From patchwork Wed May 6 13:29:38 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jiri Olsa X-Patchwork-Id: 219777 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.1 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 868C9C38A2A for ; Wed, 6 May 2020 13:30:10 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 611A920746 for ; Wed, 6 May 2020 13:30:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1588771810; bh=28j36iafVCRx9I3PUHj+utyerbx048MTH+Koh9/q1y4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=hwBxL3HwW5GqtbyE1nYypXI9qmma5m54TsGJ0eFKKUkJwZZzXZ9c5WQOFZNvc97Me IPe6TSWMBEZfq6Txf96/Q37gxc5j8kDBSZSGjiPULU9uGWKItGUwVbdj4622vty3tm 0KbvF68MGQs+gQAMj39q+LKmGRsWE1EsLXXs1Tl8= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728624AbgEFNaJ convert rfc822-to-8bit (ORCPT ); Wed, 6 May 2020 09:30:09 -0400 Received: from us-smtp-1.mimecast.com ([205.139.110.61]:45593 "EHLO us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728455AbgEFNaG (ORCPT ); Wed, 6 May 2020 09:30:06 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-504-rSjBDC2HOjmkwiHKJvkIpw-1; Wed, 06 May 2020 09:29:57 -0400 X-MC-Unique: rSjBDC2HOjmkwiHKJvkIpw-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 2BD031902EA1; Wed, 6 May 2020 13:29:55 +0000 (UTC) Received: from krava.redhat.com (unknown [10.40.192.32]) by smtp.corp.redhat.com (Postfix) with ESMTP id E0BF26443B; Wed, 6 May 2020 13:29:51 +0000 (UTC) From: Jiri Olsa To: Alexei Starovoitov , Daniel Borkmann Cc: netdev@vger.kernel.org, bpf@vger.kernel.org, Yonghong Song , Martin KaFai Lau , David Miller , John Fastabend , Jesper Dangaard Brouer , Wenbo Zhang , KP Singh , Andrii Nakryiko , bgregg@netflix.com, Florent Revest , Al Viro Subject: [PATCH 1/9] bpf: Add d_path helper Date: Wed, 6 May 2020 15:29:38 +0200 Message-Id: <20200506132946.2164578-2-jolsa@kernel.org> In-Reply-To: <20200506132946.2164578-1-jolsa@kernel.org> References: <20200506132946.2164578-1-jolsa@kernel.org> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: kernel.org Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Adding d_path helper function that returns full path for give 'struct path' object, which needs to be the kernel BTF 'path' object. The helper calls directly d_path function. Updating also bpf.h tools uapi header and adding 'path' to bpf_helpers_doc.py script. Signed-off-by: Jiri Olsa --- include/uapi/linux/bpf.h | 14 +++++++++++++- kernel/trace/bpf_trace.c | 31 +++++++++++++++++++++++++++++++ scripts/bpf_helpers_doc.py | 2 ++ tools/include/uapi/linux/bpf.h | 14 +++++++++++++- 4 files changed, 59 insertions(+), 2 deletions(-) diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index b3643e27e264..bc13cad27872 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -3068,6 +3068,17 @@ union bpf_attr { * See: clock_gettime(CLOCK_BOOTTIME) * Return * Current *ktime*. + * + * int bpf_d_path(struct path *path, char *buf, u32 sz) + * Description + * Return full path for given 'struct path' object, which + * needs to be the kernel BTF 'path' object. The path is + * returned in buffer provided 'buf' of size 'sz'. + * + * Return + * length of returned string on success, or a negative + * error in case of failure + * */ #define __BPF_FUNC_MAPPER(FN) \ FN(unspec), \ @@ -3195,7 +3206,8 @@ union bpf_attr { FN(get_netns_cookie), \ FN(get_current_ancestor_cgroup_id), \ FN(sk_assign), \ - FN(ktime_get_boot_ns), + FN(ktime_get_boot_ns), \ + FN(d_path), /* integer value in 'imm' field of BPF_CALL instruction selects which helper * function eBPF program intends to call diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index e875c95d3ced..3097ab04bdc4 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -779,6 +779,35 @@ static const struct bpf_func_proto bpf_send_signal_thread_proto = { .arg1_type = ARG_ANYTHING, }; +BPF_CALL_3(bpf_d_path, struct path *, path, char *, buf, u32, sz) +{ + char *p = d_path(path, buf, sz - 1); + int len; + + if (IS_ERR(p)) { + len = PTR_ERR(p); + } else { + len = strlen(p); + if (len && p != buf) { + memmove(buf, p, len); + buf[len] = 0; + } + } + + return len; +} + +static u32 bpf_d_path_btf_ids[3]; +static const struct bpf_func_proto bpf_d_path_proto = { + .func = bpf_d_path, + .gpl_only = true, + .ret_type = RET_INTEGER, + .arg1_type = ARG_PTR_TO_BTF_ID, + .arg2_type = ARG_PTR_TO_MEM, + .arg3_type = ARG_CONST_SIZE, + .btf_id = bpf_d_path_btf_ids, +}; + const struct bpf_func_proto * bpf_tracing_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) { @@ -1226,6 +1255,8 @@ tracing_prog_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) case BPF_FUNC_xdp_output: return &bpf_xdp_output_proto; #endif + case BPF_FUNC_d_path: + return &bpf_d_path_proto; default: return raw_tp_prog_func_proto(func_id, prog); } diff --git a/scripts/bpf_helpers_doc.py b/scripts/bpf_helpers_doc.py index f43d193aff3a..8f62cbc4c3ff 100755 --- a/scripts/bpf_helpers_doc.py +++ b/scripts/bpf_helpers_doc.py @@ -418,6 +418,7 @@ class PrinterHelpers(Printer): 'struct __sk_buff', 'struct sk_msg_md', 'struct xdp_md', + 'struct path', ] known_types = { '...', @@ -450,6 +451,7 @@ class PrinterHelpers(Printer): 'struct sk_reuseport_md', 'struct sockaddr', 'struct tcphdr', + 'struct path', } mapped_types = { 'u8': '__u8', diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h index b3643e27e264..bc13cad27872 100644 --- a/tools/include/uapi/linux/bpf.h +++ b/tools/include/uapi/linux/bpf.h @@ -3068,6 +3068,17 @@ union bpf_attr { * See: clock_gettime(CLOCK_BOOTTIME) * Return * Current *ktime*. + * + * int bpf_d_path(struct path *path, char *buf, u32 sz) + * Description + * Return full path for given 'struct path' object, which + * needs to be the kernel BTF 'path' object. The path is + * returned in buffer provided 'buf' of size 'sz'. + * + * Return + * length of returned string on success, or a negative + * error in case of failure + * */ #define __BPF_FUNC_MAPPER(FN) \ FN(unspec), \ @@ -3195,7 +3206,8 @@ union bpf_attr { FN(get_netns_cookie), \ FN(get_current_ancestor_cgroup_id), \ FN(sk_assign), \ - FN(ktime_get_boot_ns), + FN(ktime_get_boot_ns), \ + FN(d_path), /* integer value in 'imm' field of BPF_CALL instruction selects which helper * function eBPF program intends to call From patchwork Wed May 6 13:29:41 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jiri Olsa X-Patchwork-Id: 219776 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.1 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7569BC47256 for ; Wed, 6 May 2020 13:30:21 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4597D20575 for ; Wed, 6 May 2020 13:30:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1588771821; bh=7ieu6Wy3OIv/IuQ2nZzXG92ko/1vesi/1A0bznDF78A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=RE20VaMGt8w/7vcFz2We2FZ/t2VFAD4/91VovGnfC+fdwigpNU7hyOFQK8hZRm149 Ju9r9ebpDp2a4UTCqKolAhYbDGUztm7PNzysSxl5x56RyZcX5P5ez+/cVRymnVpWvR oT2VQTUskomQMS3YxODNpsG8Y0qu7eZqjPGMtsag= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728665AbgEFNaU convert rfc822-to-8bit (ORCPT ); Wed, 6 May 2020 09:30:20 -0400 Received: from us-smtp-2.mimecast.com ([207.211.31.81]:37191 "EHLO us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728483AbgEFNaU (ORCPT ); Wed, 6 May 2020 09:30:20 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-459-w_mcWS0RPaiftR-2fN3aAQ-1; Wed, 06 May 2020 09:30:11 -0400 X-MC-Unique: w_mcWS0RPaiftR-2fN3aAQ-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 65FCC460; Wed, 6 May 2020 13:30:09 +0000 (UTC) Received: from krava.redhat.com (unknown [10.40.192.32]) by smtp.corp.redhat.com (Postfix) with ESMTP id 10A3F64430; Wed, 6 May 2020 13:30:02 +0000 (UTC) From: Jiri Olsa To: Alexei Starovoitov , Daniel Borkmann Cc: netdev@vger.kernel.org, bpf@vger.kernel.org, Yonghong Song , Martin KaFai Lau , David Miller , John Fastabend , Jesper Dangaard Brouer , Wenbo Zhang , KP Singh , Andrii Nakryiko , bgregg@netflix.com, Florent Revest , Al Viro Subject: [PATCH 4/9] bpf: Allow nested BTF object to be refferenced by BTF object + offset Date: Wed, 6 May 2020 15:29:41 +0200 Message-Id: <20200506132946.2164578-5-jolsa@kernel.org> In-Reply-To: <20200506132946.2164578-1-jolsa@kernel.org> References: <20200506132946.2164578-1-jolsa@kernel.org> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: kernel.org Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Adding btf_struct_address function that takes 2 BTF objects and offset as arguments and checks wether object A is nested in object B on given offset. This function is be used when checking the helper function PTR_TO_BTF_ID arguments. If the argument has an offset value, the btf_struct_address will check if the final address is the expected BTF ID. This way we can access nested BTF objects under PTR_TO_BTF_ID pointer type and pass them to helpers, while they still point to valid kernel BTF objects. Signed-off-by: Jiri Olsa --- include/linux/bpf.h | 3 ++ kernel/bpf/btf.c | 69 +++++++++++++++++++++++++++++++++++++++++++ kernel/bpf/verifier.c | 32 +++++++++++++------- 3 files changed, 94 insertions(+), 10 deletions(-) diff --git a/include/linux/bpf.h b/include/linux/bpf.h index 1262ec460ab3..bc589cdd8c34 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -1213,6 +1213,9 @@ int btf_struct_access(struct bpf_verifier_log *log, const struct btf_type *t, int off, int size, enum bpf_access_type atype, u32 *next_btf_id); +int btf_struct_address(struct bpf_verifier_log *log, + const struct btf_type *t, + u32 off, u32 exp_id); int btf_resolve_helper_id(struct bpf_verifier_log *log, const struct bpf_func_proto *fn, int); diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c index a2cfba89a8e1..07f22469acab 100644 --- a/kernel/bpf/btf.c +++ b/kernel/bpf/btf.c @@ -4004,6 +4004,75 @@ int btf_struct_access(struct bpf_verifier_log *log, return -EINVAL; } +int btf_struct_address(struct bpf_verifier_log *log, + const struct btf_type *t, + u32 off, u32 exp_id) +{ + u32 i, moff, mtrue_end, msize = 0; + const struct btf_member *member; + const struct btf_type *mtype; + const char *tname, *mname; + +again: + tname = __btf_name_by_offset(btf_vmlinux, t->name_off); + if (!btf_type_is_struct(t)) { + bpf_log(log, "Type '%s' is not a struct\n", tname); + return -EINVAL; + } + + if (off > t->size) { + bpf_log(log, "address beyond struct %s at off %u size %u\n", + tname, off, t->size); + return -EACCES; + } + + for_each_member(i, t, member) { + /* offset of the field in bytes */ + moff = btf_member_bit_offset(t, member) / 8; + if (off < moff) + /* won't find anything, field is already too far */ + break; + + /* we found the member */ + if (off == moff && member->type == exp_id) + return 0; + + /* type of the field */ + mtype = btf_type_by_id(btf_vmlinux, member->type); + mname = __btf_name_by_offset(btf_vmlinux, member->name_off); + + mtype = btf_resolve_size(btf_vmlinux, mtype, &msize, + NULL, NULL); + if (IS_ERR(mtype)) { + bpf_log(log, "field %s doesn't have size\n", mname); + return -EFAULT; + } + + mtrue_end = moff + msize; + if (off >= mtrue_end) + /* no overlap with member, keep iterating */ + continue; + + /* the 'off' we're looking for is either equal to start + * of this field or inside of this struct + */ + if (btf_type_is_struct(mtype)) { + /* our field must be inside that union or struct */ + t = mtype; + + /* adjust offset we're looking for */ + off -= moff; + goto again; + } + + bpf_log(log, "struct %s doesn't have struct field at offset %d\n", tname, off); + return -EACCES; + } + + bpf_log(log, "struct %s doesn't have field at offset %d\n", tname, off); + return -EACCES; +} + static int __btf_resolve_helper_id(struct bpf_verifier_log *log, void *fn, int arg) { diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 70ad009577f8..b988df5ada20 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -3665,6 +3665,7 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 regno, { struct bpf_reg_state *regs = cur_regs(env), *reg = ®s[regno]; enum bpf_reg_type expected_type, type = reg->type; + const struct btf_type *btf_type; int err = 0; if (arg_type == ARG_DONTCARE) @@ -3743,17 +3744,28 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 regno, expected_type = PTR_TO_BTF_ID; if (type != expected_type) goto err_type; - if (reg->btf_id != meta->btf_id) { - verbose(env, "Helper has type %s got %s in R%d\n", - kernel_type_name(meta->btf_id), - kernel_type_name(reg->btf_id), regno); + if (reg->off) { + btf_type = btf_type_by_id(btf_vmlinux, reg->btf_id); + if (btf_struct_address(&env->log, btf_type, reg->off, meta->btf_id)) { + verbose(env, "Helper has type %s got %s in R%d, off %d\n", + kernel_type_name(meta->btf_id), + kernel_type_name(reg->btf_id), regno, reg->off); - return -EACCES; - } - if (!tnum_is_const(reg->var_off) || reg->var_off.value || reg->off) { - verbose(env, "R%d is a pointer to in-kernel struct with non-zero offset\n", - regno); - return -EACCES; + return -EACCES; + } + } else { + if (reg->btf_id != meta->btf_id) { + verbose(env, "Helper has type %s got %s in R%d\n", + kernel_type_name(meta->btf_id), + kernel_type_name(reg->btf_id), regno); + + return -EACCES; + } + if (!tnum_is_const(reg->var_off) || reg->var_off.value) { + verbose(env, "R%d is a pointer to in-kernel struct with non-zero offset\n", + regno); + return -EACCES; + } } } else if (arg_type == ARG_PTR_TO_SPIN_LOCK) { if (meta->func_id == BPF_FUNC_spin_lock) { From patchwork Wed May 6 13:29:43 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jiri Olsa X-Patchwork-Id: 219775 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.1 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 69A60C47256 for ; Wed, 6 May 2020 13:30:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4372C20575 for ; Wed, 6 May 2020 13:30:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1588771827; bh=ECVm4QKNjJDair6GtGbyySnHMbFsF42dgIyjkrkYqRU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=Ep51LHJPlybvVlT/ygs7ZYlgXaOpuZkzz2uurEKfe/AFDH7eyewPT5w6X3qrEFdVP sXwS2UwF4PXKFcQW4byVkwi/4ORw3j12PaXsPfOqRqPohlJT12nZWTQZXmXBByy1yK uydXKfjyuUvw+V2ykbcvTS6IZ2ba20GQX7EeH6Z8= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728702AbgEFNa0 convert rfc822-to-8bit (ORCPT ); Wed, 6 May 2020 09:30:26 -0400 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:49830 "EHLO us-smtp-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728667AbgEFNaY (ORCPT ); Wed, 6 May 2020 09:30:24 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-120-kR9gOgttP-K3_9o0J4CVfg-1; Wed, 06 May 2020 09:30:19 -0400 X-MC-Unique: kR9gOgttP-K3_9o0J4CVfg-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D139046B; Wed, 6 May 2020 13:30:17 +0000 (UTC) Received: from krava.redhat.com (unknown [10.40.192.32]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8CC58605F7; Wed, 6 May 2020 13:30:14 +0000 (UTC) From: Jiri Olsa To: Alexei Starovoitov , Daniel Borkmann Cc: netdev@vger.kernel.org, bpf@vger.kernel.org, Yonghong Song , Martin KaFai Lau , David Miller , John Fastabend , Jesper Dangaard Brouer , Wenbo Zhang , KP Singh , Andrii Nakryiko , bgregg@netflix.com, Florent Revest , Al Viro Subject: [PATCH 6/9] bpf: Compile bpfwl tool at kernel compilation start Date: Wed, 6 May 2020 15:29:43 +0200 Message-Id: <20200506132946.2164578-7-jolsa@kernel.org> In-Reply-To: <20200506132946.2164578-1-jolsa@kernel.org> References: <20200506132946.2164578-1-jolsa@kernel.org> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: kernel.org Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org The bpfwl tool will be used during the vmlinux linking, so it's necessary it's ready. Signed-off-by: Jiri Olsa --- Makefile | 21 +++++++++++++++++---- tools/Makefile | 3 +++ tools/bpf/Makefile | 5 ++++- 3 files changed, 24 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 49b2709ff44e..b0537af523dc 100644 --- a/Makefile +++ b/Makefile @@ -1017,9 +1017,10 @@ export mod_sign_cmd HOST_LIBELF_LIBS = $(shell pkg-config libelf --libs 2>/dev/null || echo -lelf) +has_libelf = $(call try-run,\ + echo "int main() {}" | $(HOSTCC) -xc -o /dev/null $(HOST_LIBELF_LIBS) -,1,0) + ifdef CONFIG_STACK_VALIDATION - has_libelf := $(call try-run,\ - echo "int main() {}" | $(HOSTCC) -xc -o /dev/null $(HOST_LIBELF_LIBS) -,1,0) ifeq ($(has_libelf),1) objtool_target := tools/objtool FORCE else @@ -1028,6 +1029,14 @@ ifdef CONFIG_STACK_VALIDATION endif endif +ifdef CONFIG_DEBUG_INFO_BTF + ifeq ($(has_libelf),1) + bpfwl_target := tools/bpf/bpfwl FORCE + else + SKIP_BTF_WHITELIST_GENERATION := 1 + endif +endif + PHONY += prepare0 export MODORDER := $(extmod-prefix)modules.order @@ -1141,7 +1150,7 @@ prepare0: archprepare $(Q)$(MAKE) $(build)=. # All the preparing.. -prepare: prepare0 prepare-objtool +prepare: prepare0 prepare-objtool prepare-bpfwl # Support for using generic headers in asm-generic asm-generic := -f $(srctree)/scripts/Makefile.asm-generic obj @@ -1154,7 +1163,7 @@ uapi-asm-generic: $(Q)$(MAKE) $(asm-generic)=arch/$(SRCARCH)/include/generated/uapi/asm \ generic=include/uapi/asm-generic -PHONY += prepare-objtool +PHONY += prepare-objtool prepare-bpfwl prepare-objtool: $(objtool_target) ifeq ($(SKIP_STACK_VALIDATION),1) ifdef CONFIG_UNWINDER_ORC @@ -1165,6 +1174,10 @@ else endif endif +prepare-bpfwl: $(bpfwl_target) +ifeq ($(SKIP_BTF_WHITELIST_GENERATION),1) + @echo "warning: Cannot use BTF whitelist checks, please install libelf-dev, libelf-devel or elfutils-libelf-devel" >&2 +endif # Generate some files # --------------------------------------------------------------------------- diff --git a/tools/Makefile b/tools/Makefile index bd778812e915..85af6ebbce91 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -67,6 +67,9 @@ cpupower: FORCE cgroup firewire hv guest bootconfig spi usb virtio vm bpf iio gpio objtool leds wmi pci firmware debugging: FORCE $(call descend,$@) +bpf/%: FORCE + $(call descend,$@) + liblockdep: FORCE $(call descend,lib/lockdep) diff --git a/tools/bpf/Makefile b/tools/bpf/Makefile index f897eeeb0b4f..d4ea2b5a2e58 100644 --- a/tools/bpf/Makefile +++ b/tools/bpf/Makefile @@ -124,5 +124,8 @@ runqslower_install: runqslower_clean: $(call descend,runqslower,clean) +bpfwl: + $(call descend,bpfwl) + .PHONY: all install clean bpftool bpftool_install bpftool_clean \ - runqslower runqslower_install runqslower_clean + runqslower runqslower_install runqslower_clean bpfwl From patchwork Wed May 6 13:29:46 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jiri Olsa X-Patchwork-Id: 219774 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.1 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 486E1C47256 for ; Wed, 6 May 2020 13:30:37 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1D1C120752 for ; Wed, 6 May 2020 13:30:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1588771837; bh=w/V4zNN3+tqlyig8hBanvdJ+4p4y7Rfs7bjz2D5k4ig=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=khDzAdoRmFzk4SwmbvBupec2v+39BNVfLIr5hFXIinNoPb8Drd26A0Shfntyl2IzX 25A/+VdMAWR7GXlSrM89r3Tk8noNvORKKzVmzYLCz4SeDe07AbGW9/eBNWX+ivL/I/ BUfu7Jkz7rWGUHa8CK3f//1HhF97Pce/694pLNS0= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728733AbgEFNag convert rfc822-to-8bit (ORCPT ); Wed, 6 May 2020 09:30:36 -0400 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:36296 "EHLO us-smtp-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728667AbgEFNae (ORCPT ); Wed, 6 May 2020 09:30:34 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-144-w3BmCtTrPTq4FU6pS-g0LA-1; Wed, 06 May 2020 09:30:31 -0400 X-MC-Unique: w3BmCtTrPTq4FU6pS-g0LA-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 8A9851902EA1; Wed, 6 May 2020 13:30:29 +0000 (UTC) Received: from krava.redhat.com (unknown [10.40.192.32]) by smtp.corp.redhat.com (Postfix) with ESMTP id 344A4605DD; Wed, 6 May 2020 13:30:26 +0000 (UTC) From: Jiri Olsa To: Alexei Starovoitov , Daniel Borkmann Cc: netdev@vger.kernel.org, bpf@vger.kernel.org, Yonghong Song , Martin KaFai Lau , David Miller , John Fastabend , Jesper Dangaard Brouer , Wenbo Zhang , KP Singh , Andrii Nakryiko , bgregg@netflix.com, Florent Revest , Al Viro Subject: [PATCH 9/9] selftests/bpf: Add verifier test for d_path helper Date: Wed, 6 May 2020 15:29:46 +0200 Message-Id: <20200506132946.2164578-10-jolsa@kernel.org> In-Reply-To: <20200506132946.2164578-1-jolsa@kernel.org> References: <20200506132946.2164578-1-jolsa@kernel.org> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: kernel.org Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Adding verifier test for attaching tracing program and calling d_path helper from within and testing that it's allowed for dentry_open function and denied for 'd_path' function with appropriate error. Signed-off-by: Jiri Olsa --- tools/testing/selftests/bpf/test_verifier.c | 13 ++++++- tools/testing/selftests/bpf/verifier/d_path.c | 37 +++++++++++++++++++ 2 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/bpf/verifier/d_path.c diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c index 21a1ce219c1c..1e38179f0dbf 100644 --- a/tools/testing/selftests/bpf/test_verifier.c +++ b/tools/testing/selftests/bpf/test_verifier.c @@ -114,6 +114,7 @@ struct bpf_test { bpf_testdata_struct_t retvals[MAX_TEST_RUNS]; }; enum bpf_attach_type expected_attach_type; + const char *kfunc; }; /* Note we want this to be 64 bit aligned so that the end of our array is @@ -961,8 +962,18 @@ static void do_test_single(struct bpf_test *test, bool unpriv, attr.log_level = 4; attr.prog_flags = pflags; + if (prog_type == BPF_PROG_TYPE_TRACING && test->kfunc) { + attr.attach_btf_id = libbpf_find_vmlinux_btf_id(test->kfunc, + attr.expected_attach_type); + } + fd_prog = bpf_load_program_xattr(&attr, bpf_vlog, sizeof(bpf_vlog)); - if (fd_prog < 0 && !bpf_probe_prog_type(prog_type, 0)) { + + /* BPF_PROG_TYPE_TRACING requires more setup and + * bpf_probe_prog_type won't give correct answer + */ + if (fd_prog < 0 && (prog_type != BPF_PROG_TYPE_TRACING) && + !bpf_probe_prog_type(prog_type, 0)) { printf("SKIP (unsupported program type %d)\n", prog_type); skips++; goto close_fds; diff --git a/tools/testing/selftests/bpf/verifier/d_path.c b/tools/testing/selftests/bpf/verifier/d_path.c new file mode 100644 index 000000000000..b988396379a7 --- /dev/null +++ b/tools/testing/selftests/bpf/verifier/d_path.c @@ -0,0 +1,37 @@ +{ + "d_path accept", + .insns = { + BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 0), + BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), + BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), + BPF_MOV64_IMM(BPF_REG_6, 0), + BPF_STX_MEM(BPF_DW, BPF_REG_2, BPF_REG_6, 0), + BPF_LD_IMM64(BPF_REG_3, 8), + BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_d_path), + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }, + .result = ACCEPT, + .prog_type = BPF_PROG_TYPE_TRACING, + .expected_attach_type = BPF_TRACE_FENTRY, + .kfunc = "dentry_open", +}, +{ + "d_path reject", + .insns = { + BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 0), + BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), + BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), + BPF_MOV64_IMM(BPF_REG_6, 0), + BPF_STX_MEM(BPF_DW, BPF_REG_2, BPF_REG_6, 0), + BPF_LD_IMM64(BPF_REG_3, 8), + BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_d_path), + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }, + .errstr = "helper call is not allowed in probe", + .result = REJECT, + .prog_type = BPF_PROG_TYPE_TRACING, + .expected_attach_type = BPF_TRACE_FENTRY, + .kfunc = "d_path", +},