Re: [PATCH bpf-next v5 1/2] bpf: Fix attaching fentry/fexit/fmod_ret/lsm to modules

BPF List
 help / color / mirror / Atom feed

From: Viktor Malik <vmalik@redhat.com>
To: Jiri Olsa <olsajiri@gmail.com>
Cc: bpf@vger.kernel.org, Alexei Starovoitov <ast@kernel.org>,
	Daniel Borkmann <daniel@iogearbox.net>,
	John Fastabend <john.fastabend@gmail.com>,
	Andrii Nakryiko <andrii@kernel.org>,
	Martin KaFai Lau <martin.lau@linux.dev>,
	Song Liu <song@kernel.org>, Yonghong Song <yhs@fb.com>,
	KP Singh <kpsingh@kernel.org>,
	Stanislav Fomichev <sdf@google.com>, Hao Luo <haoluo@google.com>,
	Luis Chamberlain <mcgrof@kernel.org>
Subject: Re: [PATCH bpf-next v5 1/2] bpf: Fix attaching fentry/fexit/fmod_ret/lsm to modules
Date: Tue, 14 Feb 2023 10:57:13 +0100	[thread overview]
Message-ID: <80283a5e-c723-7580-9c8d-3c882f23c92c@redhat.com> (raw)
In-Reply-To: <Y+qCXoh+HcV5U5S/@krava>

On 2/13/23 19:33, Jiri Olsa wrote:
> On Mon, Feb 13, 2023 at 04:59:58PM +0100, Viktor Malik wrote:
> 
> SNIP
> 
>> @@ -248,8 +223,6 @@ static int register_fentry(struct bpf_trampoline *tr, void *new_addr)
>>   		ret = bpf_arch_text_poke(ip, BPF_MOD_CALL, NULL, new_addr);
>>   	}
>>   
>> -	if (ret)
>> -		bpf_trampoline_module_put(tr);
>>   	return ret;
>>   }
>>   
>> @@ -719,8 +692,11 @@ int bpf_trampoline_link_cgroup_shim(struct bpf_prog *prog,
>>   
>>   	bpf_lsm_find_cgroup_shim(prog, &bpf_func);
>>   	tr = bpf_trampoline_get(key, &tgt_info);
>> -	if (!tr)
>> +	if (!tr) {
>> +		if (tgt_info.tgt_mod)
>> +			module_put(tgt_info.tgt_mod);
>>   		return  -ENOMEM;
>> +	}
>>   
>>   	mutex_lock(&tr->mutex);
>>   
>> @@ -800,6 +776,14 @@ struct bpf_trampoline *bpf_trampoline_get(u64 key,
>>   		return NULL;
>>   
>>   	mutex_lock(&tr->mutex);
>> +	if (tgt_info->tgt_mod) {
>> +		if (tr->mod)
>> +			/* we already have the module reference, release tgt_info reference */
>> +			module_put(tgt_info->tgt_mod);
>> +		else
>> +			/* take ownership of the module reference */
>> +			tr->mod = tgt_info->tgt_mod;
> 
> this seems tricky, should we take and save module reference in bpf_prog
> struct and release it when the program goes out? IIUC the module for
> which the program was verified for should stay as long as the program
> is loaded

You're right, it makes more sense that the module is associated with the
program, not with the trampoline. So we just save the mod reference into
prog->aux (in bpf_check_attach_target) and release it on bpf_prog_put,
just before the program is freed.

Does that make sense? Anything else to be aware of comes to mind?

Thanks!

Viktor

> 
> jirka
> 
>> +	}
>>   	if (tr->func.addr)
>>   		goto out;
>>   
>> @@ -819,6 +803,10 @@ void bpf_trampoline_put(struct bpf_trampoline *tr)
>>   	mutex_lock(&trampoline_mutex);
>>   	if (!refcount_dec_and_test(&tr->refcnt))
>>   		goto out;
>> +	if (tr->mod) {
>> +		module_put(tr->mod);
>> +		tr->mod = NULL;
>> +	}
>>   	WARN_ON_ONCE(mutex_is_locked(&tr->mutex));
>>   
>>   	for (i = 0; i < BPF_TRAMP_MAX; i++)
> 
> SNIP
>

next prev parent reply	other threads:[~2023-02-14  9:59 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-02-13 15:59 [PATCH bpf-next v5 0/2] Fix attaching fentry/fexit/fmod_ret/lsm to modules Viktor Malik
2023-02-13 15:59 ` [PATCH bpf-next v5 1/2] bpf: " Viktor Malik
2023-02-13 18:33   ` Jiri Olsa
2023-02-14  9:57     ` Viktor Malik [this message]
2023-02-16  4:49   ` kernel test robot
2023-02-13 15:59 ` [PATCH bpf-next v5 2/2] bpf/selftests: Test fentry attachment to shadowed functions Viktor Malik

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=80283a5e-c723-7580-9c8d-3c882f23c92c@redhat.com \
    --to=vmalik@redhat.com \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=haoluo@google.com \
    --cc=john.fastabend@gmail.com \
    --cc=kpsingh@kernel.org \
    --cc=martin.lau@linux.dev \
    --cc=mcgrof@kernel.org \
    --cc=olsajiri@gmail.com \
    --cc=sdf@google.com \
    --cc=song@kernel.org \
    --cc=yhs@fb.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox