[RFC bpf-next 00/13] bpf: Introduce modular verifier

Linux Kernel Selftest development
 help / color / mirror / Atom feed

* [RFC bpf-next 00/13] bpf: Introduce modular verifier
@ 2025-04-09  3:33 Daniel Xu
  2025-04-09  3:34 ` [RFC bpf-next 08/13] selftests: bpf: Avoid attaching to bpf_check() Daniel Xu
  0 siblings, 1 reply; 2+ messages in thread
From: Daniel Xu @ 2025-04-09  3:33 UTC (permalink / raw)
  To: linux-fsdevel, linux-trace-kernel, linux-perf-users,
	linux-kselftest, netfilter-devel, bpf, coreteam, linux-kernel,
	linux-media, netdev

This patchset adds the base infrastructure for modular BPF verifier.
The motivation remains unchanged from the LSFMMBPF25 proposal [0].

However, the design has diverged. Rather than immediately going for the
facade described in [0], we instead make a stop first at the continously
exported copies of the verifier in an out-of-tree repository, with a
separate copy for each kernel release. Each copy will receive as many
verifier backports as possible within the "boundary" of the modular
portions.

For example, a patch that changes the verifier at the same time as one
of the kernel symbols it depends on cannot be applied, as at runtime
only the verifier portion can be updated. However, a patch that only
changes verifier.c can be applied, as it's within the boundary.  Rough
analysis of past data shows that most verifier changes fall within the
latter category. The jupyter notebook for this can be found here [1].

From here, we'll gradually enlarge the "boundary" to enable backports of
more and more patches, with the north star being the facade as described
in the proposal. Ideally, completion of the facade will render the
out-of-tree repository useless.

[0]: https://lore.kernel.org/bpf/nahst74z46ov7ii3vmriyhk25zo6tkf2f3hsulzjzselvobbbu@pqn6wfdibwqb/
[1]: https://github.com/danobi/verifier-analysis/blob/master/analysis.ipynb

Daniel Xu (13):
  bpf: Move bpf_prog_ctx_arg_info_init() body into header
  bpf: Move BTF related globals out of verifier.c
  bpf: Move percpu memory allocator definition into core
  bpf: Move bpf_check_attach_target() to core
  bpf: Remove map_set_for_each_callback_args callback for maps
  bpf: Move kfunc definitions out of verifier.c
  bpf: Make bpf_free_kfunc_btf_tab() static in core
  selftests: bpf: Avoid attaching to bpf_check()
  perf: Export perf_snapshot_branch_stack static key
  bpf: verifier: Add indirection to kallsyms_lookup_name()
  treewide: bpf: Export symbols used by verifier
  bpf: verifier: Make verifier loadable
  bpf: Supporting building verifier.ko out-of-tree

 arch/x86/net/bpf_jit_comp.c                   |   2 +
 drivers/media/rc/bpf-lirc.c                   |   1 +
 fs/bpf_fs_kfuncs.c                            |   4 +
 include/linux/bpf.h                           |  82 ++-
 include/linux/bpf_verifier.h                  |   7 -
 include/linux/btf.h                           |   4 +
 kernel/bpf/Kbuild                             |   8 +
 kernel/bpf/Kconfig                            |  12 +
 kernel/bpf/Makefile                           |   3 +-
 kernel/bpf/arraymap.c                         |   2 -
 kernel/bpf/bpf_iter.c                         |   1 +
 kernel/bpf/bpf_lsm.c                          |   5 +
 kernel/bpf/bpf_struct_ops.c                   |   2 +
 kernel/bpf/btf.c                              |  61 +-
 kernel/bpf/cgroup.c                           |   4 +
 kernel/bpf/core.c                             | 463 ++++++++++++++++
 kernel/bpf/disasm.c                           |   4 +
 kernel/bpf/hashtab.c                          |   4 -
 kernel/bpf/helpers.c                          |   2 +
 kernel/bpf/local_storage.c                    |   2 +
 kernel/bpf/log.c                              |  12 +
 kernel/bpf/map_iter.c                         |   1 +
 kernel/bpf/memalloc.c                         |   3 +
 kernel/bpf/offload.c                          |  10 +
 kernel/bpf/syscall.c                          |  52 +-
 kernel/bpf/tnum.c                             |  20 +
 kernel/bpf/token.c                            |   1 +
 kernel/bpf/trampoline.c                       |   5 +
 kernel/bpf/verifier.c                         | 521 ++----------------
 kernel/events/callchain.c                     |   3 +
 kernel/events/core.c                          |   1 +
 kernel/trace/bpf_trace.c                      |   9 +
 lib/error-inject.c                            |   2 +
 net/core/filter.c                             |  26 +
 net/core/xdp.c                                |   2 +
 net/netfilter/nf_bpf_link.c                   |   1 +
 .../selftests/bpf/progs/exceptions_assert.c   |   2 +-
 .../selftests/bpf/progs/exceptions_fail.c     |   4 +-
 38 files changed, 834 insertions(+), 514 deletions(-)
 create mode 100644 kernel/bpf/Kbuild

-- 
2.47.1


^ permalink raw reply	[flat|nested] 2+ messages in thread

* [RFC bpf-next 08/13] selftests: bpf: Avoid attaching to bpf_check()
  2025-04-09  3:33 [RFC bpf-next 00/13] bpf: Introduce modular verifier Daniel Xu
@ 2025-04-09  3:34 ` Daniel Xu
  0 siblings, 0 replies; 2+ messages in thread
From: Daniel Xu @ 2025-04-09  3:34 UTC (permalink / raw)
  To: shuah, andrii, daniel, ast, eddyz87
  Cc: martin.lau, song, yonghong.song, john.fastabend, kpsingh, sdf,
	haoluo, jolsa, mykolal, bpf, linux-kselftest, linux-kernel

bpf_check(), as it currently exists, will soon be going away to make way
for loadable BPF verifier support. Fixup selftests so they fentry attach
to a more reliable location.

Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
---
 tools/testing/selftests/bpf/progs/exceptions_assert.c | 2 +-
 tools/testing/selftests/bpf/progs/exceptions_fail.c   | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/tools/testing/selftests/bpf/progs/exceptions_assert.c b/tools/testing/selftests/bpf/progs/exceptions_assert.c
index 5e0a1ca96d4e..50bc52cbb2e7 100644
--- a/tools/testing/selftests/bpf/progs/exceptions_assert.c
+++ b/tools/testing/selftests/bpf/progs/exceptions_assert.c
@@ -124,7 +124,7 @@ int check_assert_generic(struct __sk_buff *ctx)
 	return data[128];
 }
 
-SEC("?fentry/bpf_check")
+SEC("?fentry/bpf_fentry_test1")
 __failure __msg("At program exit the register R1 has smin=64 smax=64")
 int check_assert_with_return(void *ctx)
 {
diff --git a/tools/testing/selftests/bpf/progs/exceptions_fail.c b/tools/testing/selftests/bpf/progs/exceptions_fail.c
index 8a0fdff89927..b44cb0a6c9d9 100644
--- a/tools/testing/selftests/bpf/progs/exceptions_fail.c
+++ b/tools/testing/selftests/bpf/progs/exceptions_fail.c
@@ -299,7 +299,7 @@ __noinline int exception_cb_bad_ret(u64 c)
 	return c;
 }
 
-SEC("?fentry/bpf_check")
+SEC("?fentry/bpf_fentry_test1")
 __exception_cb(exception_cb_bad_ret)
 __failure __msg("At program exit the register R0 has unknown scalar value should")
 int reject_set_exception_cb_bad_ret1(void *ctx)
@@ -307,7 +307,7 @@ int reject_set_exception_cb_bad_ret1(void *ctx)
 	return 0;
 }
 
-SEC("?fentry/bpf_check")
+SEC("?fentry/bpf_fentry_test1")
 __failure __msg("At program exit the register R1 has smin=64 smax=64 should")
 int reject_set_exception_cb_bad_ret2(void *ctx)
 {
-- 
2.47.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2025-04-09  3:34 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-04-09  3:33 [RFC bpf-next 00/13] bpf: Introduce modular verifier Daniel Xu
2025-04-09  3:34 ` [RFC bpf-next 08/13] selftests: bpf: Avoid attaching to bpf_check() Daniel Xu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox