From: Feng Zhou <[email protected]>
When access traced function arguments with type is u32*, bpf verifier failed.
Because u32 have typedef, needs to skip modifier. Add btf_type_is_modifier in
is_int_ptr. Add a selftest to check it.
Feng Zhou (2):
bpf/btf: Fix is_int_ptr()
selftests/bpf: Add test to access u32 ptr argument in tracing program
Changelog:
v1->v2: Addressed comments from Martin KaFai Lau
- Add a selftest.
- use btf_type_skip_modifiers.
Some details in here:
https://lore.kernel.org/all/[email protected]/
kernel/bpf/btf.c | 5 ++---
net/bpf/test_run.c | 8 +++++++-
.../testing/selftests/bpf/verifier/btf_ctx_access.c | 13 +++++++++++++
3 files changed, 22 insertions(+), 4 deletions(-)
--
2.20.1
From: Feng Zhou <[email protected]>
When tracing a kernel function with arg type is u32*, btf_ctx_access()
would report error: arg2 type INT is not a struct.
The commit bb6728d75611 ("bpf: Allow access to int pointer arguments
in tracing programs") added support for int pointer, but don't skip
modifiers before checking it's type. This patch fixes it.
Fixes: bb6728d75611 ("bpf: Allow access to int pointer arguments in tracing programs")
Co-developed-by: Chengming Zhou <[email protected]>
Signed-off-by: Chengming Zhou <[email protected]>
Signed-off-by: Feng Zhou <[email protected]>
---
kernel/bpf/btf.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
index 593c45a294d0..17c65de1e48b 100644
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -5913,9 +5913,8 @@ static bool is_int_ptr(struct btf *btf, const struct btf_type *t)
/* t comes in already as a pointer */
t = btf_type_by_id(btf, t->type);
- /* allow const */
- if (BTF_INFO_KIND(t->info) == BTF_KIND_CONST)
- t = btf_type_by_id(btf, t->type);
+ /* skip modifiers */
+ t = btf_type_skip_modifiers(btf, t->type, NULL);
return btf_type_is_int(t);
}
--
2.20.1
From: Feng Zhou <[email protected]>
Adding verifier test for accessing u32 pointer argument in
tracing programs.
The test program loads 1nd argument of bpf_fentry_test9 function
which is u32 pointer and checks that verifier allows that.
Co-developed-by: Chengming Zhou <[email protected]>
Signed-off-by: Chengming Zhou <[email protected]>
Signed-off-by: Feng Zhou <[email protected]>
---
net/bpf/test_run.c | 8 +++++++-
.../testing/selftests/bpf/verifier/btf_ctx_access.c | 13 +++++++++++++
2 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c
index f1652f5fbd2e..68bdfc041a7b 100644
--- a/net/bpf/test_run.c
+++ b/net/bpf/test_run.c
@@ -541,6 +541,11 @@ int noinline bpf_fentry_test8(struct bpf_fentry_test_t *arg)
return (long)arg->a;
}
+__bpf_kfunc u32 bpf_fentry_test9(u32 *a)
+{
+ return *a;
+}
+
__bpf_kfunc int bpf_modify_return_test(int a, int *b)
{
*b += 1;
@@ -855,7 +860,8 @@ int bpf_prog_test_run_tracing(struct bpf_prog *prog,
bpf_fentry_test5(11, (void *)12, 13, 14, 15) != 65 ||
bpf_fentry_test6(16, (void *)17, 18, 19, (void *)20, 21) != 111 ||
bpf_fentry_test7((struct bpf_fentry_test_t *)0) != 0 ||
- bpf_fentry_test8(&arg) != 0)
+ bpf_fentry_test8(&arg) != 0 ||
+ bpf_fentry_test9(&retval) != 0)
goto out;
break;
case BPF_MODIFY_RETURN:
diff --git a/tools/testing/selftests/bpf/verifier/btf_ctx_access.c b/tools/testing/selftests/bpf/verifier/btf_ctx_access.c
index 6340db6b46dc..0484d3de040d 100644
--- a/tools/testing/selftests/bpf/verifier/btf_ctx_access.c
+++ b/tools/testing/selftests/bpf/verifier/btf_ctx_access.c
@@ -10,3 +10,16 @@
.expected_attach_type = BPF_TRACE_FENTRY,
.kfunc = "bpf_modify_return_test",
},
+
+{
+ "btf_ctx_access u32 pointer accept",
+ .insns = {
+ BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 0), /* load 1nd argument value (u32 pointer) */
+ BPF_MOV64_IMM(BPF_REG_0, 0),
+ BPF_EXIT_INSN(),
+ },
+ .result = ACCEPT,
+ .prog_type = BPF_PROG_TYPE_TRACING,
+ .expected_attach_type = BPF_TRACE_FENTRY,
+ .kfunc = "bpf_fentry_test9",
+},
--
2.20.1
On Fri, Apr 07, 2023 at 04:46:06PM +0800, Feng zhou wrote:
> From: Feng Zhou <[email protected]>
>
> When access traced function arguments with type is u32*, bpf verifier failed.
> Because u32 have typedef, needs to skip modifier. Add btf_type_is_modifier in
> is_int_ptr. Add a selftest to check it.
>
> Feng Zhou (2):
> bpf/btf: Fix is_int_ptr()
> selftests/bpf: Add test to access u32 ptr argument in tracing program
hi,
it breaks several tests in test_progs suite:
#11/36 bpf_iter/link-iter:FAIL
#11 bpf_iter:FAIL
test_dummy_st_ops_attach:FAIL:dummy_st_ops_load unexpected error: -13
#63/1 dummy_st_ops/dummy_st_ops_attach:FAIL
test_dummy_init_ret_value:FAIL:dummy_st_ops_load unexpected error: -13
#63/2 dummy_st_ops/dummy_init_ret_value:FAIL
test_dummy_init_ptr_arg:FAIL:dummy_st_ops_load unexpected error: -13
#63/3 dummy_st_ops/dummy_init_ptr_arg:FAIL
test_dummy_multiple_args:FAIL:dummy_st_ops_load unexpected error: -13
#63/4 dummy_st_ops/dummy_multiple_args:FAIL
test_dummy_sleepable:FAIL:dummy_st_ops_load unexpected error: -13
#63/5 dummy_st_ops/dummy_sleepable:FAIL
#63 dummy_st_ops:FAIL
test_fentry_fexit:FAIL:fentry_skel_load unexpected error: -13
#69 fentry_fexit:FAIL
test_fentry_test:FAIL:fentry_skel_load unexpected error: -13
#70 fentry_test:FAIL
jirka
>
> Changelog:
> v1->v2: Addressed comments from Martin KaFai Lau
> - Add a selftest.
> - use btf_type_skip_modifiers.
> Some details in here:
> https://lore.kernel.org/all/[email protected]/
>
> kernel/bpf/btf.c | 5 ++---
> net/bpf/test_run.c | 8 +++++++-
> .../testing/selftests/bpf/verifier/btf_ctx_access.c | 13 +++++++++++++
> 3 files changed, 22 insertions(+), 4 deletions(-)
>
> --
> 2.20.1
>
在 2023/4/7 18:49, Feng Zhou 写道:
> 在 2023/4/7 17:33, Jiri Olsa 写道:
>> On Fri, Apr 07, 2023 at 04:46:06PM +0800, Feng zhou wrote:
>>> From: Feng Zhou<[email protected]>
>>>
>>> When access traced function arguments with type is u32*, bpf
>>> verifier failed.
>>> Because u32 have typedef, needs to skip modifier. Add
>>> btf_type_is_modifier in
>>> is_int_ptr. Add a selftest to check it.
>>>
>>> Feng Zhou (2):
>>> bpf/btf: Fix is_int_ptr()
>>> selftests/bpf: Add test to access u32 ptr argument in tracing
>>> program
>> hi,
>> it breaks several tests in test_progs suite:
>>
>> #11/36 bpf_iter/link-iter:FAIL
>> #11 bpf_iter:FAIL
>> test_dummy_st_ops_attach:FAIL:dummy_st_ops_load unexpected error: -13
>> #63/1 dummy_st_ops/dummy_st_ops_attach:FAIL
>> test_dummy_init_ret_value:FAIL:dummy_st_ops_load unexpected error: -13
>> #63/2 dummy_st_ops/dummy_init_ret_value:FAIL
>> test_dummy_init_ptr_arg:FAIL:dummy_st_ops_load unexpected error: -13
>> #63/3 dummy_st_ops/dummy_init_ptr_arg:FAIL
>> test_dummy_multiple_args:FAIL:dummy_st_ops_load unexpected error: -13
>> #63/4 dummy_st_ops/dummy_multiple_args:FAIL
>> test_dummy_sleepable:FAIL:dummy_st_ops_load unexpected error: -13
>> #63/5 dummy_st_ops/dummy_sleepable:FAIL
>> #63 dummy_st_ops:FAIL
>> test_fentry_fexit:FAIL:fentry_skel_load unexpected error: -13
>> #69 fentry_fexit:FAIL
>> test_fentry_test:FAIL:fentry_skel_load unexpected error: -13
>> #70 fentry_test:FAIL
>>
>> jirka
>>
>
> I tried it, and it did cause the test to fail. Bpfverify reported an
> error,
> 'R1 invalid mem access'scalar', let me confirm the reason.
I used btf_type_skip_modifiers,but did not delete
the previous "t = btf_type_by_id (btf, t- > type);"
resulting in some testcases failing. I will send a
v3 nextweek, thank you for your suggestion.
>>> Changelog:
>>> v1->v2: Addressed comments from Martin KaFai Lau
>>> - Add a selftest.
>>> - use btf_type_skip_modifiers.
>>> Some details in here:
>>> https://lore.kernel.org/all/[email protected]/
>>>
>>>
>>> kernel/bpf/btf.c | 5 ++---
>>> net/bpf/test_run.c | 8 +++++++-
>>> .../testing/selftests/bpf/verifier/btf_ctx_access.c | 13
>>> +++++++++++++
>>> 3 files changed, 22 insertions(+), 4 deletions(-)
>>>
>>> --
>>> 2.20.1
>>>
>