[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <33e72531-b525-4c9f-a9cc-73175b7cd721@gmail.com>
Date: Wed, 31 Jan 2024 08:49:54 -0800
From: Kui-Feng Lee <sinquersw@...il.com>
To: Martin KaFai Lau <martin.lau@...ux.dev>
Cc: Amery Hung <ameryhung@...il.com>, bpf@...r.kernel.org,
yangpeihao@...u.edu.cn, toke@...hat.com, jhs@...atatu.com, jiri@...nulli.us,
sdf@...gle.com, xiyou.wangcong@...il.com, yepeilin.cs@...il.com,
netdev@...r.kernel.org, Kui-Feng Lee <thinker.li@...il.com>
Subject: Re: [RFC PATCH v7 1/8] net_sched: Introduce eBPF based Qdisc
On 1/30/24 17:01, Martin KaFai Lau wrote:
> On 1/30/24 9:49 AM, Kui-Feng Lee wrote:
>>>> 2. Returning a kptr from a program and treating it as releasing the
>>>> reference.
>>>
>>> e.g. for dequeue:
>>>
>>> struct Qdisc_ops {
>>> /* ... */
>>> struct sk_buff * (*dequeue)(struct Qdisc *);
>>> };
>>>
>>>
>>> Right now the verifier should complain on check_reference_leak() if
>>> the struct_ops bpf prog is returning a referenced kptr.
>>>
>>> Unlike an argument, the return type of a function does not have a
>>> name to tag. It is the first case that a struct_ops bpf_prog returning a
>>
>> We may tag the stub functions instead, right?
>
> What is the suggestion on how to tag the return type?
>
> I was suggesting it doesn't need to tag and it should by default require
> a trusted ptr for the pointer returned by struct_ops. The pointer
> argument and the return pointer of a struct_ops should be a trusted ptr.
That make sense to me. Should we also allow operators to return a null
pointer?
>
>> Is the purpose here to return a referenced pointer from a struct_ops
>> operator without verifier complaining?
>
> Yes, basically need to teach the verifier the kernel will do the
> reference release.
>
>>
>>> pointer. One idea is to assume it must be a trusted pointer
>>> (PTR_TRUSTED) and the verifier should check it is indeed with
>>> PTR_TRUSTED flag.
>>>
>>> May be release_reference_state() can be called to assume the kernel
>>> will release it as long as the return pointer type is PTR_TRUSTED and
>>> the type matches the return type of the ops. Take a look at
>>> check_return_code().
>
Powered by blists - more mailing lists