1. 24 Nov, 2022 5 commits
  2. 23 Nov, 2022 9 commits
  3. 22 Nov, 2022 7 commits
  4. 21 Nov, 2022 12 commits
  5. 20 Nov, 2022 7 commits
    • Alexei Starovoitov's avatar
      Merge branch 'bpf: Implement two type cast kfuncs' · 99429b22
      Alexei Starovoitov authored
      Yonghong Song says:
      
      ====================
      
      Currenty, a non-tracing bpf program typically has a single 'context' argument
      with predefined uapi struct type. Following these uapi struct, user is able
      to access other fields defined in uapi header. Inside the kernel, the
      user-seen 'context' argument is replaced with 'kernel context' (or 'kctx'
      in short) which can access more information than what uapi header provides.
      To access other info not in uapi header, people typically do two things:
        (1). extend uapi to access more fields rooted from 'context'.
        (2). use bpf_probe_read_kernl() helper to read particular field based on
          kctx.
      Using (1) needs uapi change and using (2) makes code more complex since
      direct memory access is not allowed.
      
      There are already a few instances trying to access more information from
      kctx:
        . trying to access some fields from perf_event kctx ([1]).
        . trying to access some fields from xdp kctx ([2]).
      
      This patch set tried to allow direct memory access for kctx fields
      by introducing bpf_cast_to_kern_ctx() kfunc.
      
      Martin mentioned a use case like type casting below:
        #define skb_shinfo(SKB) ((struct skb_shared_info *)(skb_end_pointer(SKB)))
      basically a 'unsigned char *" casted to 'struct skb_shared_info *'. This patch
      set tries to support such a use case as well with bpf_rdonly_cast().
      
      For the patch series, Patch 1 added support for a kfunc available to all
      prog types. Patch 2 added bpf_cast_to_kern_ctx() kfunc. Patch 3 added
      bpf_rdonly_cast() kfunc. Patch 4 added a few positive and negative tests.
      
        [1] https://lore.kernel.org/bpf/ad15b398-9069-4a0e-48cb-4bb651ec3088@meta.com/
        [2] https://lore.kernel.org/bpf/20221109215242.1279993-1-john.fastabend@gmail.com/
      
      Changelog:
        v3 -> v4:
          - remove unnecessary bpf_ctx_convert.t error checking
          - add and use meta.ret_btf_id instead of meta.arg_constant.value for
            bpf_cast_to_kern_ctx().
          - add PTR_TRUSTED to the return PTR_TO_BTF_ID type for bpf_cast_to_kern_ctx().
        v2 -> v3:
          - rebase on top of bpf-next (for merging conflicts)
          - add the selftest to s390x deny list
        rfcv1 -> v2:
          - break original one kfunc into two.
          - add missing error checks and error logs.
          - adapt to the new conventions in
            https://lore.kernel.org/all/20221118015614.2013203-1-memxor@gmail.com/
            for example, with __ign and __k suffix.
          - added support in fixup_kfunc_call() to replace kfunc calls with a single mov.
      ====================
      Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      99429b22
    • Yonghong Song's avatar
      bpf: Add type cast unit tests · 58d84bee
      Yonghong Song authored
      Three tests are added. One is from John Fastabend ({1]) which tests
      tracing style access for xdp program from the kernel ctx.
      Another is a tc test to test both kernel ctx tracing style access
      and explicit non-ctx type cast. The third one is for negative tests
      including two tests, a tp_bpf test where the bpf_rdonly_cast()
      returns a untrusted ptr which cannot be used as helper argument,
      and a tracepoint test where the kernel ctx is a u64.
      
      Also added the test to DENYLIST.s390x since s390 does not currently
      support calling kernel functions in JIT mode.
      
        [1] https://lore.kernel.org/bpf/20221109215242.1279993-1-john.fastabend@gmail.com/Signed-off-by: default avatarYonghong Song <yhs@fb.com>
      Link: https://lore.kernel.org/r/20221120195442.3114844-1-yhs@fb.comSigned-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      58d84bee
    • Yonghong Song's avatar
      bpf: Add a kfunc for generic type cast · a35b9af4
      Yonghong Song authored
      Implement bpf_rdonly_cast() which tries to cast the object
      to a specified type. This tries to support use case like below:
        #define skb_shinfo(SKB) ((struct skb_shared_info *)(skb_end_pointer(SKB)))
      where skb_end_pointer(SKB) is a 'unsigned char *' and needs to
      be casted to 'struct skb_shared_info *'.
      
      The signature of bpf_rdonly_cast() looks like
         void *bpf_rdonly_cast(void *obj, __u32 btf_id)
      The function returns the same 'obj' but with PTR_TO_BTF_ID with
      btf_id. The verifier will ensure btf_id being a struct type.
      
      Since the supported type cast may not reflect what the 'obj'
      represents, the returned btf_id is marked as PTR_UNTRUSTED, so
      the return value and subsequent pointer chasing cannot be
      used as helper/kfunc arguments.
      Signed-off-by: default avatarYonghong Song <yhs@fb.com>
      Link: https://lore.kernel.org/r/20221120195437.3114585-1-yhs@fb.comSigned-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      a35b9af4
    • Yonghong Song's avatar
      bpf: Add a kfunc to type cast from bpf uapi ctx to kernel ctx · fd264ca0
      Yonghong Song authored
      Implement bpf_cast_to_kern_ctx() kfunc which does a type cast
      of a uapi ctx object to the corresponding kernel ctx. Previously
      if users want to access some data available in kctx but not
      in uapi ctx, bpf_probe_read_kernel() helper is needed.
      The introduction of bpf_cast_to_kern_ctx() allows direct
      memory access which makes code simpler and easier to understand.
      Signed-off-by: default avatarYonghong Song <yhs@fb.com>
      Link: https://lore.kernel.org/r/20221120195432.3113982-1-yhs@fb.comSigned-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      fd264ca0
    • Yonghong Song's avatar
      bpf: Add support for kfunc set with common btf_ids · cfe14564
      Yonghong Song authored
      Later on, we will introduce kfuncs bpf_cast_to_kern_ctx() and
      bpf_rdonly_cast() which apply to all program types. Currently kfunc set
      only supports individual prog types. This patch added support for kfunc
      applying to all program types.
      Signed-off-by: default avatarYonghong Song <yhs@fb.com>
      Link: https://lore.kernel.org/r/20221120195426.3113828-1-yhs@fb.comSigned-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      cfe14564
    • Kumar Kartikeya Dwivedi's avatar
      bpf: Disallow bpf_obj_new_impl call when bpf_mem_alloc_init fails · e181d3f1
      Kumar Kartikeya Dwivedi authored
      In the unlikely event that bpf_global_ma is not correctly initialized,
      instead of checking the boolean everytime bpf_obj_new_impl is called,
      simply check it while loading the program and return an error if
      bpf_global_ma_set is false.
      Suggested-by: default avatarAlexei Starovoitov <ast@kernel.org>
      Signed-off-by: default avatarKumar Kartikeya Dwivedi <memxor@gmail.com>
      Link: https://lore.kernel.org/r/20221120212610.2361700-1-memxor@gmail.comSigned-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      e181d3f1
    • Alexei Starovoitov's avatar
      Merge branch 'Support storing struct task_struct objects as kptrs' · efc1970d
      Alexei Starovoitov authored
      David Vernet says:
      
      ====================
      
      Now that BPF supports adding new kernel functions with kfuncs, and
      storing kernel objects in maps with kptrs, we can add a set of kfuncs
      which allow struct task_struct objects to be stored in maps as
      referenced kptrs.
      
      The possible use cases for doing this are plentiful.  During tracing,
      for example, it would be useful to be able to collect some tasks that
      performed a certain operation, and then periodically summarize who they
      are, which cgroup they're in, how much CPU time they've utilized, etc.
      Doing this now would require storing the tasks' pids along with some
      relevant data to be exported to user space, and later associating the
      pids to tasks in other event handlers where the data is recorded.
      Another useful by-product of this is that it allows a program to pin a
      task in a BPF program, and by proxy therefore also e.g. pin its task
      local storage.
      
      In order to support this, we'll need to expand KF_TRUSTED_ARGS to
      support receiving trusted, non-refcounted pointers. It currently only
      supports either PTR_TO_CTX pointers, or refcounted pointers. What this
      means in terms of the implementation is that check_kfunc_args() would
      have to also check for the PTR_TRUSTED or MEM_ALLOC type modifiers when
      determining if a trusted KF_ARG_PTR_TO_ALLOC_BTF_ID or
      KF_ARG_PTR_TO_BTF_ID pointer requires a refcount.
      
      Note that PTR_UNTRUSTED is insufficient for this purpose, as it does not
      cover all of the possible types of potentially unsafe pointers. For
      example, a pointer obtained from walking a struct is not PTR_UNTRUSTED.
      To account for this and enable us to expand KF_TRUSTED_ARGS to include
      allow-listed arguments such as those passed by the kernel to tracepoints
      and struct_ops callbacks, this patch set also introduces a new
      PTR_TRUSTED type flag modifier which records if a pointer was obtained
      passed from the kernel in a trusted context.
      
      Currently, both PTR_TRUSTED and MEM_ALLOC are used to imply that a
      pointer is trusted. Longer term, PTR_TRUSTED should be the sole source
      of truth for whether a pointer is trusted. This requires us to set
      PTR_TRUSTED when appropriate (e.g. when setting MEM_ALLOC), and unset it
      when appropriate (e.g. when setting PTR_UNTRUSTED). We don't do that in
      this patch, as we need to do more clean up before this can be done in a
      clear and well-defined manner.
      
      In closing, this patch set:
      
      1. Adds the new PTR_TRUSTED register type modifier flag, and updates the
         verifier and existing selftests accordingly. Also expands
         KF_TRUSTED_ARGS to also include trusted pointers that were not obtained
         from walking structs.
      2. Adds a new set of kfuncs that allows struct task_struct* objects to be
         used as kptrs.
      3. Adds a new selftest suite to validate these new task kfuncs.
      ---
      Changelog:
      v8 -> v9:
      - Moved check for release register back to where we check for
        !PTR_TO_BTF_ID || socket. Change the verifier log message to
        reflect really what's being tested (the presence of unsafe
        modifiers) (Alexei)
      - Fix verifier_test error tests to reflect above changes
      - Remove unneeded parens around bitwise operator checks (Alexei)
      - Move updates to reg_type_str() which allow multiple type modifiers
        to be present in the prefix string, to a separate patch (Alexei)
      - Increase TYPE_STR_BUF_LEN size to 128 to reflect larger prefix size
        in reg_type_str().
      
      v7 -> v8:
      - Rebased onto Kumar's latest patch set which, adds a new MEM_ALLOC reg
        type modifier for bpf_obj_new() calls.
      - Added comments to bpf_task_kptr_get() describing some of the subtle
        races we're protecting against (Alexei and John)
      - Slightly rework process_kf_arg_ptr_to_btf_id(), and add a new
        reg_has_unsafe_modifiers() function which validates that a register
        containing a kfunc release arg doesn't have unsafe modifiers. Note
        that this is slightly different than the check for KF_TRUSTED_ARGS.
        An alternative here would be to treat KF_RELEASE as implicitly
        requiring KF_TRUSTED_ARGS.
      - Export inline bpf_type_has_unsafe_modifiers() function from
        bpf_verifier.h so that it can be used from bpf_tcp_ca.c. Eventually this
        function should likely be changed to bpf_type_is_trusted(), once
        PTR_TRUSTED is the real source of truth.
      
      v6 -> v7:
      - Removed the PTR_WALKED type modifier, and instead define a new
        PTR_TRUSTED type modifier which is set on registers containing
        pointers passed from trusted contexts (i.e. as tracepoint or
        struct_ops callback args) (Alexei)
      - Remove the new KF_OWNED_ARGS kfunc flag. This can be accomplished
        by defining a new type that wraps an existing type, such as with
        struct nf_conn___init (Alexei)
      - Add a test_task_current_acquire_release testcase which verifies we can
        acquire a task struct returned from bpf_get_current_task_btf().
      - Make bpf_task_acquire() no longer return NULL, as it can no longer be
        called with a NULL task.
      - Removed unnecessary is_test_kfunc_task() checks from failure
        testcases.
      
      v5 -> v6:
      - Add a new KF_OWNED_ARGS kfunc flag which may be used by kfuncs to
        express that they require trusted, refcounted args (Kumar)
      - Rename PTR_NESTED -> PTR_WALKED in the verifier (Kumar)
      - Convert reg_type_str() prefixes to use snprintf() instead of strncpy()
        (Kumar)
      - Add PTR_TO_BTF_ID | PTR_WALKED to missing struct btf_reg_type
        instances -- specifically btf_id_sock_common_types, and
        percpu_btf_ptr_types.
      - Add a missing PTR_TO_BTF_ID | PTR_WALKED switch case entry in
        check_func_arg_reg_off(), which is required when validating helper
        calls (Kumar)
      - Update reg_type_mismatch_ok() to check base types for the registers
        (i.e. to accommodate type modifiers). Additionally, add a lengthy
        comment that explains why this is being done (Kumar)
      - Update convert_ctx_accesses() to also issue probe reads for
        PTR_TO_BTF_ID | PTR_WALKED (Kumar)
      - Update selftests to expect new prefix reg type strings.
      - Rename task_kfunc_acquire_trusted_nested testcase to
        task_kfunc_acquire_trusted_walked, and fix a comment (Kumar)
      - Remove KF_TRUSTED_ARGS from bpf_task_release(), which already includes
        KF_RELEASE (Kumar)
      - Add bpf-next in patch subject lines (Kumar)
      
      v4 -> v5:
      - Fix an improperly formatted patch title.
      
      v3 -> v4:
      - Remove an unnecessary check from my repository that I forgot to remove
        after debugging something.
      
      v2 -> v3:
      - Make bpf_task_acquire() check for NULL, and include KF_RET_NULL
        (Martin)
      - Include new PTR_NESTED register modifier type flag which specifies
        whether a pointer was obtained from walking a struct. Use this to
        expand the meaning of KF_TRUSTED_ARGS to include trusted pointers that
        were passed from the kernel (Kumar)
      - Add more selftests to the task_kfunc selftest suite which verify that
        you cannot pass a walked pointer to bpf_task_acquire().
      - Update bpf_task_acquire() to also specify KF_TRUSTED_ARGS.
      
      v1 -> v2:
      - Rename tracing_btf_ids to generic_kfunc_btf_ids, and add the new
        kfuncs to that list instead of making a separate btf id list (Alexei).
      - Don't run the new selftest suite on s390x, which doesn't appear to
        support invoking kfuncs.
      - Add a missing __diag_ignore block for -Wmissing-prototypes
        (lkp@intel.com).
      - Fix formatting on some of the SPDX-License-Identifier tags.
      - Clarified the function header comment a bit on bpf_task_kptr_get().
      ====================
      Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      efc1970d