From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.6 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1C622C2D0A3 for ; Wed, 4 Nov 2020 01:57:47 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id ABA302242F for ; Wed, 4 Nov 2020 01:57:46 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="msRt8Rv5" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730116AbgKDB5q (ORCPT ); Tue, 3 Nov 2020 20:57:46 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41870 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730071AbgKDB5q (ORCPT ); Tue, 3 Nov 2020 20:57:46 -0500 Received: from mail-lj1-x242.google.com (mail-lj1-x242.google.com [IPv6:2a00:1450:4864:20::242]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9E6C3C061A4D; Tue, 3 Nov 2020 17:57:45 -0800 (PST) Received: by mail-lj1-x242.google.com with SMTP id l10so238661lji.4; Tue, 03 Nov 2020 17:57:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=F5jcjQaGi9sDna2HftC//RF9cUNuvGHsOZ4Yn5JzhrA=; b=msRt8Rv5H0OSJElnwji6OYcXPCHNTVrPSY9VG5QXKMFi12NPCEPiIQok9Dcrhd6hnm AlZaIQ3DVqqr2T2uODSEJOCv34l6gunGaZSS9PERo7dXR0S1IQvHklIpmhoE4PA5nrjh yYKR4dMw1p8cMqlEZxVdmUm4nTUTR2OFvax28Zf9lcbA2YvgvFA8Dx0aR5nbEf8W31r6 NSeB7QxPHT8GvrOM19utptFiVsLmZZcVhEDr+aeCah3JcUJGrSuwSgH6iQcfCldiSONL QYgUMsdzke+FdIWY+uRXxQ+njX3ypWSZgfRku3wHpZUZmNc08NqUxZRqRcnx6G6fFt/Z t5Xg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=F5jcjQaGi9sDna2HftC//RF9cUNuvGHsOZ4Yn5JzhrA=; b=q+/YJLyq71Hmnl3iQyTle8jKj5yQG8sAarpqkvTZt39Fb5Tax4hfCVyu0d7P1HgQ1c nZqgKSksA40IETLfiOKuylP59bg4dM5kllOVKhycfYFO+5p6pQpN/DDiZf6r/FVlfryH hQYulPdANyY/xhHWgSOsxaa4WwkPQnTVEb441GzIy8QLxv9dcvIcYodeC/LX+77UltVh VXPU/01kNRPCdBv+88kIeEitv7J9SijzYnQJY1pERQB6wgw3RJu/EHMCiZm39DKRZyav kM6jQs7PL7JDX3WC2ZJV5udMBgnsbH4oneTyiYjAQoUMU7MZ07VG9G1DiBiOjOuH8AWM b1xQ== X-Gm-Message-State: AOAM532XEfg4KbyuFc3ps3odLsFke8mdAAmddjJiUte8Syuy0aKkes0U nMoIngWgD2Y7pEgnMNR6NKbcKJs7Y+h6f1XSICw= X-Google-Smtp-Source: ABdhPJxW9COrxAXTbtuLIj1giI+YuksxBPvWmo25mxHGIDSkOZz0B2RxtTKfZrn2z1/vFgvVgbJsabELEWA2rG8eTO0= X-Received: by 2002:a2e:b4ba:: with SMTP id q26mr10389163ljm.121.1604455064122; Tue, 03 Nov 2020 17:57:44 -0800 (PST) MIME-Version: 1.0 References: <20201103153132.2717326-1-kpsingh@chromium.org> <20201103153132.2717326-8-kpsingh@chromium.org> <20201103184714.iukuqfw2byls3s4k@ast-mbp.dhcp.thefacebook.com> In-Reply-To: From: Alexei Starovoitov Date: Tue, 3 Nov 2020 17:57:32 -0800 Message-ID: Subject: Re: [PATCH bpf-next v2 7/8] bpf: Add tests for task_local_storage To: KP Singh Cc: open list , bpf , Alexei Starovoitov , Daniel Borkmann , Martin KaFai Lau , Song Liu , Paul Turner , Jann Horn , Hao Luo Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org On Tue, Nov 3, 2020 at 5:55 PM KP Singh wrote: > > [...] > > > > > > > I saw the docs mention that these are not exposed to tracing programs due to > > > insufficient preemption checks. Do you think it would be okay to allow them > > > for LSM programs? > > > > hmm. Isn't it allowed already? > > The verifier does: > > if ((is_tracing_prog_type(prog_type) || > > prog_type == BPF_PROG_TYPE_SOCKET_FILTER) && > > map_value_has_spin_lock(map)) { > > verbose(env, "tracing progs cannot use bpf_spin_lock yet\n"); > > return -EINVAL; > > } > > > > BPF_PROG_TYPE_LSM is not in this list. > > The verifier does not have any problem, it's just that the helpers are not > exposed to LSM programs via bpf_lsm_func_proto. > > So all we need is: > > diff --git a/kernel/bpf/bpf_lsm.c b/kernel/bpf/bpf_lsm.c > index 61f8cc52fd5b..93383df2140b 100644 > --- a/kernel/bpf/bpf_lsm.c > +++ b/kernel/bpf/bpf_lsm.c > @@ -63,6 +63,10 @@ bpf_lsm_func_proto(enum bpf_func_id func_id, const > struct bpf_prog *prog) > return &bpf_task_storage_get_proto; > case BPF_FUNC_task_storage_delete: > return &bpf_task_storage_delete_proto; > + case BPF_FUNC_spin_lock: > + return &bpf_spin_lock_proto; > + case BPF_FUNC_spin_unlock: > + return &bpf_spin_unlock_proto; Ahh. Yes. That should do it. Right now I don't see concerns with safety of the bpf_spin_lock in bpf_lsm progs.