From patchwork Wed May  9 21:07:09 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Joe Stringer <joe@wand.net.nz>
X-Patchwork-Id: 911192
X-Patchwork-Delegate: bpf@iogearbox.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=none (p=none dis=none) header.from=wand.net.nz
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="N+wOvxX2"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 40h88259w2z9s1w
	for <patchwork-incoming-netdev@ozlabs.org>;
	Thu, 10 May 2018 07:07:46 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S965674AbeEIVHn (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Wed, 9 May 2018 17:07:43 -0400
Received: from mail-oi0-f66.google.com ([209.85.218.66]:33299 "EHLO
	mail-oi0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S965653AbeEIVHg (ORCPT
	<rfc822;netdev@vger.kernel.org>); Wed, 9 May 2018 17:07:36 -0400
Received: by mail-oi0-f66.google.com with SMTP id k5-v6so25976553oiw.0
	for <netdev@vger.kernel.org>; Wed, 09 May 2018 14:07:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=sender:from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=UjdsSsDNrNKPTR2a0t+XPN58gRjle+eJpyzF6tZwefk=;
	b=N+wOvxX2DPTXQ3enBm7g0EcIOrhSl3NlOrINDx1LcbiELhuxrPiSfHrJst5aDXscMI
	pii61D8a0poJADntzo2gHlUpEkciRGYYBRvg3wRIEmQuN30w9hAFqlFInsS7zR4jfXd3
	989mPrI7VxejY3M+DYa1x61LNFwUxFiPwux7hPn705uenFGL3qY1SFEsvRqAlgeYfH/I
	6SkvXrUoycL8O8eC2yvIE2oFlTtwHaOzDwc7TAdzrcNochEg837TXFhHMWBXsBu2bDpo
	Akg3O1jTKWPHDET8O+URr27YA/92fyrvGV7UdB5GwlYs38m0bIF6qqZuIHl0Jif9Jb+M
	jU5g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
	:in-reply-to:references;
	bh=UjdsSsDNrNKPTR2a0t+XPN58gRjle+eJpyzF6tZwefk=;
	b=MIZnJW2XIEF+3BaCyySi14Dl/BET1kXuKtLX1WQNizWkCH0KU2G+mM5Q2fWO29rbpM
	zeC8xpmxqzH4HQ/a2D+jBOR3HuzQ81rjw0xHDVH/DXciXyMB/p1+EO2jzCc72iqb5G4X
	MFvBUmqZFyWfqE0eKwQhNIlyCk5gstrp33zxzZ5J5rRR8FLbolMRmu4tmm34MAG0YcQx
	5FUxERG0aZXkjqZytv5GlHbY+KW2cVKplBwBweMmIOnWFV05Uvv/69iq37zX+UZOSNW/
	CN/+CCAhcNZL32weeAQxcbrcG0hGBXFEs/Hq31p2nFpGgtIKoJcZF4+5do5+KOTb/F44
	TEWg==
X-Gm-Message-State: ALQs6tCp/akbYYyA+AuQC+jLZwOno/S8x95OPyBS85+LZ66Ntko2ETAT
	tKu69cp5hsRvqIs5JDFWyw8=
X-Google-Smtp-Source: 
 AB8JxZoQu2pRgkUh6xATLoXa9fX2aog6GT7pbZBXBjBIoYho/ehRUeKevR0IEiJhJ2jp40ja9H6z8A==
X-Received: by 2002:aca:1904:: with SMTP id
	l4-v6mr30702352oii.216.1525900055316;
	Wed, 09 May 2018 14:07:35 -0700 (PDT)
Received: from allosaurus.lan ([99.0.85.34])
	by smtp.gmail.com with ESMTPSA id
	h125-v6sm13612921oic.54.2018.05.09.14.07.34
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 09 May 2018 14:07:34 -0700 (PDT)
From: Joe Stringer <joe@wand.net.nz>
To: daniel@iogearbox.net
Cc: netdev@vger.kernel.org, ast@kernel.org, john.fastabend@gmail.com,
	kafai@fb.com
Subject: [RFC bpf-next 11/11] Documentation: Describe bpf reference tracking
Date: Wed,  9 May 2018 14:07:09 -0700
Message-Id: <20180509210709.7201-12-joe@wand.net.nz>
X-Mailer: git-send-email 2.14.1
In-Reply-To: <20180509210709.7201-1-joe@wand.net.nz>
References: <20180509210709.7201-1-joe@wand.net.nz>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Signed-off-by: Joe Stringer <joe@wand.net.nz>
---
 Documentation/networking/filter.txt | 64 +++++++++++++++++++++++++++++++++++++
 1 file changed, 64 insertions(+)

diff --git a/Documentation/networking/filter.txt b/Documentation/networking/filter.txt
index 5032e1263bc9..77be17977bc5 100644
--- a/Documentation/networking/filter.txt
+++ b/Documentation/networking/filter.txt
@@ -1125,6 +1125,14 @@ pointer type.  The types of pointers describe their base, as follows:
     PTR_TO_STACK        Frame pointer.
     PTR_TO_PACKET       skb->data.
     PTR_TO_PACKET_END   skb->data + headlen; arithmetic forbidden.
+    PTR_TO_SOCKET       Pointer to struct bpf_sock_ops, implicitly refcounted.
+    PTR_TO_SOCKET_OR_NULL
+                        Either a pointer to a socket, or NULL; socket lookup
+                        returns this type, which becomes a PTR_TO_SOCKET when
+                        checked != NULL. PTR_TO_SOCKET is reference-counted,
+                        so programs must release the reference through the
+                        socket release function before the end of the program.
+                        Arithmetic on these pointers is forbidden.
 However, a pointer may be offset from this base (as a result of pointer
 arithmetic), and this is tracked in two parts: the 'fixed offset' and 'variable
 offset'.  The former is used when an exactly-known value (e.g. an immediate
@@ -1168,6 +1176,13 @@ over the Ethernet header, then reads IHL and addes (IHL * 4), the resulting
 pointer will have a variable offset known to be 4n+2 for some n, so adding the 2
 bytes (NET_IP_ALIGN) gives a 4-byte alignment and so word-sized accesses through
 that pointer are safe.
+The 'id' field is also used on PTR_TO_SOCKET and PTR_TO_SOCKET_OR_NULL, common
+to all copies of the pointer returned from a socket lookup. This has similar
+behaviour to the handling for PTR_TO_MAP_VALUE_OR_NULL->PTR_TO_MAP_VALUE, but
+it also handles reference tracking for the pointer. PTR_TO_SOCKET implicitly
+represents a reference to the corresponding 'struct sock'. To ensure that the
+reference is not leaked, it is imperative to NULL-check the reference and in
+the non-NULL case, and pass the valid reference to the socket release function.
 
 Direct packet access
 --------------------
@@ -1441,6 +1456,55 @@ Error:
   8: (7a) *(u64 *)(r0 +0) = 1
   R0 invalid mem access 'imm'
 
+Program that performs a socket lookup then sets the pointer to NULL without
+checking it:
+value:
+  BPF_MOV64_IMM(BPF_REG_2, 0),
+  BPF_STX_MEM(BPF_W, BPF_REG_10, BPF_REG_2, -8),
+  BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
+  BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
+  BPF_MOV64_IMM(BPF_REG_3, 4),
+  BPF_MOV64_IMM(BPF_REG_4, 0),
+  BPF_MOV64_IMM(BPF_REG_5, 0),
+  BPF_EMIT_CALL(BPF_FUNC_sk_lookup),
+  BPF_MOV64_IMM(BPF_REG_0, 0),
+  BPF_EXIT_INSN(),
+Error:
+  0: (b7) r2 = 0
+  1: (63) *(u32 *)(r10 -8) = r2
+  2: (bf) r2 = r10
+  3: (07) r2 += -8
+  4: (b7) r3 = 4
+  5: (b7) r4 = 0
+  6: (b7) r5 = 0
+  7: (85) call bpf_sk_lookup#65
+  8: (b7) r0 = 0
+  9: (95) exit
+  Unreleased reference id=1, alloc_insn=7
+
+Program that performs a socket lookup but does not NULL-check the returned
+value:
+  BPF_MOV64_IMM(BPF_REG_2, 0),
+  BPF_STX_MEM(BPF_W, BPF_REG_10, BPF_REG_2, -8),
+  BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
+  BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
+  BPF_MOV64_IMM(BPF_REG_3, 4),
+  BPF_MOV64_IMM(BPF_REG_4, 0),
+  BPF_MOV64_IMM(BPF_REG_5, 0),
+  BPF_EMIT_CALL(BPF_FUNC_sk_lookup),
+  BPF_EXIT_INSN(),
+Error:
+  0: (b7) r2 = 0
+  1: (63) *(u32 *)(r10 -8) = r2
+  2: (bf) r2 = r10
+  3: (07) r2 += -8
+  4: (b7) r3 = 4
+  5: (b7) r4 = 0
+  6: (b7) r5 = 0
+  7: (85) call bpf_sk_lookup#65
+  8: (95) exit
+  Unreleased reference id=1, alloc_insn=7
+
 Testing
 -------