From: Kui-Feng Lee <thinker.li@gmail.com>
To: bpf@vger.kernel.org, ast@kernel.org, martin.lau@linux.dev,
song@kernel.org, kernel-team@meta.com, andrii@kernel.org
Cc: sinquersw@gmail.com, kuifeng@meta.com,
Kui-Feng Lee <thinker.li@gmail.com>
Subject: [RFC bpf-next v3 5/7] bpf: pin, translate, and unpin __uptr from syscalls.
Date: Tue, 13 Aug 2024 20:30:08 -0700 [thread overview]
Message-ID: <20240814033010.2980635-6-thinker.li@gmail.com> (raw)
In-Reply-To: <20240814033010.2980635-1-thinker.li@gmail.com>
When a user program updates a map value, every uptr will be pinned and
translated to an address in the kernel. This process is initiated by
calling bpf_map_update_elem() from user programs.
Currently, uptr is only supported by task storage maps and can only be set
by user programs through syscalls.
When the value of an uptr is overwritten or destroyed, the memory pointed
to by the old value must be unpinned. This is ensured by calling
bpf_obj_uptrcpy() and copy_map_uptr_locked() when updating map value and by
bpf_obj_free_fields() when destroying map value.
Signed-off-by: Kui-Feng Lee <thinker.li@gmail.com>
---
kernel/bpf/bpf_local_storage.c | 23 ++++++++++++++-----
kernel/bpf/syscall.c | 40 +++++++++++++++++++++++++++++++---
2 files changed, 55 insertions(+), 8 deletions(-)
diff --git a/kernel/bpf/bpf_local_storage.c b/kernel/bpf/bpf_local_storage.c
index c938dea5ddbf..2fafad53b9d9 100644
--- a/kernel/bpf/bpf_local_storage.c
+++ b/kernel/bpf/bpf_local_storage.c
@@ -99,8 +99,11 @@ bpf_selem_alloc(struct bpf_local_storage_map *smap, void *owner,
}
if (selem) {
- if (value)
+ if (value) {
copy_map_value(&smap->map, SDATA(selem)->data, value);
+ if (smap->map.map_type == BPF_MAP_TYPE_TASK_STORAGE)
+ bpf_obj_uptrcpy(smap->map.record, SDATA(selem)->data, value);
+ }
/* No need to call check_and_init_map_value as memory is zero init */
return selem;
}
@@ -575,8 +578,13 @@ bpf_local_storage_update(void *owner, struct bpf_local_storage_map *smap,
if (err)
return ERR_PTR(err);
if (old_sdata && selem_linked_to_storage_lockless(SELEM(old_sdata))) {
- copy_map_value_locked(&smap->map, old_sdata->data,
- value, false);
+ if (smap->map.map_type == BPF_MAP_TYPE_TASK_STORAGE &&
+ btf_record_has_field(smap->map.record, BPF_UPTR))
+ copy_map_uptr_locked(&smap->map, old_sdata->data,
+ value, false);
+ else
+ copy_map_value_locked(&smap->map, old_sdata->data,
+ value, false);
return old_sdata;
}
}
@@ -607,8 +615,13 @@ bpf_local_storage_update(void *owner, struct bpf_local_storage_map *smap,
goto unlock;
if (old_sdata && (map_flags & BPF_F_LOCK)) {
- copy_map_value_locked(&smap->map, old_sdata->data, value,
- false);
+ if (smap->map.map_type == BPF_MAP_TYPE_TASK_STORAGE &&
+ btf_record_has_field(smap->map.record, BPF_UPTR))
+ copy_map_uptr_locked(&smap->map, old_sdata->data,
+ value, false);
+ else
+ copy_map_value_locked(&smap->map, old_sdata->data,
+ value, false);
selem = SELEM(old_sdata);
goto unlock;
}
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index d504f5eb955a..1854aeb13ff7 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -287,8 +287,8 @@ static void bpf_obj_unpin_uptrs(struct btf_record *rec, void *src)
bpf_obj_unpin_uptrs_cnt(rec, rec->cnt, src);
}
-static int bpf_map_update_value(struct bpf_map *map, struct file *map_file,
- void *key, void *value, __u64 flags)
+static int bpf_map_update_value_inner(struct bpf_map *map, struct file *map_file,
+ void *key, void *value, __u64 flags)
{
int err;
@@ -340,6 +340,29 @@ static int bpf_map_update_value(struct bpf_map *map, struct file *map_file,
return err;
}
+static int bpf_map_update_value(struct bpf_map *map, struct file *map_file,
+ void *key, void *value, __u64 flags)
+{
+ int err;
+
+ if (map->map_type == BPF_MAP_TYPE_TASK_STORAGE) {
+ /* Pin user memory can lead to context switch, so we need
+ * to do it before potential RCU lock.
+ */
+ err = bpf_obj_trans_pin_uptrs(map->record, value,
+ bpf_map_value_size(map));
+ if (err)
+ return err;
+ }
+
+ err = bpf_map_update_value_inner(map, map_file, key, value, flags);
+
+ if (err && map->map_type == BPF_MAP_TYPE_TASK_STORAGE)
+ bpf_obj_unpin_uptrs(map->record, value);
+
+ return err;
+}
+
static int bpf_map_copy_value(struct bpf_map *map, void *key, void *value,
__u64 flags)
{
@@ -846,6 +869,11 @@ void bpf_obj_free_fields(const struct btf_record *rec, void *obj)
field->kptr.dtor(xchgd_field);
}
break;
+ case BPF_UPTR:
+ if (*(void **)field_ptr)
+ bpf_obj_unpin_uptr(field, *(void **)field_ptr);
+ *(void **)field_ptr = NULL;
+ break;
case BPF_LIST_HEAD:
if (WARN_ON_ONCE(rec->spin_lock_off < 0))
continue;
@@ -1231,7 +1259,7 @@ static int map_check_btf(struct bpf_map *map, struct bpf_token *token,
map->record = btf_parse_fields(btf, value_type,
BPF_SPIN_LOCK | BPF_TIMER | BPF_KPTR | BPF_LIST_HEAD |
- BPF_RB_ROOT | BPF_REFCOUNT | BPF_WORKQUEUE,
+ BPF_RB_ROOT | BPF_REFCOUNT | BPF_WORKQUEUE | BPF_UPTR,
map->value_size);
if (!IS_ERR_OR_NULL(map->record)) {
int i;
@@ -1287,6 +1315,12 @@ static int map_check_btf(struct bpf_map *map, struct bpf_token *token,
goto free_map_tab;
}
break;
+ case BPF_UPTR:
+ if (map->map_type != BPF_MAP_TYPE_TASK_STORAGE) {
+ ret = -EOPNOTSUPP;
+ goto free_map_tab;
+ }
+ break;
case BPF_LIST_HEAD:
case BPF_RB_ROOT:
if (map->map_type != BPF_MAP_TYPE_HASH &&
--
2.34.1
next prev parent reply other threads:[~2024-08-14 3:30 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-14 3:30 [RFC bpf-next v3 0/7] Share user memory to BPF program through task storage map Kui-Feng Lee
2024-08-14 3:30 ` [RFC bpf-next v3 1/7] bpf: define BPF_UPTR a new enumerator of btf_field_type Kui-Feng Lee
2024-08-14 3:30 ` [RFC bpf-next v3 2/7] bpf: Parse and support "uptr" tag Kui-Feng Lee
2024-08-14 3:30 ` [RFC bpf-next v3 3/7] bpf: Handle BPF_UPTR in verifier Kui-Feng Lee
2024-08-14 3:30 ` [RFC bpf-next v3 4/7] bpf: add helper functions of pinning and converting BPF_UPTR Kui-Feng Lee
2024-08-14 3:30 ` Kui-Feng Lee [this message]
2024-08-14 3:30 ` [RFC bpf-next v3 6/7] libbpf: define __uptr Kui-Feng Lee
2024-08-14 3:30 ` [RFC bpf-next v3 7/7] selftests/bpf: test __uptr on the value of a task storage map Kui-Feng Lee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240814033010.2980635-6-thinker.li@gmail.com \
--to=thinker.li@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=kernel-team@meta.com \
--cc=kuifeng@meta.com \
--cc=martin.lau@linux.dev \
--cc=sinquersw@gmail.com \
--cc=song@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.