bpf: remove useless version check for prog load

Existing libraries and tracing frameworks work around this kernel
version check by automatically deriving the kernel version from
uname(3) or similar such that the user does not need to do it
manually; these workarounds also make the version check useless
at the same time.

Moreover, most other BPF tracing types enabling bpf_probe_read()-like
functionality have /not/ adapted this check, and in general these
days it is well understood anyway that all the tracing programs are
not stable with regards to future kernels as kernel internal data
structures are subject to change from release to release.

Back at last netconf we discussed [0] and agreed to remove this
check from bpf_prog_load() and instead document it here in the uapi
header that there is no such guarantee for stable API for these
programs.

  [0] http://vger.kernel.org/netconf2018_files/DanielBorkmann_netconf2018.pdf

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Quentin Monnet <quentin.monnet@netronome.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
This commit is contained in:
Daniel Borkmann 2018-12-16 00:49:47 +01:00 committed by Alexei Starovoitov
parent 034565da0f
commit 6c4fc209fc
3 changed files with 18 additions and 7 deletions

View File

@ -133,6 +133,14 @@ enum bpf_map_type {
BPF_MAP_TYPE_STACK, BPF_MAP_TYPE_STACK,
}; };
/* Note that tracing related programs such as
* BPF_PROG_TYPE_{KPROBE,TRACEPOINT,PERF_EVENT,RAW_TRACEPOINT}
* are not subject to a stable API since kernel internal data
* structures can change from release to release and may
* therefore break existing tracing BPF programs. Tracing BPF
* programs correspond to /a/ specific kernel which is to be
* analyzed, and not /a/ specific kernel /and/ all future ones.
*/
enum bpf_prog_type { enum bpf_prog_type {
BPF_PROG_TYPE_UNSPEC, BPF_PROG_TYPE_UNSPEC,
BPF_PROG_TYPE_SOCKET_FILTER, BPF_PROG_TYPE_SOCKET_FILTER,
@ -343,7 +351,7 @@ union bpf_attr {
__u32 log_level; /* verbosity level of verifier */ __u32 log_level; /* verbosity level of verifier */
__u32 log_size; /* size of user buffer */ __u32 log_size; /* size of user buffer */
__aligned_u64 log_buf; /* user supplied buffer */ __aligned_u64 log_buf; /* user supplied buffer */
__u32 kern_version; /* checked when prog_type=kprobe */ __u32 kern_version; /* not used */
__u32 prog_flags; __u32 prog_flags;
char prog_name[BPF_OBJ_NAME_LEN]; char prog_name[BPF_OBJ_NAME_LEN];
__u32 prog_ifindex; /* ifindex of netdev to prep for */ __u32 prog_ifindex; /* ifindex of netdev to prep for */

View File

@ -1473,11 +1473,6 @@ static int bpf_prog_load(union bpf_attr *attr, union bpf_attr __user *uattr)
if (attr->insn_cnt == 0 || attr->insn_cnt > BPF_MAXINSNS) if (attr->insn_cnt == 0 || attr->insn_cnt > BPF_MAXINSNS)
return -E2BIG; return -E2BIG;
if (type == BPF_PROG_TYPE_KPROBE &&
attr->kern_version != LINUX_VERSION_CODE)
return -EINVAL;
if (type != BPF_PROG_TYPE_SOCKET_FILTER && if (type != BPF_PROG_TYPE_SOCKET_FILTER &&
type != BPF_PROG_TYPE_CGROUP_SKB && type != BPF_PROG_TYPE_CGROUP_SKB &&
!capable(CAP_SYS_ADMIN)) !capable(CAP_SYS_ADMIN))

View File

@ -133,6 +133,14 @@ enum bpf_map_type {
BPF_MAP_TYPE_STACK, BPF_MAP_TYPE_STACK,
}; };
/* Note that tracing related programs such as
* BPF_PROG_TYPE_{KPROBE,TRACEPOINT,PERF_EVENT,RAW_TRACEPOINT}
* are not subject to a stable API since kernel internal data
* structures can change from release to release and may
* therefore break existing tracing BPF programs. Tracing BPF
* programs correspond to /a/ specific kernel which is to be
* analyzed, and not /a/ specific kernel /and/ all future ones.
*/
enum bpf_prog_type { enum bpf_prog_type {
BPF_PROG_TYPE_UNSPEC, BPF_PROG_TYPE_UNSPEC,
BPF_PROG_TYPE_SOCKET_FILTER, BPF_PROG_TYPE_SOCKET_FILTER,
@ -343,7 +351,7 @@ union bpf_attr {
__u32 log_level; /* verbosity level of verifier */ __u32 log_level; /* verbosity level of verifier */
__u32 log_size; /* size of user buffer */ __u32 log_size; /* size of user buffer */
__aligned_u64 log_buf; /* user supplied buffer */ __aligned_u64 log_buf; /* user supplied buffer */
__u32 kern_version; /* checked when prog_type=kprobe */ __u32 kern_version; /* not used */
__u32 prog_flags; __u32 prog_flags;
char prog_name[BPF_OBJ_NAME_LEN]; char prog_name[BPF_OBJ_NAME_LEN];
__u32 prog_ifindex; /* ifindex of netdev to prep for */ __u32 prog_ifindex; /* ifindex of netdev to prep for */