From patchwork Fri Jun 3 15:40:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Toke_H=C3=B8iland-J=C3=B8rgensen?= X-Patchwork-Id: 12869156 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 68AF0CCA47C for ; Fri, 3 Jun 2022 15:42:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245635AbiFCPmZ (ORCPT ); Fri, 3 Jun 2022 11:42:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43210 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S245619AbiFCPmW (ORCPT ); Fri, 3 Jun 2022 11:42:22 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id AD8E26410 for ; Fri, 3 Jun 2022 08:42:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1654270937; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fQ3r8GSbtHTbZrdB4Ec0MRsOtVvi/yoXUAYb6+28s6g=; b=GeXmtyh9/cCg80+oRBJrlFPnuUg0nB+AmWhU75lmU6EpRKiwBRkiXPN+bQlY8IaGzubWCb IeDtylr8A6nPHJLhREcp671dAbM0OFEyP5ZsYsU01xgyq57pc99kvrC1cOO4uOQy1gFH2T RzRKViPQH7kxnw06sFJIM7rXuey39yc= Received: from mail-ej1-f69.google.com (mail-ej1-f69.google.com [209.85.218.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-219-zqlYDIAUMRSTAhWlEwp9Mw-1; Fri, 03 Jun 2022 11:42:16 -0400 X-MC-Unique: zqlYDIAUMRSTAhWlEwp9Mw-1 Received: by mail-ej1-f69.google.com with SMTP id bt15-20020a170906b14f00b006fe9c3afbc2so4208720ejb.17 for ; Fri, 03 Jun 2022 08:42:15 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=fQ3r8GSbtHTbZrdB4Ec0MRsOtVvi/yoXUAYb6+28s6g=; b=j5eDl3yBad1dOYkTAfF34a5LvLfyKou9eqWEZHaEXllEoQNybCig6LErRxulnNy0kW OSgAE70uHaDaN4yJZY5knLFxBYGh0DcEv/GD/lEcOm7JTvX/tJIS2S83xH6ULr+yq1ap CaiJUATasLciN+ERv+ftcixEmv63QEmJGV2jSdPLiTyjhIl7mhCvBuLDG5/DqIffxxsK wpXlE8PWlONqHTeafOXpQNdDJE4HfSNLNR7JY8T0vYRK5LbSgckXX01U7gwrP3AYfAHQ 4pCWHBed+uLRbk6mmW7I291OLGXPvinxMqOU5CoGZI9BsM6OPNJQy6tWD/W3QrIwlG4u f0Aw== X-Gm-Message-State: AOAM532uKSDU3ZHmcdgcnhTtvUW4Gpd3RnwY+I3rCutHGroDLb8gmatE aPEGQZPFgi4YvxTMvuy9wTPignGQQb7xTbH/tljVJ3jIVkBt7haqRZcdDt5MgrakGZJRi2QKbfW T0uZuS23nrIkPOBvj X-Received: by 2002:a17:907:6d15:b0:6fd:d985:889b with SMTP id sa21-20020a1709076d1500b006fdd985889bmr9339824ejc.753.1654270934045; Fri, 03 Jun 2022 08:42:14 -0700 (PDT) X-Google-Smtp-Source: ABdhPJytoY88hs8OijZfWo0hBZWbCDVpbnSkElomDqA1GN3kEewUb0KlJSC+duEBuWOzqg+dO19GzA== X-Received: by 2002:a17:907:6d15:b0:6fd:d985:889b with SMTP id sa21-20020a1709076d1500b006fdd985889bmr9339785ejc.753.1654270933718; Fri, 03 Jun 2022 08:42:13 -0700 (PDT) Received: from alrua-x1.borgediget.toke.dk ([45.145.92.2]) by smtp.gmail.com with ESMTPSA id s9-20020a056402164900b0042ddfbea36asm4308472edx.62.2022.06.03.08.42.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Jun 2022 08:42:13 -0700 (PDT) Received: by alrua-x1.borgediget.toke.dk (Postfix, from userid 1000) id D22DB4053BC; Fri, 3 Jun 2022 17:42:10 +0200 (CEST) From: =?utf-8?q?Toke_H=C3=B8iland-J=C3=B8rgensen?= To: Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Kumar Kartikeya Dwivedi Cc: =?utf-8?q?Toke_H=C3=B8iland-J=C3=B8rgensen?= , Simon Sundberg , netdev@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH bpf 1/2] bpf: Fix calling global functions from BPF_PROG_TYPE_EXT programs Date: Fri, 3 Jun 2022 17:40:26 +0200 Message-Id: <20220603154028.24904-1-toke@redhat.com> X-Mailer: git-send-email 2.36.1 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net The verifier allows programs to call global functions as long as their argument types match, using BTF to check the function arguments. One of the allowed argument types to such global functions is PTR_TO_CTX; however the check for this fails on BPF_PROG_TYPE_EXT functions because the verifier uses the wrong type to fetch the vmlinux BTF ID for the program context type. This failure is seen when an XDP program is loaded using libxdp (which loads it as BPF_PROG_TYPE_EXT and attaches it to a global XDP type program). Fix the issue by passing in the target program type instead of the BPF_PROG_TYPE_EXT type to bpf_prog_get_ctx() when checking function argument compatibility. The first Fixes tag refers to the latest commit that touched the code in question, while the second one points to the code that first introduced the global function call verification. Fixes: 3363bd0cfbb8 ("bpf: Extend kfunc with PTR_TO_CTX, PTR_TO_MEM argument support") Fixes: 51c39bb1d5d1 ("bpf: Introduce function-by-function verification") Reported-by: Simon Sundberg Signed-off-by: Toke Høiland-Jørgensen --- kernel/bpf/btf.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c index 7bccaa4646e5..361de7304c4d 100644 --- a/kernel/bpf/btf.c +++ b/kernel/bpf/btf.c @@ -6054,6 +6054,7 @@ static int btf_check_func_arg_match(struct bpf_verifier_env *env, struct bpf_reg_state *regs, bool ptr_to_mem_ok) { + enum bpf_prog_type prog_type = env->prog->type; struct bpf_verifier_log *log = &env->log; u32 i, nargs, ref_id, ref_obj_id = 0; bool is_kfunc = btf_is_kernel(btf); @@ -6095,6 +6096,9 @@ static int btf_check_func_arg_match(struct bpf_verifier_env *env, BTF_KFUNC_TYPE_KPTR_ACQUIRE, func_id); } + if (prog_type == BPF_PROG_TYPE_EXT && env->prog->aux->dst_prog) + prog_type = env->prog->aux->dst_prog->type; + /* check that BTF function arguments match actual types that the * verifier sees. */ @@ -6171,7 +6175,7 @@ static int btf_check_func_arg_match(struct bpf_verifier_env *env, return -EINVAL; } /* rest of the arguments can be anything, like normal kfunc */ - } else if (btf_get_prog_ctx_type(log, btf, t, env->prog->type, i)) { + } else if (btf_get_prog_ctx_type(log, btf, t, prog_type, i)) { /* If function expects ctx type in BTF check that caller * is passing PTR_TO_CTX. */ From patchwork Fri Jun 3 15:40:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Toke_H=C3=B8iland-J=C3=B8rgensen?= X-Patchwork-Id: 12869157 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id EC1EBCCA480 for ; Fri, 3 Jun 2022 15:42:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245619AbiFCPm0 (ORCPT ); Fri, 3 Jun 2022 11:42:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43268 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S245610AbiFCPmY (ORCPT ); Fri, 3 Jun 2022 11:42:24 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 516C46302 for ; Fri, 3 Jun 2022 08:42:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1654270938; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8NCo7B84IbZwp1XsoEqfFhvfdIIB+fp6To7YmcMn/zU=; b=UoR5Wwqt8lVZ6IlOHWiZNop8C3GiikMUxslKy9neWDzcr85BIwJmMu1OqZajhklRn747EU yDeUnq8se1VFy7XODsTOIMupnC6wxk5wQi89L7ckDw3lI8zBjV2jukC0teFr4N/Mh+ur94 aqPUMyMn3CFm+ynwV61py5Aq70gYH/w= Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com [209.85.208.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-93-i83csmHaO3Wu2LMnSgSyLA-1; Fri, 03 Jun 2022 11:42:16 -0400 X-MC-Unique: i83csmHaO3Wu2LMnSgSyLA-1 Received: by mail-ed1-f72.google.com with SMTP id t14-20020a056402020e00b0042bd6f4467cso5678826edv.9 for ; Fri, 03 Jun 2022 08:42:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=8NCo7B84IbZwp1XsoEqfFhvfdIIB+fp6To7YmcMn/zU=; b=T2aJOEI9024v/f97I4jhwMRJdLbDfq+Z2JW0JX4RXo2/gYBrxx2mB96oIZcIaHgsUd 5gws73c9GOV+Gyjuf0+viHyMlFTety1RgDC4CLopJFX8Uu68Qc415TQoN/8sHWD7M+KG 0JYFlmNKX/mv1pt05HvCRPTJMjlXVV+K2qtqWXojJ0NyjYo7gRvtz2uxTSze6DMAxqXr 3ACb1faW52aXtS+mGDwNpmWHMdbYt8g36rl8dEkGAtDb8c4R7Bnz0eKCeg7R7OUsuo/p w4ZcCeTdlQHRO8sHPswsLa9heWC+SFqRZFVGDlrMoyiwdPzrl8VnqbHq5+mP0fzt7pIQ USnA== X-Gm-Message-State: AOAM532BDEooW926Zhbbuuwv7m+17nU8emaeTfnTmRe7hC5cUqhh3Ipg DleWWDfwNw455URO2He9UE2VAMUMazV0hIYPS6nkDBZyFY1nFeKqEge98b6gmewYymlM9wphoPj k/v66HT1OklJdACyJ X-Received: by 2002:a05:6402:4412:b0:42b:a784:3dd2 with SMTP id y18-20020a056402441200b0042ba7843dd2mr11743435eda.162.1654270934953; Fri, 03 Jun 2022 08:42:14 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzuzE5eIyuIu2WL5SpNrIPkWGKyxrMr96WC8p4jcvTzUUA0GPpH16KMw9jRibBCnKNem4sf8Q== X-Received: by 2002:a05:6402:4412:b0:42b:a784:3dd2 with SMTP id y18-20020a056402441200b0042ba7843dd2mr11743408eda.162.1654270934721; Fri, 03 Jun 2022 08:42:14 -0700 (PDT) Received: from alrua-x1.borgediget.toke.dk ([45.145.92.2]) by smtp.gmail.com with ESMTPSA id d7-20020a056402400700b0042e15364d14sm2374709eda.8.2022.06.03.08.42.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Jun 2022 08:42:14 -0700 (PDT) Received: by alrua-x1.borgediget.toke.dk (Postfix, from userid 1000) id 851BB4053BE; Fri, 3 Jun 2022 17:42:12 +0200 (CEST) From: =?utf-8?q?Toke_H=C3=B8iland-J=C3=B8rgensen?= To: Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh Cc: =?utf-8?q?Toke_H=C3=B8iland-J=C3=B8rgensen?= , Shuah Khan , netdev@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH bpf 2/2] selftests/bpf: Add selftest for calling global functions from freplace Date: Fri, 3 Jun 2022 17:40:27 +0200 Message-Id: <20220603154028.24904-2-toke@redhat.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: <20220603154028.24904-1-toke@redhat.com> References: <20220603154028.24904-1-toke@redhat.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: bpf@iogearbox.net Add a selftest that calls a global function with a context object parameter from an freplace function to check that the program context type is correctly converted to the freplace target when fetching the context type from the kernel BTF. Signed-off-by: Toke Høiland-Jørgensen --- .../selftests/bpf/prog_tests/fexit_bpf2bpf.c | 13 ++++++++++ .../bpf/progs/freplace_global_func.c | 24 +++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 tools/testing/selftests/bpf/progs/freplace_global_func.c diff --git a/tools/testing/selftests/bpf/prog_tests/fexit_bpf2bpf.c b/tools/testing/selftests/bpf/prog_tests/fexit_bpf2bpf.c index d9aad15e0d24..6e86a1d92e97 100644 --- a/tools/testing/selftests/bpf/prog_tests/fexit_bpf2bpf.c +++ b/tools/testing/selftests/bpf/prog_tests/fexit_bpf2bpf.c @@ -395,6 +395,17 @@ static void test_func_map_prog_compatibility(void) "./test_attach_probe.o"); } +static void test_func_replace_global_func(void) +{ + const char *prog_name[] = { + "freplace/test_pkt_access", + }; + test_fexit_bpf2bpf_common("./freplace_global_func.o", + "./test_pkt_access.o", + ARRAY_SIZE(prog_name), + prog_name, false, NULL); +} + /* NOTE: affect other tests, must run in serial mode */ void serial_test_fexit_bpf2bpf(void) { @@ -416,4 +427,6 @@ void serial_test_fexit_bpf2bpf(void) test_func_replace_multi(); if (test__start_subtest("fmod_ret_freplace")) test_fmod_ret_freplace(); + if (test__start_subtest("func_replace_global_func")) + test_func_replace_global_func(); } diff --git a/tools/testing/selftests/bpf/progs/freplace_global_func.c b/tools/testing/selftests/bpf/progs/freplace_global_func.c new file mode 100644 index 000000000000..d9f8276229cc --- /dev/null +++ b/tools/testing/selftests/bpf/progs/freplace_global_func.c @@ -0,0 +1,24 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (c) 2019 Facebook */ +#include +#include +#include +#include +#include + +__attribute__ ((noinline)) +int test_ctx_global_func(struct __sk_buff *skb) +{ + volatile int retval = 1; + return retval; +} + +__u64 test_pkt_access_global_func = 0; +SEC("freplace/test_pkt_access") +int new_test_pkt_access(struct __sk_buff *skb) +{ + test_pkt_access_global_func = test_ctx_global_func(skb); + return -1; +} + +char _license[] SEC("license") = "GPL";