Received: by 2002:a05:6358:a55:b0:ec:fcf4:3ecf with SMTP id 21csp3137152rwb; Fri, 20 Jan 2023 11:42:55 -0800 (PST) X-Google-Smtp-Source: AMrXdXspSojFHQpjvHCqU2EMczTonKnsferQD47bADpCyIAxpiKzbolbAxf+A+E+mfLQeNr40A/c X-Received: by 2002:aa7:cc91:0:b0:46c:6ed1:83b0 with SMTP id p17-20020aa7cc91000000b0046c6ed183b0mr15901152edt.9.1674243774892; Fri, 20 Jan 2023 11:42:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674243774; cv=none; d=google.com; s=arc-20160816; b=TqVPayvzJ8yqFswzWvl435SDFDuM1L2nW79BDmpsVndEZUusHGLuCz6ooYj4A2QbTR QIXfeuuPA6SEY9lecq9Q2ga04BItFZWU0zYfrjiPR70cdgopw/st23UmHq4fRJsBUB/m +FSb+ZW3RbM29pXm8FkvJnWLSfDkFpj+rtut3XEb0V1/vGXVjIEYAEayJgwhdIdeB5zc UTbyXHaXBt8CcDD/J82ej1t11evdxA8q14PHkPuJzP/b3IUOEOXQ7qe/tWaXEA3gWpjx kiXfw7RqYcbB6dMXxmGarfcUMgV/VgFit4bD9QWKvHz6H+noxpb7Dw4oQMhv6Jp1y4zL ZFYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=szLEwMFPNAUcOlQXjDN9W13GrrQRzdrtWVVmponsE0I=; b=uJnByeWfRbgx3mp7a1BBhh8MNfYhhyHQJra9S9qFugpeflIaaROMtkAyX78I/gp47P EhoJOohVXEAEEhnYZupZUYVYUiZOJQEnDyp6ps95sRE8BmpcJW736tQH2XVggEuM3LBN 5Ob7eyBSkyswgGDu6bsXdNNYJfdYu00hwPSjrnWWWdd8EIcGXDpQgnaK4Rgdpg8+z7GV 05mFEComm25vReCUPcRT1tLn1en5hzxiYgmKftApmWTG5HMelzrIJYQ1Mcuti40BKPPc oP5V6GLxEZBQH3mn8shcy3jdZszdsZdTiDXY5glBcTKJXh1w3XUZqlBLxd39FLnG9ONl Mjrg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w2-20020a05640234c200b0049e05990fe7si24068657edc.27.2023.01.20.11.42.42; Fri, 20 Jan 2023 11:42:54 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230150AbjATT0E (ORCPT + 50 others); Fri, 20 Jan 2023 14:26:04 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58190 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230359AbjATTZw (ORCPT ); Fri, 20 Jan 2023 14:25:52 -0500 Received: from mail-qt1-f173.google.com (mail-qt1-f173.google.com [209.85.160.173]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 26E88DB7B2; Fri, 20 Jan 2023 11:25:41 -0800 (PST) Received: by mail-qt1-f173.google.com with SMTP id fd15so4929552qtb.9; Fri, 20 Jan 2023 11:25:41 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=szLEwMFPNAUcOlQXjDN9W13GrrQRzdrtWVVmponsE0I=; b=rg0K5vLlJ1/duQCEdGhTRWDn8hSn4CMh5fQIqVkuFZhJi5A3vYVKb+lCKtQhZsuF4B 8k97URDwpmd52xvHS4IipjEDYjMx0m+EGLI8MBBpBirYp5/pVuDi9h72aBKzT5mAi7rb CoIz5dSa3wPqd0Nt8iBPPVrTw3HV9ZqnXs/HE0Vk9JoWg5gl+n+EN5azOPwL7nsyvGhb UGy3l9EjT8ijU4bryL4IypbOz4yOcDS5R6w9JTcgwwsfYDQG/gnCjdEH4FWavdOGTpcf cYNzZ2cca/GVKWwI0ibhbKO+/PdLID24o9jEov6YcSCyUGnlitZJf7wZeQhoyPtVvKBK 2xJw== X-Gm-Message-State: AFqh2komDKBTUgiiPVW7IEz8LJu4W/32RG7FXi6J0dEyhyjnDlGRLk7z cHDU4RqVOQ2tZjTXmc5px6OIptD21N7WSD68 X-Received: by 2002:a05:622a:1c15:b0:3b6:8d71:fd2b with SMTP id bq21-20020a05622a1c1500b003b68d71fd2bmr11406552qtb.48.1674242739803; Fri, 20 Jan 2023 11:25:39 -0800 (PST) Received: from localhost ([2620:10d:c091:480::1:2fc9]) by smtp.gmail.com with ESMTPSA id bw5-20020a05622a098500b003b64f1b1f40sm4451070qtb.40.2023.01.20.11.25.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 20 Jan 2023 11:25:39 -0800 (PST) From: David Vernet To: bpf@vger.kernel.org Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, martin.lau@linux.dev, song@kernel.org, yhs@meta.com, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@google.com, haoluo@google.com, jolsa@kernel.org, linux-kernel@vger.kernel.org, kernel-team@meta.com, tj@kernel.org, memxor@gmail.com Subject: [PATCH bpf-next v2 8/9] bpf/docs: Document how nested trusted fields may be defined Date: Fri, 20 Jan 2023 13:25:22 -0600 Message-Id: <20230120192523.3650503-9-void@manifault.com> X-Mailer: git-send-email 2.39.0 In-Reply-To: <20230120192523.3650503-1-void@manifault.com> References: <20230120192523.3650503-1-void@manifault.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org A prior change defined a new BTF_TYPE_SAFE_NESTED macro in the verifier which allows developers to specify when a pointee field in a struct type should inherit its parent pointer's trusted status. This patch updates the kfuncs documentation to specify this macro and how it can be used. Signed-off-by: David Vernet --- Documentation/bpf/kfuncs.rst | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/Documentation/bpf/kfuncs.rst b/Documentation/bpf/kfuncs.rst index a74f9e74087b..560f4ede3a9f 100644 --- a/Documentation/bpf/kfuncs.rst +++ b/Documentation/bpf/kfuncs.rst @@ -167,7 +167,8 @@ KF_ACQUIRE and KF_RET_NULL flags. The KF_TRUSTED_ARGS flag is used for kfuncs taking pointer arguments. It indicates that the all pointer arguments are valid, and that all pointers to BTF objects have been passed in their unmodified form (that is, at a zero -offset, and without having been obtained from walking another pointer). +offset, and without having been obtained from walking another pointer, with one +exception described below). There are two types of pointers to kernel objects which are considered "valid": @@ -180,6 +181,25 @@ KF_TRUSTED_ARGS kfuncs, and may have a non-zero offset. The definition of "valid" pointers is subject to change at any time, and has absolutely no ABI stability guarantees. +As mentioned above, a nested pointer obtained from walking a trusted pointer is +no longer trusted, with one exception. If a struct type has a field that is +guaranteed to be valid as long as its parent pointer is trusted, the +``BTF_TYPE_SAFE_NESTED`` macro can be used to express that to the verifier as +follows: + +.. code-block:: c + + BTF_TYPE_SAFE_NESTED(struct task_struct) { + const cpumask_t *cpus_ptr; + }; + +In other words, you must: + +1. Wrap the trusted pointer type in the ``BTF_TYPE_SAFE_NESTED`` macro. + +2. Specify the type and name of the trusted nested field. This field must match + the field in the original type definition exactly. + 2.4.6 KF_SLEEPABLE flag ----------------------- -- 2.39.0