bpf: Streamline allowed helpers between tracing and base sets

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Many conditional checks in switch-case are redundant
with bpf_base_func_proto and should be removed.

Regarding the permission checks bpf_base_func_proto:
The permission checks in bpf_prog_load (as outlined below)
ensure that the trace has both CAP_BPF and CAP_PERFMON capabilities,
thus enabling the use of corresponding prototypes
in bpf_base_func_proto without adverse effects.
bpf_prog_load
......
bpf_cap = bpf_token_capable(token, CAP_BPF);
......
if (type != BPF_PROG_TYPE_SOCKET_FILTER &&
type != BPF_PROG_TYPE_CGROUP_SKB &&
!bpf_cap)
goto put_token;
......
if (is_perfmon_prog_type(type) && !bpf_token_capable(token, CAP_PERFMON))
goto put_token;
......

Signed-off-by: Feng Yang <yangfeng@kylinos.cn>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/bpf/20250423073151.297103-1-yangfeng59949@163.com

authored by

Feng Yang and committed by

Andrii Nakryiko 11 months ago 6aca583f 53ebef53

-72

1 changed file

expand all

kernel

trace

bpf_trace.c

-72

kernel/trace/bpf_trace.c

··· 1430 1430 const struct bpf_func_proto *func_proto; 1431 1431 1432 1432 switch (func_id) { 1433 - case BPF_FUNC_map_lookup_elem: 1434 - return &bpf_map_lookup_elem_proto; 1435 - case BPF_FUNC_map_update_elem: 1436 - return &bpf_map_update_elem_proto; 1437 - case BPF_FUNC_map_delete_elem: 1438 - return &bpf_map_delete_elem_proto; 1439 - case BPF_FUNC_map_push_elem: 1440 - return &bpf_map_push_elem_proto; 1441 - case BPF_FUNC_map_pop_elem: 1442 - return &bpf_map_pop_elem_proto; 1443 - case BPF_FUNC_map_peek_elem: 1444 - return &bpf_map_peek_elem_proto; 1445 - case BPF_FUNC_map_lookup_percpu_elem: 1446 - return &bpf_map_lookup_percpu_elem_proto; 1447 - case BPF_FUNC_ktime_get_ns: 1448 - return &bpf_ktime_get_ns_proto; 1449 - case BPF_FUNC_ktime_get_boot_ns: 1450 - return &bpf_ktime_get_boot_ns_proto; 1451 - case BPF_FUNC_tail_call: 1452 - return &bpf_tail_call_proto; 1453 - case BPF_FUNC_get_current_task: 1454 - return &bpf_get_current_task_proto; 1455 - case BPF_FUNC_get_current_task_btf: 1456 - return &bpf_get_current_task_btf_proto; 1457 - case BPF_FUNC_task_pt_regs: 1458 - return &bpf_task_pt_regs_proto; 1459 1433 case BPF_FUNC_get_current_uid_gid: 1460 1434 return &bpf_get_current_uid_gid_proto; 1461 1435 case BPF_FUNC_get_current_comm: 1462 1436 return &bpf_get_current_comm_proto; 1463 - case BPF_FUNC_trace_printk: 1464 - return bpf_get_trace_printk_proto(); 1465 1437 case BPF_FUNC_get_smp_processor_id: 1466 1438 return &bpf_get_smp_processor_id_proto; 1467 - case BPF_FUNC_get_numa_node_id: 1468 - return &bpf_get_numa_node_id_proto; 1469 1439 case BPF_FUNC_perf_event_read: 1470 1440 return &bpf_perf_event_read_proto; 1471 - case BPF_FUNC_get_prandom_u32: 1472 - return &bpf_get_prandom_u32_proto; 1473 - case BPF_FUNC_probe_read_user: 1474 - return &bpf_probe_read_user_proto; 1475 - case BPF_FUNC_probe_read_kernel: 1476 - return security_locked_down(LOCKDOWN_BPF_READ_KERNEL) < 0 ? 1477 - NULL : &bpf_probe_read_kernel_proto; 1478 - case BPF_FUNC_probe_read_user_str: 1479 - return &bpf_probe_read_user_str_proto; 1480 - case BPF_FUNC_probe_read_kernel_str: 1481 - return security_locked_down(LOCKDOWN_BPF_READ_KERNEL) < 0 ? 1482 - NULL : &bpf_probe_read_kernel_str_proto; 1483 1441 #ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE 1484 1442 case BPF_FUNC_probe_read: 1485 1443 return security_locked_down(LOCKDOWN_BPF_READ_KERNEL) < 0 ? ··· 1447 1489 NULL : &bpf_probe_read_compat_str_proto; 1448 1490 #endif 1449 1491 #ifdef CONFIG_CGROUPS 1450 - case BPF_FUNC_cgrp_storage_get: 1451 - return &bpf_cgrp_storage_get_proto; 1452 - case BPF_FUNC_cgrp_storage_delete: 1453 - return &bpf_cgrp_storage_delete_proto; 1454 1492 case BPF_FUNC_current_task_under_cgroup: 1455 1493 return &bpf_current_task_under_cgroup_proto; 1456 1494 #endif ··· 1454 1500 return &bpf_send_signal_proto; 1455 1501 case BPF_FUNC_send_signal_thread: 1456 1502 return &bpf_send_signal_thread_proto; 1457 - case BPF_FUNC_perf_event_read_value: 1458 - return &bpf_perf_event_read_value_proto; 1459 - case BPF_FUNC_ringbuf_output: 1460 - return &bpf_ringbuf_output_proto; 1461 - case BPF_FUNC_ringbuf_reserve: 1462 - return &bpf_ringbuf_reserve_proto; 1463 - case BPF_FUNC_ringbuf_submit: 1464 - return &bpf_ringbuf_submit_proto; 1465 - case BPF_FUNC_ringbuf_discard: 1466 - return &bpf_ringbuf_discard_proto; 1467 - case BPF_FUNC_ringbuf_query: 1468 - return &bpf_ringbuf_query_proto; 1469 - case BPF_FUNC_jiffies64: 1470 - return &bpf_jiffies64_proto; 1471 1503 case BPF_FUNC_get_task_stack: 1472 1504 return prog->sleepable ? &bpf_get_task_stack_sleepable_proto 1473 1505 : &bpf_get_task_stack_proto; ··· 1461 1521 return &bpf_copy_from_user_proto; 1462 1522 case BPF_FUNC_copy_from_user_task: 1463 1523 return &bpf_copy_from_user_task_proto; 1464 - case BPF_FUNC_snprintf_btf: 1465 - return &bpf_snprintf_btf_proto; 1466 - case BPF_FUNC_per_cpu_ptr: 1467 - return &bpf_per_cpu_ptr_proto; 1468 - case BPF_FUNC_this_cpu_ptr: 1469 - return &bpf_this_cpu_ptr_proto; 1470 1524 case BPF_FUNC_task_storage_get: 1471 1525 if (bpf_prog_check_recur(prog)) 1472 1526 return &bpf_task_storage_get_recur_proto; ··· 1469 1535 if (bpf_prog_check_recur(prog)) 1470 1536 return &bpf_task_storage_delete_recur_proto; 1471 1537 return &bpf_task_storage_delete_proto; 1472 - case BPF_FUNC_for_each_map_elem: 1473 - return &bpf_for_each_map_elem_proto; 1474 - case BPF_FUNC_snprintf: 1475 - return &bpf_snprintf_proto; 1476 1538 case BPF_FUNC_get_func_ip: 1477 1539 return &bpf_get_func_ip_proto_tracing; 1478 1540 case BPF_FUNC_get_branch_snapshot: 1479 1541 return &bpf_get_branch_snapshot_proto; 1480 1542 case BPF_FUNC_find_vma: 1481 1543 return &bpf_find_vma_proto; 1482 - case BPF_FUNC_trace_vprintk: 1483 - return bpf_get_trace_vprintk_proto(); 1484 1544 default: 1485 1545 break; 1486 1546 }