1. 17 May, 2023 5 commits
    • Jiri Olsa's avatar
      libbpf: Store zero fd to fd_array for loader kfunc relocation · 10cb8622
      Jiri Olsa authored
      When moving some of the test kfuncs to bpf_testmod I hit an issue
      when some of the kfuncs that object uses are in module and some
      in vmlinux.
      
      The problem is that both vmlinux and module kfuncs get allocated
      btf_fd_idx index into fd_array, but we store to it the BTF fd value
      only for module's kfunc, not vmlinux's one because (it's zero).
      
      Then after the program is loaded we check if fd_array[btf_fd_idx] != 0
      and close the fd.
      
      When the object has kfuncs from both vmlinux and module, the fd from
      fd_array[btf_fd_idx] from previous load will be stored in there for
      vmlinux's kfunc, so we close unrelated fd (of the program we just
      loaded in my case).
      
      Fixing this by storing zero to fd_array[btf_fd_idx] for vmlinux
      kfuncs, so the we won't close stale fd.
      Signed-off-by: default avatarJiri Olsa <jolsa@kernel.org>
      Link: https://lore.kernel.org/r/20230515133756.1658301-2-jolsa@kernel.orgSigned-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      10cb8622
    • Yonghong Song's avatar
      selftests/bpf: Fix s390 sock_field test failure · de58ef41
      Yonghong Song authored
      llvm patch [1] enabled cross-function optimization for func arguments
      (ArgumentPromotion) at -O2 level. And this caused s390 sock_fields
      test failure ([2]). The failure is gone right now as patch [1] was
      reverted in [3]. But it is possible that patch [3] will be reverted
      again and then the test failure in [2] will show up again. So it is
      desirable to fix the failure regardless.
      
      The following is an analysis why sock_field test fails with
      llvm patch [1].
      
      The main problem is in
        static __noinline bool sk_dst_port__load_word(struct bpf_sock *sk)
        {
              __u32 *word = (__u32 *)&sk->dst_port;
              return word[0] == bpf_htons(0xcafe);
        }
        static __noinline bool sk_dst_port__load_half(struct bpf_sock *sk)
        {
              __u16 *half = (__u16 *)&sk->dst_port;
              return half[0] == bpf_htons(0xcafe);
        }
        ...
        int read_sk_dst_port(struct __sk_buff *skb)
        {
      	...
              sk = skb->sk;
      	...
              if (!sk_dst_port__load_word(sk))
                      RET_LOG();
              if (!sk_dst_port__load_half(sk))
                      RET_LOG();
      	...
        }
      
      Through some cross-function optimization by ArgumentPromotion
      optimization, the compiler does:
        static __noinline bool sk_dst_port__load_word(__u32 word_val)
        {
              return word_val == bpf_htons(0xcafe);
        }
        static __noinline bool sk_dst_port__load_half(__u16 half_val)
        {
              return half_val == bpf_htons(0xcafe);
        }
        ...
        int read_sk_dst_port(struct __sk_buff *skb)
        {
              ...
              sk = skb->sk;
              ...
              __u32 *word = (__u32 *)&sk->dst_port;
              __u32 word_val = word[0];
              ...
              if (!sk_dst_port__load_word(word_val))
                      RET_LOG();
      
              __u16 half_val = word_val >> 16;
              if (!sk_dst_port__load_half(half_val))
                      RET_LOG();
              ...
        }
      
      In current uapi bpf.h, we have
        struct bpf_sock {
      	...
              __be16 dst_port;        /* network byte order */
              __u16 :16;              /* zero padding */
      	...
        };
      But the old kernel (e.g., 5.6) we have
        struct bpf_sock {
      	...
      	__u32 dst_port;         /* network byte order */
      	...
        };
      
      So for backward compatability reason, 4-byte load of
      dst_port is converted to 2-byte load internally.
      Specifically, 'word_val = word[0]' is replaced by 2-byte load
      by the verifier and this caused the trouble for later
      sk_dst_port__load_half() where half_val becomes 0.
      
      Typical usr program won't have such a code pattern tiggering
      the above bug, so let us fix the test failure with source
      code change. Adding an empty asm volatile statement seems
      enough to prevent undesired transformation.
      
        [1] https://reviews.llvm.org/D148269
        [2] https://lore.kernel.org/bpf/e7f2c5e8-a50c-198d-8f95-388165f1e4fd@meta.com/
        [3] https://reviews.llvm.org/rG141be5c062ecf22bd287afffd310e8ac4711444aTested-by: default avatarIlya Leoshkevich <iii@linux.ibm.com>
      Signed-off-by: default avatarYonghong Song <yhs@fb.com>
      Link: https://lore.kernel.org/r/20230516214945.1013578-1-yhs@fb.comSigned-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      de58ef41
    • Andrii Nakryiko's avatar
      selftests/bpf: improve netcnt test robustness · 24a86d83
      Andrii Nakryiko authored
      Change netcnt to demand at least 10K packets, as we frequently see some
      stray packet arriving during the test in BPF CI. It seems more important
      to make sure we haven't lost any packet than enforcing exact number of
      packets.
      
      Cc: Stanislav Fomichev <sdf@google.com>
      Signed-off-by: default avatarAndrii Nakryiko <andrii@kernel.org>
      Acked-by: default avatarStanislav Fomichev <sdf@google.com>
      Link: https://lore.kernel.org/r/20230515204833.2832000-1-andrii@kernel.orgSigned-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      24a86d83
    • Jakub Kicinski's avatar
      Revert "net: Remove low_thresh in ip defrag" · e7480a44
      Jakub Kicinski authored
      This reverts commit b2cbac9b.
      
      We have multiple reports of obvious breakage from this patch.
      Reported-by: default avatarIdo Schimmel <idosch@idosch.org>
      Link: https://lore.kernel.org/all/ZGIRWjNcfqI8yY8W@shredder/
      Link: https://lore.kernel.org/all/CADJHv_sDK=0RrMA2FTZQV5fw7UQ+qY=HG21Wu5qb0V9vvx5w6A@mail.gmail.com/
      Reported-by: syzbot+a5e719ac7c268e414c95@syzkaller.appspotmail.com
      Reported-by: syzbot+a03fd670838d927d9cd8@syzkaller.appspotmail.com
      Fixes: b2cbac9b ("net: Remove low_thresh in ip defrag")
      Link: https://lore.kernel.org/r/20230517034112.1261835-1-kuba@kernel.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      e7480a44
    • Jakub Kicinski's avatar
      Merge tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next · a0e35a64
      Jakub Kicinski authored
      Daniel Borkmann says:
      
      ====================
      pull-request: bpf-next 2023-05-16
      
      We've added 57 non-merge commits during the last 19 day(s) which contain
      a total of 63 files changed, 3293 insertions(+), 690 deletions(-).
      
      The main changes are:
      
      1) Add precision propagation to verifier for subprogs and callbacks,
         from Andrii Nakryiko.
      
      2) Improve BPF's {g,s}setsockopt() handling with wrong option lengths,
         from Stanislav Fomichev.
      
      3) Utilize pahole v1.25 for the kernel's BTF generation to filter out
         inconsistent function prototypes, from Alan Maguire.
      
      4) Various dyn-pointer verifier improvements to relax restrictions,
         from Daniel Rosenberg.
      
      5) Add a new bpf_task_under_cgroup() kfunc for designated task,
         from Feng Zhou.
      
      6) Unblock tests for arm64 BPF CI after ftrace supporting direct call,
         from Florent Revest.
      
      7) Add XDP hint kfunc metadata for RX hash/timestamp for igc,
         from Jesper Dangaard Brouer.
      
      8) Add several new dyn-pointer kfuncs to ease their usability,
         from Joanne Koong.
      
      9) Add in-depth LRU internals description and dot function graph,
         from Joe Stringer.
      
      10) Fix KCSAN report on bpf_lru_list when accessing node->ref,
          from Martin KaFai Lau.
      
      11) Only dump unprivileged_bpf_disabled log warning upon write,
          from Kui-Feng Lee.
      
      12) Extend test_progs to directly passing allow/denylist file,
          from Stephen Veiss.
      
      13) Fix BPF trampoline memleak upon failure attaching to fentry,
          from Yafang Shao.
      
      14) Fix emitting struct bpf_tcp_sock type in vmlinux BTF,
          from Yonghong Song.
      
      * tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next: (57 commits)
        bpf: Fix memleak due to fentry attach failure
        bpf: Remove bpf trampoline selector
        bpf, arm64: Support struct arguments in the BPF trampoline
        bpftool: JIT limited misreported as negative value on aarch64
        bpf: fix calculation of subseq_idx during precision backtracking
        bpf: Remove anonymous union in bpf_kfunc_call_arg_meta
        bpf: Document EFAULT changes for sockopt
        selftests/bpf: Correctly handle optlen > 4096
        selftests/bpf: Update EFAULT {g,s}etsockopt selftests
        bpf: Don't EFAULT for {g,s}setsockopt with wrong optlen
        libbpf: fix offsetof() and container_of() to work with CO-RE
        bpf: Address KCSAN report on bpf_lru_list
        bpf: Add --skip_encoding_btf_inconsistent_proto, --btf_gen_optimized to pahole flags for v1.25
        selftests/bpf: Accept mem from dynptr in helper funcs
        bpf: verifier: Accept dynptr mem as mem in helpers
        selftests/bpf: Check overflow in optional buffer
        selftests/bpf: Test allowing NULL buffer in dynptr slice
        bpf: Allow NULL buffers in bpf_dynptr_slice(_rw)
        selftests/bpf: Add testcase for bpf_task_under_cgroup
        bpf: Add bpf_task_under_cgroup() kfunc
        ...
      ====================
      
      Link: https://lore.kernel.org/r/20230515225603.27027-1-daniel@iogearbox.netSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      a0e35a64
  2. 16 May, 2023 7 commits
  3. 15 May, 2023 20 commits
  4. 14 May, 2023 1 commit
    • Martin KaFai Lau's avatar
      Merge branch 'bpf: Don't EFAULT for {g,s}setsockopt with wrong optlen' · 79b3604d
      Martin KaFai Lau authored
      Stanislav Fomichev says:
      
      ====================
      optval larger than PAGE_SIZE leads to EFAULT if the BPF program
      isn't careful enough. This is often overlooked and might break
      completely unrelated socket options. Instead of EFAULT,
      let's ignore BPF program buffer changes. See the first patch for
      more info.
      
      In addition, clearly document this corner case and reset optlen
      in our selftests (in case somebody copy-pastes from them).
      
      v6:
      - no changes; resending due to screwing up v5 series with the unrelated
        patch
      
      v5:
      - goto in the selftest (Martin)
      - set IP_TOS to zero to avoid endianness complications (Martin)
      
      v4:
      - ignore retval as well when optlen > PAGE_SIZE (Martin)
      
      v3:
      - don't hard-code PAGE_SIZE (Martin)
      - reset orig_optlen in getsockopt when kernel part succeeds (Martin)
      ====================
      Signed-off-by: default avatarMartin KaFai Lau <martin.lau@kernel.org>
      79b3604d
  5. 13 May, 2023 7 commits