From: Martin KaFai Lau <martin.lau@linux.dev>
To: Alexei Starovoitov <ast@kernel.org>
Cc: sdf@google.com, bpf@vger.kernel.org,
Aditi Ghag <aditi.ghag@isovalent.com>
Subject: Re: [PATCH v7 bpf-next 06/10] bpf: Add bpf_sock_destroy kfunc
Date: Fri, 5 May 2023 11:49:02 -0700 [thread overview]
Message-ID: <45684b6f-ecfb-5f14-e5ad-386b8f611c7a@linux.dev> (raw)
In-Reply-To: <1013e81f-5a0a-dd0b-c18d-3ee849c079ab@linux.dev>
On 5/4/23 5:13 PM, Martin KaFai Lau wrote:
>
> Follow up on the v6 patch-set regarding KF_TRUSTED_ARGS.
> KF_TRUSTED_ARGS is needed here to avoid the cases where a PTR_TO_BTF_ID sk is
> obtained by following another pointer. eg. getting a sk pointer (may be even
> NULL) by following another sk pointer. The recent PTR_TRUSTED concept in the
> verifier can guard this. I tried and the following should do:
>
> diff --git i/net/core/filter.c w/net/core/filter.c
> index 68b228f3eca6..d82e038da0e3 100644
> --- i/net/core/filter.c
> +++ w/net/core/filter.c
> @@ -11767,7 +11767,7 @@ __bpf_kfunc int bpf_sock_destroy(struct sock_common *sock)
> __diag_pop()
>
> BTF_SET8_START(sock_destroy_kfunc_set)
> -BTF_ID_FLAGS(func, bpf_sock_destroy)
> +BTF_ID_FLAGS(func, bpf_sock_destroy, KF_TRUSTED_ARGS)
> BTF_SET8_END(sock_destroy_kfunc_set)
>
> static int tracing_iter_filter(const struct bpf_prog *prog, u32 kfunc_id)
> diff --git i/net/ipv4/tcp_ipv4.c w/net/ipv4/tcp_ipv4.c
> index 887f83a90d85..a769284e8291 100644
> --- i/net/ipv4/tcp_ipv4.c
> +++ w/net/ipv4/tcp_ipv4.c
> @@ -3354,7 +3354,7 @@ static struct bpf_iter_reg tcp_reg_info = {
> .ctx_arg_info_size = 1,
> .ctx_arg_info = {
> { offsetof(struct bpf_iter__tcp, sk_common),
> - PTR_TO_BTF_ID_OR_NULL },
> + PTR_TO_BTF_ID_OR_NULL | PTR_TRUSTED },
Alexei, what do you think about having "PTR_MAYBE_NULL | PTR_TRUSTED" here?
The verifier side looks fine (eg. is_trusted_reg() is taking PTR_MAYBE_NULL into
consideration). However, it seems this will be the first "PTR_MAYBE_NULL |
PTR_TRUSTED" use case and not sure if PTR_MAYBE_NULL may conceptually conflict
with the PTR_TRUSTED idea (like PTR_TRUSTED should not be NULL).
> },
> .get_func_proto = bpf_iter_tcp_get_func_proto,
> .seq_info = &tcp_seq_info,
> diff --git i/net/ipv4/udp.c w/net/ipv4/udp.c
> index 746c85f2bb03..945b641b363b 100644
> --- i/net/ipv4/udp.c
> +++ w/net/ipv4/udp.c
> @@ -3646,7 +3646,7 @@ static struct bpf_iter_reg udp_reg_info = {
> .ctx_arg_info_size = 1,
> .ctx_arg_info = {
> { offsetof(struct bpf_iter__udp, udp_sk),
> - PTR_TO_BTF_ID_OR_NULL },
> + PTR_TO_BTF_ID_OR_NULL | PTR_TRUSTED },
> },
> .seq_info = &udp_seq_info,
> };
next prev parent reply other threads:[~2023-05-05 18:49 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-03 22:53 [PATCH v7 bpf-next 00/10] bpf: Add socket destroy capability Aditi Ghag
2023-05-03 22:53 ` [PATCH v7 bpf-next 01/10] bpf: tcp: Avoid taking fast sock lock in iterator Aditi Ghag
2023-05-03 22:53 ` [PATCH v7 bpf-next 02/10] udp: seq_file: Helper function to match socket attributes Aditi Ghag
2023-05-03 22:53 ` [PATCH v7 bpf-next 03/10] bpf: udp: Encapsulate logic to get udp table Aditi Ghag
2023-05-03 22:53 ` [PATCH v7 bpf-next 04/10] udp: seq_file: Remove bpf_seq_afinfo from udp_iter_state Aditi Ghag
2023-05-04 1:25 ` Aditi Ghag
2023-05-03 22:53 ` [PATCH v7 bpf-next 05/10] bpf: udp: Implement batching for sockets iterator Aditi Ghag
2023-05-03 22:53 ` [PATCH v7 bpf-next 06/10] bpf: Add bpf_sock_destroy kfunc Aditi Ghag
2023-05-05 0:13 ` Martin KaFai Lau
2023-05-05 18:49 ` Martin KaFai Lau [this message]
2023-05-05 20:05 ` Alexei Starovoitov
2023-05-03 22:53 ` [PATCH v7 bpf-next 07/10] selftests/bpf: Add helper to get port using getsockname Aditi Ghag
2023-05-04 17:33 ` Stanislav Fomichev
2023-05-03 22:53 ` [PATCH v7 bpf-next 08/10] selftests/bpf: Test bpf_sock_destroy Aditi Ghag
2023-05-05 0:24 ` Martin KaFai Lau
2023-05-03 22:53 ` [PATCH v7 bpf-next 09/10] bpf: Add a kfunc filter function to 'struct btf_kfunc_id_set' Aditi Ghag
2023-05-05 0:28 ` Martin KaFai Lau
2023-05-03 22:53 ` [PATCH v7 bpf-next 10/10] selftests/bpf: Extend bpf_sock_destroy tests Aditi Ghag
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=45684b6f-ecfb-5f14-e5ad-386b8f611c7a@linux.dev \
--to=martin.lau@linux.dev \
--cc=aditi.ghag@isovalent.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=sdf@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).