From: Alexei Starovoitov <alexei.starovoitov@gmail.com>
To: Dave Marchevsky <davemarchevsky@fb.com>
Cc: bpf@vger.kernel.org, Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
Kernel Team <kernel-team@fb.com>,
Kumar Kartikeya Dwivedi <memxor@gmail.com>,
Tejun Heo <tj@kernel.org>
Subject: Re: [PATCH v2 bpf-next 09/13] bpf: Special verifier handling for bpf_rbtree_{remove, first}
Date: Wed, 28 Dec 2022 20:02:38 -0800 [thread overview]
Message-ID: <20221229040238.b2sbmsnz7rapdthd@MacBook-Pro-6.local> (raw)
In-Reply-To: <20221217082506.1570898-10-davemarchevsky@fb.com>
On Sat, Dec 17, 2022 at 12:25:02AM -0800, Dave Marchevsky wrote:
> Newly-added bpf_rbtree_{remove,first} kfuncs have some special properties
> that require handling in the verifier:
>
> * both bpf_rbtree_remove and bpf_rbtree_first return the type containing
> the bpf_rb_node field, with the offset set to that field's offset,
> instead of a struct bpf_rb_node *
> * mark_reg_graph_node helper added in previous patch generalizes
> this logic, use it
>
> * bpf_rbtree_remove's node input is a node that's been inserted
> in the tree - a non-owning reference.
>
> * bpf_rbtree_remove must invalidate non-owning references in order to
> avoid aliasing issue. Add KF_INVALIDATE_NON_OWN flag, which
> indicates that the marked kfunc is a non-owning ref invalidation
> point, and associated verifier logic using previously-added
> invalidate_non_owning_refs helper.
>
> * Unlike other functions, which convert one of their input arg regs to
> non-owning reference, bpf_rbtree_first takes no arguments and just
> returns a non-owning reference (possibly null)
> * For now verifier logic for this is special-cased instead of
> adding new kfunc flag.
>
> This patch, along with the previous one, complete special verifier
> handling for all rbtree API functions added in this series.
>
> Signed-off-by: Dave Marchevsky <davemarchevsky@fb.com>
> ---
> include/linux/btf.h | 1 +
> kernel/bpf/helpers.c | 2 +-
> kernel/bpf/verifier.c | 34 ++++++++++++++++++++++++++++------
> 3 files changed, 30 insertions(+), 7 deletions(-)
>
> diff --git a/include/linux/btf.h b/include/linux/btf.h
> index 8aee3f7f4248..3663911bb7c0 100644
> --- a/include/linux/btf.h
> +++ b/include/linux/btf.h
> @@ -72,6 +72,7 @@
> #define KF_DESTRUCTIVE (1 << 6) /* kfunc performs destructive actions */
> #define KF_RCU (1 << 7) /* kfunc only takes rcu pointer arguments */
> #define KF_RELEASE_NON_OWN (1 << 8) /* kfunc converts its referenced arg into non-owning ref */
> +#define KF_INVALIDATE_NON_OWN (1 << 9) /* kfunc invalidates non-owning refs after return */
>
> /*
> * Return the name of the passed struct, if exists, or halt the build if for
> diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
> index de4523c777b7..0e6d010e6423 100644
> --- a/kernel/bpf/helpers.c
> +++ b/kernel/bpf/helpers.c
> @@ -2121,7 +2121,7 @@ BTF_ID_FLAGS(func, bpf_task_acquire, KF_ACQUIRE | KF_TRUSTED_ARGS)
> BTF_ID_FLAGS(func, bpf_task_acquire_not_zero, KF_ACQUIRE | KF_RCU | KF_RET_NULL)
> BTF_ID_FLAGS(func, bpf_task_kptr_get, KF_ACQUIRE | KF_KPTR_GET | KF_RET_NULL)
> BTF_ID_FLAGS(func, bpf_task_release, KF_RELEASE)
> -BTF_ID_FLAGS(func, bpf_rbtree_remove, KF_ACQUIRE)
> +BTF_ID_FLAGS(func, bpf_rbtree_remove, KF_ACQUIRE | KF_INVALIDATE_NON_OWN)
I don't like this 'generalization' either.
> BTF_ID_FLAGS(func, bpf_rbtree_add, KF_RELEASE | KF_RELEASE_NON_OWN)
> BTF_ID_FLAGS(func, bpf_rbtree_first, KF_RET_NULL)
>
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 75979f78399d..b4bf3701de7f 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -8393,6 +8393,11 @@ static bool is_kfunc_release_non_own(struct bpf_kfunc_call_arg_meta *meta)
> return meta->kfunc_flags & KF_RELEASE_NON_OWN;
> }
>
> +static bool is_kfunc_invalidate_non_own(struct bpf_kfunc_call_arg_meta *meta)
> +{
> + return meta->kfunc_flags & KF_INVALIDATE_NON_OWN;
> +}
> +
> static bool is_kfunc_trusted_args(struct bpf_kfunc_call_arg_meta *meta)
> {
> return meta->kfunc_flags & KF_TRUSTED_ARGS;
> @@ -9425,10 +9430,20 @@ static int check_kfunc_args(struct bpf_verifier_env *env, struct bpf_kfunc_call_
> verbose(env, "arg#%d expected pointer to allocated object\n", i);
> return -EINVAL;
> }
> - if (!reg->ref_obj_id) {
> + if (meta->func_id == special_kfunc_list[KF_bpf_rbtree_remove]) {
> + if (reg->ref_obj_id) {
> + verbose(env, "rbtree_remove node input must be non-owning ref\n");
> + return -EINVAL;
> + }
> + if (in_rbtree_lock_required_cb(env)) {
> + verbose(env, "rbtree_remove not allowed in rbtree cb\n");
> + return -EINVAL;
> + }
> + } else if (!reg->ref_obj_id) {
> verbose(env, "allocated object must be referenced\n");
> return -EINVAL;
> }
> +
> ret = process_kf_arg_ptr_to_rbtree_node(env, reg, regno, meta);
> if (ret < 0)
> return ret;
> @@ -9665,11 +9680,12 @@ static int check_kfunc_call(struct bpf_verifier_env *env, struct bpf_insn *insn,
> meta.func_id == special_kfunc_list[KF_bpf_list_pop_back]) {
> struct btf_field *field = meta.arg_list_head.field;
>
> - mark_reg_known_zero(env, regs, BPF_REG_0);
> - regs[BPF_REG_0].type = PTR_TO_BTF_ID | MEM_ALLOC;
> - regs[BPF_REG_0].btf = field->graph_root.btf;
> - regs[BPF_REG_0].btf_id = field->graph_root.value_btf_id;
> - regs[BPF_REG_0].off = field->graph_root.node_offset;
> + mark_reg_graph_node(regs, BPF_REG_0, &field->graph_root);
> + } else if (meta.func_id == special_kfunc_list[KF_bpf_rbtree_remove] ||
Just call invalidate_non_owning_refs() here since it needs to be a special case anyway.
> + meta.func_id == special_kfunc_list[KF_bpf_rbtree_first]) {
> + struct btf_field *field = meta.arg_rbtree_root.field;
> +
> + mark_reg_graph_node(regs, BPF_REG_0, &field->graph_root);
> } else if (meta.func_id == special_kfunc_list[KF_bpf_cast_to_kern_ctx]) {
> mark_reg_known_zero(env, regs, BPF_REG_0);
> regs[BPF_REG_0].type = PTR_TO_BTF_ID | PTR_TRUSTED;
> @@ -9735,7 +9751,13 @@ static int check_kfunc_call(struct bpf_verifier_env *env, struct bpf_insn *insn,
> if (is_kfunc_ret_null(&meta))
> regs[BPF_REG_0].id = id;
> regs[BPF_REG_0].ref_obj_id = id;
> + } else if (meta.func_id == special_kfunc_list[KF_bpf_rbtree_first]) {
> + ref_set_non_owning_lock(env, ®s[BPF_REG_0]);
> }
> +
> + if (is_kfunc_invalidate_non_own(&meta))
> + invalidate_non_owning_refs(env, &env->cur_state->active_lock);
> +
> if (reg_may_point_to_spin_lock(®s[BPF_REG_0]) && !regs[BPF_REG_0].id)
> regs[BPF_REG_0].id = ++env->id_gen;
> } /* else { add_kfunc_call() ensures it is btf_type_is_void(t) } */
> --
> 2.30.2
>
next prev parent reply other threads:[~2022-12-29 4:02 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-17 8:24 [PATCH v2 bpf-next 00/13] BPF rbtree next-gen datastructure Dave Marchevsky
2022-12-17 8:24 ` [PATCH v2 bpf-next 01/13] bpf: Support multiple arg regs w/ ref_obj_id for kfuncs Dave Marchevsky
2022-12-29 3:24 ` Alexei Starovoitov
2022-12-29 6:40 ` David Vernet
2022-12-29 16:50 ` Alexei Starovoitov
2022-12-29 17:00 ` David Vernet
2023-01-17 17:26 ` Dave Marchevsky
2023-01-17 17:36 ` Alexei Starovoitov
2023-01-17 23:12 ` Dave Marchevsky
2023-01-20 5:13 ` David Vernet
2022-12-17 8:24 ` [PATCH v2 bpf-next 02/13] bpf: Migrate release_on_unlock logic to non-owning ref semantics Dave Marchevsky
2022-12-17 9:21 ` Dave Marchevsky
2022-12-23 10:51 ` Dan Carpenter
2022-12-28 23:46 ` David Vernet
2022-12-29 15:39 ` David Vernet
2022-12-29 3:56 ` Alexei Starovoitov
2022-12-29 16:54 ` David Vernet
2023-01-17 16:54 ` Dave Marchevsky
2023-01-17 16:07 ` Dave Marchevsky
2023-01-17 16:56 ` Alexei Starovoitov
2022-12-17 8:24 ` [PATCH v2 bpf-next 03/13] selftests/bpf: Update linked_list tests for " Dave Marchevsky
2022-12-17 8:24 ` [PATCH v2 bpf-next 04/13] bpf: rename list_head -> graph_root in field info types Dave Marchevsky
2022-12-17 8:24 ` [PATCH v2 bpf-next 05/13] bpf: Add basic bpf_rb_{root,node} support Dave Marchevsky
2022-12-17 8:24 ` [PATCH v2 bpf-next 06/13] bpf: Add bpf_rbtree_{add,remove,first} kfuncs Dave Marchevsky
2022-12-17 8:25 ` [PATCH v2 bpf-next 07/13] bpf: Add support for bpf_rb_root and bpf_rb_node in kfunc args Dave Marchevsky
2022-12-29 4:00 ` Alexei Starovoitov
2022-12-17 8:25 ` [PATCH v2 bpf-next 08/13] bpf: Add callback validation to kfunc verifier logic Dave Marchevsky
2022-12-17 8:25 ` [PATCH v2 bpf-next 09/13] bpf: Special verifier handling for bpf_rbtree_{remove, first} Dave Marchevsky
2022-12-29 4:02 ` Alexei Starovoitov [this message]
2022-12-17 8:25 ` [PATCH v2 bpf-next 10/13] bpf: Add bpf_rbtree_{add,remove,first} decls to bpf_experimental.h Dave Marchevsky
2022-12-17 8:25 ` [PATCH v2 bpf-next 11/13] libbpf: Make BTF mandatory if program BTF has spin_lock or alloc_obj type Dave Marchevsky
2022-12-22 18:50 ` Andrii Nakryiko
2022-12-17 8:25 ` [PATCH v2 bpf-next 12/13] selftests/bpf: Add rbtree selftests Dave Marchevsky
2022-12-17 8:25 ` [PATCH v2 bpf-next 13/13] bpf, documentation: Add graph documentation for non-owning refs Dave Marchevsky
2022-12-28 21:26 ` David Vernet
2023-01-18 2:16 ` Dave Marchevsky
2023-01-20 4:45 ` David Vernet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221229040238.b2sbmsnz7rapdthd@MacBook-Pro-6.local \
--to=alexei.starovoitov@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davemarchevsky@fb.com \
--cc=kernel-team@fb.com \
--cc=memxor@gmail.com \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox