From: David Vernet <void@manifault.com>
To: bpf@vger.kernel.org
Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org,
martin.lau@linux.dev, song@kernel.org, yhs@meta.com,
john.fastabend@gmail.com, kpsingh@kernel.org, sdf@google.com,
haoluo@google.com, jolsa@kernel.org,
linux-kernel@vger.kernel.org, kernel-team@meta.com,
tj@kernel.org
Subject: [PATCH bpf-next 0/8] Enable cpumasks to be used as kptrs
Date: Thu, 19 Jan 2023 17:58:25 -0600 [thread overview]
Message-ID: <20230119235833.2948341-1-void@manifault.com> (raw)
'struct cpumask' is a bitmap data structure in the kernel whose indices
reflect the CPUs on the system. Commonly, cpumasks are used to track
which CPUs a task is affinitized to, but they can also be used to e.g.
track which cores are associated with a scheduling domain, which cores
on a machine are idle, etc.
It would be useful to be able to query those cpumasks from BPF programs.
For example, when tracing percpu operations, it would be convenient to
have cpumask support if the tracing program wants to track which tasks
end up running on which CPUs in different time intervals, and to check
their cpumask distribution while doing so. Similarly, if we're tracking
NUMA allocations, CPU scheduling domain associations, etc, it would be
useful to be able to concretely compare decisions made by the kernel to
a task's cpumask.
So as to enable such use cases, this patch set proposes a set of kfuncs,
namespaced to bpf_cpumask_*, which allow BPF programs to make queries
against cpumasks, and to allocate and store them as kptrs.
In order to enable these kfuncs, this patch set adds two new
kfunc-related capabilities to the verifier:
1. Defining a mechanism that allows developers to specify which fields
of a struct type should inherit their parent's trust. Specifically,
we specify that the 'const cpumask_t *cpus_ptr' field will be
considered trusted if the parent struct task_struct is trusted.
2. Allowing KF_TRUSTED_ARGS pointers to be walked to see if a BTF type
is equivalent to what a kfunc requires. For example, the patch set
defines the following type:
struct bpf_cpumask {
cpumask_t cpumask;
refcount_t usage;
};
cpumask_t typedefs a struct cpumask, so if a BPF program has a trusted
pointer to a struct bpf_cpumask, it would therefore be safe to pass
that to a kfunc expecting a const struct cpumask *. Note that
3. Updating the verifier to prevent NULL PTR_TO_MEM pointers to be
passed to KF_TRUSTED_ARGS kfuncs. Without this, a kfunc may crash if
it's given a pointer to what it thinks is a scalar struct, but in
reality is an address. For example, a bitmap embedded in a cpumask_t.
Following these BPF verifier changes (and their associated selftest
additions), this patchset adds a set of cpumask kfuncs in
kernel/bpf/cpumask.c, and then tests and documents them.
Lastly, note that some of the kfuncs that were added would benefit from
additional verification logic. For example, any kfunc taking a CPU
argument that exceeds the number of CPUs on the system, etc. For now, we
silently check for and ignore these cases at runtime. When we have e.g.
per-argument kfunc flags, it might be helpful to add another KF_CPU-type
flag that specifies that the verifier should validate that it's a valid
CPU.
David Vernet (8):
bpf: Enable annotating trusted nested pointers
bpf: Allow trusted args to walk struct when checking BTF IDs
bpf: Disallow NULL PTR_TO_MEM for trusted kfuncs
bpf: Enable cpumasks to be queried and used as kptrs
selftests/bpf: Add nested trust selftests suite
selftests/bpf: Add selftest suite for cpumask kfuncs
bpf/docs: Document cpumask kfuncs in a new file
bpf/docs: Document how nested trusted fields may be defined
Documentation/bpf/cpumasks.rst | 353 +++++++++++++
Documentation/bpf/index.rst | 1 +
Documentation/bpf/kfuncs.rst | 26 +-
include/linux/bpf.h | 4 +
kernel/bpf/Makefile | 1 +
kernel/bpf/btf.c | 64 ++-
kernel/bpf/cpumask.c | 476 ++++++++++++++++++
kernel/bpf/verifier.c | 67 ++-
tools/testing/selftests/bpf/DENYLIST.s390x | 2 +
.../selftests/bpf/prog_tests/cpumask.c | 74 +++
.../selftests/bpf/prog_tests/nested_trust.c | 64 +++
.../selftests/bpf/progs/cpumask_common.h | 114 +++++
.../selftests/bpf/progs/cpumask_failure.c | 125 +++++
.../selftests/bpf/progs/cpumask_success.c | 426 ++++++++++++++++
.../selftests/bpf/progs/nested_trust_common.h | 12 +
.../bpf/progs/nested_trust_failure.c | 33 ++
.../bpf/progs/nested_trust_success.c | 29 ++
17 files changed, 1865 insertions(+), 6 deletions(-)
create mode 100644 Documentation/bpf/cpumasks.rst
create mode 100644 kernel/bpf/cpumask.c
create mode 100644 tools/testing/selftests/bpf/prog_tests/cpumask.c
create mode 100644 tools/testing/selftests/bpf/prog_tests/nested_trust.c
create mode 100644 tools/testing/selftests/bpf/progs/cpumask_common.h
create mode 100644 tools/testing/selftests/bpf/progs/cpumask_failure.c
create mode 100644 tools/testing/selftests/bpf/progs/cpumask_success.c
create mode 100644 tools/testing/selftests/bpf/progs/nested_trust_common.h
create mode 100644 tools/testing/selftests/bpf/progs/nested_trust_failure.c
create mode 100644 tools/testing/selftests/bpf/progs/nested_trust_success.c
--
2.39.0
next reply other threads:[~2023-01-19 23:58 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-19 23:58 David Vernet [this message]
2023-01-19 23:58 ` [PATCH bpf-next 1/8] bpf: Enable annotating trusted nested pointers David Vernet
2023-01-20 1:14 ` kernel test robot
2023-01-20 2:27 ` David Vernet
2023-01-20 6:01 ` kernel test robot
2023-01-19 23:58 ` [PATCH bpf-next 2/8] bpf: Allow trusted args to walk struct when checking BTF IDs David Vernet
2023-01-20 4:58 ` Kumar Kartikeya Dwivedi
2023-01-20 5:23 ` David Vernet
2023-01-20 5:40 ` Alexei Starovoitov
2023-01-20 5:56 ` Kumar Kartikeya Dwivedi
2023-01-20 6:14 ` Alexei Starovoitov
2023-01-20 14:56 ` David Vernet
2023-01-20 15:26 ` David Vernet
2023-01-20 16:17 ` Alexei Starovoitov
2023-01-19 23:58 ` [PATCH bpf-next 3/8] bpf: Disallow NULL PTR_TO_MEM for trusted kfuncs David Vernet
2023-01-20 5:21 ` Kumar Kartikeya Dwivedi
2023-01-20 5:31 ` David Vernet
2023-01-20 5:44 ` Alexei Starovoitov
2023-01-19 23:58 ` [PATCH bpf-next 4/8] bpf: Enable cpumasks to be queried and used as kptrs David Vernet
2023-01-20 2:36 ` kernel test robot
2023-01-20 3:39 ` David Vernet
2023-01-20 5:48 ` Alexei Starovoitov
2023-01-20 5:50 ` David Vernet
2023-01-20 5:52 ` Alexei Starovoitov
2023-01-20 6:22 ` kernel test robot
2023-01-19 23:58 ` [PATCH bpf-next 5/8] selftests/bpf: Add nested trust selftests suite David Vernet
2023-01-20 5:51 ` Alexei Starovoitov
2023-01-20 5:56 ` David Vernet
2023-01-19 23:58 ` [PATCH bpf-next 6/8] selftests/bpf: Add selftest suite for cpumask kfuncs David Vernet
2023-01-19 23:58 ` [PATCH bpf-next 7/8] bpf/docs: Document cpumask kfuncs in a new file David Vernet
2023-01-20 5:59 ` Alexei Starovoitov
2023-01-20 6:01 ` David Vernet
2023-01-19 23:58 ` [PATCH bpf-next 8/8] bpf/docs: Document how nested trusted fields may be defined David Vernet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230119235833.2948341-1-void@manifault.com \
--to=void@manifault.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=haoluo@google.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kernel-team@meta.com \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=sdf@google.com \
--cc=song@kernel.org \
--cc=tj@kernel.org \
--cc=yhs@meta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.