Attach a cookie to a tracing program. #278

kernel-patches-bot · 2022-04-07T19:33:02Z

Pull request for series with
subject: Attach a cookie to a tracing program.
version: 3
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=630138

kernel-patches-bot · 2022-04-07T19:33:03Z

Master branch: e58c5c9
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=630138
version: 3

Pull request is NOT updated. Failed to apply https://patchwork.kernel.org/project/netdevbpf/list/?series=630138
error message:

Cmd('git') failed due to: exit code(128)
  cmdline: git am -3
  stdout: 'Applying: bpf, x86: Generate trampolines from bpf_tramp_links
Using index info to reconstruct a base tree...
M	arch/x86/net/bpf_jit_comp.c
M	include/linux/bpf.h
M	include/linux/bpf_types.h
M	include/uapi/linux/bpf.h
M	kernel/bpf/syscall.c
M	kernel/bpf/trampoline.c
M	tools/bpf/bpftool/link.c
M	tools/include/uapi/linux/bpf.h
Falling back to patching base and 3-way merge...
Auto-merging tools/include/uapi/linux/bpf.h
CONFLICT (content): Merge conflict in tools/include/uapi/linux/bpf.h
Auto-merging tools/bpf/bpftool/link.c
CONFLICT (content): Merge conflict in tools/bpf/bpftool/link.c
Auto-merging kernel/bpf/trampoline.c
Auto-merging kernel/bpf/syscall.c
Auto-merging include/uapi/linux/bpf.h
CONFLICT (content): Merge conflict in include/uapi/linux/bpf.h
Auto-merging include/linux/bpf_types.h
CONFLICT (content): Merge conflict in include/linux/bpf_types.h
Auto-merging include/linux/bpf.h
Auto-merging arch/x86/net/bpf_jit_comp.c
Patch failed at 0001 bpf, x86: Generate trampolines from bpf_tramp_links
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".'
  stderr: 'error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch'

conflict:

diff --cc include/linux/bpf_types.h
index 3e24ad0c4b3c,8228c86eb92b..000000000000
--- a/include/linux/bpf_types.h
+++ b/include/linux/bpf_types.h
@@@ -140,4 -140,4 +140,8 @@@ BPF_LINK_TYPE(BPF_LINK_TYPE_XDP, xdp
  #ifdef CONFIG_PERF_EVENTS
  BPF_LINK_TYPE(BPF_LINK_TYPE_PERF_EVENT, perf)
  #endif
++<<<<<<< HEAD
 +BPF_LINK_TYPE(BPF_LINK_TYPE_KPROBE_MULTI, kprobe_multi)
++=======
+ BPF_LINK_TYPE(BPF_LINK_TYPE_STRUCT_OPS, struct_ops)
++>>>>>>> bpf, x86: Generate trampolines from bpf_tramp_links
diff --cc include/uapi/linux/bpf.h
index d14b10b85e51,9e34da50440c..000000000000
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@@ -1012,7 -1011,7 +1012,11 @@@ enum bpf_link_type 
  	BPF_LINK_TYPE_NETNS = 5,
  	BPF_LINK_TYPE_XDP = 6,
  	BPF_LINK_TYPE_PERF_EVENT = 7,
++<<<<<<< HEAD
 +	BPF_LINK_TYPE_KPROBE_MULTI = 8,
++=======
+ 	BPF_LINK_TYPE_STRUCT_OPS = 8,
++>>>>>>> bpf, x86: Generate trampolines from bpf_tramp_links
  
  	MAX_BPF_LINK_TYPE,
  };
diff --cc tools/bpf/bpftool/link.c
index 8fb0116f9136,d49a2bdc983f..000000000000
--- a/tools/bpf/bpftool/link.c
+++ b/tools/bpf/bpftool/link.c
@@@ -20,9 -20,7 +20,13 @@@ static const char * const link_type_nam
  	[BPF_LINK_TYPE_CGROUP]			= "cgroup",
  	[BPF_LINK_TYPE_ITER]			= "iter",
  	[BPF_LINK_TYPE_NETNS]			= "netns",
++<<<<<<< HEAD
 +	[BPF_LINK_TYPE_XDP]			= "xdp",
 +	[BPF_LINK_TYPE_PERF_EVENT]		= "perf_event",
 +	[BPF_LINK_TYPE_KPROBE_MULTI]		= "kprobe_multi",
++=======
+ 	[BPF_LINK_TYPE_STRUCT_OPS]               = "struct_ops",
++>>>>>>> bpf, x86: Generate trampolines from bpf_tramp_links
  };
  
  static struct hashmap *link_table;
diff --cc tools/include/uapi/linux/bpf.h
index d14b10b85e51,9e34da50440c..000000000000
--- a/tools/include/uapi/linux/bpf.h
+++ b/tools/include/uapi/linux/bpf.h
@@@ -1012,7 -1011,7 +1012,11 @@@ enum bpf_link_type 
  	BPF_LINK_TYPE_NETNS = 5,
  	BPF_LINK_TYPE_XDP = 6,
  	BPF_LINK_TYPE_PERF_EVENT = 7,
++<<<<<<< HEAD
 +	BPF_LINK_TYPE_KPROBE_MULTI = 8,
++=======
+ 	BPF_LINK_TYPE_STRUCT_OPS = 8,
++>>>>>>> bpf, x86: Generate trampolines from bpf_tramp_links
  
  	MAX_BPF_LINK_TYPE,
  };

kernel-patches-bot · 2022-04-08T21:34:43Z

At least one diff in series https://patchwork.kernel.org/project/netdevbpf/list/?series=630138 expired. Closing PR.

also extend prog_tests with a small retval test: values other than accept or drop (0, 1) will cause issues. NF_QUEUE could be implemented later if we can guarantee that attachment of such programs can be rejected if they get attached to a pf/hook that doesn't support async reinjection. NF_STOLEN could be implemented via trusted helpers that can guarantee that the skb will eventually be free'd. $ ./test_progs --allow=verifier_netfilter_retcode #278/1 verifier_netfilter_retcode/bpf_exit with invalid return code. test1:OK #278/2 verifier_netfilter_retcode/bpf_exit with valid return code. test2:OK #278/3 verifier_netfilter_retcode/bpf_exit with valid return code. test3:OK #278/4 verifier_netfilter_retcode/bpf_exit with invalid return code. test4:OK #278 verifier_netfilter_retcode:OK Signed-off-by: Florian Westphal <fw@strlen.de>

Extend prog_tests with two test cases: # ./test_progs --allow=verifier_netfilter_retcode #278/1 verifier_netfilter_retcode/bpf_exit with invalid return code. test1:OK #278/2 verifier_netfilter_retcode/bpf_exit with valid return code. test2:OK #278/3 verifier_netfilter_retcode/bpf_exit with valid return code. test3:OK #278/4 verifier_netfilter_retcode/bpf_exit with invalid return code. test4:OK #278 verifier_netfilter_retcode:OK This checks that only accept and drop (0,1) are permitted. NF_QUEUE could be implemented later if we can guarantee that attachment of such programs can be rejected if they get attached to a pf/hook that doesn't support async reinjection. NF_STOLEN could be implemented via trusted helpers that can guarantee that the skb will eventually be free'd. v4: test case for bpf_nf_ctx access checks, requested by Alexei Starovoitov. # ./test_progs --allow=verifier_netfilter_ctx #280/1 verifier_netfilter_ctx/netfilter invalid context access, size too short:OK #280/2 verifier_netfilter_ctx/netfilter invalid context access, size too short:OK #280/3 verifier_netfilter_ctx/netfilter invalid context access, past end of ctx:OK #280/4 verifier_netfilter_ctx/netfilter invalid context, write:OK #280/5 verifier_netfilter_ctx/netfilter valid context access:OK #280/6 verifier_netfilter_ctx/netfilter valid context access @unpriv:OK #280 verifier_netfilter_ctx:OK Summary: 1/6 PASSED, 0 SKIPPED, 0 FAILED This checks: 1/2: partial reads of ctx->{skb,state} are rejected 3. read access past sizeof(ctx) is rejected 4. write to ctx content, e.g. 'ctx->skb = NULL;' is rejected 5. ctx->skb and ctx->state can be read (valid case), but ... 6. ... same program fails for unpriv (CAP_NET_ADMIN needed). Link: https://lore.kernel.org/bpf/20230419021152.sjq4gttphzzy6b5f@dhcp-172-26-102-232.dhcp.thefacebook.com/ Signed-off-by: Florian Westphal <fw@strlen.de>

Extend prog_tests with two test cases: # ./test_progs --allow=verifier_netfilter_retcode #278/1 verifier_netfilter_retcode/bpf_exit with invalid return code. test1:OK #278/2 verifier_netfilter_retcode/bpf_exit with valid return code. test2:OK #278/3 verifier_netfilter_retcode/bpf_exit with valid return code. test3:OK #278/4 verifier_netfilter_retcode/bpf_exit with invalid return code. test4:OK #278 verifier_netfilter_retcode:OK This checks that only accept and drop (0,1) are permitted. NF_QUEUE could be implemented later if we can guarantee that attachment of such programs can be rejected if they get attached to a pf/hook that doesn't support async reinjection. NF_STOLEN could be implemented via trusted helpers that can guarantee that the skb will eventually be free'd. v4: test case for bpf_nf_ctx access checks, requested by Alexei Starovoitov. v5: also check ctx->{state,skb} can be dereferenced (Alexei). # ./test_progs --allow=verifier_netfilter_ctx #281/1 verifier_netfilter_ctx/netfilter invalid context access, size too short:OK #281/2 verifier_netfilter_ctx/netfilter invalid context access, size too short:OK #281/3 verifier_netfilter_ctx/netfilter invalid context access, past end of ctx:OK #281/4 verifier_netfilter_ctx/netfilter invalid context, write:OK #281/5 verifier_netfilter_ctx/netfilter valid context read and invalid write:OK #281/6 verifier_netfilter_ctx/netfilter test prog with skb and state read access:OK #281/7 verifier_netfilter_ctx/netfilter test prog with skb and state read access @unpriv:OK #281 verifier_netfilter_ctx:OK Summary: 1/7 PASSED, 0 SKIPPED, 0 FAILED This checks: 1/2: partial reads of ctx->{skb,state} are rejected 3. read access past sizeof(ctx) is rejected 4. write to ctx content, e.g. 'ctx->skb = NULL;' is rejected 5. ctx->state content cannot be altered 6. ctx->state and ctx->skb can be dereferenced 7. ... same program fails for unpriv (CAP_NET_ADMIN needed). Link: https://lore.kernel.org/bpf/20230419021152.sjq4gttphzzy6b5f@dhcp-172-26-102-232.dhcp.thefacebook.com/ Link: https://lore.kernel.org/bpf/20230420201655.77kkgi3dh7fesoll@MacBook-Pro-6.local/ Signed-off-by: Florian Westphal <fw@strlen.de>

Extend prog_tests with two test cases: # ./test_progs --allow=verifier_netfilter_retcode #278/1 verifier_netfilter_retcode/bpf_exit with invalid return code. test1:OK #278/2 verifier_netfilter_retcode/bpf_exit with valid return code. test2:OK #278/3 verifier_netfilter_retcode/bpf_exit with valid return code. test3:OK #278/4 verifier_netfilter_retcode/bpf_exit with invalid return code. test4:OK #278 verifier_netfilter_retcode:OK This checks that only accept and drop (0,1) are permitted. NF_QUEUE could be implemented later if we can guarantee that attachment of such programs can be rejected if they get attached to a pf/hook that doesn't support async reinjection. NF_STOLEN could be implemented via trusted helpers that can guarantee that the skb will eventually be free'd. v4: test case for bpf_nf_ctx access checks, requested by Alexei Starovoitov. v5: also check ctx->{state,skb} can be dereferenced (Alexei). # ./test_progs --allow=verifier_netfilter_ctx #281/1 verifier_netfilter_ctx/netfilter invalid context access, size too short:OK #281/2 verifier_netfilter_ctx/netfilter invalid context access, size too short:OK #281/3 verifier_netfilter_ctx/netfilter invalid context access, past end of ctx:OK #281/4 verifier_netfilter_ctx/netfilter invalid context, write:OK #281/5 verifier_netfilter_ctx/netfilter valid context read and invalid write:OK #281/6 verifier_netfilter_ctx/netfilter test prog with skb and state read access:OK #281/7 verifier_netfilter_ctx/netfilter test prog with skb and state read access @unpriv:OK #281 verifier_netfilter_ctx:OK Summary: 1/7 PASSED, 0 SKIPPED, 0 FAILED This checks: 1/2: partial reads of ctx->{skb,state} are rejected 3. read access past sizeof(ctx) is rejected 4. write to ctx content, e.g. 'ctx->skb = NULL;' is rejected 5. ctx->state content cannot be altered 6. ctx->state and ctx->skb can be dereferenced 7. ... same program fails for unpriv (CAP_NET_ADMIN needed). Link: https://lore.kernel.org/bpf/20230419021152.sjq4gttphzzy6b5f@dhcp-172-26-102-232.dhcp.thefacebook.com/ Link: https://lore.kernel.org/bpf/20230420201655.77kkgi3dh7fesoll@MacBook-Pro-6.local/ Signed-off-by: Florian Westphal <fw@strlen.de> Link: https://lore.kernel.org/r/20230421170300.24115-8-fw@strlen.de Signed-off-by: Alexei Starovoitov <ast@kernel.org>

Dummy commit

5d77dd1

kernel-patches-bot added bpf-next merge-conflict new V3 labels Apr 7, 2022

kernel-patches-bot added changes-requested and removed merge-conflict new labels Apr 8, 2022

kernel-patches-bot closed this Apr 8, 2022

kernel-patches-bot deleted the series/608830=>bpf-next branch April 11, 2022 04:34

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Attach a cookie to a tracing program. #278

Attach a cookie to a tracing program. #278

Uh oh!

kernel-patches-bot commented Apr 7, 2022

Uh oh!

kernel-patches-bot commented Apr 7, 2022

Uh oh!

kernel-patches-bot commented Apr 8, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Attach a cookie to a tracing program. #278

Attach a cookie to a tracing program. #278

Uh oh!

Conversation

kernel-patches-bot commented Apr 7, 2022

Uh oh!

kernel-patches-bot commented Apr 7, 2022

Uh oh!

kernel-patches-bot commented Apr 8, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants