From: Roman Gushchin <roman.gushchin@linux.dev>
To: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: Matt Bobrowski <mattbobrowski@google.com>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
Martin KaFai Lau <martin.lau@linux.dev>,
Eduard Zingerman <eddyz87@gmail.com>, Song Liu <song@kernel.org>,
Yonghong Song <yonghong.song@linux.dev>,
ohn Fastabend <john.fastabend@gmail.com>,
KP Singh <kpsingh@kernel.org>,
Stanislav Fomichev <sdf@fomichev.me>,
Jiri Olsa <jolsa@kernel.org>,
Kumar Kartikeya Dwivedi <memxor@gmail.com>,
bpf <bpf@vger.kernel.org>
Subject: Re: Subject: [PATCH bpf-next 2/3] bpf: drop KF_ACQUIRE flag on BPF kfunc bpf_get_root_mem_cgroup()
Date: Tue, 20 Jan 2026 17:00:31 -0800 [thread overview]
Message-ID: <877btbu6ds.fsf@linux.dev> (raw)
In-Reply-To: <CAADnVQ+iKDvHxg_bEd6Knp3dNb9cr+FiemFSCR=NBnyt1UdYig@mail.gmail.com> (Alexei Starovoitov's message of "Mon, 19 Jan 2026 17:29:52 -0800")
Alexei Starovoitov <alexei.starovoitov@gmail.com> writes:
> On Fri, Jan 16, 2026 at 1:18 PM Roman Gushchin <roman.gushchin@linux.dev> wrote:
>>
>>
>> E.g. in my bpfoom case:
>>
>> SEC("struct_ops.s/handle_out_of_memory")
>> int BPF_PROG(test_out_of_memory, struct oom_control *oc, struct bpf_struct_ops_link *link)
>> {
>> struct task_struct *task;
>> struct mem_cgroup *root_memcg = oc->memcg;
>
> And you'll annotate oom_control->memcg with
> BTF_TYPE_SAFE_TRUSTED_OR_NULL ?
Yes.
>
>> struct mem_cgroup *memcg, *victim = NULL;
>> struct cgroup_subsys_state *css_pos, *css;
>> unsigned long usage, max_usage = 0;
>> unsigned long pagecache = 0;
>> int ret = 0;
>>
>> if (root_memcg)
>> root_memcg = bpf_get_mem_cgroup(&root_memcg->css);
>
> similar for mem_cgroup and css types ?
> or as BTF_TYPE_SAFE_RCU_OR_NULL ?
css is embedded into memcg, so in theory it doesn't require it.
also bpf_get_mem_cgroup() has acquire semantics, so in my understanding,
it can take non-trusted arguments.
>
>> else
>> root_memcg = bpf_get_root_mem_cgroup();
>>
>> if (!root_memcg)
>> return 0;
>>
>> css = &root_memcg->css;
>> if (css && css->cgroup == link->cgroup)
>> goto exit;
>>
>> bpf_rcu_read_lock();
>
> then this is a bug ? and rcu_read_lock needs to move up?
No, rcu read lock is required to protect the iterator within the for
each loop. root_memcg is protected by a bumped ref counter.
>
>> bpf_for_each(css, css_pos, &root_memcg->css, BPF_CGROUP_ITER_DESCENDANTS_POST) {
>> if (css_pos->cgroup->nr_descendants + css_pos->cgroup->nr_dying_descendants)
>> continue;
>>
>> memcg = bpf_get_mem_cgroup(css_pos);
>> if (!memcg)
>> continue;
>>
>> < ... >
>>
>> bpf_put_mem_cgroup(memcg);
>> }
>> bpf_rcu_read_unlock();
>>
>> < ... >
>>
>> bpf_put_mem_cgroup(victim);
>> exit:
>> bpf_put_mem_cgroup(root_memcg);
>
> Fair enough.
> Looks like quite a few pieces are still missing for this to work end-to-end,
> but, sure, let's revert back to acquire semantics.
It's close, I hope to send out v3 in few days.
I was rebasing to the latest bpf-next and then noticed that the test is
not working anymore because of this change.
>
> Matt,
> please come with a way to fix a selftest. Introduce test kfunc or
> something.
Thanks!
next prev parent reply other threads:[~2026-01-21 1:00 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-13 8:39 [PATCH bpf-next 1/3] bpf: return PTR_TO_BTF_ID | PTR_TRUSTED from BPF kfuncs by default Matt Bobrowski
2026-01-13 8:39 ` [PATCH bpf-next 2/3] bpf: drop KF_ACQUIRE flag on BPF kfunc bpf_get_root_mem_cgroup() Matt Bobrowski
2026-01-13 9:25 ` Kumar Kartikeya Dwivedi
2026-01-16 4:54 ` Subject: " Roman Gushchin
2026-01-16 7:55 ` Matt Bobrowski
2026-01-16 15:22 ` Alexei Starovoitov
2026-01-16 16:12 ` Alexei Starovoitov
2026-01-16 21:18 ` Roman Gushchin
2026-01-20 1:29 ` Alexei Starovoitov
2026-01-20 6:52 ` Matt Bobrowski
2026-01-20 9:19 ` Matt Bobrowski
2026-01-21 1:00 ` Roman Gushchin [this message]
2026-01-21 1:14 ` Alexei Starovoitov
2026-01-21 9:05 ` Matt Bobrowski
2026-01-13 8:39 ` [PATCH bpf-next 3/3] selftests/bpf: assert BPF kfunc default trusted pointer semantics Matt Bobrowski
2026-01-13 9:26 ` Kumar Kartikeya Dwivedi
2026-01-13 9:22 ` [PATCH bpf-next 1/3] bpf: return PTR_TO_BTF_ID | PTR_TRUSTED from BPF kfuncs by default Kumar Kartikeya Dwivedi
2026-01-14 3:30 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=877btbu6ds.fsf@linux.dev \
--to=roman.gushchin@linux.dev \
--cc=alexei.starovoitov@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=martin.lau@linux.dev \
--cc=mattbobrowski@google.com \
--cc=memxor@gmail.com \
--cc=sdf@fomichev.me \
--cc=song@kernel.org \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.