From: Yonghong Song <yonghong.song@linux.dev>
To: Chuyi Zhou <zhouchuyi@bytedance.com>,
Martin KaFai Lau <martin.lau@linux.dev>
Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org,
martin.lau@kernel.org, bpf@vger.kernel.org
Subject: Re: [PATCH bpf 1/2] bpf: Let verifier consider {task,cgroup} is trusted in bpf_iter_reg
Date: Mon, 6 Nov 2023 22:52:46 -0800 [thread overview]
Message-ID: <8a4d7471-76ac-448c-9496-12e028f7fe24@linux.dev> (raw)
In-Reply-To: <9f55ef44-646d-4120-b437-defff91d1af5@bytedance.com>
On 11/6/23 6:44 PM, Chuyi Zhou wrote:
> Hello,
>
> 在 2023/11/7 02:29, Martin KaFai Lau 写道:
>> On 11/5/23 5:34 AM, Chuyi Zhou wrote:
>>> BTF_TYPE_SAFE_TRUSTED(struct bpf_iter__task) in verifier.c wanted to
>>> teach BPF verifier that bpf_iter__task -> task is a trusted ptr. But it
>>> doesn't work well.
>>>
>>> The reason is, bpf_iter__task -> task would go through btf_ctx_access()
>>> which enforces the reg_type of 'task' is ctx_arg_info->reg_type, and in
>>> task_iter.c, we actually explicitly declare that the
>>> ctx_arg_info->reg_type is PTR_TO_BTF_ID_OR_NULL.
>>>
>>> This patch sets ctx_arg_info->reg_type is PTR_TO_BTF_ID_OR_NULL |
>>> PTR_TRUSTED in task_reg_info.
>>>
>>> Similarly, bpf_cgroup_reg_info -> cgroup is also PTR_TRUSTED since
>>> we are
>>> under the protection of cgroup_mutex and we would check
>>> cgroup_is_dead()
>>> in __cgroup_iter_seq_show().
>>>
>>
>> Make sense. I think the bpf_tcp_iter made similar change in
>> tcp_seq_info also. What may be the Fixes tag? Is it fixing the recent
>> kfunc of the css_task iter?
>>
>
> Thanks for the review.
>
> I think it's not a fix for recent kfunc of css_task iter. We are
> working at SEC("iter/task") and SEC("iter/cgroup").
>
> I'm not sure whether it's a 'fix' for cgroup_iter/task_iter. If we
> need fix tags, do we need to split this patch into two separate
> patches? Or add two fix tags on commit log:
I think the patch itself is not a fix, rather an improvement. The bpf_iter predates kfunc/PTR_TRUSTED stuff. The argument 'task'
or 'cgroup' are already trusted so the bpf_iter program can print out useful data.
But recent kfunc things requires some parameters to be marked as PTR_TRUSTED so that they can be passed to kfunc,
so this patch enables this usage for kfunc in bpf_iter programs.
>
> Fixes: d4ccaf58a84721 ("bpf: Introduce cgroup iter")
> Fixes: 3c32cc1bceba8a17 ("bpf: Enable bpf_iter targets registering ctx
> argument types")
>
> Thanks.
>
>
>
next prev parent reply other threads:[~2023-11-07 6:52 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-05 13:34 [PATCH bpf 0/2] Let BPF verifier consider {task,cgroup} is trusted in bpf_iter_reg Chuyi Zhou
2023-11-05 13:34 ` [PATCH bpf 1/2] bpf: Let " Chuyi Zhou
2023-11-06 18:26 ` Yonghong Song
2023-11-07 2:23 ` Chuyi Zhou
2023-11-06 18:29 ` Martin KaFai Lau
2023-11-07 2:44 ` Chuyi Zhou
2023-11-07 6:52 ` Yonghong Song [this message]
2023-11-07 6:54 ` [External] " Chuyi Zhou
2023-11-05 13:34 ` [PATCH bpf 2/2] selftests/bpf: get trusted cgrp from bpf_iter__cgroup directly Chuyi Zhou
2023-11-06 18:35 ` Yonghong Song
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8a4d7471-76ac-448c-9496-12e028f7fe24@linux.dev \
--to=yonghong.song@linux.dev \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=martin.lau@kernel.org \
--cc=martin.lau@linux.dev \
--cc=zhouchuyi@bytedance.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.