[PATCH bpf-next 0/3] bpf: Refactor how the verifier matches kfunc checks

[Chengkaitao]

From: Kaitao Cheng <chengkaitao@xxxxxxxxxx>

The verifier contains a lot of logic like the following, scattered
everywhere, which makes the code harder and harder to maintain:

static bool is_bpf_rbtree_add_kfunc(u32 func_id)
{
	return func_id == special_kfunc_list[KF_bpf_rbtree_add] ||
	       func_id == special_kfunc_list[KF_bpf_rbtree_add_impl];
}

This series introduces a new approach: each is_bpf_*-style set can
place its entries in its own section (.BTF_ids.##sfx), and the linker
script merges those per-set sections into the main .BTF_ids section.

When merging subsections, the linker script inserts an end symbol
for each one, so we can derive how many entries each subsection
holds. The kernel can then walk the entries in a subsection and
get the same effect as calling an is_bpf_* helper.

With this we can drop the BTF_SET_END macro; BTF_ID-style macros
can live anywhere in a C file and are no longer tied to a strict
BTF_SET_START … BTF_ID … BTF_SET_END ordering. On top of that,
all BTF_ID-style macros can eventually be consolidated in a uniform
way.

The current patch only partially migrates the rbtree kfuncs. If this
direction looks reasonable, I can continue with further migrations.

The end goal is something like module_init(): adding a new module
(kfunc) would only need a single line at the end—like module_init
(BPF_VERIF_KFUNC_DEF) to perform all the upfront wiring. Another
benefit of BPF_VERIF_KFUNC_DEF is that it pushes us to untangle
messy verifier safety cases and make them modular, so they can be
expressed as parameters to BPF_VERIF_KFUNC_DEF.

Reaching that goal may still need:

1. Further migration of other kfuncs. One issue worth stating up front:
there will be many .BTF_ids.##sfx subsections, and a large fraction may
contain only a single entry. I think that is acceptable; avoiding it
would mean keeping some logic on the old special_kfunc_list path for
those cases.

2. Trying to unify other macro families (BTF_ID_*, BTF_KFUNCS_*, …);
the exact design still needs more thought.

Kaitao Cheng (3):
  bpf: Teach resolve_btfids about the setsc type
  bpf: Introduce BTF_SET/ID_SUB and BPF_VERIF_KFUNC_DEF
  bpf: classify rbtree kfuncs with BPF_VERIF_KFUNC_DEF sets

 include/asm-generic/btf_ids.lds.h | 26 +++++++++
 include/asm-generic/vmlinux.lds.h |  2 +
 include/linux/btf_ids.h           | 92 +++++++++++++++++++++++++++----
 kernel/bpf/helpers.c              |  7 +++
 kernel/bpf/verifier.c             | 44 +++++----------
 tools/bpf/resolve_btfids/main.c   | 89 +++++++++++++++++++++++++++++-
 tools/include/linux/btf_ids.h     | 83 +++++++++++++++++++++++++---
 7 files changed, 292 insertions(+), 51 deletions(-)
 create mode 100644 include/asm-generic/btf_ids.lds.h

-- 
2.43.0