diff options
| author | 2021-12-31 14:35:40 +0000 | |
|---|---|---|
| committer | 2021-12-31 14:35:40 +0000 | |
| commit | e63a02348958cd7cc8c8401c94de57ad97b5d06c (patch) | |
| tree | d3f07960e158be75c3002c13d3dc2c142a65fbb7 /kernel/bpf/btf.c | |
| parent | Merge tag 'mlx5-updates-2021-12-28' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux (diff) | |
| parent | bpf: Fix typo in a comment in bpf lpm_trie. (diff) | |
| download | linux-dev-e63a02348958cd7cc8c8401c94de57ad97b5d06c.tar.xz linux-dev-e63a02348958cd7cc8c8401c94de57ad97b5d06c.zip | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next
Alexei Starovoitov says:
====================
pull-request: bpf-next 2021-12-30
The following pull-request contains BPF updates for your *net-next* tree.
We've added 72 non-merge commits during the last 20 day(s) which contain
a total of 223 files changed, 3510 insertions(+), 1591 deletions(-).
The main changes are:
1) Automatic setrlimit in libbpf when bpf is memcg's in the kernel, from Andrii.
2) Beautify and de-verbose verifier logs, from Christy.
3) Composable verifier types, from Hao.
4) bpf_strncmp helper, from Hou.
5) bpf.h header dependency cleanup, from Jakub.
6) get_func_[arg|ret|arg_cnt] helpers, from Jiri.
7) Sleepable local storage, from KP.
8) Extend kfunc with PTR_TO_CTX, PTR_TO_MEM argument support, from Kumar.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'kernel/bpf/btf.c')
| -rw-r--r-- | kernel/bpf/btf.c | 124 | 
1 files changed, 88 insertions, 36 deletions
| diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c index 8b00c6e4d6fb..33bb8ae4a804 100644 --- a/kernel/bpf/btf.c +++ b/kernel/bpf/btf.c @@ -4826,7 +4826,7 @@ struct btf *bpf_prog_get_target_btf(const struct bpf_prog *prog)  		return prog->aux->attach_btf;  } -static bool is_string_ptr(struct btf *btf, const struct btf_type *t) +static bool is_int_ptr(struct btf *btf, const struct btf_type *t)  {  	/* t comes in already as a pointer */  	t = btf_type_by_id(btf, t->type); @@ -4835,8 +4835,7 @@ static bool is_string_ptr(struct btf *btf, const struct btf_type *t)  	if (BTF_INFO_KIND(t->info) == BTF_KIND_CONST)  		t = btf_type_by_id(btf, t->type); -	/* char, signed char, unsigned char */ -	return btf_type_is_int(t) && t->size == 1; +	return btf_type_is_int(t);  }  bool btf_ctx_access(int off, int size, enum bpf_access_type type, @@ -4941,10 +4940,12 @@ bool btf_ctx_access(int off, int size, enum bpf_access_type type,  	/* check for PTR_TO_RDONLY_BUF_OR_NULL or PTR_TO_RDWR_BUF_OR_NULL */  	for (i = 0; i < prog->aux->ctx_arg_info_size; i++) {  		const struct bpf_ctx_arg_aux *ctx_arg_info = &prog->aux->ctx_arg_info[i]; +		u32 type, flag; -		if (ctx_arg_info->offset == off && -		    (ctx_arg_info->reg_type == PTR_TO_RDONLY_BUF_OR_NULL || -		     ctx_arg_info->reg_type == PTR_TO_RDWR_BUF_OR_NULL)) { +		type = base_type(ctx_arg_info->reg_type); +		flag = type_flag(ctx_arg_info->reg_type); +		if (ctx_arg_info->offset == off && type == PTR_TO_BUF && +		    (flag & PTR_MAYBE_NULL)) {  			info->reg_type = ctx_arg_info->reg_type;  			return true;  		} @@ -4957,7 +4958,7 @@ bool btf_ctx_access(int off, int size, enum bpf_access_type type,  		 */  		return true; -	if (is_string_ptr(btf, t)) +	if (is_int_ptr(btf, t))  		return true;  	/* this is a pointer to another type */ @@ -5575,12 +5576,53 @@ static u32 *reg2btf_ids[__BPF_REG_TYPE_MAX] = {  #endif  }; +/* Returns true if struct is composed of scalars, 4 levels of nesting allowed */ +static bool __btf_type_is_scalar_struct(struct bpf_verifier_log *log, +					const struct btf *btf, +					const struct btf_type *t, int rec) +{ +	const struct btf_type *member_type; +	const struct btf_member *member; +	u32 i; + +	if (!btf_type_is_struct(t)) +		return false; + +	for_each_member(i, t, member) { +		const struct btf_array *array; + +		member_type = btf_type_skip_modifiers(btf, member->type, NULL); +		if (btf_type_is_struct(member_type)) { +			if (rec >= 3) { +				bpf_log(log, "max struct nesting depth exceeded\n"); +				return false; +			} +			if (!__btf_type_is_scalar_struct(log, btf, member_type, rec + 1)) +				return false; +			continue; +		} +		if (btf_type_is_array(member_type)) { +			array = btf_type_array(member_type); +			if (!array->nelems) +				return false; +			member_type = btf_type_skip_modifiers(btf, array->type, NULL); +			if (!btf_type_is_scalar(member_type)) +				return false; +			continue; +		} +		if (!btf_type_is_scalar(member_type)) +			return false; +	} +	return true; +} +  static int btf_check_func_arg_match(struct bpf_verifier_env *env,  				    const struct btf *btf, u32 func_id,  				    struct bpf_reg_state *regs,  				    bool ptr_to_mem_ok)  {  	struct bpf_verifier_log *log = &env->log; +	bool is_kfunc = btf_is_kernel(btf);  	const char *func_name, *ref_tname;  	const struct btf_type *t, *ref_t;  	const struct btf_param *args; @@ -5633,7 +5675,20 @@ static int btf_check_func_arg_match(struct bpf_verifier_env *env,  		ref_t = btf_type_skip_modifiers(btf, t->type, &ref_id);  		ref_tname = btf_name_by_offset(btf, ref_t->name_off); -		if (btf_is_kernel(btf)) { +		if (btf_get_prog_ctx_type(log, btf, t, +					  env->prog->type, i)) { +			/* If function expects ctx type in BTF check that caller +			 * is passing PTR_TO_CTX. +			 */ +			if (reg->type != PTR_TO_CTX) { +				bpf_log(log, +					"arg#%d expected pointer to ctx, but got %s\n", +					i, btf_type_str(t)); +				return -EINVAL; +			} +			if (check_ctx_reg(env, reg, regno)) +				return -EINVAL; +		} else if (is_kfunc && (reg->type == PTR_TO_BTF_ID || reg2btf_ids[reg->type])) {  			const struct btf_type *reg_ref_t;  			const struct btf *reg_btf;  			const char *reg_ref_tname; @@ -5649,14 +5704,9 @@ static int btf_check_func_arg_match(struct bpf_verifier_env *env,  			if (reg->type == PTR_TO_BTF_ID) {  				reg_btf = reg->btf;  				reg_ref_id = reg->btf_id; -			} else if (reg2btf_ids[reg->type]) { +			} else {  				reg_btf = btf_vmlinux;  				reg_ref_id = *reg2btf_ids[reg->type]; -			} else { -				bpf_log(log, "kernel function %s args#%d expected pointer to %s %s but R%d is not a pointer to btf_id\n", -					func_name, i, -					btf_type_str(ref_t), ref_tname, regno); -				return -EINVAL;  			}  			reg_ref_t = btf_type_skip_modifiers(reg_btf, reg_ref_id, @@ -5672,23 +5722,24 @@ static int btf_check_func_arg_match(struct bpf_verifier_env *env,  					reg_ref_tname);  				return -EINVAL;  			} -		} else if (btf_get_prog_ctx_type(log, btf, t, -						 env->prog->type, i)) { -			/* If function expects ctx type in BTF check that caller -			 * is passing PTR_TO_CTX. -			 */ -			if (reg->type != PTR_TO_CTX) { -				bpf_log(log, -					"arg#%d expected pointer to ctx, but got %s\n", -					i, btf_type_str(t)); -				return -EINVAL; -			} -			if (check_ctx_reg(env, reg, regno)) -				return -EINVAL;  		} else if (ptr_to_mem_ok) {  			const struct btf_type *resolve_ret;  			u32 type_size; +			if (is_kfunc) { +				/* Permit pointer to mem, but only when argument +				 * type is pointer to scalar, or struct composed +				 * (recursively) of scalars. +				 */ +				if (!btf_type_is_scalar(ref_t) && +				    !__btf_type_is_scalar_struct(log, btf, ref_t, 0)) { +					bpf_log(log, +						"arg#%d pointer type %s %s must point to scalar or struct with scalar\n", +						i, btf_type_str(ref_t), ref_tname); +					return -EINVAL; +				} +			} +  			resolve_ret = btf_resolve_size(btf, ref_t, &type_size);  			if (IS_ERR(resolve_ret)) {  				bpf_log(log, @@ -5701,6 +5752,8 @@ static int btf_check_func_arg_match(struct bpf_verifier_env *env,  			if (check_mem_reg(env, reg, regno, type_size))  				return -EINVAL;  		} else { +			bpf_log(log, "reg type unsupported for arg#%d %sfunction %s#%d\n", i, +				is_kfunc ? "kernel " : "", func_name, func_id);  			return -EINVAL;  		}  	} @@ -5750,7 +5803,7 @@ int btf_check_kfunc_arg_match(struct bpf_verifier_env *env,  			      const struct btf *btf, u32 func_id,  			      struct bpf_reg_state *regs)  { -	return btf_check_func_arg_match(env, btf, func_id, regs, false); +	return btf_check_func_arg_match(env, btf, func_id, regs, true);  }  /* Convert BTF of a function into bpf_reg_state if possible @@ -5858,7 +5911,7 @@ int btf_prepare_func_args(struct bpf_verifier_env *env, int subprog,  				return -EINVAL;  			} -			reg->type = PTR_TO_MEM_OR_NULL; +			reg->type = PTR_TO_MEM | PTR_MAYBE_NULL;  			reg->id = ++env->id_gen;  			continue; @@ -6352,7 +6405,7 @@ const struct bpf_func_proto bpf_btf_find_by_name_kind_proto = {  	.func		= bpf_btf_find_by_name_kind,  	.gpl_only	= false,  	.ret_type	= RET_INTEGER, -	.arg1_type	= ARG_PTR_TO_MEM, +	.arg1_type	= ARG_PTR_TO_MEM | MEM_RDONLY,  	.arg2_type	= ARG_CONST_SIZE,  	.arg3_type	= ARG_ANYTHING,  	.arg4_type	= ARG_ANYTHING, @@ -6534,12 +6587,11 @@ static struct bpf_cand_cache *populate_cand_cache(struct bpf_cand_cache *cands,  		bpf_free_cands_from_cache(*cc);  		*cc = NULL;  	} -	new_cands = kmalloc(sizeof_cands(cands->cnt), GFP_KERNEL); +	new_cands = kmemdup(cands, sizeof_cands(cands->cnt), GFP_KERNEL);  	if (!new_cands) {  		bpf_free_cands(cands);  		return ERR_PTR(-ENOMEM);  	} -	memcpy(new_cands, cands, sizeof_cands(cands->cnt));  	/* strdup the name, since it will stay in cache.  	 * the cands->name points to strings in prog's BTF and the prog can be unloaded.  	 */ @@ -6657,7 +6709,7 @@ bpf_core_find_cands(struct bpf_core_ctx *ctx, u32 local_type_id)  	main_btf = bpf_get_btf_vmlinux();  	if (IS_ERR(main_btf)) -		return (void *)main_btf; +		return ERR_CAST(main_btf);  	local_type = btf_type_by_id(local_btf, local_type_id);  	if (!local_type) @@ -6684,14 +6736,14 @@ bpf_core_find_cands(struct bpf_core_ctx *ctx, u32 local_type_id)  	/* Attempt to find target candidates in vmlinux BTF first */  	cands = bpf_core_add_cands(cands, main_btf, 1);  	if (IS_ERR(cands)) -		return cands; +		return ERR_CAST(cands);  	/* cands is a pointer to kmalloced memory here if cands->cnt > 0 */  	/* populate cache even when cands->cnt == 0 */  	cc = populate_cand_cache(cands, vmlinux_cand_cache, VMLINUX_CAND_CACHE_SIZE);  	if (IS_ERR(cc)) -		return cc; +		return ERR_CAST(cc);  	/* if vmlinux BTF has any candidate, don't go for module BTFs */  	if (cc->cnt) @@ -6717,7 +6769,7 @@ check_modules:  		cands = bpf_core_add_cands(cands, mod_btf, btf_nr_types(main_btf));  		if (IS_ERR(cands)) {  			btf_put(mod_btf); -			return cands; +			return ERR_CAST(cands);  		}  		spin_lock_bh(&btf_idr_lock);  		btf_put(mod_btf); | 
