From: Martin KaFai Lau <martin.lau@linux.dev>
To: Amery Hung <ameryhung@gmail.com>
Cc: netdev@vger.kernel.org, alexei.starovoitov@gmail.com,
andrii@kernel.org, daniel@iogearbox.net, tj@kernel.org,
martin.lau@kernel.org, kernel-team@meta.com, bpf@vger.kernel.org
Subject: Re: [PATCH bpf-next v5 3/7] bpf: Pin associated struct_ops when registering async callback
Date: Wed, 5 Nov 2025 18:13:39 -0800 [thread overview]
Message-ID: <0a3c4937-e4fd-49b6-a48c-88a4aa83e8a1@linux.dev> (raw)
In-Reply-To: <20251104172652.1746988-4-ameryhung@gmail.com>
On 11/4/25 9:26 AM, Amery Hung wrote:
> Take a refcount of the associated struct_ops map to prevent the map from
> being freed when an async callback scheduled from a struct_ops program
> runs.
>
> Since struct_ops programs do not take refcounts on the struct_ops map,
> it is possible for a struct_ops map to be freed when an async callback
> scheduled from it runs. To prevent this, take a refcount on prog->aux->
> st_ops_assoc and save it in a newly created struct bpf_async_res for
> every async mechanism. The reference needs to be preserved in
> bpf_async_res since prog->aux->st_ops_assoc can be poisoned anytime
> and reference leak could happen.
>
> bpf_async_res will contain a async callback's BPF program and resources
> related to the BPF program. The resources will be acquired when
> registering a callback and released when cancelled or when the map
> associated with the callback is freed.
>
> Also rename drop_prog_refcnt to bpf_async_cb_reset to better reflect
> what it now does.
>
[ ... ]
> +static int bpf_async_res_get(struct bpf_async_res *res, struct bpf_prog *prog)
> +{
> + struct bpf_map *st_ops_assoc = NULL;
> + int err;
> +
> + prog = bpf_prog_inc_not_zero(prog);
> + if (IS_ERR(prog))
> + return PTR_ERR(prog);
> +
> + st_ops_assoc = READ_ONCE(prog->aux->st_ops_assoc);
> + if (prog->type == BPF_PROG_TYPE_STRUCT_OPS &&
> + st_ops_assoc && st_ops_assoc != BPF_PTR_POISON) {
> + st_ops_assoc = bpf_map_inc_not_zero(st_ops_assoc);
The READ_ONCE and inc_not_zero is an unusual combo. Should it be
rcu_dereference and prog->aux->st_ops_assoc should be "__rcu" tagged?
If prog->aux->st_ops_assoc is protected by rcu, can the user (kfunc?)
uses the prog->aux->st_ops_assoc depending on the rcu grace period alone
without bpf_map_inc_not_zero? Does it matter if prog->aux->st_ops_assoc
is changed? but this patch does not seem to consider the changing case also.
next prev parent reply other threads:[~2025-11-06 2:13 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-04 17:26 [PATCH bpf-next v5 0/7] Support associating BPF programs with struct_ops Amery Hung
2025-11-04 17:26 ` [PATCH bpf-next v5 1/7] bpf: Allow verifier to fixup kernel module kfuncs Amery Hung
2025-11-04 17:26 ` [PATCH bpf-next v5 2/7] bpf: Support associating BPF program with struct_ops Amery Hung
2025-11-04 17:54 ` bot+bpf-ci
2025-11-04 18:03 ` Amery Hung
2025-11-04 21:59 ` Song Liu
2025-11-04 23:26 ` Amery Hung
2025-11-04 22:47 ` Andrii Nakryiko
2025-11-04 23:27 ` Amery Hung
2025-11-06 0:57 ` Martin KaFai Lau
2025-11-06 1:01 ` Amery Hung
2025-11-06 2:17 ` Martin KaFai Lau
2025-11-04 17:26 ` [PATCH bpf-next v5 3/7] bpf: Pin associated struct_ops when registering async callback Amery Hung
2025-11-04 18:03 ` bot+bpf-ci
2025-11-04 18:10 ` Amery Hung
2025-11-04 23:20 ` Andrii Nakryiko
2025-11-05 23:03 ` Amery Hung
2025-11-06 16:54 ` Andrii Nakryiko
2025-11-06 2:13 ` Martin KaFai Lau [this message]
2025-11-06 17:57 ` Amery Hung
2025-11-06 19:37 ` Martin KaFai Lau
2025-11-04 17:26 ` [PATCH bpf-next v5 4/7] libbpf: Add support for associating BPF program with struct_ops Amery Hung
2025-11-04 17:54 ` bot+bpf-ci
2025-11-04 23:27 ` Andrii Nakryiko
2025-11-04 23:26 ` Andrii Nakryiko
2025-11-04 23:39 ` Amery Hung
2025-11-05 0:46 ` Andrii Nakryiko
2025-11-04 17:26 ` [PATCH bpf-next v5 5/7] selftests/bpf: Test BPF_PROG_ASSOC_STRUCT_OPS command Amery Hung
2025-11-04 17:26 ` [PATCH bpf-next v5 6/7] selftests/bpf: Test ambiguous associated struct_ops Amery Hung
2025-11-04 17:26 ` [PATCH bpf-next v5 7/7] selftests/bpf: Test getting associated struct_ops in timer callback Amery Hung
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0a3c4937-e4fd-49b6-a48c-88a4aa83e8a1@linux.dev \
--to=martin.lau@linux.dev \
--cc=alexei.starovoitov@gmail.com \
--cc=ameryhung@gmail.com \
--cc=andrii@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=kernel-team@meta.com \
--cc=martin.lau@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).