On Mon, 17 Jun 2024 at 15:44, Matt Bobrowski <mattbobrowski@xxxxxxxxxx> wrote: > > Currently, BPF helpers and kfuncs which take trusted pointer arguments > i.e. those flagged w/ KF_TRUSTED_ARGS, KF_RELEASE, OBJ_RELEASE, all > require an original/unmodified trusted pointer argument to be supplied > to them. By original/unmodified, it means that the backing register > holding the trusted pointer argument that is to be supplied to the BPF > helper/kfunc must have its fixed offset set to zero, or else the BPF > verifier will outright reject the BPF program load. However, this > fixed offset constraint of zero enforced by the BPF verifier onto the > trusted pointer arguments is rather unnecessary at times and limiting > from a usability point of view, as it completely eliminates the > possibility of constructing a derived trusted pointer from an original > trusted pointer. A derived trusted pointer is simply a pointer > pointing to one of the nested member fields of the object being > pointed to by the original trusted pointer. > > This patch relaxes the zero fixed offset constraint that is enforced > upon trusted pointer arguments such that the constraint is now only > strictly enforced on a case-by-case basis. The updated semantics of > when the zero fixed offset constraint is enforced and in turn relaxed > may be summarized as follows: > > * For OBJ_RELEASE and KF_RELEASE BPF helpers and kfuncs: > > * If the expected argument type is of an untyped pointer i.e. void *, > then we continue to enforce a zero fixed offset as we need to > ensure that the correct referenced pointer is handed off correctly > to the relevant deallocation routine > > * If the expected argument is backed by BTF, then we relax the strict > zero fixed offset and allow it only if we successfully type matched > between the register and argument. A failed type match between > register and argument will result in the legacy strict zero offset > semantics > > * For KF_TRUSTED_ARGS BPF kfuncs: > > * The fixed zero offset constraint has been lifted, such that > KF_TRUSTED_ARGS BPF kfuncs can now accept a trusted pointer > argument with a non-zero fixed offset providing that register and > argument BTF has type matched successfully > > With these new fixed offset semantics in-place for trusted pointer > arguments, we now have more flexibility when it comes to the BPF > kfuncs that we're able to introduce moving forward, and increase the > overall usability of BPF helpers and kfuncs that make use of trusted > pointer arguments. > > For some early discussions covering the possibility of relaxing the > zero fixed offset constraint can be found using the link below. This > will provide more context on where all this has stemmed from: > > * https://lore.kernel.org/bpf/ZhkbrM55MKQ0KeIV@xxxxxxxxxx/ > > Signed-off-by: Matt Bobrowski <mattbobrowski@xxxxxxxxxx> > --- Acked-by: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx> Patch LGTM, thanks for putting all of the complexity related to release args into its own function, helps with readability.
