mbox series

[v3,bpf,0/5] Tighten up arg:ctx type enforcement

Message ID 20240118033143.3384355-1-andrii@kernel.org (mailing list archive)
Headers show
Series Tighten up arg:ctx type enforcement | expand

Message

Andrii Nakryiko Jan. 18, 2024, 3:31 a.m. UTC 
Follow up fixes for kernel-side and libbpf-side logic around handling arg:ctx
(__arg_ctx) tagged arguments of BPF global subprogs.

Patch #1 adds libbpf feature detection of kernel-side __arg_ctx support to
avoid unnecessary rewriting BTF types. With stricter kernel-side type
enforcement this is now mandatory to avoid problems with using `struct
bpf_user_pt_regs_t` instead of actual typedef. For __arg_ctx tagged arguments
verifier is now supporting either `bpf_user_pt_regs_t` typedef or resolves it
down to the actual struct (pt_regs/user_pt_regs/user_regs_struct), depending
on architecture), but for old kernels without __arg_ctx support it's more
backwards compatible for libbpf to use `struct bpf_user_pt_regs_t` rewrite
which will work on wider range of kernels. So feature detection prevent libbpf
accidentally breaking global subprogs on new kernels.

We also adjust selftests to do similar feature detection (much simpler, but
potentially breaking due to kernel source code refactoring, which is fine for
selftests), and skip tests expecting libbpf's BTF type rewrites.

Patch #2 is preparatory refactoring for patch #3 which adds type enforcement
for arg:ctx tagged global subprog args. See the patch for specifics.

Patch #4 adds many new cases to ensure type logic works as expected.

Finally, patch #5 adds a relevant subset of kernel-side type checks to
__arg_ctx cases that libbpf supports rewrite of. In libbpf's case, type
violations are reported as warnings and BTF rewrite is not performed, which
will eventually lead to BPF verifier complaining at program verification time.

Good care was taken to avoid conflicts between bpf and bpf-next tree (which
has few follow up refactorings in the same code area). Once trees converge
some of the code will be moved around a bit (and some will be deleted), but
with no change to functionality or general shape of the code.

v2->v3:
  - support `bpf_user_pt_regs_t` typedef for KPROBE and PERF_EVENT (CI);
v1->v2:
  - add user_pt_regs and user_regs_struct support for PERF_EVENT (CI);
  - drop FEAT_ARG_CTX_TAG enum leftover from patch #1;
  - fix warning about default: without break in the switch (CI).

Andrii Nakryiko (5):
  libbpf: feature-detect arg:ctx tag support in kernel
  bpf: extract bpf_ctx_convert_map logic and make it more reusable
  bpf: enforce types for __arg_ctx-tagged arguments in global subprogs
  selftests/bpf: add tests confirming type logic in kernel for __arg_ctx
  libbpf: warn on unexpected __arg_ctx type when rewriting BTF

 include/linux/btf.h                           |   2 +-
 kernel/bpf/btf.c                              | 231 ++++++++++++++++--
 tools/lib/bpf/libbpf.c                        | 142 ++++++++++-
 .../bpf/prog_tests/test_global_funcs.c        |  13 +
 .../bpf/progs/verifier_global_subprogs.c      | 164 ++++++++++++-
 5 files changed, 513 insertions(+), 39 deletions(-)

Comments

patchwork-bot+netdevbpf@kernel.org Jan. 18, 2024, 4:30 a.m. UTC | #1 
Hello:

This series was applied to bpf/bpf.git (master)
by Alexei Starovoitov <ast@kernel.org>:

On Wed, 17 Jan 2024 19:31:38 -0800 you wrote:
> Follow up fixes for kernel-side and libbpf-side logic around handling arg:ctx
> (__arg_ctx) tagged arguments of BPF global subprogs.
> 
> Patch #1 adds libbpf feature detection of kernel-side __arg_ctx support to
> avoid unnecessary rewriting BTF types. With stricter kernel-side type
> enforcement this is now mandatory to avoid problems with using `struct
> bpf_user_pt_regs_t` instead of actual typedef. For __arg_ctx tagged arguments
> verifier is now supporting either `bpf_user_pt_regs_t` typedef or resolves it
> down to the actual struct (pt_regs/user_pt_regs/user_regs_struct), depending
> on architecture), but for old kernels without __arg_ctx support it's more
> backwards compatible for libbpf to use `struct bpf_user_pt_regs_t` rewrite
> which will work on wider range of kernels. So feature detection prevent libbpf
> accidentally breaking global subprogs on new kernels.
> 
> [...]

Here is the summary with links:
  - [v3,bpf,1/5] libbpf: feature-detect arg:ctx tag support in kernel
    https://git.kernel.org/bpf/bpf/c/01b55f4f0cd6
  - [v3,bpf,2/5] bpf: extract bpf_ctx_convert_map logic and make it more reusable
    https://git.kernel.org/bpf/bpf/c/66967a32d3b1
  - [v3,bpf,3/5] bpf: enforce types for __arg_ctx-tagged arguments in global subprogs
    https://git.kernel.org/bpf/bpf/c/0ba971511d16
  - [v3,bpf,4/5] selftests/bpf: add tests confirming type logic in kernel for __arg_ctx
    https://git.kernel.org/bpf/bpf/c/989410cde819
  - [v3,bpf,5/5] libbpf: warn on unexpected __arg_ctx type when rewriting BTF
    https://git.kernel.org/bpf/bpf/c/76ec90a996e3

You are awesome, thank you!