| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 3 Dec 2020 12:46:20 -0800
From: Andrii Nakryiko <andrii@...nel.org>
To: <bpf@...r.kernel.org>, <netdev@...r.kernel.org>, <ast@...com>,
<daniel@...earbox.net>
CC: <andrii@...nel.org>, <kernel-team@...com>
Subject: [PATCH v6 bpf-next 00/14] Support BTF-powered BPF tracing programs for kernel modules
This patch sets extends kernel and libbpf with support for attaching
BTF-powered raw tracepoint (tp_btf) and tracing (fentry/fexit/fmod_ret/lsm)
BPF programs to BPF hooks defined in kernel modules. As part of that, libbpf
now supports performing CO-RE relocations against types in kernel module BTFs,
in addition to existing vmlinux BTF support.
Kernel UAPI for BPF_PROG_LOAD now allows to specify kernel module (or vmlinux)
BTF object FD in attach_btf_obj_fd field, aliased to attach_prog_fd. This is
used to identify which BTF object needs to be used for finding BTF type by
provided attach_btf_id.
This patch set also sets up a convenient and fully-controlled custom kernel
module (called "bpf_testmod"), that is a predictable playground for all the
BPF selftests, that rely on module BTFs. Currently pahole doesn't generate
BTF_KIND_FUNC info for ftrace-able static functions in kernel modules, so
expose traced function in bpf_sidecar.ko. Once pahole is enhanced, we can go
back to static function.
>From end user perspective there are no extra actions that need to happen.
Libbpf will continue searching across all kernel module BTFs, if desired
attach BTF type is not found in vmlinux. That way it doesn't matter if BPF
hook that user is trying to attach to is built into vmlinux image or is
loaded in kernel module.
v5->v6:
- move btf_put() back to syscall.c (kernel test robot);
- added close(fd) in patch #5 (John);
v4->v5:
- use FD to specify BTF object (Alexei);
- move prog->aux->attach_btf putting into bpf_prog_free() for consistency
with putting prog->aux->dst_prog;
- fix BTF FD leak(s) in libbpf;
v3->v4:
- merge together patch sets [0] and [1];
- avoid increasing bpf_reg_state by reordering fields (Alexei);
- preserve btf_data_size in struct module;
v2->v3:
- fix subtle uninitialized variable use in BTF ID iteration code;
v1->v2:
- module_put() inside preempt_disable() region (Alexei);
- bpf_sidecar -> bpf_testmod rename (Alexei);
- test_progs more relaxed handling of bpf_testmod;
- test_progs marks skipped sub-tests properly as SKIP now.
[0] https://patchwork.kernel.org/project/netdevbpf/list/?series=393677&state=*
[1] https://patchwork.kernel.org/project/netdevbpf/list/?series=393679&state=*
Andrii Nakryiko (14):
bpf: fix bpf_put_raw_tracepoint()'s use of __module_address()
bpf: keep module's btf_data_size intact after load
libbpf: add internal helper to load BTF data by FD
libbpf: refactor CO-RE relocs to not assume a single BTF object
libbpf: add kernel module BTF support for CO-RE relocations
selftests/bpf: add bpf_testmod kernel module for testing
selftests/bpf: add support for marking sub-tests as skipped
selftests/bpf: add CO-RE relocs selftest relying on kernel module BTF
bpf: remove hard-coded btf_vmlinux assumption from BPF verifier
bpf: allow to specify kernel module BTFs when attaching BPF programs
libbpf: factor out low-level BPF program loading helper
libbpf: support attachment of BPF tracing programs to kernel modules
selftests/bpf: add tp_btf CO-RE reloc test for modules
selftests/bpf: add fentry/fexit/fmod_ret selftest for kernel module
include/linux/bpf.h | 13 +-
include/linux/bpf_verifier.h | 28 +-
include/linux/btf.h | 6 +-
include/uapi/linux/bpf.h | 7 +-
kernel/bpf/btf.c | 70 ++-
kernel/bpf/syscall.c | 78 ++-
kernel/bpf/verifier.c | 77 +--
kernel/module.c | 1 -
kernel/trace/bpf_trace.c | 8 +-
net/ipv4/bpf_tcp_ca.c | 3 +-
tools/include/uapi/linux/bpf.h | 7 +-
tools/lib/bpf/bpf.c | 101 ++--
tools/lib/bpf/btf.c | 61 ++-
tools/lib/bpf/libbpf.c | 500 ++++++++++++++----
tools/lib/bpf/libbpf_internal.h | 31 ++
tools/testing/selftests/bpf/.gitignore | 1 +
tools/testing/selftests/bpf/Makefile | 12 +-
.../selftests/bpf/bpf_testmod/.gitignore | 6 +
.../selftests/bpf/bpf_testmod/Makefile | 20 +
.../bpf/bpf_testmod/bpf_testmod-events.h | 36 ++
.../selftests/bpf/bpf_testmod/bpf_testmod.c | 52 ++
.../selftests/bpf/bpf_testmod/bpf_testmod.h | 14 +
.../selftests/bpf/prog_tests/core_reloc.c | 80 ++-
.../selftests/bpf/prog_tests/module_attach.c | 53 ++
.../selftests/bpf/progs/core_reloc_types.h | 17 +
.../bpf/progs/test_core_reloc_module.c | 96 ++++
.../selftests/bpf/progs/test_module_attach.c | 66 +++
tools/testing/selftests/bpf/test_progs.c | 65 ++-
tools/testing/selftests/bpf/test_progs.h | 1 +
29 files changed, 1230 insertions(+), 280 deletions(-)
create mode 100644 tools/testing/selftests/bpf/bpf_testmod/.gitignore
create mode 100644 tools/testing/selftests/bpf/bpf_testmod/Makefile
create mode 100644 tools/testing/selftests/bpf/bpf_testmod/bpf_testmod-events.h
create mode 100644 tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.c
create mode 100644 tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.h
create mode 100644 tools/testing/selftests/bpf/prog_tests/module_attach.c
create mode 100644 tools/testing/selftests/bpf/progs/test_core_reloc_module.c
create mode 100644 tools/testing/selftests/bpf/progs/test_module_attach.c
--
2.24.1
Powered by blists - more mailing lists