[PATCH bpf 0/2] Forbid bpf_ktime_get_coarse_ns and bpf_timer_* in tracing progs

[PATCH bpf 0/2] Forbid bpf_ktime_get_coarse_ns and bpf_timer_* in tracing progs

[Dmitrii Banshchikov]

syzbot found a locking issue with bpf_ktime_get_coarse_ns() helper
executed in BPF_PROG_TYPE_PERF_EVENT prog type - [1]. The issue is
possible because the helper uses non fast version of time accessors
which isn't safe for any context. The helper was added because it
provides performance benefits in comparison to bpf_ktime_get_ns().
Forbid use of bpf_ktime_get_coarse_ns() helper in tracing progs.

The same issue is possible with bpf_timer_* set of helpers - forbid
their usage in tracing progs too.

In the discussion it was stated that bpf_spin_lock releated helpers
shall also be excluded for tracing progs. This is already done in a
different way - by compatibility check between a map and a program. The
verifier fails if a tracing program tries to use a map which value has
struct bpf_spin_lock. This prevents using bpf_spin_lock in tracing
progs.

Patch 1 adds allowance checks for helpers
Patch 2 adds tests

1. https://lore.kernel.org/all/00000000000013aebd05cff8e064@google.com/


Dmitrii Banshchikov (2):
  bpf: Forbid bpf_ktime_get_coarse_ns and bpf_timer_* in tracing progs
  selftests/bpf: Add tests for allowed helpers

 kernel/bpf/helpers.c                          |  30 +++
 tools/testing/selftests/bpf/test_verifier.c   |  36 +++-
 .../selftests/bpf/verifier/helper_allowed.c   | 196 ++++++++++++++++++
 3 files changed, 261 insertions(+), 1 deletion(-)
 create mode 100644 tools/testing/selftests/bpf/verifier/helper_allowed.c

-- 
2.25.1

[PATCH bpf 1/2] bpf: Forbid bpf_ktime_get_coarse_ns and bpf_timer_* in tracing progs

[Dmitrii Banshchikov]

bpf_ktime_get_coarse_ns() helper uses ktime_get_coarse_ns() time
accessor that isn't safe for any context.
This results in locking issues:

======================================================
WARNING: possible circular locking dependency detected
5.15.0-syzkaller #0 Not tainted
------------------------------------------------------
syz-executor.4/14877 is trying to acquire lock:
ffffffff8cb30008 (tk_core.seq.seqcount){----}-{0:0}, at: ktime_get_coarse_ts64+0x25/0x110 kernel/time/timekeeping.c:2255

but task is already holding lock:
ffffffff90dbf200 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_deactivate+0x61/0x400 lib/debugobjects.c:735

which lock already depends on the new lock.

the existing dependency chain (in reverse order) is:

-> #1 (&obj_hash[i].lock){-.-.}-{2:2}:
       lock_acquire+0x19f/0x4d0 kernel/locking/lockdep.c:5625
       __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
       _raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
       __debug_object_init+0xd9/0x1860 lib/debugobjects.c:569
       debug_hrtimer_init kernel/time/hrtimer.c:414 [inline]
       debug_init kernel/time/hrtimer.c:468 [inline]
       hrtimer_init+0x20/0x40 kernel/time/hrtimer.c:1592
       ntp_init_cmos_sync kernel/time/ntp.c:676 [inline]
       ntp_init+0xa1/0xad kernel/time/ntp.c:1095
       timekeeping_init+0x512/0x6bf kernel/time/timekeeping.c:1639
       start_kernel+0x267/0x56e init/main.c:1030
       secondary_startup_64_no_verify+0xb1/0xbb

-> #0 (tk_core.seq.seqcount){----}-{0:0}:
       check_prev_add kernel/locking/lockdep.c:3051 [inline]
       check_prevs_add kernel/locking/lockdep.c:3174 [inline]
       validate_chain+0x1dfb/0x8240 kernel/locking/lockdep.c:3789
       __lock_acquire+0x1382/0x2b00 kernel/locking/lockdep.c:5015
       lock_acquire+0x19f/0x4d0 kernel/locking/lockdep.c:5625
       seqcount_lockdep_reader_access+0xfe/0x230 include/linux/seqlock.h:103
       ktime_get_coarse_ts64+0x25/0x110 kernel/time/timekeeping.c:2255
       ktime_get_coarse include/linux/timekeeping.h:120 [inline]
       ktime_get_coarse_ns include/linux/timekeeping.h:126 [inline]
       ____bpf_ktime_get_coarse_ns kernel/bpf/helpers.c:173 [inline]
       bpf_ktime_get_coarse_ns+0x7e/0x130 kernel/bpf/helpers.c:171
       bpf_prog_a99735ebafdda2f1+0x10/0xb50
       bpf_dispatcher_nop_func include/linux/bpf.h:721 [inline]
       __bpf_prog_run include/linux/filter.h:626 [inline]
       bpf_prog_run include/linux/filter.h:633 [inline]
       BPF_PROG_RUN_ARRAY include/linux/bpf.h:1294 [inline]
       trace_call_bpf+0x2cf/0x5d0 kernel/trace/bpf_trace.c:127
       perf_trace_run_bpf_submit+0x7b/0x1d0 kernel/events/core.c:9708
       perf_trace_lock+0x37c/0x440 include/trace/events/lock.h:39
       trace_lock_release+0x128/0x150 include/trace/events/lock.h:58
       lock_release+0x82/0x810 kernel/locking/lockdep.c:5636
       __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:149 [inline]
       _raw_spin_unlock_irqrestore+0x75/0x130 kernel/locking/spinlock.c:194
       debug_hrtimer_deactivate kernel/time/hrtimer.c:425 [inline]
       debug_deactivate kernel/time/hrtimer.c:481 [inline]
       __run_hrtimer kernel/time/hrtimer.c:1653 [inline]
       __hrtimer_run_queues+0x2f9/0xa60 kernel/time/hrtimer.c:1749
       hrtimer_interrupt+0x3b3/0x1040 kernel/time/hrtimer.c:1811
       local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1086 [inline]
       __sysvec_apic_timer_interrupt+0xf9/0x270 arch/x86/kernel/apic/apic.c:1103
       sysvec_apic_timer_interrupt+0x8c/0xb0 arch/x86/kernel/apic/apic.c:1097
       asm_sysvec_apic_timer_interrupt+0x12/0x20
       __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
       _raw_spin_unlock_irqrestore+0xd4/0x130 kernel/locking/spinlock.c:194
       try_to_wake_up+0x702/0xd20 kernel/sched/core.c:4118
       wake_up_process kernel/sched/core.c:4200 [inline]
       wake_up_q+0x9a/0xf0 kernel/sched/core.c:953
       futex_wake+0x50f/0x5b0 kernel/futex/waitwake.c:184
       do_futex+0x367/0x560 kernel/futex/syscalls.c:127
       __do_sys_futex kernel/futex/syscalls.c:199 [inline]
       __se_sys_futex+0x401/0x4b0 kernel/futex/syscalls.c:180
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x44/0xae

Locking issues are also possible with bpf_timer_* set of helpers:

hrtimer_start()
  lock_base();
  trace_hrtimer...()
    perf_event()
      bpf_run()
        bpf_timer_start()
          hrtimer_start()
            lock_base()         <- DEADLOCK

Forbid use of bpf_ktime_get_coarse_ns() and bpf_timer_* helpers in
BPF_PROG_TYPE_KPROBE, BPF_PROG_TYPE_TRACEPOINT, BPF_PROG_TYPE_PERF_EVENT
and BPF_PROG_TYPE_RAW_TRACEPOINT prog types as it may result locking
issues.

Signed-off-by: Dmitrii Banshchikov <me@ubique.spb.ru>
Reported-by: syzbot+43fd005b5a1b4d10781e@syzkaller.appspotmail.com
---
 kernel/bpf/helpers.c | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
index 1ffd469c217f..3de24928166e 100644
--- a/kernel/bpf/helpers.c
+++ b/kernel/bpf/helpers.c
@@ -18,6 +18,19 @@
 
 #include "../../lib/kstrtox.h"
 
+static bool is_tracing_prog_type(enum bpf_prog_type type)
+{
+	switch (type) {
+	case BPF_PROG_TYPE_KPROBE:
+	case BPF_PROG_TYPE_TRACEPOINT:
+	case BPF_PROG_TYPE_PERF_EVENT:
+	case BPF_PROG_TYPE_RAW_TRACEPOINT:
+		return true;
+	default:
+		return false;
+	}
+}
+
 /* If kernel subsystem is allowing eBPF programs to call this function,
  * inside its own verifier_ops->get_func_proto() callback it should return
  * bpf_map_lookup_elem_proto, so that verifier can properly check the arguments
@@ -173,10 +186,18 @@ BPF_CALL_0(bpf_ktime_get_coarse_ns)
 	return ktime_get_coarse_ns();
 }
 
+static bool bpf_ktime_get_coarse_ns_allowed(const struct bpf_prog *prog)
+{
+	// Forbid prog types that might be non-safe for non-fast variants of time accessors
+
+	return !is_tracing_prog_type(prog->type);
+}
+
 const struct bpf_func_proto bpf_ktime_get_coarse_ns_proto = {
 	.func		= bpf_ktime_get_coarse_ns,
 	.gpl_only	= false,
 	.ret_type	= RET_INTEGER,
+	.allowed	= bpf_ktime_get_coarse_ns_allowed,
 };
 
 BPF_CALL_0(bpf_get_current_pid_tgid)
@@ -1140,6 +1161,11 @@ BPF_CALL_3(bpf_timer_init, struct bpf_timer_kern *, timer, struct bpf_map *, map
 	return ret;
 }
 
+static bool bpf_timer_allowed(const struct bpf_prog *prog)
+{
+	return !is_tracing_prog_type(prog->type);
+}
+
 static const struct bpf_func_proto bpf_timer_init_proto = {
 	.func		= bpf_timer_init,
 	.gpl_only	= true,
@@ -1147,6 +1173,7 @@ static const struct bpf_func_proto bpf_timer_init_proto = {
 	.arg1_type	= ARG_PTR_TO_TIMER,
 	.arg2_type	= ARG_CONST_MAP_PTR,
 	.arg3_type	= ARG_ANYTHING,
+	.allowed	= bpf_timer_allowed,
 };
 
 BPF_CALL_3(bpf_timer_set_callback, struct bpf_timer_kern *, timer, void *, callback_fn,
@@ -1200,6 +1227,7 @@ static const struct bpf_func_proto bpf_timer_set_callback_proto = {
 	.ret_type	= RET_INTEGER,
 	.arg1_type	= ARG_PTR_TO_TIMER,
 	.arg2_type	= ARG_PTR_TO_FUNC,
+	.allowed	= bpf_timer_allowed,
 };
 
 BPF_CALL_3(bpf_timer_start, struct bpf_timer_kern *, timer, u64, nsecs, u64, flags)
@@ -1230,6 +1258,7 @@ static const struct bpf_func_proto bpf_timer_start_proto = {
 	.arg1_type	= ARG_PTR_TO_TIMER,
 	.arg2_type	= ARG_ANYTHING,
 	.arg3_type	= ARG_ANYTHING,
+	.allowed	= bpf_timer_allowed,
 };
 
 static void drop_prog_refcnt(struct bpf_hrtimer *t)
@@ -1279,6 +1308,7 @@ static const struct bpf_func_proto bpf_timer_cancel_proto = {
 	.gpl_only	= true,
 	.ret_type	= RET_INTEGER,
 	.arg1_type	= ARG_PTR_TO_TIMER,
+	.allowed	= bpf_timer_allowed,
 };
 
 /* This function is called by map_delete/update_elem for individual element and
-- 
2.25.1

[PATCH bpf 2/2] selftests/bpf: Add tests for allowed helpers

[Dmitrii Banshchikov]

This patch adds tests that bpf_ktime_get_coarse_ns() and bpf_timer_* and
bpf_spin_lock()/bpf_spin_unlock() helpers are forbidden in tracing
progs as it may result in various locking issues.

Signed-off-by: Dmitrii Banshchikov <me@ubique.spb.ru>
---
 tools/testing/selftests/bpf/test_verifier.c   |  36 +++-
 .../selftests/bpf/verifier/helper_allowed.c   | 196 ++++++++++++++++++
 2 files changed, 231 insertions(+), 1 deletion(-)
 create mode 100644 tools/testing/selftests/bpf/verifier/helper_allowed.c

diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c
index 25afe423b3f0..e16eab6fc3a9 100644
--- a/tools/testing/selftests/bpf/test_verifier.c
+++ b/tools/testing/selftests/bpf/test_verifier.c
@@ -92,6 +92,7 @@ struct bpf_test {
 	int fixup_map_event_output[MAX_FIXUPS];
 	int fixup_map_reuseport_array[MAX_FIXUPS];
 	int fixup_map_ringbuf[MAX_FIXUPS];
+	int fixup_map_timer[MAX_FIXUPS];
 	/* Expected verifier log output for result REJECT or VERBOSE_ACCEPT.
 	 * Can be a tab-separated sequence of expected strings. An empty string
 	 * means no log verification.
@@ -605,7 +606,7 @@ static int create_cgroup_storage(bool percpu)
  *   struct bpf_spin_lock l;
  * };
  */
-static const char btf_str_sec[] = "\0bpf_spin_lock\0val\0cnt\0l";
+static const char btf_str_sec[] = "\0bpf_spin_lock\0val\0cnt\0l\0bpf_timer\0";
 static __u32 btf_raw_types[] = {
 	/* int */
 	BTF_TYPE_INT_ENC(0, BTF_INT_SIGNED, 0, 32, 4),  /* [1] */
@@ -616,6 +617,8 @@ static __u32 btf_raw_types[] = {
 	BTF_TYPE_ENC(15, BTF_INFO_ENC(BTF_KIND_STRUCT, 0, 2), 8),
 	BTF_MEMBER_ENC(19, 1, 0), /* int cnt; */
 	BTF_MEMBER_ENC(23, 2, 32),/* struct bpf_spin_lock l; */
+	/* struct bpf_timer */				/* [4] */
+	BTF_TYPE_ENC(25, BTF_INFO_ENC(BTF_KIND_STRUCT, 0, 0), 16),
 };
 
 static int load_btf(void)
@@ -696,6 +699,29 @@ static int create_sk_storage_map(void)
 	return fd;
 }
 
+static int create_map_timer(void)
+{
+	struct bpf_create_map_attr attr = {
+		.name = "test_map",
+		.map_type = BPF_MAP_TYPE_ARRAY,
+		.key_size = 4,
+		.value_size = 16,
+		.max_entries = 1,
+		.btf_key_type_id = 1,
+		.btf_value_type_id = 4,
+	};
+	int fd, btf_fd;
+
+	btf_fd = load_btf();
+	if (btf_fd < 0)
+		return -1;
+	attr.btf_fd = btf_fd;
+	fd = bpf_create_map_xattr(&attr);
+	if (fd < 0)
+		printf("Failed to create map with timer\n");
+	return fd;
+}
+
 static char bpf_vlog[UINT_MAX >> 8];
 
 static void do_test_fixup(struct bpf_test *test, enum bpf_prog_type prog_type,
@@ -722,6 +748,7 @@ static void do_test_fixup(struct bpf_test *test, enum bpf_prog_type prog_type,
 	int *fixup_map_event_output = test->fixup_map_event_output;
 	int *fixup_map_reuseport_array = test->fixup_map_reuseport_array;
 	int *fixup_map_ringbuf = test->fixup_map_ringbuf;
+	int *fixup_map_timer = test->fixup_map_timer;
 
 	if (test->fill_helper) {
 		test->fill_insns = calloc(MAX_TEST_INSNS, sizeof(struct bpf_insn));
@@ -907,6 +934,13 @@ static void do_test_fixup(struct bpf_test *test, enum bpf_prog_type prog_type,
 			fixup_map_ringbuf++;
 		} while (*fixup_map_ringbuf);
 	}
+	if (*fixup_map_timer) {
+		map_fds[21] = create_map_timer();
+		do {
+			prog[*fixup_map_timer].imm = map_fds[21];
+			fixup_map_timer++;
+		} while (*fixup_map_timer);
+	}
 }
 
 struct libcap {
diff --git a/tools/testing/selftests/bpf/verifier/helper_allowed.c b/tools/testing/selftests/bpf/verifier/helper_allowed.c
new file mode 100644
index 000000000000..aeba8ef866a9
--- /dev/null
+++ b/tools/testing/selftests/bpf/verifier/helper_allowed.c
@@ -0,0 +1,196 @@
+{
+	"bpf_ktime_get_coarse_ns isn't allowed in BPF_PROG_TYPE_KPROBE",
+	.insns = {
+		BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_ktime_get_coarse_ns),
+		BPF_MOV64_IMM(BPF_REG_0, 0),
+		BPF_EXIT_INSN(),
+	},
+	.errstr = "helper call is not allowed in probe",
+	.result = REJECT,
+	.prog_type = BPF_PROG_TYPE_KPROBE,
+},
+{
+	"bpf_ktime_get_coarse_ns isn't allowed in BPF_PROG_TYPE_TRACEPOINT",
+	.insns = {
+		BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_ktime_get_coarse_ns),
+		BPF_MOV64_IMM(BPF_REG_0, 0),
+		BPF_EXIT_INSN(),
+	},
+	.errstr = "helper call is not allowed in probe",
+	.result = REJECT,
+	.prog_type = BPF_PROG_TYPE_TRACEPOINT,
+},
+{
+	"bpf_ktime_get_coarse_ns isn't allowed in BPF_PROG_TYPE_PERF_EVENT",
+	.insns = {
+	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_ktime_get_coarse_ns),
+	BPF_MOV64_IMM(BPF_REG_0, 0),
+	BPF_EXIT_INSN(),
+	},
+	.errstr = "helper call is not allowed in probe",
+	.result = REJECT,
+	.prog_type = BPF_PROG_TYPE_PERF_EVENT,
+},
+{
+	"bpf_ktime_get_coarse_ns isn't allowed in BPF_PROG_TYPE_RAW_TRACEPOINT",
+	.insns = {
+	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_ktime_get_coarse_ns),
+	BPF_MOV64_IMM(BPF_REG_0, 0),
+	BPF_EXIT_INSN(),
+	},
+	.errstr = "helper call is not allowed in probe",
+	.result = REJECT,
+	.prog_type = BPF_PROG_TYPE_RAW_TRACEPOINT,
+},
+{
+	"bpf_timer_init isn't allowed in BPF_PROG_TYPE_KPROBE",
+	.insns = {
+	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
+	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
+	BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0),
+	BPF_LD_MAP_FD(BPF_REG_1, 0),
+	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
+	BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 4),
+	BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
+	BPF_LD_MAP_FD(BPF_REG_2, 0),
+	BPF_MOV64_IMM(BPF_REG_3, 1),
+	BPF_EMIT_CALL(BPF_FUNC_timer_init),
+	BPF_EXIT_INSN(),
+	},
+	.fixup_map_timer = { 3, 8 },
+	.errstr = "helper call is not allowed in probe",
+	.result = REJECT,
+	.prog_type = BPF_PROG_TYPE_KPROBE,
+},
+{
+	"bpf_timer_init isn't allowed in BPF_PROG_TYPE_PERF_EVENT",
+	.insns = {
+	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
+	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
+	BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0),
+	BPF_LD_MAP_FD(BPF_REG_1, 0),
+	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
+	BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 4),
+	BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
+	BPF_LD_MAP_FD(BPF_REG_2, 0),
+	BPF_MOV64_IMM(BPF_REG_3, 1),
+	BPF_EMIT_CALL(BPF_FUNC_timer_init),
+	BPF_EXIT_INSN(),
+	},
+	.fixup_map_timer = { 3, 8 },
+	.errstr = "helper call is not allowed in probe",
+	.result = REJECT,
+	.prog_type = BPF_PROG_TYPE_PERF_EVENT,
+},
+{
+	"bpf_timer_init isn't allowed in BPF_PROG_TYPE_TRACEPOINT",
+	.insns = {
+	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
+	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
+	BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0),
+	BPF_LD_MAP_FD(BPF_REG_1, 0),
+	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
+	BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 4),
+	BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
+	BPF_LD_MAP_FD(BPF_REG_2, 0),
+	BPF_MOV64_IMM(BPF_REG_3, 1),
+	BPF_EMIT_CALL(BPF_FUNC_timer_init),
+	BPF_EXIT_INSN(),
+	},
+	.fixup_map_timer = { 3, 8 },
+	.errstr = "helper call is not allowed in probe",
+	.result = REJECT,
+	.prog_type = BPF_PROG_TYPE_TRACEPOINT,
+},
+{
+	"bpf_timer_init isn't allowed in BPF_PROG_TYPE_RAW_TRACEPOINT",
+	.insns = {
+	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
+	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
+	BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0),
+	BPF_LD_MAP_FD(BPF_REG_1, 0),
+	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
+	BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 4),
+	BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
+	BPF_LD_MAP_FD(BPF_REG_2, 0),
+	BPF_MOV64_IMM(BPF_REG_3, 1),
+	BPF_EMIT_CALL(BPF_FUNC_timer_init),
+	BPF_EXIT_INSN(),
+	},
+	.fixup_map_timer = { 3, 8 },
+	.errstr = "helper call is not allowed in probe",
+	.result = REJECT,
+	.prog_type = BPF_PROG_TYPE_RAW_TRACEPOINT,
+},
+{
+	"bpf_spin_lock isn't allowed in BPF_PROG_TYPE_KPROBE",
+	.insns = {
+	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
+	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
+	BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0),
+	BPF_LD_MAP_FD(BPF_REG_1, 0),
+	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
+	BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 2),
+	BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
+	BPF_EMIT_CALL(BPF_FUNC_spin_lock),
+	BPF_EXIT_INSN(),
+	},
+	.fixup_map_spin_lock = { 3 },
+	.errstr = "tracing progs cannot use bpf_spin_lock yet",
+	.result = REJECT,
+	.prog_type = BPF_PROG_TYPE_KPROBE,
+},
+{
+	"bpf_spin_lock isn't allowed in BPF_PROG_TYPE_TRACEPOINT",
+	.insns = {
+	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
+	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
+	BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0),
+	BPF_LD_MAP_FD(BPF_REG_1, 0),
+	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
+	BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 2),
+	BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
+	BPF_EMIT_CALL(BPF_FUNC_spin_lock),
+	BPF_EXIT_INSN(),
+	},
+	.fixup_map_spin_lock = { 3 },
+	.errstr = "tracing progs cannot use bpf_spin_lock yet",
+	.result = REJECT,
+	.prog_type = BPF_PROG_TYPE_TRACEPOINT,
+},
+{
+	"bpf_spin_lock isn't allowed in BPF_PROG_TYPE_PERF_EVENT",
+	.insns = {
+	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
+	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
+	BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0),
+	BPF_LD_MAP_FD(BPF_REG_1, 0),
+	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
+	BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 2),
+	BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
+	BPF_EMIT_CALL(BPF_FUNC_spin_lock),
+	BPF_EXIT_INSN(),
+	},
+	.fixup_map_spin_lock = { 3 },
+	.errstr = "tracing progs cannot use bpf_spin_lock yet",
+	.result = REJECT,
+	.prog_type = BPF_PROG_TYPE_PERF_EVENT,
+},
+{
+	"bpf_spin_lock isn't allowed in BPF_PROG_TYPE_RAW_TRACEPOINT",
+	.insns = {
+	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
+	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
+	BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0),
+	BPF_LD_MAP_FD(BPF_REG_1, 0),
+	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
+	BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 2),
+	BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
+	BPF_EMIT_CALL(BPF_FUNC_spin_lock),
+	BPF_EXIT_INSN(),
+	},
+	.fixup_map_spin_lock = { 3 },
+	.errstr = "tracing progs cannot use bpf_spin_lock yet",
+	.result = REJECT,
+	.prog_type = BPF_PROG_TYPE_RAW_TRACEPOINT,
+},
-- 
2.25.1

Re: [PATCH bpf 1/2] bpf: Forbid bpf_ktime_get_coarse_ns and bpf_timer_* in tracing progs

[Denis Kirjanov]

11/8/21 7:46 PM, Dmitrii Banshchikov пишет:
> bpf_ktime_get_coarse_ns() helper uses ktime_get_coarse_ns() time
> accessor that isn't safe for any context.
> This results in locking issues:
> 
> ======================================================
> WARNING: possible circular locking dependency detected
> 5.15.0-syzkaller #0 Not tainted
> ------------------------------------------------------
> syz-executor.4/14877 is trying to acquire lock:
> ffffffff8cb30008 (tk_core.seq.seqcount){----}-{0:0}, at: ktime_get_coarse_ts64+0x25/0x110 kernel/time/timekeeping.c:2255
> 
> but task is already holding lock:
> ffffffff90dbf200 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_deactivate+0x61/0x400 lib/debugobjects.c:735
> 
> which lock already depends on the new lock.
> 
> the existing dependency chain (in reverse order) is:
> 
> -> #1 (&obj_hash[i].lock){-.-.}-{2:2}:
>         lock_acquire+0x19f/0x4d0 kernel/locking/lockdep.c:5625
>         __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]
>         _raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162
>         __debug_object_init+0xd9/0x1860 lib/debugobjects.c:569
>         debug_hrtimer_init kernel/time/hrtimer.c:414 [inline]
>         debug_init kernel/time/hrtimer.c:468 [inline]
>         hrtimer_init+0x20/0x40 kernel/time/hrtimer.c:1592
>         ntp_init_cmos_sync kernel/time/ntp.c:676 [inline]
>         ntp_init+0xa1/0xad kernel/time/ntp.c:1095
>         timekeeping_init+0x512/0x6bf kernel/time/timekeeping.c:1639
>         start_kernel+0x267/0x56e init/main.c:1030
>         secondary_startup_64_no_verify+0xb1/0xbb
> 
> -> #0 (tk_core.seq.seqcount){----}-{0:0}:
>         check_prev_add kernel/locking/lockdep.c:3051 [inline]
>         check_prevs_add kernel/locking/lockdep.c:3174 [inline]
>         validate_chain+0x1dfb/0x8240 kernel/locking/lockdep.c:3789
>         __lock_acquire+0x1382/0x2b00 kernel/locking/lockdep.c:5015
>         lock_acquire+0x19f/0x4d0 kernel/locking/lockdep.c:5625
>         seqcount_lockdep_reader_access+0xfe/0x230 include/linux/seqlock.h:103
>         ktime_get_coarse_ts64+0x25/0x110 kernel/time/timekeeping.c:2255
>         ktime_get_coarse include/linux/timekeeping.h:120 [inline]
>         ktime_get_coarse_ns include/linux/timekeeping.h:126 [inline]
>         ____bpf_ktime_get_coarse_ns kernel/bpf/helpers.c:173 [inline]
>         bpf_ktime_get_coarse_ns+0x7e/0x130 kernel/bpf/helpers.c:171
>         bpf_prog_a99735ebafdda2f1+0x10/0xb50
>         bpf_dispatcher_nop_func include/linux/bpf.h:721 [inline]
>         __bpf_prog_run include/linux/filter.h:626 [inline]
>         bpf_prog_run include/linux/filter.h:633 [inline]
>         BPF_PROG_RUN_ARRAY include/linux/bpf.h:1294 [inline]
>         trace_call_bpf+0x2cf/0x5d0 kernel/trace/bpf_trace.c:127
>         perf_trace_run_bpf_submit+0x7b/0x1d0 kernel/events/core.c:9708
>         perf_trace_lock+0x37c/0x440 include/trace/events/lock.h:39
>         trace_lock_release+0x128/0x150 include/trace/events/lock.h:58
>         lock_release+0x82/0x810 kernel/locking/lockdep.c:5636
>         __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:149 [inline]
>         _raw_spin_unlock_irqrestore+0x75/0x130 kernel/locking/spinlock.c:194
>         debug_hrtimer_deactivate kernel/time/hrtimer.c:425 [inline]
>         debug_deactivate kernel/time/hrtimer.c:481 [inline]
>         __run_hrtimer kernel/time/hrtimer.c:1653 [inline]
>         __hrtimer_run_queues+0x2f9/0xa60 kernel/time/hrtimer.c:1749
>         hrtimer_interrupt+0x3b3/0x1040 kernel/time/hrtimer.c:1811
>         local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1086 [inline]
>         __sysvec_apic_timer_interrupt+0xf9/0x270 arch/x86/kernel/apic/apic.c:1103
>         sysvec_apic_timer_interrupt+0x8c/0xb0 arch/x86/kernel/apic/apic.c:1097
>         asm_sysvec_apic_timer_interrupt+0x12/0x20
>         __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
>         _raw_spin_unlock_irqrestore+0xd4/0x130 kernel/locking/spinlock.c:194
>         try_to_wake_up+0x702/0xd20 kernel/sched/core.c:4118
>         wake_up_process kernel/sched/core.c:4200 [inline]
>         wake_up_q+0x9a/0xf0 kernel/sched/core.c:953
>         futex_wake+0x50f/0x5b0 kernel/futex/waitwake.c:184
>         do_futex+0x367/0x560 kernel/futex/syscalls.c:127
>         __do_sys_futex kernel/futex/syscalls.c:199 [inline]
>         __se_sys_futex+0x401/0x4b0 kernel/futex/syscalls.c:180
>         do_syscall_x64 arch/x86/entry/common.c:50 [inline]
>         do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
>         entry_SYSCALL_64_after_hwframe+0x44/0xae
> 
> Locking issues are also possible with bpf_timer_* set of helpers:
> 
> hrtimer_start()
>    lock_base();
>    trace_hrtimer...()
>      perf_event()
>        bpf_run()
>          bpf_timer_start()
>            hrtimer_start()
>              lock_base()         <- DEADLOCK
> 
> Forbid use of bpf_ktime_get_coarse_ns() and bpf_timer_* helpers in
> BPF_PROG_TYPE_KPROBE, BPF_PROG_TYPE_TRACEPOINT, BPF_PROG_TYPE_PERF_EVENT
> and BPF_PROG_TYPE_RAW_TRACEPOINT prog types as it may result locking
> issues.
> 
> Signed-off-by: Dmitrii Banshchikov <me@ubique.spb.ru>
> Reported-by: syzbot+43fd005b5a1b4d10781e@syzkaller.appspotmail.com
Add Fixes tag

> ---
>   kernel/bpf/helpers.c | 30 ++++++++++++++++++++++++++++++
>   1 file changed, 30 insertions(+)
> 
> diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
> index 1ffd469c217f..3de24928166e 100644
> --- a/kernel/bpf/helpers.c
> +++ b/kernel/bpf/helpers.c
> @@ -18,6 +18,19 @@
>   
>   #include "../../lib/kstrtox.h"
>   
> +static bool is_tracing_prog_type(enum bpf_prog_type type)
> +{
> +	switch (type) {
> +	case BPF_PROG_TYPE_KPROBE:
> +	case BPF_PROG_TYPE_TRACEPOINT:
> +	case BPF_PROG_TYPE_PERF_EVENT:
> +	case BPF_PROG_TYPE_RAW_TRACEPOINT:
> +		return true;
> +	default:
> +		return false;
> +	}
> +}
> +
>   /* If kernel subsystem is allowing eBPF programs to call this function,
>    * inside its own verifier_ops->get_func_proto() callback it should return
>    * bpf_map_lookup_elem_proto, so that verifier can properly check the arguments
> @@ -173,10 +186,18 @@ BPF_CALL_0(bpf_ktime_get_coarse_ns)
>   	return ktime_get_coarse_ns();
>   }
>   
> +static bool bpf_ktime_get_coarse_ns_allowed(const struct bpf_prog *prog)
> +{
> +	// Forbid prog types that might be non-safe for non-fast variants of time accessors
The comments embaced with /* */
> +
> +	return !is_tracing_prog_type(prog->type);
> +}
> +
>   const struct bpf_func_proto bpf_ktime_get_coarse_ns_proto = {
>   	.func		= bpf_ktime_get_coarse_ns,
>   	.gpl_only	= false,
>   	.ret_type	= RET_INTEGER,
> +	.allowed	= bpf_ktime_get_coarse_ns_allowed,
>   };
>   
>   BPF_CALL_0(bpf_get_current_pid_tgid)
> @@ -1140,6 +1161,11 @@ BPF_CALL_3(bpf_timer_init, struct bpf_timer_kern *, timer, struct bpf_map *, map
>   	return ret;
>   }
>   
> +static bool bpf_timer_allowed(const struct bpf_prog *prog)
> +{
> +	return !is_tracing_prog_type(prog->type);
> +}
> +
>   static const struct bpf_func_proto bpf_timer_init_proto = {
>   	.func		= bpf_timer_init,
>   	.gpl_only	= true,
> @@ -1147,6 +1173,7 @@ static const struct bpf_func_proto bpf_timer_init_proto = {
>   	.arg1_type	= ARG_PTR_TO_TIMER,
>   	.arg2_type	= ARG_CONST_MAP_PTR,
>   	.arg3_type	= ARG_ANYTHING,
> +	.allowed	= bpf_timer_allowed,
>   };
>   
>   BPF_CALL_3(bpf_timer_set_callback, struct bpf_timer_kern *, timer, void *, callback_fn,
> @@ -1200,6 +1227,7 @@ static const struct bpf_func_proto bpf_timer_set_callback_proto = {
>   	.ret_type	= RET_INTEGER,
>   	.arg1_type	= ARG_PTR_TO_TIMER,
>   	.arg2_type	= ARG_PTR_TO_FUNC,
> +	.allowed	= bpf_timer_allowed,
>   };
>   
>   BPF_CALL_3(bpf_timer_start, struct bpf_timer_kern *, timer, u64, nsecs, u64, flags)
> @@ -1230,6 +1258,7 @@ static const struct bpf_func_proto bpf_timer_start_proto = {
>   	.arg1_type	= ARG_PTR_TO_TIMER,
>   	.arg2_type	= ARG_ANYTHING,
>   	.arg3_type	= ARG_ANYTHING,
> +	.allowed	= bpf_timer_allowed,
>   };
>   
>   static void drop_prog_refcnt(struct bpf_hrtimer *t)
> @@ -1279,6 +1308,7 @@ static const struct bpf_func_proto bpf_timer_cancel_proto = {
>   	.gpl_only	= true,
>   	.ret_type	= RET_INTEGER,
>   	.arg1_type	= ARG_PTR_TO_TIMER,
> +	.allowed	= bpf_timer_allowed,
>   };
>   
>   /* This function is called by map_delete/update_elem for individual element and
> 

Re: [PATCH bpf 2/2] selftests/bpf: Add tests for allowed helpers

[Dmitrii Banshchikov]

On Mon, Nov 08, 2021 at 08:46:20PM +0400, Dmitrii Banshchikov wrote:
> This patch adds tests that bpf_ktime_get_coarse_ns() and bpf_timer_* and
> bpf_spin_lock()/bpf_spin_unlock() helpers are forbidden in tracing
> progs as it may result in various locking issues.
> 
> Signed-off-by: Dmitrii Banshchikov <me@ubique.spb.ru>
> ---
>  tools/testing/selftests/bpf/test_verifier.c   |  36 +++-
>  .../selftests/bpf/verifier/helper_allowed.c   | 196 ++++++++++++++++++
>  2 files changed, 231 insertions(+), 1 deletion(-)
>  create mode 100644 tools/testing/selftests/bpf/verifier/helper_allowed.c
> 
> diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c
> index 25afe423b3f0..e16eab6fc3a9 100644
> --- a/tools/testing/selftests/bpf/test_verifier.c
> +++ b/tools/testing/selftests/bpf/test_verifier.c
> @@ -92,6 +92,7 @@ struct bpf_test {
>  	int fixup_map_event_output[MAX_FIXUPS];
>  	int fixup_map_reuseport_array[MAX_FIXUPS];
>  	int fixup_map_ringbuf[MAX_FIXUPS];
> +	int fixup_map_timer[MAX_FIXUPS];
>  	/* Expected verifier log output for result REJECT or VERBOSE_ACCEPT.
>  	 * Can be a tab-separated sequence of expected strings. An empty string
>  	 * means no log verification.
> @@ -605,7 +606,7 @@ static int create_cgroup_storage(bool percpu)
>   *   struct bpf_spin_lock l;
>   * };
>   */
> -static const char btf_str_sec[] = "\0bpf_spin_lock\0val\0cnt\0l";
> +static const char btf_str_sec[] = "\0bpf_spin_lock\0val\0cnt\0l\0bpf_timer\0";

There is extra null byte at the end.


-- 

Dmitrii Banshchikov

Re: [PATCH bpf 1/2] bpf: Forbid bpf_ktime_get_coarse_ns and bpf_timer_* in tracing progs

[Alexei Starovoitov]

On Mon, Nov 8, 2021 at 8:46 AM Dmitrii Banshchikov <me@ubique.spb.ru> wrote:
>
> bpf_ktime_get_coarse_ns() helper uses ktime_get_coarse_ns() time
> accessor that isn't safe for any context.
> This results in locking issues:

Please trim the cc. vger thinks it's a spam.
The patch didn't reach the mailing list or patchwork.

>  const struct bpf_func_proto bpf_ktime_get_coarse_ns_proto = {
>         .func           = bpf_ktime_get_coarse_ns,
>         .gpl_only       = false,
>         .ret_type       = RET_INTEGER,
> +       .allowed        = bpf_ktime_get_coarse_ns_allowed,

I think it's easier to move to networking prog types
instead of going through a callback.

>  static const struct bpf_func_proto bpf_timer_init_proto = {
>         .func           = bpf_timer_init,
>         .gpl_only       = true,
> @@ -1147,6 +1173,7 @@ static const struct bpf_func_proto bpf_timer_init_proto = {
>         .arg1_type      = ARG_PTR_TO_TIMER,
>         .arg2_type      = ARG_CONST_MAP_PTR,
>         .arg3_type      = ARG_ANYTHING,
> +       .allowed        = bpf_timer_allowed,

I think disabling timers in check_map_prog_compatibility
(similar to how bpf_spin_lock is restricted) would be cleaner.

Re: [PATCH bpf 2/2] selftests/bpf: Add tests for allowed helpers

[Andrii Nakryiko]

On Mon, Nov 8, 2021 at 10:48 PM Dmitrii Banshchikov <me@ubique.spb.ru> wrote:
>
> On Mon, Nov 08, 2021 at 08:46:20PM +0400, Dmitrii Banshchikov wrote:
> > This patch adds tests that bpf_ktime_get_coarse_ns() and bpf_timer_* and
> > bpf_spin_lock()/bpf_spin_unlock() helpers are forbidden in tracing
> > progs as it may result in various locking issues.
> >
> > Signed-off-by: Dmitrii Banshchikov <me@ubique.spb.ru>
> > ---
> >  tools/testing/selftests/bpf/test_verifier.c   |  36 +++-
> >  .../selftests/bpf/verifier/helper_allowed.c   | 196 ++++++++++++++++++
> >  2 files changed, 231 insertions(+), 1 deletion(-)
> >  create mode 100644 tools/testing/selftests/bpf/verifier/helper_allowed.c
> >
> > diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c
> > index 25afe423b3f0..e16eab6fc3a9 100644
> > --- a/tools/testing/selftests/bpf/test_verifier.c
> > +++ b/tools/testing/selftests/bpf/test_verifier.c
> > @@ -92,6 +92,7 @@ struct bpf_test {
> >       int fixup_map_event_output[MAX_FIXUPS];
> >       int fixup_map_reuseport_array[MAX_FIXUPS];
> >       int fixup_map_ringbuf[MAX_FIXUPS];
> > +     int fixup_map_timer[MAX_FIXUPS];
> >       /* Expected verifier log output for result REJECT or VERBOSE_ACCEPT.
> >        * Can be a tab-separated sequence of expected strings. An empty string
> >        * means no log verification.
> > @@ -605,7 +606,7 @@ static int create_cgroup_storage(bool percpu)
> >   *   struct bpf_spin_lock l;
> >   * };
> >   */
> > -static const char btf_str_sec[] = "\0bpf_spin_lock\0val\0cnt\0l";
> > +static const char btf_str_sec[] = "\0bpf_spin_lock\0val\0cnt\0l\0bpf_timer\0";
>
> There is extra null byte at the end.

Won't hurt, probably. But I wonder if it will be much easier to add
all those programs as C code and test from test_progs? Instead of all
this assembly.

You can put all of them into a single file and have loop that disabled
all but one program at a time (using bpf_program__set_autoload()) and
loading it and validating that the load failed. WDYT?

>
>
> --
>
> Dmitrii Banshchikov

Re: [PATCH bpf 2/2] selftests/bpf: Add tests for allowed helpers

[Dmitrii Banshchikov]

On Tue, Nov 09, 2021 at 05:16:14PM -0800, Andrii Nakryiko wrote:
> On Mon, Nov 8, 2021 at 10:48 PM Dmitrii Banshchikov <me@ubique.spb.ru> wrote:
> >
> > On Mon, Nov 08, 2021 at 08:46:20PM +0400, Dmitrii Banshchikov wrote:
> > > This patch adds tests that bpf_ktime_get_coarse_ns() and bpf_timer_* and
> > > bpf_spin_lock()/bpf_spin_unlock() helpers are forbidden in tracing
> > > progs as it may result in various locking issues.
> > >
> > > Signed-off-by: Dmitrii Banshchikov <me@ubique.spb.ru>
> > > ---
> > >  tools/testing/selftests/bpf/test_verifier.c   |  36 +++-
> > >  .../selftests/bpf/verifier/helper_allowed.c   | 196 ++++++++++++++++++
> > >  2 files changed, 231 insertions(+), 1 deletion(-)
> > >  create mode 100644 tools/testing/selftests/bpf/verifier/helper_allowed.c
> > >
> > > diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c
> > > index 25afe423b3f0..e16eab6fc3a9 100644
> > > --- a/tools/testing/selftests/bpf/test_verifier.c
> > > +++ b/tools/testing/selftests/bpf/test_verifier.c
> > > @@ -92,6 +92,7 @@ struct bpf_test {
> > >       int fixup_map_event_output[MAX_FIXUPS];
> > >       int fixup_map_reuseport_array[MAX_FIXUPS];
> > >       int fixup_map_ringbuf[MAX_FIXUPS];
> > > +     int fixup_map_timer[MAX_FIXUPS];
> > >       /* Expected verifier log output for result REJECT or VERBOSE_ACCEPT.
> > >        * Can be a tab-separated sequence of expected strings. An empty string
> > >        * means no log verification.
> > > @@ -605,7 +606,7 @@ static int create_cgroup_storage(bool percpu)
> > >   *   struct bpf_spin_lock l;
> > >   * };
> > >   */
> > > -static const char btf_str_sec[] = "\0bpf_spin_lock\0val\0cnt\0l";
> > > +static const char btf_str_sec[] = "\0bpf_spin_lock\0val\0cnt\0l\0bpf_timer\0";
> >
> > There is extra null byte at the end.
> 
> Won't hurt, probably. But I wonder if it will be much easier to add
> all those programs as C code and test from test_progs? Instead of all
> this assembly.
> 
> You can put all of them into a single file and have loop that disabled
> all but one program at a time (using bpf_program__set_autoload()) and
> loading it and validating that the load failed. WDYT?

Will give it a try, thanks.



-- 

Dmitrii Banshchikov

Re: [PATCH bpf 2/2] selftests/bpf: Add tests for allowed helpers

[Alexei Starovoitov]

On Tue, Nov 9, 2021 at 11:32 PM Dmitrii Banshchikov <me@ubique.spb.ru> wrote:
> >
> > Won't hurt, probably. But I wonder if it will be much easier to add
> > all those programs as C code and test from test_progs? Instead of all
> > this assembly.
> >
> > You can put all of them into a single file and have loop that disabled
> > all but one program at a time (using bpf_program__set_autoload()) and
> > loading it and validating that the load failed. WDYT?
>
> Will give it a try, thanks.

Please keep asm tests as well. They're useful too.