Commit 6a1ed143 authored by Jakub Kicinski's avatar Jakub Kicinski
Browse files

Merge tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 

Martin KaFai Lau says:

====================
pull-request: bpf-next 2023-08-09

We've added 19 non-merge commits during the last 6 day(s) which contain
a total of 25 files changed, 369 insertions(+), 141 deletions(-).

The main changes are:

1) Fix array-index-out-of-bounds access when detaching from an
   already empty mprog entry from Daniel Borkmann.

2) Adjust bpf selftest because of a recent llvm change
   related to the cpu-v4 ISA from Eduard Zingerman.

3) Add uprobe support for the bpf_get_func_ip helper from Jiri Olsa.

4) Fix a KASAN splat due to the kernel incorrectly accepted
   an invalid program using the recent cpu-v4 instruction from
   Yonghong Song.

* tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next:
  bpf: btf: Remove two unused function declarations
  bpf: lru: Remove unused declaration bpf_lru_promote()
  selftests/bpf: relax expected log messages to allow emitting BPF_ST
  selftests/bpf: remove duplicated functions
  bpf, docs: Fix small typo and define semantics of sign extension
  selftests/bpf: Add bpf_get_func_ip test for uprobe inside function
  selftests/bpf: Add bpf_get_func_ip tests for uprobe on function entry
  bpf: Add support for bpf_get_func_ip helper for uprobe program
  selftests/bpf: Add a movsx selftest for sign-extension of R10
  bpf: Fix an incorrect verification success with movsx insn
  bpf, docs: Formalize type notation and function semantics in ISA standard
  bpf: change bpf_alu_sign_string and bpf_movsx_string to static
  libbpf: Use local includes inside the library
  bpf: fix bpf_dynptr_slice() to stop return an ERR_PTR.
  bpf: fix inconsistent return types of bpf_xdp_copy_buf().
  selftests/bpf: fix the incorrect verification of port numbers.
  selftests/bpf: Add test for detachment on empty mprog entry
  bpf: Fix mprog detachment for empty mprog entry
  bpf: bpf_struct_ops: Remove unnecessary initial values of variables
====================

Link: https://lore.kernel.org/r/20230810055123.109578-1-martin.lau@linux.dev


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents 4d016ae4 2adbb763

Documentation/bpf/standardization/instruction-set.rst

+104 −17
Original line number Diff line number Diff line
@@ -10,9 +10,92 @@ This document specifies version 1.0 of the eBPF instruction set. 
Documentation conventions

=========================



For brevity, this document uses the type notion "u64", "u32", etc.

to mean an unsigned integer whose width is the specified number of bits,

and "s32", etc. to mean a signed integer of the specified number of bits.

For brevity and consistency, this document refers to families

of types using a shorthand syntax and refers to several expository,

mnemonic functions when describing the semantics of instructions.

The range of valid values for those types and the semantics of those

functions are defined in the following subsections.



Types

-----

This document refers to integer types with the notation `SN` to specify

a type's signedness (`S`) and bit width (`N`), respectively.



.. table:: Meaning of signedness notation.



  ==== =========

  `S`  Meaning

  ==== =========

  `u`  unsigned

  `s`  signed

  ==== =========



.. table:: Meaning of bit-width notation.



  ===== =========

  `N`   Bit width

  ===== =========

  `8`   8 bits

  `16`  16 bits

  `32`  32 bits

  `64`  64 bits

  `128` 128 bits

  ===== =========



For example, `u32` is a type whose valid values are all the 32-bit unsigned

numbers and `s16` is a types whose valid values are all the 16-bit signed

numbers.



Functions

---------

* `htobe16`: Takes an unsigned 16-bit number in host-endian format and

  returns the equivalent number as an unsigned 16-bit number in big-endian

  format.

* `htobe32`: Takes an unsigned 32-bit number in host-endian format and

  returns the equivalent number as an unsigned 32-bit number in big-endian

  format.

* `htobe64`: Takes an unsigned 64-bit number in host-endian format and

  returns the equivalent number as an unsigned 64-bit number in big-endian

  format.

* `htole16`: Takes an unsigned 16-bit number in host-endian format and

  returns the equivalent number as an unsigned 16-bit number in little-endian

  format.

* `htole32`: Takes an unsigned 32-bit number in host-endian format and

  returns the equivalent number as an unsigned 32-bit number in little-endian

  format.

* `htole64`: Takes an unsigned 64-bit number in host-endian format and

  returns the equivalent number as an unsigned 64-bit number in little-endian

  format.

* `bswap16`: Takes an unsigned 16-bit number in either big- or little-endian

  format and returns the equivalent number with the same bit width but

  opposite endianness.

* `bswap32`: Takes an unsigned 32-bit number in either big- or little-endian

  format and returns the equivalent number with the same bit width but

  opposite endianness.

* `bswap64`: Takes an unsigned 64-bit number in either big- or little-endian

  format and returns the equivalent number with the same bit width but

  opposite endianness.





Definitions

-----------



.. glossary::



  Sign Extend

    To `sign extend an` ``X`` `-bit number, A, to a` ``Y`` `-bit number, B  ,` means to



    #. Copy all ``X`` bits from `A` to the lower ``X`` bits of `B`.

    #. Set the value of the remaining ``Y`` - ``X`` bits of `B` to the value of

       the  most-significant bit of `A`.



.. admonition:: Example



  Sign extend an 8-bit number ``A`` to a 16-bit number ``B`` on a big-endian platform:

  ::



    A:          10000110

    B: 11111111 10000110



Registers and calling convention

================================
@@ -172,7 +255,7 @@ BPF_SMOD 0x90 1 dst = (src != 0) ? (dst s% src) : dst 
BPF_XOR    0xa0   0        dst ^= src

BPF_MOV    0xb0   0        dst = src

BPF_MOVSX  0xb0   8/16/32  dst = (s8,s16,s32)src

BPF_ARSH   0xc0   0        sign extending dst >>= (src & mask)

BPF_ARSH   0xc0   0        :term:`sign extending<Sign Extend>` dst >>= (src & mask)

BPF_END    0xd0   0        byte swap operations (see `Byte swap instructions`_ below)

=========  =====  =======  ==========================================================
@@ -204,22 +287,22 @@ where '(u32)' indicates that the upper 32 bits are zeroed. 
Note that most instructions have instruction offset of 0. Only three instructions

(``BPF_SDIV``, ``BPF_SMOD``, ``BPF_MOVSX``) have a non-zero offset.



The devision and modulo operations support both unsigned and signed flavors.

The division and modulo operations support both unsigned and signed flavors.



For unsigned operations (``BPF_DIV`` and ``BPF_MOD``), for ``BPF_ALU``,

'imm' is interpreted as a 32-bit unsigned value. For ``BPF_ALU64``,

'imm' is first sign extended from 32 to 64 bits, and then interpreted as

a 64-bit unsigned value.

'imm' is first :term:`sign extended<Sign Extend>` from 32 to 64 bits, and then

interpreted as a 64-bit unsigned value.



For signed operations (``BPF_SDIV`` and ``BPF_SMOD``), for ``BPF_ALU``,

'imm' is interpreted as a 32-bit signed value. For ``BPF_ALU64``, 'imm'

is first sign extended from 32 to 64 bits, and then interpreted as a

64-bit signed value.

is first :term:`sign extended<Sign Extend>` from 32 to 64 bits, and then

interpreted as a 64-bit signed value.



The ``BPF_MOVSX`` instruction does a move operation with sign extension.

``BPF_ALU | BPF_MOVSX`` sign extends 8-bit and 16-bit operands into 32

``BPF_ALU | BPF_MOVSX`` :term:`sign extends<Sign Extend>` 8-bit and 16-bit operands into 32

bit operands, and zeroes the remaining upper 32 bits.

``BPF_ALU64 | BPF_MOVSX`` sign extends 8-bit, 16-bit, and 32-bit

``BPF_ALU64 | BPF_MOVSX`` :term:`sign extends<Sign Extend>` 8-bit, 16-bit, and 32-bit

operands into 64 bit operands.



Shift operations use a mask of 0x3F (63) for 64-bit operations and 0x1F (31)
@@ -252,19 +335,23 @@ are supported: 16, 32 and 64. 


Examples:



``BPF_ALU | BPF_TO_LE | BPF_END`` with imm = 16 means::

``BPF_ALU | BPF_TO_LE | BPF_END`` with imm = 16/32/64 means::



  dst = htole16(dst)

  dst = htole32(dst)

  dst = htole64(dst)



``BPF_ALU | BPF_TO_BE | BPF_END`` with imm = 64 means::

``BPF_ALU | BPF_TO_BE | BPF_END`` with imm = 16/32/64 means::



  dst = htobe16(dst)

  dst = htobe32(dst)

  dst = htobe64(dst)



``BPF_ALU64 | BPF_TO_LE | BPF_END`` with imm = 16/32/64 means::



  dst = bswap16 dst

  dst = bswap32 dst

  dst = bswap64 dst

  dst = bswap16(dst)

  dst = bswap32(dst)

  dst = bswap64(dst)



Jump instructions

-----------------
@@ -400,7 +487,7 @@ Where size is one of: ``BPF_B``, ``BPF_H``, ``BPF_W``, or ``BPF_DW`` and 
Sign-extension load operations

------------------------------



The ``BPF_MEMSX`` mode modifier is used to encode sign-extension load

The ``BPF_MEMSX`` mode modifier is used to encode :term:`sign-extension<Sign Extend>` load

instructions that transfer data between a register and memory.



``BPF_MEMSX | <size> | BPF_LDX`` means::

include/linux/bpf.h

+7 −2
Original line number Diff line number Diff line
@@ -1819,6 +1819,7 @@ struct bpf_cg_run_ctx { 
struct bpf_trace_run_ctx {

	struct bpf_run_ctx run_ctx;

	u64 bpf_cookie;

	bool is_uprobe;

};



struct bpf_tramp_run_ctx {
@@ -1867,6 +1868,8 @@ bpf_prog_run_array(const struct bpf_prog_array *array, 
	if (unlikely(!array))

		return ret;



	run_ctx.is_uprobe = false;



	migrate_disable();

	old_run_ctx = bpf_set_run_ctx(&run_ctx.run_ctx);

	item = &array->items[0];
@@ -1891,7 +1894,7 @@ bpf_prog_run_array(const struct bpf_prog_array *array, 
 * rcu-protected dynamically sized maps.

 */

static __always_inline u32

bpf_prog_run_array_sleepable(const struct bpf_prog_array __rcu *array_rcu,

bpf_prog_run_array_uprobe(const struct bpf_prog_array __rcu *array_rcu,

			  const void *ctx, bpf_prog_run_fn run_prog)

{

	const struct bpf_prog_array_item *item;
@@ -1906,6 +1909,8 @@ bpf_prog_run_array_sleepable(const struct bpf_prog_array __rcu *array_rcu, 
	rcu_read_lock_trace();

	migrate_disable();



	run_ctx.is_uprobe = true;



	array = rcu_dereference_check(array_rcu, rcu_read_lock_trace_held());

	if (unlikely(!array))

		goto out;

include/linux/btf.h

+0 −2
Original line number Diff line number Diff line
@@ -204,8 +204,6 @@ u32 btf_nr_types(const struct btf *btf); 
bool btf_member_is_reg_int(const struct btf *btf, const struct btf_type *s,

			   const struct btf_member *m,

			   u32 expected_offset, u32 expected_size);

int btf_find_spin_lock(const struct btf *btf, const struct btf_type *t);

int btf_find_timer(const struct btf *btf, const struct btf_type *t);

struct btf_record *btf_parse_fields(const struct btf *btf, const struct btf_type *t,

				    u32 field_mask, u32 value_size);

int btf_check_and_fixup_fields(const struct btf *btf, struct btf_record *rec);

include/linux/filter.h

+2 −3
Original line number Diff line number Diff line
@@ -1572,10 +1572,9 @@ static inline void *bpf_xdp_pointer(struct xdp_buff *xdp, u32 offset, u32 len) 
	return NULL;

}



static inline void *bpf_xdp_copy_buf(struct xdp_buff *xdp, unsigned long off, void *buf,

static inline void bpf_xdp_copy_buf(struct xdp_buff *xdp, unsigned long off, void *buf,

				    unsigned long len, bool flush)

{

	return NULL;

}

#endif /* CONFIG_NET */

include/uapi/linux/bpf.h

+6 −1
Original line number Diff line number Diff line
@@ -5086,9 +5086,14 @@ union bpf_attr { 
 * u64 bpf_get_func_ip(void *ctx)

 * 	Description

 * 		Get address of the traced function (for tracing and kprobe programs).

 *

 * 		When called for kprobe program attached as uprobe it returns

 * 		probe address for both entry and return uprobe.

 *

 * 	Return

 * 		Address of the traced function.

 * 		Address of the traced function for kprobe.

 * 		0 for kprobes placed within the function (not at the entry).

 * 		Address of the probe for uprobe and return uprobe.

 *

 * u64 bpf_get_attach_cookie(void *ctx)

 * 	Description