From: Leon Hwang <leon.hwang@linux.dev>
To: Eduard Zingerman <eddyz87@gmail.com>, bpf@vger.kernel.org
Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org,
toke@redhat.com, martin.lau@kernel.org, yonghong.song@linux.dev,
puranjay@kernel.org, xukuohai@huaweicloud.com, iii@linux.ibm.com,
kernel-patches-bot@fb.com
Subject: Re: [PATCH bpf-next v4 1/4] bpf: Prevent updating extended prog to prog_array map
Date: Tue, 1 Oct 2024 21:20:01 +0800 [thread overview]
Message-ID: <57d535b9-1229-4048-aee5-7184c2ca9e9e@linux.dev> (raw)
In-Reply-To: <916f579cce8397b45790b1db68ad2a61cce4dfd8.camel@gmail.com>
On 2024/10/1 19:13, Eduard Zingerman wrote:
> On Sun, 2024-09-29 at 21:27 +0800, Leon Hwang wrote:
>
> [...]
>
>> diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c
>> index 79660e3fca4c1..4a4de4f014be9 100644
>> --- a/kernel/bpf/arraymap.c
>> +++ b/kernel/bpf/arraymap.c
>> @@ -947,16 +947,29 @@ static void *prog_fd_array_get_ptr(struct bpf_map *map,
>> struct file *map_file, int fd)
>> {
>> struct bpf_prog *prog = bpf_prog_get(fd);
>> + bool is_extended;
>>
>> if (IS_ERR(prog))
>> return prog;
>>
>> - if (!bpf_prog_map_compatible(map, prog)) {
>> - bpf_prog_put(prog);
>> - return ERR_PTR(-EINVAL);
>> - }
>> + if (!bpf_prog_map_compatible(map, prog))
>> + goto out_put_prog;
>> +
>> + mutex_lock(&prog->aux->ext_mutex);
>> + is_extended = prog->aux->is_extended;
>> + mutex_unlock(&prog->aux->ext_mutex);
>> + if (is_extended)
>> + /* Extended prog can not be tail callee. It's to prevent a
>> + * potential infinite loop like:
>> + * tail callee prog entry -> tail callee prog subprog ->
>> + * freplace prog entry --tailcall-> tail callee prog entry.
>> + */
>> + goto out_put_prog;
>
> Nit: I think return value should be -EBUSY in this case.
Ack.
>
>>
>> return prog;
>> +out_put_prog:
>> + bpf_prog_put(prog);
>> + return ERR_PTR(-EINVAL);
>> }
>>
>
> [...]
>
>> diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
>> index a8f1808a1ca54..db17c52fa35db 100644
>> --- a/kernel/bpf/syscall.c
>> +++ b/kernel/bpf/syscall.c
>> @@ -3212,14 +3212,23 @@ static void bpf_tracing_link_release(struct bpf_link *link)
>> {
>> struct bpf_tracing_link *tr_link =
>> container_of(link, struct bpf_tracing_link, link.link);
>> -
>> - WARN_ON_ONCE(bpf_trampoline_unlink_prog(&tr_link->link,
>> - tr_link->trampoline));
>> + struct bpf_prog *tgt_prog = tr_link->tgt_prog;
>> +
>> + if (link->prog->type == BPF_PROG_TYPE_EXT) {
>> + mutex_lock(&tgt_prog->aux->ext_mutex);
>> + WARN_ON_ONCE(bpf_trampoline_unlink_prog(&tr_link->link,
>> + tr_link->trampoline));
>> + tgt_prog->aux->is_extended = false;
>
> In case if unlink fails is_extended should not be reset.
>
Nope.
In bpf_trampoline_unlink_prog(), 'tr->extension_prog = NULL;' always no
matter whether fail to unlink.
So, it should reset is_extended always too.
Thanks,
Leon
>> + mutex_unlock(&tgt_prog->aux->ext_mutex);
>> + } else {
>> + WARN_ON_ONCE(bpf_trampoline_unlink_prog(&tr_link->link,
>> + tr_link->trampoline));
>> + }
>>
>> bpf_trampoline_put(tr_link->trampoline);
>>
>> /* tgt_prog is NULL if target is a kernel function */
>> - if (tr_link->tgt_prog)
>> + if (tgt_prog)
>> bpf_prog_put(tr_link->tgt_prog);
>> }
>
> [...]
>
next prev parent reply other threads:[~2024-10-01 13:20 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-29 13:27 [PATCH bpf-next v4 0/4] bpf: Fix tailcall infinite loop caused by freplace Leon Hwang
2024-09-29 13:27 ` [PATCH bpf-next v4 1/4] bpf: Prevent updating extended prog to prog_array map Leon Hwang
2024-10-01 11:13 ` Eduard Zingerman
2024-10-01 13:20 ` Leon Hwang [this message]
2024-10-01 16:54 ` Eduard Zingerman
2024-09-29 13:27 ` [PATCH bpf-next v4 2/4] bpf: Prevent extending tail callee prog with freplace prog Leon Hwang
2024-09-30 1:53 ` Leon Hwang
2024-10-04 19:33 ` Alexei Starovoitov
2024-10-04 20:37 ` Eduard Zingerman
2024-10-04 20:52 ` Eduard Zingerman
2024-10-04 23:30 ` Alexei Starovoitov
2024-09-29 13:27 ` [PATCH bpf-next v4 3/4] selftests/bpf: Add a test case to confirm a tailcall infinite loop issue has been prevented Leon Hwang
2024-09-29 13:27 ` [PATCH bpf-next v4 4/4] selftests/bpf: Add cases to test tailcall in freplace Leon Hwang
2024-10-01 11:14 ` [PATCH bpf-next v4 0/4] bpf: Fix tailcall infinite loop caused by freplace Eduard Zingerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=57d535b9-1229-4048-aee5-7184c2ca9e9e@linux.dev \
--to=leon.hwang@linux.dev \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=iii@linux.ibm.com \
--cc=kernel-patches-bot@fb.com \
--cc=martin.lau@kernel.org \
--cc=puranjay@kernel.org \
--cc=toke@redhat.com \
--cc=xukuohai@huaweicloud.com \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.