From fd6ac064b455d73026e1a082d723711015a6aa6b Mon Sep 17 00:00:00 2001 From: Paul Chaignon Date: Mon, 9 Sep 2024 14:04:02 +0200 Subject: sys/linux: replace id_or_fd with more precise version The id_or_fd union was introduced before we had conditional fields to represent IDs or fds for BPF programs or links. The union was overapproximating those specific types. With conditional fields, we can now use information from other fields to determine precisely which type from the union is expected. For example, with BPF_PROG_ATTACH, if BPF_F_ID is the only flag, then the relative_fd field should be interpreted as a program ID. Signed-off-by: Paul Chaignon --- sys/linux/bpf.txt | 65 ++++++++++++++++++++++++++--------------------- sys/linux/bpf.txt.const | 1 + sys/linux/test/bpf_cgroup | 4 +-- 3 files changed, 39 insertions(+), 31 deletions(-) (limited to 'sys/linux') diff --git a/sys/linux/bpf.txt b/sys/linux/bpf.txt index c0c29dce2..dfdb83f40 100644 --- a/sys/linux/bpf.txt +++ b/sys/linux/bpf.txt @@ -272,9 +272,12 @@ link_create_netfilter { } link_create_tcx { - relative id_or_fd - exp_revision bpf_revision -} + relative_link_fd fd_bpf_link (if[value[bpf_link_create_arg_t:flags] & BPF_F_LINK_OR_ID == BPF_F_LINK]) + relative_prog_fd fd_bpf_prog (if[value[bpf_link_create_arg_t:flags] & BPF_F_LINK_OR_ID == 0]) + relative_link_id bpf_link_id (if[value[bpf_link_create_arg_t:flags] & BPF_F_LINK_OR_ID == BPF_F_LINK_OR_ID]) + relative_prog_id bpf_prog_id (if[value[bpf_link_create_arg_t:flags] & BPF_F_LINK_OR_ID == BPF_F_ID]) + exp_revision bpf_revision +} [packed] link_create_uprobe_multi { path ptr64[in, filename] @@ -287,9 +290,12 @@ link_create_uprobe_multi { } link_create_netkit { - relative id_or_fd - exp_revision bpf_revision -} + relative_link_fd fd_bpf_link (if[value[bpf_link_create_arg_t:flags] & BPF_F_LINK_OR_ID == BPF_F_LINK]) + relative_prog_fd fd_bpf_prog (if[value[bpf_link_create_arg_t:flags] & BPF_F_LINK_OR_ID == 0]) + relative_link_id bpf_link_id (if[value[bpf_link_create_arg_t:flags] & BPF_F_LINK_OR_ID == BPF_F_LINK_OR_ID]) + relative_prog_id bpf_prog_id (if[value[bpf_link_create_arg_t:flags] & BPF_F_LINK_OR_ID == BPF_F_ID]) + exp_revision bpf_revision +} [packed] link_create_arg_extra [ target_btf_id bpf_btf_id @@ -301,7 +307,7 @@ link_create_arg_extra [ tcx link_create_tcx uprobe_multi link_create_uprobe_multi netkit link_create_netkit -] +] [varlen] type bpf_link_create_arg_t[PROG_FD, TARGET_FD, ATTACH_TYPE, FLAGS] { prog_fd PROG_FD @@ -396,32 +402,33 @@ bpf_attach_targets [ ifindex ifindex ] -id_or_fd [ - link_fd fd_bpf_link - prog_fd fd_bpf_prog - link_id bpf_link_id - prog_id bpf_prog_id -] +define BPF_F_LINK_OR_ID BPF_F_LINK | BPF_F_ID bpf_attach_arg { - target bpf_attach_targets - attach_bpf_fd fd_bpf_prog - type flags[bpf_attach_type, int32] - flags flags[bpf_attach_flags, int32] - replace_bpf_fd fd_bpf_prog - relative_obj id_or_fd - exp_revision bpf_revision -} + target bpf_attach_targets + attach_bpf_fd fd_bpf_prog + type flags[bpf_attach_type, int32] + flags flags[bpf_attach_flags, int32] + replace_bpf_fd fd_bpf_prog + relative_link_fd fd_bpf_link (if[value[flags] & BPF_F_LINK_OR_ID == BPF_F_LINK]) + relative_prog_fd fd_bpf_prog (if[value[flags] & BPF_F_LINK_OR_ID == 0]) + relative_link_id bpf_link_id (if[value[flags] & BPF_F_LINK_OR_ID == BPF_F_LINK_OR_ID]) + relative_prog_id bpf_prog_id (if[value[flags] & BPF_F_LINK_OR_ID == BPF_F_ID]) + exp_revision bpf_revision +} [packed] bpf_detach_arg { - target bpf_attach_targets - prog fd_bpf_prog - type flags[bpf_attach_type, int32] - flags flags[bpf_mprog_attach_flags, int32] - replace_bpf_fd const[0, int32] - relative_obj id_or_fd - exp_revision bpf_revision -} + target bpf_attach_targets + prog fd_bpf_prog + type flags[bpf_attach_type, int32] + flags flags[bpf_mprog_attach_flags, int32] + replace_bpf_fd const[0, int32] + relative_link_fd fd_bpf_link (if[value[flags] & BPF_F_LINK_OR_ID == BPF_F_LINK]) + relative_prog_fd fd_bpf_prog (if[value[flags] & BPF_F_LINK_OR_ID == 0]) + relative_link_id bpf_link_id (if[value[flags] & BPF_F_LINK_OR_ID == BPF_F_LINK_OR_ID]) + relative_prog_id bpf_prog_id (if[value[flags] & BPF_F_LINK_OR_ID == BPF_F_ID]) + exp_revision bpf_revision +} [packed] bpf_test_prog_arg { prog fd_bpf_prog diff --git a/sys/linux/bpf.txt.const b/sys/linux/bpf.txt.const index 3701a8177..c95f44494 100644 --- a/sys/linux/bpf.txt.const +++ b/sys/linux/bpf.txt.const @@ -62,6 +62,7 @@ BPF_F_ID = 32 BPF_F_INNER_MAP = 4096 BPF_F_KPROBE_MULTI_RETURN = 1 BPF_F_LINK = 8192 +BPF_F_LINK_OR_ID = 8224 BPF_F_LOCK = 4 BPF_F_MMAPABLE = 1024 BPF_F_NETFILTER_IP_DEFRAG = 1 diff --git a/sys/linux/test/bpf_cgroup b/sys/linux/test/bpf_cgroup index 0c31e3442..1ec4c55a9 100644 --- a/sys/linux/test/bpf_cgroup +++ b/sys/linux/test/bpf_cgroup @@ -10,7 +10,7 @@ r2 = bpf$PROG_LOAD(AUTO, &AUTO={0x17, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AU r3 = openat(0xffffffffffffff9c, &AUTO='./cgroup\x00', 0x0, 0x0) -r4 = bpf$BPF_PROG_ATTACH(AUTO, &AUTO={@cgroup=r3, r2, 0x12, 0x0, 0x0, @prog_id=0x0, 0x0}, AUTO) +r4 = bpf$BPF_PROG_ATTACH(AUTO, &AUTO={@cgroup=r3, r2, 0x12, 0x0, 0x0, @void, @value=0x0, @void, @void, 0x0}, AUTO) # It should fail now. @@ -18,7 +18,7 @@ r5 = write$tcp_congestion(r0, &AUTO='reno\x00', AUTO) # EPERM # Detach the BPF program. -r6 = bpf$BPF_PROG_DETACH(AUTO, &AUTO={@cgroup=r3, r2, 0x12, 0x0, 0x0, @prog_id=0x0, 0x0}, AUTO) +r6 = bpf$BPF_PROG_DETACH(AUTO, &AUTO={@cgroup=r3, r2, 0x12, 0x0, 0x0, @void, @value=0x0, @void, @void, 0x0}, AUTO) # It should work again. -- cgit mrf-deployment