• Martin KaFai Lau's avatar
    bpf: Add map_meta_equal map ops · f4d05259
    Martin KaFai Lau authored
    Some properties of the inner map is used in the verification time.
    When an inner map is inserted to an outer map at runtime,
    bpf_map_meta_equal() is currently used to ensure those properties
    of the inserting inner map stays the same as the verification
    time.
    
    In particular, the current bpf_map_meta_equal() checks max_entries which
    turns out to be too restrictive for most of the maps which do not use
    max_entries during the verification time.  It limits the use case that
    wants to replace a smaller inner map with a larger inner map.  There are
    some maps do use max_entries during verification though.  For example,
    the map_gen_lookup in array_map_ops uses the max_entries to generate
    the inline lookup code.
    
    To accommodate differences between maps, the map_meta_equal is added
    to bpf_map_ops.  Each map-type can decide what to check when its
    map is used as an inner map during runtime.
    
    Also, some map types cannot be used as an inner map and they are
    currently black listed in bpf_map_meta_alloc() in map_in_map.c.
    It is not unusual that the new map types may not aware that such
    blacklist exists.  This patch enforces an explicit opt-in
    and only allows a map to be used as an inner map if it has
    implemented the map_meta_equal ops.  It is based on the
    discussion in [1].
    
    All maps that support inner map has its map_meta_equal points
    to bpf_map_meta_equal in this patch.  A later patch will
    relax the max_entries check for most maps.  bpf_types.h
    counts 28 map types.  This patch adds 23 ".map_meta_equal"
    by using coccinelle.  -5 for
    	BPF_MAP_TYPE_PROG_ARRAY
    	BPF_MAP_TYPE_(PERCPU)_CGROUP_STORAGE
    	BPF_MAP_TYPE_STRUCT_OPS
    	BPF_MAP_TYPE_ARRAY_OF_MAPS
    	BPF_MAP_TYPE_HASH_OF_MAPS
    
    The "if (inner_map->inner_map_meta)" check in bpf_map_meta_alloc()
    is moved such that the same error is returned.
    
    [1]: https://lore.kernel.org/bpf/20200522022342.899756-1-kafai@fb.com/Signed-off-by: default avatarMartin KaFai Lau <kafai@fb.com>
    Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
    Link: https://lore.kernel.org/bpf/20200828011806.1970400-1-kafai@fb.com
    f4d05259
syscall.c 99.7 KB