Re: [PATCH bpf-next v4 08/10] bpf: verifier: refactor kfunc specialization

BPF List
 help / color / mirror / Atom feed

From: Eduard Zingerman <eddyz87@gmail.com>
To: Mykyta Yatsenko <mykyta.yatsenko5@gmail.com>,
	bpf@vger.kernel.org,  ast@kernel.org, andrii@kernel.org,
	daniel@iogearbox.net, kafai@meta.com,  kernel-team@meta.com,
	memxor@gmail.com
Cc: Mykyta Yatsenko <yatsenko@meta.com>
Subject: Re: [PATCH bpf-next v4 08/10] bpf: verifier: refactor kfunc specialization
Date: Tue, 21 Oct 2025 17:42:23 -0700	[thread overview]
Message-ID: <5f873de5d22d95133aedf31e4b2e1d81cfca4647.camel@gmail.com> (raw)
In-Reply-To: <20251021200334.220542-9-mykyta.yatsenko5@gmail.com>

On Tue, 2025-10-21 at 21:03 +0100, Mykyta Yatsenko wrote:
> From: Mykyta Yatsenko <yatsenko@meta.com>
> 
> Move kfunc specialization (function address substitution) to later stage
> of verification to support a new use case, where we need to take into
> consideration whether kfunc is called in sleepable context.
> 
> Minor refactoring in add_kfunc_call(), making sure that if function
> fails, kfunc desc is not added to tab->descs (previously it could be
> added or not, depending on what failed).
> 
> Signed-off-by: Mykyta Yatsenko <yatsenko@meta.com>
> ---

Acked-by: Eduard Zingerman <eddyz87@gmail.com>

[...]

> @@ -3126,6 +3124,10 @@ struct bpf_kfunc_btf_tab {
>  	u32 nr_descs;
>  };
>  
> +static unsigned long kfunc_call_imm(unsigned long func_addr, u32 func_id);
> +

Nit: this prototype is no longer necessary.

> +static int specialize_kfunc(struct bpf_verifier_env *env, struct bpf_kfunc_desc *desc);
> +
>  static int kfunc_desc_cmp_by_id_off(const void *a, const void *b)
>  {
>  	const struct bpf_kfunc_desc *d0 = a;

[...]

> @@ -21861,47 +21852,62 @@ static int fixup_call_args(struct bpf_verifier_env *env)
>  	return err;
>  }
>  
> +static unsigned long kfunc_call_imm(unsigned long func_addr, u32 func_id)
> +{
> +	if (bpf_jit_supports_far_kfunc_call())
> +		return func_id;
> +
> +	return BPF_CALL_IMM(func_addr);
> +}
> +

Nit: this can now be inlined in specialize_kfunc().

>  /* replace a generic kfunc with a specialized version if necessary */
> -static void specialize_kfunc(struct bpf_verifier_env *env,
> -			     u32 func_id, u16 offset, unsigned long *addr)
> +static int specialize_kfunc(struct bpf_verifier_env *env, struct bpf_kfunc_desc *desc)
>  {
>  	struct bpf_prog *prog = env->prog;
>  	bool seen_direct_write;
>  	void *xdp_kfunc;
>  	bool is_rdonly;
> +	u32 func_id = desc->func_id;
> +	u16 offset = desc->offset;
> +	unsigned long addr = desc->addr, call_imm;
> +
> +	if (offset) /* return if module BTF is used */
> +		goto set_imm;
>  
>  	if (bpf_dev_bound_kfunc_id(func_id)) {
>  		xdp_kfunc = bpf_dev_bound_resolve_kfunc(prog, func_id);
> -		if (xdp_kfunc) {
> -			*addr = (unsigned long)xdp_kfunc;
> -			return;
> -		}
> +		if (xdp_kfunc)
> +			addr = (unsigned long)xdp_kfunc;
>  		/* fallback to default kfunc when not supported by netdev */
> -	}
> -
> -	if (offset)
> -		return;
> -
> -	if (func_id == special_kfunc_list[KF_bpf_dynptr_from_skb]) {
> +	} else if (func_id == special_kfunc_list[KF_bpf_dynptr_from_skb]) {
>  		seen_direct_write = env->seen_direct_write;
>  		is_rdonly = !may_access_direct_pkt_data(env, NULL, BPF_WRITE);
>  
>  		if (is_rdonly)
> -			*addr = (unsigned long)bpf_dynptr_from_skb_rdonly;
> +			addr = (unsigned long)bpf_dynptr_from_skb_rdonly;
>  
>  		/* restore env->seen_direct_write to its original value, since
>  		 * may_access_direct_pkt_data mutates it
>  		 */
>  		env->seen_direct_write = seen_direct_write;
> +	} else if (func_id == special_kfunc_list[KF_bpf_set_dentry_xattr]) {
> +		if (bpf_lsm_has_d_inode_locked(prog))
> +			addr = (unsigned long)bpf_set_dentry_xattr_locked;
> +	} else if (func_id == special_kfunc_list[KF_bpf_remove_dentry_xattr]) {
> +		if (bpf_lsm_has_d_inode_locked(prog))
> +			addr = (unsigned long)bpf_remove_dentry_xattr_locked;
> +	}
> +
> +set_imm:
> +	call_imm = kfunc_call_imm(addr, func_id);
> +	/* Check whether the relative offset overflows desc->imm */
> +	if ((unsigned long)(s32)call_imm != call_imm) {
> +		verbose(env, "address of kernel func_id %u is out of range\n", func_id);
> +		return -EINVAL;
>  	}
> -
> -	if (func_id == special_kfunc_list[KF_bpf_set_dentry_xattr] &&
> -	    bpf_lsm_has_d_inode_locked(prog))
> -		*addr = (unsigned long)bpf_set_dentry_xattr_locked;
> -
> -	if (func_id == special_kfunc_list[KF_bpf_remove_dentry_xattr] &&
> -	    bpf_lsm_has_d_inode_locked(prog))
> -		*addr = (unsigned long)bpf_remove_dentry_xattr_locked;
> +	desc->imm = call_imm;
> +	desc->addr = addr;
> +	return 0;
>  }
>  
>  static void __fixup_collection_insert_kfunc(struct bpf_insn_aux_data *insn_aux,

[...]

next prev parent reply	other threads:[~2025-10-22  0:42 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-10-21 20:03 [PATCH bpf-next v4 00/10] bpf: Introduce file dynptr Mykyta Yatsenko
2025-10-21 20:03 ` [PATCH bpf-next v4 01/10] selftests/bpf: remove unnecessary kfunc prototypes Mykyta Yatsenko
2025-10-21 20:03 ` [PATCH bpf-next v4 02/10] bpf: widen dynptr size/offset to 64 bit Mykyta Yatsenko
2025-10-21 20:03 ` [PATCH bpf-next v4 03/10] lib: move freader into buildid.h Mykyta Yatsenko
2025-10-21 20:03 ` [PATCH bpf-next v4 04/10] lib/freader: support reading more than 2 folios Mykyta Yatsenko
2025-10-21 20:03 ` [PATCH bpf-next v4 05/10] bpf: verifier: centralize const dynptr check in unmark_stack_slots_dynptr() Mykyta Yatsenko
2025-10-21 20:03 ` [PATCH bpf-next v4 06/10] bpf: add plumbing for file-backed dynptr Mykyta Yatsenko
2025-10-21 20:03 ` [PATCH bpf-next v4 07/10] bpf: add kfuncs and helpers support for file dynptrs Mykyta Yatsenko
2025-10-21 20:03 ` [PATCH bpf-next v4 08/10] bpf: verifier: refactor kfunc specialization Mykyta Yatsenko
2025-10-22  0:42   ` Eduard Zingerman [this message]
2025-10-24 22:12     ` Alexei Starovoitov
2025-10-21 20:03 ` [PATCH bpf-next v4 09/10] bpf: dispatch to sleepable file dynptr Mykyta Yatsenko
2025-10-21 20:03 ` [PATCH bpf-next v4 10/10] selftests/bpf: add file dynptr tests Mykyta Yatsenko
2025-10-22  0:46   ` Eduard Zingerman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5f873de5d22d95133aedf31e4b2e1d81cfca4647.camel@gmail.com \
    --to=eddyz87@gmail.com \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=kafai@meta.com \
    --cc=kernel-team@meta.com \
    --cc=memxor@gmail.com \
    --cc=mykyta.yatsenko5@gmail.com \
    --cc=yatsenko@meta.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox