www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Amery Hung <amery.hung@bytedance.com>
	Mon, 17 Feb 2025 19:06:39 +0000 (11:06 -0800)
committer	Alexei Starovoitov <ast@kernel.org>
	Tue, 18 Feb 2025 02:47:27 +0000 (18:47 -0800)
commit	8d9f547f74c7b984dd903c4ffec026f2b2d46c58
tree	74d1f99e0d6ed39dbce72d42582f5b41d33786a6	tree
parent	6991ec6beb262b8c21ba3ee1992d7e81d8203769	commit \| diff

bpf: Allow struct_ops prog to return referenced kptr

Allow a struct_ops program to return a referenced kptr if the struct_ops
operator's return type is a struct pointer. To make sure the returned
pointer continues to be valid in the kernel, several constraints are
required:

1) The type of the pointer must matches the return type
2) The pointer originally comes from the kernel (not locally allocated)
3) The pointer is in its unmodified form

Implementation wise, a referenced kptr first needs to be allowed to _leak_
in check_reference_leak() if it is in the return register. Then, in
check_return_code(), constraints 1-3 are checked. During struct_ops
registration, a check is also added to warn about operators with
non-struct pointer return.

In addition, since the first user, Qdisc_ops::dequeue, allows a NULL
pointer to be returned when there is no skb to be dequeued, we will allow
a scalar value with value equals to NULL to be returned.

In the future when there is a struct_ops user that always expects a valid
pointer to be returned from an operator, we may extend tagging to the
return value. We can tell the verifier to only allow NULL pointer return
if the return value is tagged with MAY_BE_NULL.

Signed-off-by: Amery Hung <amery.hung@bytedance.com>
Acked-by: Eduard Zingerman <eddyz87@gmail.com>
Acked-by: Martin KaFai Lau <martin.lau@kernel.org>
Link: https://lore.kernel.org/r/20250217190640.1748177-5-ameryhung@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

kernel/bpf/bpf_struct_ops.c		diff \| blob \| history
kernel/bpf/verifier.c		diff \| blob \| history