- 01 Jul, 2024 1 commit
-
-
Florian Westphal authored
This adds a small internal mapping table so that a new bpf (xdp) kfunc can perform lookups in a flowtable. As-is, xdp program has access to the device pointer, but no way to do a lookup in a flowtable -- there is no way to obtain the needed struct without questionable stunts. This allows to obtain an nf_flowtable pointer given a net_device structure. In order to keep backward compatibility, the infrastructure allows the user to add a given device to multiple flowtables, but it will always return the first added mapping performing the lookup since it assumes the right configuration is 1:1 mapping between flowtables and net_devices. Co-developed-by: Lorenzo Bianconi <lorenzo@kernel.org> Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org> Link: https://lore.kernel.org/bpf/9f20e2c36f494b3bf177328718367f636bb0b2ab.1719698275.git.lorenzo@kernel.org
-
- 27 Jun, 2024 1 commit
-
-
Jiri Olsa authored
ARRAY_SIZE is used on multiple places, move its definition in bpf_misc.h header. Signed-off-by: Jiri Olsa <jolsa@kernel.org> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Reviewed-by: Alan Maguire <alan.maguire@oracle.com> Link: https://lore.kernel.org/bpf/20240626134719.3893748-1-jolsa@kernel.org
-
- 26 Jun, 2024 5 commits
-
-
Alan Maguire authored
When building with clang for ARCH=i386, the following errors are observed: CC kernel/bpf/btf_relocate.o ./tools/lib/bpf/btf_relocate.c:206:23: error: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Werror,-Wsingle-bit-bitfield-constant-conversion] 206 | info[id].needs_size = true; | ^ ~ ./tools/lib/bpf/btf_relocate.c:256:25: error: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Werror,-Wsingle-bit-bitfield-constant-conversion] 256 | base_info.needs_size = true; | ^ ~ 2 errors generated. The problem is we use 1-bit, 31-bit bitfields in a signed int. Changing to bool needs_size: 1; unsigned int size:31; ...resolves the error and pahole reports that 4 bytes are used for the underlying representation: $ pahole btf_name_info tools/lib/bpf/btf_relocate.o struct btf_name_info { const char * name; /* 0 8 */ unsigned int needs_size:1; /* 8: 0 4 */ unsigned int size:31; /* 8: 1 4 */ __u32 id; /* 12 4 */ /* size: 16, cachelines: 1, members: 4 */ /* last cacheline: 16 bytes */ }; Signed-off-by: Alan Maguire <alan.maguire@oracle.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20240624192903.854261-1-alan.maguire@oracle.com
-
Ma Ke authored
Guard close() with extra link_fd[i] > 0 and fexit_fd[i] > 0 check to prevent close(-1). Signed-off-by: Ma Ke <make24@iscas.ac.cn> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20240623131753.2133829-1-make24@iscas.ac.cn
-
Matt Bobrowski authored
Add new negative selftests which are intended to cover the out-of-bounds memory access that could be performed on a CONST_PTR_TO_DYNPTR within functions taking a ARG_PTR_TO_DYNPTR | MEM_RDONLY as an argument, and acceptance of invalid register types i.e. PTR_TO_BTF_ID within functions taking a ARG_PTR_TO_DYNPTR | MEM_RDONLY. Reported-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Acked-by: Eduard Zingerman <eddyz87@gmail.com> Signed-off-by: Matt Bobrowski <mattbobrowski@google.com> Link: https://lore.kernel.org/r/20240625062857.92760-2-mattbobrowski@google.comSigned-off-by: Alexei Starovoitov <ast@kernel.org>
-
Matt Bobrowski authored
Currently, it's possible to pass in a modified CONST_PTR_TO_DYNPTR to a global function as an argument. The adverse effects of this is that BPF helpers can continue to make use of this modified CONST_PTR_TO_DYNPTR from within the context of the global function, which can unintentionally result in out-of-bounds memory accesses and therefore compromise overall system stability i.e. [ 244.157771] BUG: KASAN: slab-out-of-bounds in bpf_dynptr_data+0x137/0x140 [ 244.161345] Read of size 8 at addr ffff88810914be68 by task test_progs/302 [ 244.167151] CPU: 0 PID: 302 Comm: test_progs Tainted: G O E 6.10.0-rc3-00131-g66b58671 #533 [ 244.174318] Call Trace: [ 244.175787] <TASK> [ 244.177356] dump_stack_lvl+0x66/0xa0 [ 244.179531] print_report+0xce/0x670 [ 244.182314] ? __virt_addr_valid+0x200/0x3e0 [ 244.184908] kasan_report+0xd7/0x110 [ 244.187408] ? bpf_dynptr_data+0x137/0x140 [ 244.189714] ? bpf_dynptr_data+0x137/0x140 [ 244.192020] bpf_dynptr_data+0x137/0x140 [ 244.194264] bpf_prog_b02a02fdd2bdc5fa_global_call_bpf_dynptr_data+0x22/0x26 [ 244.198044] bpf_prog_b0fe7b9d7dc3abde_callback_adjust_bpf_dynptr_reg_off+0x1f/0x23 [ 244.202136] bpf_user_ringbuf_drain+0x2c7/0x570 [ 244.204744] ? 0xffffffffc0009e58 [ 244.206593] ? __pfx_bpf_user_ringbuf_drain+0x10/0x10 [ 244.209795] bpf_prog_33ab33f6a804ba2d_user_ringbuf_callback_const_ptr_to_dynptr_reg_off+0x47/0x4b [ 244.215922] bpf_trampoline_6442502480+0x43/0xe3 [ 244.218691] __x64_sys_prlimit64+0x9/0xf0 [ 244.220912] do_syscall_64+0xc1/0x1d0 [ 244.223043] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.226458] RIP: 0033:0x7ffa3eb8f059 [ 244.228582] Code: 08 89 e8 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 8f 1d 0d 00 f7 d8 64 89 01 48 [ 244.241307] RSP: 002b:00007ffa3e9c6eb8 EFLAGS: 00000206 ORIG_RAX: 000000000000012e [ 244.246474] RAX: ffffffffffffffda RBX: 00007ffa3e9c7cdc RCX: 00007ffa3eb8f059 [ 244.250478] RDX: 00007ffa3eb162b4 RSI: 0000000000000000 RDI: 00007ffa3e9c7fb0 [ 244.255396] RBP: 00007ffa3e9c6ed0 R08: 00007ffa3e9c76c0 R09: 0000000000000000 [ 244.260195] R10: 0000000000000000 R11: 0000000000000206 R12: ffffffffffffff80 [ 244.264201] R13: 000000000000001c R14: 00007ffc5d6b4260 R15: 00007ffa3e1c7000 [ 244.268303] </TASK> Add a check_func_arg_reg_off() to the path in which the BPF verifier verifies the arguments of global function arguments, specifically those which take an argument of type ARG_PTR_TO_DYNPTR | MEM_RDONLY. Also, process_dynptr_func() doesn't appear to perform any explicit and strict type matching on the supplied register type, so let's also enforce that a register either type PTR_TO_STACK or CONST_PTR_TO_DYNPTR is by the caller. Reported-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Acked-by: Eduard Zingerman <eddyz87@gmail.com> Signed-off-by: Matt Bobrowski <mattbobrowski@google.com> Link: https://lore.kernel.org/r/20240625062857.92760-1-mattbobrowski@google.comSigned-off-by: Alexei Starovoitov <ast@kernel.org>
-
Leon Hwang authored
Since f663a03c ("bpf, x64: Remove tail call detection"), tail_call_reachable won't be detected in x86 JIT. And, tail_call_reachable is provided by verifier. Therefore, in test_bpf, the tail_call_reachable must be provided in test cases before running. Fix and test: [ 174.828662] test_bpf: #0 Tail call leaf jited:1 170 PASS [ 174.829574] test_bpf: #1 Tail call 2 jited:1 244 PASS [ 174.830363] test_bpf: #2 Tail call 3 jited:1 296 PASS [ 174.830924] test_bpf: #3 Tail call 4 jited:1 719 PASS [ 174.831863] test_bpf: #4 Tail call load/store leaf jited:1 197 PASS [ 174.832240] test_bpf: #5 Tail call load/store jited:1 326 PASS [ 174.832240] test_bpf: #6 Tail call error path, max count reached jited:1 2214 PASS [ 174.835713] test_bpf: #7 Tail call count preserved across function calls jited:1 609751 PASS [ 175.446098] test_bpf: #8 Tail call error path, NULL target jited:1 472 PASS [ 175.447597] test_bpf: #9 Tail call error path, index out of range jited:1 206 PASS [ 175.448833] test_bpf: test_tail_calls: Summary: 10 PASSED, 0 FAILED, [10/10 JIT'ed] Reported-by: kernel test robot <oliver.sang@intel.com> Closes: https://lore.kernel.org/oe-lkp/202406251415.c51865bc-oliver.sang@intel.com Fixes: f663a03c ("bpf, x64: Remove tail call detection") Signed-off-by: Leon Hwang <hffilwlqm@gmail.com> Link: https://lore.kernel.org/r/20240625145351.40072-1-hffilwlqm@gmail.comSigned-off-by: Alexei Starovoitov <ast@kernel.org>
-
- 24 Jun, 2024 1 commit
-
-
Antoine Tenart authored
When upgrading to libbpf 1.3 we noticed a big performance hit while loading programs using CORE on non base-BTF symbols. This was tracked down to the new BTF sanity check logic. The issue is the base BTF definitions are checked first for the base BTF and then again for every module BTF. Loading 5 dummy programs (using libbpf-rs) that are using CORE on a non-base BTF symbol on my system: - Before this fix: 3s. - With this fix: 0.1s. Fix this by only checking the types starting at the BTF start id. This should ensure the base BTF is still checked as expected but only once (btf->start_id == 1 when creating the base BTF), and then only additional types are checked for each module BTF. Fixes: 3903802b ("libbpf: Add basic BTF sanity validation") Signed-off-by: Antoine Tenart <atenart@kernel.org> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Reviewed-by: Alan Maguire <alan.maguire@oracle.com> Link: https://lore.kernel.org/bpf/20240624090908.171231-1-atenart@kernel.org
-
- 23 Jun, 2024 2 commits
-
-
Alan Maguire authored
Kernel test robot reports that kernel build fails with resilient split BTF changes. Examining the associated config and code we see that btf_relocate_id() is defined under CONFIG_DEBUG_INFO_BTF_MODULES. Moving it outside the #ifdef solves the issue. Reported-by: kernel test robot <lkp@intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202406221742.d2srFLVI-lkp@intel.com/Signed-off-by: Alan Maguire <alan.maguire@oracle.com> Link: https://lore.kernel.org/r/20240623135224.27981-1-alan.maguire@oracle.comSigned-off-by: Alexei Starovoitov <ast@kernel.org>
-
Dave Thaler authored
This patch does the following to address IETF feedback: * Remove mention of "program type" and reference future docs (and mention platform-specific docs exist) for helper functions and BTF. Addresses Roman Danyliw's comments based on GENART review from Ines Robles [0]. * Add reference for endianness as requested by John Scudder [1]. * Added bit numbers to top of 32-bit wide format diagrams as requested by Paul Wouters [2]. * Added more text about why BPF doesn't stand for anything, based on text from ebpf.io [3], as requested by Eric Vyncke and Gunter Van de Velde [4]. * Replaced "htobe16" (and similar) and the direction-specific description with just "be16" (and similar) and a direction-agnostic description, to match the direction-agnostic description in the Byteswap Instructions section. Based on feedback from Eric Vyncke [5]. [0] https://mailarchive.ietf.org/arch/msg/bpf/DvDgDWOiwk05OyNlWlAmELZFPlM/ [1] https://mailarchive.ietf.org/arch/msg/bpf/eKNXpU4jCLjsbZDSw8LjI29M3tM/ [2] https://mailarchive.ietf.org/arch/msg/bpf/hGk8HkYxeZTpdu9qW_MvbGKj7WU/ [3] https://ebpf.io/what-is-ebpf/#what-do-ebpf-and-bpf-stand-for [4] https://mailarchive.ietf.org/arch/msg/bpf/i93lzdN3ewnzzS_JMbinCIYxAIU/ [5] https://mailarchive.ietf.org/arch/msg/bpf/KBWXbMeDcSrq4vsKR_KkBbV6hI4/Acked-by: David Vernet <void@manifault.com> Signed-off-by: Dave Thaler <dthaler1968@googlemail.com> Link: https://lore.kernel.org/r/20240623150453.10613-1-dthaler1968@gmail.comSigned-off-by: Alexei Starovoitov <ast@kernel.org>
-
- 21 Jun, 2024 30 commits
-
-
Andrii Nakryiko authored
Alan Maguire says: ==================== bpf: resilient split BTF followups Follow-up to resilient split BTF series [1], - cleaning up libbpf relocation code (patch 1); - adding 'struct module' support for base BTF data (patch 2); - splitting out field iteration code into separate file (patch 3); - sharing libbpf relocation code with the kernel (patch 4); - adding a kbuild --btf_features flag to generate distilled base BTF in the module-specific case where KBUILD_EXTMOD is true (patch 5); and - adding test coverage for module-based kfunc dtor (patch 6) Generation of distilled base BTF for modules requires the pahole patch at [2], but without it we just won't get distilled base BTF (and thus BTF relocation on module load) for bpf_testmod.ko. Changes since v1 [3]: - fixed line lengths and made comparison an explicit == 0 (Andrii, patch 1) - moved btf_iter.c changes to separate patch (Andrii, patch 3) - grouped common targets in kernel/bpf/Makefile (Andrii, patch 4) - updated bpf_testmod ctx alloc to use GFP_ATOMIC, and updated dtor selftest to use map-based dtor cleanup (Eduard, patch 6) [1] https://lore.kernel.org/bpf/20240613095014.357981-1-alan.maguire@oracle.com/ [2] https://lore.kernel.org/bpf/20240517102714.4072080-1-alan.maguire@oracle.com/ [3] https://lore.kernel.org/bpf/20240618162449.809994-1-alan.maguire@oracle.com/ ==================== Link: https://lore.kernel.org/r/20240620091733.1967885-1-alan.maguire@oracle.comSigned-off-by: Andrii Nakryiko <andrii@kernel.org>
-
Alan Maguire authored
add simple kfuncs to create/destroy a context type to bpf_testmod, register them and add a kfunc_call test to use them. This provides test coverage for registration of dtor kfuncs from modules. By transferring the context pointer to a map value as a __kptr we also trigger the map-based dtor cleanup logic, improving test coverage. Suggested-by: Eduard Zingerman <eddyz87@gmail.com> Signed-off-by: Alan Maguire <alan.maguire@oracle.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20240620091733.1967885-7-alan.maguire@oracle.com
-
Alan Maguire authored
Support creation of module BTF along with distilled base BTF; the latter is stored in a .BTF.base ELF section and supplements split BTF references to base BTF with information about base types, allowing for later relocation of split BTF with a (possibly changed) base. resolve_btfids detects the presence of a .BTF.base section and will use it instead of the base BTF it is passed in BTF id resolution. Modules will be built with a distilled .BTF.base section for external module build, i.e. make -C. -M=path2/module ...while in-tree module build as part of a normal kernel build will not generate distilled base BTF; this is because in-tree modules change with the kernel and do not require BTF relocation for the running vmlinux. Signed-off-by: Alan Maguire <alan.maguire@oracle.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Reviewed-by: Eduard Zingerman <eddyz87@gmail.com> Link: https://lore.kernel.org/bpf/20240620091733.1967885-6-alan.maguire@oracle.com
-
Alan Maguire authored
Share relocation implementation with the kernel. As part of this, we also need the type/string iteration functions so also share btf_iter.c file. Relocation code in kernel and userspace is identical save for the impementation of the reparenting of split BTF to the relocated base BTF and retrieval of the BTF header from "struct btf"; these small functions need separate user-space and kernel implementations for the separate "struct btf"s they operate upon. One other wrinkle on the kernel side is we have to map .BTF.ids in modules as they were generated with the type ids used at BTF encoding time. btf_relocate() optionally returns an array mapping from old BTF ids to relocated ids, so we use that to fix up these references where needed for kfuncs. Signed-off-by: Alan Maguire <alan.maguire@oracle.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Eduard Zingerman <eddyz87@gmail.com> Link: https://lore.kernel.org/bpf/20240620091733.1967885-5-alan.maguire@oracle.com
-
Alan Maguire authored
This will allow it to be shared with the kernel. No functional change. Suggested-by: Andrii Nakryiko <andrii@kernel.org> Signed-off-by: Alan Maguire <alan.maguire@oracle.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20240620091733.1967885-4-alan.maguire@oracle.com
-
Alan Maguire authored
...as this will allow split BTF modules with a base BTF representation (rather than the full vmlinux BTF at time of BTF encoding) to resolve their references to kernel types in a way that is more resilient to small changes in kernel types. This will allow modules that are not built every time the kernel is to provide more resilient BTF, rather than have it invalidated every time BTF ids for core kernel types change. Fields are ordered to avoid holes in struct module. Signed-off-by: Alan Maguire <alan.maguire@oracle.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Reviewed-by: Luis Chamberlain <mcgrof@kernel.org> Acked-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20240620091733.1967885-3-alan.maguire@oracle.com
-
Alan Maguire authored
Use less verbose names in BTF relocation code and fix off-by-one error and typo in btf_relocate.c. Simplify loop over matching distilled types, moving from assigning a _next value in loop body to moving match check conditions into the guard. Suggested-by: Andrii Nakryiko <andrii.nakryiko@gmail.com> Signed-off-by: Alan Maguire <alan.maguire@oracle.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Eduard Zingerman <eddyz87@gmail.com> Link: https://lore.kernel.org/bpf/20240620091733.1967885-2-alan.maguire@oracle.com
-
Mykyta Yatsenko authored
Adding selftest to verify that struct_ops maps are auto attached by bpf skeleton's `*__attach` function. Signed-off-by: Mykyta Yatsenko <yatsenko@meta.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20240621180324.238379-1-yatsenko@meta.com
-
Puranjay Mohan authored
On ARM64, the pointer to task_struct is always available in the sp_el0 register and therefore the calls to bpf_get_current_task() and bpf_get_current_task_btf() can be inlined into a single MRS instruction. Here is the difference before and after this change: Before: ; struct task_struct *task = bpf_get_current_task_btf(); 54: mov x10, #0xffffffffffff7978 // #-34440 58: movk x10, #0x802b, lsl #16 5c: movk x10, #0x8000, lsl #32 60: blr x10 --------------> 0xffff8000802b7978 <+0>: mrs x0, sp_el0 64: add x7, x0, #0x0 <-------------- 0xffff8000802b797c <+4>: ret After: ; struct task_struct *task = bpf_get_current_task_btf(); 54: mrs x7, sp_el0 This shows around 1% performance improvement in artificial microbenchmark. Signed-off-by: Puranjay Mohan <puranjay@kernel.org> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Xu Kuohai <xukuohai@huawei.com> Acked-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20240619131334.4297-1-puranjay@kernel.org
-
Andrii Nakryiko authored
Cupertino Miranda says: ==================== Regular expression support for test output matching Hi everyone, This version removes regexp from inline assembly examples that did not require the regular expressions to match. Thanks, Cupertino ==================== Link: https://lore.kernel.org/r/20240617141458.471620-1-cupertino.miranda@oracle.comSigned-off-by: Andrii Nakryiko <andrii@kernel.org>
-
Cupertino Miranda authored
This patch changes a few tests to make use of regular expressions. Fixed tests otherwise fail when compiled with GCC. Signed-off-by: Cupertino Miranda <cupertino.miranda@oracle.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Eduard Zingerman <eddyz87@gmail.com> Link: https://lore.kernel.org/bpf/20240617141458.471620-3-cupertino.miranda@oracle.com
-
Cupertino Miranda authored
Add support for __regex and __regex_unpriv macros to check the test execution output against a regular expression. This is similar to __msg and __msg_unpriv, however those expect do substring matching. Signed-off-by: Cupertino Miranda <cupertino.miranda@oracle.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Eduard Zingerman <eddyz87@gmail.com> Link: https://lore.kernel.org/bpf/20240617141458.471620-2-cupertino.miranda@oracle.com
-
Donglin Peng authored
I encountered an issue when building the test_progs from the repository [1]: $ pwd /work/Qemu/x86_64/linux-6.10-rc2/tools/testing/selftests/bpf/ $ make test_progs V=1 [...] ./tools/sbin/bpftool gen object ./ip_check_defrag.bpf.linked2.o ./ip_check_defrag.bpf.linked1.o libbpf: failed to find symbol for variable 'bpf_dynptr_slice' in section '.ksyms' Error: failed to link './ip_check_defrag.bpf.linked1.o': No such file or directory (2) [...] Upon investigation, I discovered that the btf_types referenced in the '.ksyms' section had a kind of BTF_KIND_FUNC instead of BTF_KIND_VAR: $ bpftool btf dump file ./ip_check_defrag.bpf.linked1.o [...] [2] DATASEC '.ksyms' size=0 vlen=2 type_id=16 offset=0 size=0 (FUNC 'bpf_dynptr_from_skb') type_id=17 offset=0 size=0 (FUNC 'bpf_dynptr_slice') [...] [16] FUNC 'bpf_dynptr_from_skb' type_id=82 linkage=extern [17] FUNC 'bpf_dynptr_slice' type_id=85 linkage=extern [...] For a detailed analysis, please refer to [2]. We can add a kind checking to fix the issue. [1] https://github.com/eddyz87/bpf/tree/binsort-btf-dedup [2] https://lore.kernel.org/all/0c0ef20c-c05e-4db9-bad7-2cbc0d6dfae7@oracle.com/ Fixes: 8fd27bf6 ("libbpf: Add BPF static linker BTF and BTF.ext support") Signed-off-by: Donglin Peng <dolinux.peng@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Reviewed-by: Alan Maguire <alan.maguire@oracle.com> Acked-by: Eduard Zingerman <eddyz87@gmail.com> Link: https://lore.kernel.org/bpf/20240619122355.426405-1-dolinux.peng@gmail.com
-
Matt Bobrowski authored
The new generic LSM hook security_file_post_open() was recently added to the LSM framework in commit 8f46ff57 ("security: Introduce file_post_open hook"). Let's proactively add this generic LSM hook to the sleepable_lsm_hooks BTF ID set, because I can't see there being any strong reasons not to, and it's only a matter of time before someone else comes around and asks for it to be there. security_file_post_open() is inherently sleepable as it's purposely situated in the kernel that allows LSMs to directly read out the contents of the backing file if need be. Additionally, it's called directly after security_file_open(), and that LSM hook in itself already exists in the sleepable_lsm_hooks BTF ID set. Signed-off-by: Matt Bobrowski <mattbobrowski@google.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Link: https://lore.kernel.org/bpf/20240618192923.379852-1-mattbobrowski@google.com
-
Andrii Nakryiko authored
New versions of bpftool now emit additional link placeholders for BPF maps (struct_ops maps are the only maps right now that support attachment), and set up BPF skeleton in such a way that libbpf will auto-attach BPF maps automatically, assumming libbpf is recent enough (v1.5+). Old libbpf will do nothing with those links and won't attempt to auto-attach maps. This allows user code to handle both pre-v1.5 and v1.5+ versions of libbpf at runtime, if necessary. But if users don't have (or don't want to) control bpftool version that generates skeleton, then they can't just assume that skeleton will have link placeholders. To make this detection possible and easy, let's add the following to generated skeleton header file: #define BPF_SKEL_SUPPORTS_MAP_AUTO_ATTACH 1 This can be used during compilation time to guard code that accesses skel->links.<map> slots. Note, if auto-attachment is undesirable, libbpf allows to disable this through bpf_map__set_autoattach(map, false). This is necessary only on libbpf v1.5+, older libbpf doesn't support map auto-attach anyways. Libbpf version can be detected at compilation time using LIBBPF_MAJOR_VERSION and LIBBPF_MINOR_VERSION macros, or at runtime with libbpf_major_version() and libbpf_minor_version() APIs. Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Quentin Monnet <qmo@kernel.org> Link: https://lore.kernel.org/bpf/20240618183832.2535876-1-andrii@kernel.org
-
Jiri Olsa authored
This reverts [1] and changes return value for bpf_session_cookie in bpf selftests. Having long * might lead to problems on 32-bit architectures. Fixes: 2b8dd873 ("bpf: Make bpf_session_cookie() kfunc return long *") Suggested-by: Andrii Nakryiko <andrii@kernel.org> Signed-off-by: Jiri Olsa <jolsa@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20240619081624.1620152-1-jolsa@kernel.org
-
Alexei Starovoitov authored
Geliang Tang says: ==================== use network helpers, part 7 From: Geliang Tang <tanggeliang@kylinos.cn> v6: - update ASSERT strings in patch 4 as Eduard suggested. (thanks) v5: - update patch 1, add getsockopt(SO_PROTOCOL) in connect_to_fd() to fix errors reported by CI. v4: - fix errors reported by CI. v3: - rename start_client to client_socket - Use connect_to_addr in connect_to_fd_opt v2: - update patch 2, extract a new helper start_client. - drop patch 3, keep must_fail in network_helper_opts. Drop type and noconnect from network_helper_opts. And use start_server_str in mptcp and test_tcp_check_syncookie_user. Patches 1-4 address Martin's comments in the previous series. ==================== Link: https://lore.kernel.org/r/cover.1718932493.git.tanggeliang@kylinos.cnSigned-off-by: Alexei Starovoitov <ast@kernel.org>
-
Geliang Tang authored
Since start_server_str() is added now, it can be used in script test_tcp_check_syncookie_user.c instead of start_server_addr() to simplify the code. Acked-by: Eduard Zingerman <eddyz87@gmail.com> Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn> Link: https://lore.kernel.org/r/5d2f442261d37cff16c1f1b21a2b188508ab67fa.1718932493.git.tanggeliang@kylinos.cnSigned-off-by: Alexei Starovoitov <ast@kernel.org>
-
Geliang Tang authored
Since start_server_str() is added now, it can be used in mptcp.c in start_mptcp_server() instead of using helpers make_sockaddr() and start_server_addr() to simplify the code. Acked-by: Eduard Zingerman <eddyz87@gmail.com> Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn> Link: https://lore.kernel.org/r/16fb3e2cd60b64b5470b0e69f1aa233feaf2717c.1718932493.git.tanggeliang@kylinos.cnSigned-off-by: Alexei Starovoitov <ast@kernel.org>
-
Geliang Tang authored
In test_bpf_ip_check_defrag_ok(), the new helper client_socket() can be used to replace connect_to_fd_opts() with "noconnect" opts, and the strcut member "noconnect" of network_helper_opts can be dropped now, always connect to server in connect_to_fd_opts(). Acked-by: Eduard Zingerman <eddyz87@gmail.com> Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn> Link: https://lore.kernel.org/r/f45760becce51986e4e08283c7df0f933eb0da14.1718932493.git.tanggeliang@kylinos.cnSigned-off-by: Alexei Starovoitov <ast@kernel.org>
-
Geliang Tang authored
This patch extracts a new helper client_socket() from connect_to_fd_opts() to create the client socket, but don't connect to the server. Then connect_to_fd_opts() can be implemented using client_socket() and connect_fd_to_addr(). This helper can be used in connect_to_addr() too, and make "noconnect" opts useless. Acked-by: Eduard Zingerman <eddyz87@gmail.com> Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn> Link: https://lore.kernel.org/r/4169c554e1cee79223feea49a1adc459d55e1ffe.1718932493.git.tanggeliang@kylinos.cnSigned-off-by: Alexei Starovoitov <ast@kernel.org>
-
Geliang Tang authored
This patch moves "post_socket_cb" and "noconnect" into connect_to_addr(), then connect_to_fd_opts() can be implemented by getsockname() and connect_to_addr(). This change makes connect_to_* interfaces more unified. Acked-by: Eduard Zingerman <eddyz87@gmail.com> Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn> Link: https://lore.kernel.org/r/4569c30533e14c22fae6c05070aad809720551c1.1718932493.git.tanggeliang@kylinos.cnSigned-off-by: Alexei Starovoitov <ast@kernel.org>
-
Geliang Tang authored
The opts.{type, noconnect} is at least a bit non intuitive or unnecessary. The only use case now is in test_bpf_ip_check_defrag_ok which ends up bypassing most (or at least some) of the connect_to_fd_opts() logic. It's much better that test should have its own connect_to_fd_opts() instead. This patch adds a new "type" parameter for connect_to_fd_opts(), then opts->type and getsockopt(SO_TYPE) can be replaced by "type" parameter in it. In connect_to_fd(), use getsockopt(SO_TYPE) to get "type" value and pass it to connect_to_fd_opts(). In bpf_tcp_ca.c and cgroup_v1v2.c, "SOCK_STREAM" types are passed to connect_to_fd_opts(), and in ip_check_defrag.c, different types "SOCK_RAW" and "SOCK_DGRAM" are passed to it. With these changes, the strcut member "type" of network_helper_opts can be dropped now. Acked-by: Eduard Zingerman <eddyz87@gmail.com> Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn> Link: https://lore.kernel.org/r/cfd20b5ad4085c1d1af5e79df3b09013a407199f.1718932493.git.tanggeliang@kylinos.cnSigned-off-by: Alexei Starovoitov <ast@kernel.org>
-
Alexei Starovoitov authored
Rafael Passos says: ==================== Fix compiler warnings, looking for suggestions Hi, This patchset has a few fixes to compiler warnings. I am studying the BPF subsystem and wish to bring more tangible contributions. I would appreciate receiving suggestions on things to investigate. I also documented a bit in my blog. I could help with docs here, too. https://rcpassos.me/post/linux-ebpf-understanding-kernel-level-mechanics Thanks! Changelog V1 -> V2: - rebased all commits to updated for-next base - removes new cases of the extra parameter for bpf_jit_binary_pack_finalize - built and tested for ARM64 - sent the series for the test workflow: https://github.com/kernel-patches/bpf/pull/7198 ==================== Acked-by: Puranjay Mohan <puranjay@kernel.org> Acked-by: Jiri Olsa <jolsa@kernel.org> Link: https://lore.kernel.org/r/20240615022641.210320-1-rafael@rcpassos.meSigned-off-by: Alexei Starovoitov <ast@kernel.org>
-
Rafael Passos authored
This new_n is defined in the start of this function. Its value is overwritten by `new_n = min(n, log->len_total);` a couple lines before my change, rendering the shadow declaration unnecessary. Signed-off-by: Rafael Passos <rafael@rcpassos.me> Link: https://lore.kernel.org/r/20240615022641.210320-4-rafael@rcpassos.meSigned-off-by: Alexei Starovoitov <ast@kernel.org>
-
Rafael Passos authored
Fixes a compiler warning. The __bpf_free_used_btfs function was taking an extra unused struct bpf_prog_aux *aux param Signed-off-by: Rafael Passos <rafael@rcpassos.me> Link: https://lore.kernel.org/r/20240615022641.210320-3-rafael@rcpassos.meSigned-off-by: Alexei Starovoitov <ast@kernel.org>
-
Rafael Passos authored
Fixes a compiler warning. the bpf_jit_binary_pack_finalize function was taking an extra bpf_prog parameter that went unused. This removves it and updates the callers accordingly. Signed-off-by: Rafael Passos <rafael@rcpassos.me> Link: https://lore.kernel.org/r/20240615022641.210320-2-rafael@rcpassos.meSigned-off-by: Alexei Starovoitov <ast@kernel.org>
-
Alexei Starovoitov authored
Leon Hwang says: ==================== bpf, verifier: Correct tail_call_reachable for bpf prog It's confusing to inspect 'prog->aux->tail_call_reachable' with drgn[0], when bpf prog has tail call but 'tail_call_reachable' is false. This patch corrects 'tail_call_reachable' when bpf prog has tail call. Therefore, it's unnecessary to detect tail call in x86 jit. Let's remove it. Changes: v1 -> v2: * Address comment from Yonghong: * Remove unnecessary tail call detection in x86 jit. Acked-by: Eduard Zingerman <eddyz87@gmail.com> --- Links: [0] https://github.com/osandov/drgn ==================== Link: https://lore.kernel.org/r/20240610124224.34673-1-hffilwlqm@gmail.comSigned-off-by: Alexei Starovoitov <ast@kernel.org>
-
Leon Hwang authored
As 'prog->aux->tail_call_reachable' is correct for tail call present, it's unnecessary to detect tail call in x86 jit. Therefore, let's remove it. Signed-off-by: Leon Hwang <hffilwlqm@gmail.com> Link: https://lore.kernel.org/r/20240610124224.34673-3-hffilwlqm@gmail.comSigned-off-by: Alexei Starovoitov <ast@kernel.org>
-
Leon Hwang authored
It's confusing to inspect 'prog->aux->tail_call_reachable' with drgn[0], when bpf prog has tail call but 'tail_call_reachable' is false. This patch corrects 'tail_call_reachable' when bpf prog has tail call. Signed-off-by: Leon Hwang <hffilwlqm@gmail.com> Link: https://lore.kernel.org/r/20240610124224.34673-2-hffilwlqm@gmail.comSigned-off-by: Alexei Starovoitov <ast@kernel.org>
-