From: Alan Maguire <alan.maguire@oracle.com>
To: andrii@kernel.org, ast@kernel.org
Cc: daniel@iogearbox.net, martin.lau@linux.dev, eddyz87@gmail.com,
song@kernel.org, yonghong.song@linux.dev,
john.fastabend@gmail.com, kpsingh@kernel.org, sdf@fomichev.me,
haoluo@google.com, jolsa@kernel.org, qmo@kernel.org,
ihor.solodrai@linux.dev, dwarves@vger.kernel.org,
bpf@vger.kernel.org, ttreyer@meta.com,
Alan Maguire <alan.maguire@oracle.com>
Subject: [PATCH v6 bpf-next 06/10] btf: support kernel parsing of BTF with kind layout
Date: Wed, 10 Dec 2025 20:32:39 +0000 [thread overview]
Message-ID: <20251210203243.814529-7-alan.maguire@oracle.com> (raw)
In-Reply-To: <20251210203243.814529-1-alan.maguire@oracle.com>
Validate kind layout if present, but because the kernel must be
strict in what it accepts, reject BTF with unsupported kinds,
even if they are in the kind layout information.
Signed-off-by: Alan Maguire <alan.maguire@oracle.com>
---
kernel/bpf/btf.c | 96 ++++++++++++++++++++++++++++++++++++++----------
1 file changed, 76 insertions(+), 20 deletions(-)
diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
index 0de8fc8a0e0b..eb4ac78b453a 100644
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -268,6 +268,7 @@ struct btf {
struct btf_id_dtor_kfunc_tab *dtor_kfunc_tab;
struct btf_struct_metas *struct_meta_tab;
struct btf_struct_ops_tab *struct_ops_tab;
+ struct btf_kind_layout *kind_layout;
/* split BTF support */
struct btf *base_btf;
@@ -5215,23 +5216,36 @@ static s32 btf_check_meta(struct btf_verifier_env *env,
return -EINVAL;
}
- if (BTF_INFO_KIND(t->info) > BTF_KIND_MAX ||
- BTF_INFO_KIND(t->info) == BTF_KIND_UNKN) {
+ if (!btf_name_offset_valid(env->btf, t->name_off)) {
+ btf_verifier_log(env, "[%u] Invalid name_offset:%u",
+ env->log_type_id, t->name_off);
+ return -EINVAL;
+ }
+
+ if (BTF_INFO_KIND(t->info) == BTF_KIND_UNKN) {
btf_verifier_log(env, "[%u] Invalid kind:%u",
env->log_type_id, BTF_INFO_KIND(t->info));
return -EINVAL;
}
- if (!btf_name_offset_valid(env->btf, t->name_off)) {
- btf_verifier_log(env, "[%u] Invalid name_offset:%u",
- env->log_type_id, t->name_off);
+ if (BTF_INFO_KIND(t->info) > BTF_KIND_MAX && env->btf->kind_layout &&
+ (BTF_INFO_KIND(t->info) * sizeof(struct btf_kind_layout)) <
+ env->btf->hdr.kind_layout_len) {
+ btf_verifier_log(env, "[%u] unknown but required kind %u",
+ env->log_type_id,
+ BTF_INFO_KIND(t->info));
return -EINVAL;
+ } else {
+ if (BTF_INFO_KIND(t->info) > BTF_KIND_MAX) {
+ btf_verifier_log(env, "[%u] Invalid kind:%u",
+ env->log_type_id, BTF_INFO_KIND(t->info));
+ return -EINVAL;
+ }
+ var_meta_size = btf_type_ops(t)->check_meta(env, t, meta_left);
+ if (var_meta_size < 0)
+ return var_meta_size;
}
- var_meta_size = btf_type_ops(t)->check_meta(env, t, meta_left);
- if (var_meta_size < 0)
- return var_meta_size;
-
meta_left -= var_meta_size;
return saved_meta_left - meta_left;
@@ -5405,7 +5419,8 @@ static int btf_parse_str_sec(struct btf_verifier_env *env)
start = btf->nohdr_data + hdr->str_off;
end = start + hdr->str_len;
- if (end != btf->data + btf->data_size) {
+ if (hdr->hdr_len < sizeof(struct btf_header) &&
+ end != btf->data + btf->data_size) {
btf_verifier_log(env, "String section is not at the end");
return -EINVAL;
}
@@ -5426,9 +5441,41 @@ static int btf_parse_str_sec(struct btf_verifier_env *env)
return 0;
}
+static int btf_parse_kind_layout_sec(struct btf_verifier_env *env)
+{
+ const struct btf_header *hdr = &env->btf->hdr;
+ struct btf *btf = env->btf;
+ void *start, *end;
+
+ if (hdr->hdr_len < sizeof(struct btf_header) ||
+ hdr->kind_layout_len == 0)
+ return 0;
+
+ /* Kind layout section must align to 4 bytes */
+ if (hdr->kind_layout_off & (sizeof(u32) - 1)) {
+ btf_verifier_log(env, "Unaligned kind_layout_off");
+ return -EINVAL;
+ }
+ start = btf->nohdr_data + hdr->kind_layout_off;
+ end = start + hdr->kind_layout_len;
+
+ if (hdr->kind_layout_len < sizeof(struct btf_kind_layout)) {
+ btf_verifier_log(env, "Kind layout section is too small");
+ return -EINVAL;
+ }
+ if (end != btf->data + btf->data_size) {
+ btf_verifier_log(env, "Kind layout section is not at the end");
+ return -EINVAL;
+ }
+ btf->kind_layout = start;
+
+ return 0;
+}
+
static const size_t btf_sec_info_offset[] = {
offsetof(struct btf_header, type_off),
offsetof(struct btf_header, str_off),
+ offsetof(struct btf_header, kind_layout_off),
};
static int btf_sec_info_cmp(const void *a, const void *b)
@@ -5443,44 +5490,49 @@ static int btf_check_sec_info(struct btf_verifier_env *env,
u32 btf_data_size)
{
struct btf_sec_info secs[ARRAY_SIZE(btf_sec_info_offset)];
- u32 total, expected_total, i;
+ u32 nr_secs = ARRAY_SIZE(btf_sec_info_offset);
+ u32 total, expected_total, gap, i;
const struct btf_header *hdr;
const struct btf *btf;
btf = env->btf;
hdr = &btf->hdr;
+ if (hdr->hdr_len < sizeof(struct btf_header))
+ nr_secs--;
+
/* Populate the secs from hdr */
- for (i = 0; i < ARRAY_SIZE(btf_sec_info_offset); i++)
+ for (i = 0; i < nr_secs; i++)
secs[i] = *(struct btf_sec_info *)((void *)hdr +
btf_sec_info_offset[i]);
- sort(secs, ARRAY_SIZE(btf_sec_info_offset),
+ sort(secs, nr_secs,
sizeof(struct btf_sec_info), btf_sec_info_cmp, NULL);
/* Check for gaps and overlap among sections */
total = 0;
expected_total = btf_data_size - hdr->hdr_len;
- for (i = 0; i < ARRAY_SIZE(btf_sec_info_offset); i++) {
+ for (i = 0; i < nr_secs; i++) {
if (expected_total < secs[i].off) {
btf_verifier_log(env, "Invalid section offset");
return -EINVAL;
}
- if (total < secs[i].off) {
- /* gap */
- btf_verifier_log(env, "Unsupported section found");
- return -EINVAL;
- }
if (total > secs[i].off) {
btf_verifier_log(env, "Section overlap found");
return -EINVAL;
}
+ gap = secs[i].off - total;
+ if (gap >= 4) {
+ /* gap larger than alignment gap */
+ btf_verifier_log(env, "Unsupported section found");
+ return -EINVAL;
+ }
if (expected_total - total < secs[i].len) {
btf_verifier_log(env,
"Total section length too long");
return -EINVAL;
}
- total += secs[i].len;
+ total += secs[i].len + gap;
}
/* There is data other than hdr and known sections */
@@ -5816,6 +5868,10 @@ static struct btf *btf_parse(const union bpf_attr *attr, bpfptr_t uattr, u32 uat
if (err)
goto errout;
+ err = btf_parse_kind_layout_sec(env);
+ if (err)
+ goto errout;
+
err = btf_parse_type_sec(env);
if (err)
goto errout;
--
2.43.5
next prev parent reply other threads:[~2025-12-10 20:33 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-10 20:32 [PATCH v6 bpf-next 00/10] Add kind layout to BTF Alan Maguire
2025-12-10 20:32 ` [PATCH v6 bpf-next 01/10] btf: add kind layout encoding to UAPI Alan Maguire
2025-12-10 20:55 ` bot+bpf-ci
2025-12-13 2:52 ` Mykyta Yatsenko
2025-12-10 20:32 ` [PATCH v6 bpf-next 02/10] libbpf: Support kind layout section handling in BTF Alan Maguire
2025-12-10 20:55 ` bot+bpf-ci
2025-12-11 8:31 ` Alan Maguire
2025-12-13 3:37 ` Mykyta Yatsenko
2025-12-10 20:32 ` [PATCH v6 bpf-next 03/10] libbpf: use kind layout to compute an unknown kind size Alan Maguire
2025-12-10 20:55 ` bot+bpf-ci
2025-12-11 8:33 ` Alan Maguire
2025-12-13 3:51 ` Mykyta Yatsenko
2025-12-10 20:32 ` [PATCH v6 bpf-next 04/10] libbpf: Add kind layout encoding support Alan Maguire
2025-12-10 20:55 ` bot+bpf-ci
2025-12-11 8:36 ` Alan Maguire
2025-12-11 10:23 ` Alan Maguire
2025-12-10 20:32 ` [PATCH v6 bpf-next 05/10] libbpf: BTF validation can use kind layout for unknown kinds Alan Maguire
2025-12-10 20:55 ` bot+bpf-ci
2025-12-10 20:32 ` Alan Maguire [this message]
2025-12-10 20:32 ` [PATCH v6 bpf-next 07/10] selftests/bpf: test kind encoding/decoding Alan Maguire
2025-12-10 20:55 ` bot+bpf-ci
2025-12-10 20:32 ` [PATCH v6 bpf-next 08/10] bpftool: add BTF dump "format meta" to dump header/metadata Alan Maguire
2025-12-10 20:55 ` bot+bpf-ci
2025-12-10 20:32 ` [PATCH v6 bpf-next 09/10] bpftool: Update doc to describe bpftool btf dump .. format metadata Alan Maguire
2025-12-10 20:32 ` [PATCH v6 bpf-next 10/10] kbuild, bpf: Specify "kind_layout" optional feature Alan Maguire
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251210203243.814529-7-alan.maguire@oracle.com \
--to=alan.maguire@oracle.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=dwarves@vger.kernel.org \
--cc=eddyz87@gmail.com \
--cc=haoluo@google.com \
--cc=ihor.solodrai@linux.dev \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=martin.lau@linux.dev \
--cc=qmo@kernel.org \
--cc=sdf@fomichev.me \
--cc=song@kernel.org \
--cc=ttreyer@meta.com \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).