From: Joel Fernandes <joel@joelfernandes.org>
To: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: Lorenzo Colitti <lorenzo@google.com>,
Chenbo Feng <fengc@google.com>,
dancol@google.com, mathieu.desnoyers@efficios.com,
Joel Fernandes <joelaf@google.com>,
Alexei Starovoitov <ast@fb.com>,
lkml <linux-kernel@vger.kernel.org>,
Tim Murray <timmurray@google.com>,
Daniel Borkmann <daniel@iogearbox.net>,
netdev@vger.kernel.org
Subject: Re: [RFC] Add BPF_SYNCHRONIZE bpf(2) command
Date: Sat, 14 Jul 2018 11:18:15 -0700 [thread overview]
Message-ID: <20180714181815.GA199777@joelaf.mtv.corp.google.com> (raw)
In-Reply-To: <20180711034017.o2ehf27tv5hpl3td@ast-mbp.dhcp.thefacebook.com>
On Tue, Jul 10, 2018 at 08:40:19PM -0700, Alexei Starovoitov wrote:
[..]
> > The kernel program might do:
> >
> > =====
> > const int current_map_key = 1;
> > void *current_map = bpf_map_lookup_elem(outer_map, ¤t_map_key);
> >
> > int stats_key = 42;
> > uint64_t *stats_value = bpf_map_lookup_elem(current_map, &stats_key);
> > __sync_fetch_and_add(&stats_value, 1);
> > =====
> >
> > If a userspace does:
> >
> > 1. Write new fd to outer_map[1].
> > 2. Call BPF_SYNC_MAP_ACCESS.
> > 3. Start deleting everything in the old map.
> >
> > How can we guarantee that the __sync_fetch_and_add will not add to the
> > old map?
>
> without any changes to the kernel sys_membarrier will work.
> And that's what folks use already.
> BPF_SYNC_MAP_ACCESS implemented via synchronize_rcu() will work
> as well whether in the current implementation where rcu_lock/unlock
> is done outside of the program and in the future when
> rcu_lock/unlock are called by the program itself.
Cool Alexei and Lorenzo, sounds great to me. Daniel want to send a follow up
patch with BPF_SYNC_MAP_ACCESS changes then?
> > Will the verifier automatically
> > hold the RCU lock for as long as a pointer to an inner map is valid?
>
> the verifier will guarantee the equivalency of future explicit
> lock/unlock by the program vs current situation of implicit
> lock/unlock by the kernel.
> The verifier will track that bpf_map_lookup_elem() is done
> after rcu_lock and that the value returned by this helper is
> not accessed after rcu_unlock. Baby steps of dataflow analysis.
Nice!
By the way just curious I was briefly going through kernel/bpf/arraymap.c.
How are you protecting against load-store tearing of values of array map
updates/lookups?
For example, if userspace reads an array map at a particular index, while
another CPU is updating it, then userspace can read partial values /
half-updated values right? Since rcu_read_lock is in use, I was hoping to
find something like rcu_assign_pointer there to protect readers against
concurrent updates. Thanks for any clarification.
Regards,
- Joel
next prev parent reply other threads:[~2018-07-14 18:18 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-07 1:56 [RFC] Add BPF_SYNCHRONIZE bpf(2) command Daniel Colascione
2018-07-07 2:54 ` Alexei Starovoitov
2018-07-07 3:22 ` Daniel Colascione
2018-07-07 20:33 ` Joel Fernandes
2018-07-08 20:54 ` Mathieu Desnoyers
2018-07-09 21:09 ` Alexei Starovoitov
2018-07-09 21:35 ` Mathieu Desnoyers
2018-07-09 22:19 ` Paul E. McKenney
2018-07-09 22:19 ` Alexei Starovoitov
2018-07-09 22:48 ` Paul E. McKenney
2018-07-09 21:36 ` Daniel Colascione
2018-07-09 22:10 ` Alexei Starovoitov
2018-07-09 22:21 ` Daniel Colascione
2018-07-09 22:34 ` Alexei Starovoitov
2018-07-10 5:25 ` Chenbo Feng
2018-07-10 23:52 ` Alexei Starovoitov
2018-07-11 2:46 ` Lorenzo Colitti
2018-07-11 3:40 ` Alexei Starovoitov
2018-07-14 18:18 ` Joel Fernandes [this message]
2018-07-16 15:29 ` Daniel Colascione
2018-07-16 20:23 ` Joel Fernandes
2018-07-26 16:51 ` [PATCH v2] Add BPF_SYNCHRONIZE_MAPS " Daniel Colascione
2018-07-10 5:13 ` [RFC] Add BPF_SYNCHRONIZE " Joel Fernandes
2018-07-10 16:42 ` Paul E. McKenney
2018-07-10 16:57 ` Joel Fernandes
2018-07-10 17:12 ` Paul E. McKenney
2018-07-10 17:29 ` Joel Fernandes
2018-07-10 17:42 ` Paul E. McKenney
-- strict thread matches above, loose matches on Subject: below --
2018-07-29 15:57 Alexei Starovoitov
2018-07-30 22:26 ` Joel Fernandes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180714181815.GA199777@joelaf.mtv.corp.google.com \
--to=joel@joelfernandes.org \
--cc=alexei.starovoitov@gmail.com \
--cc=ast@fb.com \
--cc=dancol@google.com \
--cc=daniel@iogearbox.net \
--cc=fengc@google.com \
--cc=joelaf@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lorenzo@google.com \
--cc=mathieu.desnoyers@efficios.com \
--cc=netdev@vger.kernel.org \
--cc=timmurray@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox