Message ID | 20210325154034.85346-1-toke@redhat.com |
---|---|
State | New |
Headers | show |
Series | [bpf,1/2] bpf: enforce that struct_ops programs be GPL-only | expand |
On Thu, Mar 25, 2021 at 04:40:33PM +0100, Toke Høiland-Jørgensen wrote: > With the introduction of the struct_ops program type, it became possible to > implement kernel functionality in BPF, making it viable to use BPF in place > of a regular kernel module for these particular operations. > > Thus far, the only user of this mechanism is for implementing TCP > congestion control algorithms. These are clearly marked as GPL-only when > implemented as modules (as seen by the use of EXPORT_SYMBOL_GPL for > tcp_register_congestion_control()), so it seems like an oversight that this > was not carried over to BPF implementations. And sine this is the only user > of the struct_ops mechanism, just enforcing GPL-only for the struct_ops > program type seems like the simplest way to fix this. > > Fixes: 0baf26b0fcd7 ("bpf: tcp: Support tcp_congestion_ops in bpf") > Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com> > --- > kernel/bpf/verifier.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c > index 44e4ec1640f1..48dd0c0f087c 100644 > --- a/kernel/bpf/verifier.c > +++ b/kernel/bpf/verifier.c > @@ -12166,6 +12166,11 @@ static int check_struct_ops_btf_id(struct bpf_verifier_env *env) > return -ENOTSUPP; > } > > + if (!prog->gpl_compatible) { > + verbose(env, "struct ops programs must have a GPL compatible license\n"); > + return -EINVAL; > + } > + Thanks for the patch. A nit. Instead of sitting in between of the attach_btf_id check and expected_attach_type check, how about moving it to the beginning of this function. Checking attach_btf_id and expected_attach_type would make more sense to be done next to each other as in the current code. Acked-by: Martin KaFai Lau <kafai@fb.com>
Martin KaFai Lau <kafai@fb.com> writes: > On Thu, Mar 25, 2021 at 04:40:33PM +0100, Toke Høiland-Jørgensen wrote: >> With the introduction of the struct_ops program type, it became possible to >> implement kernel functionality in BPF, making it viable to use BPF in place >> of a regular kernel module for these particular operations. >> >> Thus far, the only user of this mechanism is for implementing TCP >> congestion control algorithms. These are clearly marked as GPL-only when >> implemented as modules (as seen by the use of EXPORT_SYMBOL_GPL for >> tcp_register_congestion_control()), so it seems like an oversight that this >> was not carried over to BPF implementations. And sine this is the only user >> of the struct_ops mechanism, just enforcing GPL-only for the struct_ops >> program type seems like the simplest way to fix this. >> >> Fixes: 0baf26b0fcd7 ("bpf: tcp: Support tcp_congestion_ops in bpf") >> Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com> >> --- >> kernel/bpf/verifier.c | 5 +++++ >> 1 file changed, 5 insertions(+) >> >> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c >> index 44e4ec1640f1..48dd0c0f087c 100644 >> --- a/kernel/bpf/verifier.c >> +++ b/kernel/bpf/verifier.c >> @@ -12166,6 +12166,11 @@ static int check_struct_ops_btf_id(struct bpf_verifier_env *env) >> return -ENOTSUPP; >> } >> >> + if (!prog->gpl_compatible) { >> + verbose(env, "struct ops programs must have a GPL compatible license\n"); >> + return -EINVAL; >> + } >> + > Thanks for the patch. > > A nit. Instead of sitting in between of the attach_btf_id check > and expected_attach_type check, how about moving it to the beginning > of this function. Checking attach_btf_id and expected_attach_type > would make more sense to be done next to each other as in the current > code. Yeah, good point. Not sure what I was thinking stuffing it in the middle there; will fix and send a v2! > Acked-by: Martin KaFai Lau <kafai@fb.com> Thanks! :) -Toke
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 44e4ec1640f1..48dd0c0f087c 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -12166,6 +12166,11 @@ static int check_struct_ops_btf_id(struct bpf_verifier_env *env) return -ENOTSUPP; } + if (!prog->gpl_compatible) { + verbose(env, "struct ops programs must have a GPL compatible license\n"); + return -EINVAL; + } + t = st_ops->type; member_idx = prog->expected_attach_type; if (member_idx >= btf_type_vlen(t)) {
With the introduction of the struct_ops program type, it became possible to implement kernel functionality in BPF, making it viable to use BPF in place of a regular kernel module for these particular operations. Thus far, the only user of this mechanism is for implementing TCP congestion control algorithms. These are clearly marked as GPL-only when implemented as modules (as seen by the use of EXPORT_SYMBOL_GPL for tcp_register_congestion_control()), so it seems like an oversight that this was not carried over to BPF implementations. And sine this is the only user of the struct_ops mechanism, just enforcing GPL-only for the struct_ops program type seems like the simplest way to fix this. Fixes: 0baf26b0fcd7 ("bpf: tcp: Support tcp_congestion_ops in bpf") Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com> --- kernel/bpf/verifier.c | 5 +++++ 1 file changed, 5 insertions(+)