From: Alexei Starovoitov <alexei.starovoitov@gmail.com>
To: Hao Luo <haoluo@google.com>
Cc: Alexei Starovoitov <ast@kernel.org>,
Andrii Nakryiko <andrii@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Martin KaFai Lau <kafai@fb.com>, Song Liu <songliubraving@fb.com>,
Yonghong Song <yhs@fb.com>, KP Singh <kpsingh@kernel.org>,
Shakeel Butt <shakeelb@google.com>,
Joe Burton <jevburton.kernel@gmail.com>,
Tejun Heo <tj@kernel.org>, Josh Don <joshdon@google.com>,
Stanislav Fomichev <sdf@google.com>, bpf <bpf@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH bpf-next v1 4/9] bpf: Introduce sleepable tracepoints
Date: Thu, 3 Mar 2022 11:59:19 -0800 [thread overview]
Message-ID: <CAADnVQJO2z2_ZO24zdAiSmoSMuhM4oeRcvAkxXiOy7ZV=R2frA@mail.gmail.com> (raw)
In-Reply-To: <CA+khW7iRP8b69usnAy_j4hrYE-U0hC4Rv65K5m4wuP5ArnWsEQ@mail.gmail.com>
On Thu, Mar 3, 2022 at 11:37 AM Hao Luo <haoluo@google.com> wrote:
>
> On Wed, Mar 2, 2022 at 11:41 AM Alexei Starovoitov
> <alexei.starovoitov@gmail.com> wrote:
> >
> > On Fri, Feb 25, 2022 at 03:43:34PM -0800, Hao Luo wrote:
> > > diff --git a/include/linux/tracepoint-defs.h b/include/linux/tracepoint-defs.h
> > > index e7c2276be33e..c73c7ab3680e 100644
> > > --- a/include/linux/tracepoint-defs.h
> > > +++ b/include/linux/tracepoint-defs.h
> > > @@ -51,6 +51,7 @@ struct bpf_raw_event_map {
> > > void *bpf_func;
> > > u32 num_args;
> > > u32 writable_size;
> > > + u32 sleepable;
> >
> > It increases the size for all tracepoints.
> > See BPF_RAW_TP in include/asm-generic/vmlinux.lds.h
> > Please switch writeable_size and sleepable to u16.
>
> No problem.
>
> > >
> > > -static const struct bpf_func_proto *
> > > -syscall_prog_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
> > > +/* Syscall helpers that are also allowed in sleepable tracing prog. */
> > > +const struct bpf_func_proto *
> > > +tracing_prog_syscall_func_proto(enum bpf_func_id func_id,
> > > + const struct bpf_prog *prog)
> > > {
> > > switch (func_id) {
> > > case BPF_FUNC_sys_bpf:
> > > return &bpf_sys_bpf_proto;
> > > - case BPF_FUNC_btf_find_by_name_kind:
> > > - return &bpf_btf_find_by_name_kind_proto;
> > > case BPF_FUNC_sys_close:
> > > return &bpf_sys_close_proto;
> > > - case BPF_FUNC_kallsyms_lookup_name:
> > > - return &bpf_kallsyms_lookup_name_proto;
> > > case BPF_FUNC_mkdir:
> > > return &bpf_mkdir_proto;
> > > case BPF_FUNC_rmdir:
> > > return &bpf_rmdir_proto;
> > > case BPF_FUNC_unlink:
> > > return &bpf_unlink_proto;
> > > + default:
> > > + return NULL;
> > > + }
> > > +}
> >
> > If I read this correctly the goal is to disallow find_by_name_kind
> > and lookup_name from sleepable tps. Why? What's the harm?
>
> A couple of thoughts, please correct me if they don't make sense. I
> may think too much.
>
> 1. The very first reason is, I don't know the use case of them in
> tracing. So I think I can leave them right now and add them later if
> the maintainers want them.
>
> 2. A related question is, do we actually want all syscall helpers to
> be in sleepable tracing? Some helpers may cause re-entering the
> tracepoints. For a hypothetical example, if we call mkdir while
> tracing some tracepoints in vfs_mkdir. Do we have protection for this?
If we go with noinline weak nop function approach then we will
get recursion protection for free. All trampoline powered progs have it.
Both sleepable and not.
> Another potential problem is about lookup_name in particular,
> sleepable_tracing could be triggered by any user, will lookup_name
> leak kernel addresses to users in some way? The filesystem helpers
> have some basic perm checks, I would think it's relatively safer.
The tracepoint may be triggerable by any user, but the sleepable
tp bpf prog will be loaded with cap_perfmon permissions, so it has
the rights to read anything.
So I don't see any concerns with enabling lookup_name to both
syscall bpf prog and tp progs.
next prev parent reply other threads:[~2022-03-03 19:59 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-25 23:43 [PATCH bpf-next v1 0/9] Extend cgroup interface with bpf Hao Luo
2022-02-25 23:43 ` [PATCH bpf-next v1 1/9] bpf: Add mkdir, rmdir, unlink syscalls for prog_bpf_syscall Hao Luo
2022-02-27 5:18 ` Kumar Kartikeya Dwivedi
2022-02-28 22:10 ` Hao Luo
2022-03-02 19:34 ` Alexei Starovoitov
2022-03-03 18:50 ` Hao Luo
2022-03-04 18:37 ` Hao Luo
2022-03-05 23:47 ` Alexei Starovoitov
2022-03-08 21:08 ` Hao Luo
2022-03-02 20:55 ` Yonghong Song
2022-03-03 18:56 ` Hao Luo
2022-03-03 19:13 ` Yonghong Song
2022-03-03 19:15 ` Hao Luo
2022-03-12 3:46 ` Al Viro
2022-03-14 17:07 ` Hao Luo
2022-03-14 23:10 ` Al Viro
2022-03-15 17:27 ` Hao Luo
2022-03-15 18:59 ` Alexei Starovoitov
2022-03-15 19:03 ` Alexei Starovoitov
2022-03-15 19:00 ` Al Viro
2022-03-15 19:47 ` Hao Luo
2022-02-25 23:43 ` [PATCH bpf-next v1 2/9] bpf: Add BPF_OBJ_PIN and BPF_OBJ_GET in the bpf_sys_bpf helper Hao Luo
2022-02-25 23:43 ` [PATCH bpf-next v1 3/9] selftests/bpf: tests mkdir, rmdir, unlink and pin in syscall Hao Luo
2022-02-25 23:43 ` [PATCH bpf-next v1 4/9] bpf: Introduce sleepable tracepoints Hao Luo
2022-03-02 19:41 ` Alexei Starovoitov
2022-03-03 19:37 ` Hao Luo
2022-03-03 19:59 ` Alexei Starovoitov [this message]
2022-03-02 21:23 ` Yonghong Song
2022-03-02 21:30 ` Alexei Starovoitov
2022-03-03 1:08 ` Yonghong Song
2022-03-03 2:29 ` Alexei Starovoitov
2022-03-03 19:43 ` Hao Luo
2022-03-03 20:02 ` Alexei Starovoitov
2022-03-03 20:04 ` Alexei Starovoitov
2022-03-03 22:06 ` Hao Luo
2022-02-25 23:43 ` [PATCH bpf-next v1 5/9] cgroup: Sleepable cgroup tracepoints Hao Luo
2022-02-25 23:43 ` [PATCH bpf-next v1 6/9] libbpf: Add sleepable tp_btf Hao Luo
2022-02-25 23:43 ` [PATCH bpf-next v1 7/9] bpf: Lift permission check in __sys_bpf when called from kernel Hao Luo
2022-03-02 20:01 ` Alexei Starovoitov
2022-03-03 19:14 ` Hao Luo
2022-02-25 23:43 ` [PATCH bpf-next v1 8/9] bpf: Introduce cgroup iter Hao Luo
2022-02-26 2:32 ` kernel test robot
2022-02-26 2:32 ` kernel test robot
2022-02-26 2:53 ` kernel test robot
2022-03-02 21:59 ` Yonghong Song
2022-03-03 20:02 ` Hao Luo
2022-03-02 22:45 ` Kumar Kartikeya Dwivedi
2022-03-03 2:03 ` Yonghong Song
2022-03-03 3:03 ` Kumar Kartikeya Dwivedi
2022-03-03 4:00 ` Alexei Starovoitov
2022-03-03 7:33 ` Yonghong Song
2022-03-03 8:13 ` Kumar Kartikeya Dwivedi
2022-03-03 21:52 ` Hao Luo
2022-02-25 23:43 ` [PATCH bpf-next v1 9/9] selftests/bpf: Tests using sleepable tracepoints to monitor cgroup events Hao Luo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAADnVQJO2z2_ZO24zdAiSmoSMuhM4oeRcvAkxXiOy7ZV=R2frA@mail.gmail.com' \
--to=alexei.starovoitov@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=haoluo@google.com \
--cc=jevburton.kernel@gmail.com \
--cc=joshdon@google.com \
--cc=kafai@fb.com \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sdf@google.com \
--cc=shakeelb@google.com \
--cc=songliubraving@fb.com \
--cc=tj@kernel.org \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).