bpf: magic kernel functions #6250
Open
+312
−77
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Upstream branch: 54c134f |
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
bpf-next_base
branch
from
b8a9697 to
0ff1d70
Compare
|
Upstream branch: e2e668b |
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
series/1017427=>bpf-next
branch
from
210be09 to
896ba31
Compare
|
Upstream branch: e2e668b |
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
series/1017427=>bpf-next
branch
from
896ba31 to
8a894a8
Compare
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
bpf-next_base
branch
from
0ff1d70 to
75ba762
Compare
|
Upstream branch: d28c0e4 |
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
series/1017427=>bpf-next
branch
from
8a894a8 to
4790e92
Compare
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
bpf-next_base
branch
from
75ba762 to
385f65b
Compare
Implement macros in btf_ids.h to enable a calculation of BTF_ID_LIST size. This is done by declaring an additional __end symbol which can then be used as an indicator of the end of an array. Signed-off-by: Ihor Solodrai <[email protected]>
btf_kfunc_id_set_contains() is called by fetch_kfunc_meta() in the BPF
verifier to get the kfunc flags stored in the .BTF_ids ELF section.
If it returns NULL instead of a valid pointer, it's interpreted by the
verifier as an illegal kfunc usage which fails the verification.
Conceptually, there are two potential reasons for
btf_kfunc_id_set_contains() to return NULL:
1. Provided kfunc BTF id is not present in relevant kfunc id sets.
2. The kfunc is not allowed, as determined by the program type
specific filter [1].
The filter functions accept a pointer to `struct bpf_prog`, so they
might implicitly depend on earlier stages of verification, when
bpf_prog members are set.
For example, bpf_qdisc_kfunc_filter() in linux/net/sched/bpf_qdisc.c
inspects prog->aux->st_ops [2], which is initialized in:
check_attach_btf_id() -> check_struct_ops_btf_id()
So far this hasn't been an issue, because fetch_kfunc_meta() is the
only place where lookup + filter logic is applied to a kfunc id.
However in subsequent patches of this series it is necessary to
inspect kfunc flags earlier in BPF verifier, in the add_kfunc_call().
To resolve this, refactor btf_kfunc_id_set_contains() into two
interface functions: btf_kfunc_flags() that does not apply the
filters, and btf_kfunc_flags_if_allowed() that does.
[1] https://lore.kernel.org/all/[email protected]/
[2] https://lore.kernel.org/all/[email protected]/
Signed-off-by: Ihor Solodrai <[email protected]>
Reviewed-by: Eduard Zingerman <[email protected]>
A kernel function bpf_foo with KF_MAGIC_ARGS flag is expected to have
two types in BTF:
* `bpf_foo` with a function prototype that omits __magic arguments
* `bpf_foo_impl` with a function prototype that matches kernel
declaration, but doesn't have a ksym associated with its name
In order to support magic kfuncs the verifier has to know how to
resolve calls both of `bpf_foo` and `bpf_foo_impl` to the correct BTF
function prototype and address.
In add_kfunc_call() kfunc flags are inspected to detect a magic kfunc
or its _impl, and then the address and func_proto are adjusted for the
kfunc descriptor.
In fetch_kfunc_meta() similar logic is used to fixup the contents of
struct bpf_kfunc_call_arg_meta.
In check_kfunc_call() reset the subreg_def of registers holding magic
arguments to correctly track zero extensions.
Signed-off-by: Ihor Solodrai <[email protected]>
Teach the verifier that the prog_aux argument of a kfunc can be specified with __magic suffix, in which case the type of the function parameter must be checked. Signed-off-by: Ihor Solodrai <[email protected]>
* Rename bpf_wq_set_callback_impl to bpf_wq_set_callback * void *aux__prog => struct bpf_prog_aux *aux__magic * Set KF_MAGIC_ARGS kfunc flag * Add bpf_wq_set_callback and _impl to magic_kfuncs BTF_ID_LIST * Update special kfunc checks in the verifier to accept both _impl and non-_impl BTF ids In the selftests, a bpf_wq_set_callback_impl() call is intentionally introduced to verify that both signatures are handled correctly. Signed-off-by: Ihor Solodrai <[email protected]>
Add sections explaining KF_MAGIC_ARGS kfunc flag and __magic argument annotation. Mark __prog annotation as deprecated. Signed-off-by: Ihor Solodrai <[email protected]>
* void *aux__prog => struct bpf_prog_aux *aux__magic * Set KF_MAGIC_ARGS flag * Add relevant symbols to magic_kfuncs list * Update selftests to use the new signature Signed-off-by: Ihor Solodrai <[email protected]>
* void *aux__prog => struct bpf_prog_aux *aux__magic * Set KF_MAGIC_ARGS flag * Add relevant symbols to magic_kfuncs list * Update selftests to use the new signature bpf_stream_vprintk macro is changed to use bpf_stream_vprintk_impl, and the extern definition of bpf_stream_vprintk is replaced with _impl version in bpf_helpers.h This should help with backwards compatibility, as the API of bpf_stream_vprintk macro hasn't changed. Signed-off-by: Ihor Solodrai <[email protected]>
|
Upstream branch: 5701d5a |
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
series/1017427=>bpf-next
branch
from
4790e92 to
74d7667
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull request for series with
subject: bpf: magic kernel functions
version: 1
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=1017427