Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp863369rwb; Wed, 16 Nov 2022 08:36:41 -0800 (PST) X-Google-Smtp-Source: AA0mqf4hnw4IZqe3z4Hb84+WmfqShBUtAB8PsOYfGg9ydV9mKauh73LhY61n1lobqjHfpWjnFm9j X-Received: by 2002:a62:5b44:0:b0:56c:6f8:fe14 with SMTP id p65-20020a625b44000000b0056c06f8fe14mr23559271pfb.75.1668616601225; Wed, 16 Nov 2022 08:36:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668616601; cv=none; d=google.com; s=arc-20160816; b=V2MYJmj3C8C14TKICh/B9JuJakOjmRnBpIBhbR+Q16JfEhygqxWNh7agVbcoqfZz5v gaVWGnYmDAHWyYppl58ByO+wMz+lVyGsKHul9bkdBmCiFjXWSodWCf0OdSS2CGV4hNZ+ iMaVMNkpt0iTF6VWZ2B6SaRREZEoFpt+7IPt0//kAmXbEMWj9Hymz8Dw2N4FrQmfKSEL ccgR0s1OE+D+2l4GMRbiNzbx932W4fyXQY6HJv1gcWVVO6rDUwfelBXI3TZQfBKNldQf spnjTJAMxKv6dQEg7YJOYnbGNeoucYhXq9+HXmwQwyxRUtq8CmpN9f/DesnzzebbS9od jGKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=oyC+JG2j0IITo5qTGz+wgr7L9QvSOVg95WWnwiLkRlk=; b=1A2ZgpV0fyDL2dnsVatGK62t5QfuEqsU6mm3HMIOlSibV7Z79gaHW/teW7Ka0IuOpc SsTqA4v7RqJVaS1ODK+y2GsdEk6zHDana2wmdYzDV9TKo8hbPMLeFXK9CMFZ4kNbzA+n zw6xi1UUnn9ipWz/o++1JqjIMl+KZbk0XkwpPnberfUQb3VNq0p0gSlg4TePw+QZRuex /w0RqCzXdTkRogHj7OLWcZCwUgymrNHUtmnaupZqVFBKVa5akq2q+J0LxiKN+rrxczwX oDgWrfjnTYCDxX3TYWQecKncuOK7FuqDwCaJKSIFwIvBRlBJIT2hI/EcdKh2Xl788Ep8 C0xw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=nu0f182G; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q19-20020a056a00151300b005712c9c1134si16744750pfu.192.2022.11.16.08.36.30; Wed, 16 Nov 2022 08:36:41 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=nu0f182G; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229617AbiKPQQx (ORCPT + 91 others); Wed, 16 Nov 2022 11:16:53 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53766 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234414AbiKPQQs (ORCPT ); Wed, 16 Nov 2022 11:16:48 -0500 Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A074756EF9; Wed, 16 Nov 2022 08:16:41 -0800 (PST) Received: by mail-ed1-x532.google.com with SMTP id i21so27311334edj.10; Wed, 16 Nov 2022 08:16:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=oyC+JG2j0IITo5qTGz+wgr7L9QvSOVg95WWnwiLkRlk=; b=nu0f182GHr4/oXvVgfqPrTaVmMJY1kOkyoQNPJBEHeq/YTv4TnVqESuk44fa+dYSE6 zROnl8KWUxSyc5d3spKfj+etdFbteVZudbjwk13CZ41P8TIB8HdqgyYP+FaCwhOe/hMd 6d98SNTC604wKCD99u5v//MhwqU3kCXR9dwLLvZud4PTx1RAgD4R8hqM0pZeIbTbmN8t beeORJtPNmg6YEX84PhhPXehB6QayOFKi8iAbaH407dkoEL5lv+E6JD7besihzkfoxjs oO6S7ii7RRDDoPtCdngHJlxPA666lBxYnHmqwanJKulITwS8BoUIuTP+IFwym1yWT/Ee rTSQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=oyC+JG2j0IITo5qTGz+wgr7L9QvSOVg95WWnwiLkRlk=; b=j3I8OUfNRAkJWuPa9co9DDZ/sDVO9jjJKhz/lSPTnf9Vp+Sq51q+7tJln/tKb7Qpno Hu+/o3MX9OXx/GKLcmM1kkX8e6ebegb4VLF97YXHrXZZAsiV5/nYS9+8+gwFaspO+Oq1 NThYAZqHHSFpVpI8YTcZeKJcRXZ6KVXy97r8HEVs81Lyy4DQLrPskrqy6aJ2EXD0BS1W erBolebA901JQhdVU0JitZT19KMpY03znW+WOJwtXSkJInjCjLhLTczHIq92f2l/nfmS Q0qLC8smpv8bdeKQhr+JaThlIFZBtCI2A5BM+SuKa9pWwvCC2NkN56/dJ320a+G5XL7X dI8w== X-Gm-Message-State: ANoB5pn/XaWaCOMrz41e6oMB/69CRfA/lzg9ohqFLbA7zyBDmdFe04xM Uj/hB/TzcJw6O6V7SN0tmxf0YRL9x2ssmD/EwUI= X-Received: by 2002:a05:6402:2424:b0:459:2515:b27b with SMTP id t36-20020a056402242400b004592515b27bmr20048938eda.338.1668615400096; Wed, 16 Nov 2022 08:16:40 -0800 (PST) MIME-Version: 1.0 References: <700dffccdfeeb3d19c5385550e4c84f08c705e19.camel@huaweicloud.com> <20221116154712.4115929-1-roberto.sassu@huaweicloud.com> In-Reply-To: <20221116154712.4115929-1-roberto.sassu@huaweicloud.com> From: Alexei Starovoitov Date: Wed, 16 Nov 2022 08:16:28 -0800 Message-ID: Subject: Re: [PoC][PATCH] bpf: Call return value check function in the JITed code To: Roberto Sassu Cc: Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Florent Revest , Brendan Jackman , Paul Moore , James Morris , "Serge E . Hallyn" , bpf , LSM List , LKML , Roberto Sassu Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Nov 16, 2022 at 7:48 AM Roberto Sassu wrote: > +static bool is_ret_value_allowed(int ret, u32 ret_flags) > +{ > + if ((ret < 0 && !(ret_flags & LSM_RET_NEG)) || > + (ret == 0 && !(ret_flags & LSM_RET_ZERO)) || > + (ret == 1 && !(ret_flags & LSM_RET_ONE)) || > + (ret > 1 && !(ret_flags & LSM_RET_GT_ONE))) > + return false; > + > + return true; > +} > + > /* For every LSM hook that allows attachment of BPF programs, declare a nop > * function where a BPF program can be attached. > */ > @@ -30,6 +41,15 @@ noinline RET bpf_lsm_##NAME(__VA_ARGS__) \ > #include > #undef LSM_HOOK > > +#define LSM_HOOK(RET, DEFAULT, RET_FLAGS, NAME, ...) \ > +noinline RET bpf_lsm_##NAME##_ret(int ret) \ > +{ \ > + return is_ret_value_allowed(ret, RET_FLAGS) ? ret : DEFAULT; \ > +} > + > +#include > +#undef LSM_HOOK > + because lsm hooks is mess of undocumented return values your "solution" is to add hundreds of noninline functions and hack the call into them in JITs ?! That's an obvious no-go. Not sure why you bothered to implement it.