From patchwork Tue Nov 7 13:22:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuyi Zhou X-Patchwork-Id: 13448633 X-Patchwork-Delegate: bpf@iogearbox.net Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A78AF2FE3B for ; Tue, 7 Nov 2023 13:22:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=bytedance.com header.i=@bytedance.com header.b="EClb5Jim" Received: from mail-pg1-x532.google.com (mail-pg1-x532.google.com [IPv6:2607:f8b0:4864:20::532]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7211F92 for ; Tue, 7 Nov 2023 05:22:20 -0800 (PST) Received: by mail-pg1-x532.google.com with SMTP id 41be03b00d2f7-565334377d0so4198111a12.2 for ; Tue, 07 Nov 2023 05:22:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance.com; s=google; t=1699363339; x=1699968139; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=vwZePJeoSr3O0bybFoYz59dDfNn8i1xg6Qpn6uw7YTk=; b=EClb5Jimh8pNWkq9fifht40o5OOgp7I9LqGnE3kDcb0MlWlFTMA0kf3PZEGG2Q7I26 mSp8Ku9IjEq37gCeHKZXNjxjkAvVOBLYbqdbbq/x1mmFqd4JP58VSgNp8VHLqoKufaQY ByPe1hGtRqK7m8E1pzdPbJ6Udg0K0/pvvLlGxU3rjcCV+nBNgTQblmcb6LzIsa0hvbdr qc2hye82o8HP3oCnoIQpL4/9njluz3a9f2WIoPI1ScPrPHdCS9YxuP5upxvnUPvwq+Zp 7Sd23Qj308btwUb9eyja+KGSfaCat6VEax6LwdtznntAc8aiwE/+5dPgKCC1tTnIFgd1 ZTyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699363339; x=1699968139; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vwZePJeoSr3O0bybFoYz59dDfNn8i1xg6Qpn6uw7YTk=; b=B/VWqZPwhyKzvK/iQnlbSOCq3J+ueWKWHjSy+mE/4sM7+J0mWSd0Y8CwfGuE/0g1ta GiK1fxb2BZL5k5KCsUzcrEdnNYDpMJxPrCFibmeZVQAtseA5FxIU1QP6r+KUNf5Hq3Kv W4C3ctLXwjZ6hzyOZmdhxYNYfSmQI8h5mOsL8ZRQM9eenSIfluNzHFmXt62Uelp+muX2 yppvYq4Ge9f87du7iH/TtWoMpX4d3+Mm1EWcnI3+q8AjKO1itFz527tlCO+zBRDTIy9F L/I2mBGTinAdV+wuVFZuY/gZvUr/PSK74s1Xdim7aBfy2sK59mltsh48vjgRrbnfxxJh k1qg== X-Gm-Message-State: AOJu0Ywu43yHo41qO0HsQ+a37kF8dqWE2e5kJlDfn0oRSHYYBC6mYjFj PmU9WKtazIrE3YLiCtEMBueC3De4Zp9qNa/g9XI= X-Google-Smtp-Source: AGHT+IFnw3uPBxos8gEWgBswMK40sWIfoR3WaKz8MQHNdtIwFSKOXiAcgm3UyTFJ9RKm4yI/OQ9VIw== X-Received: by 2002:a05:6a21:4881:b0:180:ebec:da31 with SMTP id av1-20020a056a21488100b00180ebecda31mr24258179pzc.8.1699363339634; Tue, 07 Nov 2023 05:22:19 -0800 (PST) Received: from n37-019-243.byted.org ([180.184.51.70]) by smtp.gmail.com with ESMTPSA id y36-20020a056a00182400b0068790c41ca2sm7218881pfa.27.2023.11.07.05.22.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Nov 2023 05:22:19 -0800 (PST) From: Chuyi Zhou To: bpf@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, martin.lau@kernel.org, Chuyi Zhou , Yonghong Song Subject: [PATCH bpf v2 1/2] bpf: Let verifier consider {task,cgroup} is trusted in bpf_iter_reg Date: Tue, 7 Nov 2023 21:22:03 +0800 Message-Id: <20231107132204.912120-2-zhouchuyi@bytedance.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20231107132204.912120-1-zhouchuyi@bytedance.com> References: <20231107132204.912120-1-zhouchuyi@bytedance.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net BTF_TYPE_SAFE_TRUSTED(struct bpf_iter__task) in verifier.c wanted to teach BPF verifier that bpf_iter__task -> task is a trusted ptr. But it doesn't work well. The reason is, bpf_iter__task -> task would go through btf_ctx_access() which enforces the reg_type of 'task' is ctx_arg_info->reg_type, and in task_iter.c, we actually explicitly declare that the ctx_arg_info->reg_type is PTR_TO_BTF_ID_OR_NULL. Actually we have a previous case like this[1] where PTR_TRUSTED is added to the arg flag for map_iter. This patch sets ctx_arg_info->reg_type is PTR_TO_BTF_ID_OR_NULL | PTR_TRUSTED in task_reg_info. Similarly, bpf_cgroup_reg_info -> cgroup is also PTR_TRUSTED since we are under the protection of cgroup_mutex and we would check cgroup_is_dead() in __cgroup_iter_seq_show(). Link[1]:https://lore.kernel.org/all/20230706133932.45883-3-aspsk@isovalent.com/ Signed-off-by: Chuyi Zhou Acked-by: Yonghong Song --- kernel/bpf/cgroup_iter.c | 2 +- kernel/bpf/task_iter.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/bpf/cgroup_iter.c b/kernel/bpf/cgroup_iter.c index d1b5c5618..f04a468cf 100644 --- a/kernel/bpf/cgroup_iter.c +++ b/kernel/bpf/cgroup_iter.c @@ -282,7 +282,7 @@ static struct bpf_iter_reg bpf_cgroup_reg_info = { .ctx_arg_info_size = 1, .ctx_arg_info = { { offsetof(struct bpf_iter__cgroup, cgroup), - PTR_TO_BTF_ID_OR_NULL }, + PTR_TO_BTF_ID_OR_NULL | PTR_TRUSTED }, }, .seq_info = &cgroup_iter_seq_info, }; diff --git a/kernel/bpf/task_iter.c b/kernel/bpf/task_iter.c index 4e156dca4..26082b978 100644 --- a/kernel/bpf/task_iter.c +++ b/kernel/bpf/task_iter.c @@ -704,7 +704,7 @@ static struct bpf_iter_reg task_reg_info = { .ctx_arg_info_size = 1, .ctx_arg_info = { { offsetof(struct bpf_iter__task, task), - PTR_TO_BTF_ID_OR_NULL }, + PTR_TO_BTF_ID_OR_NULL | PTR_TRUSTED }, }, .seq_info = &task_seq_info, .fill_link_info = bpf_iter_fill_link_info, From patchwork Tue Nov 7 13:22:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuyi Zhou X-Patchwork-Id: 13448634 X-Patchwork-Delegate: bpf@iogearbox.net Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 667802FE3B for ; Tue, 7 Nov 2023 13:22:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=bytedance.com header.i=@bytedance.com header.b="fQrQdKZj" Received: from mail-pf1-x432.google.com (mail-pf1-x432.google.com [IPv6:2607:f8b0:4864:20::432]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4D14A93 for ; Tue, 7 Nov 2023 05:22:23 -0800 (PST) Received: by mail-pf1-x432.google.com with SMTP id d2e1a72fcca58-6c396ef9a3dso2785392b3a.1 for ; Tue, 07 Nov 2023 05:22:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance.com; s=google; t=1699363342; x=1699968142; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=cnY5L7zS0GT7b91/4e+NG++hSn4g9OQWiY3TrFeXNlc=; b=fQrQdKZj90Un3Ekm1TfpFWhFWSfiAQR/qQiUBgx3D3rXHdEMvRJzRcnr7yGa8zgYgZ QWaWU8MrXG2NQLx6p8xDKLwVx85LWSysRwZdkb/QrLZiWyowjWJDZ0PlynmsL6RDSP3w Ye9AYLlgap/CM0H2haCRuMZj9n2HCpQJZ1wnohWxAWm/lSpGG3CtPZHHBtPTeYhJ/HNP V+oJFfn0vhsK0p7GHEuzR11qE7jkyX4mGHFyQMlFvXSOpaTtiRImIJ0JeZpPxngTIomh Xw4VKqp7IhnNaGRsDm+HtdKQtxcHPgkWfGDIj3eSnffzBA2I729bVPIa/QFUPlTSqZpu Nsbw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699363342; x=1699968142; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cnY5L7zS0GT7b91/4e+NG++hSn4g9OQWiY3TrFeXNlc=; b=O5m70iJ/Lvomj5+z76exmtv68HtEfeTfPbvg1ZZ9a9a5c0wtgm7LOQ1wmfz+Vk4ylN QlFgqXyUgMklJbfrAgsrFRCIyI8dKDBcGBtBrv8P2Ww/E7EDJF1OoRjYasdOh+EqnsgK qIQHP9Gkd2eedneOcZj+jTX8pQ7x1z3bKFJPiTNKbtKDUkCoCOQVu4Gyx/XOFjg8pS4n fd9eGMgOm0QiHgOhDhdt55ZVgVK6hsJZmvOJWaNMkbTb9n64FiIiIZSxtWvFevkeWYN5 qBsVCecf6vGKKdTrKMS06cZ2oRMtmEcAOuqXEt+r+rls/DToMkrFQYCGP8fsgb/vq965 pgqg== X-Gm-Message-State: AOJu0YxmLjEsJDmic6XtBVCETkJh1MIuqviZUZK3gD7Glkaqizz8+bh2 lNwWTM5N78kHSWSQGb00eQjnujPaVtTcvXr8Vw0= X-Google-Smtp-Source: AGHT+IEs8O5ut0r1aid3tAhLxsW5KeYnRCTcwZ6HFDuc3R+bni6l8JAgj3S5BO3g8GBDMXOH7zEW2w== X-Received: by 2002:a05:6a21:3393:b0:137:23f1:4281 with SMTP id yy19-20020a056a21339300b0013723f14281mr32232981pzb.12.1699363342395; Tue, 07 Nov 2023 05:22:22 -0800 (PST) Received: from n37-019-243.byted.org ([180.184.51.70]) by smtp.gmail.com with ESMTPSA id y36-20020a056a00182400b0068790c41ca2sm7218881pfa.27.2023.11.07.05.22.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Nov 2023 05:22:22 -0800 (PST) From: Chuyi Zhou To: bpf@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, martin.lau@kernel.org, Chuyi Zhou , Yonghong Song Subject: [PATCH bpf v2 2/2] selftests/bpf: get trusted cgrp from bpf_iter__cgroup directly Date: Tue, 7 Nov 2023 21:22:04 +0800 Message-Id: <20231107132204.912120-3-zhouchuyi@bytedance.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20231107132204.912120-1-zhouchuyi@bytedance.com> References: <20231107132204.912120-1-zhouchuyi@bytedance.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net Commit f49843afde (selftests/bpf: Add tests for css_task iter combining with cgroup iter) added a test which demonstrates how css_task iter can be combined with cgroup iter. That test used bpf_cgroup_from_id() to convert bpf_iter__cgroup->cgroup to a trusted ptr which is pointless now, since with the previous fix, we can get a trusted cgroup directly from bpf_iter__cgroup. Signed-off-by: Chuyi Zhou Acked-by: Yonghong Song --- .../testing/selftests/bpf/progs/iters_css_task.c | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/tools/testing/selftests/bpf/progs/iters_css_task.c b/tools/testing/selftests/bpf/progs/iters_css_task.c index e180aa1b1..9ac758649 100644 --- a/tools/testing/selftests/bpf/progs/iters_css_task.c +++ b/tools/testing/selftests/bpf/progs/iters_css_task.c @@ -56,12 +56,9 @@ SEC("?iter/cgroup") int cgroup_id_printer(struct bpf_iter__cgroup *ctx) { struct seq_file *seq = ctx->meta->seq; - struct cgroup *cgrp, *acquired; + struct cgroup *cgrp = ctx->cgroup; struct cgroup_subsys_state *css; struct task_struct *task; - u64 cgrp_id; - - cgrp = ctx->cgroup; /* epilogue */ if (cgrp == NULL) { @@ -73,20 +70,15 @@ int cgroup_id_printer(struct bpf_iter__cgroup *ctx) if (ctx->meta->seq_num == 0) BPF_SEQ_PRINTF(seq, "prologue\n"); - cgrp_id = cgroup_id(cgrp); - - BPF_SEQ_PRINTF(seq, "%8llu\n", cgrp_id); + BPF_SEQ_PRINTF(seq, "%8llu\n", cgroup_id(cgrp)); - acquired = bpf_cgroup_from_id(cgrp_id); - if (!acquired) - return 0; - css = &acquired->self; + css = &cgrp->self; css_task_cnt = 0; bpf_for_each(css_task, task, css, CSS_TASK_ITER_PROCS) { if (task->pid == target_pid) css_task_cnt++; } - bpf_cgroup_release(acquired); + return 0; }