bpf: treewide: Align kfunc signatures to prog point-of-view

Previously, kfunc declarations in bpf_kfuncs.h (and others) used "user
facing" types for kfuncs prototypes while the actual kfunc definitions
used "kernel facing" types. More specifically: bpf_dynptr vs
bpf_dynptr_kern, __sk_buff vs sk_buff, and xdp_md vs xdp_buff.

It wasn't an issue before, as the verifier allows aliased types.
However, since we are now generating kfunc prototypes in vmlinux.h (in
addition to keeping bpf_kfuncs.h around), this conflict creates
compilation errors.

Fix this conflict by using "user facing" types in kfunc definitions.
This results in more casts, but otherwise has no additional runtime
cost.

Note, similar to 5b268d1ebc ("bpf: Have bpf_rdonly_cast() take a const
pointer"), we also make kfuncs take const arguments where appropriate in
order to make the kfunc more permissive.

Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
Link: https://lore.kernel.org/r/b58346a63a0e66bc9b7504da751b526b0b189a67.1718207789.git.dxu@dxuuu.xyz
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
This commit is contained in:
Daniel Xu 2024-06-12 09:58:33 -06:00 committed by Alexei Starovoitov
parent ec209ad863
commit cce4c40b96
9 changed files with 88 additions and 53 deletions

View File

@ -111,14 +111,15 @@ __bpf_kfunc_start_defs();
/** /**
* bpf_get_fsverity_digest: read fsverity digest of file * bpf_get_fsverity_digest: read fsverity digest of file
* @file: file to get digest from * @file: file to get digest from
* @digest_ptr: (out) dynptr for struct fsverity_digest * @digest_p: (out) dynptr for struct fsverity_digest
* *
* Read fsverity_digest of *file* into *digest_ptr*. * Read fsverity_digest of *file* into *digest_ptr*.
* *
* Return: 0 on success, a negative value on error. * Return: 0 on success, a negative value on error.
*/ */
__bpf_kfunc int bpf_get_fsverity_digest(struct file *file, struct bpf_dynptr_kern *digest_ptr) __bpf_kfunc int bpf_get_fsverity_digest(struct file *file, struct bpf_dynptr *digest_p)
{ {
struct bpf_dynptr_kern *digest_ptr = (struct bpf_dynptr_kern *)digest_p;
const struct inode *inode = file_inode(file); const struct inode *inode = file_inode(file);
u32 dynptr_sz = __bpf_dynptr_size(digest_ptr); u32 dynptr_sz = __bpf_dynptr_size(digest_ptr);
struct fsverity_digest *arg; struct fsverity_digest *arg;

View File

@ -3265,8 +3265,8 @@ u32 bpf_sock_convert_ctx_access(enum bpf_access_type type,
struct bpf_insn *insn_buf, struct bpf_insn *insn_buf,
struct bpf_prog *prog, struct bpf_prog *prog,
u32 *target_size); u32 *target_size);
int bpf_dynptr_from_skb_rdonly(struct sk_buff *skb, u64 flags, int bpf_dynptr_from_skb_rdonly(struct __sk_buff *skb, u64 flags,
struct bpf_dynptr_kern *ptr); struct bpf_dynptr *ptr);
#else #else
static inline bool bpf_sock_common_is_valid_access(int off, int size, static inline bool bpf_sock_common_is_valid_access(int off, int size,
enum bpf_access_type type, enum bpf_access_type type,
@ -3288,8 +3288,8 @@ static inline u32 bpf_sock_convert_ctx_access(enum bpf_access_type type,
{ {
return 0; return 0;
} }
static inline int bpf_dynptr_from_skb_rdonly(struct sk_buff *skb, u64 flags, static inline int bpf_dynptr_from_skb_rdonly(struct __sk_buff *skb, u64 flags,
struct bpf_dynptr_kern *ptr) struct bpf_dynptr *ptr)
{ {
return -EOPNOTSUPP; return -EOPNOTSUPP;
} }

View File

@ -311,11 +311,15 @@ static int bpf_crypto_crypt(const struct bpf_crypto_ctx *ctx,
* Decrypts provided buffer using IV data and the crypto context. Crypto context must be configured. * Decrypts provided buffer using IV data and the crypto context. Crypto context must be configured.
*/ */
__bpf_kfunc int bpf_crypto_decrypt(struct bpf_crypto_ctx *ctx, __bpf_kfunc int bpf_crypto_decrypt(struct bpf_crypto_ctx *ctx,
const struct bpf_dynptr_kern *src, const struct bpf_dynptr *src,
const struct bpf_dynptr_kern *dst, const struct bpf_dynptr *dst,
const struct bpf_dynptr_kern *siv) const struct bpf_dynptr *siv)
{ {
return bpf_crypto_crypt(ctx, src, dst, siv, true); const struct bpf_dynptr_kern *src_kern = (struct bpf_dynptr_kern *)src;
const struct bpf_dynptr_kern *dst_kern = (struct bpf_dynptr_kern *)dst;
const struct bpf_dynptr_kern *siv_kern = (struct bpf_dynptr_kern *)siv;
return bpf_crypto_crypt(ctx, src_kern, dst_kern, siv_kern, true);
} }
/** /**
@ -328,11 +332,15 @@ __bpf_kfunc int bpf_crypto_decrypt(struct bpf_crypto_ctx *ctx,
* Encrypts provided buffer using IV data and the crypto context. Crypto context must be configured. * Encrypts provided buffer using IV data and the crypto context. Crypto context must be configured.
*/ */
__bpf_kfunc int bpf_crypto_encrypt(struct bpf_crypto_ctx *ctx, __bpf_kfunc int bpf_crypto_encrypt(struct bpf_crypto_ctx *ctx,
const struct bpf_dynptr_kern *src, const struct bpf_dynptr *src,
const struct bpf_dynptr_kern *dst, const struct bpf_dynptr *dst,
const struct bpf_dynptr_kern *siv) const struct bpf_dynptr *siv)
{ {
return bpf_crypto_crypt(ctx, src, dst, siv, false); const struct bpf_dynptr_kern *src_kern = (struct bpf_dynptr_kern *)src;
const struct bpf_dynptr_kern *dst_kern = (struct bpf_dynptr_kern *)dst;
const struct bpf_dynptr_kern *siv_kern = (struct bpf_dynptr_kern *)siv;
return bpf_crypto_crypt(ctx, src_kern, dst_kern, siv_kern, false);
} }
__bpf_kfunc_end_defs(); __bpf_kfunc_end_defs();

View File

@ -2459,9 +2459,10 @@ __bpf_kfunc struct task_struct *bpf_task_from_pid(s32 pid)
* provided buffer, with its contents containing the data, if unable to obtain * provided buffer, with its contents containing the data, if unable to obtain
* direct pointer) * direct pointer)
*/ */
__bpf_kfunc void *bpf_dynptr_slice(const struct bpf_dynptr_kern *ptr, u32 offset, __bpf_kfunc void *bpf_dynptr_slice(const struct bpf_dynptr *p, u32 offset,
void *buffer__opt, u32 buffer__szk) void *buffer__opt, u32 buffer__szk)
{ {
const struct bpf_dynptr_kern *ptr = (struct bpf_dynptr_kern *)p;
enum bpf_dynptr_type type; enum bpf_dynptr_type type;
u32 len = buffer__szk; u32 len = buffer__szk;
int err; int err;
@ -2543,9 +2544,11 @@ __bpf_kfunc void *bpf_dynptr_slice(const struct bpf_dynptr_kern *ptr, u32 offset
* provided buffer, with its contents containing the data, if unable to obtain * provided buffer, with its contents containing the data, if unable to obtain
* direct pointer) * direct pointer)
*/ */
__bpf_kfunc void *bpf_dynptr_slice_rdwr(const struct bpf_dynptr_kern *ptr, u32 offset, __bpf_kfunc void *bpf_dynptr_slice_rdwr(const struct bpf_dynptr *p, u32 offset,
void *buffer__opt, u32 buffer__szk) void *buffer__opt, u32 buffer__szk)
{ {
const struct bpf_dynptr_kern *ptr = (struct bpf_dynptr_kern *)p;
if (!ptr->data || __bpf_dynptr_is_rdonly(ptr)) if (!ptr->data || __bpf_dynptr_is_rdonly(ptr))
return NULL; return NULL;
@ -2571,11 +2574,12 @@ __bpf_kfunc void *bpf_dynptr_slice_rdwr(const struct bpf_dynptr_kern *ptr, u32 o
* will be copied out into the buffer and the user will need to call * will be copied out into the buffer and the user will need to call
* bpf_dynptr_write() to commit changes. * bpf_dynptr_write() to commit changes.
*/ */
return bpf_dynptr_slice(ptr, offset, buffer__opt, buffer__szk); return bpf_dynptr_slice(p, offset, buffer__opt, buffer__szk);
} }
__bpf_kfunc int bpf_dynptr_adjust(struct bpf_dynptr_kern *ptr, u32 start, u32 end) __bpf_kfunc int bpf_dynptr_adjust(const struct bpf_dynptr *p, u32 start, u32 end)
{ {
struct bpf_dynptr_kern *ptr = (struct bpf_dynptr_kern *)p;
u32 size; u32 size;
if (!ptr->data || start > end) if (!ptr->data || start > end)
@ -2592,36 +2596,45 @@ __bpf_kfunc int bpf_dynptr_adjust(struct bpf_dynptr_kern *ptr, u32 start, u32 en
return 0; return 0;
} }
__bpf_kfunc bool bpf_dynptr_is_null(struct bpf_dynptr_kern *ptr) __bpf_kfunc bool bpf_dynptr_is_null(const struct bpf_dynptr *p)
{ {
struct bpf_dynptr_kern *ptr = (struct bpf_dynptr_kern *)p;
return !ptr->data; return !ptr->data;
} }
__bpf_kfunc bool bpf_dynptr_is_rdonly(struct bpf_dynptr_kern *ptr) __bpf_kfunc bool bpf_dynptr_is_rdonly(const struct bpf_dynptr *p)
{ {
struct bpf_dynptr_kern *ptr = (struct bpf_dynptr_kern *)p;
if (!ptr->data) if (!ptr->data)
return false; return false;
return __bpf_dynptr_is_rdonly(ptr); return __bpf_dynptr_is_rdonly(ptr);
} }
__bpf_kfunc __u32 bpf_dynptr_size(const struct bpf_dynptr_kern *ptr) __bpf_kfunc __u32 bpf_dynptr_size(const struct bpf_dynptr *p)
{ {
struct bpf_dynptr_kern *ptr = (struct bpf_dynptr_kern *)p;
if (!ptr->data) if (!ptr->data)
return -EINVAL; return -EINVAL;
return __bpf_dynptr_size(ptr); return __bpf_dynptr_size(ptr);
} }
__bpf_kfunc int bpf_dynptr_clone(struct bpf_dynptr_kern *ptr, __bpf_kfunc int bpf_dynptr_clone(const struct bpf_dynptr *p,
struct bpf_dynptr_kern *clone__uninit) struct bpf_dynptr *clone__uninit)
{ {
struct bpf_dynptr_kern *clone = (struct bpf_dynptr_kern *)clone__uninit;
struct bpf_dynptr_kern *ptr = (struct bpf_dynptr_kern *)p;
if (!ptr->data) { if (!ptr->data) {
bpf_dynptr_set_null(clone__uninit); bpf_dynptr_set_null(clone);
return -EINVAL; return -EINVAL;
} }
*clone__uninit = *ptr; *clone = *ptr;
return 0; return 0;
} }
@ -2986,7 +2999,9 @@ late_initcall(kfunc_init);
*/ */
const void *__bpf_dynptr_data(const struct bpf_dynptr_kern *ptr, u32 len) const void *__bpf_dynptr_data(const struct bpf_dynptr_kern *ptr, u32 len)
{ {
return bpf_dynptr_slice(ptr, 0, NULL, len); const struct bpf_dynptr *p = (struct bpf_dynptr *)ptr;
return bpf_dynptr_slice(p, 0, NULL, len);
} }
/* Get a pointer to dynptr data up to len bytes for read write access. If /* Get a pointer to dynptr data up to len bytes for read write access. If

View File

@ -10914,7 +10914,7 @@ enum {
}; };
BTF_ID_LIST(kf_arg_btf_ids) BTF_ID_LIST(kf_arg_btf_ids)
BTF_ID(struct, bpf_dynptr_kern) BTF_ID(struct, bpf_dynptr)
BTF_ID(struct, bpf_list_head) BTF_ID(struct, bpf_list_head)
BTF_ID(struct, bpf_list_node) BTF_ID(struct, bpf_list_node)
BTF_ID(struct, bpf_rb_root) BTF_ID(struct, bpf_rb_root)

View File

@ -1369,8 +1369,8 @@ __bpf_kfunc void bpf_key_put(struct bpf_key *bkey)
#ifdef CONFIG_SYSTEM_DATA_VERIFICATION #ifdef CONFIG_SYSTEM_DATA_VERIFICATION
/** /**
* bpf_verify_pkcs7_signature - verify a PKCS#7 signature * bpf_verify_pkcs7_signature - verify a PKCS#7 signature
* @data_ptr: data to verify * @data_p: data to verify
* @sig_ptr: signature of the data * @sig_p: signature of the data
* @trusted_keyring: keyring with keys trusted for signature verification * @trusted_keyring: keyring with keys trusted for signature verification
* *
* Verify the PKCS#7 signature *sig_ptr* against the supplied *data_ptr* * Verify the PKCS#7 signature *sig_ptr* against the supplied *data_ptr*
@ -1378,10 +1378,12 @@ __bpf_kfunc void bpf_key_put(struct bpf_key *bkey)
* *
* Return: 0 on success, a negative value on error. * Return: 0 on success, a negative value on error.
*/ */
__bpf_kfunc int bpf_verify_pkcs7_signature(struct bpf_dynptr_kern *data_ptr, __bpf_kfunc int bpf_verify_pkcs7_signature(struct bpf_dynptr *data_p,
struct bpf_dynptr_kern *sig_ptr, struct bpf_dynptr *sig_p,
struct bpf_key *trusted_keyring) struct bpf_key *trusted_keyring)
{ {
struct bpf_dynptr_kern *data_ptr = (struct bpf_dynptr_kern *)data_p;
struct bpf_dynptr_kern *sig_ptr = (struct bpf_dynptr_kern *)sig_p;
const void *data, *sig; const void *data, *sig;
u32 data_len, sig_len; u32 data_len, sig_len;
int ret; int ret;
@ -1444,7 +1446,7 @@ __bpf_kfunc_start_defs();
* bpf_get_file_xattr - get xattr of a file * bpf_get_file_xattr - get xattr of a file
* @file: file to get xattr from * @file: file to get xattr from
* @name__str: name of the xattr * @name__str: name of the xattr
* @value_ptr: output buffer of the xattr value * @value_p: output buffer of the xattr value
* *
* Get xattr *name__str* of *file* and store the output in *value_ptr*. * Get xattr *name__str* of *file* and store the output in *value_ptr*.
* *
@ -1453,8 +1455,9 @@ __bpf_kfunc_start_defs();
* Return: 0 on success, a negative value on error. * Return: 0 on success, a negative value on error.
*/ */
__bpf_kfunc int bpf_get_file_xattr(struct file *file, const char *name__str, __bpf_kfunc int bpf_get_file_xattr(struct file *file, const char *name__str,
struct bpf_dynptr_kern *value_ptr) struct bpf_dynptr *value_p)
{ {
struct bpf_dynptr_kern *value_ptr = (struct bpf_dynptr_kern *)value_p;
struct dentry *dentry; struct dentry *dentry;
u32 value_len; u32 value_len;
void *value; void *value;

View File

@ -11859,28 +11859,34 @@ bpf_sk_base_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
} }
__bpf_kfunc_start_defs(); __bpf_kfunc_start_defs();
__bpf_kfunc int bpf_dynptr_from_skb(struct sk_buff *skb, u64 flags, __bpf_kfunc int bpf_dynptr_from_skb(struct __sk_buff *s, u64 flags,
struct bpf_dynptr_kern *ptr__uninit) struct bpf_dynptr *ptr__uninit)
{ {
struct bpf_dynptr_kern *ptr = (struct bpf_dynptr_kern *)ptr__uninit;
struct sk_buff *skb = (struct sk_buff *)s;
if (flags) { if (flags) {
bpf_dynptr_set_null(ptr__uninit); bpf_dynptr_set_null(ptr);
return -EINVAL; return -EINVAL;
} }
bpf_dynptr_init(ptr__uninit, skb, BPF_DYNPTR_TYPE_SKB, 0, skb->len); bpf_dynptr_init(ptr, skb, BPF_DYNPTR_TYPE_SKB, 0, skb->len);
return 0; return 0;
} }
__bpf_kfunc int bpf_dynptr_from_xdp(struct xdp_buff *xdp, u64 flags, __bpf_kfunc int bpf_dynptr_from_xdp(struct xdp_md *x, u64 flags,
struct bpf_dynptr_kern *ptr__uninit) struct bpf_dynptr *ptr__uninit)
{ {
struct bpf_dynptr_kern *ptr = (struct bpf_dynptr_kern *)ptr__uninit;
struct xdp_buff *xdp = (struct xdp_buff *)x;
if (flags) { if (flags) {
bpf_dynptr_set_null(ptr__uninit); bpf_dynptr_set_null(ptr);
return -EINVAL; return -EINVAL;
} }
bpf_dynptr_init(ptr__uninit, xdp, BPF_DYNPTR_TYPE_XDP, 0, xdp_get_buff_len(xdp)); bpf_dynptr_init(ptr, xdp, BPF_DYNPTR_TYPE_XDP, 0, xdp_get_buff_len(xdp));
return 0; return 0;
} }
@ -11906,10 +11912,11 @@ __bpf_kfunc int bpf_sock_addr_set_sun_path(struct bpf_sock_addr_kern *sa_kern,
return 0; return 0;
} }
__bpf_kfunc int bpf_sk_assign_tcp_reqsk(struct sk_buff *skb, struct sock *sk, __bpf_kfunc int bpf_sk_assign_tcp_reqsk(struct __sk_buff *s, struct sock *sk,
struct bpf_tcp_req_attrs *attrs, int attrs__sz) struct bpf_tcp_req_attrs *attrs, int attrs__sz)
{ {
#if IS_ENABLED(CONFIG_SYN_COOKIES) #if IS_ENABLED(CONFIG_SYN_COOKIES)
struct sk_buff *skb = (struct sk_buff *)s;
const struct request_sock_ops *ops; const struct request_sock_ops *ops;
struct inet_request_sock *ireq; struct inet_request_sock *ireq;
struct tcp_request_sock *treq; struct tcp_request_sock *treq;
@ -12004,16 +12011,17 @@ __bpf_kfunc int bpf_sk_assign_tcp_reqsk(struct sk_buff *skb, struct sock *sk,
__bpf_kfunc_end_defs(); __bpf_kfunc_end_defs();
int bpf_dynptr_from_skb_rdonly(struct sk_buff *skb, u64 flags, int bpf_dynptr_from_skb_rdonly(struct __sk_buff *skb, u64 flags,
struct bpf_dynptr_kern *ptr__uninit) struct bpf_dynptr *ptr__uninit)
{ {
struct bpf_dynptr_kern *ptr = (struct bpf_dynptr_kern *)ptr__uninit;
int err; int err;
err = bpf_dynptr_from_skb(skb, flags, ptr__uninit); err = bpf_dynptr_from_skb(skb, flags, ptr__uninit);
if (err) if (err)
return err; return err;
bpf_dynptr_set_rdonly(ptr__uninit); bpf_dynptr_set_rdonly(ptr);
return 0; return 0;
} }

View File

@ -12,7 +12,7 @@
#define IP_OFFSET 0x1FFF #define IP_OFFSET 0x1FFF
#define NEXTHDR_FRAGMENT 44 #define NEXTHDR_FRAGMENT 44
extern int bpf_dynptr_from_skb(struct sk_buff *skb, __u64 flags, extern int bpf_dynptr_from_skb(struct __sk_buff *skb, __u64 flags,
struct bpf_dynptr *ptr__uninit) __ksym; struct bpf_dynptr *ptr__uninit) __ksym;
extern void *bpf_dynptr_slice(const struct bpf_dynptr *ptr, uint32_t offset, extern void *bpf_dynptr_slice(const struct bpf_dynptr *ptr, uint32_t offset,
void *buffer, uint32_t buffer__sz) __ksym; void *buffer, uint32_t buffer__sz) __ksym;
@ -42,7 +42,7 @@ static bool is_frag_v6(struct ipv6hdr *ip6h)
return ip6h->nexthdr == NEXTHDR_FRAGMENT; return ip6h->nexthdr == NEXTHDR_FRAGMENT;
} }
static int handle_v4(struct sk_buff *skb) static int handle_v4(struct __sk_buff *skb)
{ {
struct bpf_dynptr ptr; struct bpf_dynptr ptr;
u8 iph_buf[20] = {}; u8 iph_buf[20] = {};
@ -64,7 +64,7 @@ static int handle_v4(struct sk_buff *skb)
return NF_ACCEPT; return NF_ACCEPT;
} }
static int handle_v6(struct sk_buff *skb) static int handle_v6(struct __sk_buff *skb)
{ {
struct bpf_dynptr ptr; struct bpf_dynptr ptr;
struct ipv6hdr *ip6h; struct ipv6hdr *ip6h;
@ -89,9 +89,9 @@ static int handle_v6(struct sk_buff *skb)
SEC("netfilter") SEC("netfilter")
int defrag(struct bpf_nf_ctx *ctx) int defrag(struct bpf_nf_ctx *ctx)
{ {
struct sk_buff *skb = ctx->skb; struct __sk_buff *skb = (struct __sk_buff *)ctx->skb;
switch (bpf_ntohs(skb->protocol)) { switch (bpf_ntohs(ctx->skb->protocol)) {
case ETH_P_IP: case ETH_P_IP:
return handle_v4(skb); return handle_v4(skb);
case ETH_P_IPV6: case ETH_P_IPV6:

View File

@ -79,7 +79,7 @@ int with_invalid_ctx_access_test5(struct bpf_nf_ctx *ctx)
return NF_ACCEPT; return NF_ACCEPT;
} }
extern int bpf_dynptr_from_skb(struct sk_buff *skb, __u64 flags, extern int bpf_dynptr_from_skb(struct __sk_buff *skb, __u64 flags,
struct bpf_dynptr *ptr__uninit) __ksym; struct bpf_dynptr *ptr__uninit) __ksym;
extern void *bpf_dynptr_slice(const struct bpf_dynptr *ptr, uint32_t offset, extern void *bpf_dynptr_slice(const struct bpf_dynptr *ptr, uint32_t offset,
void *buffer, uint32_t buffer__sz) __ksym; void *buffer, uint32_t buffer__sz) __ksym;
@ -90,8 +90,8 @@ __success __failure_unpriv
__retval(0) __retval(0)
int with_valid_ctx_access_test6(struct bpf_nf_ctx *ctx) int with_valid_ctx_access_test6(struct bpf_nf_ctx *ctx)
{ {
struct __sk_buff *skb = (struct __sk_buff *)ctx->skb;
const struct nf_hook_state *state = ctx->state; const struct nf_hook_state *state = ctx->state;
struct sk_buff *skb = ctx->skb;
const struct iphdr *iph; const struct iphdr *iph;
const struct tcphdr *th; const struct tcphdr *th;
u8 buffer_iph[20] = {}; u8 buffer_iph[20] = {};
@ -99,7 +99,7 @@ int with_valid_ctx_access_test6(struct bpf_nf_ctx *ctx)
struct bpf_dynptr ptr; struct bpf_dynptr ptr;
uint8_t ihl; uint8_t ihl;
if (skb->len <= 20 || bpf_dynptr_from_skb(skb, 0, &ptr)) if (ctx->skb->len <= 20 || bpf_dynptr_from_skb(skb, 0, &ptr))
return NF_ACCEPT; return NF_ACCEPT;
iph = bpf_dynptr_slice(&ptr, 0, buffer_iph, sizeof(buffer_iph)); iph = bpf_dynptr_slice(&ptr, 0, buffer_iph, sizeof(buffer_iph));