From: Martin KaFai Lau <martin.lau@linux.dev>
To: Alexei Starovoitov <ast@kernel.org>
Cc: sdf@google.com, bpf@vger.kernel.org,
Aditi Ghag <aditi.ghag@isovalent.com>
Subject: Re: [PATCH v7 bpf-next 06/10] bpf: Add bpf_sock_destroy kfunc
Date: Fri, 5 May 2023 11:49:02 -0700 [thread overview]
Message-ID: <45684b6f-ecfb-5f14-e5ad-386b8f611c7a@linux.dev> (raw)
In-Reply-To: <1013e81f-5a0a-dd0b-c18d-3ee849c079ab@linux.dev>
On 5/4/23 5:13 PM, Martin KaFai Lau wrote:
>
> Follow up on the v6 patch-set regarding KF_TRUSTED_ARGS.
> KF_TRUSTED_ARGS is needed here to avoid the cases where a PTR_TO_BTF_ID sk is
> obtained by following another pointer. eg. getting a sk pointer (may be even
> NULL) by following another sk pointer. The recent PTR_TRUSTED concept in the
> verifier can guard this. I tried and the following should do:
>
> diff --git i/net/core/filter.c w/net/core/filter.c
> index 68b228f3eca6..d82e038da0e3 100644
> --- i/net/core/filter.c
> +++ w/net/core/filter.c
> @@ -11767,7 +11767,7 @@ __bpf_kfunc int bpf_sock_destroy(struct sock_common *sock)
> __diag_pop()
>
> BTF_SET8_START(sock_destroy_kfunc_set)
> -BTF_ID_FLAGS(func, bpf_sock_destroy)
> +BTF_ID_FLAGS(func, bpf_sock_destroy, KF_TRUSTED_ARGS)
> BTF_SET8_END(sock_destroy_kfunc_set)
>
> static int tracing_iter_filter(const struct bpf_prog *prog, u32 kfunc_id)
> diff --git i/net/ipv4/tcp_ipv4.c w/net/ipv4/tcp_ipv4.c
> index 887f83a90d85..a769284e8291 100644
> --- i/net/ipv4/tcp_ipv4.c
> +++ w/net/ipv4/tcp_ipv4.c
> @@ -3354,7 +3354,7 @@ static struct bpf_iter_reg tcp_reg_info = {
> .ctx_arg_info_size = 1,
> .ctx_arg_info = {
> { offsetof(struct bpf_iter__tcp, sk_common),
> - PTR_TO_BTF_ID_OR_NULL },
> + PTR_TO_BTF_ID_OR_NULL | PTR_TRUSTED },
Alexei, what do you think about having "PTR_MAYBE_NULL | PTR_TRUSTED" here?
The verifier side looks fine (eg. is_trusted_reg() is taking PTR_MAYBE_NULL into
consideration). However, it seems this will be the first "PTR_MAYBE_NULL |
PTR_TRUSTED" use case and not sure if PTR_MAYBE_NULL may conceptually conflict
with the PTR_TRUSTED idea (like PTR_TRUSTED should not be NULL).
> },
> .get_func_proto = bpf_iter_tcp_get_func_proto,
> .seq_info = &tcp_seq_info,
> diff --git i/net/ipv4/udp.c w/net/ipv4/udp.c
> index 746c85f2bb03..945b641b363b 100644
> --- i/net/ipv4/udp.c
> +++ w/net/ipv4/udp.c
> @@ -3646,7 +3646,7 @@ static struct bpf_iter_reg udp_reg_info = {
> .ctx_arg_info_size = 1,
> .ctx_arg_info = {
> { offsetof(struct bpf_iter__udp, udp_sk),
> - PTR_TO_BTF_ID_OR_NULL },
> + PTR_TO_BTF_ID_OR_NULL | PTR_TRUSTED },
> },
> .seq_info = &udp_seq_info,
> };
next prev parent reply other threads:[~2023-05-05 18:49 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-03 22:53 [PATCH v7 bpf-next 00/10] bpf: Add socket destroy capability Aditi Ghag
2023-05-03 22:53 ` [PATCH v7 bpf-next 01/10] bpf: tcp: Avoid taking fast sock lock in iterator Aditi Ghag
2023-05-03 22:53 ` [PATCH v7 bpf-next 02/10] udp: seq_file: Helper function to match socket attributes Aditi Ghag
2023-05-03 22:53 ` [PATCH v7 bpf-next 03/10] bpf: udp: Encapsulate logic to get udp table Aditi Ghag
2023-05-03 22:53 ` [PATCH v7 bpf-next 04/10] udp: seq_file: Remove bpf_seq_afinfo from udp_iter_state Aditi Ghag
2023-05-04 1:15 ` kernel test robot
2023-05-04 1:25 ` Aditi Ghag
2023-05-04 10:37 ` kernel test robot
2023-05-03 22:53 ` [PATCH v7 bpf-next 05/10] bpf: udp: Implement batching for sockets iterator Aditi Ghag
2023-05-03 22:53 ` [PATCH v7 bpf-next 06/10] bpf: Add bpf_sock_destroy kfunc Aditi Ghag
2023-05-05 0:13 ` Martin KaFai Lau
2023-05-05 18:49 ` Martin KaFai Lau [this message]
2023-05-05 20:05 ` Alexei Starovoitov
2023-05-03 22:53 ` [PATCH v7 bpf-next 07/10] selftests/bpf: Add helper to get port using getsockname Aditi Ghag
2023-05-04 17:33 ` Stanislav Fomichev
2023-05-03 22:53 ` [PATCH v7 bpf-next 08/10] selftests/bpf: Test bpf_sock_destroy Aditi Ghag
2023-05-05 0:24 ` Martin KaFai Lau
2023-05-03 22:53 ` [PATCH v7 bpf-next 09/10] bpf: Add a kfunc filter function to 'struct btf_kfunc_id_set' Aditi Ghag
2023-05-05 0:28 ` Martin KaFai Lau
2023-05-03 22:53 ` [PATCH v7 bpf-next 10/10] selftests/bpf: Extend bpf_sock_destroy tests Aditi Ghag
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=45684b6f-ecfb-5f14-e5ad-386b8f611c7a@linux.dev \
--to=martin.lau@linux.dev \
--cc=aditi.ghag@isovalent.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=sdf@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.