1. Patchew
  2. linux
  3. View series

[PATCH bpf-next] bpf: use type_may_be_null() helper for nullable-param check

Shung-Hsi Yu posted 1 patch 1 year, 3 months ago 
include/linux/bpf_verifier.h   | 5 +++++
kernel/bpf/verifier.c          | 5 -----
net/bpf/bpf_dummy_struct_ops.c | 2 +-
3 files changed, 6 insertions(+), 6 deletions(-)
[PATCH bpf-next] bpf: use type_may_be_null() helper for nullable-param check
Posted by Shung-Hsi Yu 1 year, 3 months ago 
Commit 980ca8ceeae6 ("bpf: check bpf_dummy_struct_ops program params for
test runs") does bitwise AND between reg_type and PTR_MAYBE_NULL, which
is correct, but due to type difference the compiler complains:

  net/bpf/bpf_dummy_struct_ops.c:118:31: warning: bitwise operation between different enumeration types ('const enum bpf_reg_type' and 'enum bpf_type_flag') [-Wenum-enum-conversion]
    118 |                 if (info && (info->reg_type & PTR_MAYBE_NULL))
        |                              ~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~

Workaround the warning by moving the type_may_be_null() helper from
verifier.c into bpf_verifier.h, and reuse it here to check whether param
is nullable.

Fixes: 980ca8ceeae6 ("bpf: check bpf_dummy_struct_ops program params for test runs")
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202404241956.HEiRYwWq-lkp@intel.com/
Signed-off-by: Shung-Hsi Yu <shung-hsi.yu@suse.com>
---
Due to kernel test bot not setting the correct email header
(reported[1]) Eduard probably never saw the report about the warning
(nor did it show up on Patchwork).

1: https://github.com/intel/lkp-tests/issues/383
---
 include/linux/bpf_verifier.h   | 5 +++++
 kernel/bpf/verifier.c          | 5 -----
 net/bpf/bpf_dummy_struct_ops.c | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h
index 8458632824a4..4513372c5bc8 100644
--- a/include/linux/bpf_verifier.h
+++ b/include/linux/bpf_verifier.h
@@ -927,6 +927,11 @@ static inline bool type_is_sk_pointer(enum bpf_reg_type type)
 		type == PTR_TO_XDP_SOCK;
 }
 
+static inline bool type_may_be_null(u32 type)
+{
+	return type & PTR_MAYBE_NULL;
+}
+
 static inline void mark_reg_scratched(struct bpf_verifier_env *env, u32 regno)
 {
 	env->scratched_regs |= 1U << regno;
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index b806afeba212..53d0556fbbf3 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -383,11 +383,6 @@ static void verbose_invalid_scalar(struct bpf_verifier_env *env,
 	verbose(env, " should have been in [%d, %d]\n", range.minval, range.maxval);
 }
 
-static bool type_may_be_null(u32 type)
-{
-	return type & PTR_MAYBE_NULL;
-}
-
 static bool reg_not_null(const struct bpf_reg_state *reg)
 {
 	enum bpf_reg_type type;
diff --git a/net/bpf/bpf_dummy_struct_ops.c b/net/bpf/bpf_dummy_struct_ops.c
index 3ea52b05adfb..f71f67c6896b 100644
--- a/net/bpf/bpf_dummy_struct_ops.c
+++ b/net/bpf/bpf_dummy_struct_ops.c
@@ -115,7 +115,7 @@ static int check_test_run_args(struct bpf_prog *prog, struct bpf_dummy_ops_test_
 
 		offset = btf_ctx_arg_offset(bpf_dummy_ops_btf, func_proto, arg_no);
 		info = find_ctx_arg_info(prog->aux, offset);
-		if (info && (info->reg_type & PTR_MAYBE_NULL))
+		if (info && type_may_be_null(info->reg_type))
 			continue;
 
 		return -EINVAL;
-- 
2.46.0
Re: [PATCH bpf-next] bpf: use type_may_be_null() helper for nullable-param check
Posted by Eduard Zingerman 1 year, 3 months ago 
On Thu, 2024-09-05 at 13:52 +0800, Shung-Hsi Yu wrote:
> Commit 980ca8ceeae6 ("bpf: check bpf_dummy_struct_ops program params for
> test runs") does bitwise AND between reg_type and PTR_MAYBE_NULL, which
> is correct, but due to type difference the compiler complains:
> 
>   net/bpf/bpf_dummy_struct_ops.c:118:31: warning: bitwise operation between different enumeration types ('const enum bpf_reg_type' and 'enum bpf_type_flag') [-Wenum-enum-conversion]
>     118 |                 if (info && (info->reg_type & PTR_MAYBE_NULL))
>         |                              ~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~
> 
> Workaround the warning by moving the type_may_be_null() helper from
> verifier.c into bpf_verifier.h, and reuse it here to check whether param
> is nullable.
> 
> Fixes: 980ca8ceeae6 ("bpf: check bpf_dummy_struct_ops program params for test runs")
> Reported-by: kernel test robot <lkp@intel.com>
> Closes: https://lore.kernel.org/oe-kbuild-all/202404241956.HEiRYwWq-lkp@intel.com/
> Signed-off-by: Shung-Hsi Yu <shung-hsi.yu@suse.com>
> ---

Thank you for this fix.
Replacing other uses of PTR_MAYBE_NULL suggested by Matt seems like a
good idea, but it does not preclude merge for this patch.

Acked-by: Eduard Zingerman <eddyz87@gmail.com>

[...]
Re: [PATCH bpf-next] bpf: use type_may_be_null() helper for nullable-param check
Posted by Matt Bobrowski 1 year, 3 months ago 
On Thu, Sep 05, 2024 at 01:52:32PM +0800, Shung-Hsi Yu wrote:
> Commit 980ca8ceeae6 ("bpf: check bpf_dummy_struct_ops program params for
> test runs") does bitwise AND between reg_type and PTR_MAYBE_NULL, which
> is correct, but due to type difference the compiler complains:
> 
>   net/bpf/bpf_dummy_struct_ops.c:118:31: warning: bitwise operation between different enumeration types ('const enum bpf_reg_type' and 'enum bpf_type_flag') [-Wenum-enum-conversion]
>     118 |                 if (info && (info->reg_type & PTR_MAYBE_NULL))
>         |                              ~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~
> 
> Workaround the warning by moving the type_may_be_null() helper from
> verifier.c into bpf_verifier.h, and reuse it here to check whether param
> is nullable.
> 
> Fixes: 980ca8ceeae6 ("bpf: check bpf_dummy_struct_ops program params for test runs")
> Reported-by: kernel test robot <lkp@intel.com>
> Closes: https://lore.kernel.org/oe-kbuild-all/202404241956.HEiRYwWq-lkp@intel.com/
> Signed-off-by: Shung-Hsi Yu <shung-hsi.yu@suse.com>
> ---
> Due to kernel test bot not setting the correct email header
> (reported[1]) Eduard probably never saw the report about the warning
> (nor did it show up on Patchwork).
> 
> 1: https://github.com/intel/lkp-tests/issues/383
> ---
>  include/linux/bpf_verifier.h   | 5 +++++
>  kernel/bpf/verifier.c          | 5 -----
>  net/bpf/bpf_dummy_struct_ops.c | 2 +-
>  3 files changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h
> index 8458632824a4..4513372c5bc8 100644
> --- a/include/linux/bpf_verifier.h
> +++ b/include/linux/bpf_verifier.h
> @@ -927,6 +927,11 @@ static inline bool type_is_sk_pointer(enum bpf_reg_type type)
>  		type == PTR_TO_XDP_SOCK;
>  }
>  
> +static inline bool type_may_be_null(u32 type)
> +{
> +	return type & PTR_MAYBE_NULL;
> +}
> +
>
>  static inline void mark_reg_scratched(struct bpf_verifier_env *env, u32 regno)
>  {
>  	env->scratched_regs |= 1U << regno;
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index b806afeba212..53d0556fbbf3 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -383,11 +383,6 @@ static void verbose_invalid_scalar(struct bpf_verifier_env *env,
>  	verbose(env, " should have been in [%d, %d]\n", range.minval, range.maxval);
>  }
>  
> -static bool type_may_be_null(u32 type)
> -{
> -	return type & PTR_MAYBE_NULL;
> -}
> -
>  static bool reg_not_null(const struct bpf_reg_state *reg)
>  {
>  	enum bpf_reg_type type;
> diff --git a/net/bpf/bpf_dummy_struct_ops.c b/net/bpf/bpf_dummy_struct_ops.c
> index 3ea52b05adfb..f71f67c6896b 100644
> --- a/net/bpf/bpf_dummy_struct_ops.c
> +++ b/net/bpf/bpf_dummy_struct_ops.c
> @@ -115,7 +115,7 @@ static int check_test_run_args(struct bpf_prog *prog, struct bpf_dummy_ops_test_
>  
>  		offset = btf_ctx_arg_offset(bpf_dummy_ops_btf, func_proto, arg_no);
>  		info = find_ctx_arg_info(prog->aux, offset);
> -		if (info && (info->reg_type & PTR_MAYBE_NULL))
> +		if (info && type_may_be_null(info->reg_type))

Maybe as part of this clean up, we should also consider replacing all
the open-coded & PTR_MAYBE_NULL checks with type_may_be_null() which
we have sprinkled throughout kernel/bpf/verifier.c?

/M
Re: [PATCH bpf-next] bpf: use type_may_be_null() helper for nullable-param check
Posted by Shung-Hsi Yu 1 year, 3 months ago 
On Thu, Sep 05, 2024 at 08:00:09AM GMT, Matt Bobrowski wrote:
> On Thu, Sep 05, 2024 at 01:52:32PM +0800, Shung-Hsi Yu wrote:
[...]
> > --- a/net/bpf/bpf_dummy_struct_ops.c
> > +++ b/net/bpf/bpf_dummy_struct_ops.c
> > @@ -115,7 +115,7 @@ static int check_test_run_args(struct bpf_prog *prog, struct bpf_dummy_ops_test_
> >  
> >  		offset = btf_ctx_arg_offset(bpf_dummy_ops_btf, func_proto, arg_no);
> >  		info = find_ctx_arg_info(prog->aux, offset);
> > -		if (info && (info->reg_type & PTR_MAYBE_NULL))
> > +		if (info && type_may_be_null(info->reg_type))
> 
> Maybe as part of this clean up, we should also consider replacing all
> the open-coded & PTR_MAYBE_NULL checks with type_may_be_null() which
> we have sprinkled throughout kernel/bpf/verifier.c?

Agree we should. Usage like this could be replaced

	if (ptr_reg->type & PTR_MAYBE_NULL) {
		verbose(env, "R%d pointer arithmetic on %s prohibited, null-check it first\n",
			dst, reg_type_str(env, ptr_reg->type));
		return -EACCES;
	}

OTOH replacing & PTR_MAYBE_NULL here probably won't help improve
clarity.

	if (base_type(arg->arg_type) == ARG_PTR_TO_BTF_ID) {
		reg->type = PTR_TO_BTF_ID;
		if (arg->arg_type & PTR_MAYBE_NULL)
			reg->type |= PTR_MAYBE_NULL;
		if (arg->arg_type & PTR_UNTRUSTED)
			reg->type |= PTR_UNTRUSTED;
		if (arg->arg_type & PTR_TRUSTED)
			reg->type |= PTR_TRUSTED;
		...

For such case we might need to introduce another helper (bitwise-OR
between enum bpf_type_flag should be free of compiler warning).

	reg->type = type_flag_apply(PTR_TO_BTF_ID, arg->arg_type,
								PTR_MAYBE_NULL | PTR_UNTRUSTED | PTR_TRUSTED);

WDYT?

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.