[PATCH bpf-next v2 0/3] bpf: Show precise rejected function when attaching to __noreturn and deny list functions

List overview All Threads
Download

newer

older

[PATCH v5] selftests/mm: add...

[PATCH v9 00/29] iommufd: Add...

KaFai Wan

14 Jul 2025 14 Jul '25

12:04 p.m.

Show precise rejected function when attaching fexit/fmod_ret to __noreturn functions. Add log for attaching tracing programs to functions in deny list. Add selftest for attaching tracing programs to functions in deny list.

changes: v2: - change verifier log message (Alexei) - add missing Suggested-by

v1: https://lore.kernel.org/all/20250710162717.3808020-1-mannkafai@gmail.com/

--- KaFai Wan (3): bpf: Show precise rejected function when attaching fexit/fmod_ret to __noreturn functions bpf: Add log for attaching tracing programs to functions in deny list selftests/bpf: Add selftest for attaching tracing programs to functions in deny list

kernel/bpf/verifier.c | 5 ++++- .../selftests/bpf/prog_tests/tracing_deny.c | 11 +++++++++++ .../testing/selftests/bpf/progs/fexit_noreturns.c | 2 +- tools/testing/selftests/bpf/progs/tracing_deny.c | 15 +++++++++++++++ 4 files changed, 31 insertions(+), 2 deletions(-) create mode 100644 tools/testing/selftests/bpf/prog_tests/tracing_deny.c create mode 100644 tools/testing/selftests/bpf/progs/tracing_deny.c

-- 2.43.0

Show replies by date

KaFai Wan

14 Jul 14 Jul

12:04 p.m.

New subject: [PATCH bpf-next v2 1/3] bpf: Show precise rejected function when attaching fexit/fmod_ret to __noreturn functions

With this change, we know the precise rejected function name when attaching fexit/fmod_ret to __noreturn functions from log.

$ ./fexit libbpf: prog 'fexit': BPF program load failed: -EINVAL libbpf: prog 'fexit': -- BEGIN PROG LOAD LOG -- Attaching fexit/fmod_ret to __noreturn function 'do_exit' is rejected.

Suggested-by: Leon Hwang leon.hwang@linux.dev Signed-off-by: KaFai Wan mannkafai@gmail.com --- kernel/bpf/verifier.c | 3 ++- tools/testing/selftests/bpf/progs/fexit_noreturns.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index e2fcea860755..00d287814f12 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -23946,7 +23946,8 @@ static int check_attach_btf_id(struct bpf_verifier_env *env) } else if ((prog->expected_attach_type == BPF_TRACE_FEXIT || prog->expected_attach_type == BPF_MODIFY_RETURN) && btf_id_set_contains(&noreturn_deny, btf_id)) { - verbose(env, "Attaching fexit/fmod_ret to __noreturn functions is rejected.\n"); + verbose(env, "Attaching fexit/fmod_ret to __noreturn function '%s' is rejected.\n", + tgt_info.tgt_name); return -EINVAL; }

diff --git a/tools/testing/selftests/bpf/progs/fexit_noreturns.c b/tools/testing/selftests/bpf/progs/fexit_noreturns.c index 54654539f550..b1c33d958ae2 100644 --- a/tools/testing/selftests/bpf/progs/fexit_noreturns.c +++ b/tools/testing/selftests/bpf/progs/fexit_noreturns.c @@ -8,7 +8,7 @@ char _license[] SEC("license") = "GPL";

SEC("fexit/do_exit") -__failure __msg("Attaching fexit/fmod_ret to __noreturn functions is rejected.") +__failure __msg("Attaching fexit/fmod_ret to __noreturn function 'do_exit' is rejected.") int BPF_PROG(noreturns) { return 0;

-- 2.43.0

KaFai Wan

12:04 p.m.

New subject: [PATCH bpf-next v2 2/3] bpf: Add log for attaching tracing programs to functions in deny list

Show the rejected function name when attaching tracing programs to functions in deny list.

With this change, we know why tracing programs can't attach to functions like migrate_disable() from log.

$ ./fentry libbpf: prog 'migrate_disable': BPF program load failed: -EINVAL libbpf: prog 'migrate_disable': -- BEGIN PROG LOAD LOG -- Attaching tracing programs to function 'migrate_disable' is rejected.

Suggested-by: Leon Hwang leon.hwang@linux.dev Signed-off-by: KaFai Wan mannkafai@gmail.com --- kernel/bpf/verifier.c | 2 ++ 1 file changed, 2 insertions(+)

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 00d287814f12..c24c0d57e595 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -23942,6 +23942,8 @@ static int check_attach_btf_id(struct bpf_verifier_env *env) return ret; } else if (prog->type == BPF_PROG_TYPE_TRACING && btf_id_set_contains(&btf_id_deny, btf_id)) { + verbose(env, "Attaching tracing programs to function '%s' is rejected.\n", + tgt_info.tgt_name); return -EINVAL; } else if ((prog->expected_attach_type == BPF_TRACE_FEXIT || prog->expected_attach_type == BPF_MODIFY_RETURN) &&

-- 2.43.0

KaFai Wan

12:04 p.m.

New subject: [PATCH bpf-next v2 3/3] selftests/bpf: Add selftest for attaching tracing programs to functions in deny list

The reuslt:

$ tools/testing/selftests/bpf/test_progs --name=tracing_deny #467/1 tracing_deny/migrate_disable:OK #467 tracing_deny:OK Summary: 1/1 PASSED, 0 SKIPPED, 0 FAILED

Signed-off-by: KaFai Wan mannkafai@gmail.com --- .../selftests/bpf/prog_tests/tracing_deny.c | 11 +++++++++++ tools/testing/selftests/bpf/progs/tracing_deny.c | 15 +++++++++++++++ 2 files changed, 26 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/tracing_deny.c create mode 100644 tools/testing/selftests/bpf/progs/tracing_deny.c

diff --git a/tools/testing/selftests/bpf/prog_tests/tracing_deny.c b/tools/testing/selftests/bpf/prog_tests/tracing_deny.c new file mode 100644 index 000000000000..460c59a9667f --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/tracing_deny.c @@ -0,0 +1,11 @@ +// SPDX-License-Identifier: GPL-2.0 + +#include <test_progs.h> +#include "tracing_deny.skel.h" + +void test_tracing_deny(void) +{ + /* migrate_disable depends on CONFIG_SMP */ + if (libbpf_find_vmlinux_btf_id("migrate_disable", BPF_TRACE_FENTRY) > 0) + RUN_TESTS(tracing_deny); +} diff --git a/tools/testing/selftests/bpf/progs/tracing_deny.c b/tools/testing/selftests/bpf/progs/tracing_deny.c new file mode 100644 index 000000000000..98ef834f0b6d --- /dev/null +++ b/tools/testing/selftests/bpf/progs/tracing_deny.c @@ -0,0 +1,15 @@ +// SPDX-License-Identifier: GPL-2.0 + +#include <linux/bpf.h> +#include <bpf/bpf_helpers.h> +#include <bpf/bpf_tracing.h> +#include "bpf_misc.h" + +char _license[] SEC("license") = "GPL"; + +SEC("fentry/migrate_disable") +__failure __msg("Attaching tracing programs to function 'migrate_disable' is rejected.") +int BPF_PROG(migrate_disable) +{ + return 0; +}

-- 2.43.0

days inactive

days old

linux-kselftest-mirror@lists.linaro.org

3 comments

participants

tags (0)

participants (1)

KaFai Wan