Commit 8e1b8025 authored by Martin KaFai Lau's avatar Martin KaFai Lau
Browse files

Merge branch 'Let BPF verifier consider {task,cgroup} is trusted in bpf_iter_reg' 

Chuyi Zhou says:

====================
The patchset aims to let the BPF verivier consider
bpf_iter__cgroup->cgroup and bpf_iter__task->task is trusted suggested by
Alexei[1].

Please see individual patches for more details. And comments are always
welcome.

Link[1]:https://lore.kernel.org/bpf/20231022154527.229117-1-zhouchuyi@bytedance.com/T/#mb57725edc8ccdd50a1b165765c7619b4d65ed1b0



v2->v1:
 * Patch #1: Add Yonghong's ack and add description of similar case in
   log.
 * Patch #2: Add Yonghong's ack
====================

Signed-off-by: default avatarMartin KaFai Lau <martin.lau@kernel.org>
parents d84b139f 3c5864ba

kernel/bpf/cgroup_iter.c

+1 −1
Original line number Diff line number Diff line
@@ -282,7 +282,7 @@ static struct bpf_iter_reg bpf_cgroup_reg_info = { 
	.ctx_arg_info_size	= 1,

	.ctx_arg_info		= {

		{ offsetof(struct bpf_iter__cgroup, cgroup),

		  PTR_TO_BTF_ID_OR_NULL },

		  PTR_TO_BTF_ID_OR_NULL | PTR_TRUSTED },

	},

	.seq_info		= &cgroup_iter_seq_info,

};

kernel/bpf/task_iter.c

+1 −1
Original line number Diff line number Diff line
@@ -704,7 +704,7 @@ static struct bpf_iter_reg task_reg_info = { 
	.ctx_arg_info_size	= 1,

	.ctx_arg_info		= {

		{ offsetof(struct bpf_iter__task, task),

		  PTR_TO_BTF_ID_OR_NULL },

		  PTR_TO_BTF_ID_OR_NULL | PTR_TRUSTED },

	},

	.seq_info		= &task_seq_info,

	.fill_link_info		= bpf_iter_fill_link_info,

tools/testing/selftests/bpf/progs/iters_css_task.c

+4 −12
Original line number Diff line number Diff line
@@ -56,12 +56,9 @@ SEC("?iter/cgroup") 
int cgroup_id_printer(struct bpf_iter__cgroup *ctx)

{

	struct seq_file *seq = ctx->meta->seq;

	struct cgroup *cgrp, *acquired;

	struct cgroup *cgrp = ctx->cgroup;

	struct cgroup_subsys_state *css;

	struct task_struct *task;

	u64 cgrp_id;



	cgrp = ctx->cgroup;



	/* epilogue */

	if (cgrp == NULL) {
@@ -73,20 +70,15 @@ int cgroup_id_printer(struct bpf_iter__cgroup *ctx) 
	if (ctx->meta->seq_num == 0)

		BPF_SEQ_PRINTF(seq, "prologue\n");



	cgrp_id = cgroup_id(cgrp);



	BPF_SEQ_PRINTF(seq, "%8llu\n", cgrp_id);

	BPF_SEQ_PRINTF(seq, "%8llu\n", cgroup_id(cgrp));



	acquired = bpf_cgroup_from_id(cgrp_id);

	if (!acquired)

		return 0;

	css = &acquired->self;

	css = &cgrp->self;

	css_task_cnt = 0;

	bpf_for_each(css_task, task, css, CSS_TASK_ITER_PROCS) {

		if (task->pid == target_pid)

			css_task_cnt++;

	}

	bpf_cgroup_release(acquired);



	return 0;

}