From patchwork Sat Aug  3 00:11:42 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Amery Hung <ameryhung@gmail.com>
X-Patchwork-Id: 13752112
X-Patchwork-Delegate: bpf@iogearbox.net
Received: from mail-vk1-f177.google.com (mail-vk1-f177.google.com
 [209.85.221.177])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 23D49191
	for <bpf@vger.kernel.org>; Sat,  3 Aug 2024 00:11:55 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.221.177
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1722643917; cv=none;
 b=J206uAOqjHPPnmNO/EQuo9DzjG1FxZEj/S+5AhcFVz0dzzzKVpUbK6qxp5i4BdIYc51SIveEVitaLoIejZoY/ZmaK40YxB/hWgBkkr5NcNDXMngEbldK/drOgGYmhqUfRIdCetabfEe2LNXwXPsIo8EncKBxNHQnUrwgYYLjNrw=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1722643917; c=relaxed/simple;
	bh=voNihqKQMuk1yidTHJCaxX/8Zu8tzRPycWP7ezl0scY=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
 b=HcD/4HhYIufih+GHjMV0jqwUed/ZY8xy5/2ijOSnIQXvOiRBMVa0EHZdckKAgJMLj3mB4aLCtbIs8n8ntDIPmoLFG4WmfBW6KcK1cYMFc1L7K0fGJhOG2U2XTfdYLE7xJV2IADCgB9ZuekhbtoIszWG14He8e/Cw5CQvpcsRJW0=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=QF0NJkZ2; arc=none smtp.client-ip=209.85.221.177
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="QF0NJkZ2"
Received: by mail-vk1-f177.google.com with SMTP id
 71dfb90a1353d-4f6c136a947so4157543e0c.1
        for <bpf@vger.kernel.org>; Fri, 02 Aug 2024 17:11:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1722643915; x=1723248715;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=wzbspOhbYy/qMsRWbmrmbMFro6v1ZxkA+TC7d+6sxbU=;
        b=QF0NJkZ2E43qbZV3MyWyasCE2JF3PV+NSInGWJ0MpS3hvE8vvN0yHYpJfzrNfOhGqp
         tuffaBrXNRbzu9BCe1Y8jz0gnUoGkPCyZha/WaPQtnqcjQvYeF4NhwjQb75KOd1G522f
         /iclMDr+vnKwkscm/2Lh4Id88FuxNhXxpyAqC/n+8xTPVCXUbZGu21BuGHTC5JmqEpfB
         J+lRgsH89zSIztStuyrsTkpSBT7dYl8gh+Jlofx9gOwi3/xUMqkiyYb1udP4CIrQvLUr
         55FJatJAR1uwRhgRM/6fxBTI75czZOCc7i5ByyBJEzWQAgLCq59edoF8AP56mSRFzSz7
         rh9g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1722643915; x=1723248715;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=wzbspOhbYy/qMsRWbmrmbMFro6v1ZxkA+TC7d+6sxbU=;
        b=r4WixVUdPqLlmigri3tzfFBPv0EfUgfKtI+nJ9mUAOVSgfzeqZi2L3KRv7PvQ+8AHZ
         oAgHNWNel1Klcwtw3gfMVe5uEQCs3zhn9arLx/ypvj4hd26rPKZNKCh73g2RXxaF6Rwa
         LH7Vuv6OqXTL6spD+m1DNIppZM6xCG+1wSG9u7vgcr6dXsMrawiNXLj/a0tHeyXbvFkL
         jABi9l5D0DhLp6u2n4O+wSeqMWZ5mN+gCnqZKvztBH1oW4x+SXbHp2sBcdiP2tAakQ6B
         oSyaXPND5TuHabTSb4TRF/wUnHZmd0bVm/nwsqWoNnp61p5QlgGq4c+8tZvHy983YIdC
         Om0w==
X-Gm-Message-State: AOJu0YxzTYxrsuISlUhpGCnGLuwtooFCZdl8Dh++c8uSWwZmfVL0Tyf6
	mN1wyJ9ze4cvLVrU7S1xYA9xG5YWoK7G3WHyiv2jjkqPsXXrMvn4KRHl+Q==
X-Google-Smtp-Source: 
 AGHT+IEK7ZORyPVJDszlyQJIyCom9kbCjpykbDzc3EuZvyvoAJuyYPLAzzHQEDnNSK6MbbXAjMhnjg==
X-Received: by 2002:a05:6122:4598:b0:4f6:adb5:aee1 with SMTP id
 71dfb90a1353d-4f8a00229f8mr6846803e0c.13.1722643914700;
        Fri, 02 Aug 2024 17:11:54 -0700 (PDT)
Received: from n36-183-057.byted.org ([130.44.215.84])
        by smtp.gmail.com with ESMTPSA id
 af79cd13be357-7a34f6dce75sm129547485a.14.2024.08.02.17.11.54
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 02 Aug 2024 17:11:54 -0700 (PDT)
From: Amery Hung <ameryhung@gmail.com>
X-Google-Original-From: Amery Hung <amery.hung@bytedance.com>
To: bpf@vger.kernel.org
Cc: daniel@iogearbox.net,
	andrii@kernel.org,
	alexei.starovoitov@gmail.com,
	martin.lau@kernel.org,
	sinquersw@gmail.com,
	davemarchevsky@fb.com,
	ameryhung@gmail.com,
	Amery Hung <amery.hung@bytedance.com>
Subject: [PATCH v2 bpf-next 1/4] bpf: Search for kptrs in prog BTF structs
Date: Sat,  3 Aug 2024 00:11:42 +0000
Message-Id: <20240803001145.635887-2-amery.hung@bytedance.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20240803001145.635887-1-amery.hung@bytedance.com>
References: <20240803001145.635887-1-amery.hung@bytedance.com>
Precedence: bulk
X-Mailing-List: bpf@vger.kernel.org
List-Id: <bpf.vger.kernel.org>
List-Subscribe: <mailto:bpf+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:bpf+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-Patchwork-Delegate: bpf@iogearbox.net

From: Dave Marchevsky <davemarchevsky@fb.com>

Currently btf_parse_fields is used in two places to create struct
btf_record's for structs: when looking at mapval type, and when looking
at any struct in program BTF. The former looks for kptr fields while the
latter does not. This patch modifies the btf_parse_fields call made when
looking at prog BTF struct types to search for kptrs as well.

Before this series there was no reason to search for kptrs in non-mapval
types: a referenced kptr needs some owner to guarantee resource cleanup,
and map values were the only owner that supported this. If a struct with
a kptr field were to have some non-kptr-aware owner, the kptr field
might not be properly cleaned up and result in resources leaking. Only
searching for kptr fields in mapval was a simple way to avoid this
problem.

In practice, though, searching for BPF_KPTR when populating
struct_meta_tab does not expose us to this risk, as struct_meta_tab is
only accessed through btf_find_struct_meta helper, and that helper is
only called in contexts where recognizing the kptr field is safe:

  * PTR_TO_BTF_ID reg w/ MEM_ALLOC flag
    * Such a reg is a local kptr and must be free'd via bpf_obj_drop,
      which will correctly handle kptr field

  * When handling specific kfuncs which either expect MEM_ALLOC input or
    return MEM_ALLOC output (obj_{new,drop}, percpu_obj_{new,drop},
    list+rbtree funcs, refcount_acquire)
     * Will correctly handle kptr field for same reasons as above

  * When looking at kptr pointee type
     * Called by functions which implement "correct kptr resource
       handling"

  * In btf_check_and_fixup_fields
     * Helper that ensures no ownership loops for lists and rbtrees,
       doesn't care about kptr field existence

So we should be able to find BPF_KPTR fields in all prog BTF structs
without leaking resources.

Further patches in the series will build on this change to support
kptr_xchg into non-mapval local kptr. Without this change there would be
no kptr field found in such a type.

On a side note, when building program BTF, the refcount of program BTF
is now initialized before btf_parse_struct_metas() to prevent a
refcount_inc() on zero warning. This happens when BPF_KPTR is present
in program BTF: btf_parse_struct_metas() -> btf_parse_fields()
-> btf_parse_kptr() -> btf_get(). This should be okay as the program BTF
is not available yet outside btf_parse().

Acked-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Dave Marchevsky <davemarchevsky@fb.com>
Signed-off-by: Amery Hung <amery.hung@bytedance.com>
---
 kernel/bpf/btf.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
index 95426d5b634e..7b8275e3e500 100644
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -5585,7 +5585,8 @@ btf_parse_struct_metas(struct bpf_verifier_log *log, struct btf *btf)
 		type = &tab->types[tab->cnt];
 		type->btf_id = i;
 		record = btf_parse_fields(btf, t, BPF_SPIN_LOCK | BPF_LIST_HEAD | BPF_LIST_NODE |
-						  BPF_RB_ROOT | BPF_RB_NODE | BPF_REFCOUNT, t->size);
+						  BPF_RB_ROOT | BPF_RB_NODE | BPF_REFCOUNT |
+						  BPF_KPTR, t->size);
 		/* The record cannot be unset, treat it as an error if so */
 		if (IS_ERR_OR_NULL(record)) {
 			ret = PTR_ERR_OR_ZERO(record) ?: -EFAULT;
@@ -5737,6 +5738,8 @@ static struct btf *btf_parse(const union bpf_attr *attr, bpfptr_t uattr, u32 uat
 	if (err)
 		goto errout;
 
+	refcount_set(&btf->refcnt, 1);
+
 	struct_meta_tab = btf_parse_struct_metas(&env->log, btf);
 	if (IS_ERR(struct_meta_tab)) {
 		err = PTR_ERR(struct_meta_tab);
@@ -5759,7 +5762,6 @@ static struct btf *btf_parse(const union bpf_attr *attr, bpfptr_t uattr, u32 uat
 		goto errout_free;
 
 	btf_verifier_env_free(env);
-	refcount_set(&btf->refcnt, 1);
 	return btf;
 
 errout_meta:

From patchwork Sat Aug  3 00:11:43 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Amery Hung <ameryhung@gmail.com>
X-Patchwork-Id: 13752113
X-Patchwork-Delegate: bpf@iogearbox.net
Received: from mail-vs1-f41.google.com (mail-vs1-f41.google.com
 [209.85.217.41])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8A885193
	for <bpf@vger.kernel.org>; Sat,  3 Aug 2024 00:11:56 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.217.41
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1722643918; cv=none;
 b=byvCK8DuRU8TKvHZ2us1A6JRxzZ1//IAZbINp0bY7H4QXxZztVseO1NX2YkPANNiJbrVotw8CbgJE9hqH7xcu2/IbE+xyl0mNw3K8TU40q38gmoKSOu4xtZyY8NEVTj+8vUbd7hgGvVJcz2M6ixpBj4qhRt9Ynpojh+QukxaOTM=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1722643918; c=relaxed/simple;
	bh=CBTN153jJzwjME+dO9P/o9STqxs6koh4Yk5fYysLgEo=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
 b=DSlwXWlXGe3bjdIw/8L9ipoXam4/WebkN6wXmhH7oaB9EvzVPAZU2uA7ilPcXwRqfG9piUqYrXsu4I7ca8p8Q5sIzp3PK1I5v1QTU4KD45MMLDR8rXsBEbiuppenbQxsCwPdm5uSvZmtBySfnj3GV9U/Mx6Y802+jUgyHdao9rY=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=mboBGY0x; arc=none smtp.client-ip=209.85.217.41
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="mboBGY0x"
Received: by mail-vs1-f41.google.com with SMTP id
 ada2fe7eead31-49299323d71so2627563137.1
        for <bpf@vger.kernel.org>; Fri, 02 Aug 2024 17:11:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1722643915; x=1723248715;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=q6p8c1OUEhv+/PTai01JOAF17KOu2jscbjKAA2ruSl0=;
        b=mboBGY0xKZvtNydyrvLBLV/HQwx5FJzy2Qaxoq8CQ8SpXr+AatGyFiluWntrI0+g9o
         HE3oO5kE5MybAkEru5EHClTts4hzP+HJilSCo7mj9ocYuYGWzqI4j5IVHQjlb4x8HIfU
         2EclLdfvq4rcF5cg9LQcLYJsv5ZFpoahWZ/7mC1bHJaXJuaUZrLiRKY35oLb1S9VWGYg
         5ujdZfAaqJPS8M4AudyKtnESQXWeHS6dRdK1knM7E1JybKr4Xhqknh49Vaw0dcW/6jIi
         APZOlpkxRWOzOfZA7dae55HrPBYrvxuIBzAisCywKIRj3FgjwrhWlzRYMLzZKnkqVh27
         WkaA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1722643915; x=1723248715;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=q6p8c1OUEhv+/PTai01JOAF17KOu2jscbjKAA2ruSl0=;
        b=HKdul62VFHlmf9a1gD1W84McGF+KQ69354M61ZOE0AuBh2PUjrHCtrDEv1vsivSH/h
         L/Tn8eyp3W44N5c3/EPbhG6I2EBfcmGgtc6zqlnRvrxkF/JvlBshJGvFewrLzrx8yV/I
         A9sEnPEcnitBWUVxzVuP3FBRkTEGDRbF38Nrk04h6INQ3sTPYtgOmewUsl6qGgG+AMs1
         loB+PfWRYvthr8RkaiVWdLLSptt+7e9HUtXZZhDfTIl5iUgS+/2RgTNkTnK/cOD3DPHw
         WoxBYsHIWe2a7X1J4Rq0xzc+GCmfZNRnBSYRKzuIrR8br/geGuUNcOtGvkHGheAYZdz9
         0PdA==
X-Gm-Message-State: AOJu0YyKBrVWbc4qRmJvpBPN5oilOzHp3peRvf5v+G/6nTsPTGURtnos
	Id5GyBIY8OqnCwid6g4l+n4NZ3tN1nabovXr29t2+t2IvXw7Aj7KFBYcOQ==
X-Google-Smtp-Source: 
 AGHT+IGUqPdmbRM+YAk4qIrt5hEixupP7f3Yw9y3xvKEzl5nQ57oTjT3VEGo1sEE77TFD0xFXYDgpg==
X-Received: by 2002:a05:6102:4194:b0:492:9c55:aec5 with SMTP id
 ada2fe7eead31-4945be2278cmr6966153137.15.1722643915239;
        Fri, 02 Aug 2024 17:11:55 -0700 (PDT)
Received: from n36-183-057.byted.org ([130.44.215.84])
        by smtp.gmail.com with ESMTPSA id
 af79cd13be357-7a34f6dce75sm129547485a.14.2024.08.02.17.11.54
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 02 Aug 2024 17:11:54 -0700 (PDT)
From: Amery Hung <ameryhung@gmail.com>
X-Google-Original-From: Amery Hung <amery.hung@bytedance.com>
To: bpf@vger.kernel.org
Cc: daniel@iogearbox.net,
	andrii@kernel.org,
	alexei.starovoitov@gmail.com,
	martin.lau@kernel.org,
	sinquersw@gmail.com,
	davemarchevsky@fb.com,
	ameryhung@gmail.com,
	Amery Hung <amery.hung@bytedance.com>
Subject: [PATCH v2 bpf-next 2/4] bpf: Rename ARG_PTR_TO_KPTR ->
 ARG_KPTR_XCHG_DEST
Date: Sat,  3 Aug 2024 00:11:43 +0000
Message-Id: <20240803001145.635887-3-amery.hung@bytedance.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20240803001145.635887-1-amery.hung@bytedance.com>
References: <20240803001145.635887-1-amery.hung@bytedance.com>
Precedence: bulk
X-Mailing-List: bpf@vger.kernel.org
List-Id: <bpf.vger.kernel.org>
List-Subscribe: <mailto:bpf+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:bpf+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-Patchwork-Delegate: bpf@iogearbox.net

From: Dave Marchevsky <davemarchevsky@fb.com>

ARG_PTR_TO_KPTR is currently only used by the bpf_kptr_xchg helper.
Although it limits reg types for that helper's first arg to
PTR_TO_MAP_VALUE, any arbitrary mapval won't do: further custom
verification logic ensures that the mapval reg being xchgd-into is
pointing to a kptr field. If this is not the case, it's not safe to xchg
into that reg's pointee.

Let's rename the bpf_arg_type to more accurately describe the fairly
specific expectations that this arg type encodes.

This is a nonfunctional change.

Acked-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Dave Marchevsky <davemarchevsky@fb.com>
Signed-off-by: Amery Hung <amery.hung@bytedance.com>
---
 include/linux/bpf.h   | 2 +-
 kernel/bpf/helpers.c  | 2 +-
 kernel/bpf/verifier.c | 6 +++---
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index 7ad37cbdc815..f853e350c057 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -744,7 +744,7 @@ enum bpf_arg_type {
 	ARG_PTR_TO_STACK,	/* pointer to stack */
 	ARG_PTR_TO_CONST_STR,	/* pointer to a null terminated read-only string */
 	ARG_PTR_TO_TIMER,	/* pointer to bpf_timer */
-	ARG_PTR_TO_KPTR,	/* pointer to referenced kptr */
+	ARG_KPTR_XCHG_DEST,	/* pointer to destination that kptrs are bpf_kptr_xchg'd into */
 	ARG_PTR_TO_DYNPTR,      /* pointer to bpf_dynptr. See bpf_type_flag for dynptr type */
 	__BPF_ARG_TYPE_MAX,
 
diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
index d02ae323996b..8ecd8dc95f16 100644
--- a/kernel/bpf/helpers.c
+++ b/kernel/bpf/helpers.c
@@ -1636,7 +1636,7 @@ static const struct bpf_func_proto bpf_kptr_xchg_proto = {
 	.gpl_only     = false,
 	.ret_type     = RET_PTR_TO_BTF_ID_OR_NULL,
 	.ret_btf_id   = BPF_PTR_POISON,
-	.arg1_type    = ARG_PTR_TO_KPTR,
+	.arg1_type    = ARG_KPTR_XCHG_DEST,
 	.arg2_type    = ARG_PTR_TO_BTF_ID_OR_NULL | OBJ_RELEASE,
 	.arg2_btf_id  = BPF_PTR_POISON,
 };
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 1f5302fb0957..9f2964b13b46 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -8399,7 +8399,7 @@ static const struct bpf_reg_types func_ptr_types = { .types = { PTR_TO_FUNC } };
 static const struct bpf_reg_types stack_ptr_types = { .types = { PTR_TO_STACK } };
 static const struct bpf_reg_types const_str_ptr_types = { .types = { PTR_TO_MAP_VALUE } };
 static const struct bpf_reg_types timer_types = { .types = { PTR_TO_MAP_VALUE } };
-static const struct bpf_reg_types kptr_types = { .types = { PTR_TO_MAP_VALUE } };
+static const struct bpf_reg_types kptr_xchg_dest_types = { .types = { PTR_TO_MAP_VALUE } };
 static const struct bpf_reg_types dynptr_types = {
 	.types = {
 		PTR_TO_STACK,
@@ -8431,7 +8431,7 @@ static const struct bpf_reg_types *compatible_reg_types[__BPF_ARG_TYPE_MAX] = {
 	[ARG_PTR_TO_STACK]		= &stack_ptr_types,
 	[ARG_PTR_TO_CONST_STR]		= &const_str_ptr_types,
 	[ARG_PTR_TO_TIMER]		= &timer_types,
-	[ARG_PTR_TO_KPTR]		= &kptr_types,
+	[ARG_KPTR_XCHG_DEST]		= &kptr_xchg_dest_types,
 	[ARG_PTR_TO_DYNPTR]		= &dynptr_types,
 };
 
@@ -9031,7 +9031,7 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 arg,
 			return err;
 		break;
 	}
-	case ARG_PTR_TO_KPTR:
+	case ARG_KPTR_XCHG_DEST:
 		err = process_kptr_func(env, regno, meta);
 		if (err)
 			return err;

From patchwork Sat Aug  3 00:11:44 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Amery Hung <ameryhung@gmail.com>
X-Patchwork-Id: 13752115
X-Patchwork-Delegate: bpf@iogearbox.net
Received: from mail-qk1-f175.google.com (mail-qk1-f175.google.com
 [209.85.222.175])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0379C196
	for <bpf@vger.kernel.org>; Sat,  3 Aug 2024 00:11:56 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.222.175
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1722643921; cv=none;
 b=uTh5k3WdYtDXuh5K7r4qNFfhCX8VAjHXQ4//RxiiJvON3e+SqzXVmgS7wvhcufSpFH8ZYK/nTyFxfi0lm+SRNzriYfncZukIqN8KOiEzNH69nth/o+UBS/4Lx+gBD/UNkDCveOzub1pOoLm1KQkpWAGxP4UvyEbVmvlJ/it4X60=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1722643921; c=relaxed/simple;
	bh=9bVt2RqQHMBiLL+bNtCoVf9m2FTiqTamJTbmrLYY5Ks=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
 b=HVyVw2Bo/vZvgxXHjsGDFRNRakIz/aEo7JFs3dVMjIm47tPeeXEC+SKwXvJH9afkJdRLLu28xv0MHsH1ph7/Tr4zarVXMbSqllVMjaY/1BCUtf67aYjhHQEC7+f8M7+JcwXZtryUIiPRjHUFLo26hO0LTn7dn3x9ZI0rfFQQh1Y=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=IlR1hIw9; arc=none smtp.client-ip=209.85.222.175
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="IlR1hIw9"
Received: by mail-qk1-f175.google.com with SMTP id
 af79cd13be357-7a1e0ff6871so486984585a.2
        for <bpf@vger.kernel.org>; Fri, 02 Aug 2024 17:11:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1722643916; x=1723248716;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=kSdXUIc8I8ipGRJ21IkX+BG97y/uudEncK49JhUrZvI=;
        b=IlR1hIw96yGm7CGnDq/T/IXSLVfI1aad33S0BE1GLDJigZB8tC6/P7sRMZ/b4qJmHM
         PaM6/SETmiU8iWdPQDb9JrPjTuJ/IER4mha/xPp6RIO/ulG74iFp+hs4b47rL+oGaXdt
         tv6W9B41AFRFpRbQxenJIJQ6Jx1QG6RkC+tDv/KIrSAf7E3fBrEyNzyqRZCoi/gAePmM
         mJjvgou01td5i/2Ykk4yrj948V0hTLWqGQ0o58D4YRIjrGz7wvpnIRKLeidzQJ282Ez2
         WVxILskfKXnWBrwjrvThLPMsLOYJdsDCxCiDRXtczNjqAOp88JxUVZAwd+HWhboRT/nU
         BAFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1722643916; x=1723248716;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=kSdXUIc8I8ipGRJ21IkX+BG97y/uudEncK49JhUrZvI=;
        b=WoTjzJk2315syWZNVondKBBZ0VBsZhJzUeqi+Xj5Yk6e/vir43qckG6xG+oZpsLH1f
         wCpa3EWhMyU0SIqMnXGpmSHtF89CRJclzjmH2Wo6228LT2P+JBA4on7QIrYztXEg6mC6
         A8hI7lU30G4ppM9c+l2E3JAipbBtoS7SIH12FR4TiJw+yP2GCh/Xl41cslLTLS4DdjXW
         YUm6rQ60YGrTfhkR1H2WV6DukKiJIbPOfslC+0Y7VxYfjOjRF4/m/qNp9IZyKFM8Xy3t
         M5Fh3CQDt5P5NS+RkZ6UYlQMrxM6U977asJtAAx3o83hewvYowpFjM4WHQCuAJzWPv/I
         LdBg==
X-Gm-Message-State: AOJu0YxN0lGSSJKmdlYR2wewniYdBqCoqxZ2T0YvSS9b+jN2/wbgXAkW
	lgIKwU/Hn1UduAlIcugKBDRe01bHObHVm3DjTXFva/Xb74i8mPR4P40zGA==
X-Google-Smtp-Source: 
 AGHT+IGkIVa/kWzvCmYtUGWHHe319nOl/vY19G5SmdGUiKoivVidlHhC7arwWE9nxjUUygnT8Kk+xA==
X-Received: by 2002:a05:620a:f01:b0:79d:5c31:718c with SMTP id
 af79cd13be357-7a34ef032f5mr561246085a.27.1722643915683;
        Fri, 02 Aug 2024 17:11:55 -0700 (PDT)
Received: from n36-183-057.byted.org ([130.44.215.84])
        by smtp.gmail.com with ESMTPSA id
 af79cd13be357-7a34f6dce75sm129547485a.14.2024.08.02.17.11.55
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 02 Aug 2024 17:11:55 -0700 (PDT)
From: Amery Hung <ameryhung@gmail.com>
X-Google-Original-From: Amery Hung <amery.hung@bytedance.com>
To: bpf@vger.kernel.org
Cc: daniel@iogearbox.net,
	andrii@kernel.org,
	alexei.starovoitov@gmail.com,
	martin.lau@kernel.org,
	sinquersw@gmail.com,
	davemarchevsky@fb.com,
	ameryhung@gmail.com,
	Amery Hung <amery.hung@bytedance.com>
Subject: [PATCH v2 bpf-next 3/4] bpf: Support bpf_kptr_xchg into local kptr
Date: Sat,  3 Aug 2024 00:11:44 +0000
Message-Id: <20240803001145.635887-4-amery.hung@bytedance.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20240803001145.635887-1-amery.hung@bytedance.com>
References: <20240803001145.635887-1-amery.hung@bytedance.com>
Precedence: bulk
X-Mailing-List: bpf@vger.kernel.org
List-Id: <bpf.vger.kernel.org>
List-Subscribe: <mailto:bpf+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:bpf+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-Patchwork-Delegate: bpf@iogearbox.net

From: Dave Marchevsky <davemarchevsky@fb.com>

Currently, users can only stash kptr into map values with bpf_kptr_xchg().
This patch further supports stashing kptr into local kptr by adding local
kptr as a valid destination type.

When stashing into local kptr, btf_record in program BTF is used instead
of btf_record in map to search for the btf_field of the local kptr.

The local kptr specific checks in check_reg_type() only apply when the
source argument of bpf_kptr_xchg() is local kptr. Therefore, we make the
scope of the check explicit as the destination now can also be local kptr.

Acked-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Dave Marchevsky <davemarchevsky@fb.com>
Signed-off-by: Amery Hung <amery.hung@bytedance.com>
---
 include/uapi/linux/bpf.h |  9 ++++----
 kernel/bpf/helpers.c     |  4 ++--
 kernel/bpf/verifier.c    | 44 +++++++++++++++++++++++++++-------------
 3 files changed, 37 insertions(+), 20 deletions(-)

diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index 35bcf52dbc65..e2629457d72d 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -5519,11 +5519,12 @@ union bpf_attr {
  *		**-EOPNOTSUPP** if the hash calculation failed or **-EINVAL** if
  *		invalid arguments are passed.
  *
- * void *bpf_kptr_xchg(void *map_value, void *ptr)
+ * void *bpf_kptr_xchg(void *dst, void *ptr)
  *	Description
- *		Exchange kptr at pointer *map_value* with *ptr*, and return the
- *		old value. *ptr* can be NULL, otherwise it must be a referenced
- *		pointer which will be released when this helper is called.
+ *		Exchange kptr at pointer *dst* with *ptr*, and return the old value.
+ *		*dst* can be map value or local kptr. *ptr* can be NULL, otherwise
+ *		it must be a referenced pointer which will be released when this helper
+ *		is called.
  *	Return
  *		The old value of kptr (which can be NULL). The returned pointer
  *		if not NULL, is a reference which must be released using its
diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
index 8ecd8dc95f16..d1a39734894c 100644
--- a/kernel/bpf/helpers.c
+++ b/kernel/bpf/helpers.c
@@ -1619,9 +1619,9 @@ void bpf_wq_cancel_and_free(void *val)
 	schedule_work(&work->delete_work);
 }
 
-BPF_CALL_2(bpf_kptr_xchg, void *, map_value, void *, ptr)
+BPF_CALL_2(bpf_kptr_xchg, void *, dst, void *, ptr)
 {
-	unsigned long *kptr = map_value;
+	unsigned long *kptr = dst;
 
 	/* This helper may be inlined by verifier. */
 	return xchg(kptr, (unsigned long)ptr);
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 9f2964b13b46..5a4ca7e29272 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -7803,29 +7803,38 @@ static int process_kptr_func(struct bpf_verifier_env *env, int regno,
 			     struct bpf_call_arg_meta *meta)
 {
 	struct bpf_reg_state *regs = cur_regs(env), *reg = &regs[regno];
-	struct bpf_map *map_ptr = reg->map_ptr;
 	struct btf_field *kptr_field;
+	struct bpf_map *map_ptr;
+	struct btf_record *rec;
 	u32 kptr_off;
 
+	if (type_is_ptr_alloc_obj(reg->type)) {
+		rec = reg_btf_record(reg);
+	} else { /* PTR_TO_MAP_VALUE */
+		map_ptr = reg->map_ptr;
+		if (!map_ptr->btf) {
+			verbose(env, "map '%s' has to have BTF in order to use bpf_kptr_xchg\n",
+				map_ptr->name);
+			return -EINVAL;
+		}
+		rec = map_ptr->record;
+		meta->map_ptr = map_ptr;
+	}
+
 	if (!tnum_is_const(reg->var_off)) {
 		verbose(env,
 			"R%d doesn't have constant offset. kptr has to be at the constant offset\n",
 			regno);
 		return -EINVAL;
 	}
-	if (!map_ptr->btf) {
-		verbose(env, "map '%s' has to have BTF in order to use bpf_kptr_xchg\n",
-			map_ptr->name);
-		return -EINVAL;
-	}
-	if (!btf_record_has_field(map_ptr->record, BPF_KPTR)) {
-		verbose(env, "map '%s' has no valid kptr\n", map_ptr->name);
+
+	if (!btf_record_has_field(rec, BPF_KPTR)) {
+		verbose(env, "R%d has no valid kptr\n", regno);
 		return -EINVAL;
 	}
 
-	meta->map_ptr = map_ptr;
 	kptr_off = reg->off + reg->var_off.value;
-	kptr_field = btf_record_find(map_ptr->record, kptr_off, BPF_KPTR);
+	kptr_field = btf_record_find(rec, kptr_off, BPF_KPTR);
 	if (!kptr_field) {
 		verbose(env, "off=%d doesn't point to kptr\n", kptr_off);
 		return -EACCES;
@@ -8399,7 +8408,12 @@ static const struct bpf_reg_types func_ptr_types = { .types = { PTR_TO_FUNC } };
 static const struct bpf_reg_types stack_ptr_types = { .types = { PTR_TO_STACK } };
 static const struct bpf_reg_types const_str_ptr_types = { .types = { PTR_TO_MAP_VALUE } };
 static const struct bpf_reg_types timer_types = { .types = { PTR_TO_MAP_VALUE } };
-static const struct bpf_reg_types kptr_xchg_dest_types = { .types = { PTR_TO_MAP_VALUE } };
+static const struct bpf_reg_types kptr_xchg_dest_types = {
+	.types = {
+		PTR_TO_MAP_VALUE,
+		PTR_TO_BTF_ID | MEM_ALLOC
+	}
+};
 static const struct bpf_reg_types dynptr_types = {
 	.types = {
 		PTR_TO_STACK,
@@ -8470,7 +8484,8 @@ static int check_reg_type(struct bpf_verifier_env *env, u32 regno,
 	if (base_type(arg_type) == ARG_PTR_TO_MEM)
 		type &= ~DYNPTR_TYPE_FLAG_MASK;
 
-	if (meta->func_id == BPF_FUNC_kptr_xchg && type_is_alloc(type)) {
+	/* Local kptr types are allowed as the source argument of bpf_kptr_xchg */
+	if (meta->func_id == BPF_FUNC_kptr_xchg && type_is_alloc(type) && regno == BPF_REG_2) {
 		type &= ~MEM_ALLOC;
 		type &= ~MEM_PERCPU;
 	}
@@ -8563,7 +8578,8 @@ static int check_reg_type(struct bpf_verifier_env *env, u32 regno,
 			verbose(env, "verifier internal error: unimplemented handling of MEM_ALLOC\n");
 			return -EFAULT;
 		}
-		if (meta->func_id == BPF_FUNC_kptr_xchg) {
+		/* Check if local kptr in src arg matches kptr in dst arg */
+		if (meta->func_id == BPF_FUNC_kptr_xchg && regno == BPF_REG_2) {
 			if (map_kptr_match_type(env, meta->kptr_field, reg, regno))
 				return -EACCES;
 		}
@@ -8874,7 +8890,7 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 arg,
 		meta->release_regno = regno;
 	}
 
-	if (reg->ref_obj_id) {
+	if (reg->ref_obj_id && base_type(arg_type) != ARG_KPTR_XCHG_DEST) {
 		if (meta->ref_obj_id) {
 			verbose(env, "verifier internal error: more than one arg with ref_obj_id R%d %u %u\n",
 				regno, reg->ref_obj_id,

From patchwork Sat Aug  3 00:11:45 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Amery Hung <ameryhung@gmail.com>
X-Patchwork-Id: 13752114
X-Patchwork-Delegate: bpf@iogearbox.net
Received: from mail-qk1-f174.google.com (mail-qk1-f174.google.com
 [209.85.222.174])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8F9D6A38
	for <bpf@vger.kernel.org>; Sat,  3 Aug 2024 00:11:57 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.222.174
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1722643919; cv=none;
 b=rOp5sLtczVuT7O9EEjy3l2yvlbqYsTN190T2TT0NQXCKmDUAjXZKKhke6HUwKceyf21xrs0PGXrLjWQF4rBtEQsRdabdpqGINhBFRcNTO6boOWpzTPqmoTj15nVtS9dftAwODYeIA6T1SOA14qF2SFuZY4tM+qN4HhC1oPudnGM=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1722643919; c=relaxed/simple;
	bh=MytIW0EfcJm0EY4fnT1r9NWRNtDkk7a+9lmCKlPpmpQ=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
 b=mu07mnRZMzlnpFHalT/IQCIJQJPwqZGaZzIvFpPTXsaSB9QlUkCs/ZJNmo07ybVtZsttN0ZEJycN0vSBs3Dv7Q514KiLT8yAASmvtjewuHXjDjp+ugjjF8m4mpSeXVxJiCq8HdTqCyQbR4nNnM0RMLTly6JpEp74vZh3YFaSvNs=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com;
 spf=pass smtp.mailfrom=gmail.com;
 dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b=mCVemhxU; arc=none smtp.client-ip=209.85.222.174
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=gmail.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="mCVemhxU"
Received: by mail-qk1-f174.google.com with SMTP id
 af79cd13be357-7a1d7a544e7so606078185a.3
        for <bpf@vger.kernel.org>; Fri, 02 Aug 2024 17:11:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1722643916; x=1723248716;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=B/uGpvjs4w6ueVhZqp6hGmGif+6oj2nco4CtEHR1FOE=;
        b=mCVemhxUkBe2n843zEP4LnQ1VGkHQILyfFCABjx2hcdE4MFwI7zpKagRmAQP5zOoZO
         iRHzewgryiP0YaKG7VkALgU23LhRCcB8hwJ7JbzrhEtwfZfVWOeQgg/6xWU/3/5Ce69w
         kH8KxN0CgkX0BUl0s8GO21nrDDl1X2ZvknEPaDqF/Z5PBzwebnN5ti0//0T+37W4PExL
         KQ4u7hHkKLl6C6UTHqjKm8rjfwEL+1EQTYn24bZ85jpCzFiAP+J5JyqA2rfYmPmvwqcr
         z2JQpkzkiwCgji9aR6BiH/9De/eAcm4AQAgxrORGrSMQxhOrxkiiyPB9zPk5ivJ/zeFn
         Coig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1722643916; x=1723248716;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=B/uGpvjs4w6ueVhZqp6hGmGif+6oj2nco4CtEHR1FOE=;
        b=FOYa6wnAmBJiqvdDzzTCfVCEUHL6jaZoSb8K32eDUW3eZkWXl0HPVHUHO0KE/DSsYk
         58M/Tb3miMfBrKZ4LPtj3iKPbh+dPgmW5V9uLo1pQahUYGYYI2yjebqijWE0wnrYrixM
         ncPxz97rkMGClU4TuSc+xjgbcwtyeXNKvQ/zNZZcJrNh70LgKMIPDZTD5QzocHdCsPn5
         b3bHhgDsmzGB1IMzsFZHQYlWAAlVdGibm7AiGMBYGL6HQ5L+/6dMtTOBV/6ZeMMEFH3L
         9ovlbGEgOO+VACyC4rrD2r3wOd0onBBfTHe3klc9ynaJQfzAqlQHy7DcbVTbPdCAcilz
         9aCA==
X-Gm-Message-State: AOJu0YzosQkERBmNYcYihVLfJqQScbpgDpp1q7uUzMIqxwwgixzkQQsq
	mO7/HdL6xybJrg6IjeTe58gWF0MQcbgFPZjuOMlWJYAGsdXlJz6Ci6aKSA==
X-Google-Smtp-Source: 
 AGHT+IGUHqNgTOEcAbmmjW61azOFBfqcnokipcpIwCLRPKRIfysgJ5IoWyhVBtsrMAw/s9FD+HeEaA==
X-Received: by 2002:a05:620a:2909:b0:7a1:dfe4:5708 with SMTP id
 af79cd13be357-7a34ef027c1mr599191785a.16.1722643916254;
        Fri, 02 Aug 2024 17:11:56 -0700 (PDT)
Received: from n36-183-057.byted.org ([130.44.215.84])
        by smtp.gmail.com with ESMTPSA id
 af79cd13be357-7a34f6dce75sm129547485a.14.2024.08.02.17.11.55
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 02 Aug 2024 17:11:55 -0700 (PDT)
From: Amery Hung <ameryhung@gmail.com>
X-Google-Original-From: Amery Hung <amery.hung@bytedance.com>
To: bpf@vger.kernel.org
Cc: daniel@iogearbox.net,
	andrii@kernel.org,
	alexei.starovoitov@gmail.com,
	martin.lau@kernel.org,
	sinquersw@gmail.com,
	davemarchevsky@fb.com,
	ameryhung@gmail.com,
	Amery Hung <amery.hung@bytedance.com>
Subject: [PATCH v2 bpf-next 4/4] selftests/bpf: Test bpf_kptr_xchg stashing
 into local kptr
Date: Sat,  3 Aug 2024 00:11:45 +0000
Message-Id: <20240803001145.635887-5-amery.hung@bytedance.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20240803001145.635887-1-amery.hung@bytedance.com>
References: <20240803001145.635887-1-amery.hung@bytedance.com>
Precedence: bulk
X-Mailing-List: bpf@vger.kernel.org
List-Id: <bpf.vger.kernel.org>
List-Subscribe: <mailto:bpf+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:bpf+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
X-Patchwork-Delegate: bpf@iogearbox.net

From: Dave Marchevsky <davemarchevsky@fb.com>

Test stashing a referenced kptr in to a local kptr.

Acked-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Dave Marchevsky <davemarchevsky@fb.com>
Signed-off-by: Amery Hung <amery.hung@bytedance.com>
---
 .../selftests/bpf/progs/local_kptr_stash.c    | 22 +++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/tools/testing/selftests/bpf/progs/local_kptr_stash.c b/tools/testing/selftests/bpf/progs/local_kptr_stash.c
index 75043ffc5dad..a0d784e8a05b 100644
--- a/tools/testing/selftests/bpf/progs/local_kptr_stash.c
+++ b/tools/testing/selftests/bpf/progs/local_kptr_stash.c
@@ -11,6 +11,7 @@
 struct node_data {
 	long key;
 	long data;
+	struct prog_test_ref_kfunc __kptr *stashed_in_node;
 	struct bpf_rb_node node;
 };
 
@@ -85,18 +86,35 @@ static bool less(struct bpf_rb_node *a, const struct bpf_rb_node *b)
 
 static int create_and_stash(int idx, int val)
 {
+	struct prog_test_ref_kfunc *inner;
 	struct map_value *mapval;
 	struct node_data *res;
+	unsigned long dummy;
 
 	mapval = bpf_map_lookup_elem(&some_nodes, &idx);
 	if (!mapval)
 		return 1;
 
+	dummy = 0;
+	inner = bpf_kfunc_call_test_acquire(&dummy);
+	if (!inner)
+		return 2;
+
 	res = bpf_obj_new(typeof(*res));
-	if (!res)
-		return 1;
+	if (!res) {
+		bpf_kfunc_call_test_release(inner);
+		return 3;
+	}
 	res->key = val;
 
+	inner = bpf_kptr_xchg(&res->stashed_in_node, inner);
+	if (inner) {
+		/* Should never happen, we just obj_new'd res */
+		bpf_kfunc_call_test_release(inner);
+		bpf_obj_drop(res);
+		return 4;
+	}
+
 	res = bpf_kptr_xchg(&mapval->node, res);
 	if (res)
 		bpf_obj_drop(res);