bpf: kernel side support for BTF Var and DataSec
authorDaniel Borkmann <daniel@iogearbox.net>
Tue, 9 Apr 2019 21:20:09 +0000 (23:20 +0200)
committerAlexei Starovoitov <ast@kernel.org>
Wed, 10 Apr 2019 00:05:46 +0000 (17:05 -0700)
This work adds kernel-side verification, logging and seq_show dumping
of BTF Var and DataSec kinds which are emitted with latest LLVM. The
following constraints apply:

BTF Var must have:

- Its kind_flag is 0
- Its vlen is 0
- Must point to a valid type
- Type must not resolve to a forward type
- Size of underlying type must be > 0
- Must have a valid name
- Can only be a source type, not sink or intermediate one
- Name may include dots (e.g. in case of static variables
  inside functions)
- Cannot be a member of a struct/union
- Linkage so far can either only be static or global/allocated

BTF DataSec must have:

- Its kind_flag is 0
- Its vlen cannot be 0
- Its size cannot be 0
- Must have a valid name
- Can only be a source type, not sink or intermediate one
- Name may include dots (e.g. to represent .bss, .data, .rodata etc)
- Cannot be a member of a struct/union
- Inner btf_var_secinfo array with {type,offset,size} triple
  must be sorted by offset in ascending order
- Type must always point to BTF Var
- BTF resolved size of Var must be <= size provided by triple
- DataSec size must be >= sum of triple sizes (thus holes
  are allowed)

btf_var_resolve(), btf_ptr_resolve() and btf_modifier_resolve()
are on a high level quite similar but each come with slight,
subtle differences. They could potentially be a bit refactored
in future which hasn't been done here to ease review.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
kernel/bpf/btf.c

index bd3921b1514b0b24bc9600f04190702badb4897f..0cecf6bab61b026624cb6643d60dc633763c9ab3 100644 (file)
             i < btf_type_vlen(struct_type);                            \
             i++, member++)
 
+#define for_each_vsi(i, struct_type, member)                   \
+       for (i = 0, member = btf_type_var_secinfo(struct_type); \
+            i < btf_type_vlen(struct_type);                    \
+            i++, member++)
+
+#define for_each_vsi_from(i, from, struct_type, member)                                \
+       for (i = from, member = btf_type_var_secinfo(struct_type) + from;       \
+            i < btf_type_vlen(struct_type);                                    \
+            i++, member++)
+
 static DEFINE_IDR(btf_idr);
 static DEFINE_SPINLOCK(btf_idr_lock);
 
@@ -262,6 +272,8 @@ static const char * const btf_kind_str[NR_BTF_KINDS] = {
        [BTF_KIND_RESTRICT]     = "RESTRICT",
        [BTF_KIND_FUNC]         = "FUNC",
        [BTF_KIND_FUNC_PROTO]   = "FUNC_PROTO",
+       [BTF_KIND_VAR]          = "VAR",
+       [BTF_KIND_DATASEC]      = "DATASEC",
 };
 
 struct btf_kind_operations {
@@ -375,13 +387,36 @@ static bool btf_type_is_int(const struct btf_type *t)
        return BTF_INFO_KIND(t->info) == BTF_KIND_INT;
 }
 
+static bool btf_type_is_var(const struct btf_type *t)
+{
+       return BTF_INFO_KIND(t->info) == BTF_KIND_VAR;
+}
+
+static bool btf_type_is_datasec(const struct btf_type *t)
+{
+       return BTF_INFO_KIND(t->info) == BTF_KIND_DATASEC;
+}
+
+/* Types that act only as a source, not sink or intermediate
+ * type when resolving.
+ */
+static bool btf_type_is_resolve_source_only(const struct btf_type *t)
+{
+       return btf_type_is_var(t) ||
+              btf_type_is_datasec(t);
+}
+
 /* What types need to be resolved?
  *
  * btf_type_is_modifier() is an obvious one.
  *
  * btf_type_is_struct() because its member refers to
  * another type (through member->type).
-
+ *
+ * btf_type_is_var() because the variable refers to
+ * another type. btf_type_is_datasec() holds multiple
+ * btf_type_is_var() types that need resolving.
+ *
  * btf_type_is_array() because its element (array->type)
  * refers to another type.  Array can be thought of a
  * special case of struct while array just has the same
@@ -390,9 +425,11 @@ static bool btf_type_is_int(const struct btf_type *t)
 static bool btf_type_needs_resolve(const struct btf_type *t)
 {
        return btf_type_is_modifier(t) ||
-               btf_type_is_ptr(t) ||
-               btf_type_is_struct(t) ||
-               btf_type_is_array(t);
+              btf_type_is_ptr(t) ||
+              btf_type_is_struct(t) ||
+              btf_type_is_array(t) ||
+              btf_type_is_var(t) ||
+              btf_type_is_datasec(t);
 }
 
 /* t->size can be used */
@@ -403,6 +440,7 @@ static bool btf_type_has_size(const struct btf_type *t)
        case BTF_KIND_STRUCT:
        case BTF_KIND_UNION:
        case BTF_KIND_ENUM:
+       case BTF_KIND_DATASEC:
                return true;
        }
 
@@ -467,6 +505,16 @@ static const struct btf_enum *btf_type_enum(const struct btf_type *t)
        return (const struct btf_enum *)(t + 1);
 }
 
+static const struct btf_var *btf_type_var(const struct btf_type *t)
+{
+       return (const struct btf_var *)(t + 1);
+}
+
+static const struct btf_var_secinfo *btf_type_var_secinfo(const struct btf_type *t)
+{
+       return (const struct btf_var_secinfo *)(t + 1);
+}
+
 static const struct btf_kind_operations *btf_type_ops(const struct btf_type *t)
 {
        return kind_ops[BTF_INFO_KIND(t->info)];
@@ -478,23 +526,31 @@ static bool btf_name_offset_valid(const struct btf *btf, u32 offset)
                offset < btf->hdr.str_len;
 }
 
-/* Only C-style identifier is permitted. This can be relaxed if
- * necessary.
- */
-static bool btf_name_valid_identifier(const struct btf *btf, u32 offset)
+static bool __btf_name_char_ok(char c, bool first, bool dot_ok)
+{
+       if ((first ? !isalpha(c) :
+                    !isalnum(c)) &&
+           c != '_' &&
+           ((c == '.' && !dot_ok) ||
+             c != '.'))
+               return false;
+       return true;
+}
+
+static bool __btf_name_valid(const struct btf *btf, u32 offset, bool dot_ok)
 {
        /* offset must be valid */
        const char *src = &btf->strings[offset];
        const char *src_limit;
 
-       if (!isalpha(*src) && *src != '_')
+       if (!__btf_name_char_ok(*src, true, dot_ok))
                return false;
 
        /* set a limit on identifier length */
        src_limit = src + KSYM_NAME_LEN;
        src++;
        while (*src && src < src_limit) {
-               if (!isalnum(*src) && *src != '_')
+               if (!__btf_name_char_ok(*src, false, dot_ok))
                        return false;
                src++;
        }
@@ -502,6 +558,19 @@ static bool btf_name_valid_identifier(const struct btf *btf, u32 offset)
        return !*src;
 }
 
+/* Only C-style identifier is permitted. This can be relaxed if
+ * necessary.
+ */
+static bool btf_name_valid_identifier(const struct btf *btf, u32 offset)
+{
+       return __btf_name_valid(btf, offset, false);
+}
+
+static bool btf_name_valid_section(const struct btf *btf, u32 offset)
+{
+       return __btf_name_valid(btf, offset, true);
+}
+
 static const char *__btf_name_by_offset(const struct btf *btf, u32 offset)
 {
        if (!offset)
@@ -697,6 +766,32 @@ static void btf_verifier_log_member(struct btf_verifier_env *env,
        __btf_verifier_log(log, "\n");
 }
 
+__printf(4, 5)
+static void btf_verifier_log_vsi(struct btf_verifier_env *env,
+                                const struct btf_type *datasec_type,
+                                const struct btf_var_secinfo *vsi,
+                                const char *fmt, ...)
+{
+       struct bpf_verifier_log *log = &env->log;
+       va_list args;
+
+       if (!bpf_verifier_log_needed(log))
+               return;
+       if (env->phase != CHECK_META)
+               btf_verifier_log_type(env, datasec_type, NULL);
+
+       __btf_verifier_log(log, "\t type_id=%u offset=%u size=%u",
+                          vsi->type, vsi->offset, vsi->size);
+       if (fmt && *fmt) {
+               __btf_verifier_log(log, " ");
+               va_start(args, fmt);
+               bpf_verifier_vlog(log, fmt, args);
+               va_end(args);
+       }
+
+       __btf_verifier_log(log, "\n");
+}
+
 static void btf_verifier_log_hdr(struct btf_verifier_env *env,
                                 u32 btf_data_size)
 {
@@ -974,7 +1069,8 @@ const struct btf_type *btf_type_id_size(const struct btf *btf,
        } else if (btf_type_is_ptr(size_type)) {
                size = sizeof(void *);
        } else {
-               if (WARN_ON_ONCE(!btf_type_is_modifier(size_type)))
+               if (WARN_ON_ONCE(!btf_type_is_modifier(size_type) &&
+                                !btf_type_is_var(size_type)))
                        return NULL;
 
                size = btf->resolved_sizes[size_type_id];
@@ -1509,7 +1605,7 @@ static int btf_modifier_resolve(struct btf_verifier_env *env,
        u32 next_type_size = 0;
 
        next_type = btf_type_by_id(btf, next_type_id);
-       if (!next_type) {
+       if (!next_type || btf_type_is_resolve_source_only(next_type)) {
                btf_verifier_log_type(env, v->t, "Invalid type_id");
                return -EINVAL;
        }
@@ -1542,6 +1638,53 @@ static int btf_modifier_resolve(struct btf_verifier_env *env,
        return 0;
 }
 
+static int btf_var_resolve(struct btf_verifier_env *env,
+                          const struct resolve_vertex *v)
+{
+       const struct btf_type *next_type;
+       const struct btf_type *t = v->t;
+       u32 next_type_id = t->type;
+       struct btf *btf = env->btf;
+       u32 next_type_size;
+
+       next_type = btf_type_by_id(btf, next_type_id);
+       if (!next_type || btf_type_is_resolve_source_only(next_type)) {
+               btf_verifier_log_type(env, v->t, "Invalid type_id");
+               return -EINVAL;
+       }
+
+       if (!env_type_is_resolve_sink(env, next_type) &&
+           !env_type_is_resolved(env, next_type_id))
+               return env_stack_push(env, next_type, next_type_id);
+
+       if (btf_type_is_modifier(next_type)) {
+               const struct btf_type *resolved_type;
+               u32 resolved_type_id;
+
+               resolved_type_id = next_type_id;
+               resolved_type = btf_type_id_resolve(btf, &resolved_type_id);
+
+               if (btf_type_is_ptr(resolved_type) &&
+                   !env_type_is_resolve_sink(env, resolved_type) &&
+                   !env_type_is_resolved(env, resolved_type_id))
+                       return env_stack_push(env, resolved_type,
+                                             resolved_type_id);
+       }
+
+       /* We must resolve to something concrete at this point, no
+        * forward types or similar that would resolve to size of
+        * zero is allowed.
+        */
+       if (!btf_type_id_size(btf, &next_type_id, &next_type_size)) {
+               btf_verifier_log_type(env, v->t, "Invalid type_id");
+               return -EINVAL;
+       }
+
+       env_stack_pop_resolved(env, next_type_id, next_type_size);
+
+       return 0;
+}
+
 static int btf_ptr_resolve(struct btf_verifier_env *env,
                           const struct resolve_vertex *v)
 {
@@ -1551,7 +1694,7 @@ static int btf_ptr_resolve(struct btf_verifier_env *env,
        struct btf *btf = env->btf;
 
        next_type = btf_type_by_id(btf, next_type_id);
-       if (!next_type) {
+       if (!next_type || btf_type_is_resolve_source_only(next_type)) {
                btf_verifier_log_type(env, v->t, "Invalid type_id");
                return -EINVAL;
        }
@@ -1609,6 +1752,15 @@ static void btf_modifier_seq_show(const struct btf *btf,
        btf_type_ops(t)->seq_show(btf, t, type_id, data, bits_offset, m);
 }
 
+static void btf_var_seq_show(const struct btf *btf, const struct btf_type *t,
+                            u32 type_id, void *data, u8 bits_offset,
+                            struct seq_file *m)
+{
+       t = btf_type_id_resolve(btf, &type_id);
+
+       btf_type_ops(t)->seq_show(btf, t, type_id, data, bits_offset, m);
+}
+
 static void btf_ptr_seq_show(const struct btf *btf, const struct btf_type *t,
                             u32 type_id, void *data, u8 bits_offset,
                             struct seq_file *m)
@@ -1776,7 +1928,8 @@ static int btf_array_resolve(struct btf_verifier_env *env,
        /* Check array->index_type */
        index_type_id = array->index_type;
        index_type = btf_type_by_id(btf, index_type_id);
-       if (btf_type_nosize_or_null(index_type)) {
+       if (btf_type_is_resolve_source_only(index_type) ||
+           btf_type_nosize_or_null(index_type)) {
                btf_verifier_log_type(env, v->t, "Invalid index");
                return -EINVAL;
        }
@@ -1795,7 +1948,8 @@ static int btf_array_resolve(struct btf_verifier_env *env,
        /* Check array->type */
        elem_type_id = array->type;
        elem_type = btf_type_by_id(btf, elem_type_id);
-       if (btf_type_nosize_or_null(elem_type)) {
+       if (btf_type_is_resolve_source_only(elem_type) ||
+           btf_type_nosize_or_null(elem_type)) {
                btf_verifier_log_type(env, v->t,
                                      "Invalid elem");
                return -EINVAL;
@@ -2016,7 +2170,8 @@ static int btf_struct_resolve(struct btf_verifier_env *env,
                const struct btf_type *member_type = btf_type_by_id(env->btf,
                                                                member_type_id);
 
-               if (btf_type_nosize_or_null(member_type)) {
+               if (btf_type_is_resolve_source_only(member_type) ||
+                   btf_type_nosize_or_null(member_type)) {
                        btf_verifier_log_member(env, v->t, member,
                                                "Invalid member");
                        return -EINVAL;
@@ -2411,6 +2566,222 @@ static struct btf_kind_operations func_ops = {
        .seq_show = btf_df_seq_show,
 };
 
+static s32 btf_var_check_meta(struct btf_verifier_env *env,
+                             const struct btf_type *t,
+                             u32 meta_left)
+{
+       const struct btf_var *var;
+       u32 meta_needed = sizeof(*var);
+
+       if (meta_left < meta_needed) {
+               btf_verifier_log_basic(env, t,
+                                      "meta_left:%u meta_needed:%u",
+                                      meta_left, meta_needed);
+               return -EINVAL;
+       }
+
+       if (btf_type_vlen(t)) {
+               btf_verifier_log_type(env, t, "vlen != 0");
+               return -EINVAL;
+       }
+
+       if (btf_type_kflag(t)) {
+               btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
+               return -EINVAL;
+       }
+
+       if (!t->name_off ||
+           !__btf_name_valid(env->btf, t->name_off, true)) {
+               btf_verifier_log_type(env, t, "Invalid name");
+               return -EINVAL;
+       }
+
+       /* A var cannot be in type void */
+       if (!t->type || !BTF_TYPE_ID_VALID(t->type)) {
+               btf_verifier_log_type(env, t, "Invalid type_id");
+               return -EINVAL;
+       }
+
+       var = btf_type_var(t);
+       if (var->linkage != BTF_VAR_STATIC &&
+           var->linkage != BTF_VAR_GLOBAL_ALLOCATED) {
+               btf_verifier_log_type(env, t, "Linkage not supported");
+               return -EINVAL;
+       }
+
+       btf_verifier_log_type(env, t, NULL);
+
+       return meta_needed;
+}
+
+static void btf_var_log(struct btf_verifier_env *env, const struct btf_type *t)
+{
+       const struct btf_var *var = btf_type_var(t);
+
+       btf_verifier_log(env, "type_id=%u linkage=%u", t->type, var->linkage);
+}
+
+static const struct btf_kind_operations var_ops = {
+       .check_meta             = btf_var_check_meta,
+       .resolve                = btf_var_resolve,
+       .check_member           = btf_df_check_member,
+       .check_kflag_member     = btf_df_check_kflag_member,
+       .log_details            = btf_var_log,
+       .seq_show               = btf_var_seq_show,
+};
+
+static s32 btf_datasec_check_meta(struct btf_verifier_env *env,
+                                 const struct btf_type *t,
+                                 u32 meta_left)
+{
+       const struct btf_var_secinfo *vsi;
+       u64 last_vsi_end_off = 0, sum = 0;
+       u32 i, meta_needed;
+
+       meta_needed = btf_type_vlen(t) * sizeof(*vsi);
+       if (meta_left < meta_needed) {
+               btf_verifier_log_basic(env, t,
+                                      "meta_left:%u meta_needed:%u",
+                                      meta_left, meta_needed);
+               return -EINVAL;
+       }
+
+       if (!btf_type_vlen(t)) {
+               btf_verifier_log_type(env, t, "vlen == 0");
+               return -EINVAL;
+       }
+
+       if (!t->size) {
+               btf_verifier_log_type(env, t, "size == 0");
+               return -EINVAL;
+       }
+
+       if (btf_type_kflag(t)) {
+               btf_verifier_log_type(env, t, "Invalid btf_info kind_flag");
+               return -EINVAL;
+       }
+
+       if (!t->name_off ||
+           !btf_name_valid_section(env->btf, t->name_off)) {
+               btf_verifier_log_type(env, t, "Invalid name");
+               return -EINVAL;
+       }
+
+       btf_verifier_log_type(env, t, NULL);
+
+       for_each_vsi(i, t, vsi) {
+               /* A var cannot be in type void */
+               if (!vsi->type || !BTF_TYPE_ID_VALID(vsi->type)) {
+                       btf_verifier_log_vsi(env, t, vsi,
+                                            "Invalid type_id");
+                       return -EINVAL;
+               }
+
+               if (vsi->offset < last_vsi_end_off || vsi->offset >= t->size) {
+                       btf_verifier_log_vsi(env, t, vsi,
+                                            "Invalid offset");
+                       return -EINVAL;
+               }
+
+               if (!vsi->size || vsi->size > t->size) {
+                       btf_verifier_log_vsi(env, t, vsi,
+                                            "Invalid size");
+                       return -EINVAL;
+               }
+
+               last_vsi_end_off = vsi->offset + vsi->size;
+               if (last_vsi_end_off > t->size) {
+                       btf_verifier_log_vsi(env, t, vsi,
+                                            "Invalid offset+size");
+                       return -EINVAL;
+               }
+
+               btf_verifier_log_vsi(env, t, vsi, NULL);
+               sum += vsi->size;
+       }
+
+       if (t->size < sum) {
+               btf_verifier_log_type(env, t, "Invalid btf_info size");
+               return -EINVAL;
+       }
+
+       return meta_needed;
+}
+
+static int btf_datasec_resolve(struct btf_verifier_env *env,
+                              const struct resolve_vertex *v)
+{
+       const struct btf_var_secinfo *vsi;
+       struct btf *btf = env->btf;
+       u16 i;
+
+       for_each_vsi_from(i, v->next_member, v->t, vsi) {
+               u32 var_type_id = vsi->type, type_id, type_size = 0;
+               const struct btf_type *var_type = btf_type_by_id(env->btf,
+                                                                var_type_id);
+               if (!var_type || !btf_type_is_var(var_type)) {
+                       btf_verifier_log_vsi(env, v->t, vsi,
+                                            "Not a VAR kind member");
+                       return -EINVAL;
+               }
+
+               if (!env_type_is_resolve_sink(env, var_type) &&
+                   !env_type_is_resolved(env, var_type_id)) {
+                       env_stack_set_next_member(env, i + 1);
+                       return env_stack_push(env, var_type, var_type_id);
+               }
+
+               type_id = var_type->type;
+               if (!btf_type_id_size(btf, &type_id, &type_size)) {
+                       btf_verifier_log_vsi(env, v->t, vsi, "Invalid type");
+                       return -EINVAL;
+               }
+
+               if (vsi->size < type_size) {
+                       btf_verifier_log_vsi(env, v->t, vsi, "Invalid size");
+                       return -EINVAL;
+               }
+       }
+
+       env_stack_pop_resolved(env, 0, 0);
+       return 0;
+}
+
+static void btf_datasec_log(struct btf_verifier_env *env,
+                           const struct btf_type *t)
+{
+       btf_verifier_log(env, "size=%u vlen=%u", t->size, btf_type_vlen(t));
+}
+
+static void btf_datasec_seq_show(const struct btf *btf,
+                                const struct btf_type *t, u32 type_id,
+                                void *data, u8 bits_offset,
+                                struct seq_file *m)
+{
+       const struct btf_var_secinfo *vsi;
+       const struct btf_type *var;
+       u32 i;
+
+       seq_printf(m, "section (\"%s\") = {", __btf_name_by_offset(btf, t->name_off));
+       for_each_vsi(i, t, vsi) {
+               var = btf_type_by_id(btf, vsi->type);
+               if (i)
+                       seq_puts(m, ",");
+               btf_type_ops(var)->seq_show(btf, var, vsi->type,
+                                           data + vsi->offset, bits_offset, m);
+       }
+       seq_puts(m, "}");
+}
+
+static const struct btf_kind_operations datasec_ops = {
+       .check_meta             = btf_datasec_check_meta,
+       .resolve                = btf_datasec_resolve,
+       .check_member           = btf_df_check_member,
+       .check_kflag_member     = btf_df_check_kflag_member,
+       .log_details            = btf_datasec_log,
+       .seq_show               = btf_datasec_seq_show,
+};
+
 static int btf_func_proto_check(struct btf_verifier_env *env,
                                const struct btf_type *t)
 {
@@ -2542,6 +2913,8 @@ static const struct btf_kind_operations * const kind_ops[NR_BTF_KINDS] = {
        [BTF_KIND_RESTRICT] = &modifier_ops,
        [BTF_KIND_FUNC] = &func_ops,
        [BTF_KIND_FUNC_PROTO] = &func_proto_ops,
+       [BTF_KIND_VAR] = &var_ops,
+       [BTF_KIND_DATASEC] = &datasec_ops,
 };
 
 static s32 btf_check_meta(struct btf_verifier_env *env,
@@ -2622,13 +2995,17 @@ static bool btf_resolve_valid(struct btf_verifier_env *env,
        if (!env_type_is_resolved(env, type_id))
                return false;
 
-       if (btf_type_is_struct(t))
+       if (btf_type_is_struct(t) || btf_type_is_datasec(t))
                return !btf->resolved_ids[type_id] &&
-                       !btf->resolved_sizes[type_id];
+                      !btf->resolved_sizes[type_id];
 
-       if (btf_type_is_modifier(t) || btf_type_is_ptr(t)) {
+       if (btf_type_is_modifier(t) || btf_type_is_ptr(t) ||
+           btf_type_is_var(t)) {
                t = btf_type_id_resolve(btf, &type_id);
-               return t && !btf_type_is_modifier(t);
+               return t &&
+                      !btf_type_is_modifier(t) &&
+                      !btf_type_is_var(t) &&
+                      !btf_type_is_datasec(t);
        }
 
        if (btf_type_is_array(t)) {