From: Eduard Zingerman <eddyz87@gmail.com>
To: Andrii Nakryiko <andrii@kernel.org>,
bpf@vger.kernel.org, ast@kernel.org, daniel@iogearbox.net,
martin.lau@kernel.org
Cc: kernel-team@meta.com
Subject: Re: [PATCH bpf-next 10/13] bpf: support 'arg:xxx' btf_decl_tag-based hints for global subprog args
Date: Wed, 06 Dec 2023 01:22:13 +0200 [thread overview]
Message-ID: <fc790a1fd70a4159c6d73b953088ec2beb97f48b.camel@gmail.com> (raw)
In-Reply-To: <20231204233931.49758-11-andrii@kernel.org>
On Mon, 2023-12-04 at 15:39 -0800, Andrii Nakryiko wrote:
[...]
> @@ -6845,7 +6845,47 @@ int btf_prepare_func_args(struct bpf_verifier_env *env, int subprog)
> * Only PTR_TO_CTX and SCALAR are supported atm.
> */
> for (i = 0; i < nargs; i++) {
> + bool is_nonnull = false;
> + const char *tag;
> +
> t = btf_type_by_id(btf, args[i].type);
> +
> + tag = btf_find_decl_tag_value(btf, fn_t, i, "arg:");
Nit: this does a linear scan over all BTF type ids for each
function parameter, which is kind of ugly.
> + if (IS_ERR(tag) && PTR_ERR(tag) == -ENOENT) {
> + tag = NULL;
> + } else if (IS_ERR(tag)) {
> + bpf_log(log, "arg#%d type's tag fetching failure: %ld\n", i, PTR_ERR(tag));
> + return PTR_ERR(tag);
> + }
> + /* 'arg:<tag>' decl_tag takes precedence over derivation of
> + * register type from BTF type itself
> + */
> + if (tag) {
> + /* disallow arg tags in static subprogs */
> + if (!is_global) {
> + bpf_log(log, "arg#%d type tag is not supported in static functions\n", i);
> + return -EOPNOTSUPP;
> + }
Nit: this would be annoying if someone would add/remove 'static' a few
times while developing BPF program. Are there safety reasons to
forbid this?
[...]
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 5787b7fd16ba..61e778dbde10 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -9268,9 +9268,30 @@ static int btf_check_func_arg_match(struct bpf_verifier_env *env, int subprog,
> ret = check_func_arg_reg_off(env, reg, regno, ARG_DONTCARE);
> if (ret < 0)
> return ret;
> -
> if (check_mem_reg(env, reg, regno, arg->mem_size))
> return -EINVAL;
> + if (!(arg->arg_type & PTR_MAYBE_NULL) && (reg->type & PTR_MAYBE_NULL)) {
> + bpf_log(log, "arg#%d is expected to be non-NULL\n", i);
> + return -EINVAL;
> + }
> + } else if (arg->arg_type == ARG_PTR_TO_PACKET_META) {
> + if (reg->type != PTR_TO_PACKET_META) {
> + bpf_log(log, "arg#%d expected pkt_meta, but got %s\n",
> + i, reg_type_str(env, reg->type));
> + return -EINVAL;
> + }
> + } else if (arg->arg_type == ARG_PTR_TO_PACKET_DATA) {
> + if (reg->type != PTR_TO_PACKET) {
I think it is necessary to check that 'reg->umax_value == 0'.
check_packet_access() uses reg->umax_value to bump
env->prog->aux->max_pkt_offset. When body of a global function is
verified it starts with 'umax_value == 0'.
Might be annoying from usability POV, however.
> + bpf_log(log, "arg#%d expected pkt, but got %s\n",
> + i, reg_type_str(env, reg->type));
> + return -EINVAL;
> + }
> + } else if (arg->arg_type == ARG_PTR_TO_PACKET_END) {
> + if (reg->type != PTR_TO_PACKET_END) {
> + bpf_log(log, "arg#%d expected pkt_end, but got %s\n",
> + i, reg_type_str(env, reg->type));
> + return -EINVAL;
> + }
> } else {
> bpf_log(log, "verifier bug: unrecognized arg#%d type %d\n",
> i, arg->arg_type);
[...]
next prev parent reply other threads:[~2023-12-05 23:22 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-04 23:39 [PATCH bpf-next 00/13] Enhance BPF global subprogs with argument tags Andrii Nakryiko
2023-12-04 23:39 ` [PATCH bpf-next 01/13] bpf: log PTR_TO_MEM memory size in verifier log Andrii Nakryiko
2023-12-05 23:23 ` Eduard Zingerman
2023-12-04 23:39 ` [PATCH bpf-next 02/13] bpf: emit more dynptr information " Andrii Nakryiko
2023-12-05 23:24 ` Eduard Zingerman
2023-12-04 23:39 ` [PATCH bpf-next 03/13] bpf: tidy up exception callback management a bit Andrii Nakryiko
2023-12-05 23:25 ` Eduard Zingerman
2023-12-06 17:59 ` Andrii Nakryiko
2023-12-04 23:39 ` [PATCH bpf-next 04/13] bpf: use bitfields for simple per-subprog bool flags Andrii Nakryiko
2023-12-05 23:25 ` Eduard Zingerman
2023-12-04 23:39 ` [PATCH bpf-next 05/13] bpf: abstract away global subprog arg preparation logic from reg state setup Andrii Nakryiko
2023-12-05 23:21 ` Eduard Zingerman
2023-12-06 17:59 ` Andrii Nakryiko
2023-12-04 23:39 ` [PATCH bpf-next 06/13] bpf: remove unnecessary and (mostly) ignored BTF check for main program Andrii Nakryiko
2023-12-05 23:21 ` Eduard Zingerman
2023-12-06 17:59 ` Andrii Nakryiko
2023-12-06 18:05 ` Eduard Zingerman
2023-12-04 23:39 ` [PATCH bpf-next 07/13] bpf: prepare btf_prepare_func_args() for handling static subprogs Andrii Nakryiko
2023-12-05 23:26 ` Eduard Zingerman
2023-12-04 23:39 ` [PATCH bpf-next 08/13] bpf: move subprog call logic back to verifier.c Andrii Nakryiko
2023-12-05 8:01 ` kernel test robot
2023-12-05 18:57 ` Andrii Nakryiko
2023-12-05 9:04 ` kernel test robot
2023-12-05 11:46 ` kernel test robot
2023-12-05 23:27 ` Eduard Zingerman
2023-12-04 23:39 ` [PATCH bpf-next 09/13] bpf: reuse subprog argument parsing logic for subprog call checks Andrii Nakryiko
2023-12-05 10:21 ` kernel test robot
2023-12-05 11:25 ` kernel test robot
2023-12-05 23:21 ` Eduard Zingerman
2023-12-06 18:05 ` Andrii Nakryiko
2023-12-04 23:39 ` [PATCH bpf-next 10/13] bpf: support 'arg:xxx' btf_decl_tag-based hints for global subprog args Andrii Nakryiko
2023-12-05 23:22 ` Eduard Zingerman [this message]
2023-12-06 18:15 ` Andrii Nakryiko
2023-12-06 18:47 ` Eduard Zingerman
2023-12-04 23:39 ` [PATCH bpf-next 11/13] bpf: add dynptr global subprog arg tag support Andrii Nakryiko
2023-12-05 23:22 ` Eduard Zingerman
2023-12-06 18:17 ` Andrii Nakryiko
2023-12-04 23:39 ` [PATCH bpf-next 12/13] libbpf: add __arg_xxx macros for annotating global func args Andrii Nakryiko
2023-12-04 23:39 ` [PATCH bpf-next 13/13] selftests/bpf: add global subprog annotation tests Andrii Nakryiko
2023-12-05 23:29 ` Eduard Zingerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fc790a1fd70a4159c6d73b953088ec2beb97f48b.camel@gmail.com \
--to=eddyz87@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=kernel-team@meta.com \
--cc=martin.lau@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox