Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp53093ybh; Mon, 20 Jul 2020 10:06:16 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzjQUoSeDY4VRZmHCQs5U7x86rBq4NZN6KGuBrkmz/ZzSUjv2nvI79Jmu88fX+4rpyBCLV6 X-Received: by 2002:a17:907:1051:: with SMTP id oy17mr22501427ejb.394.1595264776280; Mon, 20 Jul 2020 10:06:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595264776; cv=none; d=google.com; s=arc-20160816; b=0PqOY2WRWleHGluqp6F087Bg2J6wytbXCcnbQqDvpUn/ZITecdCISTo2NhFPJNajFD fQqXvRbHtY7C8E6yxkcj4BlmDNLV/asf/LX/WPfQ/EZ4qJmzao0hnAuYbHCJrMdB09Xw +DxkNqJGbdxHz69L3avY3yuklibX5C9LGSdnyRoVlHM/sUwB5f7DG3GAoaNXKZUzfpdh FEHjTaI3Grpin6c30qSR1jvkwxJRxBVHBcXpq0XjIG9aU2eBu65LoFOnUCcuP1bqSn5G gHxb2wgTZx+UzaYwJpYjR32iAZ4eebR9wnpOHsti5LlOiMG0ayWpvosT2GRMa0ZYO75Q KJNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=/D99yVB3Oiz5Mh00scTWz5/c04ErKfScrbcBA6SkIPw=; b=jfKBY5u/xDnCr6yh/r/gBsdsMog+wQPh2p6WKOA4EpcM2Jh17m7Aj+4BW4wAzEcppN IdpWNuCQNkIltYfhvZTZawcbhFenDU5PsHJwInZA5os9MORVdoSg54NkOk58FsO0ykn7 4pCx2Iv9dVpC3aNfAXqJywLavv552Vvuxw+aCdDWoeymtMVGXmSlCGE0R2ruMx1+2idM PlP4QFy6cGPkAwBwtP9OR70IGI1W/3kX8GdsLsJm0HmrDquT+3GJ6FwrbypyusXCHCo2 pP69NHiJGo9xT1VeNliquAVB44LyK2q9P8mvZ/UvJUUMcjLdk6g6Qz2R0xAhrFkU5pqN HB+Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=D1kNZ97u; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a12si12178536edf.4.2020.07.20.10.05.50; Mon, 20 Jul 2020 10:06:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=D1kNZ97u; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389033AbgGTRDU (ORCPT + 99 others); Mon, 20 Jul 2020 13:03:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51898 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729957AbgGTRDT (ORCPT ); Mon, 20 Jul 2020 13:03:19 -0400 Received: from mail-ej1-x644.google.com (mail-ej1-x644.google.com [IPv6:2a00:1450:4864:20::644]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6E37AC0619D4 for ; Mon, 20 Jul 2020 10:03:18 -0700 (PDT) Received: by mail-ej1-x644.google.com with SMTP id y10so18847089eje.1 for ; Mon, 20 Jul 2020 10:03:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=/D99yVB3Oiz5Mh00scTWz5/c04ErKfScrbcBA6SkIPw=; b=D1kNZ97uQbS+psUY/wpbNhL+V3j7kvil0De+3fNHHIbbmYkbXypwfizcVy0gp1lzE8 7PRzu+A/DJqCiXG3TFpg0CU2LqyzqlAcLEyovIpxOpRNKdKE/EdUIu5z2kXMQr928Q39 FS4Ga5tFbkn8/CP6o4go59NrA+6hN8L6Jic2QioJZzyLlPcKr0PoP434tfoWNi2AjRQC JgNnc1qxestfxBJdBYM3QGUwlDRa96HrLWyP2xLc1v6hPUO+iB07p7nxvDyVMXF+3oaY jGpI+XBdZQzcP4bCwpYBZrLCv/cGRpWAH+ITrpaSHEORxOjlOgZTjHcyXWHex5YWmq9d 8I7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/D99yVB3Oiz5Mh00scTWz5/c04ErKfScrbcBA6SkIPw=; b=YYU2WYOIBRIrQqbZxgOk0QzWW6j8ew0OOUla3eSdfrbTUPGG1WNfEKOFLMt1JZ1mhU BifCJFXjup7y7YFg7bYxqJM2Pzl+Ckb9vaImmkkOAYZhjqfDprPUp1CmNxZqagnz74e+ KTK/BGWAntLcPrdsdFGAYpSSVxJKWuyDWi69wYszuSPjcMGqv70ct+HyI11STQXoYVUR cM1T2SfpE+KEb7iIP4mH4wv1yc0sidIbblPIBxeYSiwMOyhA+swcPR/Vea8keKZJXTLQ 0UZN+Fi8L7fkRD+qagmjibPqTXixcDNBOGqHM/8jlIhjTghQ3YjS8G0677uUw0ZWidRJ TGjQ== X-Gm-Message-State: AOAM532nsVwytftmD2U1UIlhaOiRx6lAvPAq4U5eG2zBdJKuHl7xSFdt Si2crNM3houVx/yiS112AZ3C2og2XXjimEttSDxpHg== X-Received: by 2002:a17:907:10d4:: with SMTP id rv20mr22660986ejb.413.1595264596856; Mon, 20 Jul 2020 10:03:16 -0700 (PDT) MIME-Version: 1.0 References: <20200715214312.2266839-1-haoluo@google.com> <20200715214312.2266839-2-haoluo@google.com> In-Reply-To: From: Hao Luo Date: Mon, 20 Jul 2020 10:03:05 -0700 Message-ID: Subject: Re: [RFC PATCH bpf-next 1/2] bpf: BTF support for __ksym externs To: Andrii Nakryiko Cc: Networking , bpf , open list , "open list:KERNEL SELFTEST FRAMEWORK" , Shuah Khan , Alexei Starovoitov , Andrii Nakryiko , John Fastabend , Daniel Borkmann , Martin KaFai Lau , Song Liu , Yonghong Song , KP Singh , Stanislav Fomichev , Quentin Monnet Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Andrii, Thanks for taking a look at this. You comments are clear, I will fix them in v2. > Also, in the next version, please split kernel part and libbpf part > into separate patches. > Got it. Will do. > I don't think that's the right approach. It can't be the best effort. > It's actually pretty clear when a user wants a BTF-based variable with > ability to do direct memory access vs __ksym address that we have > right now: variable type info. In your patch you are only looking up > variable by name, but it needs to be more elaborate logic: > > 1. if variable type is `extern void` -- do what we do today (no BTF required) > 2. if the variable type is anything but `extern void`, then find that > variable in BTF. If no BTF or variable is not found -- hard error with > detailed enough message about what we expected to find in kernel BTF. > 3. If such a variable is found in the kernel, then might be a good > idea to additionally check type compatibility (e.g., struct/union > should match struct/union, int should match int, typedefs should get > resolved to underlying type, etc). I don't think deep comparison of > structs is right, though, due to CO-RE, so just high-level > compatibility checks to prevent the most obvious mistakes. > Ack. > > > > Also note since we need to carry the ksym's address (64bits) as well as > > its btf_id (32bits), pseudo_btf_id uses ld_imm64's both imm and off > > fields. > > For BTF-enabled ksyms, libbpf doesn't need to provide symbol address, > kernel will find it and substitute it, so BTF ID is the only > parameter. Thus it can just go into the imm field (and simplify > ldimm64 validation logic a bit). > Ack. > > /* when bpf_call->src_reg == BPF_PSEUDO_CALL, bpf_call->imm == pc-relative > > * offset to another bpf function > > diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c > > index 3c1efc9d08fd..3c925957b9b6 100644 > > --- a/kernel/bpf/verifier.c > > +++ b/kernel/bpf/verifier.c > > @@ -7131,15 +7131,29 @@ static int check_ld_imm(struct bpf_verifier_env *env, struct bpf_insn *insn) > > verbose(env, "invalid BPF_LD_IMM insn\n"); > > return -EINVAL; > > } > > + err = check_reg_arg(env, insn->dst_reg, DST_OP); > > + if (err) > > + return err; > > + > > + /* > > + * BPF_PSEUDO_BTF_ID insn's off fields carry the ksym's btf_id, so its > > + * handling has to come before the reserved field check. > > + */ > > + if (insn->src_reg == BPF_PSEUDO_BTF_ID) { > > + u32 id = ((u32)(insn + 1)->off << 16) | (u32)insn->off; > > + const struct btf_type *t = btf_type_by_id(btf_vmlinux, id); > > + > > This is the kernel, we should be paranoid and assume the hackers want > to do bad things. So check t for NULL. Check that it's actually a > BTF_KIND_VAR. Check the name, find ksym addr, etc. > Ack.