From patchwork Fri Dec 13 17:51:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kumar Kartikeya Dwivedi X-Patchwork-Id: 13907625 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-wm1-f68.google.com (mail-wm1-f68.google.com [209.85.128.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D4D2C57C9F for ; Fri, 13 Dec 2024 17:51:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.68 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734112294; cv=none; b=PFJg+T4opjoPU485F/SAgWLp5AquTYcRN+u/HFWPLwX+EV+ZPzd9wPW9MKpCZn+3nAz9KBzn+4c+N/9R9Dl+wWq9VsTo8OofBM2GN3GDUqo8TXDhgKQeYKXWJyjdAxnOCBbk1TPX1mNLyuIlULtatEqfcXtjISrjBlAvYXt6N7A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734112294; c=relaxed/simple; bh=KEv755sEVd85j34CZrVOcnTJNLkMRBeR4Nr/xGtMmT4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=HaxWjrJ7AS8HOimtYh3pjslMFjRCATbVInAqPE6BvC6VD1YsItTfe00gAi5gzXcJKiJn+JA1Xq57fYBsP8++K/aq2SscRI65vFNgX6OSQ3Ms6Hmw4N+MTVdcxlocjCO6a0RgRTXkl1uahVWi0jvoS64lQ/UfzkqmbwUviZOp6vU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=T5NSeNIN; arc=none smtp.client-ip=209.85.128.68 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="T5NSeNIN" Received: by mail-wm1-f68.google.com with SMTP id 5b1f17b1804b1-4361e89b6daso14423175e9.3 for ; Fri, 13 Dec 2024 09:51:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1734112290; x=1734717090; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=spCXdJpgRnBemD1PVbI6UIUIfhJ5rtRztRc8Zw0sToo=; b=T5NSeNINMtViRnfB7I/Jd9IAAsQloGTVdOja3JkYpZSp3nUpOt+T8mldqhOP8VBrO6 3odjnYRc5pqfvERSy0nXOHT/IxdsA+T8ekmpPu3kSNMAfQcEILGfqHb0y0i+LiXCGQTP wknbtQJStcttk7Yl5WpfrmrYasrhYSwABlRUQT739XN5W8c64KJBnuJufW4SCs7vjEtV n+AjD8dOl5sKs5gEtZ+F0dui3wBADrJCtP86+MvP3b0wD76wyhM1miU4ADRDMASY21rR EfUVRbDgzPIz6RMFAoPgoYlzE7HlD6n42oNOY9M6IGtrFRSWkMkSCseboUhpkrcTeSnL BL5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734112290; x=1734717090; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=spCXdJpgRnBemD1PVbI6UIUIfhJ5rtRztRc8Zw0sToo=; b=mcNt41jXzgeWiH9l+YUQLxRPTh4kAWGjCT63STikC5Yvy7P/SaBhN7DD4ZwE0hBXom qKvMW72Hb2DQ3BNDjz/e7QbCTQfAQerFhk6GRzxTVr9fVHlZIcDW0b2tD2ijC0rM1GC+ JX6EbhdiXzOhNM4L2uzmSfj+E+P6o4fpH4vUKGppt2Erfq/WXOe2n88VAswAQPuoO5TD rfghpnE1Y4FWzBrGiLipYv444Ti3Cx9unLOl8FREI2hNXtuGU+9ndJY/oYHJ2p6aKQAQ vmOrLpkUtFtrWWL53RHSFsodgQku0q3FuCYlFbAWixTcM0wQtP1PMAreVX1uFA371sNy T98A== X-Gm-Message-State: AOJu0Ywf1g7R8lyk5985Hg89o/d6d2MLCPLVwYwzsyATc6NmZ9ybVxCQ THTzaHdV3NnFqmpC6patIf8CSqlWvLq20uP6iR27HhQpRqTCYq4V596RDl4hDiyfOA== X-Gm-Gg: ASbGncvEtuHDdVzBw2zFg4DhZIiAyPFUieib6rsjN+40l6oEnhWB+PETjU0sRBV/sFs gBYs0gG9AtGX4QJuk4TzeNLgzJWd1hjACz6nUm3bHbnl5K+lrx5GCGCtJMrVli1LG1mespw7rP2 COqvv4Y2A5KOf9JEdxWAhNPRz1AFBdQW25VhgQu31PkZmKJ/yz74YEC0oS/8I2oUN2Y07agqDKK +rWB5RAkYxHTsIggItrZ8WUhY7xvQEW35IIH31uoo+6p5rUrssPD1VXeR4KWvgt/E7SnVs7Di9K sR0/c9o= X-Google-Smtp-Source: AGHT+IH1uOr0nNsUtUlmlKB+7jqR7ZVUpN69f5qwM3TAmF6xVnx6CmLwfJYpge8h7YletwzesSdZSg== X-Received: by 2002:a05:600c:4e4b:b0:434:edcf:7464 with SMTP id 5b1f17b1804b1-4362aaa1b04mr33757825e9.30.1734112290327; Fri, 13 Dec 2024 09:51:30 -0800 (PST) Received: from localhost (fwdproxy-cln-009.fbsv.net. [2a03:2880:31ff:9::face:b00c]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-388c8060566sm101341f8f.102.2024.12.13.09.51.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 Dec 2024 09:51:29 -0800 (PST) From: Kumar Kartikeya Dwivedi To: bpf@vger.kernel.org Cc: kkd@meta.com, Manu Bretelle , Alexei Starovoitov , Andrii Nakryiko , Daniel Borkmann , Martin KaFai Lau , Eduard Zingerman , Jiri Olsa , Juri Lelli , kernel-team@fb.com Subject: [PATCH bpf v2 1/3] bpf: Revert "bpf: Mark raw_tp arguments with PTR_MAYBE_NULL" Date: Fri, 13 Dec 2024 09:51:25 -0800 Message-ID: <20241213175127.2084759-2-memxor@gmail.com> X-Mailer: git-send-email 2.43.5 In-Reply-To: <20241213175127.2084759-1-memxor@gmail.com> References: <20241213175127.2084759-1-memxor@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=12835; h=from:subject; bh=KEv755sEVd85j34CZrVOcnTJNLkMRBeR4Nr/xGtMmT4=; b=owEBbQKS/ZANAwAIAUzgyIZIvxHKAcsmYgBnXHItAac1/avgRyK3awTQWkJz/sZWTVpTL79hP84K y8a2oYeJAjMEAAEIAB0WIQRLvip+Buz51YI8YRFM4MiGSL8RygUCZ1xyLQAKCRBM4MiGSL8RytX3D/ 41qJ1rt14vCPbTO8gPTHeIs1PcJkWo9+ymI2eDyTL1pTPG1zr1tqVUlTKNXpYn/li48hPJkSIe5fuu n/0GSlsoxYikChakdRf+c22TYYUJa/1OOTn5KDIXQk+cFwT5XpWcb+f3xWh9cZPoJ9T2LE0efMD+vS Q7YEoKKxyQ/lUhchehUdT+cxSHzk/8KJ7ft/D+4DHAWQMCUkHy1kba+gE7tE8H4u0CbJw5RGSNkVZV 7Zsk14Ei01HJEx1DgFCwF1XojemhUg752OYcOZEhgg7c4+c2rt+fWD6M0u71cxb4C9ov6Mkb0gIqGt k6r/7F1eX0HIp8jGxUwsrfKJaLn3ika4e5yNKdL5SWoTYgEPyvzJNgU9hSo1Rz7iDYa8TM+AN5tngV yGWIcZGpXF8Ka9it3pqZku6ehFsXCEkBf/LVZIO2Z+mnYuIBGCYgHy+xhWXHNfXpTn8MUQekPhZP1P 21UO1Ti9kSviqhQxqsySvwyFbkNR+IKN1Uxe7XM6sFPEHFkom/Dh8+h3CnuvCpx/kSAGHemjt8YWxe sqXp3ruV1Mwdy88gNyShud9ATSj7maRf0TAwWIv5EZGNdWjd2ENyYzFJ/fVFJlRztyUBqHXI2RvOXO L5fj4i6eLubEMMVPPCj8D73HFxhCmB78GkWChxjCLPgjS5zN/HEDS2FppbCA== X-Developer-Key: i=memxor@gmail.com; a=openpgp; fpr=4BBE2A7E06ECF9D5823C61114CE0C88648BF11CA X-Patchwork-Delegate: bpf@iogearbox.net This patch reverts commit cb4158ce8ec8 ("bpf: Mark raw_tp arguments with PTR_MAYBE_NULL"). The patch was well-intended and meant to be as a stop-gap fixing branch prediction when the pointer may actually be NULL at runtime. Eventually, it was supposed to be replaced by an automated script or compiler pass detecting possibly NULL arguments and marking them accordingly. However, it caused two main issues observed for production programs and failed to preserve backwards compatibility. First, programs relied on the verifier not exploring == NULL branch when pointer is not NULL, thus they started failing with a 'dereference of scalar' error. Next, allowing raw_tp arguments to be modified surfaced the warning in the verifier that warns against reg->off when PTR_MAYBE_NULL is set. More information, context, and discusson on both problems is available in [0]. Overall, this approach had several shortcomings, and the fixes would further complicate the verifier's logic, and the entire masking scheme would have to be removed eventually anyway. Hence, revert the patch in preparation of a better fix avoiding these issues to replace this commit. [0]: https://lore.kernel.org/bpf/20241206161053.809580-1-memxor@gmail.com Reported-by: Manu Bretelle Fixes: cb4158ce8ec8 ("bpf: Mark raw_tp arguments with PTR_MAYBE_NULL") Signed-off-by: Kumar Kartikeya Dwivedi --- include/linux/bpf.h | 6 -- kernel/bpf/btf.c | 5 +- kernel/bpf/verifier.c | 79 ++----------------- .../bpf/progs/test_tp_btf_nullable.c | 6 +- 4 files changed, 9 insertions(+), 87 deletions(-) diff --git a/include/linux/bpf.h b/include/linux/bpf.h index 805040813f5d..6e63dd3443b9 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -3514,10 +3514,4 @@ static inline bool bpf_is_subprog(const struct bpf_prog *prog) return prog->aux->func_idx != 0; } -static inline bool bpf_prog_is_raw_tp(const struct bpf_prog *prog) -{ - return prog->type == BPF_PROG_TYPE_TRACING && - prog->expected_attach_type == BPF_TRACE_RAW_TP; -} - #endif /* _LINUX_BPF_H */ diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c index a63a03582f02..c4aa304028ce 100644 --- a/kernel/bpf/btf.c +++ b/kernel/bpf/btf.c @@ -6594,10 +6594,7 @@ bool btf_ctx_access(int off, int size, enum bpf_access_type type, if (prog_args_trusted(prog)) info->reg_type |= PTR_TRUSTED; - /* Raw tracepoint arguments always get marked as maybe NULL */ - if (bpf_prog_is_raw_tp(prog)) - info->reg_type |= PTR_MAYBE_NULL; - else if (btf_param_match_suffix(btf, &args[arg], "__nullable")) + if (btf_param_match_suffix(btf, &args[arg], "__nullable")) info->reg_type |= PTR_MAYBE_NULL; if (tgt_prog) { diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 5e541339b2f6..f7f892a52a37 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -420,25 +420,6 @@ static struct btf_record *reg_btf_record(const struct bpf_reg_state *reg) return rec; } -static bool mask_raw_tp_reg_cond(const struct bpf_verifier_env *env, struct bpf_reg_state *reg) { - return reg->type == (PTR_TO_BTF_ID | PTR_TRUSTED | PTR_MAYBE_NULL) && - bpf_prog_is_raw_tp(env->prog) && !reg->ref_obj_id; -} - -static bool mask_raw_tp_reg(const struct bpf_verifier_env *env, struct bpf_reg_state *reg) -{ - if (!mask_raw_tp_reg_cond(env, reg)) - return false; - reg->type &= ~PTR_MAYBE_NULL; - return true; -} - -static void unmask_raw_tp_reg(struct bpf_reg_state *reg, bool result) -{ - if (result) - reg->type |= PTR_MAYBE_NULL; -} - static bool subprog_is_global(const struct bpf_verifier_env *env, int subprog) { struct bpf_func_info_aux *aux = env->prog->aux->func_info_aux; @@ -6801,7 +6782,6 @@ static int check_ptr_to_btf_access(struct bpf_verifier_env *env, const char *field_name = NULL; enum bpf_type_flag flag = 0; u32 btf_id = 0; - bool mask; int ret; if (!env->allow_ptr_leaks) { @@ -6873,21 +6853,7 @@ static int check_ptr_to_btf_access(struct bpf_verifier_env *env, if (ret < 0) return ret; - /* For raw_tp progs, we allow dereference of PTR_MAYBE_NULL - * trusted PTR_TO_BTF_ID, these are the ones that are possibly - * arguments to the raw_tp. Since internal checks in for trusted - * reg in check_ptr_to_btf_access would consider PTR_MAYBE_NULL - * modifier as problematic, mask it out temporarily for the - * check. Don't apply this to pointers with ref_obj_id > 0, as - * those won't be raw_tp args. - * - * We may end up applying this relaxation to other trusted - * PTR_TO_BTF_ID with maybe null flag, since we cannot - * distinguish PTR_MAYBE_NULL tagged for arguments vs normal - * tagging, but that should expand allowed behavior, and not - * cause regression for existing behavior. - */ - mask = mask_raw_tp_reg(env, reg); + if (ret != PTR_TO_BTF_ID) { /* just mark; */ @@ -6948,13 +6914,8 @@ static int check_ptr_to_btf_access(struct bpf_verifier_env *env, clear_trusted_flags(&flag); } - if (atype == BPF_READ && value_regno >= 0) { + if (atype == BPF_READ && value_regno >= 0) mark_btf_ld_reg(env, regs, value_regno, ret, reg->btf, btf_id, flag); - /* We've assigned a new type to regno, so don't undo masking. */ - if (regno == value_regno) - mask = false; - } - unmask_raw_tp_reg(reg, mask); return 0; } @@ -7329,7 +7290,7 @@ static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regn if (!err && t == BPF_READ && value_regno >= 0) mark_reg_unknown(env, regs, value_regno); } else if (base_type(reg->type) == PTR_TO_BTF_ID && - (mask_raw_tp_reg_cond(env, reg) || !type_may_be_null(reg->type))) { + !type_may_be_null(reg->type)) { err = check_ptr_to_btf_access(env, regs, regno, off, size, t, value_regno); } else if (reg->type == CONST_PTR_TO_MAP) { @@ -9032,7 +8993,6 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 arg, enum bpf_reg_type type = reg->type; u32 *arg_btf_id = NULL; int err = 0; - bool mask; if (arg_type == ARG_DONTCARE) return 0; @@ -9073,11 +9033,11 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 arg, base_type(arg_type) == ARG_PTR_TO_SPIN_LOCK) arg_btf_id = fn->arg_btf_id[arg]; - mask = mask_raw_tp_reg(env, reg); err = check_reg_type(env, regno, arg_type, arg_btf_id, meta); + if (err) + return err; - err = err ?: check_func_arg_reg_off(env, reg, regno, arg_type); - unmask_raw_tp_reg(reg, mask); + err = check_func_arg_reg_off(env, reg, regno, arg_type); if (err) return err; @@ -9872,17 +9832,14 @@ static int btf_check_func_arg_match(struct bpf_verifier_env *env, int subprog, return ret; } else if (base_type(arg->arg_type) == ARG_PTR_TO_BTF_ID) { struct bpf_call_arg_meta meta; - bool mask; int err; if (register_is_null(reg) && type_may_be_null(arg->arg_type)) continue; memset(&meta, 0, sizeof(meta)); /* leave func_id as zero */ - mask = mask_raw_tp_reg(env, reg); err = check_reg_type(env, regno, arg->arg_type, &arg->btf_id, &meta); err = err ?: check_func_arg_reg_off(env, reg, regno, arg->arg_type); - unmask_raw_tp_reg(reg, mask); if (err) return err; } else { @@ -12205,7 +12162,6 @@ static int check_kfunc_args(struct bpf_verifier_env *env, struct bpf_kfunc_call_ enum bpf_arg_type arg_type = ARG_DONTCARE; u32 regno = i + 1, ref_id, type_size; bool is_ret_buf_sz = false; - bool mask = false; int kf_arg_type; t = btf_type_skip_modifiers(btf, args[i].type, NULL); @@ -12264,15 +12220,12 @@ static int check_kfunc_args(struct bpf_verifier_env *env, struct bpf_kfunc_call_ return -EINVAL; } - mask = mask_raw_tp_reg(env, reg); if ((is_kfunc_trusted_args(meta) || is_kfunc_rcu(meta)) && (register_is_null(reg) || type_may_be_null(reg->type)) && !is_kfunc_arg_nullable(meta->btf, &args[i])) { verbose(env, "Possibly NULL pointer passed to trusted arg%d\n", i); - unmask_raw_tp_reg(reg, mask); return -EACCES; } - unmask_raw_tp_reg(reg, mask); if (reg->ref_obj_id) { if (is_kfunc_release(meta) && meta->ref_obj_id) { @@ -12330,24 +12283,16 @@ static int check_kfunc_args(struct bpf_verifier_env *env, struct bpf_kfunc_call_ if (!is_kfunc_trusted_args(meta) && !is_kfunc_rcu(meta)) break; - /* Allow passing maybe NULL raw_tp arguments to - * kfuncs for compatibility. Don't apply this to - * arguments with ref_obj_id > 0. - */ - mask = mask_raw_tp_reg(env, reg); if (!is_trusted_reg(reg)) { if (!is_kfunc_rcu(meta)) { verbose(env, "R%d must be referenced or trusted\n", regno); - unmask_raw_tp_reg(reg, mask); return -EINVAL; } if (!is_rcu_reg(reg)) { verbose(env, "R%d must be a rcu pointer\n", regno); - unmask_raw_tp_reg(reg, mask); return -EINVAL; } } - unmask_raw_tp_reg(reg, mask); fallthrough; case KF_ARG_PTR_TO_CTX: case KF_ARG_PTR_TO_DYNPTR: @@ -12370,9 +12315,7 @@ static int check_kfunc_args(struct bpf_verifier_env *env, struct bpf_kfunc_call_ if (is_kfunc_release(meta) && reg->ref_obj_id) arg_type |= OBJ_RELEASE; - mask = mask_raw_tp_reg(env, reg); ret = check_func_arg_reg_off(env, reg, regno, arg_type); - unmask_raw_tp_reg(reg, mask); if (ret < 0) return ret; @@ -12549,7 +12492,6 @@ static int check_kfunc_args(struct bpf_verifier_env *env, struct bpf_kfunc_call_ ref_tname = btf_name_by_offset(btf, ref_t->name_off); fallthrough; case KF_ARG_PTR_TO_BTF_ID: - mask = mask_raw_tp_reg(env, reg); /* Only base_type is checked, further checks are done here */ if ((base_type(reg->type) != PTR_TO_BTF_ID || (bpf_type_has_unsafe_modifiers(reg->type) && !is_rcu_reg(reg))) && @@ -12558,11 +12500,9 @@ static int check_kfunc_args(struct bpf_verifier_env *env, struct bpf_kfunc_call_ verbose(env, "expected %s or socket\n", reg_type_str(env, base_type(reg->type) | (type_flag(reg->type) & BPF_REG_TRUSTED_MODIFIERS))); - unmask_raw_tp_reg(reg, mask); return -EINVAL; } ret = process_kf_arg_ptr_to_btf_id(env, reg, ref_t, ref_tname, ref_id, meta, i); - unmask_raw_tp_reg(reg, mask); if (ret < 0) return ret; break; @@ -13535,7 +13475,7 @@ static int sanitize_check_bounds(struct bpf_verifier_env *env, */ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env, struct bpf_insn *insn, - struct bpf_reg_state *ptr_reg, + const struct bpf_reg_state *ptr_reg, const struct bpf_reg_state *off_reg) { struct bpf_verifier_state *vstate = env->cur_state; @@ -13549,7 +13489,6 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env, struct bpf_sanitize_info info = {}; u8 opcode = BPF_OP(insn->code); u32 dst = insn->dst_reg; - bool mask; int ret; dst_reg = ®s[dst]; @@ -13576,14 +13515,11 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env, return -EACCES; } - mask = mask_raw_tp_reg(env, ptr_reg); if (ptr_reg->type & PTR_MAYBE_NULL) { verbose(env, "R%d pointer arithmetic on %s prohibited, null-check it first\n", dst, reg_type_str(env, ptr_reg->type)); - unmask_raw_tp_reg(ptr_reg, mask); return -EACCES; } - unmask_raw_tp_reg(ptr_reg, mask); switch (base_type(ptr_reg->type)) { case PTR_TO_CTX: @@ -20126,7 +20062,6 @@ static int convert_ctx_accesses(struct bpf_verifier_env *env) * for this case. */ case PTR_TO_BTF_ID | MEM_ALLOC | PTR_UNTRUSTED: - case PTR_TO_BTF_ID | PTR_TRUSTED | PTR_MAYBE_NULL: if (type == BPF_READ) { if (BPF_MODE(insn->code) == BPF_MEM) insn->code = BPF_LDX | BPF_PROBE_MEM | diff --git a/tools/testing/selftests/bpf/progs/test_tp_btf_nullable.c b/tools/testing/selftests/bpf/progs/test_tp_btf_nullable.c index 5aaf2b065f86..bba3e37f749b 100644 --- a/tools/testing/selftests/bpf/progs/test_tp_btf_nullable.c +++ b/tools/testing/selftests/bpf/progs/test_tp_btf_nullable.c @@ -7,11 +7,7 @@ #include "bpf_misc.h" SEC("tp_btf/bpf_testmod_test_nullable_bare") -/* This used to be a failure test, but raw_tp nullable arguments can now - * directly be dereferenced, whether they have nullable annotation or not, - * and don't need to be explicitly checked. - */ -__success +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") int BPF_PROG(handle_tp_btf_nullable_bare1, struct bpf_testmod_test_read_ctx *nullable_ctx) { return nullable_ctx->len; From patchwork Fri Dec 13 17:51:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kumar Kartikeya Dwivedi X-Patchwork-Id: 13907626 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-wm1-f68.google.com (mail-wm1-f68.google.com [209.85.128.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 00A4D632 for ; Fri, 13 Dec 2024 17:51:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.68 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734112296; cv=none; b=fVaxMMhxi8+NkDaxffgkbkHtLL0K2UJe0cnkDHD1jHg9JqdNcMjnNDbf4sa0wwV3yeqTld5pgpu53oRkfcmI4BZgFty7/TQf/bVlDDWpMjm57EDiA5HGUkDH35Fa5mLuxwzzoaMQMQFWjpeW6Gj+/Vb07YWFrjdjqz6cu33OXnQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734112296; c=relaxed/simple; bh=wdBakHsVBx3fkfbFR9Jy3MlwjumHz4f7/Vdlp4/J3JU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=ozNzaqSc8EVS7yuUu0GgL1/OVWMUuq4AqUhHsBBOT0yPnIg9cvDU8ogf1LFRBgPzQSj01Y1IsbuYsRIGP3wnhxmhwCCIOYzK5VQPToc17D+ODvBA7yp7UTFWed/254uVEsNhKxiJ49tMjm9TJTMALjSuusfOdaGMWwOQPVZlUsU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=a0BZht4Y; arc=none smtp.client-ip=209.85.128.68 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="a0BZht4Y" Received: by mail-wm1-f68.google.com with SMTP id 5b1f17b1804b1-43623f0c574so14433535e9.2 for ; Fri, 13 Dec 2024 09:51:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1734112292; x=1734717092; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=kHT0cvcX46tWRGUE7qaTLm272xU77OVwqBiEb+TPq7I=; b=a0BZht4Ys1kKqMIJxAlaZH+5qOMaGHBVfnNxGmIDiUD79seSw8vJYrPS3ETkNPVTHz Mxno79EXd2Nyz6w4a9GZbOfGM2iEhCf4xqrFNFEvvZE4Zkxkmtu7cUaglShg90qMKziA rEv522gIC/gs/LawPNuitFoDeQnzvEBlKOAV6aiQJB4PPu/6kfVGlk0kDs6cPoXlJqio nFFeHEoQi1yoQpoX54+8MMj/785xEDh70MHujX651iWwp1Y+lFHKCdt4H9BW6c3m5m9/ n/i1iSso/8tL3wVt7QqWykUZadHJXzbiJlin7UpdciAZDqUzr6PsCQ6/EPvfEkoNcVds yXVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734112292; x=1734717092; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kHT0cvcX46tWRGUE7qaTLm272xU77OVwqBiEb+TPq7I=; b=Btv0X7YPDS561PgKoFLo4H9qdOPCveYmKftkr/AEAZZu0nQ2Syo5kPrfUG2mDzNo4v pwmeIlXtOaYP0LqxC343LCAUNTl0AVgF60xuT35BWCPLKMrALFpugUDpcq5qjgLPAvIS daGZ3tqVElAfHbffmCofCg1HrG32kFqhXdkevVLEHrKyYihnFm5grvCwr8SHIjCrnPyv K+jsG6V4wc9ebBKBo/YaTV+KkInOzxVAlL7OW4eW3DlGykUYH0m5HGEm6XKeObipAyOT YqKtfhVTL56JDdBZhBrOPRvmNB9+zTqV3jboOwVTYa1jKN8nCmDu6K2fWPNg9y1Dy7te x2lQ== X-Gm-Message-State: AOJu0YzwCctXjCin3Sy3RMy2ng6TtZInaRlhjG9FZ+L/3El14GNbVMXs 1/MHLHjegisaPmbAa64knfNT5/M7QFPYNIYA++Wt00XdL0Up3DsjQElV0xFqAe6GwA== X-Gm-Gg: ASbGnct7xeNctf1A8OLi7dRG6rqCfi2RDPVyA5z3wBKsNkdl2dznTCYv1D0sR+0009c IJUDsS6eKO0jXa/I8QDyiQUUNWK2rwdiWzeFWhv2b8OwyatAph3qTndlEmDRMtG339jao3sJzj2 LaeD7K795iyKVLlLPgxSwRlJBsxL69VHF/HzF7ksd9WT38/p3bUCNJBPc7XeY2b0UqyyA/VPnxs 0xvbBjA6DVyF5cdEJQdRHcfhWMpEONnoBE2BaYe5tCTjCDXBEGCGsWpgl5dS4x+8DXC7wn/kTDO VZUqHtM= X-Google-Smtp-Source: AGHT+IGBpUOEUR7t1rt//i7T9j/Fj/9EO5rTZsuISCFUk3WYmtD87kCz3lpQ+Is+Xw5Ftz5zVbfPEg== X-Received: by 2002:a05:600c:3b02:b0:431:60ec:7a96 with SMTP id 5b1f17b1804b1-4362aa944ffmr28301605e9.25.1734112291855; Fri, 13 Dec 2024 09:51:31 -0800 (PST) Received: from localhost (fwdproxy-cln-004.fbsv.net. [2a03:2880:31ff:4::face:b00c]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-43625717c9fsm55682465e9.44.2024.12.13.09.51.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 Dec 2024 09:51:31 -0800 (PST) From: Kumar Kartikeya Dwivedi To: bpf@vger.kernel.org Cc: kkd@meta.com, Juri Lelli , Manu Bretelle , Jiri Olsa , Alexei Starovoitov , Andrii Nakryiko , Daniel Borkmann , Martin KaFai Lau , Eduard Zingerman , kernel-team@fb.com Subject: [PATCH bpf v2 2/3] bpf: Augment raw_tp arguments with PTR_MAYBE_NULL Date: Fri, 13 Dec 2024 09:51:26 -0800 Message-ID: <20241213175127.2084759-3-memxor@gmail.com> X-Mailer: git-send-email 2.43.5 In-Reply-To: <20241213175127.2084759-1-memxor@gmail.com> References: <20241213175127.2084759-1-memxor@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=10608; h=from:subject; bh=wdBakHsVBx3fkfbFR9Jy3MlwjumHz4f7/Vdlp4/J3JU=; b=owEBbQKS/ZANAwAIAUzgyIZIvxHKAcsmYgBnXHItrhfZBJ3mR9gaI1v63Q89NfN5JtI6ozXiQn/9 l7D0VOaJAjMEAAEIAB0WIQRLvip+Buz51YI8YRFM4MiGSL8RygUCZ1xyLQAKCRBM4MiGSL8RyprwEA CgxU8TTXwxXDeAk8N0nl8mICng+UXlcu1Jm2JbY8O6xQDbXmz2/ce5S+Z48EoMGRAu95GHqJoCbp8M alghkKCLSF3RV0HcSGxSXzcryPXjdI1Wdev12bjqph3uousRoJkMUKiXb2/QYUpnLJl1KICynyUYPp o6vcxB89qmkxj4sFheawlEjg2+kmWkWYlDkJuEQ6woz0vxSjQSNj9YZxvkU5j4UceABQ1iBHWR3S6o 3at0cBlzLtfXnEvcgyVIGIjVfmUHqCllIu5OHDH86JalHucoefzPZEtoguXlwpkxIAqa6e5EcdEyvD 3x+NGx+BCbm9N2cCVMXPSQUzmdB0rN9dZpa+ezCm1ZnBvdLK1QZSrFChrslylLxN7Dn7Ys7UJnlKCK 2xXH3SUWA9iKSrYeHbjkBk1pFIhYzPwdU7d/i8LB8QPPYQvutBRcoxvGUvm4rO/zI8YPTRcafGK03c DoyIsOcd4XtMIavHeGE1gvAy9xoQeJULAX3Tyd9F0HZH8Hjg0SWA+XVJGfTCUst1VMs3GhzUFgOdPQ sAaZcZyvMwMtAO2Pz77Kv8Y9jx17oHq0IybUwhGot307Gui+3EOqiwg3ziExhaK4/7QcF6EEe0WLZ3 FiEho+pVNGJaP3PiNNaGCr+6C0yB8v9lPaP2DRISHH/xh9srWuzBBP3yu2UQ== X-Developer-Key: i=memxor@gmail.com; a=openpgp; fpr=4BBE2A7E06ECF9D5823C61114CE0C88648BF11CA X-Patchwork-Delegate: bpf@iogearbox.net Arguments to a raw tracepoint are tagged as trusted, which carries the semantics that the pointer will be non-NULL. However, in certain cases, a raw tracepoint argument may end up being NULL. More context about this issue is available in [0]. Thus, there is a discrepancy between the reality, that raw_tp arguments can actually be NULL, and the verifier's knowledge, that they are never NULL, causing explicit NULL check branch to be dead code eliminated. A previous attempt [1], i.e. the second fixed commit, was made to simulate symbolic execution as if in most accesses, the argument is a non-NULL raw_tp, except for conditional jumps. This tried to suppress branch prediction while preserving compatibility, but surfaced issues with production programs that were difficult to solve without increasing verifier complexity. A more complete discussion of issues and fixes is available at [2]. Fix this by maintaining an explicit list of tracepoints where the arguments are known to be NULL, and mark the positional arguments as PTR_MAYBE_NULL. Additionally, capture the tracepoints where arguments are known to be ERR_PTR, and mark these arguments as scalar values to prevent potential dereference. Each hex digit is used to encode NULL-ness (0x1) or ERR_PTR-ness (0x2), shifted by the zero-indexed argument number x 4. This can be represented as follows: 1st arg: 0x1 2nd arg: 0x10 3rd arg: 0x100 ... and so on (likewise for ERR_PTR case). In the future, an automated pass will be used to produce such a list, or insert __nullable annotations automatically for tracepoints. Each compilation unit will be analyzed and results will be collated to find whether a tracepoint pointer is definitely not null, maybe null, or an unknown state where verifier conservatively marks it PTR_MAYBE_NULL. A proof of concept of this tool from Eduard is available at [3]. Note that in case we don't find a specification in the raw_tp_null_args array and the tracepoint belongs to a kernel module, we will conservatively mark the arguments as PTR_MAYBE_NULL. This is because unlike for in-tree modules, out-of-tree module tracepoints may pass NULL freely to the tracepoint. We don't protect against such tracepoints passing ERR_PTR (which is uncommon anyway), lest we mark all such arguments as SCALAR_VALUE. While we are it, let's adjust the test raw_tp_null to not perform dereference of the skb->mark, as that won't be allowed anymore, and make it more robust by using inline assembly to test the dead code elimination behavior, which should still stay the same. [0]: https://lore.kernel.org/bpf/ZrCZS6nisraEqehw@jlelli-thinkpadt14gen4.remote.csb [1]: https://lore.kernel.org/all/20241104171959.2938862-1-memxor@gmail.com [2]: https://lore.kernel.org/bpf/20241206161053.809580-1-memxor@gmail.com [3]: https://github.com/eddyz87/llvm-project/tree/nullness-for-tracepoint-params Reported-by: Juri Lelli # original bug Reported-by: Manu Bretelle # bugs in masking fix Fixes: 3f00c5239344 ("bpf: Allow trusted pointers to be passed to KF_TRUSTED_ARGS kfuncs") Fixes: cb4158ce8ec8 ("bpf: Mark raw_tp arguments with PTR_MAYBE_NULL") Co-developed-by: Jiri Olsa Signed-off-by: Jiri Olsa Signed-off-by: Kumar Kartikeya Dwivedi Reviewed-by: Eduard Zingerman --- kernel/bpf/btf.c | 136 ++++++++++++++++++ .../testing/selftests/bpf/progs/raw_tp_null.c | 19 ++- 2 files changed, 145 insertions(+), 10 deletions(-) diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c index c4aa304028ce..999423077de4 100644 --- a/kernel/bpf/btf.c +++ b/kernel/bpf/btf.c @@ -6439,6 +6439,101 @@ int btf_ctx_arg_offset(const struct btf *btf, const struct btf_type *func_proto, return off; } +struct bpf_raw_tp_null_args { + const char *func; + u64 mask; +}; + +static const struct bpf_raw_tp_null_args raw_tp_null_args[] = { + /* sched */ + { "sched_pi_setprio", 0x10 }, + /* ... from sched_numa_pair_template event class */ + { "sched_stick_numa", 0x100 }, + { "sched_swap_numa", 0x100 }, + /* afs */ + { "afs_make_fs_call", 0x10 }, + { "afs_make_fs_calli", 0x10 }, + { "afs_make_fs_call1", 0x10 }, + { "afs_make_fs_call2", 0x10 }, + { "afs_protocol_error", 0x1 }, + { "afs_flock_ev", 0x10 }, + /* cachefiles */ + { "cachefiles_lookup", 0x1 | 0x200 }, + { "cachefiles_unlink", 0x1 }, + { "cachefiles_rename", 0x1 }, + { "cachefiles_prep_read", 0x1 }, + { "cachefiles_mark_active", 0x1 }, + { "cachefiles_mark_failed", 0x1 }, + { "cachefiles_mark_inactive", 0x1 }, + { "cachefiles_vfs_error", 0x1 }, + { "cachefiles_io_error", 0x1 }, + { "cachefiles_ondemand_open", 0x1 }, + { "cachefiles_ondemand_copen", 0x1 }, + { "cachefiles_ondemand_close", 0x1 }, + { "cachefiles_ondemand_read", 0x1 }, + { "cachefiles_ondemand_cread", 0x1 }, + { "cachefiles_ondemand_fd_write", 0x1 }, + { "cachefiles_ondemand_fd_release", 0x1 }, + /* ext4, from ext4__mballoc event class */ + { "ext4_mballoc_discard", 0x10 }, + { "ext4_mballoc_free", 0x10 }, + /* fib */ + { "fib_table_lookup", 0x100 }, + /* filelock */ + /* ... from filelock_lock event class */ + { "posix_lock_inode", 0x10 }, + { "fcntl_setlk", 0x10 }, + { "locks_remove_posix", 0x10 }, + { "flock_lock_inode", 0x10 }, + /* ... from filelock_lease event class */ + { "break_lease_noblock", 0x10 }, + { "break_lease_block", 0x10 }, + { "break_lease_unblock", 0x10 }, + { "generic_delete_lease", 0x10 }, + { "time_out_leases", 0x10 }, + /* host1x */ + { "host1x_cdma_push_gather", 0x10000 }, + /* huge_memory */ + { "mm_khugepaged_scan_pmd", 0x10 }, + { "mm_collapse_huge_page_isolate", 0x1 }, + { "mm_khugepaged_scan_file", 0x10 }, + { "mm_khugepaged_collapse_file", 0x10 }, + /* kmem */ + { "mm_page_alloc", 0x1 }, + { "mm_page_pcpu_drain", 0x1 }, + /* .. from mm_page event class */ + { "mm_page_alloc_zone_locked", 0x1 }, + /* netfs */ + { "netfs_failure", 0x10 }, + /* power */ + { "device_pm_callback_start", 0x10 }, + /* qdisc */ + { "qdisc_dequeue", 0x1000 }, + /* rxrpc */ + { "rxrpc_recvdata", 0x1 }, + { "rxrpc_resend", 0x10 }, + /* sunrpc */ + { "xs_stream_read_data", 0x1 }, + /* ... from xprt_cong_event event class */ + { "xprt_reserve_cong", 0x10 }, + { "xprt_release_cong", 0x10 }, + { "xprt_get_cong", 0x10 }, + { "xprt_put_cong", 0x10 }, + /* tcp */ + { "tcp_send_reset", 0x11 }, + /* tegra_apb_dma */ + { "tegra_dma_tx_status", 0x100 }, + /* timer_migration */ + { "tmigr_update_events", 0x1 }, + /* writeback, from writeback_folio_template event class */ + { "writeback_dirty_folio", 0x10 }, + { "folio_wait_writeback", 0x10 }, + /* rdma */ + { "mr_integ_alloc", 0x2000 }, + /* bpf_testmod */ + { "bpf_testmod_test_read", 0x0 }, +}; + bool btf_ctx_access(int off, int size, enum bpf_access_type type, const struct bpf_prog *prog, struct bpf_insn_access_aux *info) @@ -6449,6 +6544,7 @@ bool btf_ctx_access(int off, int size, enum bpf_access_type type, const char *tname = prog->aux->attach_func_name; struct bpf_verifier_log *log = info->log; const struct btf_param *args; + bool ptr_err_raw_tp = false; const char *tag_value; u32 nr_args, arg; int i, ret; @@ -6597,6 +6693,39 @@ bool btf_ctx_access(int off, int size, enum bpf_access_type type, if (btf_param_match_suffix(btf, &args[arg], "__nullable")) info->reg_type |= PTR_MAYBE_NULL; + if (prog->expected_attach_type == BPF_TRACE_RAW_TP) { + struct btf *btf = prog->aux->attach_btf; + const struct btf_type *t; + const char *tname; + + /* BTF lookups cannot fail, return false on error */ + t = btf_type_by_id(btf, prog->aux->attach_btf_id); + if (!t) + return false; + tname = btf_name_by_offset(btf, t->name_off); + if (!tname) + return false; + /* Checked by bpf_check_attach_target */ + tname += sizeof("bpf_trace_") - 1; + for (i = 0; i < ARRAY_SIZE(raw_tp_null_args); i++) { + /* Is this a func with potential NULL args? */ + if (strcmp(tname, raw_tp_null_args[i].func)) + continue; + if (raw_tp_null_args[i].mask & (0x1 << (arg * 4))) + info->reg_type |= PTR_MAYBE_NULL; + /* Is the current arg IS_ERR? */ + if (raw_tp_null_args[i].mask & (0x2 << (arg * 4))) + ptr_err_raw_tp = true; + break; + } + /* If we don't know NULL-ness specification and the tracepoint + * is coming from a loadable module, be conservative and mark + * argument as PTR_MAYBE_NULL. + */ + if (i == ARRAY_SIZE(raw_tp_null_args) && btf_is_module(btf)) + info->reg_type |= PTR_MAYBE_NULL; + } + if (tgt_prog) { enum bpf_prog_type tgt_type; @@ -6641,6 +6770,13 @@ bool btf_ctx_access(int off, int size, enum bpf_access_type type, bpf_log(log, "func '%s' arg%d has btf_id %d type %s '%s'\n", tname, arg, info->btf_id, btf_type_str(t), __btf_name_by_offset(btf, t->name_off)); + + /* Perform all checks on the validity of type for this argument, but if + * we know it can be IS_ERR at runtime, scrub pointer type and mark as + * scalar. + */ + if (ptr_err_raw_tp) + info->reg_type = SCALAR_VALUE; return true; } EXPORT_SYMBOL_GPL(btf_ctx_access); diff --git a/tools/testing/selftests/bpf/progs/raw_tp_null.c b/tools/testing/selftests/bpf/progs/raw_tp_null.c index 457f34c151e3..5927054b6dd9 100644 --- a/tools/testing/selftests/bpf/progs/raw_tp_null.c +++ b/tools/testing/selftests/bpf/progs/raw_tp_null.c @@ -3,6 +3,7 @@ #include #include +#include "bpf_misc.h" char _license[] SEC("license") = "GPL"; @@ -17,16 +18,14 @@ int BPF_PROG(test_raw_tp_null, struct sk_buff *skb) if (task->pid != tid) return 0; - i = i + skb->mark + 1; - /* The compiler may move the NULL check before this deref, which causes - * the load to fail as deref of scalar. Prevent that by using a barrier. + /* If dead code elimination kicks in, the increment +=2 will be + * removed. For raw_tp programs attaching to tracepoints in kernel + * modules, we mark input arguments as PTR_MAYBE_NULL, so branch + * prediction should never kick in. */ - barrier(); - /* If dead code elimination kicks in, the increment below will - * be removed. For raw_tp programs, we mark input arguments as - * PTR_MAYBE_NULL, so branch prediction should never kick in. - */ - if (!skb) - i += 2; + asm volatile ("%[i] += 1; if %[ctx] != 0 goto +1; %[i] += 2;" + : [i]"+r"(i) + : [ctx]"r"(skb) + : "memory"); return 0; } From patchwork Fri Dec 13 17:51:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kumar Kartikeya Dwivedi X-Patchwork-Id: 13907627 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-wr1-f67.google.com (mail-wr1-f67.google.com [209.85.221.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6E4CD1E22E6 for ; Fri, 13 Dec 2024 17:51:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.221.67 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734112297; cv=none; b=ZWXlw2qcK9IPV1kkhtWH5/O3JQ97PdRoMkXGuw4T2TPJN8A24L6xaj2PH2gw4NSlRgtUHu+eoomc4Zpmx7hboICCNvg+PaQDWtZwH6Brv7XmThFIh+WG4aRiQHkMtXfvBOx/glvsMkGKlVtK7P/NW3p1rMrOh0XIqf33STEKjcc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734112297; c=relaxed/simple; bh=vsRKSkz/fZOFZmIfl7f9CCgSIMhv+zZmOd+PgYxJzDg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Iw5ObapFmvJxuVh5XeUXAP/ao77NKV+e9nvtnCsOFuabXzrb/P/EYEC9V7Ol/Mn62WECk56Oz40RL7aAwkQOTIGv5Qeqh14hcrnNjjfiD28uCjRHliDEwIpbiS/NB7r4ixKqWY8Ji/OK8JpmlIgHtTimrGG9r+XjSKcK2wSLBjs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=ZeSlPe4i; arc=none smtp.client-ip=209.85.221.67 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="ZeSlPe4i" Received: by mail-wr1-f67.google.com with SMTP id ffacd0b85a97d-3862f32a33eso994582f8f.3 for ; Fri, 13 Dec 2024 09:51:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1734112293; x=1734717093; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=j/xdfUQsKZfCf1D4VPdEjPDkdQjmt7uCtafMZN5T7vY=; b=ZeSlPe4inPjdVRWuhdbGkBXEBHUT5zH4hmXuwyEg5RzHBwhuf+8Wtycx9qOxh6gh4X bnUqHFmsj1Ee5b9rnAENTlR5EF2sFZaUtWceftTP22GskigY0TdIxzletMNZBuZL/8OK IhiUzKfu7DrIE7n81l1GqUR3Nw3PeGMBtmsDVapLgAcHkaFh85IFJVaLU0Vzu2jLxFbc pKyIAsh+JkSTOvDd20Z0etMmynwZVtRpfAQXLWq+jKuf9LUpMUa2vcZkGGtNkIkC2a3V ucsvRofzvncI4dzFKkPc5huMhCpeP1EgGt8to1j0/e02kixS9DVsWAxe9tECJVu0j2x/ +UoQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734112293; x=1734717093; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=j/xdfUQsKZfCf1D4VPdEjPDkdQjmt7uCtafMZN5T7vY=; b=qu5G5yKJdMtxYd9DPPSH98iKlJpN4DFGIFjqFixqHsRX6LISX5/EOS8bKflvPXhWRw IhNcUzV19fXF33AhiIJklFc3Y9ycgzS5ydow0vSpJm+yptpXo6EHspJyMtfdpOWT8xxR 33WB96rs0xzGsJ42SFkuh++bUQQbbfBJh8D9Gi4KHnI+2FOMnOUgQj99b6Ix0AzqgOV/ et7VG0iOo+faEcrVjLaqV8Ufas9mzPXAVOSnzYlJt+DAOEi+U9MgrdJ3/HS19ugLGvIR y2JormBJH1jgUrc63QwYUyjWTjVTzppTQ07IvHFd7D2UoX5/azchvJfGY9f4LcU7fACy X0hw== X-Gm-Message-State: AOJu0YyaGH9ZamgbP4SXesxgFH/+YEZeVgzGOXdT0zd67ZMJYzDHI0DQ IQ7+KY+wTlP4FBQWNdRHlxC3eQ6cHVEM1kT7dC+VkNz5fNnqb/s8ZHczDsUUrfnexg== X-Gm-Gg: ASbGnct1EBCp7PDXfrvgIldwrt1X7WbSRpIMWCPRtEmvvHyVGTgFWjYocmbN1oOOxhO Zoo2CWE+bDl3/4lxBkOf9epgJMAHKHIzHPz7FvCMfA0UbZHp/D5G2F1qYXnURv+gvZU6A2KldB1 e5vUwtkrSB+EGWWIF/hiu03+ecDdqdnxIivzsCLdXCWtL7p30FUw5iV/KaChrarQEvbJsllyJLu gwGSUWHVVXwoZ6xLxDi2gBcVNd/PCKygsC1ilIiweV7MSamT+lB0hoxsjXcTJnKIzmuwEOe4D+k IARBf0mR X-Google-Smtp-Source: AGHT+IGGKiuD2+fSyf42k5WSyr7oMbbf3dZW4ZqB21yvwbZEHRLQBoKIdfiWGXo8tUHMXqQVoArmXw== X-Received: by 2002:a05:6000:18a7:b0:386:3272:ee68 with SMTP id ffacd0b85a97d-3888e0ae6ccmr2868711f8f.28.1734112293253; Fri, 13 Dec 2024 09:51:33 -0800 (PST) Received: from localhost (fwdproxy-cln-017.fbsv.net. [2a03:2880:31ff:11::face:b00c]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-388c8046f8bsm107590f8f.68.2024.12.13.09.51.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 Dec 2024 09:51:32 -0800 (PST) From: Kumar Kartikeya Dwivedi To: bpf@vger.kernel.org Cc: kkd@meta.com, Alexei Starovoitov , Andrii Nakryiko , Daniel Borkmann , Martin KaFai Lau , Eduard Zingerman , Manu Bretelle , Jiri Olsa , Juri Lelli , kernel-team@fb.com Subject: [PATCH bpf v2 3/3] selftests/bpf: Add tests for raw_tp NULL args Date: Fri, 13 Dec 2024 09:51:27 -0800 Message-ID: <20241213175127.2084759-4-memxor@gmail.com> X-Mailer: git-send-email 2.43.5 In-Reply-To: <20241213175127.2084759-1-memxor@gmail.com> References: <20241213175127.2084759-1-memxor@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2301; h=from:subject; bh=vsRKSkz/fZOFZmIfl7f9CCgSIMhv+zZmOd+PgYxJzDg=; b=owEBbQKS/ZANAwAIAUzgyIZIvxHKAcsmYgBnXHItZKmTsj99EWTjLG1rmpgQTQk6XSjfFdqe8PQb tfxJShKJAjMEAAEIAB0WIQRLvip+Buz51YI8YRFM4MiGSL8RygUCZ1xyLQAKCRBM4MiGSL8Rys3iD/ 979ZFNTUvVAZrqCgqaJz6A8fXhua2jN8/724KmWxAutdx3n8iQaN2MwlbUTQfCXU+Jjsa9trszM1pQ f1zAhEgSF3RcL803K0PreLbCU9fK847ebP2B1ag4n0mZ8u0xTcsBXe43e/ZJtGCZVSlqaPnk3dgtdu IfNCR+apMeuW5FGvjlQ2O2SO7OX6LbLrnCxeKk4j+dNmPdiY5cOGkBQKS/XAXkhwN6wLd2OQPL0nu1 aGKV7eJFy7uSWT74nu3MlvCWqM6lwP8JRwNO0OooYQoJf8ohg6V99STghjB1zEw40IObatmjxnmi8R ZEz77OejOJ1H8YoN0YTHBmQ8Q8JsDq0chuYTzWPc7TzWeIqjuhpBh3eW00vG6djS96mudnE/QmJKGA YRuzYk4V9l5Q3AFtaLF71qVqkcWiEr8TroKictNwY79+VPIzKvj+ju26s4gMDzZ3C825qz4z7BotU3 HZaDpM8KLM4xE64kfudO7QK3l80thip/2cSlFhu+bvvZyrV73oauWdQh8Irb7MgTWUQ3tj+2cgebfQ DW+flQqqDqdJvhjMraec0ucqwdEbib3keY+mrknl6DPbFlWVfNyLb4/hX8Nu6CcxMInBZMAa/PBUTZ sL6PZaeOLZgiexu4EGhkYCdPoglhwR5gQdJX29wEHo8wG96hG4XYcwWrg2ag== X-Developer-Key: i=memxor@gmail.com; a=openpgp; fpr=4BBE2A7E06ECF9D5823C61114CE0C88648BF11CA X-Patchwork-Delegate: bpf@iogearbox.net Add tests to ensure that arguments are correctly marked based on their specified positions, and whether they get marked correctly as maybe null. For modules, all tracepoint parameters should be marked PTR_MAYBE_NULL by default. Signed-off-by: Kumar Kartikeya Dwivedi --- .../selftests/bpf/prog_tests/raw_tp_null.c | 3 +++ .../selftests/bpf/progs/raw_tp_null_fail.c | 24 +++++++++++++++++++ 2 files changed, 27 insertions(+) create mode 100644 tools/testing/selftests/bpf/progs/raw_tp_null_fail.c diff --git a/tools/testing/selftests/bpf/prog_tests/raw_tp_null.c b/tools/testing/selftests/bpf/prog_tests/raw_tp_null.c index 6fa19449297e..43676a9922dc 100644 --- a/tools/testing/selftests/bpf/prog_tests/raw_tp_null.c +++ b/tools/testing/selftests/bpf/prog_tests/raw_tp_null.c @@ -3,11 +3,14 @@ #include #include "raw_tp_null.skel.h" +#include "raw_tp_null_fail.skel.h" void test_raw_tp_null(void) { struct raw_tp_null *skel; + RUN_TESTS(raw_tp_null_fail); + skel = raw_tp_null__open_and_load(); if (!ASSERT_OK_PTR(skel, "raw_tp_null__open_and_load")) return; diff --git a/tools/testing/selftests/bpf/progs/raw_tp_null_fail.c b/tools/testing/selftests/bpf/progs/raw_tp_null_fail.c new file mode 100644 index 000000000000..38d669957bf1 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/raw_tp_null_fail.c @@ -0,0 +1,24 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (c) 2024 Meta Platforms, Inc. and affiliates. */ + +#include +#include +#include "bpf_misc.h" + +char _license[] SEC("license") = "GPL"; + +/* Ensure module parameter has PTR_MAYBE_NULL */ +SEC("tp_btf/bpf_testmod_test_raw_tp_null") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_bpf_testmod_test_raw_tp_null_arg_1(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +0); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +} + +/* Check NULL marking */ +SEC("tp_btf/sched_pi_setprio") +__failure __msg("R1 invalid mem access 'trusted_ptr_or_null_'") +int test_raw_tp_null_sched_pi_setprio_arg_2(void *ctx) { + asm volatile("r1 = *(u64 *)(r1 +8); r1 = *(u64 *)(r1 +0);" ::: __clobber_all); + return 0; +}