tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next

Alexei Starovoitov says:

====================
pull-request: bpf-next 2023-04-24

We've added 5 non-merge commits during the last 3 day(s) which contain
a total of 7 files changed, 87 insertions(+), 44 deletions(-).

The main changes are:

1) Workaround for bpf iter selftest due to lack of subprog support
in precision tracking, from Andrii.

2) Disable bpf_refcount_acquire kfunc until races are fixed, from Dave.

3) One more test_verifier test converted from asm macro to asm in C,
from Eduard.

4) Fix build with NETFILTER=y INET=n config, from Florian.

5) Add __rcu_read_{lock,unlock} into deny list, from Yafang.

* tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next:
selftests/bpf: avoid mark_all_scalars_precise() trigger in one of iter tests
bpf: Add __rcu_read_{lock,unlock} into btf id deny list
bpf: Disable bpf_refcount_acquire kfunc calls until race conditions are fixed
selftests/bpf: verifier/prevent_map_lookup converted to inline assembly
bpf: fix link failure with NETFILTER=y INET=n
====================

Link: https://lore.kernel.org/r/20230425005648.86714-1-alexei.starovoitov@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Jakub Kicinski ee3392ed 9610a8dc

+87 -44
+1 -1
include/linux/bpf_types.h
··· 79 79 #endif 80 80 BPF_PROG_TYPE(BPF_PROG_TYPE_SYSCALL, bpf_syscall, 81 81 void *, void *) 82 - #ifdef CONFIG_NETFILTER 82 + #ifdef CONFIG_NETFILTER_BPF_LINK 83 83 BPF_PROG_TYPE(BPF_PROG_TYPE_NETFILTER, netfilter, 84 84 struct bpf_nf_ctx, struct bpf_nf_ctx) 85 85 #endif
+8 -1
kernel/bpf/verifier.c
··· 10509 10509 verbose(env, "arg#%d doesn't point to a type with bpf_refcount field\n", i); 10510 10510 return -EINVAL; 10511 10511 } 10512 - 10512 + if (rec->refcount_off >= 0) { 10513 + verbose(env, "bpf_refcount_acquire calls are disabled for now\n"); 10514 + return -EINVAL; 10515 + } 10513 10516 meta->arg_refcount_acquire.btf = reg->btf; 10514 10517 meta->arg_refcount_acquire.btf_id = reg->btf_id; 10515 10518 break; ··· 18670 18667 #if defined(CONFIG_DEBUG_PREEMPT) || defined(CONFIG_TRACE_PREEMPT_TOGGLE) 18671 18668 BTF_ID(func, preempt_count_add) 18672 18669 BTF_ID(func, preempt_count_sub) 18670 + #endif 18671 + #ifdef CONFIG_PREEMPT_RCU 18672 + BTF_ID(func, __rcu_read_lock) 18673 + BTF_ID(func, __rcu_read_unlock) 18673 18674 #endif 18674 18675 BTF_SET_END(btf_id_deny) 18675 18676
-2
tools/testing/selftests/bpf/prog_tests/refcounted_kptr.c
··· 9 9 10 10 void test_refcounted_kptr(void) 11 11 { 12 - RUN_TESTS(refcounted_kptr); 13 12 } 14 13 15 14 void test_refcounted_kptr_fail(void) 16 15 { 17 - RUN_TESTS(refcounted_kptr_fail); 18 16 }
+2
tools/testing/selftests/bpf/prog_tests/verifier.c
··· 42 42 #include "verifier_meta_access.skel.h" 43 43 #include "verifier_netfilter_ctx.skel.h" 44 44 #include "verifier_netfilter_retcode.skel.h" 45 + #include "verifier_prevent_map_lookup.skel.h" 45 46 #include "verifier_raw_stack.skel.h" 46 47 #include "verifier_raw_tp_writable.skel.h" 47 48 #include "verifier_reg_equal.skel.h" ··· 141 140 void test_verifier_meta_access(void) { RUN(verifier_meta_access); } 142 141 void test_verifier_netfilter_ctx(void) { RUN(verifier_netfilter_ctx); } 143 142 void test_verifier_netfilter_retcode(void) { RUN(verifier_netfilter_retcode); } 143 + void test_verifier_prevent_map_lookup(void) { RUN(verifier_prevent_map_lookup); } 144 144 void test_verifier_raw_stack(void) { RUN(verifier_raw_stack); } 145 145 void test_verifier_raw_tp_writable(void) { RUN(verifier_raw_tp_writable); } 146 146 void test_verifier_reg_equal(void) { RUN(verifier_reg_equal); }
+15 -11
tools/testing/selftests/bpf/progs/iters.c
··· 651 651 return sum; 652 652 } 653 653 654 - static __noinline void fill(struct bpf_iter_num *it, int *arr, __u32 n, int mul) 654 + #define ARR_SZ 16 655 + 656 + static __noinline void fill(struct bpf_iter_num *it, int *arr, int mul) 655 657 { 656 - int *t, i; 658 + int *t; 659 + __u64 i; 657 660 658 661 while ((t = bpf_iter_num_next(it))) { 659 662 i = *t; 660 - if (i >= n) 663 + if (i >= ARR_SZ) 661 664 break; 662 665 arr[i] = i * mul; 663 666 } 664 667 } 665 668 666 - static __noinline int sum(struct bpf_iter_num *it, int *arr, __u32 n) 669 + static __noinline int sum(struct bpf_iter_num *it, int *arr) 667 670 { 668 - int *t, i, sum = 0;; 671 + int *t, sum = 0;; 672 + __u64 i; 669 673 670 674 while ((t = bpf_iter_num_next(it))) { 671 675 i = *t; 672 - if (i >= n) 676 + if (i >= ARR_SZ) 673 677 break; 674 678 sum += arr[i]; 675 679 } ··· 685 681 __success 686 682 int iter_pass_iter_ptr_to_subprog(const void *ctx) 687 683 { 688 - int arr1[16], arr2[32]; 684 + int arr1[ARR_SZ], arr2[ARR_SZ]; 689 685 struct bpf_iter_num it; 690 686 int n, sum1, sum2; 691 687 ··· 694 690 /* fill arr1 */ 695 691 n = ARRAY_SIZE(arr1); 696 692 bpf_iter_num_new(&it, 0, n); 697 - fill(&it, arr1, n, 2); 693 + fill(&it, arr1, 2); 698 694 bpf_iter_num_destroy(&it); 699 695 700 696 /* fill arr2 */ 701 697 n = ARRAY_SIZE(arr2); 702 698 bpf_iter_num_new(&it, 0, n); 703 - fill(&it, arr2, n, 10); 699 + fill(&it, arr2, 10); 704 700 bpf_iter_num_destroy(&it); 705 701 706 702 /* sum arr1 */ 707 703 n = ARRAY_SIZE(arr1); 708 704 bpf_iter_num_new(&it, 0, n); 709 - sum1 = sum(&it, arr1, n); 705 + sum1 = sum(&it, arr1); 710 706 bpf_iter_num_destroy(&it); 711 707 712 708 /* sum arr2 */ 713 709 n = ARRAY_SIZE(arr2); 714 710 bpf_iter_num_new(&it, 0, n); 715 - sum2 = sum(&it, arr2, n); 711 + sum2 = sum(&it, arr2); 716 712 bpf_iter_num_destroy(&it); 717 713 718 714 bpf_printk("sum1=%d, sum2=%d", sum1, sum2);
+61
tools/testing/selftests/bpf/progs/verifier_prevent_map_lookup.c
··· 1 + // SPDX-License-Identifier: GPL-2.0 2 + /* Converted from tools/testing/selftests/bpf/verifier/prevent_map_lookup.c */ 3 + 4 + #include <linux/bpf.h> 5 + #include <bpf/bpf_helpers.h> 6 + #include "bpf_misc.h" 7 + 8 + struct { 9 + __uint(type, BPF_MAP_TYPE_STACK_TRACE); 10 + __uint(max_entries, 1); 11 + __type(key, __u32); 12 + __type(value, __u64); 13 + } map_stacktrace SEC(".maps"); 14 + 15 + struct { 16 + __uint(type, BPF_MAP_TYPE_PROG_ARRAY); 17 + __uint(max_entries, 8); 18 + __uint(key_size, sizeof(int)); 19 + __array(values, void (void)); 20 + } map_prog2_socket SEC(".maps"); 21 + 22 + SEC("perf_event") 23 + __description("prevent map lookup in stack trace") 24 + __failure __msg("cannot pass map_type 7 into func bpf_map_lookup_elem") 25 + __naked void map_lookup_in_stack_trace(void) 26 + { 27 + asm volatile (" \ 28 + r1 = 0; \ 29 + *(u64*)(r10 - 8) = r1; \ 30 + r2 = r10; \ 31 + r2 += -8; \ 32 + r1 = %[map_stacktrace] ll; \ 33 + call %[bpf_map_lookup_elem]; \ 34 + exit; \ 35 + " : 36 + : __imm(bpf_map_lookup_elem), 37 + __imm_addr(map_stacktrace) 38 + : __clobber_all); 39 + } 40 + 41 + SEC("socket") 42 + __description("prevent map lookup in prog array") 43 + __failure __msg("cannot pass map_type 3 into func bpf_map_lookup_elem") 44 + __failure_unpriv 45 + __naked void map_lookup_in_prog_array(void) 46 + { 47 + asm volatile (" \ 48 + r1 = 0; \ 49 + *(u64*)(r10 - 8) = r1; \ 50 + r2 = r10; \ 51 + r2 += -8; \ 52 + r1 = %[map_prog2_socket] ll; \ 53 + call %[bpf_map_lookup_elem]; \ 54 + exit; \ 55 + " : 56 + : __imm(bpf_map_lookup_elem), 57 + __imm_addr(map_prog2_socket) 58 + : __clobber_all); 59 + } 60 + 61 + char _license[] SEC("license") = "GPL";
-29
tools/testing/selftests/bpf/verifier/prevent_map_lookup.c
··· 1 - { 2 - "prevent map lookup in stack trace", 3 - .insns = { 4 - BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), 5 - BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 6 - BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 7 - BPF_LD_MAP_FD(BPF_REG_1, 0), 8 - BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 9 - BPF_EXIT_INSN(), 10 - }, 11 - .fixup_map_stacktrace = { 3 }, 12 - .result = REJECT, 13 - .errstr = "cannot pass map_type 7 into func bpf_map_lookup_elem", 14 - .prog_type = BPF_PROG_TYPE_PERF_EVENT, 15 - }, 16 - { 17 - "prevent map lookup in prog array", 18 - .insns = { 19 - BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), 20 - BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 21 - BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 22 - BPF_LD_MAP_FD(BPF_REG_1, 0), 23 - BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 24 - BPF_EXIT_INSN(), 25 - }, 26 - .fixup_prog2 = { 3 }, 27 - .result = REJECT, 28 - .errstr = "cannot pass map_type 3 into func bpf_map_lookup_elem", 29 - },