From: Christian Brauner <brauner@kernel.org>
To: Song Liu <song@kernel.org>
Cc: bpf@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, kernel-team@meta.com,
andrii@kernel.org, eddyz87@gmail.com, ast@kernel.org,
daniel@iogearbox.net, martin.lau@linux.dev,
viro@zeniv.linux.org.uk, jack@suse.cz, kpsingh@kernel.org,
mattbobrowski@google.com, amir73il@gmail.com, repnop@google.com,
jlayton@kernel.org, josef@toxicpanda.com, mic@digikod.net,
gnoack@google.com
Subject: Re: [PATCH bpf-next 2/4] bpf: Make bpf inode storage available to tracing program
Date: Wed, 13 Nov 2024 11:19:20 +0100 [thread overview]
Message-ID: <20241113-sensation-morgen-852f49484fd8@brauner> (raw)
In-Reply-To: <20241112082600.298035-3-song@kernel.org>
On Tue, Nov 12, 2024 at 12:25:56AM -0800, Song Liu wrote:
> inode storage can be useful for non-LSM program. For example, file* tools
> from bcc/libbpf-tools can use inode storage instead of hash map; fanotify
> fastpath [1] can also use inode storage to store useful data.
>
> Make inode storage available for tracing program. Move bpf inode storage
> from a security blob to inode->i_bpf_storage, and adjust related code
> accordingly.
>
> [1] https://lore.kernel.org/linux-fsdevel/20241029231244.2834368-1-song@kernel.org/
> Signed-off-by: Song Liu <song@kernel.org>
> ---
> fs/inode.c | 1 +
> include/linux/bpf.h | 9 +++++++++
> include/linux/bpf_lsm.h | 29 -----------------------------
> include/linux/fs.h | 4 ++++
> kernel/bpf/Makefile | 3 +--
> kernel/bpf/bpf_inode_storage.c | 32 +++++---------------------------
> kernel/bpf/bpf_lsm.c | 4 ----
> kernel/trace/bpf_trace.c | 4 ++++
> security/bpf/hooks.c | 6 ------
> 9 files changed, 24 insertions(+), 68 deletions(-)
>
> diff --git a/fs/inode.c b/fs/inode.c
> index 8dabb224f941..3c679578169f 100644
> --- a/fs/inode.c
> +++ b/fs/inode.c
> @@ -286,6 +286,7 @@ static struct inode *alloc_inode(struct super_block *sb)
> void __destroy_inode(struct inode *inode)
> {
> BUG_ON(inode_has_buffers(inode));
> + bpf_inode_storage_free(inode);
> inode_detach_wb(inode);
> security_inode_free(inode);
> fsnotify_inode_delete(inode);
> diff --git a/include/linux/bpf.h b/include/linux/bpf.h
> index 1b84613b10ac..0b31d2e74df6 100644
> --- a/include/linux/bpf.h
> +++ b/include/linux/bpf.h
> @@ -2672,6 +2672,7 @@ struct bpf_link *bpf_link_by_id(u32 id);
> const struct bpf_func_proto *bpf_base_func_proto(enum bpf_func_id func_id,
> const struct bpf_prog *prog);
> void bpf_task_storage_free(struct task_struct *task);
> +void bpf_inode_storage_free(struct inode *inode);
> void bpf_cgrp_storage_free(struct cgroup *cgroup);
> bool bpf_prog_has_kfunc_call(const struct bpf_prog *prog);
> const struct btf_func_model *
> @@ -2942,6 +2943,10 @@ static inline void bpf_task_storage_free(struct task_struct *task)
> {
> }
>
> +static inline void bpf_inode_storage_free(struct inode *inode)
> +{
> +}
> +
> static inline bool bpf_prog_has_kfunc_call(const struct bpf_prog *prog)
> {
> return false;
> @@ -3305,6 +3310,10 @@ extern const struct bpf_func_proto bpf_task_storage_get_recur_proto;
> extern const struct bpf_func_proto bpf_task_storage_get_proto;
> extern const struct bpf_func_proto bpf_task_storage_delete_recur_proto;
> extern const struct bpf_func_proto bpf_task_storage_delete_proto;
> +extern const struct bpf_func_proto bpf_inode_storage_get_proto;
> +extern const struct bpf_func_proto bpf_inode_storage_get_recur_proto;
> +extern const struct bpf_func_proto bpf_inode_storage_delete_proto;
> +extern const struct bpf_func_proto bpf_inode_storage_delete_recur_proto;
> extern const struct bpf_func_proto bpf_for_each_map_elem_proto;
> extern const struct bpf_func_proto bpf_btf_find_by_name_kind_proto;
> extern const struct bpf_func_proto bpf_sk_setsockopt_proto;
> diff --git a/include/linux/bpf_lsm.h b/include/linux/bpf_lsm.h
> index aefcd6564251..a819c2f0a062 100644
> --- a/include/linux/bpf_lsm.h
> +++ b/include/linux/bpf_lsm.h
> @@ -19,31 +19,12 @@
> #include <linux/lsm_hook_defs.h>
> #undef LSM_HOOK
>
> -struct bpf_storage_blob {
> - struct bpf_local_storage __rcu *storage;
> -};
> -
> -extern struct lsm_blob_sizes bpf_lsm_blob_sizes;
> -
> int bpf_lsm_verify_prog(struct bpf_verifier_log *vlog,
> const struct bpf_prog *prog);
>
> bool bpf_lsm_is_sleepable_hook(u32 btf_id);
> bool bpf_lsm_is_trusted(const struct bpf_prog *prog);
>
> -static inline struct bpf_storage_blob *bpf_inode(
> - const struct inode *inode)
> -{
> - if (unlikely(!inode->i_security))
> - return NULL;
> -
> - return inode->i_security + bpf_lsm_blob_sizes.lbs_inode;
> -}
> -
> -extern const struct bpf_func_proto bpf_inode_storage_get_proto;
> -extern const struct bpf_func_proto bpf_inode_storage_delete_proto;
> -void bpf_inode_storage_free(struct inode *inode);
> -
> void bpf_lsm_find_cgroup_shim(const struct bpf_prog *prog, bpf_func_t *bpf_func);
>
> int bpf_lsm_get_retval_range(const struct bpf_prog *prog,
> @@ -66,16 +47,6 @@ static inline int bpf_lsm_verify_prog(struct bpf_verifier_log *vlog,
> return -EOPNOTSUPP;
> }
>
> -static inline struct bpf_storage_blob *bpf_inode(
> - const struct inode *inode)
> -{
> - return NULL;
> -}
> -
> -static inline void bpf_inode_storage_free(struct inode *inode)
> -{
> -}
> -
> static inline void bpf_lsm_find_cgroup_shim(const struct bpf_prog *prog,
> bpf_func_t *bpf_func)
> {
> diff --git a/include/linux/fs.h b/include/linux/fs.h
> index 3559446279c1..479097e4dd5b 100644
> --- a/include/linux/fs.h
> +++ b/include/linux/fs.h
> @@ -79,6 +79,7 @@ struct fs_context;
> struct fs_parameter_spec;
> struct fileattr;
> struct iomap_ops;
> +struct bpf_local_storage;
>
> extern void __init inode_init(void);
> extern void __init inode_init_early(void);
> @@ -648,6 +649,9 @@ struct inode {
> #ifdef CONFIG_SECURITY
> void *i_security;
> #endif
> +#ifdef CONFIG_BPF_SYSCALL
> + struct bpf_local_storage __rcu *i_bpf_storage;
> +#endif
Sorry, we're not growing struct inode for this. It just keeps getting
bigger. Last cycle we freed up 8 bytes to shrink it and we're not going
to waste them on special-purpose stuff. We already NAKed someone else's
pet field here.
next prev parent reply other threads:[~2024-11-13 10:19 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-12 8:25 [PATCH bpf-next 0/4] Make inode storage available to tracing prog Song Liu
2024-11-12 8:25 ` [PATCH bpf-next 1/4] bpf: lsm: Remove hook to bpf_task_storage_free Song Liu
2024-11-12 8:25 ` [PATCH bpf-next 2/4] bpf: Make bpf inode storage available to tracing program Song Liu
2024-11-13 10:19 ` Christian Brauner [this message]
2024-11-13 14:15 ` Song Liu
2024-11-13 18:29 ` Casey Schaufler
2024-11-13 19:00 ` Song Liu
2024-11-21 9:04 ` Christian Brauner
2024-11-14 21:11 ` Song Liu
2024-11-15 11:19 ` Jan Kara
2024-11-15 17:35 ` Song Liu
2024-11-19 14:21 ` Jeff Layton
2024-11-19 15:25 ` Amir Goldstein
2024-11-19 15:30 ` Amir Goldstein
2024-11-19 21:53 ` Song Liu
2024-11-20 9:19 ` Amir Goldstein
2024-11-20 9:28 ` Christian Brauner
2024-11-20 11:19 ` Amir Goldstein
2024-11-21 8:43 ` Christian Brauner
2024-11-21 13:48 ` Jeff Layton
2024-11-21 8:08 ` Song Liu
2024-11-21 9:14 ` Christian Brauner
2024-11-23 0:08 ` Alexei Starovoitov
2024-11-12 8:25 ` [PATCH bpf-next 3/4] bpf: Add recursion avoid logic for inode storage Song Liu
2024-11-12 8:25 ` [PATCH bpf-next 3/4] bpf: Add recursion prevention " Song Liu
2024-11-12 8:25 ` [PATCH bpf-next 4/4] selftest/bpf: Add test for inode local storage recursion Song Liu
2024-11-12 8:26 ` [PATCH bpf-next 4/4] selftest/bpf: Test inode local storage recursion prevention Song Liu
2024-11-12 8:35 ` [PATCH bpf-next 0/4] Make inode storage available to tracing prog Song Liu
2024-11-12 18:09 ` Casey Schaufler
2024-11-12 18:44 ` Song Liu
2024-11-13 1:10 ` Casey Schaufler
2024-11-13 1:37 ` Song Liu
2024-11-13 18:06 ` Casey Schaufler
2024-11-13 18:57 ` Song Liu
2024-11-14 16:36 ` Dr. Greg
2024-11-14 17:29 ` Casey Schaufler
2024-11-14 18:08 ` Song Liu
2024-11-14 21:49 ` James Bottomley
2024-11-14 22:30 ` Song Liu
2024-11-17 22:59 ` Song Liu
2024-11-19 12:27 ` Dr. Greg
2024-11-19 18:14 ` Casey Schaufler
2024-11-19 22:35 ` Song Liu
2024-11-20 16:54 ` Dr. Greg
2024-11-21 8:28 ` Song Liu
2024-11-21 16:02 ` Dr. Greg
2024-11-21 18:11 ` Casey Schaufler
2024-11-23 17:01 ` Dr. Greg
2024-11-25 20:49 ` Casey Schaufler
2024-11-21 17:47 ` Casey Schaufler
2024-11-21 18:28 ` Song Liu
2024-11-23 19:11 ` Paul Moore
2024-11-14 17:51 ` Song Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241113-sensation-morgen-852f49484fd8@brauner \
--to=brauner@kernel.org \
--cc=amir73il@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=gnoack@google.com \
--cc=jack@suse.cz \
--cc=jlayton@kernel.org \
--cc=josef@toxicpanda.com \
--cc=kernel-team@meta.com \
--cc=kpsingh@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=mattbobrowski@google.com \
--cc=mic@digikod.net \
--cc=repnop@google.com \
--cc=song@kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox