Received: by 2002:a25:ef43:0:0:0:0:0 with SMTP id w3csp431962ybm; Tue, 26 May 2020 22:05:50 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzjro+cqw8zHubWrF1TODjL42dE4llXPJxG/GI+Ib9PZPiW8tgdQd+bXXKYHebxjk0jorVo X-Received: by 2002:a17:906:704c:: with SMTP id r12mr4119714ejj.308.1590555949986; Tue, 26 May 2020 22:05:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590555949; cv=none; d=google.com; s=arc-20160816; b=eUdH6q4opK34ngxMwK11FmaNlPuJJaoUcNg2lT49/rm4r6XNdO5uYj9OdSHKRoEvc5 8Oi21klHP1LQ15m1uZQ7xzIfytmSmTmrKGDWG6CvFaICiUlWXveByIsjh6oN31/Wggg9 OgQfkFstdtKQDZRQmRMbQAWuI03p8PCsdL8IYLsrj3EqNrZA7sIXaabU/xVwzr2cesKh XF0OidFztoU5Iajk7MF+wWi21zZWhvbJ4CPOGZxgQnAfBib+AlmYIdHR3pZ6uQC4eR5H uryPQSV6vTlpp69+AhzyllqSoD6jedyTH5xQhochj4nrKz+mujRyElAL81OvWj/eCemo wqcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:date:from :dkim-signature; bh=ipUdTLnpQOIojrMyR3JyiZnfjmcjJ5S3+vvLX0u1WTg=; b=MR3Av2Cta5rwdQwoSCdzlLjE+UMHxx/0EeXuZesp5TP6teJbml47ZQOAejJW8cIkCB 6vw+5eB50GSLqlnoVGAL1sI1dQ4bzV8eiBv7bmN1IiNrNTjsAvWEBFdg9WwI1j7SgWGW HdcUYcsIEp/EBbXZHx5fF1lEgR0ZVzjCxgwyl1ZkOzMUyHIQw9nHjJaP71NESE6B467H 6gR5ZOyAPLHgbzjJOZ2ffXOdJoY/iBxLPooH3HK0t5GhJslQooi/RGC/tGoAEgGgqFLo EPWI5hA+QvLCn+TeS7SQo77G3TlFKc9QCSxtXVkHOhgarajX7ScVyxqSpL/U/IPr6rjx QZMw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=DOuH2kP2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i17si91138ejd.416.2020.05.26.22.05.26; Tue, 26 May 2020 22:05:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=DOuH2kP2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726788AbgE0CLP (ORCPT + 99 others); Tue, 26 May 2020 22:11:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43208 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726222AbgE0CLP (ORCPT ); Tue, 26 May 2020 22:11:15 -0400 Received: from mail-wm1-x342.google.com (mail-wm1-x342.google.com [IPv6:2a00:1450:4864:20::342]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D2BDAC03E979 for ; Tue, 26 May 2020 19:11:14 -0700 (PDT) Received: by mail-wm1-x342.google.com with SMTP id f5so1524101wmh.2 for ; Tue, 26 May 2020 19:11:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:date:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=ipUdTLnpQOIojrMyR3JyiZnfjmcjJ5S3+vvLX0u1WTg=; b=DOuH2kP2aeGP1W4uOzhBKrSoSzufsBnclYFQQFHRS9g2gBz9ORHxXyrcJmDgHCI+nd lKZR3CxT8/SFUPl/0RSlQZoTAvQ2VoBGw5IJ03AscxowpPHOX45qQPtC3m1xh2vs5nBb StR23Z28+tzSznWdX5y5wF+aiDvT1LQNmvQB4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:date:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=ipUdTLnpQOIojrMyR3JyiZnfjmcjJ5S3+vvLX0u1WTg=; b=IS/oOFrvHPpNtNXCWJB3mDEANoSRXeOqQ4hgBUX4FwpJJgv9fURaph1ONz6RSYp546 TLq8b5B82AhRJbW+BKXe/qy4Yu+rWysp+a7q9sGEOY/jS+suMrxkV/KQzaQTFihyqBGd VjdVJWTWyzrVGvtncPZ0RPH5t6+JXQM5SNHXPEzJ//DjkxRrf9ccuY1UHfcPbsOXEEuF KqgAkc1mdFeNwKLRZGI9+XZ8KadeqhLpPNmxODTKKMLHdpCOEifarFjq+yEkYNen75sj NGPLCLpF8U/MjoRGVdi7NrEOTekDGiJQzd8AVv+9Exd+ASvy3G0KypoQhibHfz3sgUHC Q0eQ== X-Gm-Message-State: AOAM5304mfDQk/Jrfkzmj87T6s/sNmDX9MXMfnxMrFNJ5wVBx0jzTEGI AoPe8y69Ec6ZLPnTSeQyPFvAGg== X-Received: by 2002:a1c:117:: with SMTP id 23mr1993725wmb.90.1590545473423; Tue, 26 May 2020 19:11:13 -0700 (PDT) Received: from google.com ([81.6.44.51]) by smtp.gmail.com with ESMTPSA id l19sm1259285wmj.14.2020.05.26.19.11.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 May 2020 19:11:12 -0700 (PDT) From: KP Singh X-Google-Original-From: KP Singh Date: Wed, 27 May 2020 04:11:11 +0200 To: Alexei Starovoitov Cc: KP Singh , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, bpf@vger.kernel.org, linux-security-module@vger.kernel.org, Alexei Starovoitov , Daniel Borkmann , James Morris , Alexander Viro , Martin KaFai Lau , Jann Horn , Florent Revest Subject: Re: [PATCH bpf-next 2/4] bpf: Implement bpf_local_storage for inodes Message-ID: <20200527021111.GA197666@google.com> References: <20200526163336.63653-1-kpsingh@chromium.org> <20200526163336.63653-3-kpsingh@chromium.org> <20200527004902.lo6c2efv5vix5nqq@ast-mbp.dhcp.thefacebook.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200527004902.lo6c2efv5vix5nqq@ast-mbp.dhcp.thefacebook.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Thanks for taking a look! On 26-May 17:49, Alexei Starovoitov wrote: > On Tue, May 26, 2020 at 06:33:34PM +0200, KP Singh wrote: > > > > +static struct bpf_local_storage_data *inode_storage_update( > > + struct inode *inode, struct bpf_map *map, void *value, u64 map_flags) > > +{ > > + struct bpf_local_storage_data *old_sdata = NULL; > > + struct bpf_local_storage_elem *selem; > > + struct bpf_local_storage *local_storage; > > + struct bpf_local_storage_map *smap; > > + int err; > > + > > + err = check_update_flags(map, map_flags); > > + if (err) > > + return ERR_PTR(err); > > + > > + smap = (struct bpf_local_storage_map *)map; > > + local_storage = rcu_dereference(inode->inode_bpf_storage); > > + > > + if (!local_storage || hlist_empty(&local_storage->list)) { > > + /* Very first elem for this inode */ > > + err = check_flags(NULL, map_flags); > > + if (err) > > + return ERR_PTR(err); > > + > > + selem = selem_alloc(smap, value); > > + if (!selem) > > + return ERR_PTR(-ENOMEM); > > + > > + err = inode_storage_alloc(inode, smap, selem); > > inode_storage_update looks like big copy-paste except above one line. > pls consolidate. Sure. > > > +BPF_CALL_4(bpf_inode_storage_get, struct bpf_map *, map, struct inode *, inode, > > + void *, value, u64, flags) > > +{ > > + struct bpf_local_storage_data *sdata; > > + > > + if (flags > BPF_LOCAL_STORAGE_GET_F_CREATE) > > + return (unsigned long)NULL; > > + > > + sdata = inode_storage_lookup(inode, map, true); > > + if (sdata) > > + return (unsigned long)sdata->data; > > + > > + if (flags == BPF_LOCAL_STORAGE_GET_F_CREATE && > > + atomic_inc_not_zero(&inode->i_count)) { > > + sdata = inode_storage_update(inode, map, value, BPF_NOEXIST); > > + iput(inode); > > + return IS_ERR(sdata) ? > > + (unsigned long)NULL : (unsigned long)sdata->data; > > + } > > This is wrong. You cannot just copy paste the refcounting logic > from bpf_sk_storage_get(). sk->sk_refcnt is very different from inode->i_count. > To start, the inode->i_count cannot be incremented without lock. Good catch! Agreed, Jann pointed out that this can lead to bugs similar to https://crbug.com/project-zero/2015. > If you really need to do it you need igrab(). > Secondly, the iput() is not possible to call from bpf prog yet, since > progs are not sleepable and iput() may call iput_final() which may sleep. Agreed, I will send a separate patch to add a might_sleep call to iput() which currently only has a "Consequently, iput() can sleep." warning in the comments so that this can be caught by CONFIG_DEBUG_ATOMIC_SLEEP. > But considering that only lsm progs from lsm hooks will call bpf_inode_storage_get() > the inode is not going to disappear while this function is running. If the inode pointer is an argument to the LSM hook, it won't disappear and yes this does hold generally true for the other use-cases as well. > So why touch i_count ? > > > + > > + return (unsigned long)NULL; > > +} > > + > > BPF_CALL_2(bpf_sk_storage_delete, struct bpf_map *, map, struct sock *, sk) > > { > > if (refcount_inc_not_zero(&sk->sk_refcnt)) { > > @@ -957,6 +1229,20 @@ BPF_CALL_2(bpf_sk_storage_delete, struct bpf_map *, map, struct sock *, sk) > > return -ENOENT; > > } > > > > +BPF_CALL_2(bpf_inode_storage_delete, > > + struct bpf_map *, map, struct inode *, inode) > > +{ > > + int err; > > + > > + if (atomic_inc_not_zero(&inode->i_count)) { > > + err = inode_storage_delete(inode, map); > > + iput(inode); > > + return err; > > + } > > ditto. > > > + > > + return inode_storage_delete(inode, map); > > bad copy-paste from bpf_sk_storage_delete? > or what is this logic suppose to do? The former :) fixed... - KP