[v4,bpf-next,07/14] bpf: Define acquire-release pairs for kfuncs

Message ID	0d951f5f56365c4f8a7b2ed8951d997b7bc696ef.1653600578.git.lorenzo@kernel.org (mailing list archive)
State	Changes Requested
Delegated to:	BPF
Headers	show Return-Path: <netdev-owner@kernel.org> From: Lorenzo Bianconi <lorenzo@kernel.org> To: bpf@vger.kernel.org Cc: netdev@vger.kernel.org, ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, davem@davemloft.net, kuba@kernel.org, edumazet@google.com, pabeni@redhat.com, pablo@netfilter.org, fw@strlen.de, netfilter-devel@vger.kernel.org, lorenzo.bianconi@redhat.com, brouer@redhat.com, toke@redhat.com, memxor@gmail.com, yhs@fb.com Subject: [PATCH v4 bpf-next 07/14] bpf: Define acquire-release pairs for kfuncs Date: Thu, 26 May 2022 23:34:55 +0200 Message-Id: <0d951f5f56365c4f8a7b2ed8951d997b7bc696ef.1653600578.git.lorenzo@kernel.org> In-Reply-To: <cover.1653600577.git.lorenzo@kernel.org> References: <cover.1653600577.git.lorenzo@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	net: netfilter: add kfunc helper to update ct timeout \| expand [v4,bpf-next,00/14] net: netfilter: add kfunc helper to update ct timeout [v4,bpf-next,01/14] bpf: Add support for forcing kfunc args to be referenced [v4,bpf-next,02/14] bpf: Print multiple type flags in verifier log [v4,bpf-next,03/14] bpf: Support rdonly PTR_TO_BTF_ID for pointer to const return value [v4,bpf-next,04/14] bpf: Support storing rdonly PTR_TO_BTF_ID in BPF maps [v4,bpf-next,05/14] bpf: Support passing rdonly PTR_TO_BTF_ID to kfunc [v4,bpf-next,06/14] bpf: Whitelist some fields in nf_conn for BPF_WRITE [v4,bpf-next,07/14] bpf: Define acquire-release pairs for kfuncs [v4,bpf-next,08/14] selftests/bpf: Add verifier tests for forced kfunc ref args [v4,bpf-next,09/14] selftests/bpf: Add C tests for rdonly PTR_TO_BTF_ID [v4,bpf-next,10/14] selftests/bpf: Add verifier tests for rdonly PTR_TO_BTF_ID [v4,bpf-next,11/14] net: netfilter: add kfunc helper to update ct timeout [v4,bpf-next,12/14] net: netfilter: add kfunc helpers to alloc and insert a new ct entry [v4,bpf-next,13/14] selftests/bpf: add selftest for bpf_xdp_ct_add and bpf_ct_refresh_timeout kfunc [v4,bpf-next,14/14] selftests/bpf: Add negative tests for bpf_nf

Context	Check	Description
netdev/tree_selection	success	Clearly marked for bpf-next, async
netdev/fixes_present	success	Fixes tag not required for -next series
netdev/subject_prefix	success	Link
netdev/cover_letter	success	Series has a cover letter
netdev/patch_count	success	Link
netdev/header_inline	success	No static functions without inline keyword in header files
netdev/build_32bit	success	Errors and warnings before: 1449 this patch: 1449
netdev/cc_maintainers	warning	7 maintainers not CCed: songliubraving@fb.com hawk@kernel.org kadlec@netfilter.org john.fastabend@gmail.com kafai@fb.com coreteam@netfilter.org kpsingh@kernel.org
netdev/build_clang	success	Errors and warnings before: 177 this patch: 177
netdev/module_param	success	Was 0 now: 0
netdev/verify_signedoff	success	Signed-off-by tag matches author and committer
netdev/check_selftest	success	No net selftest shell script
netdev/verify_fixes	success	No Fixes tag
netdev/build_allmodconfig_warn	success	Errors and warnings before: 1456 this patch: 1456
netdev/checkpatch	warning	CHECK: Please use a blank line after function/struct/union/enum declarations WARNING: line length of 101 exceeds 80 columns WARNING: line length of 106 exceeds 80 columns WARNING: line length of 82 exceeds 80 columns WARNING: line length of 86 exceeds 80 columns WARNING: line length of 89 exceeds 80 columns WARNING: line length of 90 exceeds 80 columns WARNING: line length of 96 exceeds 80 columns
netdev/kdoc	success	Errors and warnings before: 0 this patch: 0
netdev/source_inline	success	Was 0 now: 0
bpf/vmtest-bpf-next-VM_Test-2	success	Logs for Kernel LATEST on ubuntu-latest with llvm-15
bpf/vmtest-bpf-next-VM_Test-1	success	Logs for Kernel LATEST on ubuntu-latest with gcc
bpf/vmtest-bpf-next-PR	success	PR summary
bpf/vmtest-bpf-next-VM_Test-3	success	Logs for Kernel LATEST on z15 with gcc

diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h index e8439f6cbe57..fb87f9cfa41a 100644 --- a/include/linux/bpf_verifier.h +++ b/include/linux/bpf_verifier.h @@ -68,6 +68,7 @@ struct bpf_reg_state { struct { struct btf *btf; u32 btf_id; + u32 acq_kfunc_btf_id; }; u32 mem_size; /* for PTR_TO_MEM | PTR_TO_MEM_OR_NULL */ diff --git a/include/linux/btf.h b/include/linux/btf.h index f8dc5f810b40..30977d7332c6 100644 --- a/include/linux/btf.h +++ b/include/linux/btf.h @@ -40,6 +40,8 @@ struct btf_kfunc_id_set { }; struct btf_id_set *sets[BTF_KFUNC_TYPE_MAX]; }; + u32 *acq_rel_pairs; + u32 acq_rel_pairs_cnt; }; struct btf_id_dtor_kfunc { @@ -382,6 +384,9 @@ struct btf *bpf_prog_get_target_btf(const struct bpf_prog *prog); bool btf_kfunc_id_set_contains(const struct btf *btf, enum bpf_prog_type prog_type, enum btf_kfunc_type type, u32 kfunc_btf_id); +int btf_kfunc_match_acq_rel_pair(const struct btf *btf, + enum bpf_prog_type prog_type, + u32 acq_kfunc_btf_id, u32 rel_kfunc_btf_id); int register_btf_kfunc_id_set(enum bpf_prog_type prog_type, const struct btf_kfunc_id_set *s); s32 btf_find_dtor_kfunc(struct btf *btf, u32 btf_id); @@ -405,6 +410,12 @@ static inline bool btf_kfunc_id_set_contains(const struct btf *btf, { return false; } +static inline int btf_kfunc_match_acq_rel_pair(const struct btf *btf, + enum bpf_prog_type prog_type, + u32 acq_kfunc_btf_id, u32 rel_kfunc_btf_id) +{ + return 0; +} static inline int register_btf_kfunc_id_set(enum bpf_prog_type prog_type, const struct btf_kfunc_id_set *s) { diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c index 9b9fbb43c417..456ba6120aa8 100644 --- a/kernel/bpf/btf.c +++ b/kernel/bpf/btf.c @@ -214,6 +214,7 @@ enum { struct btf_kfunc_set_tab { struct btf_id_set *sets[BTF_KFUNC_HOOK_MAX][BTF_KFUNC_TYPE_MAX]; + struct btf_id_set *acq_rel_pairs[BTF_KFUNC_HOOK_MAX]; }; struct btf_id_dtor_kfunc_tab { @@ -1595,6 +1596,7 @@ static void btf_free_kfunc_set_tab(struct btf *btf) for (hook = 0; hook < ARRAY_SIZE(tab->sets); hook++) { for (type = 0; type < ARRAY_SIZE(tab->sets[0]); type++) kfree(tab->sets[hook][type]); + kfree(tab->acq_rel_pairs[hook]); } free_tab: kfree(tab); @@ -6226,7 +6228,7 @@ static int btf_check_func_arg_match(struct bpf_verifier_env *env, if (base_type(reg->type) == PTR_TO_BTF_ID) { if ((reg->type & MEM_RDONLY) && !is_ref_t_const) { - bpf_log(log, "cannot pass read only pointer to arg#%d", i); + bpf_log(log, "cannot pass read only pointer to arg#%d\n", i); return -EINVAL; } reg_btf = reg->btf; @@ -7119,6 +7121,55 @@ static int btf_populate_kfunc_set(struct btf *btf, enum btf_kfunc_hook hook, return ret; } +static int btf_populate_kfunc_acq_rel_pairs(struct btf *btf, enum btf_kfunc_hook hook, + const struct btf_kfunc_id_set *kset) +{ + struct btf_kfunc_set_tab *tab; + struct btf_id_set *pairs; + u32 cnt; + int ret; + + if (hook >= BTF_KFUNC_HOOK_MAX || (kset->acq_rel_pairs_cnt & 1)) { + ret = -EINVAL; + goto end; + } + + tab = btf->kfunc_set_tab; + pairs = tab->acq_rel_pairs[hook]; + /* Only one call allowed for modules */ + if (WARN_ON_ONCE(pairs && btf_is_module(btf))) { + ret = -EINVAL; + goto end; + } + + cnt = pairs ? pairs->cnt : 0; + if (cnt > U32_MAX - kset->acq_rel_pairs_cnt) { + ret = -EOVERFLOW; + goto end; + } + + pairs = krealloc(tab->acq_rel_pairs[hook], + offsetof(struct btf_id_set, ids[cnt + kset->acq_rel_pairs_cnt]), + GFP_KERNEL | __GFP_NOWARN); + if (!pairs) { + ret = -ENOMEM; + goto end; + } + + if (!tab->acq_rel_pairs[hook]) + pairs->cnt = 0; + tab->acq_rel_pairs[hook] = pairs; + + memcpy(pairs->ids + pairs->cnt, kset->acq_rel_pairs, + kset->acq_rel_pairs_cnt * sizeof(pairs->ids[0])); + pairs->cnt += kset->acq_rel_pairs_cnt; + + return 0; +end: + btf_free_kfunc_set_tab(btf); + return ret; +} + static bool __btf_kfunc_id_set_contains(const struct btf *btf, enum btf_kfunc_hook hook, enum btf_kfunc_type type, @@ -7171,6 +7222,51 @@ bool btf_kfunc_id_set_contains(const struct btf *btf, return __btf_kfunc_id_set_contains(btf, hook, type, kfunc_btf_id); } +/* If no mapping exists, just rely on argument matching. Otherwise even if one + * mapping exists for acq_kfunc_btf_id, we fail on not finding a matching pair. + * Hence, an acquire kfunc either has 0 mappings, or N mappings. In case of 0 + * mappings, only rely on the result of argument matches. In case of N mappings, + * always check for a mapping between the acquire and release function, and fail + * on not finding a match. + */ +int btf_kfunc_match_acq_rel_pair(const struct btf *btf, + enum bpf_prog_type prog_type, + u32 acq_kfunc_btf_id, u32 rel_kfunc_btf_id) +{ + struct btf_kfunc_set_tab *tab = btf->kfunc_set_tab; + enum btf_kfunc_hook hook; + struct btf_id_set *pairs; + bool was_seen = false; + u32 i; + + if (!acq_kfunc_btf_id) + return 0; + hook = bpf_prog_type_to_kfunc_hook(prog_type); + if (hook >= BTF_KFUNC_HOOK_MAX) + return -EINVAL; + if (WARN_ON_ONCE(!tab)) + return -EFAULT; + pairs = tab->acq_rel_pairs[hook]; + if (!pairs) + return 0; + for (i = 0; i < pairs->cnt; i += 2) { + if (pairs->ids[i] == acq_kfunc_btf_id) { + was_seen = true; + if (pairs->ids[i + 1] == rel_kfunc_btf_id) + return 0; + } + } + /* There are some mappings for this acq_kfunc_btf_id, but none that + * matched this pair. + */ + if (was_seen) + return -ENOENT; + /* There are no mappings for this acq_kfunc_btf_id, just rely on + * argument matching. + */ + return 0; +} + /* This function must be invoked only from initcalls/module init functions */ int register_btf_kfunc_id_set(enum bpf_prog_type prog_type, const struct btf_kfunc_id_set *kset) @@ -7196,6 +7292,7 @@ int register_btf_kfunc_id_set(enum bpf_prog_type prog_type, hook = bpf_prog_type_to_kfunc_hook(prog_type); ret = btf_populate_kfunc_set(btf, hook, kset); + ret = ret ?: btf_populate_kfunc_acq_rel_pairs(btf, hook, kset); btf_put(btf); return ret; } diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 8cc754d83521..cd8bf00a657f 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -7532,7 +7532,21 @@ static int check_kfunc_call(struct bpf_verifier_env *env, struct bpf_insn *insn, * PTR_TO_BTF_ID back from btf_check_kfunc_arg_match, do the release now */ if (err) { - err = release_reference(env, regs[err].ref_obj_id); + int regno = err; + + if (regs[regno].acq_kfunc_btf_id && desc_btf != regs[regno].btf) { + verbose(env, "verifier internal error: acquire and release kfunc BTF must match"); + return -EFAULT; + } + err = btf_kfunc_match_acq_rel_pair(desc_btf, resolve_prog_type(env->prog), + regs[regno].acq_kfunc_btf_id, func_id); + if (err) { + if (err == -ENOENT) + verbose(env, "kfunc %s#%d not permitted to release reference\n", + func_name, func_id); + return err; + } + err = release_reference(env, regs[regno].ref_obj_id); if (err) { verbose(env, "kfunc %s#%d reference has not been acquired before\n", func_name, func_id); @@ -7592,6 +7606,7 @@ static int check_kfunc_call(struct bpf_verifier_env *env, struct bpf_insn *insn, return id; regs[BPF_REG_0].id = id; regs[BPF_REG_0].ref_obj_id = id; + regs[BPF_REG_0].acq_kfunc_btf_id = func_id; } } /* else { add_kfunc_call() ensures it is btf_type_is_void(t) } */ diff --git a/net/netfilter/nf_conntrack_bpf.c b/net/netfilter/nf_conntrack_bpf.c index fbf58eb74c79..5169405dd9d1 100644 --- a/net/netfilter/nf_conntrack_bpf.c +++ b/net/netfilter/nf_conntrack_bpf.c @@ -243,20 +243,31 @@ BTF_SET_END(nf_ct_release_kfunc_ids) /* Both sets are identical */ #define nf_ct_ret_null_kfunc_ids nf_ct_acquire_kfunc_ids +BTF_ID_LIST(nf_ct_acq_rel_pairs) +BTF_ID(func, bpf_xdp_ct_lookup) +BTF_ID(func, bpf_ct_release) + +BTF_ID(func, bpf_skb_ct_lookup) +BTF_ID(func, bpf_ct_release) + static const struct btf_kfunc_id_set nf_conntrack_xdp_kfunc_set = { - .owner = THIS_MODULE, - .check_set = &nf_ct_xdp_check_kfunc_ids, - .acquire_set = &nf_ct_acquire_kfunc_ids, - .release_set = &nf_ct_release_kfunc_ids, - .ret_null_set = &nf_ct_ret_null_kfunc_ids, + .owner = THIS_MODULE, + .check_set = &nf_ct_xdp_check_kfunc_ids, + .acquire_set = &nf_ct_acquire_kfunc_ids, + .release_set = &nf_ct_release_kfunc_ids, + .ret_null_set = &nf_ct_ret_null_kfunc_ids, + .acq_rel_pairs = nf_ct_acq_rel_pairs, + .acq_rel_pairs_cnt = 10, }; static const struct btf_kfunc_id_set nf_conntrack_tc_kfunc_set = { - .owner = THIS_MODULE, - .check_set = &nf_ct_tc_check_kfunc_ids, - .acquire_set = &nf_ct_acquire_kfunc_ids, - .release_set = &nf_ct_release_kfunc_ids, - .ret_null_set = &nf_ct_ret_null_kfunc_ids, + .owner = THIS_MODULE, + .check_set = &nf_ct_tc_check_kfunc_ids, + .acquire_set = &nf_ct_acquire_kfunc_ids, + .release_set = &nf_ct_release_kfunc_ids, + .ret_null_set = &nf_ct_ret_null_kfunc_ids, + .acq_rel_pairs = nf_ct_acq_rel_pairs, + .acq_rel_pairs_cnt = 10, }; BTF_ID_LIST_SINGLE(nf_conn_btf_id, struct, nf_conn)

[v4,bpf-next,07/14] bpf: Define acquire-release pairs for kfuncs

Checks

Commit Message

Patch