* [PATCHv2 bpf-next 1/2] bpf: Do not allow to load sleepable BPF_TRACE_RAW_TP program
@ 2023-01-11 10:11 Jiri Olsa
2023-01-11 10:11 ` [PATCHv2 bpf-next 2/2] bpf/selftests: Add verifier tests for loading sleepable programs Jiri Olsa
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Jiri Olsa @ 2023-01-11 10:11 UTC (permalink / raw)
To: Alexei Starovoitov, Daniel Borkmann, Andrii Nakryiko
Cc: bpf, Martin KaFai Lau, Song Liu, Yonghong Song, John Fastabend,
KP Singh, Stanislav Fomichev, Hao Luo
Currently we allow to load any tracing program as sleepable,
but BPF_TRACE_RAW_TP can't sleep. Making the check explicit
for tracing programs attach types, so sleepable BPF_TRACE_RAW_TP
will fail to load.
Updating the verifier error to mention iter programs as well.
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
---
v2 changes:
- use bool for can_be_sleepable return value [Song]
- add tests [Song]
kernel/bpf/verifier.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index fa4c911603e9..f20777c2a957 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -16743,6 +16743,18 @@ BTF_ID(func, rcu_read_unlock_strict)
#endif
BTF_SET_END(btf_id_deny)
+static bool can_be_sleepable(struct bpf_prog *prog)
+{
+ if (prog->type == BPF_PROG_TYPE_TRACING) {
+ return prog->expected_attach_type == BPF_TRACE_FENTRY ||
+ prog->expected_attach_type == BPF_TRACE_FEXIT ||
+ prog->expected_attach_type == BPF_MODIFY_RETURN ||
+ prog->expected_attach_type == BPF_TRACE_ITER;
+ }
+ return prog->type == BPF_PROG_TYPE_LSM ||
+ prog->type == BPF_PROG_TYPE_KPROBE;
+}
+
static int check_attach_btf_id(struct bpf_verifier_env *env)
{
struct bpf_prog *prog = env->prog;
@@ -16761,9 +16773,8 @@ static int check_attach_btf_id(struct bpf_verifier_env *env)
return -EINVAL;
}
- if (prog->aux->sleepable && prog->type != BPF_PROG_TYPE_TRACING &&
- prog->type != BPF_PROG_TYPE_LSM && prog->type != BPF_PROG_TYPE_KPROBE) {
- verbose(env, "Only fentry/fexit/fmod_ret, lsm, and kprobe/uprobe programs can be sleepable\n");
+ if (prog->aux->sleepable && !can_be_sleepable(prog)) {
+ verbose(env, "Only fentry/fexit/fmod_ret, lsm, iter and kprobe/uprobe programs can be sleepable\n");
return -EINVAL;
}
--
2.39.0
^ permalink raw reply related [flat|nested] 6+ messages in thread* [PATCHv2 bpf-next 2/2] bpf/selftests: Add verifier tests for loading sleepable programs 2023-01-11 10:11 [PATCHv2 bpf-next 1/2] bpf: Do not allow to load sleepable BPF_TRACE_RAW_TP program Jiri Olsa @ 2023-01-11 10:11 ` Jiri Olsa 2023-01-11 17:22 ` Song Liu 2023-01-11 17:22 ` [PATCHv2 bpf-next 1/2] bpf: Do not allow to load sleepable BPF_TRACE_RAW_TP program Song Liu 2023-01-15 21:21 ` Alexei Starovoitov 2 siblings, 1 reply; 6+ messages in thread From: Jiri Olsa @ 2023-01-11 10:11 UTC (permalink / raw) To: Alexei Starovoitov, Daniel Borkmann, Andrii Nakryiko Cc: bpf, Martin KaFai Lau, Song Liu, Yonghong Song, John Fastabend, KP Singh, Stanislav Fomichev, Hao Luo Adding verifier tests for loading all types od allowed sleepable programs plus reject for tp_btf type. Signed-off-by: Jiri Olsa <jolsa@kernel.org> --- .../selftests/bpf/verifier/sleepable.c | 91 +++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 tools/testing/selftests/bpf/verifier/sleepable.c diff --git a/tools/testing/selftests/bpf/verifier/sleepable.c b/tools/testing/selftests/bpf/verifier/sleepable.c new file mode 100644 index 000000000000..15da44f7ac8a --- /dev/null +++ b/tools/testing/selftests/bpf/verifier/sleepable.c @@ -0,0 +1,91 @@ +{ + "sleepable fentry accept", + .insns = { + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }, + .prog_type = BPF_PROG_TYPE_TRACING, + .expected_attach_type = BPF_TRACE_FENTRY, + .kfunc = "bpf_fentry_test1", + .result = ACCEPT, + .flags = BPF_F_SLEEPABLE, + .runs = -1, +}, +{ + "sleepable fexit accept", + .insns = { + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }, + .prog_type = BPF_PROG_TYPE_TRACING, + .expected_attach_type = BPF_TRACE_FENTRY, + .kfunc = "bpf_fentry_test1", + .result = ACCEPT, + .flags = BPF_F_SLEEPABLE, + .runs = -1, +}, +{ + "sleepable fmod_ret accept", + .insns = { + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }, + .prog_type = BPF_PROG_TYPE_TRACING, + .expected_attach_type = BPF_MODIFY_RETURN, + .kfunc = "bpf_fentry_test1", + .result = ACCEPT, + .flags = BPF_F_SLEEPABLE, + .runs = -1, +}, +{ + "sleepable iter accept", + .insns = { + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }, + .prog_type = BPF_PROG_TYPE_TRACING, + .expected_attach_type = BPF_TRACE_ITER, + .kfunc = "task", + .result = ACCEPT, + .flags = BPF_F_SLEEPABLE, + .runs = -1, +}, +{ + "sleepable lsm accept", + .insns = { + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }, + .prog_type = BPF_PROG_TYPE_LSM, + .kfunc = "bpf", + .expected_attach_type = BPF_LSM_MAC, + .result = ACCEPT, + .flags = BPF_F_SLEEPABLE, + .runs = -1, +}, +{ + "sleepable kprobe/uprobe accept", + .insns = { + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }, + .prog_type = BPF_PROG_TYPE_KPROBE, + .kfunc = "bpf_fentry_test1", + .result = ACCEPT, + .flags = BPF_F_SLEEPABLE, + .runs = -1, +}, +{ + "sleepable raw tracepoint reject", + .insns = { + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }, + .prog_type = BPF_PROG_TYPE_TRACING, + .expected_attach_type = BPF_TRACE_RAW_TP, + .kfunc = "sched_switch", + .result = REJECT, + .errstr = "Only fentry/fexit/fmod_ret, lsm, iter and kprobe/uprobe programs can be sleepable", + .flags = BPF_F_SLEEPABLE, + .runs = -1, +}, -- 2.39.0 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCHv2 bpf-next 2/2] bpf/selftests: Add verifier tests for loading sleepable programs 2023-01-11 10:11 ` [PATCHv2 bpf-next 2/2] bpf/selftests: Add verifier tests for loading sleepable programs Jiri Olsa @ 2023-01-11 17:22 ` Song Liu 0 siblings, 0 replies; 6+ messages in thread From: Song Liu @ 2023-01-11 17:22 UTC (permalink / raw) To: Jiri Olsa Cc: Alexei Starovoitov, Daniel Borkmann, Andrii Nakryiko, bpf, Martin KaFai Lau, Song Liu, Yonghong Song, John Fastabend, KP Singh, Stanislav Fomichev, Hao Luo On Wed, Jan 11, 2023 at 2:13 AM Jiri Olsa <jolsa@kernel.org> wrote: > > Adding verifier tests for loading all types od allowed > sleepable programs plus reject for tp_btf type. > > Signed-off-by: Jiri Olsa <jolsa@kernel.org> Acked-by: Song Liu <song@kernel.org> > --- > .../selftests/bpf/verifier/sleepable.c | 91 +++++++++++++++++++ > 1 file changed, 91 insertions(+) > create mode 100644 tools/testing/selftests/bpf/verifier/sleepable.c > > diff --git a/tools/testing/selftests/bpf/verifier/sleepable.c b/tools/testing/selftests/bpf/verifier/sleepable.c > new file mode 100644 > index 000000000000..15da44f7ac8a > --- /dev/null > +++ b/tools/testing/selftests/bpf/verifier/sleepable.c > @@ -0,0 +1,91 @@ > +{ > + "sleepable fentry accept", > + .insns = { > + BPF_MOV64_IMM(BPF_REG_0, 0), > + BPF_EXIT_INSN(), > + }, > + .prog_type = BPF_PROG_TYPE_TRACING, > + .expected_attach_type = BPF_TRACE_FENTRY, > + .kfunc = "bpf_fentry_test1", > + .result = ACCEPT, > + .flags = BPF_F_SLEEPABLE, > + .runs = -1, > +}, > +{ > + "sleepable fexit accept", > + .insns = { > + BPF_MOV64_IMM(BPF_REG_0, 0), > + BPF_EXIT_INSN(), > + }, > + .prog_type = BPF_PROG_TYPE_TRACING, > + .expected_attach_type = BPF_TRACE_FENTRY, > + .kfunc = "bpf_fentry_test1", > + .result = ACCEPT, > + .flags = BPF_F_SLEEPABLE, > + .runs = -1, > +}, > +{ > + "sleepable fmod_ret accept", > + .insns = { > + BPF_MOV64_IMM(BPF_REG_0, 0), > + BPF_EXIT_INSN(), > + }, > + .prog_type = BPF_PROG_TYPE_TRACING, > + .expected_attach_type = BPF_MODIFY_RETURN, > + .kfunc = "bpf_fentry_test1", > + .result = ACCEPT, > + .flags = BPF_F_SLEEPABLE, > + .runs = -1, > +}, > +{ > + "sleepable iter accept", > + .insns = { > + BPF_MOV64_IMM(BPF_REG_0, 0), > + BPF_EXIT_INSN(), > + }, > + .prog_type = BPF_PROG_TYPE_TRACING, > + .expected_attach_type = BPF_TRACE_ITER, > + .kfunc = "task", > + .result = ACCEPT, > + .flags = BPF_F_SLEEPABLE, > + .runs = -1, > +}, > +{ > + "sleepable lsm accept", > + .insns = { > + BPF_MOV64_IMM(BPF_REG_0, 0), > + BPF_EXIT_INSN(), > + }, > + .prog_type = BPF_PROG_TYPE_LSM, > + .kfunc = "bpf", > + .expected_attach_type = BPF_LSM_MAC, > + .result = ACCEPT, > + .flags = BPF_F_SLEEPABLE, > + .runs = -1, > +}, > +{ > + "sleepable kprobe/uprobe accept", > + .insns = { > + BPF_MOV64_IMM(BPF_REG_0, 0), > + BPF_EXIT_INSN(), > + }, > + .prog_type = BPF_PROG_TYPE_KPROBE, > + .kfunc = "bpf_fentry_test1", > + .result = ACCEPT, > + .flags = BPF_F_SLEEPABLE, > + .runs = -1, > +}, > +{ > + "sleepable raw tracepoint reject", > + .insns = { > + BPF_MOV64_IMM(BPF_REG_0, 0), > + BPF_EXIT_INSN(), > + }, > + .prog_type = BPF_PROG_TYPE_TRACING, > + .expected_attach_type = BPF_TRACE_RAW_TP, > + .kfunc = "sched_switch", > + .result = REJECT, > + .errstr = "Only fentry/fexit/fmod_ret, lsm, iter and kprobe/uprobe programs can be sleepable", > + .flags = BPF_F_SLEEPABLE, > + .runs = -1, > +}, > -- > 2.39.0 > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCHv2 bpf-next 1/2] bpf: Do not allow to load sleepable BPF_TRACE_RAW_TP program 2023-01-11 10:11 [PATCHv2 bpf-next 1/2] bpf: Do not allow to load sleepable BPF_TRACE_RAW_TP program Jiri Olsa 2023-01-11 10:11 ` [PATCHv2 bpf-next 2/2] bpf/selftests: Add verifier tests for loading sleepable programs Jiri Olsa @ 2023-01-11 17:22 ` Song Liu 2023-01-15 21:21 ` Alexei Starovoitov 2 siblings, 0 replies; 6+ messages in thread From: Song Liu @ 2023-01-11 17:22 UTC (permalink / raw) To: Jiri Olsa Cc: Alexei Starovoitov, Daniel Borkmann, Andrii Nakryiko, bpf, Martin KaFai Lau, Song Liu, Yonghong Song, John Fastabend, KP Singh, Stanislav Fomichev, Hao Luo On Wed, Jan 11, 2023 at 2:13 AM Jiri Olsa <jolsa@kernel.org> wrote: > > Currently we allow to load any tracing program as sleepable, > but BPF_TRACE_RAW_TP can't sleep. Making the check explicit > for tracing programs attach types, so sleepable BPF_TRACE_RAW_TP > will fail to load. > > Updating the verifier error to mention iter programs as well. > > Signed-off-by: Jiri Olsa <jolsa@kernel.org> Acked-by: Song Liu <song@kernel.org> > --- > v2 changes: > - use bool for can_be_sleepable return value [Song] > - add tests [Song] > > kernel/bpf/verifier.c | 17 ++++++++++++++--- > 1 file changed, 14 insertions(+), 3 deletions(-) > > diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c > index fa4c911603e9..f20777c2a957 100644 > --- a/kernel/bpf/verifier.c > +++ b/kernel/bpf/verifier.c > @@ -16743,6 +16743,18 @@ BTF_ID(func, rcu_read_unlock_strict) > #endif > BTF_SET_END(btf_id_deny) > > +static bool can_be_sleepable(struct bpf_prog *prog) > +{ > + if (prog->type == BPF_PROG_TYPE_TRACING) { > + return prog->expected_attach_type == BPF_TRACE_FENTRY || > + prog->expected_attach_type == BPF_TRACE_FEXIT || > + prog->expected_attach_type == BPF_MODIFY_RETURN || > + prog->expected_attach_type == BPF_TRACE_ITER; > + } > + return prog->type == BPF_PROG_TYPE_LSM || > + prog->type == BPF_PROG_TYPE_KPROBE; > +} > + > static int check_attach_btf_id(struct bpf_verifier_env *env) > { > struct bpf_prog *prog = env->prog; > @@ -16761,9 +16773,8 @@ static int check_attach_btf_id(struct bpf_verifier_env *env) > return -EINVAL; > } > > - if (prog->aux->sleepable && prog->type != BPF_PROG_TYPE_TRACING && > - prog->type != BPF_PROG_TYPE_LSM && prog->type != BPF_PROG_TYPE_KPROBE) { > - verbose(env, "Only fentry/fexit/fmod_ret, lsm, and kprobe/uprobe programs can be sleepable\n"); > + if (prog->aux->sleepable && !can_be_sleepable(prog)) { > + verbose(env, "Only fentry/fexit/fmod_ret, lsm, iter and kprobe/uprobe programs can be sleepable\n"); > return -EINVAL; > } > > -- > 2.39.0 > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCHv2 bpf-next 1/2] bpf: Do not allow to load sleepable BPF_TRACE_RAW_TP program 2023-01-11 10:11 [PATCHv2 bpf-next 1/2] bpf: Do not allow to load sleepable BPF_TRACE_RAW_TP program Jiri Olsa 2023-01-11 10:11 ` [PATCHv2 bpf-next 2/2] bpf/selftests: Add verifier tests for loading sleepable programs Jiri Olsa 2023-01-11 17:22 ` [PATCHv2 bpf-next 1/2] bpf: Do not allow to load sleepable BPF_TRACE_RAW_TP program Song Liu @ 2023-01-15 21:21 ` Alexei Starovoitov 2023-01-16 12:53 ` Jiri Olsa 2 siblings, 1 reply; 6+ messages in thread From: Alexei Starovoitov @ 2023-01-15 21:21 UTC (permalink / raw) To: Jiri Olsa Cc: Alexei Starovoitov, Daniel Borkmann, Andrii Nakryiko, bpf, Martin KaFai Lau, Song Liu, Yonghong Song, John Fastabend, KP Singh, Stanislav Fomichev, Hao Luo On Wed, Jan 11, 2023 at 2:11 AM Jiri Olsa <jolsa@kernel.org> wrote: > > Currently we allow to load any tracing program as sleepable, > but BPF_TRACE_RAW_TP can't sleep. Making the check explicit > for tracing programs attach types, so sleepable BPF_TRACE_RAW_TP > will fail to load. > > Updating the verifier error to mention iter programs as well. > > Signed-off-by: Jiri Olsa <jolsa@kernel.org> > --- > v2 changes: > - use bool for can_be_sleepable return value [Song] > - add tests [Song] > > kernel/bpf/verifier.c | 17 ++++++++++++++--- > 1 file changed, 14 insertions(+), 3 deletions(-) > > diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c > index fa4c911603e9..f20777c2a957 100644 > --- a/kernel/bpf/verifier.c > +++ b/kernel/bpf/verifier.c > @@ -16743,6 +16743,18 @@ BTF_ID(func, rcu_read_unlock_strict) > #endif > BTF_SET_END(btf_id_deny) > > +static bool can_be_sleepable(struct bpf_prog *prog) > +{ > + if (prog->type == BPF_PROG_TYPE_TRACING) { > + return prog->expected_attach_type == BPF_TRACE_FENTRY || > + prog->expected_attach_type == BPF_TRACE_FEXIT || > + prog->expected_attach_type == BPF_MODIFY_RETURN || > + prog->expected_attach_type == BPF_TRACE_ITER; > + } > + return prog->type == BPF_PROG_TYPE_LSM || > + prog->type == BPF_PROG_TYPE_KPROBE; > +} imo it's too verbose. Maybe try a switch stmt ? Or at least copy prog->expected_attach_type and prog->type into variables. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCHv2 bpf-next 1/2] bpf: Do not allow to load sleepable BPF_TRACE_RAW_TP program 2023-01-15 21:21 ` Alexei Starovoitov @ 2023-01-16 12:53 ` Jiri Olsa 0 siblings, 0 replies; 6+ messages in thread From: Jiri Olsa @ 2023-01-16 12:53 UTC (permalink / raw) To: Alexei Starovoitov Cc: Alexei Starovoitov, Daniel Borkmann, Andrii Nakryiko, bpf, Martin KaFai Lau, Song Liu, Yonghong Song, John Fastabend, KP Singh, Stanislav Fomichev, Hao Luo On Sun, Jan 15, 2023 at 01:21:48PM -0800, Alexei Starovoitov wrote: > On Wed, Jan 11, 2023 at 2:11 AM Jiri Olsa <jolsa@kernel.org> wrote: > > > > Currently we allow to load any tracing program as sleepable, > > but BPF_TRACE_RAW_TP can't sleep. Making the check explicit > > for tracing programs attach types, so sleepable BPF_TRACE_RAW_TP > > will fail to load. > > > > Updating the verifier error to mention iter programs as well. > > > > Signed-off-by: Jiri Olsa <jolsa@kernel.org> > > --- > > v2 changes: > > - use bool for can_be_sleepable return value [Song] > > - add tests [Song] > > > > kernel/bpf/verifier.c | 17 ++++++++++++++--- > > 1 file changed, 14 insertions(+), 3 deletions(-) > > > > diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c > > index fa4c911603e9..f20777c2a957 100644 > > --- a/kernel/bpf/verifier.c > > +++ b/kernel/bpf/verifier.c > > @@ -16743,6 +16743,18 @@ BTF_ID(func, rcu_read_unlock_strict) > > #endif > > BTF_SET_END(btf_id_deny) > > > > +static bool can_be_sleepable(struct bpf_prog *prog) > > +{ > > + if (prog->type == BPF_PROG_TYPE_TRACING) { > > + return prog->expected_attach_type == BPF_TRACE_FENTRY || > > + prog->expected_attach_type == BPF_TRACE_FEXIT || > > + prog->expected_attach_type == BPF_MODIFY_RETURN || > > + prog->expected_attach_type == BPF_TRACE_ITER; > > + } > > + return prog->type == BPF_PROG_TYPE_LSM || > > + prog->type == BPF_PROG_TYPE_KPROBE; > > +} > > imo it's too verbose. > Maybe try a switch stmt ? > Or at least copy prog->expected_attach_type and prog->type into variables. ok, the switch seems better, I'll send new version thanks, jirka --- diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index fa4c911603e9..966dbfc14288 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -16743,6 +16743,23 @@ BTF_ID(func, rcu_read_unlock_strict) #endif BTF_SET_END(btf_id_deny) +static bool can_be_sleepable(struct bpf_prog *prog) +{ + if (prog->type == BPF_PROG_TYPE_TRACING) { + switch (prog->expected_attach_type) { + case BPF_TRACE_FENTRY: + case BPF_TRACE_FEXIT: + case BPF_MODIFY_RETURN: + case BPF_TRACE_ITER: + return true; + default: + return false; + } + } + return prog->type == BPF_PROG_TYPE_LSM || + prog->type == BPF_PROG_TYPE_KPROBE; +} + static int check_attach_btf_id(struct bpf_verifier_env *env) { struct bpf_prog *prog = env->prog; @@ -16761,9 +16778,8 @@ static int check_attach_btf_id(struct bpf_verifier_env *env) return -EINVAL; } - if (prog->aux->sleepable && prog->type != BPF_PROG_TYPE_TRACING && - prog->type != BPF_PROG_TYPE_LSM && prog->type != BPF_PROG_TYPE_KPROBE) { - verbose(env, "Only fentry/fexit/fmod_ret, lsm, and kprobe/uprobe programs can be sleepable\n"); + if (prog->aux->sleepable && !can_be_sleepable(prog)) { + verbose(env, "Only fentry/fexit/fmod_ret, lsm, iter and kprobe/uprobe programs can be sleepable\n"); return -EINVAL; } ^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-01-16 12:56 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2023-01-11 10:11 [PATCHv2 bpf-next 1/2] bpf: Do not allow to load sleepable BPF_TRACE_RAW_TP program Jiri Olsa 2023-01-11 10:11 ` [PATCHv2 bpf-next 2/2] bpf/selftests: Add verifier tests for loading sleepable programs Jiri Olsa 2023-01-11 17:22 ` Song Liu 2023-01-11 17:22 ` [PATCHv2 bpf-next 1/2] bpf: Do not allow to load sleepable BPF_TRACE_RAW_TP program Song Liu 2023-01-15 21:21 ` Alexei Starovoitov 2023-01-16 12:53 ` Jiri Olsa
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.