From: Yonghong Song <yonghong.song@linux.dev>
To: Chuyi Zhou <zhouchuyi@bytedance.com>, bpf@vger.kernel.org
Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org,
martin.lau@kernel.org
Subject: Re: [PATCH bpf 1/2] bpf: Let verifier consider {task,cgroup} is trusted in bpf_iter_reg
Date: Mon, 6 Nov 2023 10:26:14 -0800 [thread overview]
Message-ID: <b7f188bd-d131-4e52-a5fd-edbc58a3c529@linux.dev> (raw)
In-Reply-To: <20231105133458.1315620-2-zhouchuyi@bytedance.com>
On 11/5/23 5:34 AM, Chuyi Zhou wrote:
> BTF_TYPE_SAFE_TRUSTED(struct bpf_iter__task) in verifier.c wanted to
> teach BPF verifier that bpf_iter__task -> task is a trusted ptr. But it
> doesn't work well.
>
> The reason is, bpf_iter__task -> task would go through btf_ctx_access()
> which enforces the reg_type of 'task' is ctx_arg_info->reg_type, and in
> task_iter.c, we actually explicitly declare that the
> ctx_arg_info->reg_type is PTR_TO_BTF_ID_OR_NULL.
>
> This patch sets ctx_arg_info->reg_type is PTR_TO_BTF_ID_OR_NULL |
> PTR_TRUSTED in task_reg_info.
Actually we have a previous case like this. See
https://lore.kernel.org/all/20230706133932.45883-3-aspsk@isovalent.com/
where PTR_TRUSTED is added to the arg flag for map_iter.
You could mention this case in your commit message.
>
> Similarly, bpf_cgroup_reg_info -> cgroup is also PTR_TRUSTED since we are
> under the protection of cgroup_mutex and we would check cgroup_is_dead()
> in __cgroup_iter_seq_show().
>
> Signed-off-by: Chuyi Zhou <zhouchuyi@bytedance.com>
Acked-by: Yonghong Song <yonghong.song@linux.dev>
> ---
> kernel/bpf/cgroup_iter.c | 2 +-
> kernel/bpf/task_iter.c | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/kernel/bpf/cgroup_iter.c b/kernel/bpf/cgroup_iter.c
> index d1b5c5618..f04a468cf 100644
> --- a/kernel/bpf/cgroup_iter.c
> +++ b/kernel/bpf/cgroup_iter.c
> @@ -282,7 +282,7 @@ static struct bpf_iter_reg bpf_cgroup_reg_info = {
> .ctx_arg_info_size = 1,
> .ctx_arg_info = {
> { offsetof(struct bpf_iter__cgroup, cgroup),
> - PTR_TO_BTF_ID_OR_NULL },
> + PTR_TO_BTF_ID_OR_NULL | PTR_TRUSTED },
> },
> .seq_info = &cgroup_iter_seq_info,
> };
> diff --git a/kernel/bpf/task_iter.c b/kernel/bpf/task_iter.c
> index 4e156dca4..26082b978 100644
> --- a/kernel/bpf/task_iter.c
> +++ b/kernel/bpf/task_iter.c
> @@ -704,7 +704,7 @@ static struct bpf_iter_reg task_reg_info = {
> .ctx_arg_info_size = 1,
> .ctx_arg_info = {
> { offsetof(struct bpf_iter__task, task),
> - PTR_TO_BTF_ID_OR_NULL },
> + PTR_TO_BTF_ID_OR_NULL | PTR_TRUSTED },
> },
> .seq_info = &task_seq_info,
> .fill_link_info = bpf_iter_fill_link_info,
next prev parent reply other threads:[~2023-11-06 18:26 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-05 13:34 [PATCH bpf 0/2] Let BPF verifier consider {task,cgroup} is trusted in bpf_iter_reg Chuyi Zhou
2023-11-05 13:34 ` [PATCH bpf 1/2] bpf: Let " Chuyi Zhou
2023-11-06 18:26 ` Yonghong Song [this message]
2023-11-07 2:23 ` Chuyi Zhou
2023-11-06 18:29 ` Martin KaFai Lau
2023-11-07 2:44 ` Chuyi Zhou
2023-11-07 6:52 ` Yonghong Song
2023-11-07 6:54 ` [External] " Chuyi Zhou
2023-11-05 13:34 ` [PATCH bpf 2/2] selftests/bpf: get trusted cgrp from bpf_iter__cgroup directly Chuyi Zhou
2023-11-06 18:35 ` Yonghong Song
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b7f188bd-d131-4e52-a5fd-edbc58a3c529@linux.dev \
--to=yonghong.song@linux.dev \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=martin.lau@kernel.org \
--cc=zhouchuyi@bytedance.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.