From: Jiri Olsa <jolsa@redhat.com>
To: Andrii Nakryiko <andrii.nakryiko@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>, Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Networking <netdev@vger.kernel.org>, bpf <bpf@vger.kernel.org>,
Song Liu <songliubraving@fb.com>, Yonghong Song <yhs@fb.com>,
Martin KaFai Lau <kafai@fb.com>, David Miller <davem@redhat.com>,
John Fastabend <john.fastabend@gmail.com>,
Wenbo Zhang <ethercflow@gmail.com>,
KP Singh <kpsingh@chromium.org>, Andrii Nakryiko <andriin@fb.com>,
Brendan Gregg <bgregg@netflix.com>,
Florent Revest <revest@chromium.org>,
Al Viro <viro@zeniv.linux.org.uk>
Subject: Re: [PATCH 08/11] bpf: Add BTF whitelist support
Date: Fri, 19 Jun 2020 15:29:29 +0200 [thread overview]
Message-ID: <20200619132929.GI2465907@krava> (raw)
In-Reply-To: <CAEf4Bzaj-t0UYLiJh9czenqVtsi5UuviX_AqgpEq=gJx6WCHrw@mail.gmail.com>
On Thu, Jun 18, 2020 at 09:29:58PM -0700, Andrii Nakryiko wrote:
SNIP
> > @@ -4669,3 +4670,15 @@ u32 btf_id(const struct btf *btf)
> > {
> > return btf->id;
> > }
> > +
> > +static int btf_id_cmp_func(const void *a, const void *b)
> > +{
> > + const int *pa = a, *pb = b;
> > +
> > + return *pa - *pb;
> > +}
> > +
> > +bool btf_whitelist_search(int id, int list[], int cnt)
>
> whitelist is a bit too specific, this functionality can be used for
> blacklisting as well, no?
>
> How about instead of "open coding" separately int list[] + int cnt, we
> define a struct:
>
> struct btf_id_set {
> u32 cnt;
> u32 ids[];
> };
>
> and pass that around?
>
> This function then can be generic
>
> bool btf_id_set_contains(struct btf_id_set *set, u32 id);
>
> Then it's usable for both whitelist and blacklist? _contains also
> clearly implies what's the return result, while _search isn't so clear
> in that regard.
yep, looks better this way, will change
>
>
> > +{
> > + return bsearch(&id, list, cnt, sizeof(int), btf_id_cmp_func) != NULL;
> > +}
> > diff --git a/kernel/bpf/btf_ids.h b/kernel/bpf/btf_ids.h
> > index 68aa5c38a37f..a90c09faa515 100644
> > --- a/kernel/bpf/btf_ids.h
> > +++ b/kernel/bpf/btf_ids.h
> > @@ -67,4 +67,42 @@ asm( \
> > #name ":; \n" \
> > ".popsection; \n");
> >
> > +
> > +/*
> > + * The BTF_WHITELIST_ENTRY/END macros pair defines sorted
> > + * list of BTF IDs plus its members count, with following
> > + * layout:
> > + *
> > + * BTF_WHITELIST_ENTRY(list2)
> > + * BTF_ID(type1, name1)
> > + * BTF_ID(type2, name2)
> > + * BTF_WHITELIST_END(list)
>
> It kind of sucks you need two separate ENTRY/END macro (btw, START/END
> or BEGIN/END would be a bit more "paired"), and your example clearly
ok, START/END it is
> shows why: it is not self-consistent (list2 on start, list on end ;).
ugh ;-)
> But doing variadic macro like this would be a nightmare as well,
> unfortunately. :(
>
> > + *
> > + * __BTF_ID__sort__list:
> > + * list2_cnt:
> > + * .zero 4
> > + * list2:
> > + * __BTF_ID__type1__name1__3:
> > + * .zero 4
> > + * __BTF_ID__type2__name2__4:
> > + * .zero 4
> > + *
> > + */
> > +#define BTF_WHITELIST_ENTRY(name) \
> > +asm( \
> > +".pushsection " SECTION ",\"a\"; \n" \
> > +".global __BTF_ID__sort__" #name "; \n" \
> > +"__BTF_ID__sort__" #name ":; \n" \
>
> I mentioned in the previous patch already, I think "sort" is a bad
> name, consider "set" (or "list", but you used list name already for a
> slightly different macro).
yes, I replied to this in another email
>
> > +".global " #name "_cnt; \n" \
> > +#name "_cnt:; \n" \
>
> This label/symbol isn't necessary, why polluting the symbol table?
XXX_cnt variable is used in search function, but isn't needed
if we use that 'struct btf_id_set' you proposed
>
> > +".zero 4 \n" \
> > +".popsection; \n"); \
> > +BTF_ID_LIST(name)
> > +
> > +#define BTF_WHITELIST_END(name) \
> > +asm( \
> > +".pushsection " SECTION ",\"a\"; \n" \
> > +".size __BTF_ID__sort__" #name ", .-" #name " \n" \
> > +".popsection; \n");
> > +
> > #endif
> > diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> > index bee3da2cd945..5a9a6fd72907 100644
> > --- a/kernel/bpf/verifier.c
> > +++ b/kernel/bpf/verifier.c
> > @@ -4633,6 +4633,11 @@ static int check_helper_call(struct bpf_verifier_env *env, int func_id, int insn
> > return -EINVAL;
> > }
> >
> > + if (fn->allowed && !fn->allowed(env->prog)) {
> > + verbose(env, "helper call is not allowed in probe\n");
>
> nit: probe -> program, or just drop "in probe" part altogether
ok
thnaks,
jirka
next prev parent reply other threads:[~2020-06-19 13:29 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-16 10:05 [PATCHv3 0/9] bpf: Add d_path helper Jiri Olsa
2020-06-16 10:05 ` [PATCH 01/11] bpf: Add btfid tool to resolve BTF IDs in ELF object Jiri Olsa
2020-06-19 0:38 ` Andrii Nakryiko
2020-06-19 13:03 ` Jiri Olsa
2020-06-19 18:12 ` Andrii Nakryiko
2020-06-22 8:59 ` Jiri Olsa
2020-06-16 10:05 ` [PATCH 02/11] bpf: Compile btfid tool at kernel compilation start Jiri Olsa
2020-06-18 20:40 ` John Fastabend
2020-06-18 21:17 ` John Fastabend
2020-06-19 13:23 ` Jiri Olsa
2020-06-19 0:40 ` Andrii Nakryiko
2020-06-19 0:47 ` Arnaldo Carvalho de Melo
2020-06-19 2:08 ` Alexei Starovoitov
2020-06-19 3:51 ` Andrii Nakryiko
2020-06-16 10:05 ` [PATCH 03/11] bpf: Add btf_ids object Jiri Olsa
2020-06-19 0:56 ` Andrii Nakryiko
2020-06-19 1:06 ` Andrii Nakryiko
2020-06-19 13:16 ` Jiri Olsa
2020-06-19 13:13 ` Jiri Olsa
2020-06-19 18:15 ` Andrii Nakryiko
2020-06-19 1:02 ` Andrii Nakryiko
2020-06-19 13:05 ` Jiri Olsa
2020-06-16 10:05 ` [PATCH 04/11] bpf: Resolve BTF IDs in vmlinux image Jiri Olsa
2020-06-16 10:05 ` [PATCH 05/11] bpf: Remove btf_id helpers resolving Jiri Olsa
2020-06-19 1:10 ` Andrii Nakryiko
2020-06-19 13:18 ` Jiri Olsa
2020-06-16 10:05 ` [PATCH 06/11] bpf: Do not pass enum bpf_access_type to btf_struct_access Jiri Olsa
2020-06-19 3:58 ` Andrii Nakryiko
2020-06-19 13:23 ` Jiri Olsa
2020-06-16 10:05 ` [PATCH 07/11] bpf: Allow nested BTF object to be refferenced by BTF object + offset Jiri Olsa
2020-06-16 10:05 ` [PATCH 08/11] bpf: Add BTF whitelist support Jiri Olsa
2020-06-19 4:29 ` Andrii Nakryiko
2020-06-19 13:29 ` Jiri Olsa [this message]
2020-06-16 10:05 ` [PATCH 09/11] bpf: Add d_path helper Jiri Olsa
2020-06-19 4:35 ` Andrii Nakryiko
2020-06-19 13:31 ` Jiri Olsa
2020-06-19 18:25 ` Andrii Nakryiko
2020-06-22 9:02 ` Jiri Olsa
2020-06-22 19:18 ` Andrii Nakryiko
2020-06-23 10:02 ` Jiri Olsa
2020-06-23 18:58 ` Andrii Nakryiko
2020-06-23 20:14 ` Jiri Olsa
2020-06-23 20:17 ` Andrii Nakryiko
2020-06-16 10:05 ` [PATCH 10/11] selftests/bpf: Add verifier test for " Jiri Olsa
2020-06-19 4:38 ` Andrii Nakryiko
2020-06-19 13:32 ` Jiri Olsa
2020-06-16 10:05 ` [PATCH 11/11] selftests/bpf: Add " Jiri Olsa
2020-06-19 4:44 ` Andrii Nakryiko
2020-06-19 13:34 ` Jiri Olsa
2020-06-18 20:57 ` [PATCHv3 0/9] bpf: Add " John Fastabend
2020-06-19 12:35 ` Jiri Olsa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200619132929.GI2465907@krava \
--to=jolsa@redhat.com \
--cc=andrii.nakryiko@gmail.com \
--cc=andriin@fb.com \
--cc=ast@kernel.org \
--cc=bgregg@netflix.com \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@redhat.com \
--cc=ethercflow@gmail.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kafai@fb.com \
--cc=kpsingh@chromium.org \
--cc=netdev@vger.kernel.org \
--cc=revest@chromium.org \
--cc=songliubraving@fb.com \
--cc=viro@zeniv.linux.org.uk \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.