From: Yonghong Song <yhs@fb.com>
To: Andrii Nakryiko <andrii.nakryiko@gmail.com>
Cc: bpf <bpf@vger.kernel.org>, Alexei Starovoitov <ast@fb.com>,
Daniel Borkmann <daniel@iogearbox.net>,
Kernel Team <kernel-team@fb.com>
Subject: Re: [PATCH bpf v2 1/2] bpf: enforce returning 0 for fentry/fexit progs
Date: Thu, 14 May 2020 07:58:59 -0700 [thread overview]
Message-ID: <f2fcdf89-41d6-04c0-cb6c-1702aff48ad8@fb.com> (raw)
In-Reply-To: <CAEf4Bzbks=ti1OuXg3d_Nc0Vm5cvv-ceLB+Dq8OZgHdBT+SA1Q@mail.gmail.com>
On 5/13/20 11:14 PM, Andrii Nakryiko wrote:
> On Wed, May 13, 2020 at 10:32 PM Yonghong Song <yhs@fb.com> wrote:
>>
>> Currently, tracing/fentry and tracing/fexit prog
>> return values are not enforced. In trampoline codes,
>> the fentry/fexit prog return values are ignored.
>> Let us enforce it to be 0 to avoid confusion and
>> allows potential future extension.
>>
>> This patch also explicitly added return value
>> checking for tracing/raw_tp, tracing/fmod_ret,
>> and freplace programs such that these program
>> return values can be anything. The purpose are
>> two folds:
>> 1. to make it explicit about return value expectations
>> for these programs in verifier.
>> 2. for tracing prog_type, if a future attach type
>> is added, the default is -ENOTSUPP which will
>> enforce to specify return value ranges explicitly.
>>
>> Fixes: fec56f5890d9 ("bpf: Introduce BPF trampoline")
>> Signed-off-by: Yonghong Song <yhs@fb.com>
>> ---
>
> Looks good, except a nit below.
>
> Acked-by: Andrii Nakryiko <andriin@fb.com>
>
> [...]
>
>> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
>> index fa1d8245b925..2d80cce0a28a 100644
>> --- a/kernel/bpf/verifier.c
>> +++ b/kernel/bpf/verifier.c
>> @@ -7059,6 +7059,24 @@ static int check_return_code(struct bpf_verifier_env *env)
>> return 0;
>> range = tnum_const(0);
>> break;
>> + case BPF_PROG_TYPE_TRACING:
>> + switch ((env->prog->expected_attach_type)) {
>
> nit: extra pair of ()?
Sorry about this. Not sure whether it is worthwhile to send another
revision. Please let me know if another revision is needed.
>
>
>> + case BPF_TRACE_FENTRY:
>> + case BPF_TRACE_FEXIT:
>> + range = tnum_const(0);
>> + break;
>> + case BPF_TRACE_RAW_TP:
>> + case BPF_MODIFY_RETURN:
>> + return 0;
>> + default:
>> + return -ENOTSUPP;
>> + }
>> +
>> + break;
>> + case BPF_PROG_TYPE_EXT:
>> + /* freplace program can return anything as its return value
>> + * depends on the to-be-replaced kernel func or bpf program.
>> + */
>> default:
>> return 0;
>> }
>> --
>> 2.24.1
>>
next prev parent reply other threads:[~2020-05-14 14:59 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-14 5:32 [PATCH bpf v2 0/2] bpf: enforce returning 0 for fentry/fexit programs Yonghong Song
2020-05-14 5:32 ` [PATCH bpf v2 1/2] bpf: enforce returning 0 for fentry/fexit progs Yonghong Song
2020-05-14 6:14 ` Andrii Nakryiko
2020-05-14 14:58 ` Yonghong Song [this message]
2020-05-14 19:57 ` Alexei Starovoitov
2020-05-14 5:32 ` [PATCH bpf v2 2/2] selftests/bpf: enforce returning 0 for fentry/fexit programs Yonghong Song
2020-05-14 6:14 ` Andrii Nakryiko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f2fcdf89-41d6-04c0-cb6c-1702aff48ad8@fb.com \
--to=yhs@fb.com \
--cc=andrii.nakryiko@gmail.com \
--cc=ast@fb.com \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=kernel-team@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox