Commit fddbf4b6 authored by Alexei Starovoitov's avatar Alexei Starovoitov

Merge branch 'bpf: Support calling kernel function'

Martin KaFai says:

====================

This series adds support to allow bpf program calling kernel function.

The use case included in this set is to allow bpf-tcp-cc to directly
call some tcp-cc helper functions (e.g. "tcp_cong_avoid_ai()").  Those
functions have already been used by some kernel tcp-cc implementations.

This set will also allow the bpf-tcp-cc program to directly call the
kernel tcp-cc implementation,  For example, a bpf_dctcp may only want to
implement its own dctcp_cwnd_event() and reuse other dctcp_*() directly
from the kernel tcp_dctcp.c instead of reimplementing (or
copy-and-pasting) them.

The tcp-cc kernel functions mentioned above will be white listed
for the struct_ops bpf-tcp-cc programs to use in a later patch.
The white listed functions are not bounded to a fixed ABI contract.
Those functions have already been used by the existing kernel tcp-cc.
If any of them has changed, both in-tree and out-of-tree kernel tcp-cc
implementations have to be changed.  The same goes for the struct_ops
bpf-tcp-cc programs which have to be adjusted accordingly.

Please see individual patch for details.

v2:
- Patch 2 in v1 is removed.  No need to support extern func in kernel.
  Changed libbpf to adjust the .ksyms datasec for extern func
  in patch 11. (Andrii)
- Name change: btf_check_func_arg_match() and btf_check_subprog_arg_match()
  in patch 2. (Andrii)
- Always set unreliable on any error in patch 2 since it does not
  matter. (Andrii)
- s/kern_func/kfunc/ and s/descriptor/desc/ in this set. (Andrii)
- Remove some unnecessary changes in disasm.h and disasm.c
  in patch 3.  In particular, no need to change the function
  signature in bpf_insn_revmap_call_t.  Also, removed the changes
  in print_bpf_insn().
- Fixed an issue in check_kfunc_call() when the calling kernel function
  returns a pointer in patch 3.  Added a selftest.
- Adjusted the verifier selftests due to the changes in the verifier log
  in patch 3.
- Fixed a comparison issue in kfunc_desc_cmp_by_imm() in patch 3. (Andrii)
- Name change: is_ldimm64_insn(),
  new helper: is_call_insn() in patch 10 (Andrii)
- Move btf_func_linkage() from btf.h to libbpf.c in patch 11. (Andrii)
- Fixed the linker error when CONFIG_BPF_SYSCALL is not defined.
  Moved the check_kfunc_call from filter.c to test_run.c in patch 14.
  (kernel test robot)
====================
Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
parents 36e79851 7bd1590d
...@@ -2346,3 +2346,8 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog) ...@@ -2346,3 +2346,8 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog)
tmp : orig_prog); tmp : orig_prog);
return prog; return prog;
} }
bool bpf_jit_supports_kfunc_call(void)
{
return true;
}
...@@ -1390,6 +1390,19 @@ static inline void emit_push_r64(const u8 src[], u8 **pprog) ...@@ -1390,6 +1390,19 @@ static inline void emit_push_r64(const u8 src[], u8 **pprog)
*pprog = prog; *pprog = prog;
} }
static void emit_push_r32(const u8 src[], u8 **pprog)
{
u8 *prog = *pprog;
int cnt = 0;
/* mov ecx,dword ptr [ebp+off] */
EMIT3(0x8B, add_2reg(0x40, IA32_EBP, IA32_ECX), STACK_VAR(src_lo));
/* push ecx */
EMIT1(0x51);
*pprog = prog;
}
static u8 get_cond_jmp_opcode(const u8 op, bool is_cmp_lo) static u8 get_cond_jmp_opcode(const u8 op, bool is_cmp_lo)
{ {
u8 jmp_cond; u8 jmp_cond;
...@@ -1459,6 +1472,174 @@ static u8 get_cond_jmp_opcode(const u8 op, bool is_cmp_lo) ...@@ -1459,6 +1472,174 @@ static u8 get_cond_jmp_opcode(const u8 op, bool is_cmp_lo)
return jmp_cond; return jmp_cond;
} }
/* i386 kernel compiles with "-mregparm=3". From gcc document:
*
* ==== snippet ====
* regparm (number)
* On x86-32 targets, the regparm attribute causes the compiler
* to pass arguments number one to (number) if they are of integral
* type in registers EAX, EDX, and ECX instead of on the stack.
* Functions that take a variable number of arguments continue
* to be passed all of their arguments on the stack.
* ==== snippet ====
*
* The first three args of a function will be considered for
* putting into the 32bit register EAX, EDX, and ECX.
*
* Two 32bit registers are used to pass a 64bit arg.
*
* For example,
* void foo(u32 a, u32 b, u32 c, u32 d):
* u32 a: EAX
* u32 b: EDX
* u32 c: ECX
* u32 d: stack
*
* void foo(u64 a, u32 b, u32 c):
* u64 a: EAX (lo32) EDX (hi32)
* u32 b: ECX
* u32 c: stack
*
* void foo(u32 a, u64 b, u32 c):
* u32 a: EAX
* u64 b: EDX (lo32) ECX (hi32)
* u32 c: stack
*
* void foo(u32 a, u32 b, u64 c):
* u32 a: EAX
* u32 b: EDX
* u64 c: stack
*
* The return value will be stored in the EAX (and EDX for 64bit value).
*
* For example,
* u32 foo(u32 a, u32 b, u32 c):
* return value: EAX
*
* u64 foo(u32 a, u32 b, u32 c):
* return value: EAX (lo32) EDX (hi32)
*
* Notes:
* The verifier only accepts function having integer and pointers
* as its args and return value, so it does not have
* struct-by-value.
*
* emit_kfunc_call() finds out the btf_func_model by calling
* bpf_jit_find_kfunc_model(). A btf_func_model
* has the details about the number of args, size of each arg,
* and the size of the return value.
*
* It first decides how many args can be passed by EAX, EDX, and ECX.
* That will decide what args should be pushed to the stack:
* [first_stack_regno, last_stack_regno] are the bpf regnos
* that should be pushed to the stack.
*
* It will first push all args to the stack because the push
* will need to use ECX. Then, it moves
* [BPF_REG_1, first_stack_regno) to EAX, EDX, and ECX.
*
* When emitting a call (0xE8), it needs to figure out
* the jmp_offset relative to the jit-insn address immediately
* following the call (0xE8) instruction. At this point, it knows
* the end of the jit-insn address after completely translated the
* current (BPF_JMP | BPF_CALL) bpf-insn. It is passed as "end_addr"
* to the emit_kfunc_call(). Thus, it can learn the "immediate-follow-call"
* address by figuring out how many jit-insn is generated between
* the call (0xE8) and the end_addr:
* - 0-1 jit-insn (3 bytes each) to restore the esp pointer if there
* is arg pushed to the stack.
* - 0-2 jit-insns (3 bytes each) to handle the return value.
*/
static int emit_kfunc_call(const struct bpf_prog *bpf_prog, u8 *end_addr,
const struct bpf_insn *insn, u8 **pprog)
{
const u8 arg_regs[] = { IA32_EAX, IA32_EDX, IA32_ECX };
int i, cnt = 0, first_stack_regno, last_stack_regno;
int free_arg_regs = ARRAY_SIZE(arg_regs);
const struct btf_func_model *fm;
int bytes_in_stack = 0;
const u8 *cur_arg_reg;
u8 *prog = *pprog;
s64 jmp_offset;
fm = bpf_jit_find_kfunc_model(bpf_prog, insn);
if (!fm)
return -EINVAL;
first_stack_regno = BPF_REG_1;
for (i = 0; i < fm->nr_args; i++) {
int regs_needed = fm->arg_size[i] > sizeof(u32) ? 2 : 1;
if (regs_needed > free_arg_regs)
break;
free_arg_regs -= regs_needed;
first_stack_regno++;
}
/* Push the args to the stack */
last_stack_regno = BPF_REG_0 + fm->nr_args;
for (i = last_stack_regno; i >= first_stack_regno; i--) {
if (fm->arg_size[i - 1] > sizeof(u32)) {
emit_push_r64(bpf2ia32[i], &prog);
bytes_in_stack += 8;
} else {
emit_push_r32(bpf2ia32[i], &prog);
bytes_in_stack += 4;
}
}
cur_arg_reg = &arg_regs[0];
for (i = BPF_REG_1; i < first_stack_regno; i++) {
/* mov e[adc]x,dword ptr [ebp+off] */
EMIT3(0x8B, add_2reg(0x40, IA32_EBP, *cur_arg_reg++),
STACK_VAR(bpf2ia32[i][0]));
if (fm->arg_size[i - 1] > sizeof(u32))
/* mov e[adc]x,dword ptr [ebp+off] */
EMIT3(0x8B, add_2reg(0x40, IA32_EBP, *cur_arg_reg++),
STACK_VAR(bpf2ia32[i][1]));
}
if (bytes_in_stack)
/* add esp,"bytes_in_stack" */
end_addr -= 3;
/* mov dword ptr [ebp+off],edx */
if (fm->ret_size > sizeof(u32))
end_addr -= 3;
/* mov dword ptr [ebp+off],eax */
if (fm->ret_size)
end_addr -= 3;
jmp_offset = (u8 *)__bpf_call_base + insn->imm - end_addr;
if (!is_simm32(jmp_offset)) {
pr_err("unsupported BPF kernel function jmp_offset:%lld\n",
jmp_offset);
return -EINVAL;
}
EMIT1_off32(0xE8, jmp_offset);
if (fm->ret_size)
/* mov dword ptr [ebp+off],eax */
EMIT3(0x89, add_2reg(0x40, IA32_EBP, IA32_EAX),
STACK_VAR(bpf2ia32[BPF_REG_0][0]));
if (fm->ret_size > sizeof(u32))
/* mov dword ptr [ebp+off],edx */
EMIT3(0x89, add_2reg(0x40, IA32_EBP, IA32_EDX),
STACK_VAR(bpf2ia32[BPF_REG_0][1]));
if (bytes_in_stack)
/* add esp,"bytes_in_stack" */
EMIT3(0x83, add_1reg(0xC0, IA32_ESP), bytes_in_stack);
*pprog = prog;
return 0;
}
static int do_jit(struct bpf_prog *bpf_prog, int *addrs, u8 *image, static int do_jit(struct bpf_prog *bpf_prog, int *addrs, u8 *image,
int oldproglen, struct jit_context *ctx) int oldproglen, struct jit_context *ctx)
{ {
...@@ -1888,6 +2069,18 @@ static int do_jit(struct bpf_prog *bpf_prog, int *addrs, u8 *image, ...@@ -1888,6 +2069,18 @@ static int do_jit(struct bpf_prog *bpf_prog, int *addrs, u8 *image,
if (insn->src_reg == BPF_PSEUDO_CALL) if (insn->src_reg == BPF_PSEUDO_CALL)
goto notyet; goto notyet;
if (insn->src_reg == BPF_PSEUDO_KFUNC_CALL) {
int err;
err = emit_kfunc_call(bpf_prog,
image + addrs[i],
insn, &prog);
if (err)
return err;
break;
}
func = (u8 *) __bpf_call_base + imm32; func = (u8 *) __bpf_call_base + imm32;
jmp_offset = func - (image + addrs[i]); jmp_offset = func - (image + addrs[i]);
...@@ -2393,3 +2586,8 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog) ...@@ -2393,3 +2586,8 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog)
tmp : orig_prog); tmp : orig_prog);
return prog; return prog;
} }
bool bpf_jit_supports_kfunc_call(void)
{
return true;
}
...@@ -427,6 +427,7 @@ enum bpf_reg_type { ...@@ -427,6 +427,7 @@ enum bpf_reg_type {
PTR_TO_PERCPU_BTF_ID, /* reg points to a percpu kernel variable */ PTR_TO_PERCPU_BTF_ID, /* reg points to a percpu kernel variable */
PTR_TO_FUNC, /* reg points to a bpf program function */ PTR_TO_FUNC, /* reg points to a bpf program function */
PTR_TO_MAP_KEY, /* reg points to a map element key */ PTR_TO_MAP_KEY, /* reg points to a map element key */
__BPF_REG_TYPE_MAX,
}; };
/* The information passed from prog-specific *_is_valid_access /* The information passed from prog-specific *_is_valid_access
...@@ -480,6 +481,7 @@ struct bpf_verifier_ops { ...@@ -480,6 +481,7 @@ struct bpf_verifier_ops {
const struct btf_type *t, int off, int size, const struct btf_type *t, int off, int size,
enum bpf_access_type atype, enum bpf_access_type atype,
u32 *next_btf_id); u32 *next_btf_id);
bool (*check_kfunc_call)(u32 kfunc_btf_id);
}; };
struct bpf_prog_offload_ops { struct bpf_prog_offload_ops {
...@@ -796,6 +798,8 @@ struct btf_mod_pair { ...@@ -796,6 +798,8 @@ struct btf_mod_pair {
struct module *module; struct module *module;
}; };
struct bpf_kfunc_desc_tab;
struct bpf_prog_aux { struct bpf_prog_aux {
atomic64_t refcnt; atomic64_t refcnt;
u32 used_map_cnt; u32 used_map_cnt;
...@@ -832,6 +836,7 @@ struct bpf_prog_aux { ...@@ -832,6 +836,7 @@ struct bpf_prog_aux {
struct bpf_prog **func; struct bpf_prog **func;
void *jit_data; /* JIT specific data. arch dependent */ void *jit_data; /* JIT specific data. arch dependent */
struct bpf_jit_poke_descriptor *poke_tab; struct bpf_jit_poke_descriptor *poke_tab;
struct bpf_kfunc_desc_tab *kfunc_tab;
u32 size_poke_tab; u32 size_poke_tab;
struct bpf_ksym ksym; struct bpf_ksym ksym;
const struct bpf_prog_ops *ops; const struct bpf_prog_ops *ops;
...@@ -1527,6 +1532,7 @@ int bpf_prog_test_run_raw_tp(struct bpf_prog *prog, ...@@ -1527,6 +1532,7 @@ int bpf_prog_test_run_raw_tp(struct bpf_prog *prog,
int bpf_prog_test_run_sk_lookup(struct bpf_prog *prog, int bpf_prog_test_run_sk_lookup(struct bpf_prog *prog,
const union bpf_attr *kattr, const union bpf_attr *kattr,
union bpf_attr __user *uattr); union bpf_attr __user *uattr);
bool bpf_prog_test_check_kfunc_call(u32 kfunc_id);
bool btf_ctx_access(int off, int size, enum bpf_access_type type, bool btf_ctx_access(int off, int size, enum bpf_access_type type,
const struct bpf_prog *prog, const struct bpf_prog *prog,
struct bpf_insn_access_aux *info); struct bpf_insn_access_aux *info);
...@@ -1545,8 +1551,11 @@ int btf_distill_func_proto(struct bpf_verifier_log *log, ...@@ -1545,8 +1551,11 @@ int btf_distill_func_proto(struct bpf_verifier_log *log,
struct btf_func_model *m); struct btf_func_model *m);
struct bpf_reg_state; struct bpf_reg_state;
int btf_check_func_arg_match(struct bpf_verifier_env *env, int subprog, int btf_check_subprog_arg_match(struct bpf_verifier_env *env, int subprog,
struct bpf_reg_state *regs); struct bpf_reg_state *regs);
int btf_check_kfunc_arg_match(struct bpf_verifier_env *env,
const struct btf *btf, u32 func_id,
struct bpf_reg_state *regs);
int btf_prepare_func_args(struct bpf_verifier_env *env, int subprog, int btf_prepare_func_args(struct bpf_verifier_env *env, int subprog,
struct bpf_reg_state *reg); struct bpf_reg_state *reg);
int btf_check_type_match(struct bpf_verifier_log *log, const struct bpf_prog *prog, int btf_check_type_match(struct bpf_verifier_log *log, const struct bpf_prog *prog,
...@@ -1557,6 +1566,10 @@ struct bpf_link *bpf_link_by_id(u32 id); ...@@ -1557,6 +1566,10 @@ struct bpf_link *bpf_link_by_id(u32 id);
const struct bpf_func_proto *bpf_base_func_proto(enum bpf_func_id func_id); const struct bpf_func_proto *bpf_base_func_proto(enum bpf_func_id func_id);
void bpf_task_storage_free(struct task_struct *task); void bpf_task_storage_free(struct task_struct *task);
bool bpf_prog_has_kfunc_call(const struct bpf_prog *prog);
const struct btf_func_model *
bpf_jit_find_kfunc_model(const struct bpf_prog *prog,
const struct bpf_insn *insn);
#else /* !CONFIG_BPF_SYSCALL */ #else /* !CONFIG_BPF_SYSCALL */
static inline struct bpf_prog *bpf_prog_get(u32 ufd) static inline struct bpf_prog *bpf_prog_get(u32 ufd)
{ {
...@@ -1719,6 +1732,11 @@ static inline int bpf_prog_test_run_sk_lookup(struct bpf_prog *prog, ...@@ -1719,6 +1732,11 @@ static inline int bpf_prog_test_run_sk_lookup(struct bpf_prog *prog,
return -ENOTSUPP; return -ENOTSUPP;
} }
static inline bool bpf_prog_test_check_kfunc_call(u32 kfunc_id)
{
return false;
}
static inline void bpf_map_put(struct bpf_map *map) static inline void bpf_map_put(struct bpf_map *map)
{ {
} }
...@@ -1737,6 +1755,18 @@ bpf_base_func_proto(enum bpf_func_id func_id) ...@@ -1737,6 +1755,18 @@ bpf_base_func_proto(enum bpf_func_id func_id)
static inline void bpf_task_storage_free(struct task_struct *task) static inline void bpf_task_storage_free(struct task_struct *task)
{ {
} }
static inline bool bpf_prog_has_kfunc_call(const struct bpf_prog *prog)
{
return false;
}
static inline const struct btf_func_model *
bpf_jit_find_kfunc_model(const struct bpf_prog *prog,
const struct bpf_insn *insn)
{
return NULL;
}
#endif /* CONFIG_BPF_SYSCALL */ #endif /* CONFIG_BPF_SYSCALL */
void __bpf_free_used_btfs(struct bpf_prog_aux *aux, void __bpf_free_used_btfs(struct bpf_prog_aux *aux,
......
...@@ -110,6 +110,7 @@ const struct btf_type *btf_type_resolve_func_ptr(const struct btf *btf, ...@@ -110,6 +110,7 @@ const struct btf_type *btf_type_resolve_func_ptr(const struct btf *btf,
const struct btf_type * const struct btf_type *
btf_resolve_size(const struct btf *btf, const struct btf_type *type, btf_resolve_size(const struct btf *btf, const struct btf_type *type,
u32 *type_size); u32 *type_size);
const char *btf_type_str(const struct btf_type *t);
#define for_each_member(i, struct_type, member) \ #define for_each_member(i, struct_type, member) \
for (i = 0, member = btf_type_member(struct_type); \ for (i = 0, member = btf_type_member(struct_type); \
...@@ -141,6 +142,11 @@ static inline bool btf_type_is_enum(const struct btf_type *t) ...@@ -141,6 +142,11 @@ static inline bool btf_type_is_enum(const struct btf_type *t)
return BTF_INFO_KIND(t->info) == BTF_KIND_ENUM; return BTF_INFO_KIND(t->info) == BTF_KIND_ENUM;
} }
static inline bool btf_type_is_scalar(const struct btf_type *t)
{
return btf_type_is_int(t) || btf_type_is_enum(t);
}
static inline bool btf_type_is_typedef(const struct btf_type *t) static inline bool btf_type_is_typedef(const struct btf_type *t)
{ {
return BTF_INFO_KIND(t->info) == BTF_KIND_TYPEDEF; return BTF_INFO_KIND(t->info) == BTF_KIND_TYPEDEF;
......
...@@ -877,8 +877,7 @@ void bpf_prog_free_linfo(struct bpf_prog *prog); ...@@ -877,8 +877,7 @@ void bpf_prog_free_linfo(struct bpf_prog *prog);
void bpf_prog_fill_jited_linfo(struct bpf_prog *prog, void bpf_prog_fill_jited_linfo(struct bpf_prog *prog,
const u32 *insn_to_jit_off); const u32 *insn_to_jit_off);
int bpf_prog_alloc_jited_linfo(struct bpf_prog *prog); int bpf_prog_alloc_jited_linfo(struct bpf_prog *prog);
void bpf_prog_free_jited_linfo(struct bpf_prog *prog); void bpf_prog_jit_attempt_done(struct bpf_prog *prog);
void bpf_prog_free_unused_jited_linfo(struct bpf_prog *prog);
struct bpf_prog *bpf_prog_alloc(unsigned int size, gfp_t gfp_extra_flags); struct bpf_prog *bpf_prog_alloc(unsigned int size, gfp_t gfp_extra_flags);
struct bpf_prog *bpf_prog_alloc_no_stats(unsigned int size, gfp_t gfp_extra_flags); struct bpf_prog *bpf_prog_alloc_no_stats(unsigned int size, gfp_t gfp_extra_flags);
...@@ -919,6 +918,7 @@ u64 __bpf_call_base(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5); ...@@ -919,6 +918,7 @@ u64 __bpf_call_base(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5);
struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog); struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog);
void bpf_jit_compile(struct bpf_prog *prog); void bpf_jit_compile(struct bpf_prog *prog);
bool bpf_jit_needs_zext(void); bool bpf_jit_needs_zext(void);
bool bpf_jit_supports_kfunc_call(void);
bool bpf_helper_changes_pkt_data(void *func); bool bpf_helper_changes_pkt_data(void *func);
static inline bool bpf_dump_raw_ok(const struct cred *cred) static inline bool bpf_dump_raw_ok(const struct cred *cred)
......
...@@ -1117,6 +1117,10 @@ enum bpf_link_type { ...@@ -1117,6 +1117,10 @@ enum bpf_link_type {
* offset to another bpf function * offset to another bpf function
*/ */
#define BPF_PSEUDO_CALL 1 #define BPF_PSEUDO_CALL 1
/* when bpf_call->src_reg == BPF_PSEUDO_KFUNC_CALL,
* bpf_call->imm == btf_id of a BTF_KIND_FUNC in the running kernel
*/
#define BPF_PSEUDO_KFUNC_CALL 2
/* flags for BPF_MAP_UPDATE_ELEM command */ /* flags for BPF_MAP_UPDATE_ELEM command */
enum { enum {
......
...@@ -283,7 +283,7 @@ static const char * const btf_kind_str[NR_BTF_KINDS] = { ...@@ -283,7 +283,7 @@ static const char * const btf_kind_str[NR_BTF_KINDS] = {
[BTF_KIND_FLOAT] = "FLOAT", [BTF_KIND_FLOAT] = "FLOAT",
}; };
static const char *btf_type_str(const struct btf_type *t) const char *btf_type_str(const struct btf_type *t)
{ {
return btf_kind_str[BTF_INFO_KIND(t->info)]; return btf_kind_str[BTF_INFO_KIND(t->info)];
} }
...@@ -4377,7 +4377,7 @@ static u8 bpf_ctx_convert_map[] = { ...@@ -4377,7 +4377,7 @@ static u8 bpf_ctx_convert_map[] = {
#undef BPF_LINK_TYPE #undef BPF_LINK_TYPE
static const struct btf_member * static const struct btf_member *
btf_get_prog_ctx_type(struct bpf_verifier_log *log, struct btf *btf, btf_get_prog_ctx_type(struct bpf_verifier_log *log, const struct btf *btf,
const struct btf_type *t, enum bpf_prog_type prog_type, const struct btf_type *t, enum bpf_prog_type prog_type,
int arg) int arg)
{ {
...@@ -5362,122 +5362,190 @@ int btf_check_type_match(struct bpf_verifier_log *log, const struct bpf_prog *pr ...@@ -5362,122 +5362,190 @@ int btf_check_type_match(struct bpf_verifier_log *log, const struct bpf_prog *pr
return btf_check_func_type_match(log, btf1, t1, btf2, t2); return btf_check_func_type_match(log, btf1, t1, btf2, t2);
} }
/* Compare BTF of a function with given bpf_reg_state. static u32 *reg2btf_ids[__BPF_REG_TYPE_MAX] = {
* Returns: #ifdef CONFIG_NET
* EFAULT - there is a verifier bug. Abort verification. [PTR_TO_SOCKET] = &btf_sock_ids[BTF_SOCK_TYPE_SOCK],
* EINVAL - there is a type mismatch or BTF is not available. [PTR_TO_SOCK_COMMON] = &btf_sock_ids[BTF_SOCK_TYPE_SOCK_COMMON],
* 0 - BTF matches with what bpf_reg_state expects. [PTR_TO_TCP_SOCK] = &btf_sock_ids[BTF_SOCK_TYPE_TCP],
* Only PTR_TO_CTX and SCALAR_VALUE states are recognized. #endif
*/ };
int btf_check_func_arg_match(struct bpf_verifier_env *env, int subprog,
struct bpf_reg_state *regs) static int btf_check_func_arg_match(struct bpf_verifier_env *env,
const struct btf *btf, u32 func_id,
struct bpf_reg_state *regs,
bool ptr_to_mem_ok)
{ {
struct bpf_verifier_log *log = &env->log; struct bpf_verifier_log *log = &env->log;
struct bpf_prog *prog = env->prog; const char *func_name, *ref_tname;
struct btf *btf = prog->aux->btf;
const struct btf_param *args;
const struct btf_type *t, *ref_t; const struct btf_type *t, *ref_t;
u32 i, nargs, btf_id, type_size; const struct btf_param *args;
const char *tname; u32 i, nargs, ref_id;
bool is_global;
if (!prog->aux->func_info)
return -EINVAL;
btf_id = prog->aux->func_info[subprog].type_id;
if (!btf_id)
return -EFAULT;
if (prog->aux->func_info_aux[subprog].unreliable)
return -EINVAL;
t = btf_type_by_id(btf, btf_id); t = btf_type_by_id(btf, func_id);
if (!t || !btf_type_is_func(t)) { if (!t || !btf_type_is_func(t)) {
/* These checks were already done by the verifier while loading /* These checks were already done by the verifier while loading
* struct bpf_func_info * struct bpf_func_info or in add_kfunc_call().
*/ */
bpf_log(log, "BTF of func#%d doesn't point to KIND_FUNC\n", bpf_log(log, "BTF of func_id %u doesn't point to KIND_FUNC\n",
subprog); func_id);
return -EFAULT; return -EFAULT;
} }
tname = btf_name_by_offset(btf, t->name_off); func_name = btf_name_by_offset(btf, t->name_off);
t = btf_type_by_id(btf, t->type); t = btf_type_by_id(btf, t->type);
if (!t || !btf_type_is_func_proto(t)) { if (!t || !btf_type_is_func_proto(t)) {
bpf_log(log, "Invalid BTF of func %s\n", tname); bpf_log(log, "Invalid BTF of func %s\n", func_name);
return -EFAULT; return -EFAULT;
} }
args = (const struct btf_param *)(t + 1); args = (const struct btf_param *)(t + 1);
nargs = btf_type_vlen(t); nargs = btf_type_vlen(t);
if (nargs > MAX_BPF_FUNC_REG_ARGS) { if (nargs > MAX_BPF_FUNC_REG_ARGS) {
bpf_log(log, "Function %s has %d > %d args\n", tname, nargs, bpf_log(log, "Function %s has %d > %d args\n", func_name, nargs,
MAX_BPF_FUNC_REG_ARGS); MAX_BPF_FUNC_REG_ARGS);
goto out; return -EINVAL;
} }
is_global = prog->aux->func_info_aux[subprog].linkage == BTF_FUNC_GLOBAL;
/* check that BTF function arguments match actual types that the /* check that BTF function arguments match actual types that the
* verifier sees. * verifier sees.
*/ */
for (i = 0; i < nargs; i++) { for (i = 0; i < nargs; i++) {
struct bpf_reg_state *reg = &regs[i + 1]; u32 regno = i + 1;
struct bpf_reg_state *reg = &regs[regno];
t = btf_type_by_id(btf, args[i].type); t = btf_type_skip_modifiers(btf, args[i].type, NULL);
while (btf_type_is_modifier(t)) if (btf_type_is_scalar(t)) {
t = btf_type_by_id(btf, t->type);
if (btf_type_is_int(t) || btf_type_is_enum(t)) {
if (reg->type == SCALAR_VALUE) if (reg->type == SCALAR_VALUE)
continue; continue;
bpf_log(log, "R%d is not a scalar\n", i + 1); bpf_log(log, "R%d is not a scalar\n", regno);
goto out; return -EINVAL;
} }
if (btf_type_is_ptr(t)) {
if (!btf_type_is_ptr(t)) {
bpf_log(log, "Unrecognized arg#%d type %s\n",
i, btf_type_str(t));
return -EINVAL;
}
ref_t = btf_type_skip_modifiers(btf, t->type, &ref_id);
ref_tname = btf_name_by_offset(btf, ref_t->name_off);
if (btf_is_kernel(btf)) {
const struct btf_type *reg_ref_t;
const struct btf *reg_btf;
const char *reg_ref_tname;
u32 reg_ref_id;
if (!btf_type_is_struct(ref_t)) {
bpf_log(log, "kernel function %s args#%d pointer type %s %s is not supported\n",
func_name, i, btf_type_str(ref_t),
ref_tname);
return -EINVAL;
}
if (reg->type == PTR_TO_BTF_ID) {
reg_btf = reg->btf;
reg_ref_id = reg->btf_id;
} else if (reg2btf_ids[reg->type]) {
reg_btf = btf_vmlinux;
reg_ref_id = *reg2btf_ids[reg->type];
} else {
bpf_log(log, "kernel function %s args#%d expected pointer to %s %s but R%d is not a pointer to btf_id\n",
func_name, i,
btf_type_str(ref_t), ref_tname, regno);
return -EINVAL;
}
reg_ref_t = btf_type_skip_modifiers(reg_btf, reg_ref_id,
&reg_ref_id);
reg_ref_tname = btf_name_by_offset(reg_btf,
reg_ref_t->name_off);
if (!btf_struct_ids_match(log, reg_btf, reg_ref_id,
reg->off, btf, ref_id)) {
bpf_log(log, "kernel function %s args#%d expected pointer to %s %s but R%d has a pointer to %s %s\n",
func_name, i,
btf_type_str(ref_t), ref_tname,
regno, btf_type_str(reg_ref_t),
reg_ref_tname);
return -EINVAL;
}
} else if (btf_get_prog_ctx_type(log, btf, t,
env->prog->type, i)) {
/* If function expects ctx type in BTF check that caller /* If function expects ctx type in BTF check that caller
* is passing PTR_TO_CTX. * is passing PTR_TO_CTX.
*/ */
if (btf_get_prog_ctx_type(log, btf, t, prog->type, i)) { if (reg->type != PTR_TO_CTX) {
if (reg->type != PTR_TO_CTX) { bpf_log(log,
bpf_log(log, "arg#%d expected pointer to ctx, but got %s\n",
"arg#%d expected pointer to ctx, but got %s\n", i, btf_type_str(t));
i, btf_kind_str[BTF_INFO_KIND(t->info)]); return -EINVAL;
goto out;
}
if (check_ctx_reg(env, reg, i + 1))
goto out;
continue;
} }
if (check_ctx_reg(env, reg, regno))
return -EINVAL;
} else if (ptr_to_mem_ok) {
const struct btf_type *resolve_ret;
u32 type_size;
if (!is_global) resolve_ret = btf_resolve_size(btf, ref_t, &type_size);
goto out; if (IS_ERR(resolve_ret)) {
t = btf_type_skip_modifiers(btf, t->type, NULL);
ref_t = btf_resolve_size(btf, t, &type_size);
if (IS_ERR(ref_t)) {
bpf_log(log, bpf_log(log,
"arg#%d reference type('%s %s') size cannot be determined: %ld\n", "arg#%d reference type('%s %s') size cannot be determined: %ld\n",
i, btf_type_str(t), btf_name_by_offset(btf, t->name_off), i, btf_type_str(ref_t), ref_tname,
PTR_ERR(ref_t)); PTR_ERR(resolve_ret));
goto out; return -EINVAL;
} }
if (check_mem_reg(env, reg, i + 1, type_size)) if (check_mem_reg(env, reg, regno, type_size))
goto out; return -EINVAL;
} else {
continue; return -EINVAL;
} }
bpf_log(log, "Unrecognized arg#%d type %s\n",
i, btf_kind_str[BTF_INFO_KIND(t->info)]);
goto out;
} }
return 0; return 0;
out: }
/* Compare BTF of a function with given bpf_reg_state.
* Returns:
* EFAULT - there is a verifier bug. Abort verification.
* EINVAL - there is a type mismatch or BTF is not available.
* 0 - BTF matches with what bpf_reg_state expects.
* Only PTR_TO_CTX and SCALAR_VALUE states are recognized.
*/
int btf_check_subprog_arg_match(struct bpf_verifier_env *env, int subprog,
struct bpf_reg_state *regs)
{
struct bpf_prog *prog = env->prog;
struct btf *btf = prog->aux->btf;
bool is_global;
u32 btf_id;
int err;
if (!prog->aux->func_info)
return -EINVAL;
btf_id = prog->aux->func_info[subprog].type_id;
if (!btf_id)
return -EFAULT;
if (prog->aux->func_info_aux[subprog].unreliable)
return -EINVAL;
is_global = prog->aux->func_info_aux[subprog].linkage == BTF_FUNC_GLOBAL;
err = btf_check_func_arg_match(env, btf, btf_id, regs, is_global);
/* Compiler optimizations can remove arguments from static functions /* Compiler optimizations can remove arguments from static functions
* or mismatched type can be passed into a global function. * or mismatched type can be passed into a global function.
* In such cases mark the function as unreliable from BTF point of view. * In such cases mark the function as unreliable from BTF point of view.
*/ */
prog->aux->func_info_aux[subprog].unreliable = true; if (err)
return -EINVAL; prog->aux->func_info_aux[subprog].unreliable = true;
return err;
}
int btf_check_kfunc_arg_match(struct bpf_verifier_env *env,
const struct btf *btf, u32 func_id,
struct bpf_reg_state *regs)
{
return btf_check_func_arg_match(env, btf, func_id, regs, false);
} }
/* Convert BTF of a function into bpf_reg_state if possible /* Convert BTF of a function into bpf_reg_state if possible
......
...@@ -143,25 +143,25 @@ int bpf_prog_alloc_jited_linfo(struct bpf_prog *prog) ...@@ -143,25 +143,25 @@ int bpf_prog_alloc_jited_linfo(struct bpf_prog *prog)
if (!prog->aux->nr_linfo || !prog->jit_requested) if (!prog->aux->nr_linfo || !prog->jit_requested)
return 0; return 0;
prog->aux->jited_linfo = kcalloc(prog->aux->nr_linfo, prog->aux->jited_linfo = kvcalloc(prog->aux->nr_linfo,
sizeof(*prog->aux->jited_linfo), sizeof(*prog->aux->jited_linfo),
GFP_KERNEL_ACCOUNT | __GFP_NOWARN); GFP_KERNEL_ACCOUNT | __GFP_NOWARN);
if (!prog->aux->jited_linfo) if (!prog->aux->jited_linfo)
return -ENOMEM; return -ENOMEM;
return 0; return 0;
} }
void bpf_prog_free_jited_linfo(struct bpf_prog *prog) void bpf_prog_jit_attempt_done(struct bpf_prog *prog)
{ {
kfree(prog->aux->jited_linfo); if (prog->aux->jited_linfo &&
prog->aux->jited_linfo = NULL; (!prog->jited || !prog->aux->jited_linfo[0])) {
} kvfree(prog->aux->jited_linfo);
prog->aux->jited_linfo = NULL;
}
void bpf_prog_free_unused_jited_linfo(struct bpf_prog *prog) kfree(prog->aux->kfunc_tab);
{ prog->aux->kfunc_tab = NULL;
if (prog->aux->jited_linfo && !prog->aux->jited_linfo[0])
bpf_prog_free_jited_linfo(prog);
} }
/* The jit engine is responsible to provide an array /* The jit engine is responsible to provide an array
...@@ -217,12 +217,6 @@ void bpf_prog_fill_jited_linfo(struct bpf_prog *prog, ...@@ -217,12 +217,6 @@ void bpf_prog_fill_jited_linfo(struct bpf_prog *prog,
insn_to_jit_off[linfo[i].insn_off - insn_start - 1]; insn_to_jit_off[linfo[i].insn_off - insn_start - 1];
} }
void bpf_prog_free_linfo(struct bpf_prog *prog)
{
bpf_prog_free_jited_linfo(prog);
kvfree(prog->aux->linfo);
}
struct bpf_prog *bpf_prog_realloc(struct bpf_prog *fp_old, unsigned int size, struct bpf_prog *bpf_prog_realloc(struct bpf_prog *fp_old, unsigned int size,
gfp_t gfp_extra_flags) gfp_t gfp_extra_flags)
{ {
...@@ -1849,9 +1843,15 @@ struct bpf_prog *bpf_prog_select_runtime(struct bpf_prog *fp, int *err) ...@@ -1849,9 +1843,15 @@ struct bpf_prog *bpf_prog_select_runtime(struct bpf_prog *fp, int *err)
/* In case of BPF to BPF calls, verifier did all the prep /* In case of BPF to BPF calls, verifier did all the prep
* work with regards to JITing, etc. * work with regards to JITing, etc.
*/ */
bool jit_needed = false;
if (fp->bpf_func) if (fp->bpf_func)
goto finalize; goto finalize;
if (IS_ENABLED(CONFIG_BPF_JIT_ALWAYS_ON) ||
bpf_prog_has_kfunc_call(fp))
jit_needed = true;
bpf_prog_select_func(fp); bpf_prog_select_func(fp);
/* eBPF JITs can rewrite the program in case constant /* eBPF JITs can rewrite the program in case constant
...@@ -1866,14 +1866,10 @@ struct bpf_prog *bpf_prog_select_runtime(struct bpf_prog *fp, int *err) ...@@ -1866,14 +1866,10 @@ struct bpf_prog *bpf_prog_select_runtime(struct bpf_prog *fp, int *err)
return fp; return fp;
fp = bpf_int_jit_compile(fp); fp = bpf_int_jit_compile(fp);
if (!fp->jited) { bpf_prog_jit_attempt_done(fp);
bpf_prog_free_jited_linfo(fp); if (!fp->jited && jit_needed) {
#ifdef CONFIG_BPF_JIT_ALWAYS_ON
*err = -ENOTSUPP; *err = -ENOTSUPP;
return fp; return fp;
#endif
} else {
bpf_prog_free_unused_jited_linfo(fp);
} }
} else { } else {
*err = bpf_prog_offload_compile(fp); *err = bpf_prog_offload_compile(fp);
...@@ -2354,6 +2350,11 @@ bool __weak bpf_jit_needs_zext(void) ...@@ -2354,6 +2350,11 @@ bool __weak bpf_jit_needs_zext(void)
return false; return false;
} }
bool __weak bpf_jit_supports_kfunc_call(void)
{
return false;
}
/* To execute LD_ABS/LD_IND instructions __bpf_prog_run() may call /* To execute LD_ABS/LD_IND instructions __bpf_prog_run() may call
* skb_copy_bits(), so provide a weak definition of it for NET-less config. * skb_copy_bits(), so provide a weak definition of it for NET-less config.
*/ */
......
...@@ -19,16 +19,23 @@ static const char *__func_get_name(const struct bpf_insn_cbs *cbs, ...@@ -19,16 +19,23 @@ static const char *__func_get_name(const struct bpf_insn_cbs *cbs,
{ {
BUILD_BUG_ON(ARRAY_SIZE(func_id_str) != __BPF_FUNC_MAX_ID); BUILD_BUG_ON(ARRAY_SIZE(func_id_str) != __BPF_FUNC_MAX_ID);
if (insn->src_reg != BPF_PSEUDO_CALL && if (!insn->src_reg &&
insn->imm >= 0 && insn->imm < __BPF_FUNC_MAX_ID && insn->imm >= 0 && insn->imm < __BPF_FUNC_MAX_ID &&
func_id_str[insn->imm]) func_id_str[insn->imm])
return func_id_str[insn->imm]; return func_id_str[insn->imm];
if (cbs && cbs->cb_call) if (cbs && cbs->cb_call) {
return cbs->cb_call(cbs->private_data, insn); const char *res;
res = cbs->cb_call(cbs->private_data, insn);
if (res)
return res;
}
if (insn->src_reg == BPF_PSEUDO_CALL) if (insn->src_reg == BPF_PSEUDO_CALL)
snprintf(buff, len, "%+d", insn->imm); snprintf(buff, len, "%+d", insn->imm);
else if (insn->src_reg == BPF_PSEUDO_KFUNC_CALL)
snprintf(buff, len, "kernel-function");
return buff; return buff;
} }
......
...@@ -1694,7 +1694,9 @@ static void __bpf_prog_put_noref(struct bpf_prog *prog, bool deferred) ...@@ -1694,7 +1694,9 @@ static void __bpf_prog_put_noref(struct bpf_prog *prog, bool deferred)
{ {
bpf_prog_kallsyms_del_all(prog); bpf_prog_kallsyms_del_all(prog);
btf_put(prog->aux->btf); btf_put(prog->aux->btf);
bpf_prog_free_linfo(prog); kvfree(prog->aux->jited_linfo);
kvfree(prog->aux->linfo);
kfree(prog->aux->kfunc_tab);
if (prog->aux->attach_btf) if (prog->aux->attach_btf)
btf_put(prog->aux->attach_btf); btf_put(prog->aux->attach_btf);
......
This diff is collapsed.
...@@ -2,6 +2,7 @@ ...@@ -2,6 +2,7 @@
/* Copyright (c) 2017 Facebook /* Copyright (c) 2017 Facebook
*/ */
#include <linux/bpf.h> #include <linux/bpf.h>
#include <linux/btf_ids.h>
#include <linux/slab.h> #include <linux/slab.h>
#include <linux/vmalloc.h> #include <linux/vmalloc.h>
#include <linux/etherdevice.h> #include <linux/etherdevice.h>
...@@ -213,10 +214,37 @@ int noinline bpf_modify_return_test(int a, int *b) ...@@ -213,10 +214,37 @@ int noinline bpf_modify_return_test(int a, int *b)
*b += 1; *b += 1;
return a + *b; return a + *b;
} }
u64 noinline bpf_kfunc_call_test1(struct sock *sk, u32 a, u64 b, u32 c, u64 d)
{
return a + b + c + d;
}
int noinline bpf_kfunc_call_test2(struct sock *sk, u32 a, u32 b)
{
return a + b;
}
struct sock * noinline bpf_kfunc_call_test3(struct sock *sk)
{
return sk;
}
__diag_pop(); __diag_pop();
ALLOW_ERROR_INJECTION(bpf_modify_return_test, ERRNO); ALLOW_ERROR_INJECTION(bpf_modify_return_test, ERRNO);
BTF_SET_START(test_sk_kfunc_ids)
BTF_ID(func, bpf_kfunc_call_test1)
BTF_ID(func, bpf_kfunc_call_test2)
BTF_ID(func, bpf_kfunc_call_test3)
BTF_SET_END(test_sk_kfunc_ids)
bool bpf_prog_test_check_kfunc_call(u32 kfunc_id)
{
return btf_id_set_contains(&test_sk_kfunc_ids, kfunc_id);
}
static void *bpf_test_init(const union bpf_attr *kattr, u32 size, static void *bpf_test_init(const union bpf_attr *kattr, u32 size,
u32 headroom, u32 tailroom) u32 headroom, u32 tailroom)
{ {
......
...@@ -9813,6 +9813,7 @@ const struct bpf_verifier_ops tc_cls_act_verifier_ops = { ...@@ -9813,6 +9813,7 @@ const struct bpf_verifier_ops tc_cls_act_verifier_ops = {
.convert_ctx_access = tc_cls_act_convert_ctx_access, .convert_ctx_access = tc_cls_act_convert_ctx_access,
.gen_prologue = tc_cls_act_prologue, .gen_prologue = tc_cls_act_prologue,
.gen_ld_abs = bpf_gen_ld_abs, .gen_ld_abs = bpf_gen_ld_abs,
.check_kfunc_call = bpf_prog_test_check_kfunc_call,
}; };
const struct bpf_prog_ops tc_cls_act_prog_ops = { const struct bpf_prog_ops tc_cls_act_prog_ops = {
......
...@@ -5,6 +5,7 @@ ...@@ -5,6 +5,7 @@
#include <linux/bpf_verifier.h> #include <linux/bpf_verifier.h>
#include <linux/bpf.h> #include <linux/bpf.h>
#include <linux/btf.h> #include <linux/btf.h>
#include <linux/btf_ids.h>
#include <linux/filter.h> #include <linux/filter.h>
#include <net/tcp.h> #include <net/tcp.h>
#include <net/bpf_sk_storage.h> #include <net/bpf_sk_storage.h>
...@@ -178,10 +179,50 @@ bpf_tcp_ca_get_func_proto(enum bpf_func_id func_id, ...@@ -178,10 +179,50 @@ bpf_tcp_ca_get_func_proto(enum bpf_func_id func_id,
} }
} }
BTF_SET_START(bpf_tcp_ca_kfunc_ids)
BTF_ID(func, tcp_reno_ssthresh)
BTF_ID(func, tcp_reno_cong_avoid)
BTF_ID(func, tcp_reno_undo_cwnd)
BTF_ID(func, tcp_slow_start)
BTF_ID(func, tcp_cong_avoid_ai)
#if IS_BUILTIN(CONFIG_TCP_CONG_CUBIC)
BTF_ID(func, cubictcp_init)
BTF_ID(func, cubictcp_recalc_ssthresh)
BTF_ID(func, cubictcp_cong_avoid)
BTF_ID(func, cubictcp_state)
BTF_ID(func, cubictcp_cwnd_event)
BTF_ID(func, cubictcp_acked)
#endif
#if IS_BUILTIN(CONFIG_TCP_CONG_DCTCP)
BTF_ID(func, dctcp_init)
BTF_ID(func, dctcp_update_alpha)
BTF_ID(func, dctcp_cwnd_event)
BTF_ID(func, dctcp_ssthresh)
BTF_ID(func, dctcp_cwnd_undo)
BTF_ID(func, dctcp_state)
#endif
#if IS_BUILTIN(CONFIG_TCP_CONG_BBR)
BTF_ID(func, bbr_init)
BTF_ID(func, bbr_main)
BTF_ID(func, bbr_sndbuf_expand)
BTF_ID(func, bbr_undo_cwnd)
BTF_ID(func, bbr_cwnd_even),
BTF_ID(func, bbr_ssthresh)
BTF_ID(func, bbr_min_tso_segs)
BTF_ID(func, bbr_set_state)
#endif
BTF_SET_END(bpf_tcp_ca_kfunc_ids)
static bool bpf_tcp_ca_check_kfunc_call(u32 kfunc_btf_id)
{
return btf_id_set_contains(&bpf_tcp_ca_kfunc_ids, kfunc_btf_id);
}
static const struct bpf_verifier_ops bpf_tcp_ca_verifier_ops = { static const struct bpf_verifier_ops bpf_tcp_ca_verifier_ops = {
.get_func_proto = bpf_tcp_ca_get_func_proto, .get_func_proto = bpf_tcp_ca_get_func_proto,
.is_valid_access = bpf_tcp_ca_is_valid_access, .is_valid_access = bpf_tcp_ca_is_valid_access,
.btf_struct_access = bpf_tcp_ca_btf_struct_access, .btf_struct_access = bpf_tcp_ca_btf_struct_access,
.check_kfunc_call = bpf_tcp_ca_check_kfunc_call,
}; };
static int bpf_tcp_ca_init_member(const struct btf_type *t, static int bpf_tcp_ca_init_member(const struct btf_type *t,
......
...@@ -124,7 +124,7 @@ static inline void bictcp_hystart_reset(struct sock *sk) ...@@ -124,7 +124,7 @@ static inline void bictcp_hystart_reset(struct sock *sk)
ca->sample_cnt = 0; ca->sample_cnt = 0;
} }
static void bictcp_init(struct sock *sk) static void cubictcp_init(struct sock *sk)
{ {
struct bictcp *ca = inet_csk_ca(sk); struct bictcp *ca = inet_csk_ca(sk);
...@@ -137,7 +137,7 @@ static void bictcp_init(struct sock *sk) ...@@ -137,7 +137,7 @@ static void bictcp_init(struct sock *sk)
tcp_sk(sk)->snd_ssthresh = initial_ssthresh; tcp_sk(sk)->snd_ssthresh = initial_ssthresh;
} }
static void bictcp_cwnd_event(struct sock *sk, enum tcp_ca_event event) static void cubictcp_cwnd_event(struct sock *sk, enum tcp_ca_event event)
{ {
if (event == CA_EVENT_TX_START) { if (event == CA_EVENT_TX_START) {
struct bictcp *ca = inet_csk_ca(sk); struct bictcp *ca = inet_csk_ca(sk);
...@@ -319,7 +319,7 @@ static inline void bictcp_update(struct bictcp *ca, u32 cwnd, u32 acked) ...@@ -319,7 +319,7 @@ static inline void bictcp_update(struct bictcp *ca, u32 cwnd, u32 acked)
ca->cnt = max(ca->cnt, 2U); ca->cnt = max(ca->cnt, 2U);
} }
static void bictcp_cong_avoid(struct sock *sk, u32 ack, u32 acked) static void cubictcp_cong_avoid(struct sock *sk, u32 ack, u32 acked)
{ {
struct tcp_sock *tp = tcp_sk(sk); struct tcp_sock *tp = tcp_sk(sk);
struct bictcp *ca = inet_csk_ca(sk); struct bictcp *ca = inet_csk_ca(sk);
...@@ -338,7 +338,7 @@ static void bictcp_cong_avoid(struct sock *sk, u32 ack, u32 acked) ...@@ -338,7 +338,7 @@ static void bictcp_cong_avoid(struct sock *sk, u32 ack, u32 acked)
tcp_cong_avoid_ai(tp, ca->cnt, acked); tcp_cong_avoid_ai(tp, ca->cnt, acked);
} }
static u32 bictcp_recalc_ssthresh(struct sock *sk) static u32 cubictcp_recalc_ssthresh(struct sock *sk)
{ {
const struct tcp_sock *tp = tcp_sk(sk); const struct tcp_sock *tp = tcp_sk(sk);
struct bictcp *ca = inet_csk_ca(sk); struct bictcp *ca = inet_csk_ca(sk);
...@@ -355,7 +355,7 @@ static u32 bictcp_recalc_ssthresh(struct sock *sk) ...@@ -355,7 +355,7 @@ static u32 bictcp_recalc_ssthresh(struct sock *sk)
return max((tp->snd_cwnd * beta) / BICTCP_BETA_SCALE, 2U); return max((tp->snd_cwnd * beta) / BICTCP_BETA_SCALE, 2U);
} }
static void bictcp_state(struct sock *sk, u8 new_state) static void cubictcp_state(struct sock *sk, u8 new_state)
{ {
if (new_state == TCP_CA_Loss) { if (new_state == TCP_CA_Loss) {
bictcp_reset(inet_csk_ca(sk)); bictcp_reset(inet_csk_ca(sk));
...@@ -442,7 +442,7 @@ static void hystart_update(struct sock *sk, u32 delay) ...@@ -442,7 +442,7 @@ static void hystart_update(struct sock *sk, u32 delay)
} }
} }
static void bictcp_acked(struct sock *sk, const struct ack_sample *sample) static void cubictcp_acked(struct sock *sk, const struct ack_sample *sample)
{ {
const struct tcp_sock *tp = tcp_sk(sk); const struct tcp_sock *tp = tcp_sk(sk);
struct bictcp *ca = inet_csk_ca(sk); struct bictcp *ca = inet_csk_ca(sk);
...@@ -471,13 +471,13 @@ static void bictcp_acked(struct sock *sk, const struct ack_sample *sample) ...@@ -471,13 +471,13 @@ static void bictcp_acked(struct sock *sk, const struct ack_sample *sample)
} }
static struct tcp_congestion_ops cubictcp __read_mostly = { static struct tcp_congestion_ops cubictcp __read_mostly = {
.init = bictcp_init, .init = cubictcp_init,
.ssthresh = bictcp_recalc_ssthresh, .ssthresh = cubictcp_recalc_ssthresh,
.cong_avoid = bictcp_cong_avoid, .cong_avoid = cubictcp_cong_avoid,
.set_state = bictcp_state, .set_state = cubictcp_state,
.undo_cwnd = tcp_reno_undo_cwnd, .undo_cwnd = tcp_reno_undo_cwnd,
.cwnd_event = bictcp_cwnd_event, .cwnd_event = cubictcp_cwnd_event,
.pkts_acked = bictcp_acked, .pkts_acked = cubictcp_acked,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.name = "cubic", .name = "cubic",
}; };
......
...@@ -1117,6 +1117,10 @@ enum bpf_link_type { ...@@ -1117,6 +1117,10 @@ enum bpf_link_type {
* offset to another bpf function * offset to another bpf function
*/ */
#define BPF_PSEUDO_CALL 1 #define BPF_PSEUDO_CALL 1
/* when bpf_call->src_reg == BPF_PSEUDO_KFUNC_CALL,
* bpf_call->imm == btf_id of a BTF_KIND_FUNC in the running kernel
*/
#define BPF_PSEUDO_KFUNC_CALL 2
/* flags for BPF_MAP_UPDATE_ELEM command */ /* flags for BPF_MAP_UPDATE_ELEM command */
enum { enum {
......
This diff is collapsed.
...@@ -187,16 +187,6 @@ struct tcp_congestion_ops { ...@@ -187,16 +187,6 @@ struct tcp_congestion_ops {
typeof(y) __y = (y); \ typeof(y) __y = (y); \
__x == 0 ? __y : ((__y == 0) ? __x : min(__x, __y)); }) __x == 0 ? __y : ((__y == 0) ? __x : min(__x, __y)); })
static __always_inline __u32 tcp_slow_start(struct tcp_sock *tp, __u32 acked)
{
__u32 cwnd = min(tp->snd_cwnd + acked, tp->snd_ssthresh);
acked -= cwnd - tp->snd_cwnd;
tp->snd_cwnd = min(cwnd, tp->snd_cwnd_clamp);
return acked;
}
static __always_inline bool tcp_in_slow_start(const struct tcp_sock *tp) static __always_inline bool tcp_in_slow_start(const struct tcp_sock *tp)
{ {
return tp->snd_cwnd < tp->snd_ssthresh; return tp->snd_cwnd < tp->snd_ssthresh;
...@@ -213,22 +203,7 @@ static __always_inline bool tcp_is_cwnd_limited(const struct sock *sk) ...@@ -213,22 +203,7 @@ static __always_inline bool tcp_is_cwnd_limited(const struct sock *sk)
return !!BPF_CORE_READ_BITFIELD(tp, is_cwnd_limited); return !!BPF_CORE_READ_BITFIELD(tp, is_cwnd_limited);
} }
static __always_inline void tcp_cong_avoid_ai(struct tcp_sock *tp, __u32 w, __u32 acked) extern __u32 tcp_slow_start(struct tcp_sock *tp, __u32 acked) __ksym;
{ extern void tcp_cong_avoid_ai(struct tcp_sock *tp, __u32 w, __u32 acked) __ksym;
/* If credits accumulated at a higher w, apply them gently now. */
if (tp->snd_cwnd_cnt >= w) {
tp->snd_cwnd_cnt = 0;
tp->snd_cwnd++;
}
tp->snd_cwnd_cnt += acked;
if (tp->snd_cwnd_cnt >= w) {
__u32 delta = tp->snd_cwnd_cnt / w;
tp->snd_cwnd_cnt -= delta * w;
tp->snd_cwnd += delta;
}
tp->snd_cwnd = min(tp->snd_cwnd, tp->snd_cwnd_clamp);
}
#endif #endif
// SPDX-License-Identifier: GPL-2.0
/* Copyright (c) 2021 Facebook */
#include <test_progs.h>
#include <network_helpers.h>
#include "kfunc_call_test.skel.h"
#include "kfunc_call_test_subprog.skel.h"
static void test_main(void)
{
struct kfunc_call_test *skel;
int prog_fd, retval, err;
skel = kfunc_call_test__open_and_load();
if (!ASSERT_OK_PTR(skel, "skel"))
return;
prog_fd = bpf_program__fd(skel->progs.kfunc_call_test1);
err = bpf_prog_test_run(prog_fd, 1, &pkt_v4, sizeof(pkt_v4),
NULL, NULL, (__u32 *)&retval, NULL);
ASSERT_OK(err, "bpf_prog_test_run(test1)");
ASSERT_EQ(retval, 12, "test1-retval");
prog_fd = bpf_program__fd(skel->progs.kfunc_call_test2);
err = bpf_prog_test_run(prog_fd, 1, &pkt_v4, sizeof(pkt_v4),
NULL, NULL, (__u32 *)&retval, NULL);
ASSERT_OK(err, "bpf_prog_test_run(test2)");
ASSERT_EQ(retval, 3, "test2-retval");
kfunc_call_test__destroy(skel);
}
static void test_subprog(void)
{
struct kfunc_call_test_subprog *skel;
int prog_fd, retval, err;
skel = kfunc_call_test_subprog__open_and_load();
if (!ASSERT_OK_PTR(skel, "skel"))
return;
prog_fd = bpf_program__fd(skel->progs.kfunc_call_test1);
err = bpf_prog_test_run(prog_fd, 1, &pkt_v4, sizeof(pkt_v4),
NULL, NULL, (__u32 *)&retval, NULL);
ASSERT_OK(err, "bpf_prog_test_run(test1)");
ASSERT_EQ(retval, 10, "test1-retval");
ASSERT_NEQ(skel->data->active_res, -1, "active_res");
ASSERT_EQ(skel->data->sk_state, BPF_TCP_CLOSE, "sk_state");
kfunc_call_test_subprog__destroy(skel);
}
void test_kfunc_call(void)
{
if (test__start_subtest("main"))
test_main();
if (test__start_subtest("subprog"))
test_subprog();
}
...@@ -174,8 +174,8 @@ static __always_inline void bictcp_hystart_reset(struct sock *sk) ...@@ -174,8 +174,8 @@ static __always_inline void bictcp_hystart_reset(struct sock *sk)
* as long as it is used in one of the func ptr * as long as it is used in one of the func ptr
* under SEC(".struct_ops"). * under SEC(".struct_ops").
*/ */
SEC("struct_ops/bictcp_init") SEC("struct_ops/bpf_cubic_init")
void BPF_PROG(bictcp_init, struct sock *sk) void BPF_PROG(bpf_cubic_init, struct sock *sk)
{ {
struct bictcp *ca = inet_csk_ca(sk); struct bictcp *ca = inet_csk_ca(sk);
...@@ -192,7 +192,7 @@ void BPF_PROG(bictcp_init, struct sock *sk) ...@@ -192,7 +192,7 @@ void BPF_PROG(bictcp_init, struct sock *sk)
* The remaining tcp-cubic functions have an easier way. * The remaining tcp-cubic functions have an easier way.
*/ */
SEC("no-sec-prefix-bictcp_cwnd_event") SEC("no-sec-prefix-bictcp_cwnd_event")
void BPF_PROG(bictcp_cwnd_event, struct sock *sk, enum tcp_ca_event event) void BPF_PROG(bpf_cubic_cwnd_event, struct sock *sk, enum tcp_ca_event event)
{ {
if (event == CA_EVENT_TX_START) { if (event == CA_EVENT_TX_START) {
struct bictcp *ca = inet_csk_ca(sk); struct bictcp *ca = inet_csk_ca(sk);
...@@ -384,7 +384,7 @@ static __always_inline void bictcp_update(struct bictcp *ca, __u32 cwnd, ...@@ -384,7 +384,7 @@ static __always_inline void bictcp_update(struct bictcp *ca, __u32 cwnd,
} }
/* Or simply use the BPF_STRUCT_OPS to avoid the SEC boiler plate. */ /* Or simply use the BPF_STRUCT_OPS to avoid the SEC boiler plate. */
void BPF_STRUCT_OPS(bictcp_cong_avoid, struct sock *sk, __u32 ack, __u32 acked) void BPF_STRUCT_OPS(bpf_cubic_cong_avoid, struct sock *sk, __u32 ack, __u32 acked)
{ {
struct tcp_sock *tp = tcp_sk(sk); struct tcp_sock *tp = tcp_sk(sk);
struct bictcp *ca = inet_csk_ca(sk); struct bictcp *ca = inet_csk_ca(sk);
...@@ -403,7 +403,7 @@ void BPF_STRUCT_OPS(bictcp_cong_avoid, struct sock *sk, __u32 ack, __u32 acked) ...@@ -403,7 +403,7 @@ void BPF_STRUCT_OPS(bictcp_cong_avoid, struct sock *sk, __u32 ack, __u32 acked)
tcp_cong_avoid_ai(tp, ca->cnt, acked); tcp_cong_avoid_ai(tp, ca->cnt, acked);
} }
__u32 BPF_STRUCT_OPS(bictcp_recalc_ssthresh, struct sock *sk) __u32 BPF_STRUCT_OPS(bpf_cubic_recalc_ssthresh, struct sock *sk)
{ {
const struct tcp_sock *tp = tcp_sk(sk); const struct tcp_sock *tp = tcp_sk(sk);
struct bictcp *ca = inet_csk_ca(sk); struct bictcp *ca = inet_csk_ca(sk);
...@@ -420,7 +420,7 @@ __u32 BPF_STRUCT_OPS(bictcp_recalc_ssthresh, struct sock *sk) ...@@ -420,7 +420,7 @@ __u32 BPF_STRUCT_OPS(bictcp_recalc_ssthresh, struct sock *sk)
return max((tp->snd_cwnd * beta) / BICTCP_BETA_SCALE, 2U); return max((tp->snd_cwnd * beta) / BICTCP_BETA_SCALE, 2U);
} }
void BPF_STRUCT_OPS(bictcp_state, struct sock *sk, __u8 new_state) void BPF_STRUCT_OPS(bpf_cubic_state, struct sock *sk, __u8 new_state)
{ {
if (new_state == TCP_CA_Loss) { if (new_state == TCP_CA_Loss) {
bictcp_reset(inet_csk_ca(sk)); bictcp_reset(inet_csk_ca(sk));
...@@ -496,7 +496,7 @@ static __always_inline void hystart_update(struct sock *sk, __u32 delay) ...@@ -496,7 +496,7 @@ static __always_inline void hystart_update(struct sock *sk, __u32 delay)
} }
} }
void BPF_STRUCT_OPS(bictcp_acked, struct sock *sk, void BPF_STRUCT_OPS(bpf_cubic_acked, struct sock *sk,
const struct ack_sample *sample) const struct ack_sample *sample)
{ {
const struct tcp_sock *tp = tcp_sk(sk); const struct tcp_sock *tp = tcp_sk(sk);
...@@ -525,21 +525,21 @@ void BPF_STRUCT_OPS(bictcp_acked, struct sock *sk, ...@@ -525,21 +525,21 @@ void BPF_STRUCT_OPS(bictcp_acked, struct sock *sk,
hystart_update(sk, delay); hystart_update(sk, delay);
} }
__u32 BPF_STRUCT_OPS(tcp_reno_undo_cwnd, struct sock *sk) extern __u32 tcp_reno_undo_cwnd(struct sock *sk) __ksym;
{
const struct tcp_sock *tp = tcp_sk(sk);
return max(tp->snd_cwnd, tp->prior_cwnd); __u32 BPF_STRUCT_OPS(bpf_cubic_undo_cwnd, struct sock *sk)
{
return tcp_reno_undo_cwnd(sk);
} }
SEC(".struct_ops") SEC(".struct_ops")
struct tcp_congestion_ops cubic = { struct tcp_congestion_ops cubic = {
.init = (void *)bictcp_init, .init = (void *)bpf_cubic_init,
.ssthresh = (void *)bictcp_recalc_ssthresh, .ssthresh = (void *)bpf_cubic_recalc_ssthresh,
.cong_avoid = (void *)bictcp_cong_avoid, .cong_avoid = (void *)bpf_cubic_cong_avoid,
.set_state = (void *)bictcp_state, .set_state = (void *)bpf_cubic_state,
.undo_cwnd = (void *)tcp_reno_undo_cwnd, .undo_cwnd = (void *)bpf_cubic_undo_cwnd,
.cwnd_event = (void *)bictcp_cwnd_event, .cwnd_event = (void *)bpf_cubic_cwnd_event,
.pkts_acked = (void *)bictcp_acked, .pkts_acked = (void *)bpf_cubic_acked,
.name = "bpf_cubic", .name = "bpf_cubic",
}; };
...@@ -194,22 +194,12 @@ __u32 BPF_PROG(dctcp_cwnd_undo, struct sock *sk) ...@@ -194,22 +194,12 @@ __u32 BPF_PROG(dctcp_cwnd_undo, struct sock *sk)
return max(tcp_sk(sk)->snd_cwnd, ca->loss_cwnd); return max(tcp_sk(sk)->snd_cwnd, ca->loss_cwnd);
} }
SEC("struct_ops/tcp_reno_cong_avoid") extern void tcp_reno_cong_avoid(struct sock *sk, __u32 ack, __u32 acked) __ksym;
void BPF_PROG(tcp_reno_cong_avoid, struct sock *sk, __u32 ack, __u32 acked)
{
struct tcp_sock *tp = tcp_sk(sk);
if (!tcp_is_cwnd_limited(sk))
return;
/* In "safe" area, increase. */ SEC("struct_ops/dctcp_reno_cong_avoid")
if (tcp_in_slow_start(tp)) { void BPF_PROG(dctcp_cong_avoid, struct sock *sk, __u32 ack, __u32 acked)
acked = tcp_slow_start(tp, acked); {
if (!acked) tcp_reno_cong_avoid(sk, ack, acked);
return;
}
/* In dangerous area, increase slowly. */
tcp_cong_avoid_ai(tp, tp->snd_cwnd, acked);
} }
SEC(".struct_ops") SEC(".struct_ops")
...@@ -226,7 +216,7 @@ struct tcp_congestion_ops dctcp = { ...@@ -226,7 +216,7 @@ struct tcp_congestion_ops dctcp = {
.in_ack_event = (void *)dctcp_update_alpha, .in_ack_event = (void *)dctcp_update_alpha,
.cwnd_event = (void *)dctcp_cwnd_event, .cwnd_event = (void *)dctcp_cwnd_event,
.ssthresh = (void *)dctcp_ssthresh, .ssthresh = (void *)dctcp_ssthresh,
.cong_avoid = (void *)tcp_reno_cong_avoid, .cong_avoid = (void *)dctcp_cong_avoid,
.undo_cwnd = (void *)dctcp_cwnd_undo, .undo_cwnd = (void *)dctcp_cwnd_undo,
.set_state = (void *)dctcp_state, .set_state = (void *)dctcp_state,
.flags = TCP_CONG_NEEDS_ECN, .flags = TCP_CONG_NEEDS_ECN,
......
// SPDX-License-Identifier: GPL-2.0
/* Copyright (c) 2021 Facebook */
#include <linux/bpf.h>
#include <bpf/bpf_helpers.h>
#include "bpf_tcp_helpers.h"
extern int bpf_kfunc_call_test2(struct sock *sk, __u32 a, __u32 b) __ksym;
extern __u64 bpf_kfunc_call_test1(struct sock *sk, __u32 a, __u64 b,
__u32 c, __u64 d) __ksym;
SEC("classifier")
int kfunc_call_test2(struct __sk_buff *skb)
{
struct bpf_sock *sk = skb->sk;
if (!sk)
return -1;
sk = bpf_sk_fullsock(sk);
if (!sk)
return -1;
return bpf_kfunc_call_test2((struct sock *)sk, 1, 2);
}
SEC("classifier")
int kfunc_call_test1(struct __sk_buff *skb)
{
struct bpf_sock *sk = skb->sk;
__u64 a = 1ULL << 32;
__u32 ret;
if (!sk)
return -1;
sk = bpf_sk_fullsock(sk);
if (!sk)
return -1;
a = bpf_kfunc_call_test1((struct sock *)sk, 1, a | 2, 3, a | 4);
ret = a >> 32; /* ret should be 2 */
ret += (__u32)a; /* ret should be 12 */
return ret;
}
char _license[] SEC("license") = "GPL";
// SPDX-License-Identifier: GPL-2.0
/* Copyright (c) 2021 Facebook */
#include <linux/bpf.h>
#include <bpf/bpf_helpers.h>
#include "bpf_tcp_helpers.h"
extern const int bpf_prog_active __ksym;
extern __u64 bpf_kfunc_call_test1(struct sock *sk, __u32 a, __u64 b,
__u32 c, __u64 d) __ksym;
extern struct sock *bpf_kfunc_call_test3(struct sock *sk) __ksym;
int active_res = -1;
int sk_state = -1;
int __noinline f1(struct __sk_buff *skb)
{
struct bpf_sock *sk = skb->sk;
int *active;
if (!sk)
return -1;
sk = bpf_sk_fullsock(sk);
if (!sk)
return -1;
active = (int *)bpf_per_cpu_ptr(&bpf_prog_active,
bpf_get_smp_processor_id());
if (active)
active_res = *active;
sk_state = bpf_kfunc_call_test3((struct sock *)sk)->__sk_common.skc_state;
return (__u32)bpf_kfunc_call_test1((struct sock *)sk, 1, 2, 3, 4);
}
SEC("classifier")
int kfunc_call_test1(struct __sk_buff *skb)
{
return f1(skb);
}
char _license[] SEC("license") = "GPL";
...@@ -19,7 +19,7 @@ ...@@ -19,7 +19,7 @@
BPF_MOV64_IMM(BPF_REG_0, 2), BPF_MOV64_IMM(BPF_REG_0, 2),
BPF_EXIT_INSN(), BPF_EXIT_INSN(),
}, },
.errstr_unpriv = "function calls to other bpf functions are allowed for", .errstr_unpriv = "loading/calling other bpf or kernel functions are allowed for",
.result_unpriv = REJECT, .result_unpriv = REJECT,
.result = ACCEPT, .result = ACCEPT,
.retval = 1, .retval = 1,
...@@ -136,7 +136,7 @@ ...@@ -136,7 +136,7 @@
{ {
"calls: wrong src reg", "calls: wrong src reg",
.insns = { .insns = {
BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 2, 0, 0), BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 3, 0, 0),
BPF_MOV64_IMM(BPF_REG_0, 1), BPF_MOV64_IMM(BPF_REG_0, 1),
BPF_EXIT_INSN(), BPF_EXIT_INSN(),
}, },
...@@ -397,7 +397,7 @@ ...@@ -397,7 +397,7 @@
BPF_MOV64_IMM(BPF_REG_0, 1), BPF_MOV64_IMM(BPF_REG_0, 1),
BPF_EXIT_INSN(), BPF_EXIT_INSN(),
}, },
.errstr_unpriv = "function calls to other bpf functions are allowed for", .errstr_unpriv = "loading/calling other bpf or kernel functions are allowed for",
.fixup_map_hash_48b = { 3 }, .fixup_map_hash_48b = { 3 },
.result_unpriv = REJECT, .result_unpriv = REJECT,
.result = ACCEPT, .result = ACCEPT,
...@@ -1977,7 +1977,7 @@ ...@@ -1977,7 +1977,7 @@
BPF_EXIT_INSN(), BPF_EXIT_INSN(),
}, },
.prog_type = BPF_PROG_TYPE_SOCKET_FILTER, .prog_type = BPF_PROG_TYPE_SOCKET_FILTER,
.errstr_unpriv = "function calls to other bpf functions are allowed for", .errstr_unpriv = "loading/calling other bpf or kernel functions are allowed for",
.result_unpriv = REJECT, .result_unpriv = REJECT,
.result = ACCEPT, .result = ACCEPT,
}, },
...@@ -2003,7 +2003,7 @@ ...@@ -2003,7 +2003,7 @@
BPF_EXIT_INSN(), BPF_EXIT_INSN(),
}, },
.prog_type = BPF_PROG_TYPE_SOCKET_FILTER, .prog_type = BPF_PROG_TYPE_SOCKET_FILTER,
.errstr_unpriv = "function calls to other bpf functions are allowed for", .errstr_unpriv = "loading/calling other bpf or kernel functions are allowed for",
.errstr = "!read_ok", .errstr = "!read_ok",
.result = REJECT, .result = REJECT,
}, },
...@@ -2028,7 +2028,7 @@ ...@@ -2028,7 +2028,7 @@
BPF_EXIT_INSN(), BPF_EXIT_INSN(),
}, },
.prog_type = BPF_PROG_TYPE_SOCKET_FILTER, .prog_type = BPF_PROG_TYPE_SOCKET_FILTER,
.errstr_unpriv = "function calls to other bpf functions are allowed for", .errstr_unpriv = "loading/calling other bpf or kernel functions are allowed for",
.errstr = "!read_ok", .errstr = "!read_ok",
.result = REJECT, .result = REJECT,
}, },
...@@ -85,7 +85,7 @@ ...@@ -85,7 +85,7 @@
BPF_MOV64_IMM(BPF_REG_0, 12), BPF_MOV64_IMM(BPF_REG_0, 12),
BPF_EXIT_INSN(), BPF_EXIT_INSN(),
}, },
.errstr_unpriv = "function calls to other bpf functions are allowed for", .errstr_unpriv = "loading/calling other bpf or kernel functions are allowed for",
.result_unpriv = REJECT, .result_unpriv = REJECT,
.result = ACCEPT, .result = ACCEPT,
.retval = 7, .retval = 7,
...@@ -103,7 +103,7 @@ ...@@ -103,7 +103,7 @@
BPF_MOV64_IMM(BPF_REG_0, 12), BPF_MOV64_IMM(BPF_REG_0, 12),
BPF_EXIT_INSN(), BPF_EXIT_INSN(),
}, },
.errstr_unpriv = "function calls to other bpf functions are allowed for", .errstr_unpriv = "loading/calling other bpf or kernel functions are allowed for",
.result_unpriv = REJECT, .result_unpriv = REJECT,
.result = ACCEPT, .result = ACCEPT,
.retval = 7, .retval = 7,
...@@ -121,7 +121,7 @@ ...@@ -121,7 +121,7 @@
BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 1, 0, -5), BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 1, 0, -5),
BPF_EXIT_INSN(), BPF_EXIT_INSN(),
}, },
.errstr_unpriv = "function calls to other bpf functions are allowed for", .errstr_unpriv = "loading/calling other bpf or kernel functions are allowed for",
.result_unpriv = REJECT, .result_unpriv = REJECT,
.result = ACCEPT, .result = ACCEPT,
.retval = 7, .retval = 7,
...@@ -137,7 +137,7 @@ ...@@ -137,7 +137,7 @@
BPF_MOV64_REG(BPF_REG_0, BPF_REG_1), BPF_MOV64_REG(BPF_REG_0, BPF_REG_1),
BPF_EXIT_INSN(), BPF_EXIT_INSN(),
}, },
.errstr_unpriv = "function calls to other bpf functions are allowed for", .errstr_unpriv = "loading/calling other bpf or kernel functions are allowed for",
.result_unpriv = REJECT, .result_unpriv = REJECT,
.result = ACCEPT, .result = ACCEPT,
.retval = 2, .retval = 2,
...@@ -152,7 +152,7 @@ ...@@ -152,7 +152,7 @@
BPF_MOV64_REG(BPF_REG_0, BPF_REG_1), BPF_MOV64_REG(BPF_REG_0, BPF_REG_1),
BPF_EXIT_INSN(), BPF_EXIT_INSN(),
}, },
.errstr_unpriv = "function calls to other bpf functions are allowed for", .errstr_unpriv = "loading/calling other bpf or kernel functions are allowed for",
.result_unpriv = REJECT, .result_unpriv = REJECT,
.result = ACCEPT, .result = ACCEPT,
.retval = 2, .retval = 2,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment