Received: by 2002:a17:90b:8d0:0:0:0:0 with SMTP id ds16csp5079647pjb; Mon, 27 Jul 2020 12:23:24 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxcfJWlRaPYKWXhIrkhhJ8jPAwwYDTBHlPd12AttV+VMEBHb4FOLHo9yqKA21BNVII0snH9 X-Received: by 2002:a17:907:72c8:: with SMTP id du8mr11812299ejc.237.1595877804380; Mon, 27 Jul 2020 12:23:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595877804; cv=none; d=google.com; s=arc-20160816; b=xS/fWyf2q2KLt41kWeuNnJqCKldPre15t5k3PB0L9SCgnPf6pNHwNaQkl66O2t6sUY WqbfnO6/WhhCjXwEnux+uxBSuoCsdHXmc4r0gxqmT1L5Mrk5+fsxf0y3bUqcPV6BpYxi 43yndGN163yxIm4Jn39mbJDL8I2ANPT8gO8H9bXcTm3tqMXq684nuQP5+zm+Ff8inTgE EYrQlUmAgHiMVORJ/yHdIYZtlwMMXP9blN44z4BDlY72x0WsBHpfw2BW2IJYmFcmSkuc Pi0NxkxcnXCnCHKcJZ90fVt5fP53PtEGXVFASf8xEvz942KJ4UPYUtcTJbDQl8FXsx93 NSJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:smtp-origin-cluster :cc:to:smtp-origin-hostname:from:smtp-origin-hostprefix :dkim-signature; bh=VJIpv4KJ99emqMyK/KN1Btfdwg++KpRP9LTaPMgfZ1Q=; b=FZotTkp7cuiPz6/PsFBZWDD23bktQ5yj108EmLG247LKn1uN34XFf8EQmn2wn40QsR garh7xRYI/nxW2V8T0ynhuAwfrYnO7qAAwbOxaRrhlUuyvcRaaclkO88L26Vys7jahW1 drbR/v2gmZeRxzPKMyg+sJamViBaeVJA9kj6lVrd+JCiTIyrPs/I1BOgPnxHKkA6QMKa inZMqeyT9+ZCUzMfPO5JYv6Q1DrHPhxakJthB3Q9yJjf2dQfnN0yaWd6ZzRoGJYaHXxg 4BeraJRZHydULOiZdcIyGUO6M2t63V5f/Ul52qK/yQIRo7whEUsbFDc0BzoJc8wfAKPJ SKDQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@fb.com header.s=facebook header.b=aEkFic6E; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=fb.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c6si6422580ejr.345.2020.07.27.12.23.02; Mon, 27 Jul 2020 12:23:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@fb.com header.s=facebook header.b=aEkFic6E; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=fb.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732287AbgG0Sqr (ORCPT + 99 others); Mon, 27 Jul 2020 14:46:47 -0400 Received: from mx0a-00082601.pphosted.com ([67.231.145.42]:59452 "EHLO mx0a-00082601.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732046AbgG0Spu (ORCPT ); Mon, 27 Jul 2020 14:45:50 -0400 Received: from pps.filterd (m0044012.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 06RIjgw7027223 for ; Mon, 27 Jul 2020 11:45:49 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=facebook; bh=VJIpv4KJ99emqMyK/KN1Btfdwg++KpRP9LTaPMgfZ1Q=; b=aEkFic6EkI3SM4YC7EdbxBxyRwJWI8Ky7WgwWcRbQIj2AfR3AnYQ3YnDLvCKZDCI8/le lfTtAq0N90ttD2wEDH869MPOexfPK98aaIyDdYCrwZge1AIiiyMhIfWz4UtfoOZiWDsd /lKNq7uUQj/3aNReMRFE7AhQ0bnwVZF15II= Received: from mail.thefacebook.com ([163.114.132.120]) by mx0a-00082601.pphosted.com with ESMTP id 32h50vnsyq-9 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Mon, 27 Jul 2020 11:45:49 -0700 Received: from intmgw002.06.prn3.facebook.com (2620:10d:c085:208::f) by mail.thefacebook.com (2620:10d:c085:11d::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1979.3; Mon, 27 Jul 2020 11:45:20 -0700 Received: by devvm1096.prn0.facebook.com (Postfix, from userid 111017) id 204BC1DAFEA9; Mon, 27 Jul 2020 11:45:11 -0700 (PDT) Smtp-Origin-Hostprefix: devvm From: Roman Gushchin Smtp-Origin-Hostname: devvm1096.prn0.facebook.com To: CC: , Alexei Starovoitov , Daniel Borkmann , , , Roman Gushchin Smtp-Origin-Cluster: prn0c01 Subject: [PATCH bpf-next v2 28/35] bpf: eliminate rlimit-based memory accounting for bpf progs Date: Mon, 27 Jul 2020 11:44:59 -0700 Message-ID: <20200727184506.2279656-29-guro@fb.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200727184506.2279656-1-guro@fb.com> References: <20200727184506.2279656-1-guro@fb.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-FB-Internal: Safe Content-Type: text/plain X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235,18.0.687 definitions=2020-07-27_13:2020-07-27,2020-07-27 signatures=0 X-Proofpoint-Spam-Details: rule=fb_default_notspam policy=fb_default score=0 suspectscore=38 phishscore=0 mlxscore=0 lowpriorityscore=0 spamscore=0 impostorscore=0 malwarescore=0 bulkscore=0 mlxlogscore=999 priorityscore=1501 adultscore=0 clxscore=1015 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2007270127 X-FB-Internal: deliver Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Do not use rlimit-based memory accounting for bpf progs. It has been replaced with memcg-based memory accounting. Signed-off-by: Roman Gushchin --- include/linux/bpf.h | 11 ------ kernel/bpf/core.c | 12 ++----- kernel/bpf/syscall.c | 86 ++++++-------------------------------------- 3 files changed, 12 insertions(+), 97 deletions(-) diff --git a/include/linux/bpf.h b/include/linux/bpf.h index 055c693d9928..0c443468200e 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -1095,8 +1095,6 @@ void bpf_prog_sub(struct bpf_prog *prog, int i); void bpf_prog_inc(struct bpf_prog *prog); struct bpf_prog * __must_check bpf_prog_inc_not_zero(struct bpf_prog *pr= og); void bpf_prog_put(struct bpf_prog *prog); -int __bpf_prog_charge(struct user_struct *user, u32 pages); -void __bpf_prog_uncharge(struct user_struct *user, u32 pages); void __bpf_free_used_maps(struct bpf_prog_aux *aux, struct bpf_map **used_maps, u32 len); =20 @@ -1380,15 +1378,6 @@ bpf_prog_inc_not_zero(struct bpf_prog *prog) return ERR_PTR(-EOPNOTSUPP); } =20 -static inline int __bpf_prog_charge(struct user_struct *user, u32 pages) -{ - return 0; -} - -static inline void __bpf_prog_uncharge(struct user_struct *user, u32 pag= es) -{ -} - static inline int bpf_obj_get_user(const char __user *pathname, int flag= s) { return -EOPNOTSUPP; diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c index daab8dcafbd4..23b8ff109ac8 100644 --- a/kernel/bpf/core.c +++ b/kernel/bpf/core.c @@ -219,23 +219,15 @@ struct bpf_prog *bpf_prog_realloc(struct bpf_prog *= fp_old, unsigned int size, { gfp_t gfp_flags =3D GFP_KERNEL_ACCOUNT | __GFP_ZERO | gfp_extra_flags; struct bpf_prog *fp; - u32 pages, delta; - int ret; + u32 pages; =20 size =3D round_up(size, PAGE_SIZE); pages =3D size / PAGE_SIZE; if (pages <=3D fp_old->pages) return fp_old; =20 - delta =3D pages - fp_old->pages; - ret =3D __bpf_prog_charge(fp_old->aux->user, delta); - if (ret) - return NULL; - fp =3D __vmalloc(size, gfp_flags); - if (fp =3D=3D NULL) { - __bpf_prog_uncharge(fp_old->aux->user, delta); - } else { + if (fp) { memcpy(fp, fp_old, fp_old->pages * PAGE_SIZE); fp->pages =3D pages; fp->aux->prog =3D fp; diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index ae51e2363cc1..7f0bf60f5218 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -337,23 +337,6 @@ void bpf_map_init_from_attr(struct bpf_map *map, uni= on bpf_attr *attr) map->numa_node =3D bpf_map_attr_numa_node(attr); } =20 -static int bpf_charge_memlock(struct user_struct *user, u32 pages) -{ - unsigned long memlock_limit =3D rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT; - - if (atomic_long_add_return(pages, &user->locked_vm) > memlock_limit) { - atomic_long_sub(pages, &user->locked_vm); - return -EPERM; - } - return 0; -} - -static void bpf_uncharge_memlock(struct user_struct *user, u32 pages) -{ - if (user) - atomic_long_sub(pages, &user->locked_vm); -} - static int bpf_map_alloc_id(struct bpf_map *map) { int id; @@ -1563,51 +1546,6 @@ static void bpf_audit_prog(const struct bpf_prog *= prog, unsigned int op) audit_log_end(ab); } =20 -int __bpf_prog_charge(struct user_struct *user, u32 pages) -{ - unsigned long memlock_limit =3D rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT; - unsigned long user_bufs; - - if (user) { - user_bufs =3D atomic_long_add_return(pages, &user->locked_vm); - if (user_bufs > memlock_limit) { - atomic_long_sub(pages, &user->locked_vm); - return -EPERM; - } - } - - return 0; -} - -void __bpf_prog_uncharge(struct user_struct *user, u32 pages) -{ - if (user) - atomic_long_sub(pages, &user->locked_vm); -} - -static int bpf_prog_charge_memlock(struct bpf_prog *prog) -{ - struct user_struct *user =3D get_current_user(); - int ret; - - ret =3D __bpf_prog_charge(user, prog->pages); - if (ret) { - free_uid(user); - return ret; - } - - prog->aux->user =3D user; - return 0; -} - -static void bpf_prog_uncharge_memlock(struct bpf_prog *prog) -{ - struct user_struct *user =3D prog->aux->user; - - __bpf_prog_uncharge(user, prog->pages); - free_uid(user); -} - static int bpf_prog_alloc_id(struct bpf_prog *prog) { int id; @@ -1657,7 +1595,7 @@ static void __bpf_prog_put_rcu(struct rcu_head *rcu= ) =20 kvfree(aux->func_info); kfree(aux->func_info_aux); - bpf_prog_uncharge_memlock(aux->prog); + free_uid(aux->user); security_bpf_prog_free(aux); bpf_prog_free(aux->prog); } @@ -2090,7 +2028,7 @@ static int bpf_prog_load(union bpf_attr *attr, unio= n bpf_attr __user *uattr) tgt_prog =3D bpf_prog_get(attr->attach_prog_fd); if (IS_ERR(tgt_prog)) { err =3D PTR_ERR(tgt_prog); - goto free_prog_nouncharge; + goto free_prog; } prog->aux->linked_prog =3D tgt_prog; } @@ -2099,18 +2037,15 @@ static int bpf_prog_load(union bpf_attr *attr, un= ion bpf_attr __user *uattr) =20 err =3D security_bpf_prog_alloc(prog->aux); if (err) - goto free_prog_nouncharge; - - err =3D bpf_prog_charge_memlock(prog); - if (err) - goto free_prog_sec; + goto free_prog; =20 + prog->aux->user =3D get_current_user(); prog->len =3D attr->insn_cnt; =20 err =3D -EFAULT; if (copy_from_user(prog->insns, u64_to_user_ptr(attr->insns), bpf_prog_insn_size(prog)) !=3D 0) - goto free_prog; + goto free_prog_sec; =20 prog->orig_prog =3D NULL; prog->jited =3D 0; @@ -2121,19 +2056,19 @@ static int bpf_prog_load(union bpf_attr *attr, un= ion bpf_attr __user *uattr) if (bpf_prog_is_dev_bound(prog->aux)) { err =3D bpf_prog_offload_init(prog, attr); if (err) - goto free_prog; + goto free_prog_sec; } =20 /* find program type: socket_filter vs tracing_filter */ err =3D find_prog_type(type, prog); if (err < 0) - goto free_prog; + goto free_prog_sec; =20 prog->aux->load_time =3D ktime_get_boottime_ns(); err =3D bpf_obj_name_cpy(prog->aux->name, attr->prog_name, sizeof(attr->prog_name)); if (err < 0) - goto free_prog; + goto free_prog_sec; =20 /* run eBPF verifier */ err =3D bpf_check(&prog, attr, uattr); @@ -2178,11 +2113,10 @@ static int bpf_prog_load(union bpf_attr *attr, un= ion bpf_attr __user *uattr) */ __bpf_prog_put_noref(prog, prog->aux->func_cnt); return err; -free_prog: - bpf_prog_uncharge_memlock(prog); free_prog_sec: + free_uid(prog->aux->user); security_bpf_prog_free(prog->aux); -free_prog_nouncharge: +free_prog: bpf_prog_free(prog); return err; } --=20 2.26.2