This series allows stashing kptr into local kptr. Currently, kptrs are
only allowed to be stashed into map value with bpf_kptr_xchg(). A
motivating use case of this series is to enable adding referenced kptr to
bpf_rbtree or bpf_list by using allocated object as graph node and the
storage of referenced kptr. For example, a bpf qdisc [0] enqueuing a
referenced kptr to a struct sk_buff* to a bpf_list serving as a fifo:
struct skb_node {
struct sk_buff __kptr *skb;
struct bpf_list_node node;
};
private(A) struct bpf_spin_lock fifo_lock;
private(A) struct bpf_list_head fifo __contains(skb_node, node);
/* In Qdisc_ops.enqueue */
struct skb_node *skbn;
skbn = bpf_obj_new(typeof(*skbn));
if (!skbn)
goto drop;
/* skb is a referenced kptr to struct sk_buff acquired earilier
* but not shown in this code snippet.
*/
skb = bpf_kptr_xchg(&skbn->skb, skb);
if (skb)
/* should not happen; do something below releasing skb to
* satisfy the verifier */
...
bpf_spin_lock(&fifo_lock);
bpf_list_push_back(&fifo, &skbn->node);
bpf_spin_unlock(&fifo_lock);
The implementation first searches for BPF_KPTR when generating program
BTF. Then, we teach the verifier that the detination argument of
bpf_kptr_xchg() can be local kptr, and use the btf_record in program BTF
to check against the source argument.
This series is mostly developed by Dave, who kindly helped and sent me
the patchset. The selftests in bpf qdisc (WIP) relies on this series to
work.
[0] https://lore.kernel.org/netdev/20240714175130.4051012-10-amery.hung@xxxxxxxxxxxxx/
Dave Marchevsky (4):
bpf: Search for kptrs in prog BTF structs
bpf: Rename ARG_PTR_TO_KPTR -> ARG_KPTR_XCHG_DEST
bpf: Support bpf_kptr_xchg into local kptr
selftests/bpf: Test bpf_kptr_xchg stashing into local kptr
include/linux/bpf.h | 2 +-
kernel/bpf/btf.c | 6 ++-
kernel/bpf/helpers.c | 2 +-
kernel/bpf/verifier.c | 47 ++++++++++++-------
.../selftests/bpf/progs/local_kptr_stash.c | 22 ++++++++-
5 files changed, 57 insertions(+), 22 deletions(-)
--
2.20.1
