Re: [PATCH 1/2] bpf: relax zero fixed offset constraint on trusted pointer arguments

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 17 Jun 2024 at 15:44, Matt Bobrowski <mattbobrowski@xxxxxxxxxx> wrote:
>
> Currently, BPF helpers and kfuncs which take trusted pointer arguments
> i.e. those flagged w/ KF_TRUSTED_ARGS, KF_RELEASE, OBJ_RELEASE, all
> require an original/unmodified trusted pointer argument to be supplied
> to them. By original/unmodified, it means that the backing register
> holding the trusted pointer argument that is to be supplied to the BPF
> helper/kfunc must have its fixed offset set to zero, or else the BPF
> verifier will outright reject the BPF program load. However, this
> fixed offset constraint of zero enforced by the BPF verifier onto the
> trusted pointer arguments is rather unnecessary at times and limiting
> from a usability point of view, as it completely eliminates the
> possibility of constructing a derived trusted pointer from an original
> trusted pointer. A derived trusted pointer is simply a pointer
> pointing to one of the nested member fields of the object being
> pointed to by the original trusted pointer.
>
> This patch relaxes the zero fixed offset constraint that is enforced
> upon trusted pointer arguments such that the constraint is now only
> strictly enforced on a case-by-case basis. The updated semantics of
> when the zero fixed offset constraint is enforced and in turn relaxed
> may be summarized as follows:
>
> * For OBJ_RELEASE and KF_RELEASE BPF helpers and kfuncs:
>
>  * If the expected argument type is of an untyped pointer i.e. void *,
>    then we continue to enforce a zero fixed offset as we need to
>    ensure that the correct referenced pointer is handed off correctly
>    to the relevant deallocation routine
>
>  * If the expected argument is backed by BTF, then we relax the strict
>    zero fixed offset and allow it only if we successfully type matched
>    between the register and argument. A failed type match between
>    register and argument will result in the legacy strict zero offset
>    semantics
>
> * For KF_TRUSTED_ARGS BPF kfuncs:
>
>  * The fixed zero offset constraint has been lifted, such that
>    KF_TRUSTED_ARGS BPF kfuncs can now accept a trusted pointer
>    argument with a non-zero fixed offset providing that register and
>    argument BTF has type matched successfully
>
> With these new fixed offset semantics in-place for trusted pointer
> arguments, we now have more flexibility when it comes to the BPF
> kfuncs that we're able to introduce moving forward, and increase the
> overall usability of BPF helpers and kfuncs that make use of trusted
> pointer arguments.
>
> For some early discussions covering the possibility of relaxing the
> zero fixed offset constraint can be found using the link below. This
> will provide more context on where all this has stemmed from:
>
> * https://lore.kernel.org/bpf/ZhkbrM55MKQ0KeIV@xxxxxxxxxx/
>
> Signed-off-by: Matt Bobrowski <mattbobrowski@xxxxxxxxxx>
> ---

Acked-by: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>

Patch LGTM, thanks for putting all of the complexity related to
release args into its own function, helps with readability.




[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux