* [PATCH bpf-next v2 0/2] bpf: Allow access to const void pointer arguments in tracing programs
@ 2025-04-16 16:17 KaFai Wan
2025-04-16 16:17 ` [PATCH bpf-next v2 1/2] " KaFai Wan
2025-04-16 16:17 ` [PATCH bpf-next v2 2/2] selftests/bpf: Add test to access const void pointer argument in tracing program KaFai Wan
0 siblings, 2 replies; 4+ messages in thread
From: KaFai Wan @ 2025-04-16 16:17 UTC (permalink / raw)
To: martin.lau, ast, daniel, andrii, eddyz87, song, yonghong.song,
john.fastabend, kpsingh, sdf, haoluo, jolsa, davem, edumazet,
kuba, pabeni, horms, mykolal, shuah, memxor
Cc: bpf, linux-kernel, linux-kselftest, kafai.wan, leon.hwang
If we try to access argument which is pointer to const void, it's an
UNKNOWN type, verifier will fail to load.
Use is_void_or_int_ptr to check if type is void or int pointer.
And fix selftests.
---
KaFai Wan (2):
bpf: Allow access to const void pointer arguments in tracing programs
selftests/bpf: Add test to access const void pointer argument in
tracing program
kernel/bpf/btf.c | 6 +++---
net/bpf/test_run.c | 8 +++++++-
.../selftests/bpf/progs/verifier_btf_ctx_access.c | 12 ++++++++++++
3 files changed, 22 insertions(+), 4 deletions(-)
Changelog:
v1->v2: Addressed comments from jirka
- use btf_type_is_void to check if type is void
- merge is_void_ptr and is_int_ptr to is_void_or_int_ptr
- fix selftests
Some details in here:
https://lore.kernel.org/all/20250412170626.3638516-1-kafai.wan@hotmail.com/
--
2.43.0
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH bpf-next v2 1/2] bpf: Allow access to const void pointer arguments in tracing programs
2025-04-16 16:17 [PATCH bpf-next v2 0/2] bpf: Allow access to const void pointer arguments in tracing programs KaFai Wan
@ 2025-04-16 16:17 ` KaFai Wan
2025-04-17 12:15 ` Jiri Olsa
2025-04-16 16:17 ` [PATCH bpf-next v2 2/2] selftests/bpf: Add test to access const void pointer argument in tracing program KaFai Wan
1 sibling, 1 reply; 4+ messages in thread
From: KaFai Wan @ 2025-04-16 16:17 UTC (permalink / raw)
To: martin.lau, ast, daniel, andrii, eddyz87, song, yonghong.song,
john.fastabend, kpsingh, sdf, haoluo, jolsa, davem, edumazet,
kuba, pabeni, horms, mykolal, shuah, memxor
Cc: bpf, linux-kernel, linux-kselftest, kafai.wan, leon.hwang
Adding support to access arguments with const void pointer arguments
in tracing programs.
Currently we allow tracing programs to access void pointers. If we try to
access argument which is pointer to const void like 2nd argument in kfree,
verifier will fail to load the program with;
0: R1=ctx() R10=fp0
; asm volatile ("r2 = *(u64 *)(r1 + 8); ");
0: (79) r2 = *(u64 *)(r1 +8)
func 'kfree' arg1 type UNKNOWN is not a struct
Changing the is_int_ptr to void and generic integer check and renaming
it to is_void_or_int_ptr.
Cc: Leon Hwang <leon.hwang@linux.dev>
Signed-off-by: KaFai Wan <kafai.wan@hotmail.com>
---
kernel/bpf/btf.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
index 16ba36f34dfa..0b1724453b75 100644
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -6383,12 +6383,12 @@ struct btf *bpf_prog_get_target_btf(const struct bpf_prog *prog)
return prog->aux->attach_btf;
}
-static bool is_int_ptr(struct btf *btf, const struct btf_type *t)
+static bool is_void_or_int_ptr(struct btf *btf, const struct btf_type *t)
{
/* skip modifiers */
t = btf_type_skip_modifiers(btf, t->type, NULL);
- return btf_type_is_int(t);
+ return btf_type_is_void(t) || btf_type_is_int(t);
}
static u32 get_ctx_arg_idx(struct btf *btf, const struct btf_type *func_proto,
@@ -6783,7 +6783,7 @@ bool btf_ctx_access(int off, int size, enum bpf_access_type type,
*/
return true;
- if (is_int_ptr(btf, t))
+ if (is_void_or_int_ptr(btf, t))
return true;
/* this is a pointer to another type */
--
2.43.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH bpf-next v2 2/2] selftests/bpf: Add test to access const void pointer argument in tracing program
2025-04-16 16:17 [PATCH bpf-next v2 0/2] bpf: Allow access to const void pointer arguments in tracing programs KaFai Wan
2025-04-16 16:17 ` [PATCH bpf-next v2 1/2] " KaFai Wan
@ 2025-04-16 16:17 ` KaFai Wan
1 sibling, 0 replies; 4+ messages in thread
From: KaFai Wan @ 2025-04-16 16:17 UTC (permalink / raw)
To: martin.lau, ast, daniel, andrii, eddyz87, song, yonghong.song,
john.fastabend, kpsingh, sdf, haoluo, jolsa, davem, edumazet,
kuba, pabeni, horms, mykolal, shuah, memxor
Cc: bpf, linux-kernel, linux-kselftest, kafai.wan, leon.hwang
Adding verifier test for accessing const void pointer argument in
tracing programs.
The test program loads 1st argument of bpf_fentry_test10 function
which is const void pointer and checks that verifier allows that.
Signed-off-by: KaFai Wan <kafai.wan@hotmail.com>
---
net/bpf/test_run.c | 8 +++++++-
.../selftests/bpf/progs/verifier_btf_ctx_access.c | 12 ++++++++++++
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c
index 7cb192cbd65f..aaf13a7d58ed 100644
--- a/net/bpf/test_run.c
+++ b/net/bpf/test_run.c
@@ -569,6 +569,11 @@ __bpf_kfunc u32 bpf_fentry_test9(u32 *a)
return *a;
}
+int noinline bpf_fentry_test10(const void *a)
+{
+ return (long)a;
+}
+
void noinline bpf_fentry_test_sinfo(struct skb_shared_info *sinfo)
{
}
@@ -699,7 +704,8 @@ int bpf_prog_test_run_tracing(struct bpf_prog *prog,
bpf_fentry_test6(16, (void *)17, 18, 19, (void *)20, 21) != 111 ||
bpf_fentry_test7((struct bpf_fentry_test_t *)0) != 0 ||
bpf_fentry_test8(&arg) != 0 ||
- bpf_fentry_test9(&retval) != 0)
+ bpf_fentry_test9(&retval) != 0 ||
+ bpf_fentry_test10((void *)0) != 0)
goto out;
break;
case BPF_MODIFY_RETURN:
diff --git a/tools/testing/selftests/bpf/progs/verifier_btf_ctx_access.c b/tools/testing/selftests/bpf/progs/verifier_btf_ctx_access.c
index 28b939572cda..03942cec07e5 100644
--- a/tools/testing/selftests/bpf/progs/verifier_btf_ctx_access.c
+++ b/tools/testing/selftests/bpf/progs/verifier_btf_ctx_access.c
@@ -65,4 +65,16 @@ __naked void ctx_access_u32_pointer_reject_8(void)
" ::: __clobber_all);
}
+SEC("fentry/bpf_fentry_test10")
+__description("btf_ctx_access const void pointer accept")
+__success __retval(0)
+__naked void ctx_access_const_void_pointer_accept(void)
+{
+ asm volatile (" \
+ r2 = *(u64 *)(r1 + 0); /* load 1st argument value (const void pointer) */\
+ r0 = 0; \
+ exit; \
+" ::: __clobber_all);
+}
+
char _license[] SEC("license") = "GPL";
--
2.43.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH bpf-next v2 1/2] bpf: Allow access to const void pointer arguments in tracing programs
2025-04-16 16:17 ` [PATCH bpf-next v2 1/2] " KaFai Wan
@ 2025-04-17 12:15 ` Jiri Olsa
0 siblings, 0 replies; 4+ messages in thread
From: Jiri Olsa @ 2025-04-17 12:15 UTC (permalink / raw)
To: KaFai Wan
Cc: martin.lau, ast, daniel, andrii, eddyz87, song, yonghong.song,
john.fastabend, kpsingh, sdf, haoluo, davem, edumazet, kuba,
pabeni, horms, mykolal, shuah, memxor, bpf, linux-kernel,
linux-kselftest, kafai.wan, leon.hwang
On Thu, Apr 17, 2025 at 12:17:55AM +0800, KaFai Wan wrote:
> Adding support to access arguments with const void pointer arguments
> in tracing programs.
>
> Currently we allow tracing programs to access void pointers. If we try to
> access argument which is pointer to const void like 2nd argument in kfree,
> verifier will fail to load the program with;
>
> 0: R1=ctx() R10=fp0
> ; asm volatile ("r2 = *(u64 *)(r1 + 8); ");
> 0: (79) r2 = *(u64 *)(r1 +8)
> func 'kfree' arg1 type UNKNOWN is not a struct
>
> Changing the is_int_ptr to void and generic integer check and renaming
> it to is_void_or_int_ptr.
>
> Cc: Leon Hwang <leon.hwang@linux.dev>
> Signed-off-by: KaFai Wan <kafai.wan@hotmail.com>
> ---
> kernel/bpf/btf.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
> index 16ba36f34dfa..0b1724453b75 100644
> --- a/kernel/bpf/btf.c
> +++ b/kernel/bpf/btf.c
> @@ -6383,12 +6383,12 @@ struct btf *bpf_prog_get_target_btf(const struct bpf_prog *prog)
> return prog->aux->attach_btf;
> }
>
> -static bool is_int_ptr(struct btf *btf, const struct btf_type *t)
> +static bool is_void_or_int_ptr(struct btf *btf, const struct btf_type *t)
> {
> /* skip modifiers */
> t = btf_type_skip_modifiers(btf, t->type, NULL);
>
> - return btf_type_is_int(t);
> + return btf_type_is_void(t) || btf_type_is_int(t);
> }
>
> static u32 get_ctx_arg_idx(struct btf *btf, const struct btf_type *func_proto,
> @@ -6783,7 +6783,7 @@ bool btf_ctx_access(int off, int size, enum bpf_access_type type,
> */
> return true;
could we remove the above check then?
if (t->type == 0)
/* This is a pointer to void.
* It is the same as scalar from the verifier safety pov.
* No further pointer walking is allowed.
*/
return true;
jirka
>
> - if (is_int_ptr(btf, t))
> + if (is_void_or_int_ptr(btf, t))
> return true;
>
> /* this is a pointer to another type */
> --
> 2.43.0
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-04-17 12:15 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-04-16 16:17 [PATCH bpf-next v2 0/2] bpf: Allow access to const void pointer arguments in tracing programs KaFai Wan
2025-04-16 16:17 ` [PATCH bpf-next v2 1/2] " KaFai Wan
2025-04-17 12:15 ` Jiri Olsa
2025-04-16 16:17 ` [PATCH bpf-next v2 2/2] selftests/bpf: Add test to access const void pointer argument in tracing program KaFai Wan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox