From: Song Liu <songliubraving@meta.com>
To: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>, Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>, bpf <bpf@vger.kernel.org>,
Martin Lau <kafai@meta.com>, Yonghong Song <yhs@meta.com>,
John Fastabend <john.fastabend@gmail.com>,
KP Singh <kpsingh@chromium.org>,
Stanislav Fomichev <sdf@google.com>, Hao Luo <haoluo@google.com>
Subject: Re: [PATCHv3 bpf-next 1/2] bpf: Add bpf_vma_build_id_parse function and kfunc
Date: Sat, 19 Nov 2022 01:06:09 +0000 [thread overview]
Message-ID: <E30FFAE3-2BC8-45F5-9CBC-D7A3C7D66B74@fb.com> (raw)
In-Reply-To: <CAADnVQLLvwpAFTEwCw+ZdZGtZTrV7nFu3pXKMRW9irRYG9WJXw@mail.gmail.com>
> On Nov 18, 2022, at 3:45 PM, Alexei Starovoitov <alexei.starovoitov@gmail.com> wrote:
>
> On Fri, Nov 18, 2022 at 7:40 AM Jiri Olsa <jolsa@kernel.org> wrote:
>>
>> Adding bpf_vma_build_id_parse function to retrieve build id from
>> passed vma object and making it available as bpf kfunc.
>>
>> We can't use build_id_parse directly as kfunc, because we would
>> not have control over the build id buffer size provided by user.
>>
>> Instead we are adding new bpf_vma_build_id_parse function with
>> 'build_id__sz' argument that instructs verifier to check for the
>> available space in build_id buffer.
>>
>> This way we check that there's always available memory space
>> behind build_id pointer. We also check that the build_id__sz is
>> at least BUILD_ID_SIZE_MAX so we can place any buildid in.
>>
>> Signed-off-by: Jiri Olsa <jolsa@kernel.org>
>> ---
>> include/linux/bpf.h | 4 ++++
>> kernel/bpf/verifier.c | 26 ++++++++++++++++++++++++++
>> kernel/trace/bpf_trace.c | 31 +++++++++++++++++++++++++++++++
>> 3 files changed, 61 insertions(+)
>>
>> diff --git a/include/linux/bpf.h b/include/linux/bpf.h
>> index 8b32376ce746..7648188faa2c 100644
>> --- a/include/linux/bpf.h
>> +++ b/include/linux/bpf.h
>> @@ -2805,4 +2805,8 @@ static inline bool type_is_alloc(u32 type)
>> return type & MEM_ALLOC;
>> }
>>
>> +int bpf_vma_build_id_parse(struct vm_area_struct *vma,
>> + unsigned char *build_id,
>> + size_t build_id__sz);
>> +
>> #endif /* _LINUX_BPF_H */
>> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
>> index 195d24316750..e20bad754a3a 100644
>> --- a/kernel/bpf/verifier.c
>> +++ b/kernel/bpf/verifier.c
>> @@ -8746,6 +8746,29 @@ static int check_kfunc_args(struct bpf_verifier_env *env, struct bpf_kfunc_call_
>> return 0;
>> }
>>
>> +BTF_ID_LIST_SINGLE(bpf_vma_build_id_parse_id, func, bpf_vma_build_id_parse)
>> +
>> +static int check_kfunc_caller(struct bpf_verifier_env *env, u32 func_id)
>> +{
>> + struct bpf_func_state *cur;
>> + struct bpf_insn *insn;
>> +
>> + /* Allow bpf_vma_build_id_parse only from bpf_find_vma callback */
>> + if (func_id == bpf_vma_build_id_parse_id[0]) {
>> + cur = env->cur_state->frame[env->cur_state->curframe];
>> + if (cur->callsite != BPF_MAIN_FUNC) {
>> + insn = &env->prog->insnsi[cur->callsite];
>> + if (insn->imm == BPF_FUNC_find_vma)
>> + return 0;
>> + }
>> + verbose(env, "calling bpf_vma_build_id_parse outside bpf_find_vma "
>> + "callback is not allowed\n");
>> + return -1;
>> + }
>> +
>> + return 0;
>> +}
>
> I understand that calling bpf_vma_build_id_parse from find_vma
> is your only use case, but put yourself in the maintainer's shoes.
> We just did an arbitrary restriction and helped a single user.
> How are we going to explain this to other users?
> Let's figure out a more generic way where this call is safe.
> Have you looked at PTR_TRUSTED approach that David is doing
> for task_struct ? Can something like this be used here?
I guess that won't work, as the vma is not refcounted. :( This is
why we have to hold mmap_lock when calling task_vma programs.
OTOH, I would image bpf_vma_build_id_parse being quite useful for
task_vma programs.
Thanks,
Song
next prev parent reply other threads:[~2022-11-19 1:45 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-18 15:40 [PATCHv3 bpf-next 0/2] bpf: Add bpf_vma_build_id_parse kfunc Jiri Olsa
2022-11-18 15:40 ` [PATCHv3 bpf-next 1/2] bpf: Add bpf_vma_build_id_parse function and kfunc Jiri Olsa
2022-11-18 23:45 ` Alexei Starovoitov
2022-11-19 1:06 ` Song Liu [this message]
2022-11-19 2:25 ` Alexei Starovoitov
2022-11-19 6:13 ` Song Liu
2022-11-20 21:39 ` Jiri Olsa
2022-11-18 15:40 ` [PATCHv3 bpf-next 2/2] selftests/bpf: Add bpf_vma_build_id_parse kfunc test Jiri Olsa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E30FFAE3-2BC8-45F5-9CBC-D7A3C7D66B74@fb.com \
--to=songliubraving@meta.com \
--cc=alexei.starovoitov@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=haoluo@google.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kafai@meta.com \
--cc=kpsingh@chromium.org \
--cc=sdf@google.com \
--cc=yhs@meta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox