[bpf-next,0/3] bpf: Introduce union trusted

Message ID	20230709025912.3837-1-laoar.shao@gmail.com (mailing list archive)
Headers	show Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 70159ECA for <bpf@vger.kernel.org>; Sun, 9 Jul 2023 02:59:26 +0000 (UTC) From: Yafang Shao <laoar.shao@gmail.com> To: ast@kernel.org, daniel@iogearbox.net, john.fastabend@gmail.com, andrii@kernel.org, martin.lau@linux.dev, song@kernel.org, yhs@fb.com, kpsingh@kernel.org, sdf@google.com, haoluo@google.com, jolsa@kernel.org Cc: bpf@vger.kernel.org, Yafang Shao <laoar.shao@gmail.com> Subject: [PATCH bpf-next 0/3] bpf: Introduce union trusted Date: Sun, 9 Jul 2023 02:59:09 +0000 Message-Id: <20230709025912.3837-1-laoar.shao@gmail.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	bpf: Introduce union trusted \| expand [bpf-next,0/3] bpf: Introduce union trusted [bpf-next,1/3] bpf: Introduce BTF_TYPE_SAFE_TRUSTED_UNION [bpf-next,2/3] selftests/bpf: Add selftests for BTF_TYPE_SAFE_TRUSTED_UNION [bpf-next,3/3] bpf: Fix an error in verifying a field in a union

Message ID

20230709025912.3837-1-laoar.shao@gmail.com (mailing list archive)

Headers

From: Yafang Shao <laoar.shao@gmail.com>
To: ast@kernel.org,
	daniel@iogearbox.net,
	john.fastabend@gmail.com,
	andrii@kernel.org,
	martin.lau@linux.dev,
	song@kernel.org,
	yhs@fb.com,
	kpsingh@kernel.org,
	sdf@google.com,
	haoluo@google.com,
	jolsa@kernel.org
Cc: bpf@vger.kernel.org,
	Yafang Shao <laoar.shao@gmail.com>
Subject: [PATCH bpf-next 0/3] bpf: Introduce union trusted
Date: Sun,  9 Jul 2023 02:59:09 +0000
Message-Id: <20230709025912.3837-1-laoar.shao@gmail.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

bpf: Introduce union trusted | expand

Message

Yafang Shao July 9, 2023, 2:59 a.m. UTC

When we are verifying a field in a union, we may verify another field
which has the same offset. So we should annotate that field as
untrusted. In some cases we have already known that some fields
are safe and then we can add them into the union trusted allow list.

Patch #3 fixes an issue found in our dev server.

Changes:
- bpf: Fix errors in verifying a union
  https://lore.kernel.org/bpf/20230628115205.248395-1-laoar.shao@gmail.com/    

Yafang Shao (3):
  bpf: Introduce BTF_TYPE_SAFE_TRUSTED_UNION
  selftests/bpf: Add selftests for BTF_TYPE_SAFE_TRUSTED_UNION
  bpf: Fix an error in verifying a field in a union

 kernel/bpf/btf.c                              | 22 +++++++++----------
 kernel/bpf/verifier.c                         | 21 ++++++++++++++++++
 .../bpf/progs/nested_trust_failure.c          | 16 ++++++++++++++
 .../bpf/progs/nested_trust_success.c          | 15 +++++++++++++
 4 files changed, 62 insertions(+), 12 deletions(-)