kernel/bpf/cgroup.c | 6 ------ kernel/bpf/helpers.c | 38 +++++++++++++++++++++++++++++++++++++ kernel/trace/bpf_trace.c | 41 ++++------------------------------------ net/core/filter.c | 2 -- 4 files changed, 42 insertions(+), 45 deletions(-)
From: Feng Yang <yangfeng@kylinos.cn>
if it works under NMI and doesn't use any context-dependent things,
should be fine for any program type. The detailed discussion is in [1].
[1] https://lore.kernel.org/all/CAEf4Bza6gK3dsrTosk6k3oZgtHesNDSrDd8sdeQ-GiS6oJixQg@mail.gmail.com/
Suggested-by: Andrii Nakryiko <andrii.nakryiko@gmail.com>
Signed-off-by: Feng Yang <yangfeng@kylinos.cn>
---
Changes in v2:
- not expose compat probe read APIs to more program types.
- Remove the prog->sleepable check added for copy_from_user,
- or the summarization_freplace/might_sleep_with_might_sleep test will fail with the error "program of this type cannot use helper bpf_copy_from_user"
- Link to v1: https://lore.kernel.org/all/20250425080032.327477-1-yangfeng59949@163.com/
---
kernel/bpf/cgroup.c | 6 ------
kernel/bpf/helpers.c | 38 +++++++++++++++++++++++++++++++++++++
kernel/trace/bpf_trace.c | 41 ++++------------------------------------
net/core/filter.c | 2 --
4 files changed, 42 insertions(+), 45 deletions(-)
diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c
index 84f58f3d028a..dbdad5f42761 100644
--- a/kernel/bpf/cgroup.c
+++ b/kernel/bpf/cgroup.c
@@ -2607,16 +2607,10 @@ const struct bpf_func_proto *
cgroup_current_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
{
switch (func_id) {
- case BPF_FUNC_get_current_uid_gid:
- return &bpf_get_current_uid_gid_proto;
- case BPF_FUNC_get_current_comm:
- return &bpf_get_current_comm_proto;
#ifdef CONFIG_CGROUP_NET_CLASSID
case BPF_FUNC_get_cgroup_classid:
return &bpf_get_cgroup_classid_curr_proto;
#endif
- case BPF_FUNC_current_task_under_cgroup:
- return &bpf_current_task_under_cgroup_proto;
default:
return NULL;
}
diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
index e3a2662f4e33..a01a2e55e17d 100644
--- a/kernel/bpf/helpers.c
+++ b/kernel/bpf/helpers.c
@@ -23,6 +23,7 @@
#include <linux/btf_ids.h>
#include <linux/bpf_mem_alloc.h>
#include <linux/kasan.h>
+#include <linux/bpf_verifier.h>
#include "../../lib/kstrtox.h"
@@ -1912,6 +1913,12 @@ const struct bpf_func_proto bpf_probe_read_user_str_proto __weak;
const struct bpf_func_proto bpf_probe_read_kernel_proto __weak;
const struct bpf_func_proto bpf_probe_read_kernel_str_proto __weak;
const struct bpf_func_proto bpf_task_pt_regs_proto __weak;
+const struct bpf_func_proto bpf_perf_event_read_proto __weak;
+const struct bpf_func_proto bpf_send_signal_proto __weak;
+const struct bpf_func_proto bpf_send_signal_thread_proto __weak;
+const struct bpf_func_proto bpf_get_task_stack_sleepable_proto __weak;
+const struct bpf_func_proto bpf_get_task_stack_proto __weak;
+const struct bpf_func_proto bpf_get_branch_snapshot_proto __weak;
const struct bpf_func_proto *
bpf_base_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
@@ -1965,6 +1972,8 @@ bpf_base_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
return &bpf_get_current_pid_tgid_proto;
case BPF_FUNC_get_ns_current_pid_tgid:
return &bpf_get_ns_current_pid_tgid_proto;
+ case BPF_FUNC_get_current_uid_gid:
+ return &bpf_get_current_uid_gid_proto;
default:
break;
}
@@ -2022,6 +2031,8 @@ bpf_base_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
return &bpf_get_current_cgroup_id_proto;
case BPF_FUNC_get_current_ancestor_cgroup_id:
return &bpf_get_current_ancestor_cgroup_id_proto;
+ case BPF_FUNC_current_task_under_cgroup:
+ return &bpf_current_task_under_cgroup_proto;
#endif
default:
break;
@@ -2037,6 +2048,8 @@ bpf_base_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
return &bpf_get_current_task_proto;
case BPF_FUNC_get_current_task_btf:
return &bpf_get_current_task_btf_proto;
+ case BPF_FUNC_get_current_comm:
+ return &bpf_get_current_comm_proto;
case BPF_FUNC_probe_read_user:
return &bpf_probe_read_user_proto;
case BPF_FUNC_probe_read_kernel:
@@ -2047,6 +2060,10 @@ bpf_base_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
case BPF_FUNC_probe_read_kernel_str:
return security_locked_down(LOCKDOWN_BPF_READ_KERNEL) < 0 ?
NULL : &bpf_probe_read_kernel_str_proto;
+ case BPF_FUNC_copy_from_user:
+ return &bpf_copy_from_user_proto;
+ case BPF_FUNC_copy_from_user_task:
+ return &bpf_copy_from_user_task_proto;
case BPF_FUNC_snprintf_btf:
return &bpf_snprintf_btf_proto;
case BPF_FUNC_snprintf:
@@ -2057,6 +2074,27 @@ bpf_base_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
return bpf_get_trace_vprintk_proto();
case BPF_FUNC_perf_event_read_value:
return bpf_get_perf_event_read_value_proto();
+ case BPF_FUNC_perf_event_read:
+ return &bpf_perf_event_read_proto;
+ case BPF_FUNC_send_signal:
+ return &bpf_send_signal_proto;
+ case BPF_FUNC_send_signal_thread:
+ return &bpf_send_signal_thread_proto;
+ case BPF_FUNC_get_task_stack:
+ return prog->sleepable ? &bpf_get_task_stack_sleepable_proto
+ : &bpf_get_task_stack_proto;
+ case BPF_FUNC_task_storage_get:
+ if (bpf_prog_check_recur(prog))
+ return &bpf_task_storage_get_recur_proto;
+ return &bpf_task_storage_get_proto;
+ case BPF_FUNC_task_storage_delete:
+ if (bpf_prog_check_recur(prog))
+ return &bpf_task_storage_delete_recur_proto;
+ return &bpf_task_storage_delete_proto;
+ case BPF_FUNC_get_branch_snapshot:
+ return &bpf_get_branch_snapshot_proto;
+ case BPF_FUNC_find_vma:
+ return &bpf_find_vma_proto;
default:
return NULL;
}
diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index 52c432a44aeb..868920994517 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -572,7 +572,7 @@ BPF_CALL_2(bpf_perf_event_read, struct bpf_map *, map, u64, flags)
return value;
}
-static const struct bpf_func_proto bpf_perf_event_read_proto = {
+const struct bpf_func_proto bpf_perf_event_read_proto = {
.func = bpf_perf_event_read,
.gpl_only = true,
.ret_type = RET_INTEGER,
@@ -882,7 +882,7 @@ BPF_CALL_1(bpf_send_signal, u32, sig)
return bpf_send_signal_common(sig, PIDTYPE_TGID, NULL, 0);
}
-static const struct bpf_func_proto bpf_send_signal_proto = {
+const struct bpf_func_proto bpf_send_signal_proto = {
.func = bpf_send_signal,
.gpl_only = false,
.ret_type = RET_INTEGER,
@@ -894,7 +894,7 @@ BPF_CALL_1(bpf_send_signal_thread, u32, sig)
return bpf_send_signal_common(sig, PIDTYPE_PID, NULL, 0);
}
-static const struct bpf_func_proto bpf_send_signal_thread_proto = {
+const struct bpf_func_proto bpf_send_signal_thread_proto = {
.func = bpf_send_signal_thread,
.gpl_only = false,
.ret_type = RET_INTEGER,
@@ -1185,7 +1185,7 @@ BPF_CALL_3(bpf_get_branch_snapshot, void *, buf, u32, size, u64, flags)
return entry_cnt * br_entry_size;
}
-static const struct bpf_func_proto bpf_get_branch_snapshot_proto = {
+const struct bpf_func_proto bpf_get_branch_snapshot_proto = {
.func = bpf_get_branch_snapshot,
.gpl_only = true,
.ret_type = RET_INTEGER,
@@ -1430,14 +1430,8 @@ bpf_tracing_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
const struct bpf_func_proto *func_proto;
switch (func_id) {
- case BPF_FUNC_get_current_uid_gid:
- return &bpf_get_current_uid_gid_proto;
- case BPF_FUNC_get_current_comm:
- return &bpf_get_current_comm_proto;
case BPF_FUNC_get_smp_processor_id:
return &bpf_get_smp_processor_id_proto;
- case BPF_FUNC_perf_event_read:
- return &bpf_perf_event_read_proto;
#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE
case BPF_FUNC_probe_read:
return security_locked_down(LOCKDOWN_BPF_READ_KERNEL) < 0 ?
@@ -1446,35 +1440,8 @@ bpf_tracing_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
return security_locked_down(LOCKDOWN_BPF_READ_KERNEL) < 0 ?
NULL : &bpf_probe_read_compat_str_proto;
#endif
-#ifdef CONFIG_CGROUPS
- case BPF_FUNC_current_task_under_cgroup:
- return &bpf_current_task_under_cgroup_proto;
-#endif
- case BPF_FUNC_send_signal:
- return &bpf_send_signal_proto;
- case BPF_FUNC_send_signal_thread:
- return &bpf_send_signal_thread_proto;
- case BPF_FUNC_get_task_stack:
- return prog->sleepable ? &bpf_get_task_stack_sleepable_proto
- : &bpf_get_task_stack_proto;
- case BPF_FUNC_copy_from_user:
- return &bpf_copy_from_user_proto;
- case BPF_FUNC_copy_from_user_task:
- return &bpf_copy_from_user_task_proto;
- case BPF_FUNC_task_storage_get:
- if (bpf_prog_check_recur(prog))
- return &bpf_task_storage_get_recur_proto;
- return &bpf_task_storage_get_proto;
- case BPF_FUNC_task_storage_delete:
- if (bpf_prog_check_recur(prog))
- return &bpf_task_storage_delete_recur_proto;
- return &bpf_task_storage_delete_proto;
case BPF_FUNC_get_func_ip:
return &bpf_get_func_ip_proto_tracing;
- case BPF_FUNC_get_branch_snapshot:
- return &bpf_get_branch_snapshot_proto;
- case BPF_FUNC_find_vma:
- return &bpf_find_vma_proto;
default:
break;
}
diff --git a/net/core/filter.c b/net/core/filter.c
index 79cab4d78dc3..53bf560354f7 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -8488,8 +8488,6 @@ sk_msg_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
return &bpf_msg_pop_data_proto;
case BPF_FUNC_perf_event_output:
return &bpf_event_output_data_proto;
- case BPF_FUNC_get_current_uid_gid:
- return &bpf_get_current_uid_gid_proto;
case BPF_FUNC_sk_storage_get:
return &bpf_sk_storage_get_proto;
case BPF_FUNC_sk_storage_delete:
--
2.43.0On Sat, Apr 26, 2025 at 11:39 PM Feng Yang <yangfeng59949@163.com> wrote:
>
> From: Feng Yang <yangfeng@kylinos.cn>
>
> if it works under NMI and doesn't use any context-dependent things,
> should be fine for any program type. The detailed discussion is in [1].
>
> [1] https://lore.kernel.org/all/CAEf4Bza6gK3dsrTosk6k3oZgtHesNDSrDd8sdeQ-GiS6oJixQg@mail.gmail.com/
>
> Suggested-by: Andrii Nakryiko <andrii.nakryiko@gmail.com>
> Signed-off-by: Feng Yang <yangfeng@kylinos.cn>
> ---
> Changes in v2:
> - not expose compat probe read APIs to more program types.
> - Remove the prog->sleepable check added for copy_from_user,
> - or the summarization_freplace/might_sleep_with_might_sleep test will fail with the error "program of this type cannot use helper bpf_copy_from_user"
> - Link to v1: https://lore.kernel.org/all/20250425080032.327477-1-yangfeng59949@163.com/
> ---
> kernel/bpf/cgroup.c | 6 ------
> kernel/bpf/helpers.c | 38 +++++++++++++++++++++++++++++++++++++
> kernel/trace/bpf_trace.c | 41 ++++------------------------------------
> net/core/filter.c | 2 --
> 4 files changed, 42 insertions(+), 45 deletions(-)
>
> diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c
> index 84f58f3d028a..dbdad5f42761 100644
> --- a/kernel/bpf/cgroup.c
> +++ b/kernel/bpf/cgroup.c
> @@ -2607,16 +2607,10 @@ const struct bpf_func_proto *
> cgroup_current_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
> {
> switch (func_id) {
> - case BPF_FUNC_get_current_uid_gid:
> - return &bpf_get_current_uid_gid_proto;
> - case BPF_FUNC_get_current_comm:
> - return &bpf_get_current_comm_proto;
> #ifdef CONFIG_CGROUP_NET_CLASSID
> case BPF_FUNC_get_cgroup_classid:
> return &bpf_get_cgroup_classid_curr_proto;
> #endif
this is the only one left, and again, it's just current-dependent, so
I'd just move this into base set and got rid of
cgroup_current_func_proto altogether (there are 5 callers, let's clean
them up)
> - case BPF_FUNC_current_task_under_cgroup:
> - return &bpf_current_task_under_cgroup_proto;
> default:
> return NULL;
> }
> diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
> index e3a2662f4e33..a01a2e55e17d 100644
> --- a/kernel/bpf/helpers.c
> +++ b/kernel/bpf/helpers.c
> @@ -23,6 +23,7 @@
> #include <linux/btf_ids.h>
> #include <linux/bpf_mem_alloc.h>
> #include <linux/kasan.h>
> +#include <linux/bpf_verifier.h>
why do we need this include?
[...]
> @@ -2057,6 +2074,27 @@ bpf_base_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
> return bpf_get_trace_vprintk_proto();
> case BPF_FUNC_perf_event_read_value:
> return bpf_get_perf_event_read_value_proto();
> + case BPF_FUNC_perf_event_read:
> + return &bpf_perf_event_read_proto;
> + case BPF_FUNC_send_signal:
> + return &bpf_send_signal_proto;
> + case BPF_FUNC_send_signal_thread:
> + return &bpf_send_signal_thread_proto;
> + case BPF_FUNC_get_task_stack:
> + return prog->sleepable ? &bpf_get_task_stack_sleepable_proto
> + : &bpf_get_task_stack_proto;
> + case BPF_FUNC_task_storage_get:
> + if (bpf_prog_check_recur(prog))
> + return &bpf_task_storage_get_recur_proto;
> + return &bpf_task_storage_get_proto;
> + case BPF_FUNC_task_storage_delete:
> + if (bpf_prog_check_recur(prog))
> + return &bpf_task_storage_delete_recur_proto;
> + return &bpf_task_storage_delete_proto;
task_storage_{get,delete} probably should be guarded just by CAP_BPF,
no need for CAP_PERFMON, IMO. Can you please move them up a bit?
Also, we should probably get rid of bpf_scx_get_func_proto() in
kernel/sched/ext.c, given it only adds these two on top of the base
set? But that's probably a separate patch against sched_ext tree?
cc'ing Tejun
pw-bot: cr
> + case BPF_FUNC_get_branch_snapshot:
> + return &bpf_get_branch_snapshot_proto;
> + case BPF_FUNC_find_vma:
> + return &bpf_find_vma_proto;
> default:
> return NULL;
> }
[...]
On Thu, 1 May 2025 11:11:52 -0700 Andrii Nakryiko <andrii.nakryiko@gmail.com> wrote:
> On Sat, Apr 26, 2025 at 11:39 PM Feng Yang <yangfeng59949@163.com> wrote:
> >
> > From: Feng Yang <yangfeng@kylinos.cn>
> >
> > if it works under NMI and doesn't use any context-dependent things,
> > should be fine for any program type. The detailed discussion is in [1].
> >
> > [1] https://lore.kernel.org/all/CAEf4Bza6gK3dsrTosk6k3oZgtHesNDSrDd8sdeQ-GiS6oJixQg@mail.gmail.com/
> >
> > Suggested-by: Andrii Nakryiko <andrii.nakryiko@gmail.com>
> > Signed-off-by: Feng Yang <yangfeng@kylinos.cn>
> > ---
> > Changes in v2:
> > - not expose compat probe read APIs to more program types.
> > - Remove the prog->sleepable check added for copy_from_user,
> > - or the summarization_freplace/might_sleep_with_might_sleep test will fail with the error "program of this type cannot use helper bpf_copy_from_user"
> > - Link to v1: https://lore.kernel.org/all/20250425080032.327477-1-yangfeng59949@163.com/
> > ---
> > kernel/bpf/cgroup.c | 6 ------
> > kernel/bpf/helpers.c | 38 +++++++++++++++++++++++++++++++++++++
> > kernel/trace/bpf_trace.c | 41 ++++------------------------------------
> > net/core/filter.c | 2 --
> > 4 files changed, 42 insertions(+), 45 deletions(-)
> >
> > diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c
> > index 84f58f3d028a..dbdad5f42761 100644
> > --- a/kernel/bpf/cgroup.c
> > +++ b/kernel/bpf/cgroup.c
> > @@ -2607,16 +2607,10 @@ const struct bpf_func_proto *
> > cgroup_current_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
> > {
> > switch (func_id) {
> > - case BPF_FUNC_get_current_uid_gid:
> > - return &bpf_get_current_uid_gid_proto;
> > - case BPF_FUNC_get_current_comm:
> > - return &bpf_get_current_comm_proto;
> > #ifdef CONFIG_CGROUP_NET_CLASSID
> > case BPF_FUNC_get_cgroup_classid:
> > return &bpf_get_cgroup_classid_curr_proto;
> > #endif
>
> this is the only one left, and again, it's just current-dependent, so
> I'd just move this into base set and got rid of
> cgroup_current_func_proto altogether (there are 5 callers, let's clean
> them up)
>
> > - case BPF_FUNC_current_task_under_cgroup:
> > - return &bpf_current_task_under_cgroup_proto;
> > default:
> > return NULL;
> > }
> > diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
> > index e3a2662f4e33..a01a2e55e17d 100644
> > --- a/kernel/bpf/helpers.c
> > +++ b/kernel/bpf/helpers.c
> > @@ -23,6 +23,7 @@
> > #include <linux/btf_ids.h>
> > #include <linux/bpf_mem_alloc.h>
> > #include <linux/kasan.h>
> > +#include <linux/bpf_verifier.h>
>
> why do we need this include?
>
> [...]
bpf_prog_check_recur in bpf_verifier.h.
© 2016 - 2025 Red Hat, Inc.