mirror of
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-08-05 08:43:31 +00:00
f18b03faba
This patch implements BPF exceptions, and introduces a bpf_throw kfunc to allow programs to throw exceptions during their execution at runtime. A bpf_throw invocation is treated as an immediate termination of the program, returning back to its caller within the kernel, unwinding all stack frames. This allows the program to simplify its implementation, by testing for runtime conditions which the verifier has no visibility into, and assert that they are true. In case they are not, the program can simply throw an exception from the other branch. BPF exceptions are explicitly *NOT* an unlikely slowpath error handling primitive, and this objective has guided design choices of the implementation of the them within the kernel (with the bulk of the cost for unwinding the stack offloaded to the bpf_throw kfunc). The implementation of this mechanism requires use of add_hidden_subprog mechanism introduced in the previous patch, which generates a couple of instructions to move R1 to R0 and exit. The JIT then rewrites the prologue of this subprog to take the stack pointer and frame pointer as inputs and reset the stack frame, popping all callee-saved registers saved by the main subprog. The bpf_throw function then walks the stack at runtime, and invokes this exception subprog with the stack and frame pointers as parameters. Reviewers must take note that currently the main program is made to save all callee-saved registers on x86_64 during entry into the program. This is because we must do an equivalent of a lightweight context switch when unwinding the stack, therefore we need the callee-saved registers of the caller of the BPF program to be able to return with a sane state. Note that we have to additionally handle r12, even though it is not used by the program, because when throwing the exception the program makes an entry into the kernel which could clobber r12 after saving it on the stack. To be able to preserve the value we received on program entry, we push r12 and restore it from the generated subprogram when unwinding the stack. For now, bpf_throw invocation fails when lingering resources or locks exist in that path of the program. In a future followup, bpf_throw will be extended to perform frame-by-frame unwinding to release lingering resources for each stack frame, removing this limitation. Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20230912233214.1518551-5-memxor@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
181 lines
6.4 KiB
C
181 lines
6.4 KiB
C
#ifndef __BPF_EXPERIMENTAL__
|
|
#define __BPF_EXPERIMENTAL__
|
|
|
|
#include <vmlinux.h>
|
|
#include <bpf/bpf_tracing.h>
|
|
#include <bpf/bpf_helpers.h>
|
|
#include <bpf/bpf_core_read.h>
|
|
|
|
#define __contains(name, node) __attribute__((btf_decl_tag("contains:" #name ":" #node)))
|
|
|
|
/* Description
|
|
* Allocates an object of the type represented by 'local_type_id' in
|
|
* program BTF. User may use the bpf_core_type_id_local macro to pass the
|
|
* type ID of a struct in program BTF.
|
|
*
|
|
* The 'local_type_id' parameter must be a known constant.
|
|
* The 'meta' parameter is rewritten by the verifier, no need for BPF
|
|
* program to set it.
|
|
* Returns
|
|
* A pointer to an object of the type corresponding to the passed in
|
|
* 'local_type_id', or NULL on failure.
|
|
*/
|
|
extern void *bpf_obj_new_impl(__u64 local_type_id, void *meta) __ksym;
|
|
|
|
/* Convenience macro to wrap over bpf_obj_new_impl */
|
|
#define bpf_obj_new(type) ((type *)bpf_obj_new_impl(bpf_core_type_id_local(type), NULL))
|
|
|
|
/* Description
|
|
* Free an allocated object. All fields of the object that require
|
|
* destruction will be destructed before the storage is freed.
|
|
*
|
|
* The 'meta' parameter is rewritten by the verifier, no need for BPF
|
|
* program to set it.
|
|
* Returns
|
|
* Void.
|
|
*/
|
|
extern void bpf_obj_drop_impl(void *kptr, void *meta) __ksym;
|
|
|
|
/* Convenience macro to wrap over bpf_obj_drop_impl */
|
|
#define bpf_obj_drop(kptr) bpf_obj_drop_impl(kptr, NULL)
|
|
|
|
/* Description
|
|
* Increment the refcount on a refcounted local kptr, turning the
|
|
* non-owning reference input into an owning reference in the process.
|
|
*
|
|
* The 'meta' parameter is rewritten by the verifier, no need for BPF
|
|
* program to set it.
|
|
* Returns
|
|
* An owning reference to the object pointed to by 'kptr'
|
|
*/
|
|
extern void *bpf_refcount_acquire_impl(void *kptr, void *meta) __ksym;
|
|
|
|
/* Convenience macro to wrap over bpf_refcount_acquire_impl */
|
|
#define bpf_refcount_acquire(kptr) bpf_refcount_acquire_impl(kptr, NULL)
|
|
|
|
/* Description
|
|
* Add a new entry to the beginning of the BPF linked list.
|
|
*
|
|
* The 'meta' and 'off' parameters are rewritten by the verifier, no need
|
|
* for BPF programs to set them
|
|
* Returns
|
|
* 0 if the node was successfully added
|
|
* -EINVAL if the node wasn't added because it's already in a list
|
|
*/
|
|
extern int bpf_list_push_front_impl(struct bpf_list_head *head,
|
|
struct bpf_list_node *node,
|
|
void *meta, __u64 off) __ksym;
|
|
|
|
/* Convenience macro to wrap over bpf_list_push_front_impl */
|
|
#define bpf_list_push_front(head, node) bpf_list_push_front_impl(head, node, NULL, 0)
|
|
|
|
/* Description
|
|
* Add a new entry to the end of the BPF linked list.
|
|
*
|
|
* The 'meta' and 'off' parameters are rewritten by the verifier, no need
|
|
* for BPF programs to set them
|
|
* Returns
|
|
* 0 if the node was successfully added
|
|
* -EINVAL if the node wasn't added because it's already in a list
|
|
*/
|
|
extern int bpf_list_push_back_impl(struct bpf_list_head *head,
|
|
struct bpf_list_node *node,
|
|
void *meta, __u64 off) __ksym;
|
|
|
|
/* Convenience macro to wrap over bpf_list_push_back_impl */
|
|
#define bpf_list_push_back(head, node) bpf_list_push_back_impl(head, node, NULL, 0)
|
|
|
|
/* Description
|
|
* Remove the entry at the beginning of the BPF linked list.
|
|
* Returns
|
|
* Pointer to bpf_list_node of deleted entry, or NULL if list is empty.
|
|
*/
|
|
extern struct bpf_list_node *bpf_list_pop_front(struct bpf_list_head *head) __ksym;
|
|
|
|
/* Description
|
|
* Remove the entry at the end of the BPF linked list.
|
|
* Returns
|
|
* Pointer to bpf_list_node of deleted entry, or NULL if list is empty.
|
|
*/
|
|
extern struct bpf_list_node *bpf_list_pop_back(struct bpf_list_head *head) __ksym;
|
|
|
|
/* Description
|
|
* Remove 'node' from rbtree with root 'root'
|
|
* Returns
|
|
* Pointer to the removed node, or NULL if 'root' didn't contain 'node'
|
|
*/
|
|
extern struct bpf_rb_node *bpf_rbtree_remove(struct bpf_rb_root *root,
|
|
struct bpf_rb_node *node) __ksym;
|
|
|
|
/* Description
|
|
* Add 'node' to rbtree with root 'root' using comparator 'less'
|
|
*
|
|
* The 'meta' and 'off' parameters are rewritten by the verifier, no need
|
|
* for BPF programs to set them
|
|
* Returns
|
|
* 0 if the node was successfully added
|
|
* -EINVAL if the node wasn't added because it's already in a tree
|
|
*/
|
|
extern int bpf_rbtree_add_impl(struct bpf_rb_root *root, struct bpf_rb_node *node,
|
|
bool (less)(struct bpf_rb_node *a, const struct bpf_rb_node *b),
|
|
void *meta, __u64 off) __ksym;
|
|
|
|
/* Convenience macro to wrap over bpf_rbtree_add_impl */
|
|
#define bpf_rbtree_add(head, node, less) bpf_rbtree_add_impl(head, node, less, NULL, 0)
|
|
|
|
/* Description
|
|
* Return the first (leftmost) node in input tree
|
|
* Returns
|
|
* Pointer to the node, which is _not_ removed from the tree. If the tree
|
|
* contains no nodes, returns NULL.
|
|
*/
|
|
extern struct bpf_rb_node *bpf_rbtree_first(struct bpf_rb_root *root) __ksym;
|
|
|
|
/* Description
|
|
* Allocates a percpu object of the type represented by 'local_type_id' in
|
|
* program BTF. User may use the bpf_core_type_id_local macro to pass the
|
|
* type ID of a struct in program BTF.
|
|
*
|
|
* The 'local_type_id' parameter must be a known constant.
|
|
* The 'meta' parameter is rewritten by the verifier, no need for BPF
|
|
* program to set it.
|
|
* Returns
|
|
* A pointer to a percpu object of the type corresponding to the passed in
|
|
* 'local_type_id', or NULL on failure.
|
|
*/
|
|
extern void *bpf_percpu_obj_new_impl(__u64 local_type_id, void *meta) __ksym;
|
|
|
|
/* Convenience macro to wrap over bpf_percpu_obj_new_impl */
|
|
#define bpf_percpu_obj_new(type) ((type __percpu_kptr *)bpf_percpu_obj_new_impl(bpf_core_type_id_local(type), NULL))
|
|
|
|
/* Description
|
|
* Free an allocated percpu object. All fields of the object that require
|
|
* destruction will be destructed before the storage is freed.
|
|
*
|
|
* The 'meta' parameter is rewritten by the verifier, no need for BPF
|
|
* program to set it.
|
|
* Returns
|
|
* Void.
|
|
*/
|
|
extern void bpf_percpu_obj_drop_impl(void *kptr, void *meta) __ksym;
|
|
|
|
/* Convenience macro to wrap over bpf_obj_drop_impl */
|
|
#define bpf_percpu_obj_drop(kptr) bpf_percpu_obj_drop_impl(kptr, NULL)
|
|
|
|
/* Description
|
|
* Throw a BPF exception from the program, immediately terminating its
|
|
* execution and unwinding the stack. The supplied 'cookie' parameter
|
|
* will be the return value of the program when an exception is thrown.
|
|
*
|
|
* Note that throwing an exception with lingering resources (locks,
|
|
* references, etc.) will lead to a verification error.
|
|
*
|
|
* Note that callbacks *cannot* call this helper.
|
|
* Returns
|
|
* Never.
|
|
* Throws
|
|
* An exception with the specified 'cookie' value.
|
|
*/
|
|
extern void bpf_throw(u64 cookie) __ksym;
|
|
|
|
#endif
|