From: Eduard Zingerman <eddyz87@gmail.com>
To: Mykyta Yatsenko <mykyta.yatsenko5@gmail.com>,
bpf@vger.kernel.org, ast@kernel.org, andrii@kernel.org,
daniel@iogearbox.net, kafai@meta.com, kernel-team@meta.com,
memxor@gmail.com
Cc: Mykyta Yatsenko <yatsenko@meta.com>
Subject: Re: [PATCH bpf-next v3 2/7] bpf: extract generic helper from process_timer_func()
Date: Fri, 05 Sep 2025 14:15:28 -0700 [thread overview]
Message-ID: <e7fb3f7ee5da846cfa0a477a5d31ce032416b4ee.camel@gmail.com> (raw)
In-Reply-To: <20250905164508.1489482-3-mykyta.yatsenko5@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1005 bytes --]
On Fri, 2025-09-05 at 17:45 +0100, Mykyta Yatsenko wrote:
> From: Mykyta Yatsenko <yatsenko@meta.com>
>
> Refactor the verifier by pulling the common logic from
> process_timer_func() into a dedicated helper. This allows reusing
> process_async_func() helper for verifying bpf_task_work struct in the
> next patch.
>
> Signed-off-by: Mykyta Yatsenko <yatsenko@meta.com>
> ---
The discrepancy between bpf_call_arg_meta and bpf_kfunc_call_arg_meta
is unfortunate. Maybe the bigger refactoring is possible.
Wdyt about avoiding pointers to pointers and accepting some code
duplication for now? E.g. rename process_async_func:
/* Check if @regno is a pointer to a specific field in a map value */
static int check_map_field_pointer(struct bpf_verifier_env *env,
u32 regno,
enum btf_field_type field_type,
u32 field_off)
And proceed as in the attached patch?
[...]
[-- Attachment #2: check_map_field_pointer.diff --]
[-- Type: text/x-patch, Size: 3254 bytes --]
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 6152536a834f..76dad7e0db5f 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -8522,15 +8522,17 @@ static int process_spin_lock(struct bpf_verifier_env *env, int regno, int flags)
return 0;
}
-static int process_async_func(struct bpf_verifier_env *env, int regno, struct bpf_map **map_ptr,
- int *map_uid, u32 rec_off, enum btf_field_type field_type,
- const char *struct_name)
+/* Check if @regno is a pointer to a specific field in a map value */
+static int check_map_field_pointer(struct bpf_verifier_env *env,
+ u32 regno,
+ enum btf_field_type field_type,
+ u32 field_off)
{
struct bpf_reg_state *regs = cur_regs(env), *reg = ®s[regno];
+ const char *struct_name = btf_field_type_name(field_type);
bool is_const = tnum_is_const(reg->var_off);
struct bpf_map *map = reg->map_ptr;
u64 val = reg->var_off.value;
- int *struct_off = (void *)map->record + rec_off;
if (!is_const) {
verbose(env,
@@ -8547,25 +8549,30 @@ static int process_async_func(struct bpf_verifier_env *env, int regno, struct bp
verbose(env, "map '%s' has no valid %s\n", map->name, struct_name);
return -EINVAL;
}
- if (*struct_off != val + reg->off) {
+ if (field_off != val + reg->off) {
verbose(env, "off %lld doesn't point to 'struct %s' that is at %d\n",
- val + reg->off, struct_name, *struct_off);
+ val + reg->off, struct_name, field_off);
return -EINVAL;
}
- if (*map_ptr) {
- verifier_bug(env, "Two map pointers in a %s helper", struct_name);
- return -EFAULT;
- }
- *map_uid = reg->map_uid;
- *map_ptr = map;
return 0;
}
static int process_timer_func(struct bpf_verifier_env *env, int regno,
struct bpf_call_arg_meta *meta)
{
- return process_async_func(env, regno, &meta->map_ptr, &meta->map_uid,
- offsetof(struct btf_record, timer_off), BPF_TIMER, "bpf_timer");
+ struct bpf_reg_state *regs = cur_regs(env), *reg = ®s[regno];
+ int err;
+
+ err = check_map_field_pointer(env, regno, BPF_TIMER, offsetof(struct btf_record, timer_off));
+ if (err)
+ return err;
+
+ if (verifier_bug_if(meta->map_ptr, env, "Two map pointers in a bpf_timer helper"))
+ return -EFAULT;
+
+ meta->map_ptr = reg->map_ptr;
+ meta->map_uid = reg->map_uid;
+ return 0;
}
static int process_wq_func(struct bpf_verifier_env *env, int regno,
@@ -8588,9 +8595,20 @@ static int process_wq_func(struct bpf_verifier_env *env, int regno,
static int process_task_work_func(struct bpf_verifier_env *env, int regno,
struct bpf_kfunc_call_arg_meta *meta)
{
- return process_async_func(env, regno, &meta->map.ptr, &meta->map.uid,
- offsetof(struct btf_record, task_work_off), BPF_TASK_WORK,
- "bpf_task_work");
+ struct bpf_reg_state *regs = cur_regs(env), *reg = ®s[regno];
+ int err;
+
+ err = check_map_field_pointer(env, regno, BPF_TASK_WORK,
+ offsetof(struct btf_record, task_work_off));
+ if (err)
+ return err;
+
+ if (verifier_bug_if(meta->map.ptr, env, "Two map pointers in a bpf_task_work helper"))
+ return -EFAULT;
+
+ meta->map.ptr = reg->map_ptr;
+ meta->map.uid = reg->map_uid;
+ return 0;
}
static int process_kptr_func(struct bpf_verifier_env *env, int regno,
next prev parent reply other threads:[~2025-09-05 21:15 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-05 16:44 [PATCH bpf-next v3 0/7] bpf: Introduce deferred task context execution Mykyta Yatsenko
2025-09-05 16:44 ` [PATCH bpf-next v3 1/7] bpf: refactor special field-type detection Mykyta Yatsenko
2025-09-05 19:36 ` Eduard Zingerman
2025-09-05 21:29 ` Andrii Nakryiko
2025-09-05 16:45 ` [PATCH bpf-next v3 2/7] bpf: extract generic helper from process_timer_func() Mykyta Yatsenko
2025-09-05 21:15 ` Eduard Zingerman [this message]
2025-09-05 21:28 ` Eduard Zingerman
2025-09-05 21:31 ` Andrii Nakryiko
2025-09-05 21:32 ` Eduard Zingerman
2025-09-05 21:29 ` Andrii Nakryiko
2025-09-05 16:45 ` [PATCH bpf-next v3 3/7] bpf: htab: extract helper for freeing special structs Mykyta Yatsenko
2025-09-05 21:31 ` Andrii Nakryiko
2025-09-05 21:31 ` Eduard Zingerman
2025-09-05 16:45 ` [PATCH bpf-next v3 4/7] bpf: bpf task work plumbing Mykyta Yatsenko
2025-09-05 21:31 ` Andrii Nakryiko
2025-09-05 23:09 ` Eduard Zingerman
2025-09-15 15:59 ` Mykyta Yatsenko
2025-09-15 20:12 ` Andrii Nakryiko
2025-09-15 20:20 ` Mykyta Yatsenko
2025-09-15 20:28 ` Andrii Nakryiko
2025-09-05 16:45 ` [PATCH bpf-next v3 5/7] bpf: extract map key pointer calculation Mykyta Yatsenko
2025-09-05 21:31 ` Andrii Nakryiko
2025-09-05 23:19 ` Eduard Zingerman
2025-09-08 13:39 ` Mykyta Yatsenko
2025-09-08 17:18 ` Eduard Zingerman
2025-09-05 16:45 ` [PATCH bpf-next v3 6/7] bpf: task work scheduling kfuncs Mykyta Yatsenko
2025-09-05 21:31 ` Andrii Nakryiko
2025-09-06 20:22 ` Eduard Zingerman
2025-09-08 13:13 ` Mykyta Yatsenko
2025-09-08 17:38 ` Eduard Zingerman
2025-09-09 3:42 ` Andrii Nakryiko
2025-09-09 4:15 ` Eduard Zingerman
2025-09-09 3:33 ` Andrii Nakryiko
2025-09-09 4:05 ` Eduard Zingerman
2025-09-10 14:14 ` Andrii Nakryiko
2025-09-09 17:49 ` Chris Mason
2025-09-09 18:59 ` Mykyta Yatsenko
2025-09-05 16:45 ` [PATCH bpf-next v3 7/7] selftests/bpf: BPF task work scheduling tests Mykyta Yatsenko
2025-09-05 21:31 ` Andrii Nakryiko
2025-09-08 7:43 ` Eduard Zingerman
2025-09-08 13:21 ` Mykyta Yatsenko
2025-09-08 18:23 ` Eduard Zingerman
2025-09-09 3:44 ` Andrii Nakryiko
2025-09-08 18:23 ` Eduard Zingerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e7fb3f7ee5da846cfa0a477a5d31ce032416b4ee.camel@gmail.com \
--to=eddyz87@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=kafai@meta.com \
--cc=kernel-team@meta.com \
--cc=memxor@gmail.com \
--cc=mykyta.yatsenko5@gmail.com \
--cc=yatsenko@meta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox