From: Eduard Zingerman <eddyz87@gmail.com>
To: Benjamin Tissoires <bentiss@kernel.org>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
John Fastabend <john.fastabend@gmail.com>,
Andrii Nakryiko <andrii@kernel.org>,
Martin KaFai Lau <martin.lau@linux.dev>,
Song Liu <song@kernel.org>,
Yonghong Song <yonghong.song@linux.dev>,
KP Singh <kpsingh@kernel.org>,
Stanislav Fomichev <sdf@google.com>, Hao Luo <haoluo@google.com>,
Jiri Olsa <jolsa@kernel.org>, Jiri Kosina <jikos@kernel.org>,
Benjamin Tissoires <benjamin.tissoires@redhat.com>,
Jonathan Corbet <corbet@lwn.net>, Shuah Khan <shuah@kernel.org>
Cc: bpf@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-input@vger.kernel.org, linux-doc@vger.kernel.org,
linux-kselftest@vger.kernel.org
Subject: Re: [PATCH RFC bpf-next v3 05/16] bpf/verifier: add bpf_timer as a kfunc capable type
Date: Fri, 23 Feb 2024 02:22:55 +0200 [thread overview]
Message-ID: <dfbb1464e99e057d77f78395d985208d6510040d.camel@gmail.com> (raw)
In-Reply-To: <20240221-hid-bpf-sleepable-v3-5-1fb378ca6301@kernel.org>
On Wed, 2024-02-21 at 17:25 +0100, Benjamin Tissoires wrote:
[...]
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index f81c799b2c80..2b11687063ff 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -5444,6 +5444,26 @@ static int check_map_access(struct bpf_verifier_env *env, u32 regno,
> return -EACCES;
> }
> break;
> + case BPF_TIMER:
> + /* FIXME: kptr does the above, should we use the same? */
I don't think so.
Basically this allows double word reads / writes from timer address,
which probably should not be allowed.
The ACCESS_DIRECT is passed to check_map_access() from
check_mem_access() and I don't see points where check_mem_access()
call would be triggered for pointer parameter of kfunc
(unless it is accompanied by a size parameter).
I tried the following simple program and it verifies fine:
struct elem {
struct bpf_timer t;
};
struct {
__uint(type, BPF_MAP_TYPE_ARRAY);
__uint(max_entries, 2);
__type(key, int);
__type(value, struct elem);
} array SEC(".maps");
int bpf_timer_set_sleepable_cb
(struct bpf_timer *timer,
int (callback_fn)(void *map, int *key, struct bpf_timer *timer))
__ksym __weak;
static int cb_sleepable(void *map, int *key, struct bpf_timer *timer)
{
return 0;
}
SEC("fentry/bpf_fentry_test5")
int BPF_PROG2(test_sleepable, int, a)
{
struct bpf_timer *arr_timer;
int array_key = ARRAY;
arr_timer = bpf_map_lookup_elem(&array, &array_key);
if (!arr_timer)
return 0;
bpf_timer_init(arr_timer, &array, CLOCK_MONOTONIC);
bpf_timer_set_sleepable_cb(arr_timer, cb_sleepable);
bpf_timer_start(arr_timer, 0, 0);
return 0;
}
(in general, it would be easier to review if there were some test
cases to play with).
> + if (src != ACCESS_DIRECT) {
> + verbose(env, "bpf_timer cannot be accessed indirectly by helper\n");
> + return -EACCES;
> + }
> + if (!tnum_is_const(reg->var_off)) {
> + verbose(env, "bpf_timer access cannot have variable offset\n");
> + return -EACCES;
> + }
> + if (p != off + reg->var_off.value) {
> + verbose(env, "bpf_timer access misaligned expected=%u off=%llu\n",
> + p, off + reg->var_off.value);
> + return -EACCES;
> + }
> + if (size != bpf_size_to_bytes(BPF_DW)) {
> + verbose(env, "bpf_timer access size must be BPF_DW\n");
> + return -EACCES;
> + }
> + break;
> default:
> verbose(env, "%s cannot be accessed directly by load/store\n",
> btf_field_type_name(field->type));
[...]
next prev parent reply other threads:[~2024-02-23 0:23 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-21 16:25 [PATCH RFC bpf-next v3 00/16] sleepable bpf_timer (was: allow HID-BPF to do device IOs) Benjamin Tissoires
2024-02-21 16:25 ` [PATCH RFC bpf-next v3 01/16] bpf/verifier: allow more maps in sleepable bpf programs Benjamin Tissoires
2024-02-21 16:25 ` [PATCH RFC bpf-next v3 02/16] bpf/verifier: introduce in_sleepable() helper Benjamin Tissoires
2024-02-23 1:56 ` Alexei Starovoitov
2024-02-23 19:46 ` Benjamin Tissoires
2024-02-21 16:25 ` [PATCH RFC bpf-next v3 03/16] bpf/verifier: add is_async_callback_calling_insn() helper Benjamin Tissoires
2024-02-21 16:25 ` [PATCH RFC bpf-next v3 04/16] bpf/helpers: introduce sleepable bpf_timers Benjamin Tissoires
2024-02-22 8:05 ` Benjamin Tissoires
2024-02-22 11:50 ` Toke Høiland-Jørgensen
2024-02-22 20:47 ` Alexei Starovoitov
2024-02-22 22:40 ` Eduard Zingerman
2024-02-27 14:27 ` Benjamin Tissoires
2024-02-21 16:25 ` [PATCH RFC bpf-next v3 05/16] bpf/verifier: add bpf_timer as a kfunc capable type Benjamin Tissoires
2024-02-23 0:22 ` Eduard Zingerman [this message]
2024-02-23 0:26 ` Eduard Zingerman
2024-02-23 14:54 ` Eduard Zingerman
2024-02-21 16:25 ` [PATCH RFC bpf-next v3 06/16] bpf/helpers: introduce bpf_timer_set_sleepable_cb() kfunc Benjamin Tissoires
2024-02-22 20:53 ` Alexei Starovoitov
2024-02-23 15:10 ` Eduard Zingerman
2024-02-21 16:25 ` [PATCH RFC bpf-next v3 07/16] bpf/helpers: mark the callback of bpf_timer_set_sleepable_cb() as sleepable Benjamin Tissoires
2024-02-23 15:35 ` Eduard Zingerman
2024-02-21 16:25 ` [PATCH RFC bpf-next v3 08/16] bpf/verifier: do_misc_fixups for is_bpf_timer_set_sleepable_cb_kfunc Benjamin Tissoires
2024-02-23 16:00 ` Eduard Zingerman
2024-02-27 16:18 ` Benjamin Tissoires
2024-02-27 16:36 ` Eduard Zingerman
2024-02-27 16:51 ` Benjamin Tissoires
2024-02-28 1:49 ` Alexei Starovoitov
2024-02-28 11:01 ` Benjamin Tissoires
2024-02-21 16:25 ` [PATCH RFC bpf-next v3 09/16] HID: bpf/dispatch: regroup kfuncs definitions Benjamin Tissoires
2024-02-22 20:17 ` Eduard Zingerman
2024-02-23 19:44 ` Benjamin Tissoires
2024-02-21 16:25 ` [PATCH RFC bpf-next v3 10/16] HID: bpf: export hid_hw_output_report as a BPF kfunc Benjamin Tissoires
2024-02-21 16:25 ` [PATCH RFC bpf-next v3 11/16] selftests/hid: Add test for hid_bpf_hw_output_report Benjamin Tissoires
2024-02-21 16:25 ` [PATCH RFC bpf-next v3 12/16] HID: bpf: allow to inject HID event from BPF Benjamin Tissoires
2024-02-21 16:25 ` [PATCH RFC bpf-next v3 13/16] selftests/hid: add tests for hid_bpf_input_report Benjamin Tissoires
2024-02-21 16:25 ` [PATCH RFC bpf-next v3 14/16] HID: bpf: allow to use bpf_timer_set_sleepable_cb() in tracing callbacks Benjamin Tissoires
2024-02-21 16:25 ` [PATCH RFC bpf-next v3 15/16] selftests/hid: add test for bpf_timer Benjamin Tissoires
2024-02-21 16:25 ` [PATCH RFC bpf-next v3 16/16] selftests/hid: add KASAN to the VM tests Benjamin Tissoires
2024-02-23 16:19 ` [PATCH RFC bpf-next v3 00/16] sleepable bpf_timer (was: allow HID-BPF to do device IOs) Eduard Zingerman
2024-02-23 19:42 ` Benjamin Tissoires
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=dfbb1464e99e057d77f78395d985208d6510040d.camel@gmail.com \
--to=eddyz87@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=benjamin.tissoires@redhat.com \
--cc=bentiss@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=corbet@lwn.net \
--cc=daniel@iogearbox.net \
--cc=haoluo@google.com \
--cc=jikos@kernel.org \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-input@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=sdf@google.com \
--cc=shuah@kernel.org \
--cc=song@kernel.org \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.