| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAEf4Bzbq6YoSW3VOENP6AKBXHXF6C2UJbreq6Y=bfGHA-e3YKQ@mail.gmail.com>
Date: Thu, 15 Aug 2024 15:19:02 -0700
From: Andrii Nakryiko <andrii.nakryiko@...il.com>
To: Matteo Croce <technoboy85@...il.com>
Cc: Andrii Nakryiko <andrii@...nel.org>, Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>, Steven Rostedt <rostedt@...dmis.org>,
Masami Hiramatsu <mhiramat@...nel.org>, bpf@...r.kernel.org,
linux-trace-kernel@...r.kernel.org, linux-kernel@...r.kernel.org,
Matteo Croce <teknoraver@...a.com>
Subject: Re: [PATCH bpf-next v5 1/2] bpf: enable generic kfuncs for
BPF_CGROUP_* programs
On Tue, Aug 13, 2024 at 6:28 AM Matteo Croce <technoboy85@...il.com> wrote:
>
> From: Matteo Croce <teknoraver@...a.com>
>
> These kfuncs are enabled even in BPF_PROG_TYPE_TRACING, so they
> should be safe also in BPF_CGROUP_* programs.
>
> In enum btf_kfunc_hook, rename BTF_KFUNC_HOOK_CGROUP_SKB to a more
> generic BTF_KFUNC_HOOK_CGROUP, since it's used for all the cgroup
> related program types.
>
> Signed-off-by: Matteo Croce <teknoraver@...a.com>
> ---
> kernel/bpf/btf.c | 8 ++++++--
> kernel/bpf/helpers.c | 6 ++++++
> 2 files changed, 12 insertions(+), 2 deletions(-)
>
> diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
> index 95426d5b634e..08d094875f00 100644
> --- a/kernel/bpf/btf.c
> +++ b/kernel/bpf/btf.c
> @@ -212,7 +212,7 @@ enum btf_kfunc_hook {
> BTF_KFUNC_HOOK_TRACING,
> BTF_KFUNC_HOOK_SYSCALL,
> BTF_KFUNC_HOOK_FMODRET,
> - BTF_KFUNC_HOOK_CGROUP_SKB,
> + BTF_KFUNC_HOOK_CGROUP,
> BTF_KFUNC_HOOK_SCHED_ACT,
> BTF_KFUNC_HOOK_SK_SKB,
> BTF_KFUNC_HOOK_SOCKET_FILTER,
> @@ -8312,8 +8312,12 @@ static int bpf_prog_type_to_kfunc_hook(enum bpf_prog_type prog_type)
> case BPF_PROG_TYPE_SYSCALL:
> return BTF_KFUNC_HOOK_SYSCALL;
> case BPF_PROG_TYPE_CGROUP_SKB:
> + case BPF_PROG_TYPE_CGROUP_SOCK:
> + case BPF_PROG_TYPE_CGROUP_DEVICE:
> case BPF_PROG_TYPE_CGROUP_SOCK_ADDR:
> - return BTF_KFUNC_HOOK_CGROUP_SKB;
> + case BPF_PROG_TYPE_CGROUP_SOCKOPT:
> + case BPF_PROG_TYPE_CGROUP_SYSCTL:
> + return BTF_KFUNC_HOOK_CGROUP;
> case BPF_PROG_TYPE_SCHED_ACT:
> return BTF_KFUNC_HOOK_SCHED_ACT;
> case BPF_PROG_TYPE_SK_SKB:
> diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
> index d02ae323996b..0d1d97d968b0 100644
> --- a/kernel/bpf/helpers.c
> +++ b/kernel/bpf/helpers.c
> @@ -3052,6 +3052,12 @@ static int __init kfunc_init(void)
> ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_XDP, &generic_kfunc_set);
> ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_STRUCT_OPS, &generic_kfunc_set);
> ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_SYSCALL, &generic_kfunc_set);
> + ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_CGROUP_SKB, &generic_kfunc_set);
> + ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_CGROUP_SOCK, &generic_kfunc_set);
> + ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_CGROUP_DEVICE, &generic_kfunc_set);
> + ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_CGROUP_SOCK_ADDR, &generic_kfunc_set);
> + ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_CGROUP_SYSCTL, &generic_kfunc_set);
> + ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_CGROUP_SOCKOPT, &generic_kfunc_set);
So given all those CGROUP_xxx program types map to the same
cgroup-generic BTF_KFUNC_HOOK_CGROUP hook, why do we need 6
repetitions of the same thing?
I'd say let's keep just one (pick any, CGROUP_SKB, for example)
registration. And then we should follow up with cleaning up
register_btf_kfunc_id_set() to accept hook type, not program type. And
then it will be clean and will make most sense.
But other than that looks good to me.
pw-bot: cr
> ret = ret ?: register_btf_id_dtor_kfuncs(generic_dtors,
> ARRAY_SIZE(generic_dtors),
> THIS_MODULE);
> --
> 2.46.0
>
Powered by blists - more mailing lists