From: Eduard Zingerman <eddyz87@gmail.com>
To: Mykyta Yatsenko <mykyta.yatsenko5@gmail.com>,
bpf@vger.kernel.org, ast@kernel.org, andrii@kernel.org,
daniel@iogearbox.net, kafai@meta.com, kernel-team@meta.com,
memxor@gmail.com
Cc: Mykyta Yatsenko <yatsenko@meta.com>
Subject: Re: [PATCH bpf-next v3 2/7] bpf: extract generic helper from process_timer_func()
Date: Fri, 05 Sep 2025 14:15:28 -0700 [thread overview]
Message-ID: <e7fb3f7ee5da846cfa0a477a5d31ce032416b4ee.camel@gmail.com> (raw)
In-Reply-To: <20250905164508.1489482-3-mykyta.yatsenko5@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1005 bytes --]
On Fri, 2025-09-05 at 17:45 +0100, Mykyta Yatsenko wrote:
> From: Mykyta Yatsenko <yatsenko@meta.com>
>
> Refactor the verifier by pulling the common logic from
> process_timer_func() into a dedicated helper. This allows reusing
> process_async_func() helper for verifying bpf_task_work struct in the
> next patch.
>
> Signed-off-by: Mykyta Yatsenko <yatsenko@meta.com>
> ---
The discrepancy between bpf_call_arg_meta and bpf_kfunc_call_arg_meta
is unfortunate. Maybe the bigger refactoring is possible.
Wdyt about avoiding pointers to pointers and accepting some code
duplication for now? E.g. rename process_async_func:
/* Check if @regno is a pointer to a specific field in a map value */
static int check_map_field_pointer(struct bpf_verifier_env *env,
u32 regno,
enum btf_field_type field_type,
u32 field_off)
And proceed as in the attached patch?
[...]
[-- Attachment #2: check_map_field_pointer.diff --]
[-- Type: text/x-patch, Size: 3254 bytes --]
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 6152536a834f..76dad7e0db5f 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -8522,15 +8522,17 @@ static int process_spin_lock(struct bpf_verifier_env *env, int regno, int flags)
return 0;
}
-static int process_async_func(struct bpf_verifier_env *env, int regno, struct bpf_map **map_ptr,
- int *map_uid, u32 rec_off, enum btf_field_type field_type,
- const char *struct_name)
+/* Check if @regno is a pointer to a specific field in a map value */
+static int check_map_field_pointer(struct bpf_verifier_env *env,
+ u32 regno,
+ enum btf_field_type field_type,
+ u32 field_off)
{
struct bpf_reg_state *regs = cur_regs(env), *reg = ®s[regno];
+ const char *struct_name = btf_field_type_name(field_type);
bool is_const = tnum_is_const(reg->var_off);
struct bpf_map *map = reg->map_ptr;
u64 val = reg->var_off.value;
- int *struct_off = (void *)map->record + rec_off;
if (!is_const) {
verbose(env,
@@ -8547,25 +8549,30 @@ static int process_async_func(struct bpf_verifier_env *env, int regno, struct bp
verbose(env, "map '%s' has no valid %s\n", map->name, struct_name);
return -EINVAL;
}
- if (*struct_off != val + reg->off) {
+ if (field_off != val + reg->off) {
verbose(env, "off %lld doesn't point to 'struct %s' that is at %d\n",
- val + reg->off, struct_name, *struct_off);
+ val + reg->off, struct_name, field_off);
return -EINVAL;
}
- if (*map_ptr) {
- verifier_bug(env, "Two map pointers in a %s helper", struct_name);
- return -EFAULT;
- }
- *map_uid = reg->map_uid;
- *map_ptr = map;
return 0;
}
static int process_timer_func(struct bpf_verifier_env *env, int regno,
struct bpf_call_arg_meta *meta)
{
- return process_async_func(env, regno, &meta->map_ptr, &meta->map_uid,
- offsetof(struct btf_record, timer_off), BPF_TIMER, "bpf_timer");
+ struct bpf_reg_state *regs = cur_regs(env), *reg = ®s[regno];
+ int err;
+
+ err = check_map_field_pointer(env, regno, BPF_TIMER, offsetof(struct btf_record, timer_off));
+ if (err)
+ return err;
+
+ if (verifier_bug_if(meta->map_ptr, env, "Two map pointers in a bpf_timer helper"))
+ return -EFAULT;
+
+ meta->map_ptr = reg->map_ptr;
+ meta->map_uid = reg->map_uid;
+ return 0;
}
static int process_wq_func(struct bpf_verifier_env *env, int regno,
@@ -8588,9 +8595,20 @@ static int process_wq_func(struct bpf_verifier_env *env, int regno,
static int process_task_work_func(struct bpf_verifier_env *env, int regno,
struct bpf_kfunc_call_arg_meta *meta)
{
- return process_async_func(env, regno, &meta->map.ptr, &meta->map.uid,
- offsetof(struct btf_record, task_work_off), BPF_TASK_WORK,
- "bpf_task_work");
+ struct bpf_reg_state *regs = cur_regs(env), *reg = ®s[regno];
+ int err;
+
+ err = check_map_field_pointer(env, regno, BPF_TASK_WORK,
+ offsetof(struct btf_record, task_work_off));
+ if (err)
+ return err;
+
+ if (verifier_bug_if(meta->map.ptr, env, "Two map pointers in a bpf_task_work helper"))
+ return -EFAULT;
+
+ meta->map.ptr = reg->map_ptr;
+ meta->map.uid = reg->map_uid;
+ return 0;
}
static int process_kptr_func(struct bpf_verifier_env *env, int regno,
next prev parent reply other threads:[~2025-09-05 21:15 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-05 16:44 [PATCH bpf-next v3 0/7] bpf: Introduce deferred task context execution Mykyta Yatsenko
2025-09-05 16:44 ` [PATCH bpf-next v3 1/7] bpf: refactor special field-type detection Mykyta Yatsenko
2025-09-05 19:36 ` Eduard Zingerman
2025-09-05 21:29 ` Andrii Nakryiko
2025-09-05 16:45 ` [PATCH bpf-next v3 2/7] bpf: extract generic helper from process_timer_func() Mykyta Yatsenko
2025-09-05 21:15 ` Eduard Zingerman [this message]
2025-09-05 21:28 ` Eduard Zingerman
2025-09-05 21:31 ` Andrii Nakryiko
2025-09-05 21:32 ` Eduard Zingerman
2025-09-05 21:29 ` Andrii Nakryiko
2025-09-05 16:45 ` [PATCH bpf-next v3 3/7] bpf: htab: extract helper for freeing special structs Mykyta Yatsenko
2025-09-05 21:31 ` Andrii Nakryiko
2025-09-05 21:31 ` Eduard Zingerman
2025-09-05 16:45 ` [PATCH bpf-next v3 4/7] bpf: bpf task work plumbing Mykyta Yatsenko
2025-09-05 21:31 ` Andrii Nakryiko
2025-09-05 23:09 ` Eduard Zingerman
2025-09-15 15:59 ` Mykyta Yatsenko
2025-09-15 20:12 ` Andrii Nakryiko
2025-09-15 20:20 ` Mykyta Yatsenko
2025-09-15 20:28 ` Andrii Nakryiko
2025-09-05 16:45 ` [PATCH bpf-next v3 5/7] bpf: extract map key pointer calculation Mykyta Yatsenko
2025-09-05 21:31 ` Andrii Nakryiko
2025-09-05 23:19 ` Eduard Zingerman
2025-09-08 13:39 ` Mykyta Yatsenko
2025-09-08 17:18 ` Eduard Zingerman
2025-09-05 16:45 ` [PATCH bpf-next v3 6/7] bpf: task work scheduling kfuncs Mykyta Yatsenko
2025-09-05 21:31 ` Andrii Nakryiko
2025-09-06 20:22 ` Eduard Zingerman
2025-09-08 13:13 ` Mykyta Yatsenko
2025-09-08 17:38 ` Eduard Zingerman
2025-09-09 3:42 ` Andrii Nakryiko
2025-09-09 4:15 ` Eduard Zingerman
2025-09-09 3:33 ` Andrii Nakryiko
2025-09-09 4:05 ` Eduard Zingerman
2025-09-10 14:14 ` Andrii Nakryiko
2025-09-09 17:49 ` Chris Mason
2025-09-09 18:59 ` Mykyta Yatsenko
2025-09-05 16:45 ` [PATCH bpf-next v3 7/7] selftests/bpf: BPF task work scheduling tests Mykyta Yatsenko
2025-09-05 21:31 ` Andrii Nakryiko
2025-09-08 7:43 ` Eduard Zingerman
2025-09-08 13:21 ` Mykyta Yatsenko
2025-09-08 18:23 ` Eduard Zingerman
2025-09-09 3:44 ` Andrii Nakryiko
2025-09-08 18:23 ` Eduard Zingerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e7fb3f7ee5da846cfa0a477a5d31ce032416b4ee.camel@gmail.com \
--to=eddyz87@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=kafai@meta.com \
--cc=kernel-team@meta.com \
--cc=memxor@gmail.com \
--cc=mykyta.yatsenko5@gmail.com \
--cc=yatsenko@meta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.