[PATCH v3 bpf 0/5] Tighten up arg:ctx type enforcement

From: Andrii Nakryiko <andrii@kernel.org>
To: bpf@vger.kernel.org, ast@kernel.org, daniel@iogearbox.net,
	martin.lau@kernel.org
Cc: andrii@kernel.org, kernel-team@meta.com
Subject: [PATCH v3 bpf 0/5] Tighten up arg:ctx type enforcement
Date: Wed, 17 Jan 2024 19:31:38 -0800	[thread overview]
Message-ID: <20240118033143.3384355-1-andrii@kernel.org> (raw)

Follow up fixes for kernel-side and libbpf-side logic around handling arg:ctx
(__arg_ctx) tagged arguments of BPF global subprogs.

Patch #1 adds libbpf feature detection of kernel-side __arg_ctx support to
avoid unnecessary rewriting BTF types. With stricter kernel-side type
enforcement this is now mandatory to avoid problems with using `struct
bpf_user_pt_regs_t` instead of actual typedef. For __arg_ctx tagged arguments
verifier is now supporting either `bpf_user_pt_regs_t` typedef or resolves it
down to the actual struct (pt_regs/user_pt_regs/user_regs_struct), depending
on architecture), but for old kernels without __arg_ctx support it's more
backwards compatible for libbpf to use `struct bpf_user_pt_regs_t` rewrite
which will work on wider range of kernels. So feature detection prevent libbpf
accidentally breaking global subprogs on new kernels.

We also adjust selftests to do similar feature detection (much simpler, but
potentially breaking due to kernel source code refactoring, which is fine for
selftests), and skip tests expecting libbpf's BTF type rewrites.

Patch #2 is preparatory refactoring for patch #3 which adds type enforcement
for arg:ctx tagged global subprog args. See the patch for specifics.

Patch #4 adds many new cases to ensure type logic works as expected.

Finally, patch #5 adds a relevant subset of kernel-side type checks to
__arg_ctx cases that libbpf supports rewrite of. In libbpf's case, type
violations are reported as warnings and BTF rewrite is not performed, which
will eventually lead to BPF verifier complaining at program verification time.

Good care was taken to avoid conflicts between bpf and bpf-next tree (which
has few follow up refactorings in the same code area). Once trees converge
some of the code will be moved around a bit (and some will be deleted), but
with no change to functionality or general shape of the code.

v2->v3:
  - support `bpf_user_pt_regs_t` typedef for KPROBE and PERF_EVENT (CI);
v1->v2:
  - add user_pt_regs and user_regs_struct support for PERF_EVENT (CI);
  - drop FEAT_ARG_CTX_TAG enum leftover from patch #1;
  - fix warning about default: without break in the switch (CI).

Andrii Nakryiko (5):
  libbpf: feature-detect arg:ctx tag support in kernel
  bpf: extract bpf_ctx_convert_map logic and make it more reusable
  bpf: enforce types for __arg_ctx-tagged arguments in global subprogs
  selftests/bpf: add tests confirming type logic in kernel for __arg_ctx
  libbpf: warn on unexpected __arg_ctx type when rewriting BTF

 include/linux/btf.h                           |   2 +-
 kernel/bpf/btf.c                              | 231 ++++++++++++++++--
 tools/lib/bpf/libbpf.c                        | 142 ++++++++++-
 .../bpf/prog_tests/test_global_funcs.c        |  13 +
 .../bpf/progs/verifier_global_subprogs.c      | 164 ++++++++++++-
 5 files changed, 513 insertions(+), 39 deletions(-)

-- 
2.34.1