Re: [PATCH bpf-next v3 2/2] bpf: Refactor bpf_tracing_func_proto() and remove bpf_get_probe_write_proto()
From: Marco Elver
Date: Thu Nov 28 2024 - 13:36:16 EST
On Thu, Nov 28, 2024 at 10:22AM -0800, Alexei Starovoitov wrote:
[..]
> Moving bpf_base_func_proto() all the way to the top was incorrect,
> but here we can move it just above this bpf_token_capable() check
> and remove extra indent like:
>
> func_proto = bpf_base_func_proto();
> if (func_proto)
> return func_proto;
> if (!bpf_token_capable(prog->aux->token, CAP_SYS_ADMIN))
> return NULL;
> switch (func_id) {
> case BPF_FUNC_probe_write_user:
>
> that will align it with the style of bpf_base_func_proto().
>
> pw-bot: cr
Ack, let me change that.
Below is preview of v4 for this bit.
@@ -1417,6 +1409,8 @@ late_initcall(bpf_key_sig_kfuncs_init);
static const struct bpf_func_proto *
bpf_tracing_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
{
+ const struct bpf_func_proto *func_proto;
+
switch (func_id) {
case BPF_FUNC_map_lookup_elem:
return &bpf_map_lookup_elem_proto;
@@ -1458,9 +1452,6 @@ bpf_tracing_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
return &bpf_perf_event_read_proto;
case BPF_FUNC_get_prandom_u32:
return &bpf_get_prandom_u32_proto;
- case BPF_FUNC_probe_write_user:
- return security_locked_down(LOCKDOWN_BPF_WRITE_USER) < 0 ?
- NULL : bpf_get_probe_write_proto();
case BPF_FUNC_probe_read_user:
return &bpf_probe_read_user_proto;
case BPF_FUNC_probe_read_kernel:
@@ -1539,7 +1530,22 @@ bpf_tracing_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
case BPF_FUNC_trace_vprintk:
return bpf_get_trace_vprintk_proto();
default:
- return bpf_base_func_proto(func_id, prog);
+ break;
+ }
+
+ func_proto = bpf_base_func_proto(func_id, prog);
+ if (func_proto)
+ return func_proto;
+
+ if (!bpf_token_capable(prog->aux->token, CAP_SYS_ADMIN))
+ return NULL;
+
+ switch (func_id) {
+ case BPF_FUNC_probe_write_user:
+ return security_locked_down(LOCKDOWN_BPF_WRITE_USER) < 0 ?
+ NULL : &bpf_probe_write_user_proto;
+ default:
+ return NULL;
}
}