feature detector, testing for the presernce of minimal BPF API in system headers is long obsolete as well, providing no value. So stop using feature detection and just assume the presence of libelf and libz during build time. Worst case, user will get a clear and actionable linker error, e.g.: /usr/bin/ld: cannot find -lelf On the other hand, we completely bypass recurring issues various users reported over time with false negatives of feature detection (libelf or libz not being detected, while they are actually present in the system). Signed-off-by:
John Fastabend <john.fastabend@gmail.com> Acked-by:
Randy Dunlap <rdunlap@infradead.org> Link: https://lore.kernel.org/bpf/20210203203445.3356114-1-andrii@kernel.org
-
Lorenzo Bianconi authored
Split ndo_xdp_xmit and ndo_start_xmit use cases in veth_xdp_rcv routine in order to alloc skbs in bulk for XDP_PASS verdict. Introduce xdp_alloc_skb_bulk utility routine to alloc skb bulk list. The proposed approach has been tested in the following scenario: eth (ixgbe) --> XDP_REDIRECT --> veth0 --> (remote-ns) veth1 --> XDP_PASS XDP_REDIRECT: xdp_redirect_map bpf sample XDP_PASS: xdp_rxq_info bpf sample traffic generator: pkt_gen sending udp traffic on a remote device bpf-next master: ~3.64Mpps bpf-next + skb bulking allocation: ~3.79Mpps Signed-off-by:
Lorenzo Bianconi <lorenzo@kernel.org> Signed-off-by:
Toshiaki Makita <toshiaki.makita1@gmail.com> Acked-by:
Jesper Dangaard Brouer <brouer@redhat.com> Link: https://lore.kernel.org/bpf/a14a30d3c06fff24e13f836c733d80efc0bd6eb5.1611957532.git.lorenzo@kernel.org
-
- 03 Feb, 2021 4 commits
-
-
Andrei Matei authored
This patch adds support to verifier tests to check for a succession of verifier log messages on program load failure. This makes the errstr field work uniformly across REJECT and VERBOSE_ACCEPT checks. This patch also increases the maximum size of a message in the series of messages to test from 80 chars to 200 chars. This is in order to keep existing tests working, which sometimes test for messages larger than 80 chars (which was accepted in the REJECT case, when testing for a single message, but not in the VERBOSE_ACCEPT case, when testing for possibly multiple messages). And example of such a long, checked message is in bounds.c: "R1 has unknown scalar with mixed signed bounds, pointer arithmetic with it prohibited for !root" Signed-off-by:
-
Yang Li authored
Eliminate the following coccicheck warning: ./samples/bpf/cookie_uid_helper_example.c:316:3-4: Unneeded semicolon Reported-by:
-
KP Singh authored
Some compilers trigger a warning when tmp_dir_path is allocated with a fixed size of 64-bytes and used in the following snprintf: snprintf(tmp_exec_path, sizeof(tmp_exec_path), "%s/copy_of_rm", tmp_dir_path); warning: ‘/copy_of_rm’ directive output may be truncated writing 11 bytes into a region of size between 1 and 64 [-Wformat-truncation=] This is because it assumes that tmp_dir_path can be a maximum of 64 bytes long and, therefore, the end-result can get truncated. Fix it by not using a fixed size in the initialization of tmp_dir_path which allows the compiler to track actual size of the array better. Fixes: 2f94ac19 ("bpf: Update local storage test to check handling of null ptrs") Signed-off-by:
-
Brendan Jackman authored
When BPF_FETCH is set, atomic instructions load a value from memory into a register. The current verifier code first checks via check_mem_access whether we can access the memory, and then checks via check_reg_arg whether we can write into the register. For loads, check_reg_arg has the side-effect of marking the register's value as unkonwn, and check_mem_access has the side effect of propagating bounds from memory to the register. This currently only takes effect for stack memory. Therefore with the current order, bounds information is thrown away, but by simply reversing the order of check_reg_arg vs. check_mem_access, we can instead propagate bounds smartly. A simple test is added with an infinite loop that can only be proved unreachable if this propagation is present. This is implemented both with C and directly in test_verifier using assembly. Suggested-by:
-
- 02 Feb, 2021 1 commit
-
-
Tiezhu Yang authored
There exists many build errors when make M=samples/bpf on the Loongson platform. This issue is MIPS related, x86 compiles just fine. Here are some errors: CLANG-bpf samples/bpf/sockex2_kern.o In file included from samples/bpf/sockex2_kern.c:2: In file included from ./include/uapi/linux/in.h:24: In file included from ./include/linux/socket.h:8: In file included from ./include/linux/uio.h:8: In file included from ./include/linux/kernel.h:11: In file included from ./include/linux/bitops.h:32: In file included from ./arch/mips/include/asm/bitops.h:19: In file included from ./arch/mips/include/asm/barrier.h:11: ./arch/mips/include/asm/addrspace.h:13:10: fatal error: 'spaces.h' file not found ^~~~~~~~~~ 1 error generated. CLANG-bpf samples/bpf/sockex2_kern.o In file included from samples/bpf/sockex2_kern.c:2: In file included from ./include/uapi/linux/in.h:24: In file included from ./include/linux/socket.h:8: In file included from ./include/linux/uio.h:8: In file included from ./include/linux/kernel.h:11: In file included from ./include/linux/bitops.h:32: In file included from ./arch/mips/include/asm/bitops.h:22: In file included from ./arch/mips/include/asm/cpu-features.h:13: In file included from ./arch/mips/include/asm/cpu-info.h:15: In file included from ./include/linux/cache.h:6: ./arch/mips/include/asm/cache.h:12:10: fatal error: 'kmalloc.h' file not found ^~~~~~~~~~~ 1 error generated. CLANG-bpf samples/bpf/sockex2_kern.o In file included from samples/bpf/sockex2_kern.c:2: In file included from ./include/uapi/linux/in.h:24: In file included from ./include/linux/socket.h:8: In file included from ./include/linux/uio.h:8: In file included from ./include/linux/kernel.h:11: In file included from ./include/linux/bitops.h:32: In file included from ./arch/mips/include/asm/bitops.h:22: ./arch/mips/include/asm/cpu-features.h:15:10: fatal error: 'cpu-feature-overrides.h' file not found ^~~~~~~~~~~~~~~~~~~~~~~~~ 1 error generated. $ find arch/mips/include/asm -name spaces.h | sort arch/mips/include/asm/mach-ar7/spaces.h ... arch/mips/include/asm/mach-generic/spaces.h ... arch/mips/include/asm/mach-loongson64/spaces.h ... arch/mips/include/asm/mach-tx49xx/spaces.h $ find arch/mips/include/asm -name kmalloc.h | sort arch/mips/include/asm/mach-generic/kmalloc.h arch/mips/include/asm/mach-ip32/kmalloc.h arch/mips/include/asm/mach-tx49xx/kmalloc.h $ find arch/mips/include/asm -name cpu-feature-overrides.h | sort arch/mips/include/asm/mach-ath25/cpu-feature-overrides.h ... arch/mips/include/asm/mach-generic/cpu-feature-overrides.h ... arch/mips/include/asm/mach-loongson64/cpu-feature-overrides.h ... arch/mips/include/asm/mach-tx49xx/cpu-feature-overrides.h In the arch/mips/Makefile, there exists the following board-dependent options: include arch/mips/Kbuild.platforms cflags-y += -I$(srctree)/arch/mips/include/asm/mach-generic So we can do the similar things in samples/bpf/Makefile, just add platform specific and generic include dir for MIPS Loongson64 to fix the build errors. Signed-off-by:Tiezhu Yang <yangtiezhu@loongson.cn> Signed-off-by:
-
- 29 Jan, 2021 6 commits
-
-
Tobias Klauser authored
!perfmon_capable() is checked before the last switch(func_id) in bpf_base_func_proto. Thus, the cases BPF_FUNC_trace_printk and BPF_FUNC_snprintf_btf can be moved to that last switch(func_id) to omit the inline !perfmon_capable() checks. Signed-off-by:
Tobias Klauser <tklauser@distanz.ch> Signed-off-by:
-
Stanislav Fomichev authored
Those hooks run as BPF_CGROUP_RUN_SA_PROG_LOCK and operate on a locked socket. Note that we could remove the switch for prog->expected_attach_type altogether since all current sock_addr attach types are covered. However, it makes sense to keep it as a safe-guard in case new sock_addr attach types are added that might not operate on a locked socket. Therefore, avoid to let this slip through. Signed-off-by:
Stanislav Fomichev <sdf@google.com> Signed-off-by:
-
Stanislav Fomichev authored
I'll extend them in the next patch. It's easier to work with C than with asm. Signed-off-by:
-
Stanislav Fomichev authored
Those hooks run as BPF_CGROUP_RUN_SA_PROG_LOCK and operate on a locked socket. Signed-off-by:
-
Stanislav Fomichev authored
Can be used to query/modify socket state for unconnected UDP sendmsg. Those hooks run as BPF_CGROUP_RUN_SA_PROG_LOCK and operate on a locked socket. Signed-off-by:
-
Sedat Dilek authored
When dealing with BPF/BTF/pahole and DWARF v5 I wanted to build bpftool. While looking into the source code I found duplicate assignments in misc tools for the LLVM eco system, e.g. clang and llvm-objcopy. Move the Clang, LLC and/or LLVM utils definitions to tools/scripts/Makefile.include file and add missing includes where needed. Honestly, I was inspired by the commit c8a950d0 ("tools: Factor HOSTCC, HOSTLD, HOSTAR definitions"). I tested with bpftool and perf on Debian/testing AMD64 and LLVM/Clang v11.1.0-rc1. Build instructions: [ make and make-options ] MAKE="make V=1" MAKE_OPTS="HOSTCC=clang HOSTCXX=clang++ HOSTLD=ld.lld CC=clang LD=ld.lld LLVM=1 LLVM_IAS=1" MAKE_OPTS="$MAKE_OPTS PAHOLE=/opt/pahole/bin/pahole" [ clean-up ] $MAKE $MAKE_OPTS -C tools/ clean [ bpftool ] $MAKE $MAKE_OPTS -C tools/bpf/bpftool/ [ perf ] PYTHON=python3 $MAKE $MAKE_OPTS -C tools/perf/ I was careful with respecting the user's wish to override custom compiler, linker, GNU/binutils and/or LLVM utils settings. Signed-off-by:
Sedat Dilek <sedat.dilek@gmail.com> Signed-off-by:
-
- 28 Jan, 2021 2 commits
-
-
Stanislav Fomichev authored
Return 3 to indicate that permission check for port 111 should be skipped. Signed-off-by:
Martin KaFai Lau <kafai@fb.com> Link: https://lore.kernel.org/bpf/20210127193140.3170382-2-sdf@google.com
-
Stanislav Fomichev authored
At the moment, BPF_CGROUP_INET{4,6}_BIND hooks can rewrite user_port to the privileged ones (< ip_unprivileged_port_start), but it will be rejected later on in the __inet_bind or __inet6_bind. Let's add another return value to indicate that CAP_NET_BIND_SERVICE check should be ignored. Use the same idea as we currently use in cgroup/egress where bit #1 indicates CN. Instead, for cgroup/bind{4,6}, bit #1 indicates that CAP_NET_BIND_SERVICE should be bypassed. v5: - rename flags to be less confusing (Andrey Ignatov) - rework BPF_PROG_CGROUP_INET_EGRESS_RUN_ARRAY to work on flags and accept BPF_RET_SET_CN (no behavioral changes) v4: - Add missing IPv6 support (Martin KaFai Lau) v3: - Update description (Martin KaFai Lau) - Fix capability restore in selftest (Martin KaFai Lau) v2: - Switch to explicit return code (Martin KaFai Lau) Signed-off-by:Andrey Ignatov <rdna@fb.com> Link: https://lore.kernel.org/bpf/20210127193140.3170382-1-sdf@google.com
-
- 27 Jan, 2021 2 commits
-
-
Cong Wang authored
sk_psock_destroy() is a RCU callback, I can't see any reason why it could be used outside. Signed-off-by:
Cong Wang <cong.wang@bytedance.com> Signed-off-by:
-
Menglong Dong authored
This 'BPF_ADD' is duplicated, and I belive it should be 'BPF_AND'. Fixes: 981f94c3 ("bpf: Add bitwise atomic instructions") Signed-off-by:
Menglong Dong <dong.menglong@zte.com.cn> Signed-off-by:
-
- 26 Jan, 2021 1 commit
-
-
Andrii Nakryiko authored
Fix bug in handling bpf_testmod unloading that will cause test_progs exiting prematurely if bpf_testmod unloading failed. This is especially problematic when running a subset of test_progs that doesn't require root permissions and doesn't rely on bpf_testmod, yet will fail immediately due to exit(1) in unload_bpf_testmod(). Fixes: 9f7fa225 ("selftests/bpf: Add bpf_testmod kernel module for testing") Signed-off-by:
-
- 25 Jan, 2021 3 commits
-
-
Tiezhu Yang authored
There exists many build warnings when make M=samples/bpf on the Loongson platform, this issue is MIPS related, x86 compiles just fine. Here are some warnings: CC samples/bpf/ibumad_user.o samples/bpf/ibumad_user.c: In function ‘dump_counts’: samples/bpf/ibumad_user.c:46:24: warning: format ‘%llu’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘__u64’ {aka ‘long unsigned int’} [-Wformat=] printf("0x%02x : %llu\n", key, value); ~~~^ ~~~~~ %lu CC samples/bpf/offwaketime_user.o samples/bpf/offwaketime_user.c: In function ‘print_ksym’: samples/bpf/offwaketime_user.c:34:17: warning: format ‘%llx’ expects argument of type ‘long long unsigned int’, but argument 3 has type ‘__u64’ {aka ‘long unsigned int’} [-Wformat=] printf("%s/%llx;", sym->name, addr); ~~~^ ~~~~ %lx samples/bpf/offwaketime_user.c: In function ‘print_stack’: samples/bpf/offwaketime_user.c:68:17: warning: format ‘%lld’ expects argument of type ‘long long int’, but argument 3 has type ‘__u64’ {aka ‘long unsigned int’} [-Wformat=] printf(";%s %lld\n", key->waker, count); ~~~^ ~~~~~ %ld MIPS needs __SANE_USERSPACE_TYPES__ before <linux/types.h> to select 'int-ll64.h' in arch/mips/include/uapi/asm/types.h, then it can avoid build warnings when printing __u64 with %llu, %llx or %lld. The header tools/include/linux/types.h defines __SANE_USERSPACE_TYPES__, it seems that we can include <linux/types.h> in the source files which have build warnings, but it has no effect due to actually it includes usr/include/linux/types.h instead of tools/include/linux/types.h, the problem is that "usr/include" is preferred first than "tools/include" in samples/bpf/Makefile, that sounds like a ugly hack to -Itools/include before -Iusr/include. So define __SANE_USERSPACE_TYPES__ for MIPS in samples/bpf/Makefile is proper, if add "TPROGS_CFLAGS += -D__SANE_USERSPACE_TYPES__" in samples/bpf/Makefile, it appears the following error: Auto-detecting system features: ... libelf: [ on ] ... zlib: [ on ] ... bpf: [ OFF ] BPF API too old make[3]: *** [Makefile:293: bpfdep] Error 1 make[2]: *** [Makefile:156: all] Error 2 With #ifndef __SANE_USERSPACE_TYPES__ in tools/include/linux/types.h, the above error has gone and this ifndef change does not hurt other compilations. Signed-off-by: -
Florian Lehner authored
Update struct bpf_perf_event_data with the addr field to match the tools headers with the kernel headers. Signed-off-by:
Florian Lehner <dev@der-flo.net> Signed-off-by:
-
Björn Töpel authored
There is no need to cast to void * when the argument is void *. Avoid cluttering of code. Signed-off-by:
Björn Töpel <bjorn.topel@intel.com> Signed-off-by:
-
