From patchwork Tue Dec 10 04:10:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eduard Zingerman X-Patchwork-Id: 13900841 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2D0FE13635E for ; Tue, 10 Dec 2024 04:11:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.171 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733803876; cv=none; b=Rk2hJ5egq8p7mUhK2OopfaVFVPTtwmBEKcOZeuL8yndgla28OREKUVkq1BtPdDNKNvhXRz4LNfHK7XFWvRXV2+c1vSvEHEIlm16/eLV/DYlgyngV3zzR+Ic8F5hJ3ZPS3DO7xktxgByDahHh61IbAEthj53fyVMF9YSV3FMjeQs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733803876; c=relaxed/simple; bh=TlC1hQwWMq+Mk+iKtgbwNYHf3xze7SGO+PXOV4DIyIo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Gkm76pbhOQPtn93Nn1hOyoiXfw5X7ogDHEf20Ywm2sp7TvEFcMNRUeUxaBV9zsb7qgohN/KfTWiK2yAlpeNATdRo9Y8WkZnk4biZRmQ0F7LVwCud3BMfo2vLZJMflxGQHR2GFTieymCclSho0FeD8GHQkiq7Vyp2gmVVV1Slfqk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=lDYNSHG2; arc=none smtp.client-ip=209.85.214.171 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="lDYNSHG2" Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-2163bd70069so20329405ad.0 for ; Mon, 09 Dec 2024 20:11:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733803874; x=1734408674; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=wCeClI9N6IGYROGb0Jn7lpSIINKCLvjsqLrZAWgTIeU=; b=lDYNSHG25MnNuPePchaFV7AhDQEo3eTsKsGgTNxHV3sywU5F5ax5yKDknYkUzPG1gP MaLr+dHSPjopTXAIasy0tWoOWazRauAahpcOh0C96Ebfg99hjcBLorVH2byC8jTP6tl9 Lv9+Jtzb37Yb/nMe8z/3olwuvA0+vkcc9rVz1z9WJ8BxVbEL2oyTz/iKcGnlt9/7h4V9 JPBCah8Oeqq9OMtMbru8J7zY4FtPq1wGbhYjGM+i2WWBx4pPh6+BB7zJ/nyYoiANt1Ic +Tz/UXJGBxdHifck30UtgZi1dXC+W2ZZ/B67JBdC97QDtrO/Z8Pg0fvT19hKdJj6tX1j iPTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733803874; x=1734408674; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=wCeClI9N6IGYROGb0Jn7lpSIINKCLvjsqLrZAWgTIeU=; b=XGF7fI94x2D8O3ATyTLu1bMk+a+oM2XmT6zF//2eqqpUEjSdTKB1523hhUETqMIo8G bOOTJRWOdoBrosTLOjnQCS5+cf0wi2TtMOzy470EuQ1VTs4aJltBvwIxuGKLWSFaj812 wkTjr4MvtmZ+4fwKOnXaVZ5Ntn5/qZRu8Yzfv8/97TziDuHN+sw8kWvH6KFt8GXHbu2c ci7gvEp+NrE9J+RnqHiLgSWZjwG3b601PHRXbKP+CM0m2tnQ8JdqGRWn0/Gt7X2bwauI C2somYk6pCxVJTZzmFmsULItvaSRaSJ2T3giLRiEPDxHXne/tAOEAKAmlmMwxpN0dDJF 35Hg== X-Gm-Message-State: AOJu0Yw1QFFl6up/OBIHSAXmpMFnyMnsgIRFAugyER58Zlq+zkf99nBV FNSiNCcnJWiLS/uktFCMZsbsNWkdE1RnpBb9/9XhZ8vrL6+SIYiF4us1fg== X-Gm-Gg: ASbGncuX8Q04PLaNGtfU+JcbxjMzuDOEobnKlOTWvUtsHDdCbqeYXgFkCEHPs/cj333 LR4E+RN1kdhNmKEDygflHR8/oRG119gsbe4f1JgkQvuwFFYJz0dFYMtA12vyV9iF2KD8vw6GWnO /E9I3g/AeCJ5TIw9RIuTMENxMqqfZzBmWMDjVoO6rHuP8D3lwnVSXsprARPbMRKwhGTqv5etvd2 BLb5ArmF8PDL78ir+mZbByVehBMiFF2a7WaHJqmIFY1mnl5Pg== X-Google-Smtp-Source: AGHT+IGuPbJdR3X3sCHtYaOxvjUKrboEu7GV+BLb7uA+Vr87gy1ztVCF2XHxUaD15/TbD6of7mBNww== X-Received: by 2002:a17:902:f552:b0:215:a412:4f12 with SMTP id d9443c01a7336-2166a01661bmr35043895ad.33.1733803874157; Mon, 09 Dec 2024 20:11:14 -0800 (PST) Received: from honey-badger.. ([38.34.87.7]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-21631d6b3b8sm44296265ad.136.2024.12.09.20.11.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Dec 2024 20:11:13 -0800 (PST) From: Eduard Zingerman To: bpf@vger.kernel.org, ast@kernel.org Cc: andrii@kernel.org, daniel@iogearbox.net, martin.lau@linux.dev, kernel-team@fb.com, yonghong.song@linux.dev, mejedi@gmail.com, Eduard Zingerman Subject: [PATCH bpf v2 1/8] bpf: add find_containing_subprog() utility function Date: Mon, 9 Dec 2024 20:10:53 -0800 Message-ID: <20241210041100.1898468-2-eddyz87@gmail.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241210041100.1898468-1-eddyz87@gmail.com> References: <20241210041100.1898468-1-eddyz87@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net Add a utility function, looking for a subprogram containing a given instruction index, rewrite find_subprog() to use this function. Signed-off-by: Eduard Zingerman --- kernel/bpf/verifier.c | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 01fbef9576e0..277c1892bb9a 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -2597,16 +2597,36 @@ static int cmp_subprogs(const void *a, const void *b) ((struct bpf_subprog_info *)b)->start; } +/* Find subprogram that contains instruction at 'off' */ +static struct bpf_subprog_info *find_containing_subprog(struct bpf_verifier_env *env, int off) +{ + struct bpf_subprog_info *vals = env->subprog_info; + int l, r, m; + + if (off >= env->prog->len || off < 0 || env->subprog_cnt == 0) + return NULL; + + l = 0; + r = env->subprog_cnt - 1; + while (l < r) { + m = l + (r - l + 1) / 2; + if (vals[m].start <= off) + l = m; + else + r = m - 1; + } + return &vals[l]; +} + +/* Find subprogram that starts exactly at 'off' */ static int find_subprog(struct bpf_verifier_env *env, int off) { struct bpf_subprog_info *p; - p = bsearch(&off, env->subprog_info, env->subprog_cnt, - sizeof(env->subprog_info[0]), cmp_subprogs); - if (!p) + p = find_containing_subprog(env, off); + if (!p || p->start != off) return -ENOENT; return p - env->subprog_info; - } static int add_subprog(struct bpf_verifier_env *env, int off) From patchwork Tue Dec 10 04:10:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eduard Zingerman X-Patchwork-Id: 13900842 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 444592248B3 for ; Tue, 10 Dec 2024 04:11:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733803877; cv=none; b=rDBhAmN0fdsmwMWYPfTv3fqtZAxfjTHBsv4H4FstkAzYnqJCQSgTEP24f9e2/Qqdy9sam8a95x25GpebFTgmFfFgRsDlukKi0sxtdKay595UZHaQiCOMFKOyp5G0T6zR1HBUBqvnSRg8aCp5JYY0OfI9+2fdXU03yJiWiO5StsM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733803877; c=relaxed/simple; bh=a9a5bDwU6ShIZlOC+79WCuNVJCFXLQBDM/WxaKA1E5M=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ot0shQDLLtmKKaCvKgfXqKL7rnFF/HatIG6cpY15Hes1M6P+GUQEd9/hy5UXyyElq8SAN+7EHRBPsaWsKzmkC+LsFAxAt+9yjsLmx4MwgGshmttkkhgiFZuctmaZbcwOYI6/qQxoaaQ0liDEgWu2JVGl93rPn5U6vkiZou38Sas= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=H5oTZDTU; arc=none smtp.client-ip=209.85.214.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="H5oTZDTU" Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-2166f1e589cso6795045ad.3 for ; Mon, 09 Dec 2024 20:11:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733803875; x=1734408675; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=aF6MVln4LC9hUMsccdpl2mvsSb4BSYKAburlVkwvkJQ=; b=H5oTZDTUXOTx3M/0IVucOHOKRZWM1KORhOGRltdt/ek6saByXVcJvPeji/8kGoYqw5 mYAIMyaysSOBHV9Elap2YHYChi+nDxvPsNCcV/gjTcyDlZ5tETKO2f6mx0t+xgzMiU4c 9WRansBRHIupkIUhdzMQOB3iYFY0rJ/Ns54RwedRYWlFNjF89QfEdiYZ8q8h7CuntLtR CU1K40wBX0y5JfOMli/8xXo5TVdYACwEvc5mI/KcPErH41OIFJgjmHDudOYHOOTGnodK CiRoP0Y5hmlmC4na3KuIGMoF6612zaqCwQGwK8ODhMpEjHdJG6Pqnf+Nz+BLDkkNx2Sw KIFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733803875; x=1734408675; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=aF6MVln4LC9hUMsccdpl2mvsSb4BSYKAburlVkwvkJQ=; b=wvvrgz8zm6vtOZHKgAKzpl53Ik7b6aNQHTQ623U8EwOxzdqalfwCfjKAnZf41oA9Jd mMa98qG30Lb2NfSNnSwsy6B2Fdd8YVsSbbDL7G34PAcYTl/gHwfJYt9d/fYGpAaTjuRT LVlAuk8WPfDBB38TbnDUpbGQ0+MWF67PksxXgb4wd5KZhwKcm/sQglEteGCj5bGJu3km o8IU1uQyt9W8+qDXCc8h1AsgEHlvYGE3DFC4GoLqz5QGwUGVe22DIJ3IVban7qWCZ+/x vgZYXqVPeRkbRyL7ESciMFdoh1PD8kPN3Ozqwgxrm3ztG0qs1MyZxwXODil18DyjLL9j kYZA== X-Gm-Message-State: AOJu0YxGJLPq64+VuSQcJdCPUXru4Fk5/bpZCVm3eTqRDnQc+nfmGgkh qi3ekoWGlsGrkW8I9bnIoxPtrRCRaN0YyeCRx3ePQmsigX5mUoF/MPS0pw== X-Gm-Gg: ASbGnctvAXO0wMtzi99PQ8R8uxg8iLbdWULNgR3IQPj7xh84+yFB1OGiZE6SnHSiog5 AWc6KOcK7moVvDL9jWkKifOF7Nq9F6EAsxOiJUhkKQUkfHUe3L6XEtAzjHjrU2WQ44dVVll8IMa WQ8LdJKHyRYpIhuldvnPalRAkMOX+tRg1xV/+5qdqDeQJpPquXubAEbmdHeoB8dsTuAZ5UQ9Ljj CVbu3B9lUOJ5Cs9DgFwhFLUJZHdugJ2TXCxZYb6Pt7ZMBpASQ== X-Google-Smtp-Source: AGHT+IEB23VYOpDKLG7g1xmwR+pEpqAmiQxzNr3Pdm01XXnc8+KEdkB47MsvNy0KAWc4gPdwgHR5cg== X-Received: by 2002:a17:902:f60c:b0:215:75a5:f72b with SMTP id d9443c01a7336-2166a0ba37emr49888855ad.53.1733803875203; Mon, 09 Dec 2024 20:11:15 -0800 (PST) Received: from honey-badger.. ([38.34.87.7]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-21631d6b3b8sm44296265ad.136.2024.12.09.20.11.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Dec 2024 20:11:14 -0800 (PST) From: Eduard Zingerman To: bpf@vger.kernel.org, ast@kernel.org Cc: andrii@kernel.org, daniel@iogearbox.net, martin.lau@linux.dev, kernel-team@fb.com, yonghong.song@linux.dev, mejedi@gmail.com, Eduard Zingerman Subject: [PATCH bpf v2 2/8] bpf: refactor bpf_helper_changes_pkt_data to use helper number Date: Mon, 9 Dec 2024 20:10:54 -0800 Message-ID: <20241210041100.1898468-3-eddyz87@gmail.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241210041100.1898468-1-eddyz87@gmail.com> References: <20241210041100.1898468-1-eddyz87@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net Use BPF helper number instead of function pointer in bpf_helper_changes_pkt_data(). This would simplify usage of this function in verifier.c:check_cfg() (in a follow-up patch), where only helper number is easily available and there is no real need to lookup helper proto. Signed-off-by: Eduard Zingerman --- include/linux/filter.h | 2 +- kernel/bpf/core.c | 2 +- kernel/bpf/verifier.c | 2 +- net/core/filter.c | 63 +++++++++++++++++++----------------------- 4 files changed, 31 insertions(+), 38 deletions(-) diff --git a/include/linux/filter.h b/include/linux/filter.h index 3a21947f2fd4..0477254bc2d3 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h @@ -1122,7 +1122,7 @@ bool bpf_jit_supports_insn(struct bpf_insn *insn, bool in_arena); bool bpf_jit_supports_private_stack(void); u64 bpf_arch_uaddress_limit(void); void arch_bpf_stack_walk(bool (*consume_fn)(void *cookie, u64 ip, u64 sp, u64 bp), void *cookie); -bool bpf_helper_changes_pkt_data(void *func); +bool bpf_helper_changes_pkt_data(enum bpf_func_id func_id); static inline bool bpf_dump_raw_ok(const struct cred *cred) { diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c index a2327c4fdc8b..6fa8041d4831 100644 --- a/kernel/bpf/core.c +++ b/kernel/bpf/core.c @@ -2936,7 +2936,7 @@ void __weak bpf_jit_compile(struct bpf_prog *prog) { } -bool __weak bpf_helper_changes_pkt_data(void *func) +bool __weak bpf_helper_changes_pkt_data(enum bpf_func_id func_id) { return false; } diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 277c1892bb9a..ad3f6d28e8e4 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -10728,7 +10728,7 @@ static int check_helper_call(struct bpf_verifier_env *env, struct bpf_insn *insn } /* With LD_ABS/IND some JITs save/restore skb from r1. */ - changes_data = bpf_helper_changes_pkt_data(fn->func); + changes_data = bpf_helper_changes_pkt_data(func_id); if (changes_data && fn->arg1_type != ARG_PTR_TO_CTX) { verbose(env, "kernel subsystem misconfigured func %s#%d: r1 != ctx\n", func_id_name(func_id), func_id); diff --git a/net/core/filter.c b/net/core/filter.c index 6625b3f563a4..efb75eed2e35 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -7899,42 +7899,35 @@ static const struct bpf_func_proto bpf_tcp_raw_check_syncookie_ipv6_proto = { #endif /* CONFIG_INET */ -bool bpf_helper_changes_pkt_data(void *func) -{ - if (func == bpf_skb_vlan_push || - func == bpf_skb_vlan_pop || - func == bpf_skb_store_bytes || - func == bpf_skb_change_proto || - func == bpf_skb_change_head || - func == sk_skb_change_head || - func == bpf_skb_change_tail || - func == sk_skb_change_tail || - func == bpf_skb_adjust_room || - func == sk_skb_adjust_room || - func == bpf_skb_pull_data || - func == sk_skb_pull_data || - func == bpf_clone_redirect || - func == bpf_l3_csum_replace || - func == bpf_l4_csum_replace || - func == bpf_xdp_adjust_head || - func == bpf_xdp_adjust_meta || - func == bpf_msg_pull_data || - func == bpf_msg_push_data || - func == bpf_msg_pop_data || - func == bpf_xdp_adjust_tail || -#if IS_ENABLED(CONFIG_IPV6_SEG6_BPF) - func == bpf_lwt_seg6_store_bytes || - func == bpf_lwt_seg6_adjust_srh || - func == bpf_lwt_seg6_action || -#endif -#ifdef CONFIG_INET - func == bpf_sock_ops_store_hdr_opt || -#endif - func == bpf_lwt_in_push_encap || - func == bpf_lwt_xmit_push_encap) +bool bpf_helper_changes_pkt_data(enum bpf_func_id func_id) +{ + switch (func_id) { + case BPF_FUNC_clone_redirect: + case BPF_FUNC_l3_csum_replace: + case BPF_FUNC_l4_csum_replace: + case BPF_FUNC_lwt_push_encap: + case BPF_FUNC_lwt_seg6_action: + case BPF_FUNC_lwt_seg6_adjust_srh: + case BPF_FUNC_lwt_seg6_store_bytes: + case BPF_FUNC_msg_pop_data: + case BPF_FUNC_msg_pull_data: + case BPF_FUNC_msg_push_data: + case BPF_FUNC_skb_adjust_room: + case BPF_FUNC_skb_change_head: + case BPF_FUNC_skb_change_proto: + case BPF_FUNC_skb_change_tail: + case BPF_FUNC_skb_pull_data: + case BPF_FUNC_skb_store_bytes: + case BPF_FUNC_skb_vlan_pop: + case BPF_FUNC_skb_vlan_push: + case BPF_FUNC_store_hdr_opt: + case BPF_FUNC_xdp_adjust_head: + case BPF_FUNC_xdp_adjust_meta: + case BPF_FUNC_xdp_adjust_tail: return true; - - return false; + default: + return false; + } } const struct bpf_func_proto bpf_event_output_data_proto __weak; From patchwork Tue Dec 10 04:10:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eduard Zingerman X-Patchwork-Id: 13900843 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 203B0224AEB for ; Tue, 10 Dec 2024 04:11:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733803878; cv=none; b=PYJNFh+C0QYzZh0Q3xu31OCyMc4sxhuiqTgkM/Yf444EwdYRVQMwqhSN6K+/w6VO8yjlQIbEwogpXInkaU2tSNAAYzxsukK3BmpnFkdQFm5fUvDhiLk5Fe6T4fA5t61btA6IACOpIXvVPAaoG32XN45n83/+IlqwgsiJj7oewh8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733803878; c=relaxed/simple; bh=S8eLAcahG6C9uX/tSZrTGXoNB55Ezb7Y4u/tRY6NGWs=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=MZlIv+ieZmjwfoQ1+4/s4BLwbHfQY0/9zF/n9wh35rPvo/Oj1waG4febm0jL6DgwaShUVCdG2GH0SiAeC5ugEyDn4vVusJ6YvvYOdg/TbeGo0+bSRMDPDMqI/SQQh+1KrhE5RPrUW0eaH0W0zB//0Qvwl2EreeQWQWU4NWdi0DQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=DB5/0pxc; arc=none smtp.client-ip=209.85.214.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="DB5/0pxc" Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-21654fdd5daso14752185ad.1 for ; Mon, 09 Dec 2024 20:11:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733803876; x=1734408676; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=h83A3P54g6xxUOUZa1brscRPZaqWdc3qDXjky3riX5U=; b=DB5/0pxc9hK7rsRMGnao3ETshxxx9TOWP4UiPZfzHNAeQgN+TynsgPGd4ExSrJIn/k FF+l+CUIybFwQBglZvvC7sElg5K+ghRLz+XVf1eQP00MVddnOhy70wY5C9t9m6GindpM n2x4Q6Cng3UPPcgI20AfLyaMWtbkkJV42HLEFCVm0tsVvY6GAMVSOSM95Skim/OFx+w5 CXg5/qpwaWJ3UlHSRI26LP2+hV1N89i5JhnGtP3HcHaWaikEJw9YA5TUwX7klFHv9Ztu fXaFbusn2Hdw51aR+j7dAKuGjqL2R6HRVokrLPTbBoRGlcdir3QpFRPD7ZpboCnBTyb4 /l7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733803876; x=1734408676; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=h83A3P54g6xxUOUZa1brscRPZaqWdc3qDXjky3riX5U=; b=EqXUPhiOTNgfNN6kzykfj2PTuYBee0tNhXnEo7WZMOqEby+E59kTNCbgalrbzavflG kBuW8yI7b2373s6ZgmIjUVHte4cDxVExsOfTX1qTzXATri8R/k3Bad8zvHPkMWbzIOfh 5Be0PvFtFtjMPRtyeXBo5BxrvHTQ2P8iZ/Cl4c+CNPu1RMhCRutmSAgRwQKXqBN7MDh9 tI40OD1GU02puXLUVNRzzmhM3emRrd1VUi7F0lkYg/l6FlURuFInucTdJRBR5LxO2QOl rQ7OguqDTltcA0YidqILPiEbDlKPluuMlyn5W9lKw8DbHVW95mUyR2Yp1w1HlAgQQuVh 3bWA== X-Gm-Message-State: AOJu0YzZaTL8t8TIyQqN72GqPGrx5p4Kjxe0YizsaoJoUbOXrmSK/PDf scNeMqzPFKFDlgoUxOMSAzvMjpx85dD8rRON/IQRym2lN1xKl3P1o0mjjw== X-Gm-Gg: ASbGncunQUgBMWPNAMNLimWRDn57rRGXyFV+q5OJeg1q2uhne9eNILxUgpeNdmhFp8H bwZvKzbSUlDa32S1noricRiAZnnzGtGpuPWue76xMyiL67QcWNrJ38kt1AVi/lpeANn3NK50geS UZFdxIQp4fD2JGp8CtTYymWpcXkbUJa7XNnpYR1q2Z8D3RqqKwqMZxw0F6c4hqCvH4LdIK+L4Vn kAxxyiYw6cJC55PDgeLjt4kKsIp2lmVTdm6LB51l7qFJt0n2A== X-Google-Smtp-Source: AGHT+IEceikijZevBKgmuX7BAepzD4rtW8xGpbgkYxlWBKPMGm7+4yLjvh9tg7FP7aHMyXeK8oDrfQ== X-Received: by 2002:a17:903:2305:b0:216:3eaf:3781 with SMTP id d9443c01a7336-2163eaf3fa4mr121466805ad.43.1733803876114; Mon, 09 Dec 2024 20:11:16 -0800 (PST) Received: from honey-badger.. ([38.34.87.7]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-21631d6b3b8sm44296265ad.136.2024.12.09.20.11.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Dec 2024 20:11:15 -0800 (PST) From: Eduard Zingerman To: bpf@vger.kernel.org, ast@kernel.org Cc: andrii@kernel.org, daniel@iogearbox.net, martin.lau@linux.dev, kernel-team@fb.com, yonghong.song@linux.dev, mejedi@gmail.com, Eduard Zingerman Subject: [PATCH bpf v2 3/8] bpf: track changes_pkt_data property for global functions Date: Mon, 9 Dec 2024 20:10:55 -0800 Message-ID: <20241210041100.1898468-4-eddyz87@gmail.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241210041100.1898468-1-eddyz87@gmail.com> References: <20241210041100.1898468-1-eddyz87@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net When processing calls to certain helpers, verifier invalidates all packet pointers in a current state. For example, consider the following program: __attribute__((__noinline__)) long skb_pull_data(struct __sk_buff *sk, __u32 len) { return bpf_skb_pull_data(sk, len); } SEC("tc") int test_invalidate_checks(struct __sk_buff *sk) { int *p = (void *)(long)sk->data; if ((void *)(p + 1) > (void *)(long)sk->data_end) return TCX_DROP; skb_pull_data(sk, 0); *p = 42; return TCX_PASS; } After a call to bpf_skb_pull_data() the pointer 'p' can't be used safely. See function filter.c:bpf_helper_changes_pkt_data() for a list of such helpers. At the moment verifier invalidates packet pointers when processing helper function calls, and does not traverse global sub-programs when processing calls to global sub-programs. This means that calls to helpers done from global sub-programs do not invalidate pointers in the caller state. E.g. the program above is unsafe, but is not rejected by verifier. This commit fixes the omission by computing field bpf_subprog_info->changes_pkt_data for each sub-program before main verification pass. changes_pkt_data should be set if: - subprogram calls helper for which bpf_helper_changes_pkt_data returns true; - subprogram calls a global function, for which bpf_subprog_info->changes_pkt_data should be set. The verifier.c:check_cfg() pass is modified to compute this information. The commit relies on depth first instruction traversal done by check_cfg() and absence of recursive function calls: - check_cfg() would eventually visit every call to subprogram S in a state when S is fully explored; - when S is fully explored: - every direct helper call within S is explored (and thus changes_pkt_data is set if needed); - every call to subprogram S1 called by S was visited with S1 fully explored (and thus S inherits changes_pkt_data from S1). The downside of such approach is that dead code elimination is not taken into account: if a helper call inside global function is dead because of current configuration, verifier would conservatively assume that the call occurs for the purpose of the changes_pkt_data computation. Reported-by: Nick Zavaritsky Closes: https://lore.kernel.org/bpf/0498CA22-5779-4767-9C0C-A9515CEA711F@gmail.com/ Signed-off-by: Eduard Zingerman --- include/linux/bpf_verifier.h | 1 + kernel/bpf/verifier.c | 32 +++++++++++++++++++++++++++++++- 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h index f4290c179bee..48b7b2eeb7e2 100644 --- a/include/linux/bpf_verifier.h +++ b/include/linux/bpf_verifier.h @@ -659,6 +659,7 @@ struct bpf_subprog_info { bool args_cached: 1; /* true if bpf_fastcall stack region is used by functions that can't be inlined */ bool keep_fastcall_stack: 1; + bool changes_pkt_data: 1; enum priv_stack_mode priv_stack_mode; u8 arg_cnt; diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index ad3f6d28e8e4..6a29b68cebd6 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -10042,6 +10042,8 @@ static int check_func_call(struct bpf_verifier_env *env, struct bpf_insn *insn, verbose(env, "Func#%d ('%s') is global and assumed valid.\n", subprog, sub_name); + if (env->subprog_info[subprog].changes_pkt_data) + clear_all_pkt_pointers(env); /* mark global subprog for verifying after main prog */ subprog_aux(env, subprog)->called = true; clear_caller_saved_regs(env, caller->regs); @@ -16246,6 +16248,29 @@ static int check_return_code(struct bpf_verifier_env *env, int regno, const char return 0; } +static void mark_subprog_changes_pkt_data(struct bpf_verifier_env *env, int off) +{ + struct bpf_subprog_info *subprog; + + subprog = find_containing_subprog(env, off); + subprog->changes_pkt_data = true; +} + +/* 't' is an index of a call-site. + * 'w' is a callee entry point. + * Eventually this function would be called when env->cfg.insn_state[w] == EXPLORED. + * Rely on DFS traversal order and absence of recursive calls to guarantee that + * callee's change_pkt_data marks would be correct at that moment. + */ +static void merge_callee_effects(struct bpf_verifier_env *env, int t, int w) +{ + struct bpf_subprog_info *caller, *callee; + + caller = find_containing_subprog(env, t); + callee = find_containing_subprog(env, w); + caller->changes_pkt_data |= callee->changes_pkt_data; +} + /* non-recursive DFS pseudo code * 1 procedure DFS-iterative(G,v): * 2 label v as discovered @@ -16379,6 +16404,7 @@ static int visit_func_call_insn(int t, struct bpf_insn *insns, bool visit_callee) { int ret, insn_sz; + int w; insn_sz = bpf_is_ldimm64(&insns[t]) ? 2 : 1; ret = push_insn(t, t + insn_sz, FALLTHROUGH, env); @@ -16390,8 +16416,10 @@ static int visit_func_call_insn(int t, struct bpf_insn *insns, mark_jmp_point(env, t + insn_sz); if (visit_callee) { + w = t + insns[t].imm + 1; mark_prune_point(env, t); - ret = push_insn(t, t + insns[t].imm + 1, BRANCH, env); + merge_callee_effects(env, t, w); + ret = push_insn(t, w, BRANCH, env); } return ret; } @@ -16708,6 +16736,8 @@ static int visit_insn(int t, struct bpf_verifier_env *env) mark_prune_point(env, t); mark_jmp_point(env, t); } + if (bpf_helper_call(insn) && bpf_helper_changes_pkt_data(insn->imm)) + mark_subprog_changes_pkt_data(env, t); if (insn->src_reg == BPF_PSEUDO_KFUNC_CALL) { struct bpf_kfunc_call_arg_meta meta; From patchwork Tue Dec 10 04:10:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eduard Zingerman X-Patchwork-Id: 13900844 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E8A3C22578E for ; Tue, 10 Dec 2024 04:11:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733803879; cv=none; b=O2gGxUp+yzrmAEgRsUV33h94BB6CyPW2ENNpf4PhsrPBjZJsAUDvGVdAODs144JHlER/Scb6h5Qa7hok3PYWzDmBLjNtMM+Vwzbjy1b2p+dIpLl0v4uhn6rcZZMB2zMMRc4hHdzeHer6xcNrHGqh+gyFZeQ5dB0EtqZ6COwPXSc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733803879; c=relaxed/simple; bh=lW4mQ58JGfw7JGH8bL/drjsNfSgfvzBEqWD7FVkfokg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=PpouwxZDe2GSaXzUXHE8hetNy7jGt8ibttrhTvYDsj3eT5W4+zv16fI31j4s2RXNL6mqV+Nbl9Sugk62QJwqzqnHAeAMuIKQq4LEupv5C/JO+c5ZHeUGa9o5SQorhOAaoVj9dkvbxsUI3DaVGsISaUUlsOHkECiZ0sl7BanbPE4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Jlfgo4Jv; arc=none smtp.client-ip=209.85.214.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Jlfgo4Jv" Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-216401de828so17383365ad.3 for ; Mon, 09 Dec 2024 20:11:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733803877; x=1734408677; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4VTXn9EJbSSdNCqgtyoG6wj3OIgIOOdlJuFJ/UTprec=; b=Jlfgo4JvXjnCpiYY8K6/U8q8P36jf60QiKHvG9PXVl4yIawO5jR6PZewX/YMype1s3 ExaxoduHHGf0xxloViSnZe1z48FEdcfCica2Z4TacRH6Yp7aeIXOC/DyOl2FQTf5r/ac OFk37YeAglcGpu8QXTZxPAqu6YOwrPwF8tryKblGKLalxkx05eyFOU+siePem5BO4iSx OQLH9u+9l/+g3ZpKVX+lZUT3OdScfmYsVBxvzuX0ykLeL3K6egpfzUUACmre0gkYiNSu BoWcTT3iMjpAe4fflOPgCfMG6dY+kGG61/YNElBPc9iVPFaqdf4qJHIATQ4uqxuh6YDM uA6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733803877; x=1734408677; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4VTXn9EJbSSdNCqgtyoG6wj3OIgIOOdlJuFJ/UTprec=; b=d5VooK9+vMIa6Ee1w8oZ3vIpaeiROMYn1TxYU0LhkbAXo+WOTByXmJ+LoQ/2C+pQLW jEQey4FCOJjBzoI0MWOmoC/hYz4lUCQ6QknOn6ToRR3+C/gfFn15e/Ycc0NQHQN56Uix oZFmEK1zs30ETTfTctmX12PoUAhfRElKwb2JB/0O9x0mdtv5aV9f7noIwEVh/JqJ6+gc NyFpDW2Jx8gP84hRinpzmpPUdTYaGNDMyBHiK+pl79RbevB/W+bFUJ6d6tjEY41s8WYJ GvcC5JrlEgm3him4vFFfUGMeX6BtquOHj6mkDspz5zEjvawDLRpNZHggFZb+WqxUJ/Hw BeqQ== X-Gm-Message-State: AOJu0YzYIUC37gz+Hcje9XlBeAhdKqpFbnaEKWeRxnjtl7AlSLxVnBcs Au9uOuddVsXNXEGOPkqLCcdHbY3Jo6LEgTg4VRai6FHkdOEeiebdEozVRg== X-Gm-Gg: ASbGncsy5VXM8ba0PukxtI7FguGi4IOw+XeEj4KGF1t8P/a/D0hTV73bC9jcD67gHbm 5QWIw37S9CGRR8HDhNVrHb/FsBURHnKmcPbrwQgEZQfQPOn8MW3Ri4hP3YhO+zSlDmk+N8wIHm0 GOE8zXIuVuwM+qO55VNXtd1oe7sYYccGxIEVGG5aE/2sYSXIMRReIBRa2btkwuKkH0dKDsTs+o2 lo7pdH9950VsX8mz1yFIMn/7QdwZMWCBUScqFIl38yvIXzF+w== X-Google-Smtp-Source: AGHT+IHOriS3VG/8eWxi9dabbh1IoJgKUF1psJMpMMPFXkTfDPgVAGa+GyhxXZvf4sdRi8ov21BpFQ== X-Received: by 2002:a17:902:f70b:b0:215:a179:14d2 with SMTP id d9443c01a7336-2166a0635dfmr42471755ad.50.1733803877066; Mon, 09 Dec 2024 20:11:17 -0800 (PST) Received: from honey-badger.. ([38.34.87.7]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-21631d6b3b8sm44296265ad.136.2024.12.09.20.11.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Dec 2024 20:11:16 -0800 (PST) From: Eduard Zingerman To: bpf@vger.kernel.org, ast@kernel.org Cc: andrii@kernel.org, daniel@iogearbox.net, martin.lau@linux.dev, kernel-team@fb.com, yonghong.song@linux.dev, mejedi@gmail.com, Eduard Zingerman Subject: [PATCH bpf v2 4/8] selftests/bpf: test for changing packet data from global functions Date: Mon, 9 Dec 2024 20:10:56 -0800 Message-ID: <20241210041100.1898468-5-eddyz87@gmail.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241210041100.1898468-1-eddyz87@gmail.com> References: <20241210041100.1898468-1-eddyz87@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net Check if verifier is aware of packet pointers invalidation done in global functions. Based on a test shared by Nick Zavaritsky in [0]. [0] https://lore.kernel.org/bpf/0498CA22-5779-4767-9C0C-A9515CEA711F@gmail.com/ Suggested-by: Nick Zavaritsky Signed-off-by: Eduard Zingerman --- .../selftests/bpf/progs/verifier_sock.c | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/tools/testing/selftests/bpf/progs/verifier_sock.c b/tools/testing/selftests/bpf/progs/verifier_sock.c index d3e70e38e442..51826379a1aa 100644 --- a/tools/testing/selftests/bpf/progs/verifier_sock.c +++ b/tools/testing/selftests/bpf/progs/verifier_sock.c @@ -1037,4 +1037,32 @@ __naked void sock_create_read_src_port(void) : __clobber_all); } +__noinline +long skb_pull_data2(struct __sk_buff *sk, __u32 len) +{ + return bpf_skb_pull_data(sk, len); +} + +__noinline +long skb_pull_data1(struct __sk_buff *sk, __u32 len) +{ + return skb_pull_data2(sk, len); +} + +/* global function calls bpf_skb_pull_data(), which invalidates packet + * pointers established before global function call. + */ +SEC("tc") +__failure __msg("invalid mem access") +int invalidate_pkt_pointers_from_global_func(struct __sk_buff *sk) +{ + int *p = (void *)(long)sk->data; + + if ((void *)(p + 1) > (void *)(long)sk->data_end) + return TCX_DROP; + skb_pull_data1(sk, 0); + *p = 42; /* this is unsafe */ + return TCX_PASS; +} + char _license[] SEC("license") = "GPL"; From patchwork Tue Dec 10 04:10:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eduard Zingerman X-Patchwork-Id: 13900845 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2585622578E for ; Tue, 10 Dec 2024 04:11:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.174 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733803881; cv=none; b=PZ0TVR6zKSCTW246aSAxtXj09T6Rp+U6yqxg3zleOOQD57JsatyAMS2gW2pmHDboAvRqzcTzZhMaXYNLygWsGj9JxoVVOv/t/0zgi1KfljJtKKG66qiT4uFLE9S0+WZrgjOH2ZqC2onRcQDXCFQPr9vljX92iorH1iMxp2NK4e0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733803881; c=relaxed/simple; bh=Hcc9UsySMTbXqeCveyrKB76fa3d50tQ5MKht1qHx3RI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=kt/rpsT+zbyV0sv7BJ0VE31lqXfztSbCClpmfLj5fwS3dI6s/mT0b46143KBBfXC6uTS94kk/PxbichrHf+G4jPKONogBR5CYGimFTDtcNpqp3RPfAx6yXdQmAuMRvubVuhS+Yern8VqbRkPB1vVFoPPFE6JhKiVpLwGBoyq2U4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=by8qyGAY; arc=none smtp.client-ip=209.85.214.174 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="by8qyGAY" Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-21631789fcdso14783495ad.1 for ; Mon, 09 Dec 2024 20:11:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733803878; x=1734408678; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=CwPZMQhI00m6ciQ91kVp9l5KLtSM+iYorvVb0YUw0d0=; b=by8qyGAYQOH9mwBOUT/hgxiwSDyA1gGilp0u2pGojyrXEgAsOVZ1HETlU+DnvzTrmt B+nyhNRyqSnoInJEwmQ7QFhr5PafgWtACZdnhX9UFt1MIyOJVHFojHbLpCJ1kzor8z79 bYOWq+jdF3QjUK/qtVQ7ip/DHpXIwxM7O3LnqSZ6SFFrzYZmshZVBFYKpm1Mk3RWNrOZ X2C7k0wLmUuDC17eiSQMHIOPNx5ae42jmOVTS/WxVC6+HU3IN/LkQ/gUj8ozqrhZFpdH iSs/kVzlBbD9yVPr8zlFJWciiiThdQBYcCg2kg8GE9KftOQIFUJXY1yjGF7/BxVzg5V5 fUVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733803878; x=1734408678; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CwPZMQhI00m6ciQ91kVp9l5KLtSM+iYorvVb0YUw0d0=; b=WOKCppKd8IMsYyIW1iaj2l3T3K3x8+hCES+2SxcGfSk+hxON/ZAYUQYbHhmUPfeyW/ bvO2+5WXBvHmv3FbOK3ejAOUvfwpqU3x2IuO5y99TnXPEVgm4SllN//dorP7oyUFFy1c uvX8frTMsaVa8Rmi6MKIa66t5fzq/BgFl6uHr+wAoxiDZSBvBI1tJ5DdbDLx4tu3lxDI nE9wH2B8W+cKdxfrjIRUTfSV1zRWnb8aMDbEvuSVzCQlYIyoJbbk2I5JOLvI0YIKG454 odIksrUBqJ0XeRONnN+5lhr9RbVknUhP6pxoKWc8W36qf4Ms0XsJ88fp93TT33ulk7Af 0r9A== X-Gm-Message-State: AOJu0Yyl7gZx/ZFFFzLW9YItqbmhDgqGMy6V3ylaCJJm8s+it7mucGgc 5dPRvnzldNjcvcSBnyDczD8GPcW0mn4DqRqC+d6xYrLjKj2nRWd+n+McxQ== X-Gm-Gg: ASbGncuI7kdNvppoQUl+jFVuzTBg4rNYcqS4WlZStC2nv45em+ow5oGzOoIPKQSrByH h66I9zGfIRXHV3w7O2+9pYko8rFLjd2GlSmIgUQ5mQJEULCp+IisMFV08lQvyn1igXqet3T3yuT VbZWsP/niwqmV8lu0ojRh2rDn/y7Q0ZNZ7i9uRHfXvhoATZEjSvFS/ALMC825c7JOqEsnNOm6C2 LdJpMd90qs/RFobbnToS6U6xyYgx3HOITcPLk21k1PsVCSt2Q== X-Google-Smtp-Source: AGHT+IGCXcBBeSpxglu8urOHhS1eJ7Ytj9Lss1hk8e3k7SEfxvu8sDPpSo8eNTV/M55SEzfS3od06w== X-Received: by 2002:a17:903:22ca:b0:215:7e49:8202 with SMTP id d9443c01a7336-21670a19629mr35934575ad.13.1733803878162; Mon, 09 Dec 2024 20:11:18 -0800 (PST) Received: from honey-badger.. ([38.34.87.7]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-21631d6b3b8sm44296265ad.136.2024.12.09.20.11.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Dec 2024 20:11:17 -0800 (PST) From: Eduard Zingerman To: bpf@vger.kernel.org, ast@kernel.org Cc: andrii@kernel.org, daniel@iogearbox.net, martin.lau@linux.dev, kernel-team@fb.com, yonghong.song@linux.dev, mejedi@gmail.com, Eduard Zingerman , Alexei Starovoitov Subject: [PATCH bpf v2 5/8] bpf: check changes_pkt_data property for extension programs Date: Mon, 9 Dec 2024 20:10:57 -0800 Message-ID: <20241210041100.1898468-6-eddyz87@gmail.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241210041100.1898468-1-eddyz87@gmail.com> References: <20241210041100.1898468-1-eddyz87@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net When processing calls to global sub-programs, verifier decides whether to invalidate all packet pointers in current state depending on the changes_pkt_data property of the global sub-program. Because of this, an extension program replacing a global sub-program must be compatible with changes_pkt_data property of the sub-program being replaced. This commit: - adds changes_pkt_data flag to struct bpf_prog_aux: - this flag is set in check_cfg() for main sub-program; - in jit_subprogs() for other sub-programs; - modifies bpf_check_attach_btf_id() to check changes_pkt_data flag; - moves call to check_attach_btf_id() after the call to check_cfg(), because it needs changes_pkt_data flag to be set: bpf_check: ... ... - check_attach_btf_id resolve_pseudo_ldimm64 resolve_pseudo_ldimm64 --> bpf_prog_is_offloaded bpf_prog_is_offloaded check_cfg check_cfg + check_attach_btf_id ... ... The following fields are set by check_attach_btf_id(): - env->ops - prog->aux->attach_btf_trace - prog->aux->attach_func_name - prog->aux->attach_func_proto - prog->aux->dst_trampoline - prog->aux->mod - prog->aux->saved_dst_attach_type - prog->aux->saved_dst_prog_type - prog->expected_attach_type Neither of these fields are used by resolve_pseudo_ldimm64() or bpf_prog_offload_verifier_prep() (for netronome and netdevsim drivers), so the reordering is safe. Suggested-by: Alexei Starovoitov Signed-off-by: Eduard Zingerman --- include/linux/bpf.h | 1 + kernel/bpf/verifier.c | 16 ++++++++++++---- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/include/linux/bpf.h b/include/linux/bpf.h index eaee2a819f4c..fe392d074973 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -1527,6 +1527,7 @@ struct bpf_prog_aux { bool is_extended; /* true if extended by freplace program */ bool jits_use_priv_stack; bool priv_stack_requested; + bool changes_pkt_data; u64 prog_array_member_cnt; /* counts how many times as member of prog_array */ struct mutex ext_mutex; /* mutex for is_extended and prog_array_member_cnt */ struct bpf_arena *arena; diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 6a29b68cebd6..c2e5d0e6e3d0 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -16872,6 +16872,7 @@ static int check_cfg(struct bpf_verifier_env *env) } } ret = 0; /* cfg looks good */ + env->prog->aux->changes_pkt_data = env->subprog_info[0].changes_pkt_data; err_free: kvfree(insn_state); @@ -20361,6 +20362,7 @@ static int jit_subprogs(struct bpf_verifier_env *env) func[i]->aux->num_exentries = num_exentries; func[i]->aux->tail_call_reachable = env->subprog_info[i].tail_call_reachable; func[i]->aux->exception_cb = env->subprog_info[i].is_exception_cb; + func[i]->aux->changes_pkt_data = env->subprog_info[i].changes_pkt_data; if (!i) func[i]->aux->exception_boundary = env->seen_exception; func[i] = bpf_int_jit_compile(func[i]); @@ -22225,6 +22227,12 @@ int bpf_check_attach_target(struct bpf_verifier_log *log, "Extension programs should be JITed\n"); return -EINVAL; } + if (prog->aux->changes_pkt_data && + !aux->func[subprog]->aux->changes_pkt_data) { + bpf_log(log, + "Extension program changes packet data, while original does not\n"); + return -EINVAL; + } } if (!tgt_prog->jited) { bpf_log(log, "Can attach to only JITed progs\n"); @@ -22690,10 +22698,6 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr, bpfptr_t uattr, __u3 if (ret < 0) goto skip_full_check; - ret = check_attach_btf_id(env); - if (ret) - goto skip_full_check; - ret = resolve_pseudo_ldimm64(env); if (ret < 0) goto skip_full_check; @@ -22708,6 +22712,10 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr, bpfptr_t uattr, __u3 if (ret < 0) goto skip_full_check; + ret = check_attach_btf_id(env); + if (ret) + goto skip_full_check; + ret = mark_fastcall_patterns(env); if (ret < 0) goto skip_full_check; From patchwork Tue Dec 10 04:10:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eduard Zingerman X-Patchwork-Id: 13900847 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 346AD22617A for ; Tue, 10 Dec 2024 04:11:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733803882; cv=none; b=Gz5VsCeVsUSwIxpMJVRb8YE0xACeXpR3H4SBSVofS3r/6hCOCj5fbpuLcQfHUheakRmlyiouB+OlS5m7DoXGtEQrZB3PW/1xYA4OIJVzZOgLxW38RBK5MFThiXn59Ceij2/4Qvy5XZ/k5oobmBm/9umisLt4hqdA82NHSfe+asg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733803882; c=relaxed/simple; bh=E9rK5VVgu1vb5HOv5GNksct/4EVn1xjQhk0AlLIH0XQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ctaCsUnoF32BmLpp4c6wMUi+pKYsa9Defw1x1Dd0L0IOtcZeSvTG+wzBEpHHXYvHA89BCzARtYSqLKG0OeWl6/EZBnN1UGRu/awUuRi/hENof+iuI3MDT4Unxp73FCFirxJvU00hUZBHWnDHkhK5l5JEIaL+UI2IXN49yuUINQI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=fA91Gccm; arc=none smtp.client-ip=209.85.214.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="fA91Gccm" Received: by mail-pl1-f172.google.com with SMTP id d9443c01a7336-21649a7bcdcso17892175ad.1 for ; Mon, 09 Dec 2024 20:11:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733803879; x=1734408679; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=E4A/mi4KeRBODXu6ZbToqrKIC6qUwYXkLsbt0ypD+mc=; b=fA91GccmNZi0Q7MHEILq9sTxIZwEzVR9KEh4lRnjYRJDXOjU8aYhi8ylkqUtGKpfKe DanqxkRl8L3bX2LHAD1YQa7Ihbyl/0Ye1WHNwKrCpVXXFH33qU6nCK8vbEg20sEnANCb W+OCkUTrq6qt0byyN39cD6Y/cAMwSE4aziZfu3CxhiiEviYTlM8zvJ5hbSwZt35ReQfI YVHpemQgLDANgPP1ewNufwxtbZv80S3aQu+m0qqY5K5paZ1gILZspAspSbb8Jcf7zbZ2 Yj5/mrKs6rr82grucyhyyjYAhtp+xDKrSzS0adrRwYPpyLr9EeSN21AgDnrCLLueCSQn OJYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733803879; x=1734408679; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=E4A/mi4KeRBODXu6ZbToqrKIC6qUwYXkLsbt0ypD+mc=; b=XqwBVcElaumD7BC+4LHisftFKnZi7epBrpy3Sv6KRIjA6N0SuStAw7hp9L2Xhf7iJZ BysKFh3GL/tbvOqqkM8wpu6icf/vbWBxP0UGo3jcWgNauJPol5CPr538L+tQQ7pY8NNZ 2aeGoxHw+ttihd8ZU5qdb6d/yasbhk3W0dmFntIyq0t4QHcDN7161sMYubUVeAKajzan 6BsZqzVk4nhiiSK0Q+9HjwV/GtEQAcZ4F3Dxhp4Cu5uFImdGJbGQntLhhsGUR3SvUhYB IVIpRRsxRMuwjVONHYbdjFHqgvw/5u9uFn32J9yHK9oUQ+le7CWVKVwGssJmnOmQciFF LRjw== X-Gm-Message-State: AOJu0YxwXtZeZnOnehIvaE2oeu4+xB4RaKjzYyIuo++kZxRFmExZwhhV 3cR6+pW8RqpCdb88LieEwHrISw26hi0TEr2cVOOOXB1eW4ts3b0J+oew4A== X-Gm-Gg: ASbGncsX2Ad+qR7OSYz53U5eWdNrnTxS3IWYwYdiT6qJHSqNy/Ilc0N538JoO+n4X5Z 0z9ClHrpdWX7lRM/yew7bcR4T4IjI0rFnGzh78EzODMQEiUpmGoC2uirgSFSXVoSyfXxW/iWGTs LfqMcB9kuSYy2/g5qg3n7RbrcCxDWxvDtd1z5fXOyNUSezawYveeGnJwkwN0Whe7wT0NZW33pDT XXA2mIv5MDvX/bFr2XKTy6Pu+cs0ssIrkVpDAGnAOKLOh5IJw== X-Google-Smtp-Source: AGHT+IHXDw86qbq4Tq5IJbHxhUSu3P8sUMyTVcx4Gz24ob0VHADtt/a9ZL+jQ6zkNtXy1l6Fw/M+Bg== X-Received: by 2002:a17:902:ec92:b0:215:a172:5fb9 with SMTP id d9443c01a7336-2166a05562cmr45498535ad.48.1733803879162; Mon, 09 Dec 2024 20:11:19 -0800 (PST) Received: from honey-badger.. ([38.34.87.7]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-21631d6b3b8sm44296265ad.136.2024.12.09.20.11.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Dec 2024 20:11:18 -0800 (PST) From: Eduard Zingerman To: bpf@vger.kernel.org, ast@kernel.org Cc: andrii@kernel.org, daniel@iogearbox.net, martin.lau@linux.dev, kernel-team@fb.com, yonghong.song@linux.dev, mejedi@gmail.com, Eduard Zingerman Subject: [PATCH bpf v2 6/8] selftests/bpf: freplace tests for tracking of changes_packet_data Date: Mon, 9 Dec 2024 20:10:58 -0800 Message-ID: <20241210041100.1898468-7-eddyz87@gmail.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241210041100.1898468-1-eddyz87@gmail.com> References: <20241210041100.1898468-1-eddyz87@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net Try different combinations of global functions replacement: - replace function that changes packet data with one that doesn't; - replace function that changes packet data with one that does; - replace function that doesn't change packet data with one that does; - replace function that doesn't change packet data with one that doesn't; Signed-off-by: Eduard Zingerman --- .../bpf/prog_tests/changes_pkt_data.c | 76 +++++++++++++++++++ .../selftests/bpf/progs/changes_pkt_data.c | 26 +++++++ .../bpf/progs/changes_pkt_data_freplace.c | 18 +++++ 3 files changed, 120 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/changes_pkt_data.c create mode 100644 tools/testing/selftests/bpf/progs/changes_pkt_data.c create mode 100644 tools/testing/selftests/bpf/progs/changes_pkt_data_freplace.c diff --git a/tools/testing/selftests/bpf/prog_tests/changes_pkt_data.c b/tools/testing/selftests/bpf/prog_tests/changes_pkt_data.c new file mode 100644 index 000000000000..c0c7202f6c5c --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/changes_pkt_data.c @@ -0,0 +1,76 @@ +// SPDX-License-Identifier: GPL-2.0 +#include "bpf/libbpf.h" +#include "changes_pkt_data_freplace.skel.h" +#include "changes_pkt_data.skel.h" +#include + +static void print_verifier_log(const char *log) +{ + if (env.verbosity >= VERBOSE_VERY) + fprintf(stdout, "VERIFIER LOG:\n=============\n%s=============\n", log); +} + +static void test_aux(const char *main_prog_name, const char *freplace_prog_name, bool expect_load) +{ + struct changes_pkt_data_freplace *freplace = NULL; + struct bpf_program *freplace_prog = NULL; + LIBBPF_OPTS(bpf_object_open_opts, opts); + struct changes_pkt_data *main = NULL; + char log[16*1024]; + int err; + + opts.kernel_log_buf = log; + opts.kernel_log_size = sizeof(log); + if (env.verbosity >= VERBOSE_SUPER) + opts.kernel_log_level = 1 | 2 | 4; + main = changes_pkt_data__open_opts(&opts); + if (!ASSERT_OK_PTR(main, "changes_pkt_data__open")) + goto out; + err = changes_pkt_data__load(main); + print_verifier_log(log); + if (!ASSERT_OK(err, "changes_pkt_data__load")) + goto out; + freplace = changes_pkt_data_freplace__open_opts(&opts); + if (!ASSERT_OK_PTR(freplace, "changes_pkt_data_freplace__open")) + goto out; + freplace_prog = bpf_object__find_program_by_name(freplace->obj, freplace_prog_name); + if (!ASSERT_OK_PTR(freplace_prog, "freplace_prog")) + goto out; + bpf_program__set_autoload(freplace_prog, true); + bpf_program__set_autoattach(freplace_prog, true); + bpf_program__set_attach_target(freplace_prog, + bpf_program__fd(main->progs.dummy), + main_prog_name); + err = changes_pkt_data_freplace__load(freplace); + print_verifier_log(log); + if (expect_load) { + ASSERT_OK(err, "changes_pkt_data_freplace__load"); + } else { + ASSERT_ERR(err, "changes_pkt_data_freplace__load"); + ASSERT_HAS_SUBSTR(log, "Extension program changes packet data", "error log"); + } + +out: + changes_pkt_data_freplace__destroy(freplace); + changes_pkt_data__destroy(main); +} + +/* There are two global subprograms in both changes_pkt_data.skel.h: + * - one changes packet data; + * - another does not. + * It is ok to freplace subprograms that change packet data with those + * that either do or do not. It is only ok to freplace subprograms + * that do not change packet data with those that do not as well. + * The below tests check outcomes for each combination of such freplace. + */ +void test_changes_pkt_data_freplace(void) +{ + if (test__start_subtest("changes_with_changes")) + test_aux("changes_pkt_data", "changes_pkt_data", true); + if (test__start_subtest("changes_with_doesnt_change")) + test_aux("changes_pkt_data", "does_not_change_pkt_data", true); + if (test__start_subtest("doesnt_change_with_changes")) + test_aux("does_not_change_pkt_data", "changes_pkt_data", false); + if (test__start_subtest("doesnt_change_with_doesnt_change")) + test_aux("does_not_change_pkt_data", "does_not_change_pkt_data", true); +} diff --git a/tools/testing/selftests/bpf/progs/changes_pkt_data.c b/tools/testing/selftests/bpf/progs/changes_pkt_data.c new file mode 100644 index 000000000000..f87da8e9d6b3 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/changes_pkt_data.c @@ -0,0 +1,26 @@ +// SPDX-License-Identifier: GPL-2.0 + +#include +#include + +__noinline +long changes_pkt_data(struct __sk_buff *sk, __u32 len) +{ + return bpf_skb_pull_data(sk, len); +} + +__noinline __weak +long does_not_change_pkt_data(struct __sk_buff *sk, __u32 len) +{ + return 0; +} + +SEC("tc") +int dummy(struct __sk_buff *sk) +{ + changes_pkt_data(sk, 0); + does_not_change_pkt_data(sk, 0); + return 0; +} + +char _license[] SEC("license") = "GPL"; diff --git a/tools/testing/selftests/bpf/progs/changes_pkt_data_freplace.c b/tools/testing/selftests/bpf/progs/changes_pkt_data_freplace.c new file mode 100644 index 000000000000..0e525beb8603 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/changes_pkt_data_freplace.c @@ -0,0 +1,18 @@ +// SPDX-License-Identifier: GPL-2.0 + +#include +#include + +SEC("?freplace") +long changes_pkt_data(struct __sk_buff *sk, __u32 len) +{ + return bpf_skb_pull_data(sk, len); +} + +SEC("?freplace") +long does_not_change_pkt_data(struct __sk_buff *sk, __u32 len) +{ + return 0; +} + +char _license[] SEC("license") = "GPL"; From patchwork Tue Dec 10 04:10:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eduard Zingerman X-Patchwork-Id: 13900846 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-pg1-f182.google.com (mail-pg1-f182.google.com [209.85.215.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 14186226179 for ; Tue, 10 Dec 2024 04:11:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.182 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733803882; cv=none; b=JYjMUwP5mTxWZxTIy9+JZSLVFdGe+Py2E+asg778jFmT+EIhFDd3hswjjASx/8Q47AUvgPoYQBwDKDqYGtD49z2LdiBRd/+VJrebNrWPG+RmXW+QNApeONTtCjtvroSf92jhSvN47aMAhHJ/uwPfdEYlFZXASQW7VjwoM7tZ0e0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733803882; c=relaxed/simple; bh=exvqnr87Qc6EueSTnOwgtR564j6q0koMZrddowX5G3k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=V9vyoEfz4oB2JQZta9Je2A1VcPYAOOoeNSN/Yfb9B3BWOEG2PHuKkmZM3LhV8CpOuKdjd6iF8wrRNdUYnyVg6ZVZsRk0Ln1QkrUIc33hgMeFQ56Z+cRdtgf4dE2xPVDSBbKLqZ+Um1N88DnPFJXSqNvRVBFErvex5hCqre7yzqo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Cd+D7N2m; arc=none smtp.client-ip=209.85.215.182 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Cd+D7N2m" Received: by mail-pg1-f182.google.com with SMTP id 41be03b00d2f7-7fcfb7db9bfso3907791a12.1 for ; Mon, 09 Dec 2024 20:11:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733803880; x=1734408680; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=niuGxcXNQ0TnVzFv8lzYzTN1QAlStTCPrAkZlwl8hYY=; b=Cd+D7N2mxCKgvUdVE4gpwhW91dxHkEZH3rM05KYWyIOy1SAR+pgvcVhrtuRgYcFgYf 1h3Vavl3hFFnvvJLu2rbNZCWgor8jgkpELdWPenU1v14GocxmuWK86Bz7dYL3YiP1YDu n7HUxVWKmDm5j7GmxuwIDm7yFVA0Swf0sR+sFEFVLdfYLdHH/HthwTmnBwYwDyKHZnrI OMNUvP5KkW4IoG9T40stkET+qxjLU77NAvEK/XabKzYjGGWr2/ODrOhKuaY0cZFGjR5o y1AVMDnUchnKd5dE9Wc9iIac43tBfq475XbdiqrSlRLyD6DrzVmSi2g00F8VWEqu6a+z ZPTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733803880; x=1734408680; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=niuGxcXNQ0TnVzFv8lzYzTN1QAlStTCPrAkZlwl8hYY=; b=crGy/RCbSNsMn4dvlSn1M8Rei+yR+B7pTfNlInt++FgALExvcbaFl9xX5y2Sm32DVL r8njB7k/cKIu5mnNhNmbiEeKuOjOEfeh82OPHRLu4OqXamZ+kYZuno/wZpnmTFoczD2+ dkBI1piEo8kbIaK2WBp7yFx5GfKYmUgk+GX8RaJnXzfQi8TcdGLJZaQj5nKGgW7z7yQg IR5Odkrqw3uSg/Q7ElNVF/yRW26xWNQsBj9AWZProd13Y5Uy7ktVd3tJuxUX+/Vfo4yX xuh8ZgKKWqUGWdliWwJHpHcrSKU0gOTGWKtQZ+rWt7sn0vM1dHF2L9SRUYVqM7f47vRN H1Hw== X-Gm-Message-State: AOJu0YwWQu/GIZKYXE/i6LzKK1Qo2ODBMyuqPGjjuKnDIqE7y8aAcXVj aM3DGv13iR7590Uw/BtNGwU7kKAHSCtCjc0Fuxz08TRXC/vDbbZHcw8ZEw== X-Gm-Gg: ASbGncuqvjQ+2in7w5SPEmz7ufQBvLa173HVvYsL5RzVfKoDxN37yQ5ecZ0SWJGtp+F mfYg9bnvYjcht/AISHfmJo+tGRoPT4Z3aLHKjDMi/CxuUklaisC9i4AvSpVcMrSXouIxp/kJsnF Ii6XgTY8xBJhuKzhd4e8eiO/06WwhBRsSo5s5YYLYkhznfk+S8xoADWbHeZvlCcvomCEC2MlegR 7UFJQ7gIQQDyd99PP0+9qq0+IofqwrrTGMzw1EOac17yrn4Hw== X-Google-Smtp-Source: AGHT+IGHl7wf12CCq2tk9O0w17ZLE1AbXNmUyS3wy7w3Pw7re4Q0WXFoS1sO6b1a7JPRaiej7Z/waw== X-Received: by 2002:a17:902:d4cb:b0:216:6590:d472 with SMTP id d9443c01a7336-21669fe23fdmr43631015ad.21.1733803880075; Mon, 09 Dec 2024 20:11:20 -0800 (PST) Received: from honey-badger.. ([38.34.87.7]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-21631d6b3b8sm44296265ad.136.2024.12.09.20.11.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Dec 2024 20:11:19 -0800 (PST) From: Eduard Zingerman To: bpf@vger.kernel.org, ast@kernel.org Cc: andrii@kernel.org, daniel@iogearbox.net, martin.lau@linux.dev, kernel-team@fb.com, yonghong.song@linux.dev, mejedi@gmail.com, Eduard Zingerman Subject: [PATCH bpf v2 7/8] bpf: consider that tail calls invalidate packet pointers Date: Mon, 9 Dec 2024 20:10:59 -0800 Message-ID: <20241210041100.1898468-8-eddyz87@gmail.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241210041100.1898468-1-eddyz87@gmail.com> References: <20241210041100.1898468-1-eddyz87@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net Tail-called programs could execute any of the helpers that invalidate packet pointers. Hence, conservatively assume that each tail call invalidates packet pointers. Making the change in bpf_helper_changes_pkt_data() automatically makes use of check_cfg() logic that computes 'changes_pkt_data' effect for global sub-programs, such that the following program could be rejected: int tail_call(struct __sk_buff *sk) { bpf_tail_call_static(sk, &jmp_table, 0); return 0; } SEC("tc") int not_safe(struct __sk_buff *sk) { int *p = (void *)(long)sk->data; ... make p valid ... tail_call(sk); *p = 42; /* this is unsafe */ ... } The tc_bpf2bpf.c:subprog_tc() needs change: mark it as a function that can invalidate packet pointers. Otherwise, it can't be freplaced with tailcall_freplace.c:entry_freplace() that does a tail call. Signed-off-by: Eduard Zingerman --- net/core/filter.c | 2 ++ tools/testing/selftests/bpf/progs/tc_bpf2bpf.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/net/core/filter.c b/net/core/filter.c index efb75eed2e35..21131ec25f24 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -7924,6 +7924,8 @@ bool bpf_helper_changes_pkt_data(enum bpf_func_id func_id) case BPF_FUNC_xdp_adjust_head: case BPF_FUNC_xdp_adjust_meta: case BPF_FUNC_xdp_adjust_tail: + /* tail-called program could call any of the above */ + case BPF_FUNC_tail_call: return true; default: return false; diff --git a/tools/testing/selftests/bpf/progs/tc_bpf2bpf.c b/tools/testing/selftests/bpf/progs/tc_bpf2bpf.c index d1a57f7d09bd..fe6249d99b31 100644 --- a/tools/testing/selftests/bpf/progs/tc_bpf2bpf.c +++ b/tools/testing/selftests/bpf/progs/tc_bpf2bpf.c @@ -11,6 +11,8 @@ int subprog_tc(struct __sk_buff *skb) __sink(skb); __sink(ret); + /* let verifier know that 'subprog_tc' can change pointers to skb->data */ + bpf_skb_change_proto(skb, 0, 0); return ret; } From patchwork Tue Dec 10 04:11:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eduard Zingerman X-Patchwork-Id: 13900848 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EFECC226180 for ; Tue, 10 Dec 2024 04:11:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.178 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733803883; cv=none; b=dy1AuXazmDoe4v7Y3v1FuE34ztoOgZWF/X2Kaa91/hPokCfg5JeUXyHXz4PN4VrcaUZIsEchCvU64i8+cOGn2O9b2knIg+Vi16AC0W24W1Zo/6I+Aw6I7Vv7o+jd2FUkRG6r+Xw/P4vetbr4I+KaquoaTucs7AaDkXDh9iduwN4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733803883; c=relaxed/simple; bh=WU76+cksynlmlH8ydZBIUgNFS+SY2OPnYi1ZiU7RNF0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Dnc6THI12UO6giAjwWuNiyC2oU2ku7jPTZ63QwvuJJ9qJqfBIQO8nv+bwgAng7nbkbHXWql95DF1rlmiwLC+ejDki7b09HmHXO9ABs0X3iqz2Y8Dc1cwYZ6WF4bTF+19I2jTDa01uCLJAeCFmX6ONbLlXnZTNLVj4EUbatGX5M4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=NX0pZ2j8; arc=none smtp.client-ip=209.85.214.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="NX0pZ2j8" Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-21644aca3a0so20053365ad.3 for ; Mon, 09 Dec 2024 20:11:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733803881; x=1734408681; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=k0KYVZnEf1s3QKS8ZQMoh9wsEnzWG4BHfJNUsHf/R2k=; b=NX0pZ2j8MFep7oGiZKC9vm5YP69NV8iqgVlk+H8h7VSHiQoxuskNRnfCVE3mCoCjkA yUv97Xh5zxQ4lqL2qk93/fSpYvzp2vLvTkGubssBhziDriG3e+2h4nhNqogDZIMJlz7v uHZWgPmSzxxuLmSOQKRAdYJwdzQ2p6bW/SrMZp6YQIQejWFxqsYXs8g9NnwZo4y3Ful/ YLttKO0D+rfWc0ECgoW7DgVikzKlKR/W7zBq6xkRqKAguLCuCItbUFZhiibb4Bmj7JMv 0GQg83vXOctSzYLzLFRXas9xo4rDDBI8LuMK9cN9VtmgIM9rRUQcOZzDf5ubYUU1DING q1Xw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733803881; x=1734408681; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=k0KYVZnEf1s3QKS8ZQMoh9wsEnzWG4BHfJNUsHf/R2k=; b=bDxjOUBuIIL2iQ7k1OsnP2D/4TmQd9UGQts0grOmUIWML36+yxRwJlX46LIJJvtBZv J9Dm+QTHf8UvWTUP1IgKHgEoruddPIF113iGuYvqWHxjuIET70bqSIblSa+U+NeB1ZxE D4EHyNfO2gzUqhq+JfxgYTdGm0RZm1OfQbOrCKF5AqEKWaQYCCDwksNq4aBf4+q6vqhG g70vvVXDJkOq5cd/yajjww5XHPJx7ZKCiBRvIbG11DNi/ZXUaHOBXErLW2v6ex9LE1uI fvv2YCeFAyrYWUkRGHyNbAFa/kmCLPOP416wW6/3Kgw2F21T7X1mEehGXfkpE8gC98ao dHRg== X-Gm-Message-State: AOJu0Yzf/xELBc6PYfgr6ybS0PmrlOIA6C+9zbzdfhEhQ03iIqROUld4 kjM6YCeT4bW4nqjOCL2iuCn3qiHRfWd7VXkdwG6Ve+u8R5wIHHhEB72jIQ== X-Gm-Gg: ASbGncuMvigObs7b/VLOue9/XyXLmH8L9iABnpkyYGe7VTLNcM9uhhVo5TS+3udmlqK OyQFFbn6I+B9U48FpTv69GLwQAE0D3Z0zqkjcrvB9LK+uwru8DR2pvV5zaEMmK/2cf3LeBzXRxr p/BbYfXg+sFEm39jRoNnE1dNrB6yMJQmwXthjPb47z9UTAPrRTy+y1+ZOTG5y3E5SNoUxUWuTQ5 hNppSrh2G7IR4ug2Iogyi7lRpmcdGzc4nmY39uGvOC1R0WY7A== X-Google-Smtp-Source: AGHT+IFzDhtP8nbAL+z30keWlB9m+08dZxFBC8CgXWUmAS6DTFL9DRZulSfXshp5qP2Zk2sjf/xDeA== X-Received: by 2002:a17:902:d547:b0:215:72aa:693f with SMTP id d9443c01a7336-21669fc6680mr43609205ad.9.1733803881069; Mon, 09 Dec 2024 20:11:21 -0800 (PST) Received: from honey-badger.. ([38.34.87.7]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-21631d6b3b8sm44296265ad.136.2024.12.09.20.11.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Dec 2024 20:11:20 -0800 (PST) From: Eduard Zingerman To: bpf@vger.kernel.org, ast@kernel.org Cc: andrii@kernel.org, daniel@iogearbox.net, martin.lau@linux.dev, kernel-team@fb.com, yonghong.song@linux.dev, mejedi@gmail.com, Eduard Zingerman Subject: [PATCH bpf v2 8/8] selftests/bpf: validate that tail call invalidates packet pointers Date: Mon, 9 Dec 2024 20:11:00 -0800 Message-ID: <20241210041100.1898468-9-eddyz87@gmail.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241210041100.1898468-1-eddyz87@gmail.com> References: <20241210041100.1898468-1-eddyz87@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net Add a test case with a tail call done from a global sub-program. Such tails calls should be considered as invalidating packet pointers. Signed-off-by: Eduard Zingerman --- .../selftests/bpf/progs/verifier_sock.c | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/tools/testing/selftests/bpf/progs/verifier_sock.c b/tools/testing/selftests/bpf/progs/verifier_sock.c index 51826379a1aa..0d5e56dffabb 100644 --- a/tools/testing/selftests/bpf/progs/verifier_sock.c +++ b/tools/testing/selftests/bpf/progs/verifier_sock.c @@ -50,6 +50,13 @@ struct { __uint(map_flags, BPF_F_NO_PREALLOC); } sk_storage_map SEC(".maps"); +struct { + __uint(type, BPF_MAP_TYPE_PROG_ARRAY); + __uint(max_entries, 1); + __uint(key_size, sizeof(__u32)); + __uint(value_size, sizeof(__u32)); +} jmp_table SEC(".maps"); + SEC("cgroup/skb") __description("skb->sk: no NULL check") __failure __msg("invalid mem access 'sock_common_or_null'") @@ -1065,4 +1072,25 @@ int invalidate_pkt_pointers_from_global_func(struct __sk_buff *sk) return TCX_PASS; } +__noinline +int tail_call(struct __sk_buff *sk) +{ + bpf_tail_call_static(sk, &jmp_table, 0); + return 0; +} + +/* Tail calls invalidate packet pointers. */ +SEC("tc") +__failure __msg("invalid mem access") +int invalidate_pkt_pointers_by_tail_call(struct __sk_buff *sk) +{ + int *p = (void *)(long)sk->data; + + if ((void *)(p + 1) > (void *)(long)sk->data_end) + return TCX_DROP; + tail_call(sk); + *p = 42; /* this is unsafe */ + return TCX_PASS; +} + char _license[] SEC("license") = "GPL";