| Message ID | 20210326100314.121853-1-toke@redhat.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 12aa8a9467b354ef893ce0fc5719a4de4949a9fb |
| Delegated to: | BPF |
| Headers | show |
| Series | [bpf,v3,1/2] bpf: enforce that struct_ops programs be GPL-only | expand |
| Context | Check | Description |
|---|---|---|
| netdev/cover_letter | success | Link |
| netdev/fixes_present | success | Link |
| netdev/patch_count | success | Link |
| netdev/tree_selection | success | Clearly marked for bpf |
| netdev/subject_prefix | success | Link |
| netdev/cc_maintainers | success | CCed 10 of 10 maintainers |
| netdev/source_inline | success | Was 0 now: 0 |
| netdev/verify_signedoff | success | Link |
| netdev/module_param | success | Was 0 now: 0 |
| netdev/build_32bit | success | Errors and warnings before: 17 this patch: 17 |
| netdev/kdoc | success | Errors and warnings before: 0 this patch: 0 |
| netdev/verify_fixes | success | Link |
| netdev/checkpatch | warning | WARNING: line length of 89 exceeds 80 columns |
| netdev/build_allmodconfig_warn | success | Errors and warnings before: 17 this patch: 17 |
| netdev/header_inline | success | Link |
Hello: This series was applied to bpf/bpf.git (refs/heads/master): On Fri, 26 Mar 2021 11:03:13 +0100 you wrote: > With the introduction of the struct_ops program type, it became possible to > implement kernel functionality in BPF, making it viable to use BPF in place > of a regular kernel module for these particular operations. > > Thus far, the only user of this mechanism is for implementing TCP > congestion control algorithms. These are clearly marked as GPL-only when > implemented as modules (as seen by the use of EXPORT_SYMBOL_GPL for > tcp_register_congestion_control()), so it seems like an oversight that this > was not carried over to BPF implementations. Since this is the only user > of the struct_ops mechanism, just enforcing GPL-only for the struct_ops > program type seems like the simplest way to fix this. > > [...] Here is the summary with links: - [bpf,v3,1/2] bpf: enforce that struct_ops programs be GPL-only https://git.kernel.org/bpf/bpf/c/12aa8a9467b3 - [bpf,v3,2/2] bpf/selftests: test that kernel rejects a TCP CC with an invalid license https://git.kernel.org/bpf/bpf/c/d8e8052e42d0 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 44e4ec1640f1..3a738724a380 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -12158,6 +12158,11 @@ static int check_struct_ops_btf_id(struct bpf_verifier_env *env) u32 btf_id, member_idx; const char *mname; + if (!prog->gpl_compatible) { + verbose(env, "struct ops programs must have a GPL compatible license\n"); + return -EINVAL; + } + btf_id = prog->aux->attach_btf_id; st_ops = bpf_struct_ops_find(btf_id); if (!st_ops) {
With the introduction of the struct_ops program type, it became possible to implement kernel functionality in BPF, making it viable to use BPF in place of a regular kernel module for these particular operations. Thus far, the only user of this mechanism is for implementing TCP congestion control algorithms. These are clearly marked as GPL-only when implemented as modules (as seen by the use of EXPORT_SYMBOL_GPL for tcp_register_congestion_control()), so it seems like an oversight that this was not carried over to BPF implementations. Since this is the only user of the struct_ops mechanism, just enforcing GPL-only for the struct_ops program type seems like the simplest way to fix this. v3: No change v2: Move check to the top of check_struct_ops_btf_id(). Fixes: 0baf26b0fcd7 ("bpf: tcp: Support tcp_congestion_ops in bpf") Acked-by: Martin KaFai Lau <kafai@fb.com> Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com> --- kernel/bpf/verifier.c | 5 +++++ 1 file changed, 5 insertions(+)