From: Roman Gushchin <roman.gushchin@linux.dev>
To: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: Matt Bobrowski <mattbobrowski@google.com>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
Martin KaFai Lau <martin.lau@linux.dev>,
Eduard Zingerman <eddyz87@gmail.com>, Song Liu <song@kernel.org>,
Yonghong Song <yonghong.song@linux.dev>,
ohn Fastabend <john.fastabend@gmail.com>,
KP Singh <kpsingh@kernel.org>,
Stanislav Fomichev <sdf@fomichev.me>,
Jiri Olsa <jolsa@kernel.org>,
Kumar Kartikeya Dwivedi <memxor@gmail.com>,
bpf <bpf@vger.kernel.org>
Subject: Re: Subject: [PATCH bpf-next 2/3] bpf: drop KF_ACQUIRE flag on BPF kfunc bpf_get_root_mem_cgroup()
Date: Tue, 20 Jan 2026 17:00:31 -0800 [thread overview]
Message-ID: <877btbu6ds.fsf@linux.dev> (raw)
In-Reply-To: <CAADnVQ+iKDvHxg_bEd6Knp3dNb9cr+FiemFSCR=NBnyt1UdYig@mail.gmail.com> (Alexei Starovoitov's message of "Mon, 19 Jan 2026 17:29:52 -0800")
Alexei Starovoitov <alexei.starovoitov@gmail.com> writes:
> On Fri, Jan 16, 2026 at 1:18 PM Roman Gushchin <roman.gushchin@linux.dev> wrote:
>>
>>
>> E.g. in my bpfoom case:
>>
>> SEC("struct_ops.s/handle_out_of_memory")
>> int BPF_PROG(test_out_of_memory, struct oom_control *oc, struct bpf_struct_ops_link *link)
>> {
>> struct task_struct *task;
>> struct mem_cgroup *root_memcg = oc->memcg;
>
> And you'll annotate oom_control->memcg with
> BTF_TYPE_SAFE_TRUSTED_OR_NULL ?
Yes.
>
>> struct mem_cgroup *memcg, *victim = NULL;
>> struct cgroup_subsys_state *css_pos, *css;
>> unsigned long usage, max_usage = 0;
>> unsigned long pagecache = 0;
>> int ret = 0;
>>
>> if (root_memcg)
>> root_memcg = bpf_get_mem_cgroup(&root_memcg->css);
>
> similar for mem_cgroup and css types ?
> or as BTF_TYPE_SAFE_RCU_OR_NULL ?
css is embedded into memcg, so in theory it doesn't require it.
also bpf_get_mem_cgroup() has acquire semantics, so in my understanding,
it can take non-trusted arguments.
>
>> else
>> root_memcg = bpf_get_root_mem_cgroup();
>>
>> if (!root_memcg)
>> return 0;
>>
>> css = &root_memcg->css;
>> if (css && css->cgroup == link->cgroup)
>> goto exit;
>>
>> bpf_rcu_read_lock();
>
> then this is a bug ? and rcu_read_lock needs to move up?
No, rcu read lock is required to protect the iterator within the for
each loop. root_memcg is protected by a bumped ref counter.
>
>> bpf_for_each(css, css_pos, &root_memcg->css, BPF_CGROUP_ITER_DESCENDANTS_POST) {
>> if (css_pos->cgroup->nr_descendants + css_pos->cgroup->nr_dying_descendants)
>> continue;
>>
>> memcg = bpf_get_mem_cgroup(css_pos);
>> if (!memcg)
>> continue;
>>
>> < ... >
>>
>> bpf_put_mem_cgroup(memcg);
>> }
>> bpf_rcu_read_unlock();
>>
>> < ... >
>>
>> bpf_put_mem_cgroup(victim);
>> exit:
>> bpf_put_mem_cgroup(root_memcg);
>
> Fair enough.
> Looks like quite a few pieces are still missing for this to work end-to-end,
> but, sure, let's revert back to acquire semantics.
It's close, I hope to send out v3 in few days.
I was rebasing to the latest bpf-next and then noticed that the test is
not working anymore because of this change.
>
> Matt,
> please come with a way to fix a selftest. Introduce test kfunc or
> something.
Thanks!
next prev parent reply other threads:[~2026-01-21 1:00 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-13 8:39 [PATCH bpf-next 1/3] bpf: return PTR_TO_BTF_ID | PTR_TRUSTED from BPF kfuncs by default Matt Bobrowski
2026-01-13 8:39 ` [PATCH bpf-next 2/3] bpf: drop KF_ACQUIRE flag on BPF kfunc bpf_get_root_mem_cgroup() Matt Bobrowski
2026-01-13 9:25 ` Kumar Kartikeya Dwivedi
2026-01-16 4:54 ` Subject: " Roman Gushchin
2026-01-16 7:55 ` Matt Bobrowski
2026-01-16 15:22 ` Alexei Starovoitov
2026-01-16 16:12 ` Alexei Starovoitov
2026-01-16 21:18 ` Roman Gushchin
2026-01-20 1:29 ` Alexei Starovoitov
2026-01-20 6:52 ` Matt Bobrowski
2026-01-20 9:19 ` Matt Bobrowski
2026-01-21 1:00 ` Roman Gushchin [this message]
2026-01-21 1:14 ` Alexei Starovoitov
2026-01-21 9:05 ` Matt Bobrowski
2026-01-13 8:39 ` [PATCH bpf-next 3/3] selftests/bpf: assert BPF kfunc default trusted pointer semantics Matt Bobrowski
2026-01-13 9:26 ` Kumar Kartikeya Dwivedi
2026-01-13 9:22 ` [PATCH bpf-next 1/3] bpf: return PTR_TO_BTF_ID | PTR_TRUSTED from BPF kfuncs by default Kumar Kartikeya Dwivedi
2026-01-14 3:30 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=877btbu6ds.fsf@linux.dev \
--to=roman.gushchin@linux.dev \
--cc=alexei.starovoitov@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=martin.lau@linux.dev \
--cc=mattbobrowski@google.com \
--cc=memxor@gmail.com \
--cc=sdf@fomichev.me \
--cc=song@kernel.org \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox