From: Yafang Shao <laoar.shao@gmail.com>
To: "Liam R. Howlett" <Liam.Howlett@oracle.com>,
Yafang Shao <laoar.shao@gmail.com>,
akpm@linux-foundation.org, david@redhat.com, ziy@nvidia.com,
baolin.wang@linux.alibaba.com, lorenzo.stoakes@oracle.com,
npache@redhat.com, ryan.roberts@arm.com, dev.jain@arm.com,
hannes@cmpxchg.org, usamaarif642@gmail.com,
gutierrez.asier@huawei-partners.com, willy@infradead.org,
ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org,
ameryhung@gmail.com, rientjes@google.com, corbet@lwn.net,
21cnbao@gmail.com, shakeel.butt@linux.dev, bpf@vger.kernel.org,
linux-mm@kvack.org, linux-doc@vger.kernel.org
Subject: Re: [PATCH v7 mm-new 06/10] bpf: mark vma->vm_mm as __safe_trusted_or_null
Date: Fri, 12 Sep 2025 11:50:14 +0800 [thread overview]
Message-ID: <CALOAHbDAOFjFD1Njojp=x9As-FSDwhZnFjioM5-uBoGfvPSANA@mail.gmail.com> (raw)
In-Reply-To: <mi5gf7wvm3hjnfm3gkrye5mpzcxlmfkzy55oqhaqdbsnnwxjfc@teia7omm3ujl>
On Fri, Sep 12, 2025 at 1:31 AM Liam R. Howlett <Liam.Howlett@oracle.com> wrote:
>
> * Yafang Shao <laoar.shao@gmail.com> [250909 22:46]:
> > The vma->vm_mm might be NULL and it can be accessed outside of RCU. Thus,
> > we can mark it as trusted_or_null. With this change, BPF helpers can safely
> > access vma->vm_mm to retrieve the associated mm_struct from the VMA.
> > Then we can make policy decision from the VMA.
>
> I don't agree with any of that statement.
>
> How are you getting a vma outside an rcu lock safely?
The callers of this BPF hook guarantee that the provided
vm_area_struct pointer is safe to read. This means your BPF program
can safely access its members, though it cannot write to them.
You might question how code in lsm.c can access
vma->vm_mm->start_stack without an explicit NULL check. This is
because the BPF verifier has a safety feature: if vma->vm_mm is NULL,
it will substitute the value 0 instead of actually performing the
dereference, preventing a crash.
However, while this prevents a kernel panic, it doesn't guarantee
correct logic. If your program uses the value 0 for start_stack
without knowing it came from a NULL pointer, it might behave
incorrectly. Therefore, you must still explicitly check for NULL to
ensure your program's logic is sound.
The __safe_trusted_or_null marker enforces this requirement. It is a
restriction that ensures program correctness, not a loosening of the
rules.
Alex, Andrii, please correct me if my understanding is wrong.
>
> vmas are RCU type safe so I don't think you can make the statement of
> null or trusted. You can get a vma that has moved to another mm if you
> are not careful.
>
> What am I missing? Surely there is more context to add to this commit
> message.
According to the definition of struct vm_area_struct, the comment on
vm_mm states: "Unstable RCU readers are allowed to read this." This
confirms that we can safely read vm_mm without holding the RCU read
lock. If this were not the case, the comment would need to be
corrected.
struct vm_area_struct {
/*
* The address space we belong to.
* Unstable RCU readers are allowed to read this.
*/
struct mm_struct *vm_mm;
};
As a minor, unrelated note: Non-sleepable BPF programs always run
within an RCU read-side critical section. Therefore, you do not need
to explicitly acquire the RCU read lock in such programs.
--
Regards
Yafang
next prev parent reply other threads:[~2025-09-12 3:50 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-10 2:44 [PATCH v7 mm-new 0/9] mm, bpf: BPF based THP order selection Yafang Shao
2025-09-10 2:44 ` [PATCH v7 mm-new 01/10] mm: thp: remove disabled task from khugepaged_mm_slot Yafang Shao
2025-09-10 5:11 ` Lance Yang
2025-09-10 6:17 ` Yafang Shao
2025-09-10 7:21 ` Lance Yang
2025-09-10 17:27 ` kernel test robot
2025-09-11 2:12 ` Lance Yang
2025-09-11 2:28 ` Zi Yan
2025-09-11 2:35 ` Yafang Shao
2025-09-11 2:38 ` Lance Yang
2025-09-11 13:47 ` Lorenzo Stoakes
2025-09-14 2:48 ` Yafang Shao
2025-09-11 13:43 ` Lorenzo Stoakes
2025-09-14 2:47 ` Yafang Shao
2025-09-10 2:44 ` [PATCH v7 mm-new 02/10] mm: thp: add support for BPF based THP order selection Yafang Shao
2025-09-10 12:42 ` Lance Yang
2025-09-10 12:54 ` Lance Yang
2025-09-10 13:56 ` Lance Yang
2025-09-11 2:48 ` Yafang Shao
2025-09-11 3:04 ` Lance Yang
2025-09-11 14:45 ` Lorenzo Stoakes
2025-09-11 14:02 ` Lorenzo Stoakes
2025-09-11 14:42 ` Lance Yang
2025-09-11 14:58 ` Lorenzo Stoakes
2025-09-12 7:58 ` Yafang Shao
2025-09-12 12:04 ` Lorenzo Stoakes
2025-09-11 14:33 ` Lorenzo Stoakes
2025-09-12 8:28 ` Yafang Shao
2025-09-12 11:53 ` Lorenzo Stoakes
2025-09-14 2:22 ` Yafang Shao
2025-09-11 14:51 ` Lorenzo Stoakes
2025-09-12 8:03 ` Yafang Shao
2025-09-12 12:00 ` Lorenzo Stoakes
2025-09-25 10:05 ` Lance Yang
2025-09-25 11:38 ` Yafang Shao
2025-09-10 2:44 ` [PATCH v7 mm-new 03/10] mm: thp: decouple THP allocation between swap and page fault paths Yafang Shao
2025-09-11 14:55 ` Lorenzo Stoakes
2025-09-12 7:20 ` Yafang Shao
2025-09-12 12:04 ` Lorenzo Stoakes
2025-09-10 2:44 ` [PATCH v7 mm-new 04/10] mm: thp: enable THP allocation exclusively through khugepaged Yafang Shao
2025-09-11 15:53 ` Lance Yang
2025-09-12 6:21 ` Yafang Shao
2025-09-11 15:58 ` Lorenzo Stoakes
2025-09-12 6:17 ` Yafang Shao
2025-09-12 13:48 ` Lorenzo Stoakes
2025-09-14 2:19 ` Yafang Shao
2025-09-10 2:44 ` [PATCH v7 mm-new 05/10] bpf: mark mm->owner as __safe_rcu_or_null Yafang Shao
2025-09-11 16:04 ` Lorenzo Stoakes
2025-09-10 2:44 ` [PATCH v7 mm-new 06/10] bpf: mark vma->vm_mm as __safe_trusted_or_null Yafang Shao
2025-09-11 17:08 ` Lorenzo Stoakes
2025-09-11 17:30 ` Liam R. Howlett
2025-09-11 17:44 ` Lorenzo Stoakes
2025-09-12 3:56 ` Yafang Shao
2025-09-12 3:50 ` Yafang Shao [this message]
2025-09-10 2:44 ` [PATCH v7 mm-new 07/10] selftests/bpf: add a simple BPF based THP policy Yafang Shao
2025-09-10 20:44 ` Alexei Starovoitov
2025-09-11 2:31 ` Yafang Shao
2025-09-10 2:44 ` [PATCH v7 mm-new 08/10] selftests/bpf: add test case to update " Yafang Shao
2025-09-10 2:44 ` [PATCH v7 mm-new 09/10] selftests/bpf: add test cases for invalid thp_adjust usage Yafang Shao
2025-09-10 2:44 ` [PATCH v7 mm-new 10/10] Documentation: add BPF-based THP policy management Yafang Shao
2025-09-10 11:11 ` [PATCH v7 mm-new 0/9] mm, bpf: BPF based THP order selection Lance Yang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CALOAHbDAOFjFD1Njojp=x9As-FSDwhZnFjioM5-uBoGfvPSANA@mail.gmail.com' \
--to=laoar.shao@gmail.com \
--cc=21cnbao@gmail.com \
--cc=Liam.Howlett@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=ameryhung@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=baolin.wang@linux.alibaba.com \
--cc=bpf@vger.kernel.org \
--cc=corbet@lwn.net \
--cc=daniel@iogearbox.net \
--cc=david@redhat.com \
--cc=dev.jain@arm.com \
--cc=gutierrez.asier@huawei-partners.com \
--cc=hannes@cmpxchg.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=npache@redhat.com \
--cc=rientjes@google.com \
--cc=ryan.roberts@arm.com \
--cc=shakeel.butt@linux.dev \
--cc=usamaarif642@gmail.com \
--cc=willy@infradead.org \
--cc=ziy@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).