| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20260109184852.1089786-1-ihor.solodrai@linux.dev>
Date: Fri, 9 Jan 2026 10:48:42 -0800
From: Ihor Solodrai <ihor.solodrai@...ux.dev>
To: Alexei Starovoitov <ast@...nel.org>,
Andrii Nakryiko <andrii@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Martin KaFai Lau <martin.lau@...ux.dev>,
Eduard Zingerman <eddyz87@...il.com>
Cc: Mykyta Yatsenko <yatsenko@...a.com>,
Tejun Heo <tj@...nel.org>,
Alan Maguire <alan.maguire@...cle.com>,
Benjamin Tissoires <bentiss@...nel.org>,
Jiri Kosina <jikos@...nel.org>,
bpf@...r.kernel.org,
linux-kernel@...r.kernel.org,
linux-input@...r.kernel.org,
sched-ext@...ts.linux.dev
Subject: [PATCH bpf-next v1 00/10] bpf: Kernel functions with KF_IMPLICIT_ARGS
This series implements a generic "implicit arguments" feature for BPF
kernel functions.
This is the next iteration of previous work [1][2], although it's not
really a v3, as parts of the implementation have changed
significantly.
A mechanism is created for kfuncs to have arguments that are not
visible to the BPF programs, and are provided to the kernel function
implementation by the verifier.
This mechanism is then used to define new APIs, that use
KF_IMPLICIT_ARGS flag, for the kfuncs that have a parameter with
__prog annotation [3], which is the current way of passing struct
bpf_prog_aux pointer to kfuncs.
The key difference in comparison to earlier work is that the necessary
BTF modifications are done by resolve_btfids (patch #4) instead of
pahole. The groundwork for this to be possible has been landed
recently [4].
This approach simplifies the implementation and future maintenance as
pahole is an out-of-tree tool, while resolve_btfids is not.
Another difference is in handling of the "legacy" case. This
implementation is more strict: the usage of <kfunc>_impl functions in
BPF is only allowed for kfuncs with an explicit kernel (or kmodule)
declaration (that is, existing _impl functions [5]). A <kfunc>_impl
function generated in BTF for a kfunc with implicit args does not have
a "bpf_kfunc" decl tag, and a kernel address. The verifier will reject
a program trying to call such an _impl kfunc.
The function with implicit arguments is defined by KF_IMPLICIT_ARGS
flag in BTF_IDS_FLAGS set. In this series, only a pointer to struct
bpf_prog_aux can be implicit, although it is simple to extend this to
more types.
The verifier handles a kfunc with KF_IMPLICIT_ARGS by resolving it to
a different (actual) BTF prototype early in verification (patch #3).
The series consists of the following patches:
- patches #1 and #2 are non-functional refactoring in kernel/bpf
- patch #3 defines KF_IMPLICIT_ARGS flag and teaches the verifier
about it, enabling __prog args to also be implicit
- patch #4 implements the necessary btf2btf transformation in
resolve_btfids
- patch #5 adds selftests specific to KF_IMPLICIT_ARGS feature
- patches #6-#9 update the current users of __prog argument to use
KF_IMPLICIT_ARGS
- patch #10 updates relevant documentation
[1] https://lore.kernel.org/bpf/20251029190113.3323406-1-ihor.solodrai@linux.dev/
[2] https://lore.kernel.org/bpf/20250924211716.1287715-1-ihor.solodrai@linux.dev/
[3] https://docs.kernel.org/bpf/kfuncs.html#prog-annotation
[4] https://lore.kernel.org/bpf/20251219181321.1283664-1-ihor.solodrai@linux.dev/
[5] https://lore.kernel.org/bpf/20251104-implv2-v3-0-4772b9ae0e06@meta.com/
---
Ihor Solodrai (10):
bpf: Refactor btf_kfunc_id_set_contains
bpf: Introduce struct bpf_kfunc_meta
bpf: Verifier support for KF_IMPLICIT_ARGS
resolve_btfids: Support for KF_IMPLICIT_ARGS
selftests/bpf: Add tests for KF_IMPLICIT_ARGS
bpf: Add bpf_wq_set_callback kfunc with KF_IMPLICIT_ARGS
HID: Use bpf_wq_set_callback kernel function
bpf: Add bpf_task_work_schedule_* kfuncs with KF_IMPLICIT_ARGS
bpf: Add bpf_stream_vprintk with KF_IMPLICIT_ARGS
bpf,docs: Document KF_IMPLICIT_ARGS flag
Documentation/bpf/kfuncs.rst | 44 ++-
drivers/hid/bpf/progs/hid_bpf_helpers.h | 8 +-
include/linux/btf.h | 5 +-
kernel/bpf/btf.c | 70 +++--
kernel/bpf/helpers.c | 47 ++-
kernel/bpf/stream.c | 11 +-
kernel/bpf/verifier.c | 247 ++++++++++-----
tools/bpf/resolve_btfids/main.c | 282 ++++++++++++++++++
tools/lib/bpf/bpf_helpers.h | 6 +-
.../testing/selftests/bpf/bpf_experimental.h | 5 -
.../bpf/prog_tests/kfunc_implicit_args.c | 10 +
.../testing/selftests/bpf/progs/file_reader.c | 4 +-
.../selftests/bpf/progs/kfunc_implicit_args.c | 41 +++
.../testing/selftests/bpf/progs/stream_fail.c | 6 +-
tools/testing/selftests/bpf/progs/task_work.c | 11 +-
.../selftests/bpf/progs/task_work_fail.c | 16 +-
.../selftests/bpf/progs/task_work_stress.c | 5 +-
.../bpf/progs/verifier_async_cb_context.c | 6 +-
tools/testing/selftests/bpf/progs/wq.c | 2 +-
.../testing/selftests/bpf/progs/wq_failures.c | 4 +-
.../selftests/bpf/test_kmods/bpf_testmod.c | 26 ++
tools/testing/selftests/hid/Makefile | 4 +-
.../selftests/hid/progs/hid_bpf_helpers.h | 8 +-
23 files changed, 724 insertions(+), 144 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/kfunc_implicit_args.c
create mode 100644 tools/testing/selftests/bpf/progs/kfunc_implicit_args.c
--
2.52.0
Powered by blists - more mailing lists