Received: by 2002:a05:6602:2086:0:0:0:0 with SMTP id a6csp3458799ioa; Tue, 26 Apr 2022 04:06:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzzyN+JvmuEqUUiw5On2brZ0Xx6ZW73nw29XRS/zawF4bAxkq3ro3E0AegqHKpHMjesU5OI X-Received: by 2002:a63:82c3:0:b0:3ab:674:c5ce with SMTP id w186-20020a6382c3000000b003ab0674c5cemr12222758pgd.209.1650971214255; Tue, 26 Apr 2022 04:06:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650971214; cv=none; d=google.com; s=arc-20160816; b=urnVMm7CqeyiXLHK3zeIvm23XL5EueSqxVMfGgjBUcmL/6TCBwmfneRGF+hrqiXViP ZVH3FPznil2AyzUk0UVimNOdgDoQnHVkeIyKVlmF5kTKaI82hqVQ79HT0ud1E0S1dypq ODrPmA98H8oHDyTk3HFhEzxS3ZKlzUc2+igCOxwUeDJJ/VWo2nVFFtwBcCNbw3HQg+eD 4Jb1VGY93p/RGN5mlXlOodutRGMcBDPcxJ0ZuwlEN42Ebg3lINT3U+yDSxoaWkBAxGSw ZT9k3whTJcBtKnlUbBLL+XFKyrEU/DsuxFVsr8zKFq4PMb52EYiFGo7YaArGD5DDWBlc HeSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=CsyLdgIfz/J4d2JXrqNRHu2e24b1rKeyXKBpw9KICek=; b=kmMPyj5furOCoUveH+rFBEYoJfCJPvu+h18NvdX3XHDpXCjNQ3vLS4bKW55sw09Dw3 VdjUSb17NQYU1792nhcpYoU2S5E2Ywx1v477g+eoh9Pjf3WqiGqnXWT+BbdbhFC1bjTp z/ZMlHwQSmpleIzn8vWTr1sQMVaWLpUuWNXOLJtel8UNQBD57bQpHl4M/hqBWKYWnzVi N5RG2ZT/969FIEYgbP+x4pu/zAvKAQWqXDchaoF6p048Eu0LJHr5MQ+HCkEYpMVKfRA4 KaDqhb5mRuGTwsro+I2q9jo6Wu7XWTd/yItSuUc/G5qH+NGvb3hPs94O7WruGoDPJC7f LHsw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=KRYsShB3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id mv13-20020a17090b198d00b001c7e8ae7620si1708175pjb.157.2022.04.26.04.06.37; Tue, 26 Apr 2022 04:06:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=KRYsShB3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344332AbiDZH4N (ORCPT + 99 others); Tue, 26 Apr 2022 03:56:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59544 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344498AbiDZHzp (ORCPT ); Tue, 26 Apr 2022 03:55:45 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id A2327B1EB for ; Tue, 26 Apr 2022 00:52:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1650959557; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=CsyLdgIfz/J4d2JXrqNRHu2e24b1rKeyXKBpw9KICek=; b=KRYsShB3yUfqwC9dhnvRZg1lArrp6/YaPcYVtwcN28Rc0Hl79UIGIGEN1Xd3BsG3J7fIj5 axzxKJK6JHfzTBEiRX67OlkEo/CRgTmzRegarb2VVKeHuNQR8dFEgxtVuEINvQdyqoDv1w WcxeDwB5dtqS/p6gvCvK6Tis8MTSpUM= Received: from mail-pf1-f198.google.com (mail-pf1-f198.google.com [209.85.210.198]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-593-GoCJMlykMgWvoKfGRO2kMQ-1; Tue, 26 Apr 2022 03:52:34 -0400 X-MC-Unique: GoCJMlykMgWvoKfGRO2kMQ-1 Received: by mail-pf1-f198.google.com with SMTP id d6-20020aa78e46000000b0050cfcce2fefso6262359pfr.18 for ; Tue, 26 Apr 2022 00:52:34 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=CsyLdgIfz/J4d2JXrqNRHu2e24b1rKeyXKBpw9KICek=; b=ywgC398z+jUabm668f52IRSBCtMu1tONVhAp5Nl/bAMB7TRm7u9l5AAbkS8QhvKrfN g7yVc6o+kEfo8zrQjSurbSPPCFK3Mj3YFoCCjgBM2JZabBN4I5/PfiEeezQWDcOHOWZE eogkL9wRskiaijwRxdEm/gZ+HBL0ZN0dqOG0fNKYMzqv3lPi6ha7/dDlqiZqT6d28H3T brGW/ppLjsxNV3dpCZBWkGa2zOYD1cCkP87OvYOegpwIpfbjlKz5n3xsREY/nAVTpWJd LcVxFyruVDs1IT6hFvgvMJt1vNRFCyix/1/QaOFfMVN/4GK2DmYQN4qVnTO19ZYjlkfT Z31Q== X-Gm-Message-State: AOAM530OtR5THHcrAhFlKUtX95HUeWZwIH8dB9RwWYjwIVsUwEihbIk9 dZ7BGy0P+Ix38iDTQfJ3gcGwqG8TUNuC0TTQ4FLRnKbFyNLodjRF4jyRT5ve2Ctvbu6OQYWUmqQ IZaO1DvljqynCsR3bnIER/trJgXMEZTxY7aLVWoO5 X-Received: by 2002:a63:5606:0:b0:3ab:84d3:cfbe with SMTP id k6-20020a635606000000b003ab84d3cfbemr2870544pgb.191.1650959553260; Tue, 26 Apr 2022 00:52:33 -0700 (PDT) X-Received: by 2002:a63:5606:0:b0:3ab:84d3:cfbe with SMTP id k6-20020a635606000000b003ab84d3cfbemr2870516pgb.191.1650959552946; Tue, 26 Apr 2022 00:52:32 -0700 (PDT) MIME-Version: 1.0 References: <20220421140740.459558-1-benjamin.tissoires@redhat.com> <20220421140740.459558-4-benjamin.tissoires@redhat.com> <20220426041147.gwnxhcjftl2kaz6g@MBP-98dd607d3435.dhcp.thefacebook.com> In-Reply-To: <20220426041147.gwnxhcjftl2kaz6g@MBP-98dd607d3435.dhcp.thefacebook.com> From: Benjamin Tissoires Date: Tue, 26 Apr 2022 09:52:21 +0200 Message-ID: Subject: Re: [RFC bpf-next v4 3/7] error-inject: add new type that carries if the function is non sleepable To: Alexei Starovoitov Cc: Greg KH , Jiri Kosina , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Tero Kristo , lkml , "open list:HID CORE LAYER" , bpf Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW, SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 26, 2022 at 6:11 AM Alexei Starovoitov wrote: > > On Thu, Apr 21, 2022 at 04:07:36PM +0200, Benjamin Tissoires wrote: > > When using error-injection function through bpf to change the return > > code, we need to know if the function is sleepable or not. > > > > Currently the code assumes that all error-inject functions are sleepable, > > except for a few selected of them, hardcoded in kernel/bpf/verifier.c > > > > Add a new flag to error-inject so we can code that information where the > > function is declared. > > > > Signed-off-by: Benjamin Tissoires > > > > --- > > > > new in v4: > > - another approach would be to define a new kfunc_set, and register > > it with btf. But in that case, what program type would we use? > > BPF_PROG_TYPE_UNSPEC? > > - also note that maybe we should consider all of the functions > > non-sleepable and only mark some as sleepable. IMO it makes more > > sense to be more restrictive by default. > > I think the approach in this patch is fine. > We didn't have issues with check_non_sleepable_error_inject() so far, > so I wouldn't start refactoring it. OK... though I can't help but thinking that adding a new error-inject.h enum value is going to be bad, because it's an API change, and users might not expect NS_ERRNO. OTOH, if we had a new kfunc_set, we keep the existing error-inject API in place with all the variants and we just teach the verifier that the function is non sleepable. > > > --- > > include/asm-generic/error-injection.h | 1 + > > kernel/bpf/verifier.c | 10 ++++++++-- > > lib/error-inject.c | 2 ++ > > 3 files changed, 11 insertions(+), 2 deletions(-) > > > > diff --git a/include/asm-generic/error-injection.h b/include/asm-generic/error-injection.h > > index fbca56bd9cbc..5974942353a6 100644 > > --- a/include/asm-generic/error-injection.h > > +++ b/include/asm-generic/error-injection.h > > @@ -9,6 +9,7 @@ enum { > > EI_ETYPE_ERRNO, /* Return -ERRNO if failure */ > > EI_ETYPE_ERRNO_NULL, /* Return -ERRNO or NULL if failure */ > > EI_ETYPE_TRUE, /* Return true if failure */ > > + EI_ETYPE_NS_ERRNO, /* Return -ERRNO if failure and tag the function as non-sleepable */ > > > }; > > > > struct error_injection_entry { > > diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c > > index 0f339f9058f3..45c8feea6478 100644 > > --- a/kernel/bpf/verifier.c > > +++ b/kernel/bpf/verifier.c > > @@ -14085,6 +14085,11 @@ static int check_non_sleepable_error_inject(u32 btf_id) > > return btf_id_set_contains(&btf_non_sleepable_error_inject, btf_id); > > } > > > > +static int is_non_sleepable_error_inject(unsigned long addr) > > +{ > > + return get_injectable_error_type(addr) == EI_ETYPE_NS_ERRNO; > > It's a linear search. Probably ok. But would be good to double check > that we're not calling it a lot. IIUC, the kfunc_set approach would solve that, no? Cheers, Benjamin > > > +} > > + > > int bpf_check_attach_target(struct bpf_verifier_log *log, > > const struct bpf_prog *prog, > > const struct bpf_prog *tgt_prog, > > @@ -14281,8 +14286,9 @@ int bpf_check_attach_target(struct bpf_verifier_log *log, > > /* fentry/fexit/fmod_ret progs can be sleepable only if they are > > * attached to ALLOW_ERROR_INJECTION and are not in denylist. > > */ > > - if (!check_non_sleepable_error_inject(btf_id) && > > - within_error_injection_list(addr)) > > + if (within_error_injection_list(addr) && > > + !check_non_sleepable_error_inject(btf_id) && > > + !is_non_sleepable_error_inject(addr)) > > ret = 0; > > break; > > case BPF_PROG_TYPE_LSM: > > diff --git a/lib/error-inject.c b/lib/error-inject.c > > index 2ff5ef689d72..560c3b18f439 100644 > > --- a/lib/error-inject.c > > +++ b/lib/error-inject.c > > @@ -183,6 +183,8 @@ static const char *error_type_string(int etype) > > return "ERRNO_NULL"; > > case EI_ETYPE_TRUE: > > return "TRUE"; > > + case EI_ETYPE_NS_ERRNO: > > + return "NS_ERRNO"; > > default: > > return "(unknown)"; > > } > > -- > > 2.35.1 > > >