Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp4139575ybf; Tue, 3 Mar 2020 21:09:50 -0800 (PST) X-Google-Smtp-Source: ADFU+vtAyR3IxzKVmcbxPODLqxzkOds48QRN1AxaqxMQO+7LnWPAceby+8aj1axBHQfc3fEYvsTm X-Received: by 2002:a9d:5d0:: with SMTP id 74mr1059843otd.256.1583298589938; Tue, 03 Mar 2020 21:09:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1583298589; cv=none; d=google.com; s=arc-20160816; b=GNqakGo/P0rd/BgBtB30yndqZjgUI9yWa2+SkvLDlMebwkKS4aeDLPhSyYXNI9qMuH fg8kmj0G/m3rbniYdpzwDCgAGcwMNQiejAZa40pBaVZyuAinXLLvUDwsakz9KptQnWhO rxiklnjEX7XrRp7/rOUa/Yw7uqxqC/P5P0gQsyqQNewilsd+tUGdtp9Tfp2v5x1rmAE1 IrfeXy3phWYubCTrJ0FlA69oP9K1121XP1B6uV7/aYlnAbsTzlQqzyBf5/+8Xs6X1jJn sHlARIPzfStlpB83cgCwIpXnHQ4sPitAxKn+W+NpxV5ANKJf2eLgfmWA3Dx0YLFglk3t +kog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=lFBkP1RFFEIdcOgG68lfqjQkubJEyOh3u9uzQFg3PXI=; b=belmdbaIFdIUqeoUTJInVfjk9zDPLX4vfXe+2eTDHV1uWGzA43warW7b/5Go3SrXql kcma2VFHVTSP2tOsZehamt3TVebfY0uZGp6eT16wqw//YiMN/DsJHirkMj8c9cwBKnTe agiqOStbFpklnadRV2FC/YzgIZ3NWdXOB2sdSz3leU8lSHKLprFeOLr5yzahHJKat9Lf UK0+Xr5E3nnrUf9RjSZ/z3z+vj8B28004DyC1EEZhHMa8ICOa7KfT+851+DQslPFXtmp tKKNUp/OKfbOk+oslViEh6w4dig3ZqNy32QtcHeY28dPQmuy4OcZg/hvQuDJknjfhgQW arrw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="lhx+42/1"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u4si540061oic.115.2020.03.03.21.09.38; Tue, 03 Mar 2020 21:09:49 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="lhx+42/1"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726141AbgCDFI6 (ORCPT + 99 others); Wed, 4 Mar 2020 00:08:58 -0500 Received: from mail-qk1-f196.google.com ([209.85.222.196]:38775 "EHLO mail-qk1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725774AbgCDFI5 (ORCPT ); Wed, 4 Mar 2020 00:08:57 -0500 Received: by mail-qk1-f196.google.com with SMTP id j7so183483qkd.5; Tue, 03 Mar 2020 21:08:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=lFBkP1RFFEIdcOgG68lfqjQkubJEyOh3u9uzQFg3PXI=; b=lhx+42/1YZ+owNuaccXqmeSdz8aF+t0mFBcSs1OBejc/ZSZ2J1sKt7uPbtsVOxsdXz b6zvtL+xRY4s3P3v7SZ4gcNAnU7/BI8kc9Lu2pffyiu9Q3yBNnjN82/YFdUJY+XorFm6 nN62BbPq6DX3Hw+DU94GZSOLoSQCjvNkA3zGBKYQCaKaQrq+yz7xfRFoJbicYeUWCf6X G9S+dQPx/06Y7cJa/4zpPkUATPfKewHMHVjUIOCYAp6bb+dgsBbWf0t00XhBM6hP1EWH rmhtc8Xg7dcar/hERqAFDIqh+FlOCveYxLCZrWwuJwdSVmOqYtnEz5SBHgS4DP7AW6zr ocOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=lFBkP1RFFEIdcOgG68lfqjQkubJEyOh3u9uzQFg3PXI=; b=RGbCYkureHwrNyPntr7OVYhDI7Yk6/8WPBBqhrS62Zd/hV86ot9jnXjjcC++mWQP99 Wj/2HbVAl0swiD+quc/ZMJ2E2m68JYoPNi7JjuPptKBjJ/m/je7KLcZZg0x6/IfFa/fV UJsNoYnW47qmwRmy76Egh2GQ8safKKLg0zvzvw91qiK1YvULiQzjgzo1zJep/Jt+ez8x 9qe3TTVdosPy2ILFJTu2ZqCKUqAWWeD3D86v6zRAAbq9V4PbOIPGZ476Ympo0YTPnhqC lpQ8MoXkcBRMWA21/HUlh6H5Kq9L5+YPQ40LJnLbzAjBEKdqizXzP+ib3YU0IYxx700X eQlw== X-Gm-Message-State: ANhLgQ2ybZydNlQtOyqlyjU0DnCHoM2/W3FzbcVZyN5Deh5b/Lnb0CJb 6A5Kb1bI8LDLEuDGjaS0nk0gwCmHYSOOQ3MlzGo= X-Received: by 2002:a37:a2d6:: with SMTP id l205mr1369810qke.92.1583298536494; Tue, 03 Mar 2020 21:08:56 -0800 (PST) MIME-Version: 1.0 References: <20200304015528.29661-1-kpsingh@chromium.org> <20200304015528.29661-4-kpsingh@chromium.org> In-Reply-To: <20200304015528.29661-4-kpsingh@chromium.org> From: Andrii Nakryiko Date: Tue, 3 Mar 2020 21:08:45 -0800 Message-ID: Subject: Re: [PATCH bpf-next v2 3/7] bpf: Introduce BPF_MODIFY_RETURN To: KP Singh Cc: linux-security-module@vger.kernel.org, open list , bpf , Alexei Starovoitov , Daniel Borkmann , Paul Turner , Jann Horn , Florent Revest , Brendan Jackman Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 3, 2020 at 5:56 PM KP Singh wrote: > > From: KP Singh > > When multiple programs are attached, each program receives the return > value from the previous program on the stack and the last program > provides the return value to the attached function. > > The fmod_ret bpf programs are run after the fentry programs and before > the fexit programs. The original function is only called if all the > fmod_ret programs return 0 to avoid any unintended side-effects. The > success value, i.e. 0 is not currently configurable but can be made so > where user-space can specify it at load time. > > For example: > > int func_to_be_attached(int a, int b) > { <--- do_fentry > > do_fmod_ret: > > if (ret != 0) > goto do_fexit; > > original_function: > > > > } <--- do_fexit > > The fmod_ret program attached to this function can be defined as: > > SEC("fmod_ret/func_to_be_attached") > int BPF_PROG(func_name, int a, int b, int ret) > { > // This will skip the original function logic. > return 1; > } > > The first fmod_ret program is passed 0 in its return argument. > > Signed-off-by: KP Singh > --- > arch/x86/net/bpf_jit_comp.c | 130 ++++++++++++++++++++++++++++++--- > include/linux/bpf.h | 1 + > include/uapi/linux/bpf.h | 1 + > kernel/bpf/btf.c | 3 +- > kernel/bpf/syscall.c | 1 + > kernel/bpf/trampoline.c | 5 +- > kernel/bpf/verifier.c | 1 + > tools/include/uapi/linux/bpf.h | 1 + > 8 files changed, 130 insertions(+), 13 deletions(-) > This looks good, but I'll Alexei check all the assembly generation logic, not too big of an expert on that. [...] > static int emit_fallback_jump(u8 **pprog) > diff --git a/include/linux/bpf.h b/include/linux/bpf.h > index 98ec10b23dbb..3cfdc216a2f4 100644 > --- a/include/linux/bpf.h > +++ b/include/linux/bpf.h > @@ -473,6 +473,7 @@ void notrace __bpf_prog_exit(struct bpf_prog *prog, u64 start); > > enum bpf_tramp_prog_type { > BPF_TRAMP_FENTRY, > + BPF_TRAMP_MODIFY_RETURN, This is probably bad idea to re-number BPF_TRAMP_FEXIT for no good reason. E.g., if there are some drgn scripts that do some internal state printing, this is major inconvenience, while really providing no benefit in itself. Consider putting it right before BPF_TRAMP_MAX. > BPF_TRAMP_FEXIT, > BPF_TRAMP_MAX, > BPF_TRAMP_REPLACE, /* more than MAX */ [...]