Commit bef4e179 authored by David S. Miller's avatar David S. Miller

Merge branch 'bpf-misc'

Daniel Borkmann says:

====================
Misc BPF improvements

This series adds various misc improvements to BPF, f.e. allowing
skb_load_bytes() helper to be used with filter/reuseport programs
to facilitate programming, test cases for program tag, etc. For
details, please see individual patches.
====================
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 18702414 3fadc801
......@@ -522,6 +522,7 @@ enum bpf_func_id {
/* BPF_FUNC_l4_csum_replace flags. */
#define BPF_F_PSEUDO_HDR (1ULL << 4)
#define BPF_F_MARK_MANGLED_0 (1ULL << 5)
#define BPF_F_MARK_ENFORCE (1ULL << 6)
/* BPF_FUNC_clone_redirect and BPF_FUNC_redirect flags. */
#define BPF_F_INGRESS (1ULL << 0)
......
......@@ -1566,22 +1566,54 @@ static int evaluate_reg_imm_alu(struct bpf_verifier_env *env,
struct bpf_reg_state *dst_reg = &regs[insn->dst_reg];
struct bpf_reg_state *src_reg = &regs[insn->src_reg];
u8 opcode = BPF_OP(insn->code);
/* dst_reg->type == CONST_IMM here, simulate execution of 'add'/'or'
* insn. Don't care about overflow or negative values, just add them
*/
if (opcode == BPF_ADD && BPF_SRC(insn->code) == BPF_K)
dst_reg->imm += insn->imm;
else if (opcode == BPF_ADD && BPF_SRC(insn->code) == BPF_X &&
src_reg->type == CONST_IMM)
dst_reg->imm += src_reg->imm;
else if (opcode == BPF_OR && BPF_SRC(insn->code) == BPF_K)
dst_reg->imm |= insn->imm;
else if (opcode == BPF_OR && BPF_SRC(insn->code) == BPF_X &&
src_reg->type == CONST_IMM)
dst_reg->imm |= src_reg->imm;
else
u64 dst_imm = dst_reg->imm;
/* dst_reg->type == CONST_IMM here. Simulate execution of insns
* containing ALU ops. Don't care about overflow or negative
* values, just add/sub/... them; registers are in u64.
*/
if (opcode == BPF_ADD && BPF_SRC(insn->code) == BPF_K) {
dst_imm += insn->imm;
} else if (opcode == BPF_ADD && BPF_SRC(insn->code) == BPF_X &&
src_reg->type == CONST_IMM) {
dst_imm += src_reg->imm;
} else if (opcode == BPF_SUB && BPF_SRC(insn->code) == BPF_K) {
dst_imm -= insn->imm;
} else if (opcode == BPF_SUB && BPF_SRC(insn->code) == BPF_X &&
src_reg->type == CONST_IMM) {
dst_imm -= src_reg->imm;
} else if (opcode == BPF_MUL && BPF_SRC(insn->code) == BPF_K) {
dst_imm *= insn->imm;
} else if (opcode == BPF_MUL && BPF_SRC(insn->code) == BPF_X &&
src_reg->type == CONST_IMM) {
dst_imm *= src_reg->imm;
} else if (opcode == BPF_OR && BPF_SRC(insn->code) == BPF_K) {
dst_imm |= insn->imm;
} else if (opcode == BPF_OR && BPF_SRC(insn->code) == BPF_X &&
src_reg->type == CONST_IMM) {
dst_imm |= src_reg->imm;
} else if (opcode == BPF_AND && BPF_SRC(insn->code) == BPF_K) {
dst_imm &= insn->imm;
} else if (opcode == BPF_AND && BPF_SRC(insn->code) == BPF_X &&
src_reg->type == CONST_IMM) {
dst_imm &= src_reg->imm;
} else if (opcode == BPF_RSH && BPF_SRC(insn->code) == BPF_K) {
dst_imm >>= insn->imm;
} else if (opcode == BPF_RSH && BPF_SRC(insn->code) == BPF_X &&
src_reg->type == CONST_IMM) {
dst_imm >>= src_reg->imm;
} else if (opcode == BPF_LSH && BPF_SRC(insn->code) == BPF_K) {
dst_imm <<= insn->imm;
} else if (opcode == BPF_LSH && BPF_SRC(insn->code) == BPF_X &&
src_reg->type == CONST_IMM) {
dst_imm <<= src_reg->imm;
} else {
mark_reg_unknown_value(regs, insn->dst_reg);
goto out;
}
dst_reg->imm = dst_imm;
out:
return 0;
}
......@@ -2225,14 +2257,8 @@ static int check_ld_imm(struct bpf_verifier_env *env, struct bpf_insn *insn)
return err;
if (insn->src_reg == 0) {
/* generic move 64-bit immediate into a register,
* only analyzer needs to collect the ld_imm value.
*/
u64 imm = ((u64)(insn + 1)->imm << 32) | (u32)insn->imm;
if (!env->analyzer_ops)
return 0;
regs[insn->dst_reg].type = CONST_IMM;
regs[insn->dst_reg].imm = imm;
return 0;
......
......@@ -1522,10 +1522,11 @@ BPF_CALL_5(bpf_l4_csum_replace, struct sk_buff *, skb, u32, offset,
{
bool is_pseudo = flags & BPF_F_PSEUDO_HDR;
bool is_mmzero = flags & BPF_F_MARK_MANGLED_0;
bool do_mforce = flags & BPF_F_MARK_ENFORCE;
__sum16 *ptr;
if (unlikely(flags & ~(BPF_F_MARK_MANGLED_0 | BPF_F_PSEUDO_HDR |
BPF_F_HDR_FIELD_MASK)))
if (unlikely(flags & ~(BPF_F_MARK_MANGLED_0 | BPF_F_MARK_ENFORCE |
BPF_F_PSEUDO_HDR | BPF_F_HDR_FIELD_MASK)))
return -EINVAL;
if (unlikely(offset > 0xffff || offset & 1))
return -EFAULT;
......@@ -1533,7 +1534,7 @@ BPF_CALL_5(bpf_l4_csum_replace, struct sk_buff *, skb, u32, offset,
return -EFAULT;
ptr = (__sum16 *)(skb->data + offset);
if (is_mmzero && !*ptr)
if (is_mmzero && !do_mforce && !*ptr)
return 0;
switch (flags & BPF_F_HDR_FIELD_MASK) {
......@@ -2598,7 +2599,7 @@ static const struct bpf_func_proto bpf_xdp_event_output_proto = {
};
static const struct bpf_func_proto *
sk_filter_func_proto(enum bpf_func_id func_id)
bpf_base_func_proto(enum bpf_func_id func_id)
{
switch (func_id) {
case BPF_FUNC_map_lookup_elem:
......@@ -2625,6 +2626,17 @@ sk_filter_func_proto(enum bpf_func_id func_id)
}
}
static const struct bpf_func_proto *
sk_filter_func_proto(enum bpf_func_id func_id)
{
switch (func_id) {
case BPF_FUNC_skb_load_bytes:
return &bpf_skb_load_bytes_proto;
default:
return bpf_base_func_proto(func_id);
}
}
static const struct bpf_func_proto *
tc_cls_act_func_proto(enum bpf_func_id func_id)
{
......@@ -2680,7 +2692,7 @@ tc_cls_act_func_proto(enum bpf_func_id func_id)
case BPF_FUNC_skb_under_cgroup:
return &bpf_skb_under_cgroup_proto;
default:
return sk_filter_func_proto(func_id);
return bpf_base_func_proto(func_id);
}
}
......@@ -2695,7 +2707,7 @@ xdp_func_proto(enum bpf_func_id func_id)
case BPF_FUNC_xdp_adjust_head:
return &bpf_xdp_adjust_head_proto;
default:
return sk_filter_func_proto(func_id);
return bpf_base_func_proto(func_id);
}
}
......@@ -2706,7 +2718,7 @@ cg_skb_func_proto(enum bpf_func_id func_id)
case BPF_FUNC_skb_load_bytes:
return &bpf_skb_load_bytes_proto;
default:
return sk_filter_func_proto(func_id);
return bpf_base_func_proto(func_id);
}
}
......@@ -2733,7 +2745,7 @@ lwt_inout_func_proto(enum bpf_func_id func_id)
case BPF_FUNC_skb_under_cgroup:
return &bpf_skb_under_cgroup_proto;
default:
return sk_filter_func_proto(func_id);
return bpf_base_func_proto(func_id);
}
}
......@@ -2784,19 +2796,8 @@ static bool __is_valid_access(int off, int size)
switch (off) {
case offsetof(struct __sk_buff, cb[0]) ...
offsetof(struct __sk_buff, cb[4]) + sizeof(__u32) - 1:
if (size == sizeof(__u16) &&
off > offsetof(struct __sk_buff, cb[4]) + sizeof(__u16))
return false;
if (size == sizeof(__u32) &&
off > offsetof(struct __sk_buff, cb[4]))
return false;
if (size == sizeof(__u64) &&
off > offsetof(struct __sk_buff, cb[2]))
return false;
if (size != sizeof(__u8) &&
size != sizeof(__u16) &&
size != sizeof(__u32) &&
size != sizeof(__u64))
if (off + size >
offsetof(struct __sk_buff, cb[4]) + sizeof(__u32))
return false;
break;
default:
......@@ -2994,7 +2995,7 @@ void bpf_warn_invalid_xdp_action(u32 act)
}
EXPORT_SYMBOL_GPL(bpf_warn_invalid_xdp_action);
static u32 sk_filter_convert_ctx_access(enum bpf_access_type type,
static u32 bpf_convert_ctx_access(enum bpf_access_type type,
const struct bpf_insn *si,
struct bpf_insn *insn_buf,
struct bpf_prog *prog)
......@@ -3221,7 +3222,7 @@ static u32 tc_cls_act_convert_ctx_access(enum bpf_access_type type,
offsetof(struct net_device, ifindex));
break;
default:
return sk_filter_convert_ctx_access(type, si, insn_buf, prog);
return bpf_convert_ctx_access(type, si, insn_buf, prog);
}
return insn - insn_buf;
......@@ -3253,7 +3254,7 @@ static u32 xdp_convert_ctx_access(enum bpf_access_type type,
static const struct bpf_verifier_ops sk_filter_ops = {
.get_func_proto = sk_filter_func_proto,
.is_valid_access = sk_filter_is_valid_access,
.convert_ctx_access = sk_filter_convert_ctx_access,
.convert_ctx_access = bpf_convert_ctx_access,
};
static const struct bpf_verifier_ops tc_cls_act_ops = {
......@@ -3272,24 +3273,24 @@ static const struct bpf_verifier_ops xdp_ops = {
static const struct bpf_verifier_ops cg_skb_ops = {
.get_func_proto = cg_skb_func_proto,
.is_valid_access = sk_filter_is_valid_access,
.convert_ctx_access = sk_filter_convert_ctx_access,
.convert_ctx_access = bpf_convert_ctx_access,
};
static const struct bpf_verifier_ops lwt_inout_ops = {
.get_func_proto = lwt_inout_func_proto,
.is_valid_access = lwt_is_valid_access,
.convert_ctx_access = sk_filter_convert_ctx_access,
.convert_ctx_access = bpf_convert_ctx_access,
};
static const struct bpf_verifier_ops lwt_xmit_ops = {
.get_func_proto = lwt_xmit_func_proto,
.is_valid_access = lwt_is_valid_access,
.convert_ctx_access = sk_filter_convert_ctx_access,
.convert_ctx_access = bpf_convert_ctx_access,
.gen_prologue = tc_cls_act_prologue,
};
static const struct bpf_verifier_ops cg_sock_ops = {
.get_func_proto = sk_filter_func_proto,
.get_func_proto = bpf_base_func_proto,
.is_valid_access = sock_filter_is_valid_access,
.convert_ctx_access = sock_filter_convert_ctx_access,
};
......
CFLAGS += -Wall -O2 -I../../../../usr/include
test_objs = test_verifier test_maps test_lru_map test_lpm_map
test_objs = test_verifier test_tag test_maps test_lru_map test_lpm_map
TEST_PROGS := test_verifier test_maps test_lru_map test_lpm_map test_kmod.sh
TEST_PROGS := $(test_objs) test_kmod.sh
TEST_FILES := $(test_objs)
all: $(test_objs)
......
#include <stdio.h>
#include <stdlib.h>
#include <ctype.h>
#include <time.h>
#include <errno.h>
#include <unistd.h>
#include <string.h>
#include <sched.h>
#include <limits.h>
#include <assert.h>
#include <sys/socket.h>
#include <sys/resource.h>
#include <linux/filter.h>
#include <linux/bpf.h>
#include <linux/if_alg.h>
#include "../../../include/linux/filter.h"
#include "bpf_sys.h"
static struct bpf_insn prog[BPF_MAXINSNS];
static void bpf_gen_imm_prog(unsigned int insns, int fd_map)
{
int i;
srand(time(NULL));
for (i = 0; i < insns; i++)
prog[i] = BPF_ALU64_IMM(BPF_MOV, i % BPF_REG_10, rand());
prog[i - 1] = BPF_EXIT_INSN();
}
static void bpf_gen_map_prog(unsigned int insns, int fd_map)
{
int i, j = 0;
for (i = 0; i + 1 < insns; i += 2) {
struct bpf_insn tmp[] = {
BPF_LD_MAP_FD(j++ % BPF_REG_10, fd_map)
};
memcpy(&prog[i], tmp, sizeof(tmp));
}
if (insns % 2 == 0)
prog[insns - 2] = BPF_ALU64_IMM(BPF_MOV, i % BPF_REG_10, 42);
prog[insns - 1] = BPF_EXIT_INSN();
}
static int bpf_try_load_prog(int insns, int fd_map,
void (*bpf_filler)(unsigned int insns,
int fd_map))
{
int fd_prog;
bpf_filler(insns, fd_map);
fd_prog = bpf_prog_load(BPF_PROG_TYPE_SCHED_CLS, prog, insns *
sizeof(struct bpf_insn), "", NULL, 0);
assert(fd_prog > 0);
if (fd_map > 0)
bpf_filler(insns, 0);
return fd_prog;
}
static int __hex2bin(char ch)
{
if ((ch >= '0') && (ch <= '9'))
return ch - '0';
ch = tolower(ch);
if ((ch >= 'a') && (ch <= 'f'))
return ch - 'a' + 10;
return -1;
}
static int hex2bin(uint8_t *dst, const char *src, size_t count)
{
while (count--) {
int hi = __hex2bin(*src++);
int lo = __hex2bin(*src++);
if ((hi < 0) || (lo < 0))
return -1;
*dst++ = (hi << 4) | lo;
}
return 0;
}
static void tag_from_fdinfo(int fd_prog, uint8_t *tag, uint32_t len)
{
const int prefix_len = sizeof("prog_tag:\t") - 1;
char buff[256];
int ret = -1;
FILE *fp;
snprintf(buff, sizeof(buff), "/proc/%d/fdinfo/%d", getpid(),
fd_prog);
fp = fopen(buff, "r");
assert(fp);
while (fgets(buff, sizeof(buff), fp)) {
if (strncmp(buff, "prog_tag:\t", len))
continue;
ret = hex2bin(tag, buff + prefix_len, len);
break;
}
fclose(fp);
assert(!ret);
}
static void tag_from_alg(int insns, uint8_t *tag, uint32_t len)
{
static const struct sockaddr_alg alg = {
.salg_family = AF_ALG,
.salg_type = "hash",
.salg_name = "sha1",
};
int fd_base, fd_alg, ret;
ssize_t size;
fd_base = socket(AF_ALG, SOCK_SEQPACKET, 0);
assert(fd_base > 0);
ret = bind(fd_base, (struct sockaddr *)&alg, sizeof(alg));
assert(!ret);
fd_alg = accept(fd_base, NULL, 0);
assert(fd_alg > 0);
insns *= sizeof(struct bpf_insn);
size = write(fd_alg, prog, insns);
assert(size == insns);
size = read(fd_alg, tag, len);
assert(size == len);
close(fd_alg);
close(fd_base);
}
static void tag_dump(const char *prefix, uint8_t *tag, uint32_t len)
{
int i;
printf("%s", prefix);
for (i = 0; i < len; i++)
printf("%02x", tag[i]);
printf("\n");
}
static void tag_exit_report(int insns, int fd_map, uint8_t *ftag,
uint8_t *atag, uint32_t len)
{
printf("Program tag mismatch for %d insns%s!\n", insns,
fd_map < 0 ? "" : " with map");
tag_dump(" fdinfo result: ", ftag, len);
tag_dump(" af_alg result: ", atag, len);
exit(1);
}
static void do_test(uint32_t *tests, int start_insns, int fd_map,
void (*bpf_filler)(unsigned int insns, int fd))
{
int i, fd_prog;
for (i = start_insns; i <= BPF_MAXINSNS; i++) {
uint8_t ftag[8], atag[sizeof(ftag)];
fd_prog = bpf_try_load_prog(i, fd_map, bpf_filler);
tag_from_fdinfo(fd_prog, ftag, sizeof(ftag));
tag_from_alg(i, atag, sizeof(atag));
if (memcmp(ftag, atag, sizeof(ftag)))
tag_exit_report(i, fd_map, ftag, atag, sizeof(ftag));
close(fd_prog);
sched_yield();
(*tests)++;
}
}
int main(void)
{
struct rlimit rinf = { RLIM_INFINITY, RLIM_INFINITY };
uint32_t tests = 0;
int i, fd_map;
setrlimit(RLIMIT_MEMLOCK, &rinf);
fd_map = bpf_map_create(BPF_MAP_TYPE_HASH, sizeof(int),
sizeof(int), 1, BPF_F_NO_PREALLOC);
assert(fd_map > 0);
for (i = 0; i < 5; i++) {
do_test(&tests, 2, -1, bpf_gen_imm_prog);
do_test(&tests, 3, fd_map, bpf_gen_map_prog);
}
printf("test_tag: OK (%u tests)\n", tests);
close(fd_map);
return 0;
}
......@@ -2325,6 +2325,84 @@ static struct bpf_test tests[] = {
.result = REJECT,
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
},
{
"direct packet access: test11 (shift, good access)",
.insns = {
BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
offsetof(struct __sk_buff, data)),
BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
offsetof(struct __sk_buff, data_end)),
BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 22),
BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 8),
BPF_MOV64_IMM(BPF_REG_3, 144),
BPF_MOV64_REG(BPF_REG_5, BPF_REG_3),
BPF_ALU64_IMM(BPF_ADD, BPF_REG_5, 23),
BPF_ALU64_IMM(BPF_RSH, BPF_REG_5, 3),
BPF_MOV64_REG(BPF_REG_6, BPF_REG_2),
BPF_ALU64_REG(BPF_ADD, BPF_REG_6, BPF_REG_5),
BPF_MOV64_IMM(BPF_REG_0, 1),
BPF_EXIT_INSN(),
BPF_MOV64_IMM(BPF_REG_0, 0),
BPF_EXIT_INSN(),
},
.result = ACCEPT,
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
},
{
"direct packet access: test12 (and, good access)",
.insns = {
BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
offsetof(struct __sk_buff, data)),
BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
offsetof(struct __sk_buff, data_end)),
BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 22),
BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 8),
BPF_MOV64_IMM(BPF_REG_3, 144),
BPF_MOV64_REG(BPF_REG_5, BPF_REG_3),
BPF_ALU64_IMM(BPF_ADD, BPF_REG_5, 23),
BPF_ALU64_IMM(BPF_AND, BPF_REG_5, 15),
BPF_MOV64_REG(BPF_REG_6, BPF_REG_2),
BPF_ALU64_REG(BPF_ADD, BPF_REG_6, BPF_REG_5),
BPF_MOV64_IMM(BPF_REG_0, 1),
BPF_EXIT_INSN(),
BPF_MOV64_IMM(BPF_REG_0, 0),
BPF_EXIT_INSN(),
},
.result = ACCEPT,
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
},
{
"direct packet access: test13 (branches, good access)",
.insns = {
BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
offsetof(struct __sk_buff, data)),
BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
offsetof(struct __sk_buff, data_end)),
BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 22),
BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 13),
BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
offsetof(struct __sk_buff, mark)),
BPF_MOV64_IMM(BPF_REG_4, 1),
BPF_JMP_REG(BPF_JGT, BPF_REG_3, BPF_REG_4, 2),
BPF_MOV64_IMM(BPF_REG_3, 14),
BPF_JMP_IMM(BPF_JA, 0, 0, 1),
BPF_MOV64_IMM(BPF_REG_3, 24),
BPF_MOV64_REG(BPF_REG_5, BPF_REG_3),
BPF_ALU64_IMM(BPF_ADD, BPF_REG_5, 23),
BPF_ALU64_IMM(BPF_AND, BPF_REG_5, 15),
BPF_MOV64_REG(BPF_REG_6, BPF_REG_2),
BPF_ALU64_REG(BPF_ADD, BPF_REG_6, BPF_REG_5),
BPF_MOV64_IMM(BPF_REG_0, 1),
BPF_EXIT_INSN(),
BPF_MOV64_IMM(BPF_REG_0, 0),
BPF_EXIT_INSN(),
},
.result = ACCEPT,
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
},
{
"helper access to packet: test1, valid packet_ptr range",
.insns = {
......@@ -4208,6 +4286,8 @@ static struct bpf_test tests[] = {
.insns = {
BPF_MOV64_IMM(BPF_REG_1, 0),
BPF_MOV64_IMM(BPF_REG_2, 0),
BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -128),
BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_10, -128),
BPF_ALU64_IMM(BPF_AND, BPF_REG_2, 64),
BPF_MOV64_IMM(BPF_REG_3, 0),
BPF_MOV64_IMM(BPF_REG_4, 0),
......@@ -4251,6 +4331,8 @@ static struct bpf_test tests[] = {
BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -16),
BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -8),
BPF_MOV64_IMM(BPF_REG_2, 0),
BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -128),
BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_10, -128),
BPF_ALU64_IMM(BPF_AND, BPF_REG_2, 63),
BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, 1),
BPF_MOV64_IMM(BPF_REG_3, 0),
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment