On Thu, 2024-01-04 at 16:09 -0800, Andrii Nakryiko wrote: > This patch set follows recent changes that added btf_decl_tag-based argument > annotation support for global subprogs. This time we add ability to pass > PTR_TO_BTF_ID (BTF-aware kernel pointers) arguments into global subprograms. > We support explicitly trusted and untrusted arguments. Legacy semi-trusted > variant is not supported. > > Patches #2 through #4 do preparatory refactorings to add support for multiple > tags per argument. This is important for being able to use modifiers like > __arg_nonnull together with trusted/untrusted arguments. > > Patch #5 is adding the actual __arg_trusted and __arg_untrusted support. > > It also raises a question about default nullable vs non-nullable semantics for > PTR_TO_BTF_ID arguments. It feels like having both __arg_nonnull and > __arg_nullable would provide the best kind of experience and flexibility, but > for now we implement nullable by default semantics, as a more conservative > behavior. > > Patch #7 adds bpf_core_cast() helper macro which is a wrapper around > bpf_rdonly_cast() kfunc, but hides BTF ID manipulations behind more > user-friendly type argument instead. We utilize this macro in selftests added > in patch #8. > > Patch #8 adds a bunch of positive and negative tests to validate expected > semantics for various trusted/untrusted + nullable/non-null variants. We also > make sure that global subprog cannot destroy PTR_TO_BTF_ID, as that would > wreak havoc in caller program that is not aware of this possibility. > > There were proposals to do kernel-side type enforcement for __arg_ctx, let's > decide whether we should do that and for which program types, and I can > accommodate the logic in future revisions. > > Cc: Dave Marchevsky <davemarchevsky@xxxxxxxx> Full patch-set looks good to me. Acked-by: Eduard Zingerman <eddyz87@xxxxxxxxx>
