[bpf-next,v3,01/10] bpf: btf: Add btf_type_by_name_kind

Message ID	20200123152440.28956-2-kpsingh@chromium.org (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=QZUe=3M=vger.kernel.org=linux-security-module-owner@kernel.org> From: KP Singh <kpsingh@chromium.org> To: linux-kernel@vger.kernel.org, bpf@vger.kernel.org, linux-security-module@vger.kernel.org Cc: Brendan Jackman <jackmanb@google.com>, Florent Revest <revest@google.com>, Thomas Garnier <thgarnie@google.com>, Alexei Starovoitov <ast@kernel.org>, Daniel Borkmann <daniel@iogearbox.net>, James Morris <jmorris@namei.org>, Kees Cook <keescook@chromium.org>, Thomas Garnier <thgarnie@chromium.org>, Michael Halcrow <mhalcrow@google.com>, Paul Turner <pjt@google.com>, Brendan Gregg <brendan.d.gregg@gmail.com>, Jann Horn <jannh@google.com>, Matthew Garrett <mjg59@google.com>, Christian Brauner <christian@brauner.io>, =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= <mic@digikod.net>, Florent Revest <revest@chromium.org>, Brendan Jackman <jackmanb@chromium.org>, Martin KaFai Lau <kafai@fb.com>, Song Liu <songliubraving@fb.com>, Yonghong Song <yhs@fb.com>, "Serge E. Hallyn" <serge@hallyn.com>, Mauro Carvalho Chehab <mchehab+samsung@kernel.org>, "David S. Miller" <davem@davemloft.net>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Nicolas Ferre <nicolas.ferre@microchip.com>, Stanislav Fomichev <sdf@google.com>, Quentin Monnet <quentin.monnet@netronome.com>, Andrey Ignatov <rdna@fb.com>, Joe Stringer <joe@wand.net.nz> Subject: [PATCH bpf-next v3 01/10] bpf: btf: Add btf_type_by_name_kind Date: Thu, 23 Jan 2020 07:24:31 -0800 Message-Id: <20200123152440.28956-2-kpsingh@chromium.org> In-Reply-To: <20200123152440.28956-1-kpsingh@chromium.org> References: <20200123152440.28956-1-kpsingh@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk
Series	MAC and Audit policy using eBPF (KRSI) \| expand [bpf-next,v3,00/10] MAC and Audit policy using eBPF (KRSI) [bpf-next,v3,01/10] bpf: btf: Add btf_type_by_name_kind [bpf-next,v3,02/10] bpf: lsm: Add a skeleton and config options [bpf-next,v3,03/10] bpf: lsm: Introduce types for eBPF based LSM [bpf-next,v3,04/10] bpf: lsm: Add mutable hooks list for the BPF LSM [bpf-next,v3,05/10] bpf: lsm: BTF API for LSM hooks [bpf-next,v3,06/10] bpf: lsm: Implement attach, detach and execution [bpf-next,v3,07/10] bpf: lsm: Make the allocated callback RO+X [bpf-next,v3,08/10] tools/libbpf: Add support for BPF_PROG_TYPE_LSM [bpf-next,v3,09/10] bpf: lsm: Add selftests for BPF_PROG_TYPE_LSM [bpf-next,v3,10/10] bpf: lsm: Add Documentation

Message ID

20200123152440.28956-2-kpsingh@chromium.org (mailing list archive)

State

New, archived

Headers

From: KP Singh <kpsingh@chromium.org>
To: linux-kernel@vger.kernel.org, bpf@vger.kernel.org,
        linux-security-module@vger.kernel.org
Cc: Brendan Jackman <jackmanb@google.com>, Florent Revest <revest@google.com>,
 Thomas Garnier <thgarnie@google.com>, Alexei Starovoitov <ast@kernel.org>,
 Daniel Borkmann <daniel@iogearbox.net>, James Morris <jmorris@namei.org>,
 Kees Cook <keescook@chromium.org>, Thomas Garnier <thgarnie@chromium.org>,
 Michael Halcrow <mhalcrow@google.com>, Paul Turner <pjt@google.com>,
 Brendan Gregg <brendan.d.gregg@gmail.com>, Jann Horn <jannh@google.com>,
 Matthew Garrett <mjg59@google.com>, Christian Brauner <christian@brauner.io>,
	=?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= <mic@digikod.net>,
 Florent Revest <revest@chromium.org>,
 Brendan Jackman <jackmanb@chromium.org>, Martin KaFai Lau <kafai@fb.com>,
 Song Liu <songliubraving@fb.com>, Yonghong Song <yhs@fb.com>,
 "Serge E. Hallyn" <serge@hallyn.com>,
 Mauro Carvalho Chehab <mchehab+samsung@kernel.org>,
 "David S. Miller" <davem@davemloft.net>,
 Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
 Nicolas Ferre <nicolas.ferre@microchip.com>,
 Stanislav Fomichev <sdf@google.com>,
 Quentin Monnet <quentin.monnet@netronome.com>, Andrey Ignatov <rdna@fb.com>,
 Joe Stringer <joe@wand.net.nz>
Subject: [PATCH bpf-next v3 01/10] bpf: btf: Add btf_type_by_name_kind
Date: Thu, 23 Jan 2020 07:24:31 -0800
Message-Id: <20200123152440.28956-2-kpsingh@chromium.org>
In-Reply-To: <20200123152440.28956-1-kpsingh@chromium.org>
References: <20200123152440.28956-1-kpsingh@chromium.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: owner-linux-security-module@vger.kernel.org
Precedence: bulk

Series

MAC and Audit policy using eBPF (KRSI) | expand

Commit Message

KP Singh Jan. 23, 2020, 3:24 p.m. UTC

From: KP Singh <kpsingh@google.com>

- The LSM code does the combination of btf_find_by_name_kind and
  btf_type_by_id a couple of times to figure out the BTF type for
  security_hook_heads and security_list_options.
- Add an extern for btf_vmlinux in btf.h

Signed-off-by: KP Singh <kpsingh@google.com>
Reviewed-by: Brendan Jackman <jackmanb@google.com>
Reviewed-by: Florent Revest <revest@google.com>
Reviewed-by: Thomas Garnier <thgarnie@google.com>
---
 include/linux/btf.h |  3 +++
 kernel/bpf/btf.c    | 12 ++++++++++++
 2 files changed, 15 insertions(+)

Comments

Andrii Nakryiko Jan. 23, 2020, 8:06 p.m. UTC | #1

On Thu, Jan 23, 2020 at 7:25 AM KP Singh <kpsingh@chromium.org> wrote:
>
> From: KP Singh <kpsingh@google.com>
>
> - The LSM code does the combination of btf_find_by_name_kind and
>   btf_type_by_id a couple of times to figure out the BTF type for
>   security_hook_heads and security_list_options.
> - Add an extern for btf_vmlinux in btf.h
>
> Signed-off-by: KP Singh <kpsingh@google.com>
> Reviewed-by: Brendan Jackman <jackmanb@google.com>
> Reviewed-by: Florent Revest <revest@google.com>
> Reviewed-by: Thomas Garnier <thgarnie@google.com>
> ---
>  include/linux/btf.h |  3 +++
>  kernel/bpf/btf.c    | 12 ++++++++++++
>  2 files changed, 15 insertions(+)
>
> diff --git a/include/linux/btf.h b/include/linux/btf.h
> index 5c1ea99b480f..d4e859f90a39 100644
> --- a/include/linux/btf.h
> +++ b/include/linux/btf.h
> @@ -15,6 +15,7 @@ struct btf_type;
>  union bpf_attr;
>
>  extern const struct file_operations btf_fops;
> +extern struct btf *btf_vmlinux;
>
>  void btf_put(struct btf *btf);
>  int btf_new_fd(const union bpf_attr *attr);
> @@ -66,6 +67,8 @@ const struct btf_type *
>  btf_resolve_size(const struct btf *btf, const struct btf_type *type,
>                  u32 *type_size, const struct btf_type **elem_type,
>                  u32 *total_nelems);
> +const struct btf_type *btf_type_by_name_kind(
> +       struct btf *btf, const char *name, u8 kind);
>
>  #define for_each_member(i, struct_type, member)                        \
>         for (i = 0, member = btf_type_member(struct_type);      \
> diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
> index 32963b6d5a9c..ea53c16802cb 100644
> --- a/kernel/bpf/btf.c
> +++ b/kernel/bpf/btf.c
> @@ -441,6 +441,18 @@ const struct btf_type *btf_type_resolve_func_ptr(const struct btf *btf,
>         return NULL;
>  }
>
> +const struct btf_type *btf_type_by_name_kind(
> +       struct btf *btf, const char *name, u8 kind)
> +{
> +       s32 type_id;
> +
> +       type_id = btf_find_by_name_kind(btf, name, kind);
> +       if (type_id < 0)
> +               return ERR_PTR(type_id);
> +
> +       return btf_type_by_id(btf, type_id);
> +}
> +

is it worth having this as a separate global function? If
btf_find_by_name_kind returns valid ID, then you don't really need to
check btf_type_by_id result, it is always going to be valid. So the
pattern becomes:

type_id = btf_find_by_name_kind(btf, name, kind);
if (type_id < 0)
  goto handle_error;
t = btf_type_by_id(btf, type_id);
/* now just use t */

which is not much more verbose than:

t = btf_type_by_name_kind(btf, name, kind);
if (IS_ERR(t))
  goto handle_error
/* now use t */


>  /* Types that act only as a source, not sink or intermediate
>   * type when resolving.
>   */
> --
> 2.20.1
>

KP Singh Jan. 24, 2020, 2:12 p.m. UTC | #2

On 23-Jan 12:06, Andrii Nakryiko wrote:
> On Thu, Jan 23, 2020 at 7:25 AM KP Singh <kpsingh@chromium.org> wrote:
> >
> > From: KP Singh <kpsingh@google.com>
> >
> > - The LSM code does the combination of btf_find_by_name_kind and
> >   btf_type_by_id a couple of times to figure out the BTF type for
> >   security_hook_heads and security_list_options.
> > - Add an extern for btf_vmlinux in btf.h
> >
> > Signed-off-by: KP Singh <kpsingh@google.com>
> > Reviewed-by: Brendan Jackman <jackmanb@google.com>
> > Reviewed-by: Florent Revest <revest@google.com>
> > Reviewed-by: Thomas Garnier <thgarnie@google.com>
> > ---
> >  include/linux/btf.h |  3 +++
> >  kernel/bpf/btf.c    | 12 ++++++++++++
> >  2 files changed, 15 insertions(+)
> >
> > diff --git a/include/linux/btf.h b/include/linux/btf.h
> > index 5c1ea99b480f..d4e859f90a39 100644
> > --- a/include/linux/btf.h
> > +++ b/include/linux/btf.h
> > @@ -15,6 +15,7 @@ struct btf_type;
> >  union bpf_attr;
> >
> >  extern const struct file_operations btf_fops;
> > +extern struct btf *btf_vmlinux;
> >
> >  void btf_put(struct btf *btf);
> >  int btf_new_fd(const union bpf_attr *attr);
> > @@ -66,6 +67,8 @@ const struct btf_type *
> >  btf_resolve_size(const struct btf *btf, const struct btf_type *type,
> >                  u32 *type_size, const struct btf_type **elem_type,
> >                  u32 *total_nelems);
> > +const struct btf_type *btf_type_by_name_kind(
> > +       struct btf *btf, const char *name, u8 kind);
> >
> >  #define for_each_member(i, struct_type, member)                        \
> >         for (i = 0, member = btf_type_member(struct_type);      \
> > diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
> > index 32963b6d5a9c..ea53c16802cb 100644
> > --- a/kernel/bpf/btf.c
> > +++ b/kernel/bpf/btf.c
> > @@ -441,6 +441,18 @@ const struct btf_type *btf_type_resolve_func_ptr(const struct btf *btf,
> >         return NULL;
> >  }
> >
> > +const struct btf_type *btf_type_by_name_kind(
> > +       struct btf *btf, const char *name, u8 kind)
> > +{
> > +       s32 type_id;
> > +
> > +       type_id = btf_find_by_name_kind(btf, name, kind);
> > +       if (type_id < 0)
> > +               return ERR_PTR(type_id);
> > +
> > +       return btf_type_by_id(btf, type_id);
> > +}
> > +
> 
> is it worth having this as a separate global function? If
> btf_find_by_name_kind returns valid ID, then you don't really need to
> check btf_type_by_id result, it is always going to be valid. So the
> pattern becomes:

Yeah you're right. We went from using this a few times in separate
functions to 2 times in the same function (based on the changes in
v2 -> v3)

I will drop this from the next revision.

 
> type_id = btf_find_by_name_kind(btf, name, kind);
> if (type_id < 0)
>   goto handle_error;
> t = btf_type_by_id(btf, type_id);
> /* now just use t */
> 
> which is not much more verbose than:
> 
> t = btf_type_by_name_kind(btf, name, kind);
> if (IS_ERR(t))
>   goto handle_error
> /* now use t */
> 

Agreed.

- KP

> 
> >  /* Types that act only as a source, not sink or intermediate
> >   * type when resolving.
> >   */
> > --
> > 2.20.1
> >

diff --git a/include/linux/btf.h b/include/linux/btf.h
index 5c1ea99b480f..d4e859f90a39 100644
--- a/include/linux/btf.h
+++ b/include/linux/btf.h
@@ -15,6 +15,7 @@  struct btf_type;
 union bpf_attr;
 
 extern const struct file_operations btf_fops;
+extern struct btf *btf_vmlinux;
 
 void btf_put(struct btf *btf);
 int btf_new_fd(const union bpf_attr *attr);
@@ -66,6 +67,8 @@  const struct btf_type *
 btf_resolve_size(const struct btf *btf, const struct btf_type *type,
 		 u32 *type_size, const struct btf_type **elem_type,
 		 u32 *total_nelems);
+const struct btf_type *btf_type_by_name_kind(
+	struct btf *btf, const char *name, u8 kind);
 
 #define for_each_member(i, struct_type, member)			\
 	for (i = 0, member = btf_type_member(struct_type);	\
diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
index 32963b6d5a9c..ea53c16802cb 100644
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -441,6 +441,18 @@  const struct btf_type *btf_type_resolve_func_ptr(const struct btf *btf,
 	return NULL;
 }
 
+const struct btf_type *btf_type_by_name_kind(
+	struct btf *btf, const char *name, u8 kind)
+{
+	s32 type_id;
+
+	type_id = btf_find_by_name_kind(btf, name, kind);
+	if (type_id < 0)
+		return ERR_PTR(type_id);
+
+	return btf_type_by_id(btf, type_id);
+}
+
 /* Types that act only as a source, not sink or intermediate
  * type when resolving.
  */

[bpf-next,v3,01/10] bpf: btf: Add btf_type_by_name_kind

Commit Message

Comments

Patch