From: Feng Zhou zhoufeng.zf@bytedance.com
When access traced function arguments with type is u32*, bpf verifier failed. Because u32 have typedef, needs to skip modifier. Add btf_type_is_modifier in is_int_ptr. Add a selftest to check it.
Feng Zhou (2): bpf/btf: Fix is_int_ptr() selftests/bpf: Add test to access u32 ptr argument in tracing program
Changelog: v1->v2: Addressed comments from Martin KaFai Lau - Add a selftest. - use btf_type_skip_modifiers. Some details in here: https://lore.kernel.org/all/20221012125815.76120-1-zhouchengming@bytedance.c...
kernel/bpf/btf.c | 5 ++--- net/bpf/test_run.c | 8 +++++++- .../testing/selftests/bpf/verifier/btf_ctx_access.c | 13 +++++++++++++ 3 files changed, 22 insertions(+), 4 deletions(-)
From: Feng Zhou zhoufeng.zf@bytedance.com
When tracing a kernel function with arg type is u32*, btf_ctx_access() would report error: arg2 type INT is not a struct.
The commit bb6728d75611 ("bpf: Allow access to int pointer arguments in tracing programs") added support for int pointer, but don't skip modifiers before checking it's type. This patch fixes it.
Fixes: bb6728d75611 ("bpf: Allow access to int pointer arguments in tracing programs") Co-developed-by: Chengming Zhou zhouchengming@bytedance.com Signed-off-by: Chengming Zhou zhouchengming@bytedance.com Signed-off-by: Feng Zhou zhoufeng.zf@bytedance.com --- kernel/bpf/btf.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c index 593c45a294d0..17c65de1e48b 100644 --- a/kernel/bpf/btf.c +++ b/kernel/bpf/btf.c @@ -5913,9 +5913,8 @@ static bool is_int_ptr(struct btf *btf, const struct btf_type *t) /* t comes in already as a pointer */ t = btf_type_by_id(btf, t->type);
- /* allow const */ - if (BTF_INFO_KIND(t->info) == BTF_KIND_CONST) - t = btf_type_by_id(btf, t->type); + /* skip modifiers */ + t = btf_type_skip_modifiers(btf, t->type, NULL);
return btf_type_is_int(t); }
From: Feng Zhou zhoufeng.zf@bytedance.com
Adding verifier test for accessing u32 pointer argument in tracing programs.
The test program loads 1nd argument of bpf_fentry_test9 function which is u32 pointer and checks that verifier allows that.
Co-developed-by: Chengming Zhou zhouchengming@bytedance.com Signed-off-by: Chengming Zhou zhouchengming@bytedance.com Signed-off-by: Feng Zhou zhoufeng.zf@bytedance.com --- net/bpf/test_run.c | 8 +++++++- .../testing/selftests/bpf/verifier/btf_ctx_access.c | 13 +++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/net/bpf/test_run.c b/net/bpf/test_run.c index f1652f5fbd2e..68bdfc041a7b 100644 --- a/net/bpf/test_run.c +++ b/net/bpf/test_run.c @@ -541,6 +541,11 @@ int noinline bpf_fentry_test8(struct bpf_fentry_test_t *arg) return (long)arg->a; }
+__bpf_kfunc u32 bpf_fentry_test9(u32 *a) +{ + return *a; +} + __bpf_kfunc int bpf_modify_return_test(int a, int *b) { *b += 1; @@ -855,7 +860,8 @@ int bpf_prog_test_run_tracing(struct bpf_prog *prog, bpf_fentry_test5(11, (void *)12, 13, 14, 15) != 65 || bpf_fentry_test6(16, (void *)17, 18, 19, (void *)20, 21) != 111 || bpf_fentry_test7((struct bpf_fentry_test_t *)0) != 0 || - bpf_fentry_test8(&arg) != 0) + bpf_fentry_test8(&arg) != 0 || + bpf_fentry_test9(&retval) != 0) goto out; break; case BPF_MODIFY_RETURN: diff --git a/tools/testing/selftests/bpf/verifier/btf_ctx_access.c b/tools/testing/selftests/bpf/verifier/btf_ctx_access.c index 6340db6b46dc..0484d3de040d 100644 --- a/tools/testing/selftests/bpf/verifier/btf_ctx_access.c +++ b/tools/testing/selftests/bpf/verifier/btf_ctx_access.c @@ -10,3 +10,16 @@ .expected_attach_type = BPF_TRACE_FENTRY, .kfunc = "bpf_modify_return_test", }, + +{ + "btf_ctx_access u32 pointer accept", + .insns = { + BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 0), /* load 1nd argument value (u32 pointer) */ + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }, + .result = ACCEPT, + .prog_type = BPF_PROG_TYPE_TRACING, + .expected_attach_type = BPF_TRACE_FENTRY, + .kfunc = "bpf_fentry_test9", +},
On Fri, Apr 07, 2023 at 04:46:06PM +0800, Feng zhou wrote:
From: Feng Zhou zhoufeng.zf@bytedance.com
When access traced function arguments with type is u32*, bpf verifier failed. Because u32 have typedef, needs to skip modifier. Add btf_type_is_modifier in is_int_ptr. Add a selftest to check it.
Feng Zhou (2): bpf/btf: Fix is_int_ptr() selftests/bpf: Add test to access u32 ptr argument in tracing program
hi, it breaks several tests in test_progs suite:
#11/36 bpf_iter/link-iter:FAIL #11 bpf_iter:FAIL test_dummy_st_ops_attach:FAIL:dummy_st_ops_load unexpected error: -13 #63/1 dummy_st_ops/dummy_st_ops_attach:FAIL test_dummy_init_ret_value:FAIL:dummy_st_ops_load unexpected error: -13 #63/2 dummy_st_ops/dummy_init_ret_value:FAIL test_dummy_init_ptr_arg:FAIL:dummy_st_ops_load unexpected error: -13 #63/3 dummy_st_ops/dummy_init_ptr_arg:FAIL test_dummy_multiple_args:FAIL:dummy_st_ops_load unexpected error: -13 #63/4 dummy_st_ops/dummy_multiple_args:FAIL test_dummy_sleepable:FAIL:dummy_st_ops_load unexpected error: -13 #63/5 dummy_st_ops/dummy_sleepable:FAIL #63 dummy_st_ops:FAIL test_fentry_fexit:FAIL:fentry_skel_load unexpected error: -13 #69 fentry_fexit:FAIL test_fentry_test:FAIL:fentry_skel_load unexpected error: -13 #70 fentry_test:FAIL
jirka
Changelog: v1->v2: Addressed comments from Martin KaFai Lau
- Add a selftest.
- use btf_type_skip_modifiers.
Some details in here: https://lore.kernel.org/all/20221012125815.76120-1-zhouchengming@bytedance.c...
kernel/bpf/btf.c | 5 ++--- net/bpf/test_run.c | 8 +++++++- .../testing/selftests/bpf/verifier/btf_ctx_access.c | 13 +++++++++++++ 3 files changed, 22 insertions(+), 4 deletions(-)
-- 2.20.1
linux-kselftest-mirror@lists.linaro.org
-
Feng zhou -
Jiri Olsa