| Message ID | 20200818213356.2629020-1-andriin@fb.com |
|---|---|
| Headers | show |
| Series | libbpf feature probing and sanitization improvements | expand |
On Tue, Aug 18, 2020 at 02:33:49PM -0700, Andrii Nakryiko wrote: > This patch set refactors libbpf feature probing to be done lazily on as-needed > basis, instead of proactively testing all possible features libbpf knows > about. This allows to scale such detections and mitigations better, without > issuing unnecessary syscalls on each bpf_object__load() call. It's also now > memoized globally, instead of per-bpf_object. > > Building on that, libbpf will now detect availability of > bpf_probe_read_kernel() helper (which means also -user and -str variants), and > will sanitize BPF program code by replacing such references to generic > variants (bpf_probe_read[_str]()). This allows to migrate all BPF programs > into proper -kernel/-user probing helpers, without the fear of breaking them > for old kernels. > > With that, update BPF_CORE_READ() and related macros to use > bpf_probe_read_kernel(), as it doesn't make much sense to do CO-RE relocations > against user-space types. And the only class of cases in which BPF program > might read kernel type from user-space are UAPI data structures which by > definition are fixed in their memory layout and don't need relocating. This is > exemplified by test_vmlinux test, which is fixed as part of this patch set as > well. BPF_CORE_READ() is useful for chainingg bpf_probe_read_{kernel,user}() > calls together even without relocation, so we might add user-space variants, > if there is a need. > > While at making libbpf more useful for older kernels, also improve handling of > a complete lack of BTF support in kernel by not even attempting to load BTF > info into kernel. This eliminates annoying warning about lack of BTF support > in the kernel and map creation retry without BTF. If user is using features > that require kernel BTF support, it will still fail, of course. Applied, Thanks
This patch set refactors libbpf feature probing to be done lazily on as-needed basis, instead of proactively testing all possible features libbpf knows about. This allows to scale such detections and mitigations better, without issuing unnecessary syscalls on each bpf_object__load() call. It's also now memoized globally, instead of per-bpf_object. Building on that, libbpf will now detect availability of bpf_probe_read_kernel() helper (which means also -user and -str variants), and will sanitize BPF program code by replacing such references to generic variants (bpf_probe_read[_str]()). This allows to migrate all BPF programs into proper -kernel/-user probing helpers, without the fear of breaking them for old kernels. With that, update BPF_CORE_READ() and related macros to use bpf_probe_read_kernel(), as it doesn't make much sense to do CO-RE relocations against user-space types. And the only class of cases in which BPF program might read kernel type from user-space are UAPI data structures which by definition are fixed in their memory layout and don't need relocating. This is exemplified by test_vmlinux test, which is fixed as part of this patch set as well. BPF_CORE_READ() is useful for chainingg bpf_probe_read_{kernel,user}() calls together even without relocation, so we might add user-space variants, if there is a need. While at making libbpf more useful for older kernels, also improve handling of a complete lack of BTF support in kernel by not even attempting to load BTF info into kernel. This eliminates annoying warning about lack of BTF support in the kernel and map creation retry without BTF. If user is using features that require kernel BTF support, it will still fail, of course. Andrii Nakryiko (7): libbpf: disable -Wswitch-enum compiler warning libbpf: make kernel feature probing lazy libbpf: factor out common logic of testing and closing FD libbpf: sanitize BPF program code for bpf_probe_read_{kernel,user}[_str] selftests/bpf: fix test_vmlinux test to use bpf_probe_read_user() libbpf: switch tracing and CO-RE helper macros to bpf_probe_read_kernel() libbpf: detect minimal BTF support and skip BTF loading, if missing tools/lib/bpf/Makefile | 2 +- tools/lib/bpf/bpf_core_read.h | 40 ++- tools/lib/bpf/bpf_tracing.h | 4 +- tools/lib/bpf/libbpf.c | 319 +++++++++++------- .../selftests/bpf/progs/test_vmlinux.c | 12 +- 5 files changed, 240 insertions(+), 137 deletions(-)