Re: [PATCH bpf-next] bpf: Add rcu ptr in btf_id_sock_common_types

From: Martin KaFai Lau
Date: Thu Oct 10 2024 - 18:07:48 EST


On 10/8/24 7:23 PM, Philo Lu wrote:


On 2024/10/9 03:05, Martin KaFai Lau wrote:
On 10/8/24 1:09 AM, Philo Lu wrote:
Sometimes sk is dereferenced as an rcu ptr, such as skb->sk in tp_btf,
which is a valid type of sock common. Then helpers like bpf_skc_to_*()
can be used with skb->sk.

For example, the following prog will be rejected without this patch:
```
SEC("tp_btf/tcp_bad_csum")
int BPF_PROG(tcp_bad_csum, struct sk_buff* skb)
{
    struct sock *sk = skb->sk;
    struct tcp_sock *tp;

    if (!sk)
        return 0;
    tp = bpf_skc_to_tcp_sock(sk);

If the use case is for reading the fields in tp, please use the bpf_core_cast from the libbpf's bpf_core_read.h. bpf_core_cast is using the bpf_rdonly_cast kfunc underneath.


Thank you! This works for me so this patch is unnecessary then.

Just curious is there any technical issue to include rcu_ptr into btf_id_sock_common_types? AFAICT rcu_ptr should also be a valid ptr type, and then btf_id_sock_common_types will behave like (PTR_TO_BTF_ID + &btf_sock_ids[BTF_SOCK_TYPE_SOCK_COMMON]) in bpf_func_proto.

bpf_skc_to_*() returns a PTR_TO_BTF_ID which can be passed into other helpers that takes ARG_PTR_TO_BTF_ID_SOCK_COMMON. There are helpers that change the sk. e.g. bpf_setsockopt() changes the sk and needs sk to be locked. Other non tracing hooks do have a hold on the skb also. I did take a quick look at the bpf_setsockopt situation and looks ok. I am positive there are other helpers that need to audit first.

Tracing use case should only read the sk. bpf_core_cast() is the correct one to use. The bpf_sk_storage_{get,delete}() should be the only allowed helper that can change the sk.