Re: [PATCH bpf-next] bpf: check flags in 'bpf_ringbuf_discard()' and 'bpf_ringbuf_submit()'

From: Song Liu
Date: Tue Mar 30 2021 - 14:13:45 EST




> On Mar 30, 2021, at 7:22 AM, Pedro Tammela <pctammela@xxxxxxxxx> wrote:
>
> Em seg., 29 de mar. de 2021 às 13:10, Song Liu <songliubraving@xxxxxx> escreveu:
>>
>>
>>
>>> On Mar 28, 2021, at 9:10 AM, Pedro Tammela <pctammela@xxxxxxxxx> wrote:
>>>
>>> The current code only checks flags in 'bpf_ringbuf_output()'.
>>>
>>> Signed-off-by: Pedro Tammela <pctammela@xxxxxxxxxxxx>
>>> ---
>>> include/uapi/linux/bpf.h | 8 ++++----
>>> kernel/bpf/ringbuf.c | 13 +++++++++++--
>>> tools/include/uapi/linux/bpf.h | 8 ++++----
>>> 3 files changed, 19 insertions(+), 10 deletions(-)
>>>
>>> diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
>>> index 100cb2e4c104..232b5e5dd045 100644
>>> --- a/include/uapi/linux/bpf.h
>>> +++ b/include/uapi/linux/bpf.h
>>> @@ -4073,7 +4073,7 @@ union bpf_attr {
>>> * Valid pointer with *size* bytes of memory available; NULL,
>>> * otherwise.
>>> *
>>> - * void bpf_ringbuf_submit(void *data, u64 flags)
>>> + * int bpf_ringbuf_submit(void *data, u64 flags)
>>
>> This should be "long" instead of "int".
>>
>>> * Description
>>> * Submit reserved ring buffer sample, pointed to by *data*.
>>> * If **BPF_RB_NO_WAKEUP** is specified in *flags*, no notification
>>> @@ -4083,9 +4083,9 @@ union bpf_attr {
>>> * If **BPF_RB_FORCE_WAKEUP** is specified in *flags*, notification
>>> * of new data availability is sent unconditionally.
>>> * Return
>>> - * Nothing. Always succeeds.
>>> + * 0 on success, or a negative error in case of failure.
>>> *
>>> - * void bpf_ringbuf_discard(void *data, u64 flags)
>>> + * int bpf_ringbuf_discard(void *data, u64 flags)
>>
>> Ditto. And same for tools/include/uapi/linux/bpf.h
>>
>>> * Description
>>> * Discard reserved ring buffer sample, pointed to by *data*.
>>> * If **BPF_RB_NO_WAKEUP** is specified in *flags*, no notification
>>> @@ -4095,7 +4095,7 @@ union bpf_attr {
>>> * If **BPF_RB_FORCE_WAKEUP** is specified in *flags*, notification
>>> * of new data availability is sent unconditionally.
>>> * Return
>>> - * Nothing. Always succeeds.
>>> + * 0 on success, or a negative error in case of failure.
>>> *
>>> * u64 bpf_ringbuf_query(void *ringbuf, u64 flags)
>>> * Description
>>> diff --git a/kernel/bpf/ringbuf.c b/kernel/bpf/ringbuf.c
>>> index f25b719ac786..f76dafe2427e 100644
>>> --- a/kernel/bpf/ringbuf.c
>>> +++ b/kernel/bpf/ringbuf.c
>>> @@ -397,26 +397,35 @@ static void bpf_ringbuf_commit(void *sample, u64 flags, bool discard)
>>>
>>> BPF_CALL_2(bpf_ringbuf_submit, void *, sample, u64, flags)
>>> {
>>> + if (unlikely(flags & ~(BPF_RB_NO_WAKEUP | BPF_RB_FORCE_WAKEUP)))
>>> + return -EINVAL;
>>
>> We can move this check to bpf_ringbuf_commit().
>
> I don't believe we can because in 'bpf_ringbuf_output()' the flag
> checking in 'bpf_ringbuf_commit()' is already
> too late.

I see. Let's keep it in current functions then.

Thanks,
Song