Skip to content

Modular verifier ci #8734

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 14 commits into from
Closed

Modular verifier ci #8734

wants to merge 14 commits into from
+5,965 −532

Conversation

danobi
Copy link
Contributor

@danobi danobi commented Mar 31, 2025

No description provided.

@danobi danobi force-pushed the modular_verifier-ci branch 2 times, most recently from 3cb078e to 174f78e Compare April 1, 2025 00:23
@danobi danobi force-pushed the modular_verifier-ci branch from 174f78e to 7e21385 Compare April 1, 2025 02:33
@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the bpf-next_base branch 10 times, most recently from a218e9c to 16912c4 Compare April 4, 2025 18:35
@danobi danobi force-pushed the modular_verifier-ci branch 3 times, most recently from b6f2814 to a88ef92 Compare April 9, 2025 03:02
danobi added 10 commits April 8, 2025 21:13
@danobi
bpf: Move bpf_prog_ctx_arg_info_init() body into header
f3d0e98 
In an effort to reduce the amount of external references into
verifier.c, move the body of this function into the header, as it's
quite small.

Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
@danobi
bpf: Move BTF related globals out of verifier.c
65943e8 
Continuing with the effort to make verifier.c a leaf node, this commit
moves out bpf_verifier_lock, btf_vmlinux, and bpf_get_btf_vmlinux().
These can be owned by btf.c (perhaps rightly so).

Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
@danobi
bpf: Move percpu memory allocator definition into core
dbfdd45 
The BPF percpu memory allocator is used from multiple places. So move it
into the core and have verifier.c simply consume it.

Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
@danobi
bpf: Move bpf_check_attach_target() to core
8d61984 
This routine is used in a few other places in BPF subsystem. In an
effort to make verifier.c a leaf node, move the definition as well as
some other single use helpers into core.

Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
@danobi
bpf: Remove map_set_for_each_callback_args callback for maps
669373e 
Currently all iteratable maps (maps that define map_for_each_callback)
use the default callback. In an effort to reduce the number of incoming
references to verifier.c, just remove this level of indirection, as it's
unused.

Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
@danobi
bpf: Move kfunc definitions out of verifier.c
6f5806c 
Multiple files reference bpf_get_kfunc_addr(). But in order to move the
definition out into core, we need to drag along the various struct
definitions.

Doing this also makes moving bpf_free_kfunc_btf_tab() in the next commit
simpler as well.

Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
@danobi
bpf: Make bpf_free_kfunc_btf_tab() static in core
9ff7e39 
This function is only used in one place in core. However, it was defined
in verifier.c b/c a bunch of struct definitions were hidden in
verifier.c. Now that those definitions are shared, we can move
bpf_free_kfunc_btf_tab() into core and mark it static.

Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
@danobi
selftests: bpf: Avoid attaching to bpf_check()
7019ec3 
bpf_check(), as it currently exists, will soon be going away to make way
for loadable BPF verifier support. Fixup selftests so they fentry attach
to a more reliable location.

Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
@danobi
perf: Export perf_snapshot_branch_stack static key
9a67e6c 
Export the static call so that the modularized BPF verifier can run
static_call_query() against it.

Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
@danobi
bpf: verifier: Add indirection to kallsyms_lookup_name()
afc2871 
kallsyms_lookup_name() cannot be exported from the kernel for policy
reasons, so add this layer of indirection to allow the verifier to still
do kfunc and global variable relocations.

Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
danobi added 3 commits April 8, 2025 21:13
@danobi
treewide: bpf: Export symbols used by verifier
e96cd2d 
This commit EXPORT_SYMBOL_GPL()'s all the unresolved symbols from verifier.o.
This is necessary to support loads and reloads of the verifier at
runtime.

The list of symbols was generated using:

    nm -u kernel/bpf/verifier.o | grep -ve "__asan\|__ubsan\|__kasan" | awk '{print $2}'
@danobi
bpf: verifier: Make verifier loadable
8aadbf0 
This commit makes the BPF verifier loadable, with the default being the
same as before (built in). Note that no matter the build configuration,
it is always possible to load a new module (evicting the previous).

Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
@danobi
bpf: Supporting building verifier.ko out-of-tree
f296a28 
This supports out-of-tree builds against the in-tree verifier.ko. This
is intended to be used to build newer upstream verifiers against older
kernel sources.

You can also do an "in-tree out-of-tree" build as proof of concept:

    $ make clean
    $ make modules_prepare
    $ cd kernel/bpf
    $ make -C ../.. M=$PWD
@danobi danobi force-pushed the modular_verifier-ci branch from a88ef92 to f296a28 Compare April 9, 2025 03:13
@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the bpf-next_base branch 10 times, most recently from 14a0235 to 00d9d99 Compare April 15, 2025 22:29
@kernel-patches-daemon-bpf
Copy link

Automatically cleaning up stale PR; feel free to reopen if needed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@danobi