bpf: Add kfuncs for read-only string operations #8902
+680
−4
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![kernel-patches-daemon-bpf[bot]](https://avatars.githubusercontent.com/u/70728002?s=60&v=4){kind=small}
When a kfunc takes a const pointer as an argument, the verifier should not check that the memory can be accessed for writing as that may lead to rejecting safe programs. Extend the verifier to detect such arguments and skip the write access check for them. The use-case for this change is passing string literals (i.e. read-only maps) to read-only string kfuncs. Signed-off-by: Viktor Malik <[email protected]>
Define a pagefault lock guard which allows to simplify functions that need to disable page faults. Signed-off-by: Viktor Malik <[email protected]>
String operations are commonly used so this exposes the most common ones to BPF programs. For now, we limit ourselves to operations which do not copy memory around. Unfortunately, most in-kernel implementations assume that strings are %NUL-terminated, which is not necessarily true, and therefore we cannot use them directly in the BPF context. Instead, we open-code them using __get_kernel_nofault instead of plain dereference to make them safe and limit the strings length to XATTR_SIZE_MAX to make sure the functions terminate. When __get_kernel_nofault fails, functions return -EFAULT. Similarly, when the size bound is reached, the functions return -E2BIG. At the moment, strings can be passed to the kfuncs in three forms: - string literals (i.e. pointers to read-only maps) - global variables (i.e. pointers to read-write maps) - stack-allocated buffers Note that currently, it is not possible to pass strings from the BPF program context (like function args) as the verifier doesn't treat them as neither PTR_TO_MEM nor PTR_TO_BTF_ID. Suggested-by: Alexei Starovoitov <[email protected]> Signed-off-by: Viktor Malik <[email protected]>
Add both positive and negative tests cases using string kfuncs added in the previous patch. Positive tests check that the functions work as expected on various inputs and that they accept strings of various forms. Negative tests are of two kinds. First, we check that passing invalid pointers is rejected by the verifier. Second, we check that even though some arguments are allowed by the verifier, they make the string kfuncs fail during runtime and return an appropriate error code. Such arguments include the NULL literal (kfuncs return -EFAULT) and strings longer than XATTR_SIZE_MAX (kfuncs return -E2BIG). A majority of the tests use the RUN_TESTS helper which executes BPF programs with BPF_PROG_TEST_RUN and check for the expected return value. An exception to this are tests for long strings as we need to set the strings from userspace and that cannot be done using the RUN_TESTS infrastructure. Suggested-by: Eduard Zingerman <[email protected]> Signed-off-by: Viktor Malik <[email protected]>
|
Upstream branch: 43745d1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull request for series with
subject: bpf: Add kfuncs for read-only string operations
version: 4
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=960325