Commit f6b9f6d5 authored by Andrii Nakryiko's avatar Andrii Nakryiko
Browse files

Merge branch 'Introduce type match support' 

Daniel Müller says:

====================

This patch set proposes the addition of a new way for performing type queries to
BPF. It introduces the "type matches" relation, similar to what is already
present with "type exists" (in the form of bpf_core_type_exists).

"type exists" performs fairly superficial checking, mostly concerned with
whether a type exists in the kernel and is of the same kind (enum/struct/...).
Notably, compatibility checks for members of composite types is lacking.

The newly introduced "type matches" (bpf_core_type_matches) fills this gap in
that it performs stricter checks: compatibility of members and existence of
similarly named enum variants is checked as well. E.g., given these definitions:

	struct task_struct___og { int pid; int tgid; };

	struct task_struct___foo { int foo; }

'task_struct___og' would "match" the kernel type 'task_struct', because the
members match up, while 'task_struct___foo' would not match, because the
kernel's 'task_struct' has no member named 'foo'.

More precisely, the "type match" relation is defined as follows (copied from
source):
- modifiers and typedefs are stripped (and, hence, effectively ignored)
- generally speaking types need to be of same kind (struct vs. struct, union
  vs. union, etc.)
  - exceptions are struct/union behind a pointer which could also match a
    forward declaration of a struct or union, respectively, and enum vs.
    enum64 (see below)
Then, depending on type:
- integers:
  - match if size and signedness match
- arrays & pointers:
  - target types are recursively matched
- structs & unions:
  - local members need to exist in target with the same name
  - for each member we recursively check match unless it is already behind a
    pointer, in which case we only check matching names and compatible kind
- enums:
  - local variants have to have a match in target by symbolic name (but not
    numeric value)
  - size has to match (but enum may match enum64 and vice versa)
- function pointers:
  - number and position of arguments in local type has to match target
  - for each argument and the return value we recursively check match

Enabling this feature requires a new relocation to be made known to the
compiler. This is being taken care of for LLVM as part of
https://reviews.llvm.org/D126838.

If applied, among other things, usage of this functionality could have helped
flag issues such as the one discussed here
https://lore.kernel.org/all/93a20759600c05b6d9e4359a1517c88e06b44834.camel@fb.com/


earlier.

Suggested-by: default avatarAndrii Nakryiko <andrii@kernel.org>
---
Changelog:
v2 -> v3:
- renamed btfgen_mark_types_match
- covered BTF_KIND_RESTRICT in type match marking logic
- used bpf_core_names_match in more places
- reworked "behind pointer" logic
- added test using live task_struct

v1 -> v2:
- deduplicated and moved core algorithm into relo_core.c
- adjusted bpf_core_names_match to get btf_type passed in
- removed some length equality checks before strncmp usage
- correctly use kflag from targ_t instead of local_t
- added comment for meaning of kflag w/ FWD kind
- __u32 -> u32
- handle BTF_KIND_FWD properly in bpftool marking logic
- rebased
====================

Signed-off-by: default avatarAndrii Nakryiko <andrii@kernel.org>
parents cfb5a2db 950b3477

include/uapi/linux/bpf.h

+1 −0
Original line number Diff line number Diff line
@@ -6786,6 +6786,7 @@ enum bpf_core_relo_kind { 
	BPF_CORE_TYPE_SIZE = 9,              /* type size in bytes */

	BPF_CORE_ENUMVAL_EXISTS = 10,        /* enum value existence in target kernel */

	BPF_CORE_ENUMVAL_VALUE = 11,         /* enum value integer value */

	BPF_CORE_TYPE_MATCHES = 12,          /* type match in target kernel */

};



/*

kernel/bpf/btf.c

+9 −0
Original line number Diff line number Diff line
@@ -7443,6 +7443,15 @@ int bpf_core_types_are_compat(const struct btf *local_btf, __u32 local_id, 
					   MAX_TYPES_ARE_COMPAT_DEPTH);

}



#define MAX_TYPES_MATCH_DEPTH 2



int bpf_core_types_match(const struct btf *local_btf, u32 local_id,

			 const struct btf *targ_btf, u32 targ_id)

{

	return __bpf_core_types_match(local_btf, local_id, targ_btf, targ_id, false,

				      MAX_TYPES_MATCH_DEPTH);

}



static bool bpf_core_is_flavor_sep(const char *s)

{

	/* check X___Y name pattern, where X and Y are not underscores */

tools/bpf/bpftool/gen.c

+108 −0
Original line number Diff line number Diff line
@@ -1856,6 +1856,112 @@ static int btfgen_record_field_relo(struct btfgen_info *info, struct bpf_core_sp 
	return 0;

}



/* Mark types, members, and member types. Compared to btfgen_record_field_relo,

 * this function does not rely on the target spec for inferring members, but

 * uses the associated BTF.

 *

 * The `behind_ptr` argument is used to stop marking of composite types reached

 * through a pointer. This way, we can keep BTF size in check while providing

 * reasonable match semantics.

 */

static int btfgen_mark_type_match(struct btfgen_info *info, __u32 type_id, bool behind_ptr)

{

	const struct btf_type *btf_type;

	struct btf *btf = info->src_btf;

	struct btf_type *cloned_type;

	int i, err;



	if (type_id == 0)

		return 0;



	btf_type = btf__type_by_id(btf, type_id);

	/* mark type on cloned BTF as used */

	cloned_type = (struct btf_type *)btf__type_by_id(info->marked_btf, type_id);

	cloned_type->name_off = MARKED;



	switch (btf_kind(btf_type)) {

	case BTF_KIND_UNKN:

	case BTF_KIND_INT:

	case BTF_KIND_FLOAT:

	case BTF_KIND_ENUM:

	case BTF_KIND_ENUM64:

		break;

	case BTF_KIND_STRUCT:

	case BTF_KIND_UNION: {

		struct btf_member *m = btf_members(btf_type);

		__u16 vlen = btf_vlen(btf_type);



		if (behind_ptr)

			break;



		for (i = 0; i < vlen; i++, m++) {

			/* mark member */

			btfgen_mark_member(info, type_id, i);



			/* mark member's type */

			err = btfgen_mark_type_match(info, m->type, false);

			if (err)

				return err;

		}

		break;

	}

	case BTF_KIND_CONST:

	case BTF_KIND_FWD:

	case BTF_KIND_RESTRICT:

	case BTF_KIND_TYPEDEF:

	case BTF_KIND_VOLATILE:

		return btfgen_mark_type_match(info, btf_type->type, behind_ptr);

	case BTF_KIND_PTR:

		return btfgen_mark_type_match(info, btf_type->type, true);

	case BTF_KIND_ARRAY: {

		struct btf_array *array;



		array = btf_array(btf_type);

		/* mark array type */

		err = btfgen_mark_type_match(info, array->type, false);

		/* mark array's index type */

		err = err ? : btfgen_mark_type_match(info, array->index_type, false);

		if (err)

			return err;

		break;

	}

	case BTF_KIND_FUNC_PROTO: {

		__u16 vlen = btf_vlen(btf_type);

		struct btf_param *param;



		/* mark ret type */

		err = btfgen_mark_type_match(info, btf_type->type, false);

		if (err)

			return err;



		/* mark parameters types */

		param = btf_params(btf_type);

		for (i = 0; i < vlen; i++) {

			err = btfgen_mark_type_match(info, param->type, false);

			if (err)

				return err;

			param++;

		}

		break;

	}

	/* tells if some other type needs to be handled */

	default:

		p_err("unsupported kind: %s (%d)", btf_kind_str(btf_type), type_id);

		return -EINVAL;

	}



	return 0;

}



/* Mark types, members, and member types. Compared to btfgen_record_field_relo,

 * this function does not rely on the target spec for inferring members, but

 * uses the associated BTF.

 */

static int btfgen_record_type_match_relo(struct btfgen_info *info, struct bpf_core_spec *targ_spec)

{

	return btfgen_mark_type_match(info, targ_spec->root_type_id, false);

}



static int btfgen_record_type_relo(struct btfgen_info *info, struct bpf_core_spec *targ_spec)

{

	return btfgen_mark_type(info, targ_spec->root_type_id, true);
@@ -1882,6 +1988,8 @@ static int btfgen_record_reloc(struct btfgen_info *info, struct bpf_core_spec *r 
	case BPF_CORE_TYPE_EXISTS:

	case BPF_CORE_TYPE_SIZE:

		return btfgen_record_type_relo(info, res);

	case BPF_CORE_TYPE_MATCHES:

		return btfgen_record_type_match_relo(info, res);

	case BPF_CORE_ENUMVAL_EXISTS:

	case BPF_CORE_ENUMVAL_VALUE:

		return btfgen_record_enumval_relo(info, res);

tools/include/uapi/linux/bpf.h

+1 −0
Original line number Diff line number Diff line
@@ -6786,6 +6786,7 @@ enum bpf_core_relo_kind { 
	BPF_CORE_TYPE_SIZE = 9,              /* type size in bytes */

	BPF_CORE_ENUMVAL_EXISTS = 10,        /* enum value existence in target kernel */

	BPF_CORE_ENUMVAL_VALUE = 11,         /* enum value integer value */

	BPF_CORE_TYPE_MATCHES = 12,          /* type match in target kernel */

};



/*

tools/lib/bpf/bpf_core_read.h

+11 −0
Original line number Diff line number Diff line
@@ -29,6 +29,7 @@ enum bpf_type_id_kind { 
enum bpf_type_info_kind {

	BPF_TYPE_EXISTS = 0,		/* type existence in target kernel */

	BPF_TYPE_SIZE = 1,		/* type size in target kernel */

	BPF_TYPE_MATCHES = 2,		/* type match in target kernel */

};



/* second argument to __builtin_preserve_enum_value() built-in */
@@ -183,6 +184,16 @@ enum bpf_enum_value_kind { 
#define bpf_core_type_exists(type)					    \

	__builtin_preserve_type_info(*(typeof(type) *)0, BPF_TYPE_EXISTS)



/*

 * Convenience macro to check that provided named type

 * (struct/union/enum/typedef) "matches" that in a target kernel.

 * Returns:

 *    1, if the type matches in the target kernel's BTF;

 *    0, if the type does not match any in the target kernel

 */

#define bpf_core_type_matches(type)					    \

	__builtin_preserve_type_info(*(typeof(type) *)0, BPF_TYPE_MATCHES)



/*

 * Convenience macro to get the byte size of a provided named type

 * (struct/union/enum/typedef) in a target kernel.