Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp2837954pxb; Sun, 24 Jan 2021 23:04:43 -0800 (PST) X-Google-Smtp-Source: ABdhPJwztN39PL6UG+qnajlNgtMyenlWo/dvpEh1D25E3Z7IovE9DP4tfXMSSkwKHx2bi637S/Xi X-Received: by 2002:a17:906:388a:: with SMTP id q10mr204941ejd.496.1611558283655; Sun, 24 Jan 2021 23:04:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611558283; cv=none; d=google.com; s=arc-20160816; b=Nb3iqbEJGeigmRqwH05N0mlK3+EDtjJ+78QIzI9+SKsBe6NymBJtuzhOT8bxHjlZn7 mrYSf9i7EbjkB5EtO1bZM02yvc8Iua45+pxhJNWP21hVS1L5M19A4jVQVmGPzuimMa9P ZuN+3Z+o3NDzaCQufmjMOi6rWWzG/fVzVszQr1JSt2LamW+KZGL+o5iM5qNB+0NXaVnV oj9jBEnneilUxz3sHYHAvT2Wl9ByfjiTvOVrjEwDjHU348aLwpR5vJ/G7C+OGybyqzxw f07N0+iBKy5XZOv7S1evtBwx6UTeDyMwU+d/ve2iZpSUdXYFa2RlU5UnUI2YpuY+j15e DxiA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:ironport-sdr :ironport-sdr; bh=S/QN/mYE3YSb/CME9/cF5rSjHlHcihG549p3Q+vA2oM=; b=dug9/ijgQ1eU1wSQHuC36DRd8lsWlyeG+j0bEpjfceBrHlnZwO9rEZwSFw82ruuj5q p/RgPOSMRAwQLZx7xP3eQzB7M7dtNlWzJxowPdququ71okhfVoZLSGOHUOQfM5ofB15H mneZ3b0LVYWR6Dr8cuhGCbJk8OcakwPogH4Pevv/bN/LoD4g1NZ6GZ5V8SQikPvtpcSd rTADSEtQUrd3e42XVksVyryTYwDv0L6YJj4nJuzgtU+DJz9RfF1tESCx+y05am6vl5Z0 80ruvfY2SAXkX3Z+hqbwLwiaDcUoPZ6r0eyCaF/1LU54jj21nDSzXEjGtaNGysWcXFh9 9zfQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id jg13si6130742ejc.126.2021.01.24.23.04.20; Sun, 24 Jan 2021 23:04:43 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726791AbhAYG55 (ORCPT + 99 others); Mon, 25 Jan 2021 01:57:57 -0500 Received: from mga14.intel.com ([192.55.52.115]:13749 "EHLO mga14.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727135AbhAYG5g (ORCPT ); Mon, 25 Jan 2021 01:57:36 -0500 IronPort-SDR: iQU991RrO1GWlZUnsH5QFCyrT8VR++Ia0xcmnsvTSWWN6Xm4zpSK5NrsdsMFy37Q7bQl0IOp7c cQ5bObADr3Ag== X-IronPort-AV: E=McAfee;i="6000,8403,9874"; a="178896450" X-IronPort-AV: E=Sophos;i="5.79,372,1602572400"; d="scan'208";a="178896450" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2021 22:55:43 -0800 IronPort-SDR: MgNIXU4QAwNlAxiWTxOUvMpJeynmCqpGcyVTgDsobb3zBnjYDjktAUqBFvNnloNHzQwkZe+wL1 9EWdluiYOoPQ== X-IronPort-AV: E=Sophos;i="5.79,372,1602572400"; d="scan'208";a="361248096" Received: from ymachlev-mobl1.ger.corp.intel.com (HELO outtakka) ([10.214.244.152]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2021 22:55:37 -0800 Date: Mon, 25 Jan 2021 08:55:24 +0200 From: Mikko Ylinen To: KP Singh Cc: bpf , open list , KP Singh , Daniel Borkmann Subject: Re: [PATCH] bpf: Drop disabled LSM hooks from the sleepable set Message-ID: References: <20210122123003.46125-1-mikko.ylinen@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Jan 23, 2021 at 12:50:21AM +0100, KP Singh wrote: > On Fri, Jan 22, 2021 at 11:33 PM KP Singh wrote: > > > > On Fri, Jan 22, 2021 at 1:32 PM Mikko Ylinen > > wrote: > > > > > > Networking LSM hooks are conditionally enabled and when building the new > > > sleepable BPF LSM hooks with the networking LSM hooks disabled, the > > > following build error occurs: > > > > > > BTFIDS vmlinux > > > FAILED unresolved symbol bpf_lsm_socket_socketpair > > > > > > To fix the error, conditionally add the networking LSM hooks to the > > > sleepable set. > > > > > > Fixes: 423f16108c9d8 ("bpf: Augment the set of sleepable LSM hooks") > > > Signed-off-by: Mikko Ylinen > > > > Thanks! > > > > Acked-by: KP Singh > > Btw, I was noticing that there's another hook that is surrounded by ifdefs: > > diff --git a/kernel/bpf/bpf_lsm.c b/kernel/bpf/bpf_lsm.c > index 70e5e0b6d69d..f7f7754e938d 100644 > --- a/kernel/bpf/bpf_lsm.c > +++ b/kernel/bpf/bpf_lsm.c > @@ -166,7 +166,11 @@ BTF_ID(func, bpf_lsm_inode_symlink) > BTF_ID(func, bpf_lsm_inode_unlink) > BTF_ID(func, bpf_lsm_kernel_module_request) > BTF_ID(func, bpf_lsm_kernfs_init_security) > + > +#ifdef CONFIG_KEYS > BTF_ID(func, bpf_lsm_key_free) > +#endif > + > BTF_ID(func, bpf_lsm_mmap_file) > BTF_ID(func, bpf_lsm_netlink_send) > BTF_ID(func, bpf_lsm_path_notify) > > It would be great if you can also add this to your patch :) Thanks for noticing! I cross-checked the sleepable set but somehow missed this. Just posted v2. > I guess the cleanest solution to never let this happen would be to > incorporate this in > lsm_hook_defs.h and mark hooks as SLEEPABLE and NON_SLEEPABLE with an > extra parameter to the LSM_HOOK macro and then only generate the BTF IDs > based on this macro parameter. Agree, a way to get the set automatically created makes sense. But the extra parameter to LSM_HOOK macro would be BPF specific, right? -- Regards, Mikko