From patchwork Wed Dec 11 02:01:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kumar Kartikeya Dwivedi X-Patchwork-Id: 13902740 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-wr1-f68.google.com (mail-wr1-f68.google.com [209.85.221.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 669BF2868B for ; Wed, 11 Dec 2024 02:02:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.68 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733882524; cv=none; b=SOSBDXFLLTXfiEAGtxZt4xdGvSOsagCBb3+xIjjqIXsl6nzo8E9CEfUxl0OT5c258hClN7nlmMgN41e9gzkE6bQnuC5nzEwRAldlV92DvJccHg8GOHq8jrtfc/tIjkG9VqyB3RIyfW9hPtTYi/ReQxTF/cfU64xh+Bs2Kf3gdb4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733882524; c=relaxed/simple; bh=LdE3XkNzml/IkHPi9P3UDz/vgiTeMciKu83Lw4cU7lc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=gZkAwXp6MmWS3g6yvtc3qRTPuKEQJl0VvPTTdQ7EDyeUM5j8rGRZZJEjdJiKZA7WPGl9OKH6BuOlCv7rsvgh/GNW7BSDXQFv7q7PT3eV+RjOCF0ReOb5oShPReTzHQHGCpVNyQ6nRSD5PAUQl9CaLFQJLmjfOKGWa73NRvpaSk0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=dT4zArj2; arc=none smtp.client-ip=209.85.221.68 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="dT4zArj2" Received: by mail-wr1-f68.google.com with SMTP id ffacd0b85a97d-385ef8b64b3so4983266f8f.0 for ; Tue, 10 Dec 2024 18:02:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733882520; x=1734487320; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=svbtxuGItyjPG5m4NkX4ug+3OCLs5wAqRT7yiVDJEH4=; b=dT4zArj2Fs+VkJJfRJZTpxKi/IbpybyeUB+SZbL0jpsNPfGWg7Kpu5qK23/fIa4ZU3 OuPG2cRIo/MW6KVcd95Ntbkq9UV70BHwQroAsIDps+247CSCtB9sUTyJ0lRKuWt5rR9I Jwpd90i0vvkrhDjFxyUL46Nqgk15ZlrAM2E+tSskNajcgTNKNftZIxJUQvUvSej0agj2 6UQDcSaB8w4i681d2ULhnXhz6jVV8QTHram6jR0wzUmrOXNmoKv4a30cksdA0doJfOxe WCIR1LKGtaISGuCMj207PE1/bTG6Yltr/u3Sm0XTdPUuMmYq2RXBZe8U+Gn99rgp5ql+ D/Eg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733882520; x=1734487320; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=svbtxuGItyjPG5m4NkX4ug+3OCLs5wAqRT7yiVDJEH4=; b=S+rLZaowGng2RvntScA09+lsBWP8Esk10d5Lne9iyDtoQYU/yGihoCkL/Kz6qI60ts QnJzau5XDNU7snOSg0wg/xlstXPpz8V13ImVDoptueCpysDw/nifoxgbpQ9iO2MCzssB qv21i7L3oCQKMQ5TeWMZNQ4h1sr7FrPChqGTiAa0Ifw4VwPfTnzeKuVr8/2U4EalItPm k5dozldX0AdFU3EANOKQdQCSoLBXf+OOc77cEepH8Mudc1Fa7JZV93D+t89aL+kr1Pch 7Bvl/jxMU3bG+7TufjLa3hatfx0D8NFEwsi9KcKVHNOrpcnKou/RSLinPtxN8crzdXBM 45YA== X-Gm-Message-State: AOJu0YwtA7tCtmk3jNIPgWvJI5shD1FYCHPJWT0xSTRFWEH5FEZrKWyP uS2nOdhOAAM758zhjto7feWywRXkbNogkhBid49InZm2h1jQZtDeWBLemuSZhhk= X-Gm-Gg: ASbGncvDTuttD8YupylGqwrgwUFBpKRNlGkbPM793fPjIKMI83xNNBZsR0wcBHUFlaH 2N/GJnqsLpYC6uvxRYLpU228iCZsSTYDtmElE5MearpiAFMkYp2522cLCrDPGGKPzeN0Rhfu/Ay sDPmqoXiFy5KJW+OAd31psEGH4nLrhi5raBTgLnyKZN4EA4+OM0xhvLz/J+aEMXrYdJ0WDWZLcW ShBcWz7NWzMLPM2Mv8RfOud7LilupizWZ+Ks/153+fvokzvJqhqY8dLNg7HrwDu8IahlWn/Da3+ +GGgSg== X-Google-Smtp-Source: AGHT+IHUwOkChPp/ewxNKyOtmX8uA1C1Bo+quZI/Y3RhwCcKxdcYACdL7q66x8/ED8oGC2KoC7satA== X-Received: by 2002:a5d:6d0b:0:b0:385:e35e:9da8 with SMTP id ffacd0b85a97d-3864ce96ca3mr811883f8f.18.1733882520073; Tue, 10 Dec 2024 18:02:00 -0800 (PST) Received: from localhost (fwdproxy-cln-026.fbsv.net. [2a03:2880:31ff:1a::face:b00c]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-43502fef1f9sm42769615e9.1.2024.12.10.18.01.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 18:01:59 -0800 (PST) From: Kumar Kartikeya Dwivedi To: bpf@vger.kernel.org Cc: kkd@meta.com, Manu Bretelle , Alexei Starovoitov , Andrii Nakryiko , Daniel Borkmann , Martin KaFai Lau , Eduard Zingerman , Jiri Olsa , Juri Lelli , kernel-team@fb.com Subject: [PATCH bpf v1 1/4] bpf: Revert "bpf: Mark raw_tp arguments with PTR_MAYBE_NULL" Date: Tue, 10 Dec 2024 18:01:53 -0800 Message-ID: <20241211020156.18966-2-memxor@gmail.com> X-Mailer: git-send-email 2.43.5 In-Reply-To: <20241211020156.18966-1-memxor@gmail.com> References: <20241211020156.18966-1-memxor@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=12816; h=from:subject; bh=LdE3XkNzml/IkHPi9P3UDz/vgiTeMciKu83Lw4cU7lc=; b=owEBbQKS/ZANAwAIAUzgyIZIvxHKAcsmYgBnWPJWF+HD0lHWSkWb+TL3QAPRynsMVxor22WYIZKR KfHQy4mJAjMEAAEIAB0WIQRLvip+Buz51YI8YRFM4MiGSL8RygUCZ1jyVgAKCRBM4MiGSL8Ryp1sD/ 4x2P2GD7H+Bb1YWXaxfQGJLFx8v5Swt6sENzgyiF5LHsN1QIyqJxRXEsY3EQAVoFHD/Opq9hIs+uC7 c/kIRSF7JEvALJz3WnKtlVBRLB/XfFgwY3H3oK80AtJUSpdNACCjt0MubQBTPgAWQpaD6F7hHNwXsF q4loEGWEm3IoH13a1xhXhvH8NIu/W0nurcOemnzOWjv8pGpL77wBJTzahLg/nX2ptSshw8lGwQzfHb kL7aURhfqdCXgS5WWb0sJvFCQMVJ2XBy+/c9JqxkBBtYuYR89dJ02jqBVEPVWXunGEzzgA+TOk0kZZ T3yL6GzqKVb3kheGTdId1ht52VnYlCxZRPIESnjusHURZWm8ePGC9kGwwaOYuYDf24gc6jdUWPx+FV rzIO9D+QsN5QZk/NTISu4y0RhEcwEwaQBjZF4++S1tsxqgm+4f7J2T6fLNgb4ZeQdLhI38R4BK7+LV wrz43mRgd/HgY2FgI/FwcV0cHV7iZ2kUeDxyjFB1PN+SJUDmTg9kX/yVaeBYHYqjUUyfhSTGP2mQJ8 yJDhsQNo6Qpx2qSu6UKBkshBOPUU61FoixjzgObh0UCc/jv0ZVyYIlNvzUPDYXDX8fxmLivNWSjx4L I3tFZhJ6apqw0omx7hOxf1Nxc4hyLv0wG7W8uLuXwtZZ8fx9xcOR4cVPsb0g== X-Developer-Key: i=memxor@gmail.com; a=openpgp; fpr=4BBE2A7E06ECF9D5823C61114CE0C88648BF11CA X-Patchwork-Delegate: bpf@iogearbox.net This patch reverts commit cb4158ce8ec8 ("bpf: Mark raw_tp arguments with PTR_MAYBE_NULL"). The patch was well-intended and meant to be as a stop-gap fixing branch prediction when the pointer may actually be NULL at runtime. Eventually, it was supposed to be replaced by an automated script or compiler pass detecting possibly NULL arguments and marking them accordingly. However, it caused two main issues observed for production programs and failed to preserve backwards compatibility. First, programs relied on the verifier not exploring == NULL branch when pointer is not NULL, thus they started failing with a 'dereference of scalar' error. Next, allowing raw_tp arguments to be modified surfaced the warning in the verifier that warns against reg->off when PTR_MAYBE_NULL is set. More information, context, and discusson on both problems is available in [0]. Overall, this approach had several shortcomings, and was the fixes would further complicate the verifier's logic, and the entire masking scheme would have to be removed eventually anyway. Hence, revert the patch in preparation of a better fix avoiding these issues. [0]: https://lore.kernel.org/bpf/20241206161053.809580-1-memxor@gmail.com Reported-by: Manu Bretelle Fixes: cb4158ce8ec8 ("bpf: Mark raw_tp arguments with PTR_MAYBE_NULL") Signed-off-by: Kumar Kartikeya Dwivedi --- include/linux/bpf.h | 6 -- kernel/bpf/btf.c | 5 +- kernel/bpf/verifier.c | 79 ++----------------- .../bpf/progs/test_tp_btf_nullable.c | 6 +- 4 files changed, 9 insertions(+), 87 deletions(-) diff --git a/include/linux/bpf.h b/include/linux/bpf.h index 805040813f5d..6e63dd3443b9 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -3514,10 +3514,4 @@ static inline bool bpf_is_subprog(const struct bpf_prog *prog) return prog->aux->func_idx != 0; } -static inline bool bpf_prog_is_raw_tp(const struct bpf_prog *prog) -{ - return prog->type == BPF_PROG_TYPE_TRACING && - prog->expected_attach_type == BPF_TRACE_RAW_TP; -} - #endif /* _LINUX_BPF_H */ diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c index e7a59e6462a9..ed3219da7181 100644 --- a/kernel/bpf/btf.c +++ b/kernel/bpf/btf.c @@ -6588,10 +6588,7 @@ bool btf_ctx_access(int off, int size, enum bpf_access_type type, if (prog_args_trusted(prog)) info->reg_type |= PTR_TRUSTED; - /* Raw tracepoint arguments always get marked as maybe NULL */ - if (bpf_prog_is_raw_tp(prog)) - info->reg_type |= PTR_MAYBE_NULL; - else if (btf_param_match_suffix(btf, &args[arg], "__nullable")) + if (btf_param_match_suffix(btf, &args[arg], "__nullable")) info->reg_type |= PTR_MAYBE_NULL; if (tgt_prog) { diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index c2e5d0e6e3d0..aa110a01317f 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -420,25 +420,6 @@ static struct btf_record *reg_btf_record(const struct bpf_reg_state *reg) return rec; } -static bool mask_raw_tp_reg_cond(const struct bpf_verifier_env *env, struct bpf_reg_state *reg) { - return reg->type == (PTR_TO_BTF_ID | PTR_TRUSTED | PTR_MAYBE_NULL) && - bpf_prog_is_raw_tp(env->prog) && !reg->ref_obj_id; -} - -static bool mask_raw_tp_reg(const struct bpf_verifier_env *env, struct bpf_reg_state *reg) -{ - if (!mask_raw_tp_reg_cond(env, reg)) - return false; - reg->type &= ~PTR_MAYBE_NULL; - return true; -} - -static void unmask_raw_tp_reg(struct bpf_reg_state *reg, bool result) -{ - if (result) - reg->type |= PTR_MAYBE_NULL; -} - static bool subprog_is_global(const struct bpf_verifier_env *env, int subprog) { struct bpf_func_info_aux *aux = env->prog->aux->func_info_aux; @@ -6801,7 +6782,6 @@ static int check_ptr_to_btf_access(struct bpf_verifier_env *env, const char *field_name = NULL; enum bpf_type_flag flag = 0; u32 btf_id = 0; - bool mask; int ret; if (!env->allow_ptr_leaks) { @@ -6873,21 +6853,7 @@ static int check_ptr_to_btf_access(struct bpf_verifier_env *env, if (ret < 0) return ret; - /* For raw_tp progs, we allow dereference of PTR_MAYBE_NULL - * trusted PTR_TO_BTF_ID, these are the ones that are possibly - * arguments to the raw_tp. Since internal checks in for trusted - * reg in check_ptr_to_btf_access would consider PTR_MAYBE_NULL - * modifier as problematic, mask it out temporarily for the - * check. Don't apply this to pointers with ref_obj_id > 0, as - * those won't be raw_tp args. - * - * We may end up applying this relaxation to other trusted - * PTR_TO_BTF_ID with maybe null flag, since we cannot - * distinguish PTR_MAYBE_NULL tagged for arguments vs normal - * tagging, but that should expand allowed behavior, and not - * cause regression for existing behavior. - */ - mask = mask_raw_tp_reg(env, reg); + if (ret != PTR_TO_BTF_ID) { /* just mark; */ @@ -6948,13 +6914,8 @@ static int check_ptr_to_btf_access(struct bpf_verifier_env *env, clear_trusted_flags(&flag); } - if (atype == BPF_READ && value_regno >= 0) { + if (atype == BPF_READ && value_regno >= 0) mark_btf_ld_reg(env, regs, value_regno, ret, reg->btf, btf_id, flag); - /* We've assigned a new type to regno, so don't undo masking. */ - if (regno == value_regno) - mask = false; - } - unmask_raw_tp_reg(reg, mask); return 0; } @@ -7329,7 +7290,7 @@ static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regn if (!err && t == BPF_READ && value_regno >= 0) mark_reg_unknown(env, regs, value_regno); } else if (base_type(reg->type) == PTR_TO_BTF_ID && - (mask_raw_tp_reg_cond(env, reg) || !type_may_be_null(reg->type))) { + !type_may_be_null(reg->type)) { err = check_ptr_to_btf_access(env, regs, regno, off, size, t, value_regno); } else if (reg->type == CONST_PTR_TO_MAP) { @@ -9032,7 +8993,6 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 arg, enum bpf_reg_type type = reg->type; u32 *arg_btf_id = NULL; int err = 0; - bool mask; if (arg_type == ARG_DONTCARE) return 0; @@ -9073,11 +9033,11 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 arg, base_type(arg_type) == ARG_PTR_TO_SPIN_LOCK) arg_btf_id = fn->arg_btf_id[arg]; - mask = mask_raw_tp_reg(env, reg); err = check_reg_type(env, regno, arg_type, arg_btf_id, meta); + if (err) + return err; - err = err ?: check_func_arg_reg_off(env, reg, regno, arg_type); - unmask_raw_tp_reg(reg, mask); + err = check_func_arg_reg_off(env, reg, regno, arg_type); if (err) return err; @@ -9872,17 +9832,14 @@ static int btf_check_func_arg_match(struct bpf_verifier_env *env, int subprog, return ret; } else if (base_type(arg->arg_type) == ARG_PTR_TO_BTF_ID) { struct bpf_call_arg_meta meta; - bool mask; int err; if (register_is_null(reg) && type_may_be_null(arg->arg_type)) continue; memset(&meta, 0, sizeof(meta)); /* leave func_id as zero */ - mask = mask_raw_tp_reg(env, reg); err = check_reg_type(env, regno, arg->arg_type, &arg->btf_id, &meta); err = err ?: check_func_arg_reg_off(env, reg, regno, arg->arg_type); - unmask_raw_tp_reg(reg, mask); if (err) return err; } else { @@ -12205,7 +12162,6 @@ static int check_kfunc_args(struct bpf_verifier_env *env, struct bpf_kfunc_call_ enum bpf_arg_type arg_type = ARG_DONTCARE; u32 regno = i + 1, ref_id, type_size; bool is_ret_buf_sz = false; - bool mask = false; int kf_arg_type; t = btf_type_skip_modifiers(btf, args[i].type, NULL); @@ -12264,15 +12220,12 @@ static int check_kfunc_args(struct bpf_verifier_env *env, struct bpf_kfunc_call_ return -EINVAL; } - mask = mask_raw_tp_reg(env, reg); if ((is_kfunc_trusted_args(meta) || is_kfunc_rcu(meta)) && (register_is_null(reg) || type_may_be_null(reg->type)) && !is_kfunc_arg_nullable(meta->btf, &args[i])) { verbose(env, "Possibly NULL pointer passed to trusted arg%d\n", i); - unmask_raw_tp_reg(reg, mask); return -EACCES; } - unmask_raw_tp_reg(reg, mask); if (reg->ref_obj_id) { if (is_kfunc_release(meta) && meta->ref_obj_id) { @@ -12330,24 +12283,16 @@ static int check_kfunc_args(struct bpf_verifier_env *env, struct bpf_kfunc_call_ if (!is_kfunc_trusted_args(meta) && !is_kfunc_rcu(meta)) break; - /* Allow passing maybe NULL raw_tp arguments to - * kfuncs for compatibility. Don't apply this to - * arguments with ref_obj_id > 0. - */ - mask = mask_raw_tp_reg(env, reg); if (!is_trusted_reg(reg)) { if (!is_kfunc_rcu(meta)) { verbose(env, "R%d must be referenced or trusted\n", regno); - unmask_raw_tp_reg(reg, mask); return -EINVAL; } if (!is_rcu_reg(reg)) { verbose(env, "R%d must be a rcu pointer\n", regno); - unmask_raw_tp_reg(reg, mask); return -EINVAL; } } - unmask_raw_tp_reg(reg, mask); fallthrough; case KF_ARG_PTR_TO_CTX: case KF_ARG_PTR_TO_DYNPTR: @@ -12370,9 +12315,7 @@ static int check_kfunc_args(struct bpf_verifier_env *env, struct bpf_kfunc_call_ if (is_kfunc_release(meta) && reg->ref_obj_id) arg_type |= OBJ_RELEASE; - mask = mask_raw_tp_reg(env, reg); ret = check_func_arg_reg_off(env, reg, regno, arg_type); - unmask_raw_tp_reg(reg, mask); if (ret < 0) return ret; @@ -12549,7 +12492,6 @@ static int check_kfunc_args(struct bpf_verifier_env *env, struct bpf_kfunc_call_ ref_tname = btf_name_by_offset(btf, ref_t->name_off); fallthrough; case KF_ARG_PTR_TO_BTF_ID: - mask = mask_raw_tp_reg(env, reg); /* Only base_type is checked, further checks are done here */ if ((base_type(reg->type) != PTR_TO_BTF_ID || (bpf_type_has_unsafe_modifiers(reg->type) && !is_rcu_reg(reg))) && @@ -12558,11 +12500,9 @@ static int check_kfunc_args(struct bpf_verifier_env *env, struct bpf_kfunc_call_ verbose(env, "expected %s or socket\n", reg_type_str(env, base_type(reg->type) | (type_flag(reg->type) & BPF_REG_TRUSTED_MODIFIERS))); - unmask_raw_tp_reg(reg, mask); return -EINVAL; } ret = process_kf_arg_ptr_to_btf_id(env, reg, ref_t, ref_tname, ref_id, meta, i); - unmask_raw_tp_reg(reg, mask); if (ret < 0) return ret; break; @@ -13535,7 +13475,7 @@ static int sanitize_check_bounds(struct bpf_verifier_env *env, */ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env, struct bpf_insn *insn, - struct bpf_reg_state *ptr_reg, + const struct bpf_reg_state *ptr_reg, const struct bpf_reg_state *off_reg) { struct bpf_verifier_state *vstate = env->cur_state; @@ -13549,7 +13489,6 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env, struct bpf_sanitize_info info = {}; u8 opcode = BPF_OP(insn->code); u32 dst = insn->dst_reg; - bool mask; int ret; dst_reg = ®s[dst]; @@ -13576,14 +13515,11 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env, return -EACCES; } - mask = mask_raw_tp_reg(env, ptr_reg); if (ptr_reg->type & PTR_MAYBE_NULL) { verbose(env, "R%d pointer arithmetic on %s prohibited, null-check it first\n", dst, reg_type_str(env, ptr_reg->type)); - unmask_raw_tp_reg(ptr_reg, mask); return -EACCES; } - unmask_raw_tp_reg(ptr_reg, mask); switch (base_type(ptr_reg->type)) { case PTR_TO_CTX: @@ -20126,7 +20062,6 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env) * for this case. */ case PTR_TO_BTF_ID | MEM_ALLOC | PTR_UNTRUSTED: - case PTR_TO_BTF_ID | PTR_TRUSTED | PTR_MAYBE_NULL: if (type == BPF_READ) { if (BPF_MODE(insn->code) == BPF_MEM) insn->code = BPF_LDX | BPF_PROBE_MEM | diff --git a/tools/testing/selftests/bpf/progs/test_tp_btf_nullable.c b/tools/testing/selftests/bpf/progs/test_tp_btf_nullable.c index 5aaf2b065f86..bba3e37f749b 100644 --- a/tools/testing/selftests/bpf/progs/test_tp_btf_nullable.c +++ b/tools/testing/selftests/bpf/progs/test_tp_btf_nullable.c @@ -7,11 +7,7 @@ #include "bpf_misc.h" SEC("tp_btf/bpf_testmod_test_nullable_bare") -/* This used to be a failure test, but raw_tp nullable arguments can now - * directly be dereferenced, whether they have nullable annotation or not, - * and don't need to be explicitly checked. - */ -__success +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") int BPF_PROG(handle_tp_btf_nullable_bare1, struct bpf_testmod_test_read_ctx *nullable_ctx) { return nullable_ctx->len; From patchwork Wed Dec 11 02:01:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kumar Kartikeya Dwivedi X-Patchwork-Id: 13902741 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-wm1-f68.google.com (mail-wm1-f68.google.com [209.85.128.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EC0F6F4FA for ; Wed, 11 Dec 2024 02:02:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.68 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733882525; cv=none; b=aWIAGCHHSdsgHVScrj/VuQM1SWKr9/eSJt+AGj25LTw+ovDSCQNP7srycSuaTLh3zpGCEaXkzj882USafXMucJGC6CtyUehMkaG9iEOggREsf7od/tGgPiU8+cczT45EQP6aK9UgsV6yDiLYeyZcpd/XdB0okTkWydntbPmVfPg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733882525; c=relaxed/simple; bh=NLH/seX4Uu655knSV9b6cxL2RBQiVdUH64rmV8wUEEo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=FnW59wuD8xrChUPEU4FTyGbMOwloxb0W9UtXkYRDNxg2faKctgwi+IflRKwPYBR40/PaPqb9nVjU2645onFEGhdA40xYmDf4IMllv6zoUxemPwz0Zdr8U1RbslJVDWhg0uD0gANLLCEnymVZ1ATtWxcvMrLclZQNNGY4ytpk6QQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=AgI2jFXG; arc=none smtp.client-ip=209.85.128.68 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="AgI2jFXG" Received: by mail-wm1-f68.google.com with SMTP id 5b1f17b1804b1-434fef8203fso14794965e9.1 for ; Tue, 10 Dec 2024 18:02:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733882522; x=1734487322; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=z2EwSvCCaH/O3vpGExBjN+nGvLED19Y3oy1nPo+Iafo=; b=AgI2jFXGEvmi/w3x1NRCJf79I5uTBH46WMVMv8g7NivMwS7hi7qqeTW0pa4R1iMr4S h3W6ew3g9sxkDeU3GIe2wGIiwXLsseE83TCUbrgd/uUmqClgrUCapLAsdimEMmmsCoYe 9S+wzk6QoQ/1I7ETfrYrLsVFOM4D1XktI4SgUkRd3aqoTvJFhX893Z6k7uTlqkO2AChv JmvxAoJeGYv/LTQzqn4GPLs8Bxc3gd/A9fycPfPeqiVSG6YezM22lb5s77j/SThIiiQi ZqlwfUsDyCL+Xuk0g2II8RTMLkOjsmOGqinziHeO+GJYdrxzLyrhqOdgPCAQ1SpCQbeX BlcQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733882522; x=1734487322; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=z2EwSvCCaH/O3vpGExBjN+nGvLED19Y3oy1nPo+Iafo=; b=dmQq1yrIOwxMeq14aAVBjbaeZIQRxsQBhArSSGfasLJRj+a+x6u7VAfXrmMI9ZTo6C rPe3A9cewVvmdRv9WQIROfvkHc7Y7TBBZBL7Kej4nl4h9ZT7+wzT16Vrw5K+A52Kk6ls JQnyISP4v8DCDxGpZk139+k2Puh4p3XTlKVSsHW82XUozIA542aUjwj1rNJIFlZPxZ5Q DrElNeE/MmqoZCSyKoF0KuZlniwryIt2dHfCNgBKhDr6nQoZX3iqAfBur2oYpXGUY81i geSMVwnYZ57Ny3gNSaoEYTEik0UnQZyNH+MN8BI2lNC9iqcEFTa8rYihxtpQjQcZLVEs WkYw== X-Gm-Message-State: AOJu0YzLWBydKpw3B5ONYj+1Hf8CZsELUd0e/dVFmCDEM2zZKA/WsEaR ed2euVRX2OnQ+Y0rDxoJiLX9mX3QDCvPh+FwsA9sSZVYb3P2Hlwi4APxo8fmNYQ= X-Gm-Gg: ASbGncuWkUkl3iKZ50Fu24DHjl+sfcLZikBHj8Zj+L4/X9/gsLKunp6C9GLj7CjspPA irA18Qm/0TzXdc9/kKUx2G0bSjscpRbs/7YZoy0VvcueJ3SGQuhT7DOp4+E/ecs6U2EjMmvYDK5 Q7RMHAwjDna8IEGyO4hYcgIFd+6W7ALwn1o1jCJsFywqAsUBaUKnjrxYTUFMwgk1JCDpolCMEvN 5G/w4AVKlX2g2lBCqSpVgiji/Rp9+9ZPpRhEkPUAkbCHjsBxN4a1IjgK5ZW4Ncnef2UNoan1241 SViEwQ== X-Google-Smtp-Source: AGHT+IGBn9iLOCPuVaM47LkwtOoZq3McPe85FScv40LO1Ru2oye+aY9p1KXjcfqpKBx9tGIghkQeSQ== X-Received: by 2002:a05:600c:4f11:b0:430:563a:b20a with SMTP id 5b1f17b1804b1-4361c3aa6demr5745605e9.11.1733882521785; Tue, 10 Dec 2024 18:02:01 -0800 (PST) Received: from localhost (fwdproxy-cln-023.fbsv.net. [2a03:2880:31ff:17::face:b00c]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-434e83f3958sm143853705e9.25.2024.12.10.18.02.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 18:02:00 -0800 (PST) From: Kumar Kartikeya Dwivedi To: bpf@vger.kernel.org Cc: kkd@meta.com, Alexei Starovoitov , Andrii Nakryiko , Daniel Borkmann , Martin KaFai Lau , Eduard Zingerman , Manu Bretelle , Jiri Olsa , Juri Lelli , kernel-team@fb.com Subject: [PATCH bpf v1 2/4] selftests/bpf: Revert "selftests/bpf: Add tests for raw_tp null handling" Date: Tue, 10 Dec 2024 18:01:54 -0800 Message-ID: <20241211020156.18966-3-memxor@gmail.com> X-Mailer: git-send-email 2.43.5 In-Reply-To: <20241211020156.18966-1-memxor@gmail.com> References: <20241211020156.18966-1-memxor@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=4115; h=from:subject; bh=NLH/seX4Uu655knSV9b6cxL2RBQiVdUH64rmV8wUEEo=; b=owEBbQKS/ZANAwAIAUzgyIZIvxHKAcsmYgBnWPJW0tpK4fkMor83OChmugBWFIqYWbdpX439wXy+ mkBUEr2JAjMEAAEIAB0WIQRLvip+Buz51YI8YRFM4MiGSL8RygUCZ1jyVgAKCRBM4MiGSL8RykmyD/ 9+jntpVfHIvW/g1tTzoVuNiNx2dkkcfNluo/W8WeUXSsmzFGO5uIhG+sBC9Jzv/CUBOwXbfq6rHIes TxJ5otjZ7QR7oTjASOgYzhdxecPS70AJ/ZtPloeWSrz6g7lEXZQCwftAQ887SQJAT5MdaGjrcEIPhO WP1uGtMkelZ6Q/aJx+2UYoSe/RUPC7mf6ewHfnxCejwhPkkvpWBJsKsiCOrcfW0wDcaAwvstepNXYi IpI8cm7cCUnXIX/nYisL0n7Jd2cCAehkxvUZQZdpPb/FyDoushITfTqH/VW0VcVhj4fcL9wY3cRRrI l2LLI9uUKAfpn1k2bFpUrslut5o3taI9mFEkXHWLKv0X+VMZN6nBSzB4qiXYQaIv/Pf1WvGyAgPoAz L2uiItGJYIInB+3yUIlx0byFtv37ak4vkzocUJcz2Bj2bUe8Wg9Wv03JFZ8bzbbCI/QaMipFrLzd0a hzIQKtU3rksanUWjxPjMVDiQMnZEXGfMeDZbLLk5iQ1Q7j3xhKna9yX+80Y1kHJs/AYWZa9tah3InO tK/We8NjQrvSBctf7C2WvYwoTr5WhPscwLfWv2JeM+tVUNA4vzSjmug+lQKX+REAcQbMS14dacuCww 0ePgYKoHzJxJQtD8XbdogCjuiyx4qWq3Nuw9385dXZWzbXR5bNYxcYk4zhnA== X-Developer-Key: i=memxor@gmail.com; a=openpgp; fpr=4BBE2A7E06ECF9D5823C61114CE0C88648BF11CA X-Patchwork-Delegate: bpf@iogearbox.net This patch reverts commit d798ce3f4cab ("selftests/bpf: Add tests for raw_tp null handling") since it's parent commit cb4158ce8ec8 ("bpf: Mark raw_tp arguments with PTR_MAYBE_NULL") is also being reverted. Fixes: d798ce3f4cab ("selftests/bpf: Add tests for raw_tp null handling") Signed-off-by: Kumar Kartikeya Dwivedi --- .../bpf/bpf_testmod/bpf_testmod-events.h | 8 ----- .../selftests/bpf/bpf_testmod/bpf_testmod.c | 2 -- .../selftests/bpf/prog_tests/raw_tp_null.c | 25 --------------- .../testing/selftests/bpf/progs/raw_tp_null.c | 32 ------------------- 4 files changed, 67 deletions(-) delete mode 100644 tools/testing/selftests/bpf/prog_tests/raw_tp_null.c delete mode 100644 tools/testing/selftests/bpf/progs/raw_tp_null.c diff --git a/tools/testing/selftests/bpf/bpf_testmod/bpf_testmod-events.h b/tools/testing/selftests/bpf/bpf_testmod/bpf_testmod-events.h index aeef86b3da74..6c3b4d4f173a 100644 --- a/tools/testing/selftests/bpf/bpf_testmod/bpf_testmod-events.h +++ b/tools/testing/selftests/bpf/bpf_testmod/bpf_testmod-events.h @@ -40,14 +40,6 @@ DECLARE_TRACE(bpf_testmod_test_nullable_bare, TP_ARGS(ctx__nullable) ); -struct sk_buff; - -DECLARE_TRACE(bpf_testmod_test_raw_tp_null, - TP_PROTO(struct sk_buff *skb), - TP_ARGS(skb) -); - - #undef BPF_TESTMOD_DECLARE_TRACE #ifdef DECLARE_TRACE_WRITABLE #define BPF_TESTMOD_DECLARE_TRACE(call, proto, args, size) \ diff --git a/tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.c b/tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.c index cc9dde507aba..c64dd001a4ed 100644 --- a/tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.c +++ b/tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.c @@ -413,8 +413,6 @@ bpf_testmod_test_read(struct file *file, struct kobject *kobj, (void)bpf_testmod_test_arg_ptr_to_struct(&struct_arg1_2); - (void)trace_bpf_testmod_test_raw_tp_null(NULL); - bpf_testmod_test_struct_ops3(); struct_arg3 = kmalloc((sizeof(struct bpf_testmod_struct_arg_3) + diff --git a/tools/testing/selftests/bpf/prog_tests/raw_tp_null.c b/tools/testing/selftests/bpf/prog_tests/raw_tp_null.c deleted file mode 100644 index 6fa19449297e..000000000000 --- a/tools/testing/selftests/bpf/prog_tests/raw_tp_null.c +++ /dev/null @@ -1,25 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0 -/* Copyright (c) 2024 Meta Platforms, Inc. and affiliates. */ - -#include -#include "raw_tp_null.skel.h" - -void test_raw_tp_null(void) -{ - struct raw_tp_null *skel; - - skel = raw_tp_null__open_and_load(); - if (!ASSERT_OK_PTR(skel, "raw_tp_null__open_and_load")) - return; - - skel->bss->tid = sys_gettid(); - - if (!ASSERT_OK(raw_tp_null__attach(skel), "raw_tp_null__attach")) - goto end; - - ASSERT_OK(trigger_module_test_read(2), "trigger testmod read"); - ASSERT_EQ(skel->bss->i, 3, "invocations"); - -end: - raw_tp_null__destroy(skel); -} diff --git a/tools/testing/selftests/bpf/progs/raw_tp_null.c b/tools/testing/selftests/bpf/progs/raw_tp_null.c deleted file mode 100644 index 457f34c151e3..000000000000 --- a/tools/testing/selftests/bpf/progs/raw_tp_null.c +++ /dev/null @@ -1,32 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0 -/* Copyright (c) 2024 Meta Platforms, Inc. and affiliates. */ - -#include -#include - -char _license[] SEC("license") = "GPL"; - -int tid; -int i; - -SEC("tp_btf/bpf_testmod_test_raw_tp_null") -int BPF_PROG(test_raw_tp_null, struct sk_buff *skb) -{ - struct task_struct *task = bpf_get_current_task_btf(); - - if (task->pid != tid) - return 0; - - i = i + skb->mark + 1; - /* The compiler may move the NULL check before this deref, which causes - * the load to fail as deref of scalar. Prevent that by using a barrier. - */ - barrier(); - /* If dead code elimination kicks in, the increment below will - * be removed. For raw_tp programs, we mark input arguments as - * PTR_MAYBE_NULL, so branch prediction should never kick in. - */ - if (!skb) - i += 2; - return 0; -} From patchwork Wed Dec 11 02:01:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kumar Kartikeya Dwivedi X-Patchwork-Id: 13902742 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-wr1-f65.google.com (mail-wr1-f65.google.com [209.85.221.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D1A1A1FBCA4 for ; Wed, 11 Dec 2024 02:02:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.65 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733882527; cv=none; b=NDlwlX7I5cs3ARDyFHij3DIGVGcizJjsUKwjiXVakw878Ndx4Mkt7pK338rKqH35wOqYt9InpmERfe8fW/8+wA8ywpwXmvw6zDBTmc69QbHkd7OzFxQWYcjS458uJ3bcGumyw4ygtqTDPqaQZQWfkKFp+rPdaddOX7fgWT7pAKA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733882527; c=relaxed/simple; bh=QRNnBe3DRd4mK9fBBEY/1g9TO5PmLWWJcES8ftyNn/4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=rXFUpxf048V0zMofEsIwJKmNeWXvFwBDWNlCN24KeYKuOrh3BSb34NEtNWolFCnDM5Ems5Q6SRVwt6aXyZ5DJlenn3p+P8W8dZs+wzYeqAkGls/87Pd9cj4P9U1LNtZWqJUK/Q2nTMdn+rV+wqzEMySAk902E7zQzp7pS60su3s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=TYuxUW1d; arc=none smtp.client-ip=209.85.221.65 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="TYuxUW1d" Received: by mail-wr1-f65.google.com with SMTP id ffacd0b85a97d-385d7b4da2bso5065105f8f.1 for ; Tue, 10 Dec 2024 18:02:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733882524; x=1734487324; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=fMMFdKgeypfW24bc7+p1TtTRLYBv8lSMIhiHTmx5e1k=; b=TYuxUW1dWE13NqgVVqyNQaApfGiBy+9VVOGJsbujVfwZks0YKLz53d1l6zJ1xqAvwl KMpaKfUmprBgkW9B8hFXYaAJOTyY5SmUftPfM5I//sPGA7AdgtArbdoVUpU+ZdrR2dNE JKsqN2bNHFqxV6fgOVPtQGt73YPYpazboFIbDaDzmqJGeAvSW/JB40utU4Hbh4e/9dzn JR0th/VAW6djrwJKunbX9ZU+oAxYW7Z6H0zaocmPaStqq2xncoEf34zsna4VpTpt717K bazF5SdaYFD/B/YzexQ8jLqO9nKpvhg6coswegc8qz39VAqT/cjFo4dLy66j6ZehEuxJ MJuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733882524; x=1734487324; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fMMFdKgeypfW24bc7+p1TtTRLYBv8lSMIhiHTmx5e1k=; b=Rkv0tiPzftzRLndRxLe5bulp8xE8nKyKwJO8bMcVqzeuluePo3NC8nVcscyhokt6cV /xi811PZndO6NdjL12wCv56rEXpeQjuSaRN39xDJIaGdym9tZS5HzJovnokTgxkq2aUc re4Kgqe6xeuRYBWt/3ysyk6uMgrJVcQpPFlmdraSkNaziTPQO78d7ZWloxBqYof4+qZG 5VMjJQ5xTg6AsuwvquU6aOBNjgfcuQvhJaj4+Hrr/ZoUuvTaGGOhl8c916G0TaISnPDK P43fV1tuR1Ul5IFx3XrP1hBSfhdIFjTKzBgDMamdTcYVWXSJkj3i26LjscpU2ZeeUqbB 1ppg== X-Gm-Message-State: AOJu0YxfzBFwmhsxtMAeU4Tl05isQj+/73ZB10gJX9qSgkzOuI/4kQCF BiZ5OA+xqsAUtmxalhkRk7yKre8mh9E8aSEhS39/DMMdkmeCLLLUdd8EMnoVCyE= X-Gm-Gg: ASbGncv7vJ7pbnvFAkauQAcg8SGAIl2mWgNbvA/S1wg7zjQG0ROSSQXzIzw7kAm9kXe Tb0kgoRV1DIObheSIyGppvlYdtM2E5Ywu0OBjwbKnXllVjSI3FO1jpL5r4efMR/lnRoC312UkEU gcW+Vn+/Z5v8L67WHASh1JaBaEW0cvc/v1NQQVhTDcxqrWkGjhEwVg0HZaCKht4iasog8+iyefG W4Co0e84bzSn7Xz6yq4FAFWS9isUqwKLg4Hu47IELyeeFMN7UwbCBx8K5YMtgz7q22aAKBlDBu3 jm+prA== X-Google-Smtp-Source: AGHT+IEcuwZa2XbyLZQ0/3hRqshVjhQGzDNY1L1JTASLIOINuHrwta5PyZsU3kZJHwOdstq76s8BGw== X-Received: by 2002:a05:6000:1562:b0:385:df59:1158 with SMTP id ffacd0b85a97d-3864ced37cbmr874795f8f.53.1733882523492; Tue, 10 Dec 2024 18:02:03 -0800 (PST) Received: from localhost (fwdproxy-cln-034.fbsv.net. [2a03:2880:31ff:22::face:b00c]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-387824c2c9dsm89188f8f.54.2024.12.10.18.02.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 18:02:02 -0800 (PST) From: Kumar Kartikeya Dwivedi To: bpf@vger.kernel.org Cc: kkd@meta.com, Juri Lelli , Manu Bretelle , Jiri Olsa , Alexei Starovoitov , Andrii Nakryiko , Daniel Borkmann , Martin KaFai Lau , Eduard Zingerman , kernel-team@fb.com Subject: [PATCH bpf v1 3/4] bpf: Augment raw_tp arguments with PTR_MAYBE_NULL Date: Tue, 10 Dec 2024 18:01:55 -0800 Message-ID: <20241211020156.18966-4-memxor@gmail.com> X-Mailer: git-send-email 2.43.5 In-Reply-To: <20241211020156.18966-1-memxor@gmail.com> References: <20241211020156.18966-1-memxor@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=9044; h=from:subject; bh=QRNnBe3DRd4mK9fBBEY/1g9TO5PmLWWJcES8ftyNn/4=; b=owEBbQKS/ZANAwAIAUzgyIZIvxHKAcsmYgBnWPJWDc4pNbCrth2AiUGP+vGHgxCo6A6qs9Ve8AZk hXNDPIGJAjMEAAEIAB0WIQRLvip+Buz51YI8YRFM4MiGSL8RygUCZ1jyVgAKCRBM4MiGSL8RygPQD/ 9k9rxcH4pfqCIJJyNeUtLpnzCuJOHZjH0IgtALFo68FD8+Rn6N1b9oXajsHfAoVptZyrWh2PCM8P8c PCl785j/rHAikhay1cK6Q4cPE6nxTAH76NI6IheSPIxP2sFm4eSICMVbMCLDh2FR4COIUjgGr55Qlp VuvJnrGJGWTdxMprwY1z7Tba64j/n2oyfHFImlgOtDJGohwa0QaebEN4oO0vhKfimFBEL5lmBHioSr n1WmcBcaNbxE+P4QcUKu44JMGH9vqQBYHlQPdfhfFuujvK9HCwS+JYw1/jUsIypGI4RhLLvcfwYO7f ieoayLj2o/+667IZxz9TTYFg4DikSAA6LNR4UHFypMNZFuV37P6xlpN1hyuqrtd9OLfGGDR1+hSxjq pMniddDvzVxArtyzdyrGtPN0ZoeYzrxXPWXLWJxDGRRVe8PuDHNo3qEIg7m7HzjZ6zLIK3iQnRXWBE pfchsAiGxcHmYqxoioWPmqdS/z2429vweTPI8VrKG2zj+O1N7neha05HW0ZVxo8mHRI2CcEk3wFjk2 NvCBr5eAj6TslqpPb41Eo5mbtdUnFGCw69xxO5alc+yIgBxm7NReVOZpyaHxfwFOcBoaAk+6s1Z/va PPqaOdDsnJcbjyGAXLyWTa6CRNFnO01ylHjWaernjWQAevhp+hNELp3Wcdig== X-Developer-Key: i=memxor@gmail.com; a=openpgp; fpr=4BBE2A7E06ECF9D5823C61114CE0C88648BF11CA X-Patchwork-Delegate: bpf@iogearbox.net Arguments to a raw tracepoint are tagged as trusted, which carries the semantics that the pointer will be non-NULL. However, in certain cases, a raw tracepoint argument may end up being NULL. More context about this issue is available in [0]. Thus, there is a discrepancy between the reality, that raw_tp arguments can actually be NULL, and the verifier's knowledge, that they are never NULL, causing explicit NULL checks to be deleted, and accesses to such pointers potentially crashing the kernel. A previous attempt [1], i.e. the second fixed commit, was made to simulate symbolic execution as if in most accesses, the argument is a non-NULL raw_tp, except for conditional jumps. This tried to suppress branch prediction while preserving compatibility, but surfaced issues with production programs that were difficult to solve without increasing verifier complexity. A more complete discussion of issues and fixes is available at [2]. Fix this by maintaining an explicit, incomplete list of tracepoints where the arguments are known to be NULL, and mark the positional arguments as PTR_MAYBE_NULL. Additionally, capture the tracepoints where arguments are known to be PTR_ERR, and mark these arguments as scalar values to prevent potential dereference. In the future, an automated pass will be used to produce such a list, or insert __nullable annotations automatically for tracepoints. Anyhow, this is an attempt to close the gap until the automation lands, and reflets the current best known list according to Jiri's analysis in [3]. [0]: https://lore.kernel.org/bpf/ZrCZS6nisraEqehw@jlelli-thinkpadt14gen4.remote.csb [1]: https://lore.kernel.org/all/20241104171959.2938862-1-memxor@gmail.com [2]: https://lore.kernel.org/bpf/20241206161053.809580-1-memxor@gmail.com [3]: https://lore.kernel.org/bpf/Z1d-qbCdtJqg6Er4@krava Reported-by: Juri Lelli # original bug Reported-by: Manu Bretelle # bugs in masking fix Fixes: 3f00c5239344 ("bpf: Allow trusted pointers to be passed to KF_TRUSTED_ARGS kfuncs") Fixes: cb4158ce8ec8 ("bpf: Mark raw_tp arguments with PTR_MAYBE_NULL") Co-developed-by: Jiri Olsa Signed-off-by: Jiri Olsa Signed-off-by: Kumar Kartikeya Dwivedi --- kernel/bpf/btf.c | 129 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 129 insertions(+) diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c index ed3219da7181..cb72cbf04d12 100644 --- a/kernel/bpf/btf.c +++ b/kernel/bpf/btf.c @@ -6439,6 +6439,96 @@ int btf_ctx_arg_offset(const struct btf *btf, const struct btf_type *func_proto, return off; } +struct bpf_raw_tp_null_args { + const char *func; + u64 mask; +}; + +#define RAW_TP_NULL_ARGS(str, arg) { .func = "btf_trace_" #str, .mask = (arg) } +/* Use 1-based indexing for argno */ +#define NULL_ARG(argno) (1 << (argno)) + +struct bpf_raw_tp_null_args raw_tp_null_args[] = { + /* sched */ + RAW_TP_NULL_ARGS(sched_pi_setprio, NULL_ARG(2)), + /* ... from sched_numa_pair_template event class */ + RAW_TP_NULL_ARGS(sched_stick_numa, NULL_ARG(3)), + RAW_TP_NULL_ARGS(sched_swap_numa, NULL_ARG(3)), + /* afs */ + RAW_TP_NULL_ARGS(afs_make_fs_call, NULL_ARG(2)), + RAW_TP_NULL_ARGS(afs_make_fs_calli, NULL_ARG(2)), + RAW_TP_NULL_ARGS(afs_make_fs_call1, NULL_ARG(2)), + RAW_TP_NULL_ARGS(afs_make_fs_call2, NULL_ARG(2)), + RAW_TP_NULL_ARGS(afs_protocol_error, NULL_ARG(1)), + RAW_TP_NULL_ARGS(afs_flock_ev, NULL_ARG(2)), + /* cachefiles */ + RAW_TP_NULL_ARGS(cachefiles_lookup, NULL_ARG(1)), + RAW_TP_NULL_ARGS(cachefiles_unlink, NULL_ARG(1)), + RAW_TP_NULL_ARGS(cachefiles_rename, NULL_ARG(1)), + RAW_TP_NULL_ARGS(cachefiles_prep_read, NULL_ARG(1)), + RAW_TP_NULL_ARGS(cachefiles_mark_active, NULL_ARG(1)), + RAW_TP_NULL_ARGS(cachefiles_mark_failed, NULL_ARG(1)), + RAW_TP_NULL_ARGS(cachefiles_mark_inactive, NULL_ARG(1)), + RAW_TP_NULL_ARGS(cachefiles_vfs_error, NULL_ARG(1)), + RAW_TP_NULL_ARGS(cachefiles_io_error, NULL_ARG(1)), + RAW_TP_NULL_ARGS(cachefiles_ondemand_open, NULL_ARG(1)), + RAW_TP_NULL_ARGS(cachefiles_ondemand_copen, NULL_ARG(1)), + RAW_TP_NULL_ARGS(cachefiles_ondemand_close, NULL_ARG(1)), + RAW_TP_NULL_ARGS(cachefiles_ondemand_read, NULL_ARG(1)), + RAW_TP_NULL_ARGS(cachefiles_ondemand_cread, NULL_ARG(1)), + RAW_TP_NULL_ARGS(cachefiles_ondemand_fd_write, NULL_ARG(1)), + RAW_TP_NULL_ARGS(cachefiles_ondemand_fd_release, NULL_ARG(1)), + /* ext4, from ext4__mballoc event class */ + RAW_TP_NULL_ARGS(ext4_mballoc_discard, NULL_ARG(2)), + RAW_TP_NULL_ARGS(ext4_mballoc_free, NULL_ARG(2)), + /* fib */ + RAW_TP_NULL_ARGS(fib_table_lookup, NULL_ARG(3)), + /* filelock */ + /* ... from filelock_lock event class */ + RAW_TP_NULL_ARGS(posix_lock_inode, NULL_ARG(2)), + RAW_TP_NULL_ARGS(fcntl_setlk, NULL_ARG(2)), + RAW_TP_NULL_ARGS(locks_remove_posix, NULL_ARG(2)), + RAW_TP_NULL_ARGS(flock_lock_inode, NULL_ARG(2)), + /* ... from filelock_lease event class */ + RAW_TP_NULL_ARGS(break_lease_noblock, NULL_ARG(2)), + RAW_TP_NULL_ARGS(break_lease_block, NULL_ARG(2)), + RAW_TP_NULL_ARGS(break_lease_unblock, NULL_ARG(2)), + RAW_TP_NULL_ARGS(generic_delete_lease, NULL_ARG(2)), + RAW_TP_NULL_ARGS(time_out_leases, NULL_ARG(2)), + /* host1x */ + RAW_TP_NULL_ARGS(host1x_cdma_push_gather, NULL_ARG(5)), + /* huge_memory */ + RAW_TP_NULL_ARGS(mm_khugepaged_scan_pmd, NULL_ARG(2)), + RAW_TP_NULL_ARGS(mm_collapse_huge_page_isolate, NULL_ARG(1)), + RAW_TP_NULL_ARGS(mm_khugepaged_scan_file, NULL_ARG(2)), + RAW_TP_NULL_ARGS(mm_khugepaged_collapse_file, NULL_ARG(2)), + /* kmem */ + RAW_TP_NULL_ARGS(mm_page_alloc, NULL_ARG(1)), + RAW_TP_NULL_ARGS(mm_page_pcpu_drain, NULL_ARG(1)), + /* .. from mm_page event class */ + RAW_TP_NULL_ARGS(mm_page_alloc_zone_locked, NULL_ARG(1)), + /* netfs */ + RAW_TP_NULL_ARGS(netfs_failure, NULL_ARG(2)), + /* power */ + RAW_TP_NULL_ARGS(device_pm_callback_start, NULL_ARG(2)), + /* qdisc */ + RAW_TP_NULL_ARGS(qdisc_dequeue, NULL_ARG(4)), + /* rxrpc */ + RAW_TP_NULL_ARGS(rxrpc_recvdata, NULL_ARG(1)), + RAW_TP_NULL_ARGS(rxrpc_resend, NULL_ARG(2)), + /* sunrpc */ + RAW_TP_NULL_ARGS(xs_stream_read_data, NULL_ARG(1)), + /* tcp */ + RAW_TP_NULL_ARGS(tcp_send_reset, NULL_ARG(1) | NULL_ARG(2)), + /* tegra_apb_dma */ + RAW_TP_NULL_ARGS(tegra_dma_tx_status, NULL_ARG(3)), + /* timer_migration */ + RAW_TP_NULL_ARGS(tmigr_update_events, NULL_ARG(1)), + /* writeback, from writeback_folio_template event class */ + RAW_TP_NULL_ARGS(writeback_dirty_folio, NULL_ARG(2)), + RAW_TP_NULL_ARGS(folio_wait_writeback, NULL_ARG(2)), +}; + bool btf_ctx_access(int off, int size, enum bpf_access_type type, const struct bpf_prog *prog, struct bpf_insn_access_aux *info) @@ -6449,6 +6539,7 @@ bool btf_ctx_access(int off, int size, enum bpf_access_type type, const char *tname = prog->aux->attach_func_name; struct bpf_verifier_log *log = info->log; const struct btf_param *args; + bool ptr_err_raw_tp = false; const char *tag_value; u32 nr_args, arg; int i, ret; @@ -6591,6 +6682,36 @@ bool btf_ctx_access(int off, int size, enum bpf_access_type type, if (btf_param_match_suffix(btf, &args[arg], "__nullable")) info->reg_type |= PTR_MAYBE_NULL; + if (prog->expected_attach_type == BPF_TRACE_RAW_TP) { + struct btf *btf = prog->aux->attach_btf; + const struct btf_type *t; + const char *tname; + + t = btf_type_by_id(btf, prog->aux->attach_btf_id); + if (!t) + goto done; + tname = btf_name_by_offset(btf, t->name_off); + if (!tname) + goto done; + for (int i = 0; i < ARRAY_SIZE(raw_tp_null_args); i++) { + /* Is this a func with potential NULL args? */ + if (strcmp(tname, raw_tp_null_args[i].func)) + continue; + /* Is the current arg NULL? */ + if (raw_tp_null_args[i].mask & NULL_ARG(arg + 1)) + info->reg_type |= PTR_MAYBE_NULL; + break; + } + /* Hardcode the only cases which has a IS_ERR pointer, i.e. + * mr_integ_alloc's 4th argument (mr), and + * cachefiles_lookup's 3rd argument (de). + */ + if (!strcmp(tname, "btf_trace_mr_integ_alloc") && (arg + 1) == 4) + ptr_err_raw_tp = true; + if (!strcmp(tname, "btf_trace_cachefiles_lookup") && (arg + 1) == 3) + ptr_err_raw_tp = true; + } +done: if (tgt_prog) { enum bpf_prog_type tgt_type; @@ -6635,6 +6756,14 @@ bool btf_ctx_access(int off, int size, enum bpf_access_type type, bpf_log(log, "func '%s' arg%d has btf_id %d type %s '%s'\n", tname, arg, info->btf_id, btf_type_str(t), __btf_name_by_offset(btf, t->name_off)); + + /* Perform all checks on the validity of type for this argument, but if + * we know it can be IS_ERR at runtime, scrub pointer type and mark as + * scalar. We do not handle is_retval case as we hardcode ptr_err_raw_tp + * handling for known tps. + */ + if (ptr_err_raw_tp) + info->reg_type = SCALAR_VALUE; return true; } EXPORT_SYMBOL_GPL(btf_ctx_access); From patchwork Wed Dec 11 02:01:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kumar Kartikeya Dwivedi X-Patchwork-Id: 13902743 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-wr1-f66.google.com (mail-wr1-f66.google.com [209.85.221.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 712DDF4FA for ; Wed, 11 Dec 2024 02:02:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.66 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733882529; cv=none; b=tYRiUE2wlJ4bht4ZTJHsK6BUfg8tnePmRJH6WoMKcJ/1z6p0ZIl8w2tfGdixtAANFxyYgSYD9SvoDqJgeGOFHUWnPm9k+IKC9AtxsVYhZdr6Kp4xeLkcxCCIrl2OTUt1oWrdY/w02MdvKpUTLCln4hZfTTf/f7NjdCrFxegTXfM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1733882529; c=relaxed/simple; bh=owfMrzeTFEKt3Jw317Z+wSPwG3T5xhYc2c/t7VU/3ks=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=UbThMNZO5fLEvS/4chiCBVIol0Q0PNlleVH1AFMYXaeGmTHb4KlEAxcI0fUxrX9Wi6h6ABAE9WYzRvml6jHjY4OR8qwl8Qvu1ztFQmIvyf7W0enTwnqLti2AWx7zhlVCj39+c/zOfdrpew5ciZZiQS+RyRdD5Ctat3OUlcqR6uc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=iEa1+Wqm; arc=none smtp.client-ip=209.85.221.66 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="iEa1+Wqm" Received: by mail-wr1-f66.google.com with SMTP id ffacd0b85a97d-3863703258fso101049f8f.1 for ; Tue, 10 Dec 2024 18:02:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733882525; x=1734487325; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=igFABNjSKbV8j0wfEZN3yEanAzd04M5NQMR79pHoVEc=; b=iEa1+Wqmb/sMrqWkvw0eBU94wHmw2I1ZczAmh7oQooIDE54kSzlO2JVDl0QHa9gKLw +nFV2jr0clytjo1pUg2wrlrZcfBcZmJd9b4RtAJCSBCcOPSqYMj4+HLUww3wEMFtENqI ZASOl7qELqlT9160RRrAU8mYP54U2vyxX/EJuqihQ02VL6cq2CgYxyTQ/KyPaxALz/5G 5bSKbKDIvf54L7MCTUwKMHKc/R1xYQTXtHBf3hq1/0eJIWnSxJqut3DraiQMsZU8tSVV JRYVs9O7gKZ5Et6ETvBhw+F0MRA2RgN2P+5UvMRGGNwFn0trHU9xCEmTSRQ8rJQ872v0 uvaw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733882525; x=1734487325; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=igFABNjSKbV8j0wfEZN3yEanAzd04M5NQMR79pHoVEc=; b=fl2Uf6C9ZcAzOtfVmfbLGtDczFPt79o3PJFCa0B15Lo3aA2U4eS7ieFbFgcdQSFjRI oAPuw7KAHMLG/aWhZ7iCwo4SUPoQ5fC+4x6b5fQSKOaQwoeIeHFsN3jaJYxNcMGHGEWU xVNiVbmr1vcFUJjOcSMH8+XJtqgSC1H8sdc1cwJV5Nc8exjFjCOV6wB/Y4wmGsJPqpaT i0/IXfuJV0g+66INpZuOJmtA2IG2F2USFGXIADtJ2y8r/zDgCvRHCe34I6/TdalyWwpm 9bs+ENdkwLvpIkt3us7dO6vMzBzl9qAmhXTysFWJGlFbaeLZVucaf9xG3WnrsnPR22/X fUkA== X-Gm-Message-State: AOJu0Yxb8VvWp49bhlL2uaonpRWo7HIM3g7e5u9q+BlC+oEkoboMuuyc URlI5J2dOZP7HFw8Xkp8nC1oqoYTN6ENthXwbQN1nqx6mjA0OOM5o2QIAYi0FHg= X-Gm-Gg: ASbGncsHdLrjxqYfMZtlDqDgwlqpCMOEp9OBOshMWUxoZEFGAQdmIe64rlMPd9X3z3v OXqs0NKuL8uPr2J3WQq1VKSy4Z07UUQI12XHFaigixopr/w6Q5V1NrHrPE3s3CY5vEOJES6btI4 7TBNcYlJa2a3VnokdIEBUIbBs/PHfjJJfxpfSohafvWIuR3DwvBWHR8UDwTvD5NriWs3TaDr042 q/cNQS+paa2B9e5Oh/8tVt6yhScPAwOEf92Jx4mT2Giff9wnNSHfYJSe2jnh36MoGiO+OaquuNZ 3fyW X-Google-Smtp-Source: AGHT+IEyyT7YP6Zkef+sqlHkR/RejjNLQRYug0brZuEscxrvSP+8KpLlpaJWXhBTzYucg87ZVTTE0g== X-Received: by 2002:a05:6000:1788:b0:385:f349:ffe5 with SMTP id ffacd0b85a97d-3864df17281mr485966f8f.29.1733882525329; Tue, 10 Dec 2024 18:02:05 -0800 (PST) Received: from localhost (fwdproxy-cln-006.fbsv.net. [2a03:2880:31ff:6::face:b00c]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3878251dc77sm74740f8f.100.2024.12.10.18.02.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 18:02:04 -0800 (PST) From: Kumar Kartikeya Dwivedi To: bpf@vger.kernel.org Cc: kkd@meta.com, Alexei Starovoitov , Andrii Nakryiko , Daniel Borkmann , Martin KaFai Lau , Eduard Zingerman , Manu Bretelle , Jiri Olsa , Juri Lelli , kernel-team@fb.com Subject: [PATCH bpf v1 4/4] selftests/bpf: Add autogenerated tests for raw_tp NULL args Date: Tue, 10 Dec 2024 18:01:56 -0800 Message-ID: <20241211020156.18966-5-memxor@gmail.com> X-Mailer: git-send-email 2.43.5 In-Reply-To: <20241211020156.18966-1-memxor@gmail.com> References: <20241211020156.18966-1-memxor@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=23479; h=from:subject; bh=owfMrzeTFEKt3Jw317Z+wSPwG3T5xhYc2c/t7VU/3ks=; b=owEBbQKS/ZANAwAIAUzgyIZIvxHKAcsmYgBnWPJWHoFb/2mqPYrw+fOVL4R8xdcsxj46zwsK4aFv 9sQoYYmJAjMEAAEIAB0WIQRLvip+Buz51YI8YRFM4MiGSL8RygUCZ1jyVgAKCRBM4MiGSL8RyuDrD/ wLv6sEIMf10lvja4pyxNeEPXSweUU2lKOfxjYaEUJ7mqzhdk1YFmXd9VN7OxPc54eHHt0VxhXKA66b 8ESIiOu4ffpOS5DehpWzXWkYb2q6OH3QJTZn/tAl+EpZ+6ehsqX6K5sWHyS+VteZ+VRT9V9ABbuKWT S+EVPHPD4ulh4B/U5nxQSzRHqPiDnX47xmDU+Okq9eq9LWMO53lX4934FQ60ZBTuQPyveAlwy2FPbB hGvEJHQDW6cS4B951uw1z8V7TIcXF6PeFac+yv0P7DDN1/Ut5PVqznrtxWYLGlcDlr78JRD5Qmvujp k7X4J16nyWxbO+0Ooi78BunvoVck5X+UoH6IEWZYQHWvuPS47Owbr2aYSZYJMS9PLzZ7a4MQvC8+Kj 06URMZcdqE+1BXQfUWL5voNJxRb3prHixMvfDZU8Po5LOhdHC6aEU+gKPA6fK9kzd8/JOIuELmAWpr 2DIlnTUFfuQoHLqHbMSYT7cYxgDoWNi9EaAx4llyarNzM2tdNQ/uqo21vOrBYEQC6PCtHq48SC2yPy qsHQSXy37Y9AsYzSZjy8CU8DLa4PTecwsabvBND63FACRIOOPnH9Cq/ZIIMDOQZw+NsHphjesbgg1v qq2X4vEsMByRCnEagdIJ1jLLo3CF/BULXTJdyabekwlMVVJpGGf+ciVAe2RA== X-Developer-Key: i=memxor@gmail.com; a=openpgp; fpr=4BBE2A7E06ECF9D5823C61114CE0C88648BF11CA X-Patchwork-Delegate: bpf@iogearbox.net Add bash and python scripts that process the RAW_TP_NULL_ARGS list in kernel/bpf/btf.c and produce selftests automatically. This is not done automatically on build as the file requires some human-guided post processing (like disabling certain tests for which we don't enable CONFIG options), and only needs to be run once when growing the list. Once the list generation becomes automatic in kernel/bpf/btf.c, the script can run on build, or be modified if we support __nullable BTF type tags in the future to parse them and generate tests accordingly. The tests basically ensure the pointer is marked or_null_, and likewise for raw_tp_scalar.c case (where it needs to be marked scalar). Enable enough config options to cover all but 4 without increasing build time significantly. By enabling AFS, CACHEFILES, and INFINIBAND, we gain enough coverage to cover distinct cases and positional arguments. The config is modified to include some new options to test most options, but driver tracepoints that include too much stuff are disabled manually after the script produces it's output. Whenever adding a new RAW_TP_NULL_ARGS specification or removing one, the developer can run this script to update the selftest, reject hunks removing the comments around disabled tracepoints, and accept other hunks that are relevant for the newly added tracepoint. There are some tracepoints manually hardcoded in btf_ctx_access that have an IS_ERR argument type. For now, these are manually encoded in raw_tp_scalar.c, but if the list grows, we can introduce a new mask for IS_ERR args, an ERR_ARG() macro, and augment the script to generate tests for these cases and ensure argument is marked scalar. Signed-off-by: Kumar Kartikeya Dwivedi --- tools/testing/selftests/bpf/config | 5 + .../testing/selftests/bpf/gen_raw_tp_null.py | 58 +++ .../testing/selftests/bpf/gen_raw_tp_null.sh | 3 + .../selftests/bpf/prog_tests/raw_tp_null.c | 12 + .../testing/selftests/bpf/progs/raw_tp_null.c | 417 ++++++++++++++++++ .../selftests/bpf/progs/raw_tp_scalar.c | 24 + 6 files changed, 519 insertions(+) create mode 100755 tools/testing/selftests/bpf/gen_raw_tp_null.py create mode 100755 tools/testing/selftests/bpf/gen_raw_tp_null.sh create mode 100644 tools/testing/selftests/bpf/prog_tests/raw_tp_null.c create mode 100644 tools/testing/selftests/bpf/progs/raw_tp_null.c create mode 100644 tools/testing/selftests/bpf/progs/raw_tp_scalar.c diff --git a/tools/testing/selftests/bpf/config b/tools/testing/selftests/bpf/config index 4ca84c8d9116..75d3416e2c11 100644 --- a/tools/testing/selftests/bpf/config +++ b/tools/testing/selftests/bpf/config @@ -112,3 +112,8 @@ CONFIG_XDP_SOCKETS=y CONFIG_XFRM_INTERFACE=y CONFIG_TCP_CONG_DCTCP=y CONFIG_TCP_CONG_BBR=y +CONFIG_AFS_FS=y +CONFIG_FSCACHE=y +CONFIG_CACHEFILES=y +CONFIG_CACHEFILES_ONDEMAND=y +CONFIG_INFINIBAND=y diff --git a/tools/testing/selftests/bpf/gen_raw_tp_null.py b/tools/testing/selftests/bpf/gen_raw_tp_null.py new file mode 100755 index 000000000000..4d15a5b92012 --- /dev/null +++ b/tools/testing/selftests/bpf/gen_raw_tp_null.py @@ -0,0 +1,58 @@ +#!/usr/bin/python3 +import re +import sys + +def parse_null_args(arg_str): + pattern = r'NULL_ARG\((\d+)\)' + numbers = [] + for part in arg_str.split('|'): + part = part.strip() + match = re.match(pattern, part) + if match: + numbers.append(int(match.group(1))) + return numbers + +def parse_tracepoint_line(line): + line = line.strip().rstrip(',') + match = re.match(r'RAW_TP_NULL_ARGS\(([^,]+),\s*(.*)\)', line) + + if match: + tp_name = match.group(1).strip() + arg_part = match.group(2).strip() + arg_nums = parse_null_args(arg_part) + if arg_nums: + return tp_name, arg_nums + return None, None + +def generate_tests(entries): + tests = [] + + for tp_name, arg_nums in entries: + for arg_num in arg_nums: + test = ['', 'SEC("tp_btf/' + tp_name + '")', + '__failure __msg("R1 invalid mem access \'trusted_ptr_or_null_\'")', + f'int test_raw_tp_null_{tp_name}_arg_{arg_num}(void *ctx) {{'] + n = (arg_num - 1) * 8 + test.append(f' asm volatile("r1 = *(u64 *)(r1 +{n}); r1 = *(u64 *)(r1 +0);" ::: __clobber_all);') + test.extend([' return 0;', '}']) + tests.extend(test) + return '\n'.join(tests) + +# Read directly from stdin +entries = [] +for line in sys.stdin: + tp_name, arg_num = parse_tracepoint_line(line) + if tp_name and arg_num is not None: + entries.append((tp_name, arg_num)) +print( +'''// SPDX-License-Identifier: GPL-2.0 +/* Copyright (c) 2024 Meta Platforms, Inc. and affiliates. */ + +/* WARNING: This file is automatically generated, run gen_raw_tp_null.sh to update! */ + +#include +#include +#include "bpf_misc.h" + +char _license[] SEC("license") = "GPL";''') +print(generate_tests(entries)) diff --git a/tools/testing/selftests/bpf/gen_raw_tp_null.sh b/tools/testing/selftests/bpf/gen_raw_tp_null.sh new file mode 100755 index 000000000000..1c99757f7baf --- /dev/null +++ b/tools/testing/selftests/bpf/gen_raw_tp_null.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +cat ../../../../kernel/bpf/btf.c | grep RAW_TP_NULL_ARGS | grep -v "define RAW_TP" | ./gen_raw_tp_null.py | tee progs/raw_tp_null.c diff --git a/tools/testing/selftests/bpf/prog_tests/raw_tp_null.c b/tools/testing/selftests/bpf/prog_tests/raw_tp_null.c new file mode 100644 index 000000000000..bb5524eabde9 --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/raw_tp_null.c @@ -0,0 +1,12 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (c) 2024 Meta Platforms, Inc. and affiliates. */ + +#include +#include "raw_tp_null.skel.h" +#include "raw_tp_scalar.skel.h" + +void test_raw_tp_null(void) +{ + RUN_TESTS(raw_tp_null); + RUN_TESTS(raw_tp_scalar); +} diff --git a/tools/testing/selftests/bpf/progs/raw_tp_null.c b/tools/testing/selftests/bpf/progs/raw_tp_null.c new file mode 100644 index 000000000000..fd4de11b587f --- /dev/null +++ b/tools/testing/selftests/bpf/progs/raw_tp_null.c @@ -0,0 +1,417 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (c) 2024 Meta Platforms, Inc. and affiliates. */ + +/* WARNING: This file is automatically generated, run gen_raw_tp_null.sh to update! */ + +#include +#include +#include "bpf_misc.h" + +char _license[] SEC("license") = "GPL"; + +SEC("tp_btf/sched_pi_setprio") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_sched_pi_setprio_arg_2(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +8); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/sched_stick_numa") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_sched_stick_numa_arg_3(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +16); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/sched_swap_numa") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_sched_swap_numa_arg_3(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +16); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/afs_make_fs_call") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_afs_make_fs_call_arg_2(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +8); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/afs_make_fs_calli") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_afs_make_fs_calli_arg_2(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +8); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/afs_make_fs_call1") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_afs_make_fs_call1_arg_2(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +8); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/afs_make_fs_call2") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_afs_make_fs_call2_arg_2(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +8); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/afs_protocol_error") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_afs_protocol_error_arg_1(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +0); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/afs_flock_ev") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_afs_flock_ev_arg_2(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +8); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/cachefiles_lookup") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_cachefiles_lookup_arg_1(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +0); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/cachefiles_unlink") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_cachefiles_unlink_arg_1(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +0); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/cachefiles_rename") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_cachefiles_rename_arg_1(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +0); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/cachefiles_prep_read") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_cachefiles_prep_read_arg_1(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +0); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/cachefiles_mark_active") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_cachefiles_mark_active_arg_1(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +0); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/cachefiles_mark_failed") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_cachefiles_mark_failed_arg_1(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +0); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/cachefiles_mark_inactive") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_cachefiles_mark_inactive_arg_1(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +0); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/cachefiles_vfs_error") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_cachefiles_vfs_error_arg_1(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +0); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/cachefiles_io_error") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_cachefiles_io_error_arg_1(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +0); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/cachefiles_ondemand_open") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_cachefiles_ondemand_open_arg_1(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +0); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/cachefiles_ondemand_copen") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_cachefiles_ondemand_copen_arg_1(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +0); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/cachefiles_ondemand_close") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_cachefiles_ondemand_close_arg_1(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +0); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/cachefiles_ondemand_read") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_cachefiles_ondemand_read_arg_1(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +0); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/cachefiles_ondemand_cread") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_cachefiles_ondemand_cread_arg_1(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +0); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/cachefiles_ondemand_fd_write") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_cachefiles_ondemand_fd_write_arg_1(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +0); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/cachefiles_ondemand_fd_release") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_cachefiles_ondemand_fd_release_arg_1(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +0); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/ext4_mballoc_discard") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_ext4_mballoc_discard_arg_2(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +8); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/ext4_mballoc_free") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_ext4_mballoc_free_arg_2(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +8); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/fib_table_lookup") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_fib_table_lookup_arg_3(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +16); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/posix_lock_inode") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_posix_lock_inode_arg_2(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +8); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/fcntl_setlk") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_fcntl_setlk_arg_2(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +8); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/locks_remove_posix") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_locks_remove_posix_arg_2(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +8); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/flock_lock_inode") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_flock_lock_inode_arg_2(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +8); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/break_lease_noblock") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_break_lease_noblock_arg_2(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +8); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/break_lease_block") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_break_lease_block_arg_2(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +8); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/break_lease_unblock") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_break_lease_unblock_arg_2(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +8); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/generic_delete_lease") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_generic_delete_lease_arg_2(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +8); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/time_out_leases") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_time_out_leases_arg_2(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +8); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +/* Disabled due to missing CONFIG +SEC("tp_btf/host1x_cdma_push_gather") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_host1x_cdma_push_gather_arg_5(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +32); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} +*/ + +SEC("tp_btf/mm_khugepaged_scan_pmd") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_mm_khugepaged_scan_pmd_arg_2(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +8); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/mm_collapse_huge_page_isolate") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_mm_collapse_huge_page_isolate_arg_1(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +0); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/mm_khugepaged_scan_file") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_mm_khugepaged_scan_file_arg_2(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +8); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/mm_khugepaged_collapse_file") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_mm_khugepaged_collapse_file_arg_2(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +8); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/mm_page_alloc") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_mm_page_alloc_arg_1(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +0); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/mm_page_pcpu_drain") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_mm_page_pcpu_drain_arg_1(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +0); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/mm_page_alloc_zone_locked") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_mm_page_alloc_zone_locked_arg_1(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +0); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/netfs_failure") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_netfs_failure_arg_2(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +8); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +/* Disabled due to missing CONFIG +SEC("tp_btf/device_pm_callback_start") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_device_pm_callback_start_arg_2(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +8); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} +*/ + +SEC("tp_btf/qdisc_dequeue") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_qdisc_dequeue_arg_4(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +24); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/rxrpc_recvdata") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_rxrpc_recvdata_arg_1(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +0); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/rxrpc_resend") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_rxrpc_resend_arg_2(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +8); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +/* Disabled due to missing CONFIG +SEC("tp_btf/xs_stream_read_data") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_xs_stream_read_data_arg_1(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +0); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} +*/ + +SEC("tp_btf/tcp_send_reset") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_tcp_send_reset_arg_1(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +0); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/tcp_send_reset") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_tcp_send_reset_arg_2(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +8); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +/* Disabled due to missing CONFIG +SEC("tp_btf/tegra_dma_tx_status") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_tegra_dma_tx_status_arg_3(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +16); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} +*/ + +SEC("tp_btf/tmigr_update_events") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_tmigr_update_events_arg_1(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +0); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/writeback_dirty_folio") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_writeback_dirty_folio_arg_2(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +8); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/folio_wait_writeback") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_folio_wait_writeback_arg_2(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +8); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} diff --git a/tools/testing/selftests/bpf/progs/raw_tp_scalar.c b/tools/testing/selftests/bpf/progs/raw_tp_scalar.c new file mode 100644 index 000000000000..b44bb9a94305 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/raw_tp_scalar.c @@ -0,0 +1,24 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (c) 2024 Meta Platforms, Inc. and affiliates. */ + +/* Since we have a couple of cases, we just write this file by hand. */ + +#include +#include +#include "bpf_misc.h" + +char _license[] SEC("license") = "GPL"; + +SEC("tp_btf/mr_integ_alloc") +__failure __msg("R1 invalid mem access 'scalar'") +int test_raw_tp_scalar_mr_integ_alloc_arg_4(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +24); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +SEC("tp_btf/cachefiles_lookup") +__failure __msg("R1 invalid mem access 'scalar'") +int test_raw_tp_scalar_cachefiles_lookup_arg_3(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +16); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +}