Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp2579910rwb; Mon, 19 Sep 2022 07:08:26 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7r9lqWLPiQ+8NZfe0MGGCx/IvNF181RyIM5NT3EFOBYr1VPf8jN32ZvNoKT47KpW4ok41M X-Received: by 2002:aa7:d392:0:b0:44e:67f2:c79c with SMTP id x18-20020aa7d392000000b0044e67f2c79cmr15228608edq.278.1663596506243; Mon, 19 Sep 2022 07:08:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663596506; cv=none; d=google.com; s=arc-20160816; b=txGMM/WXGZrhiOf+MKlybqfFSKx2kurvSHowqNPA3nkGLtnBdCPx2blR8WXk5Q9brw TyEA27arwYYHdFUoI0G2w9rvg3XkPeBafaL7vs3a/3UvVXurWWIPY7AeknTks0Gs/hZj gEwK42wXL0ixn+pzqh8MFGrqZ4jGmADaC3wletBVptg+XhS2cf39wEv/KU15D3sJWh4I 8rL14xF8+hBZXwU3EXW+G27UbY2Us6Ud7BAYI5ZYrJSJfM0qYMDQkDURIWEwgHpPjfsb RJ/623LZwMYprxbNpcaF6Xmhn1AYWqzMW/l0XK3arwL86325f5qv90P+MC6xzxn/W/dW nINA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=ZQgfxuabkQ0VgTt2mWKIeqg2DEwLglFLPWtHv4SeMLU=; b=FVO+Qb01Xyy/99UrPO/lagqlFYdfSYoQDsoGGAJchTdy3RpDPiH9ehyoC/4M/oILdB WfKdsx+r/8G2aLZVvFGWUvek5gMB6r1ROaJSvt0qlJaKt/sG+WLURlCv/20l7iVSsbcI POufhhX1eW632zwT8rJPCD/tA9PL1goIJH5zKq+YiNEiJuxQfE1RoSQFtqbWOaoEotLE XitrNucY6UPbSDXiKvivBBf4N0VkudfimlVuDTJ6mU046ldblTK5s3Hb9b+VV3fxeBos BhxfyAFtQrs3csfstWeOjNaCrV2TZBiHOdAa+S2+mk36bqP05SsbCLS8UqDU0BtlPNa1 J6IA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id eb9-20020a0564020d0900b004537a3c4982si9972635edb.601.2022.09.19.07.08.00; Mon, 19 Sep 2022 07:08:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229673AbiISNcN (ORCPT + 99 others); Mon, 19 Sep 2022 09:32:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37978 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229606AbiISNcL (ORCPT ); Mon, 19 Sep 2022 09:32:11 -0400 Received: from dggsgout12.his.huawei.com (dggsgout12.his.huawei.com [45.249.212.56]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A78901BEBF; Mon, 19 Sep 2022 06:32:08 -0700 (PDT) Received: from mail02.huawei.com (unknown [172.30.67.143]) by dggsgout12.his.huawei.com (SkyGuard) with ESMTP id 4MWQXL19S5z6S2nV; Mon, 19 Sep 2022 21:30:10 +0800 (CST) Received: from [10.67.109.184] (unknown [10.67.109.184]) by APP2 (Coremail) with SMTP id Syh0CgDHYWtSbyhjnodSBA--.50647S2; Mon, 19 Sep 2022 21:32:06 +0800 (CST) Subject: Re: [PATCH bpf-next v3 1/2] bpf, cgroup: Don't populate prog_attach_flags array when effective query To: Martin KaFai Lau , Stanislav Fomichev Cc: Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Quentin Monnet , Song Liu , Yonghong Song , John Fastabend , KP Singh , Hao Luo , Jiri Olsa , bpf@vger.kernel.org, linux-kernel@vger.kernel.org, Pu Lehui , Pu Lehui References: <20220914161742.3180731-1-pulehui@huaweicloud.com> <20220914161742.3180731-2-pulehui@huaweicloud.com> <9b66564e-2582-03b2-56f1-8037f8aca886@linux.dev> From: Pu Lehui Message-ID: <037a6a32-5143-ddad-4a43-bd815280a0ef@huaweicloud.com> Date: Mon, 19 Sep 2022 21:32:02 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1 MIME-Version: 1.0 In-Reply-To: <9b66564e-2582-03b2-56f1-8037f8aca886@linux.dev> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-CM-TRANSID: Syh0CgDHYWtSbyhjnodSBA--.50647S2 X-Coremail-Antispam: 1UD129KBjvJXoW7uFyfJFykJry5Jr4xCr43GFg_yoW8ury7pF WxZFy7GF1DX3y2gas2v3s5XayIqan5JF45Cr93Jry5uFWqgr109r4xAayF9F15XFWjyw10 vw4Yvr1DWF9ruFJanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUU9Y14x267AKxVW8JVW5JwAFc2x0x2IEx4CE42xK8VAvwI8IcIk0 rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2ocxC64kIII0Yj41l84x0c7CEw4AK67xGY2AK02 1l84ACjcxK6xIIjxv20xvE14v26F1j6w1UM28EF7xvwVC0I7IYx2IY6xkF7I0E14v26F4j 6r4UJwA2z4x0Y4vEx4A2jsIE14v26rxl6s0DM28EF7xvwVC2z280aVCY1x0267AKxVW0oV Cq3wAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG6I80ewAv7VC0 I7IYx2IY67AKxVWUGVWUXwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFVCjc4AY6r1j6r 4UM4x0Y48IcVAKI48JM4x0x7Aq67IIx4CEVc8vx2IErcIFxwACI402YVCY1x02628vn2kI c2xKxwCYjI0SjxkI62AI1cAE67vIY487MxAIw28IcxkI7VAKI48JMxC20s026xCaFVCjc4 AY6r1j6r4UMI8I3I0E5I8CrVAFwI0_Jr0_Jr4lx2IqxVCjr7xvwVAFwI0_JrI_JrWlx4CE 17CEb7AF67AKxVW8ZVWrXwCIc40Y0x0EwIxGrwCI42IY6xIIjxv20xvE14v26r1j6r1xMI IF0xvE2Ix0cI8IcVCY1x0267AKxVW8JVWxJwCI42IY6xAIw20EY4v20xvaj40_WFyUJVCq 3wCI42IY6I8E87Iv67AKxVWUJVW8JwCI42IY6I8E87Iv6xkF7I0E14v26r4j6r4UJbIYCT nIWIevJa73UjIFyTuYvjfUF9a9DUUUU X-CM-SenderInfo: psxovxtxl6x35dzhxuhorxvhhfrp/ X-CFilter-Loop: Reflected X-Spam-Status: No, score=-2.9 required=5.0 tests=BAYES_00,NICE_REPLY_A, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2022/9/17 8:03, Martin KaFai Lau wrote: > On 9/14/22 9:17 AM, Pu Lehui wrote: >> From: Pu Lehui >> >> Attach flags is only valid for attached progs of this layer cgroup, >> but not for effective progs. For querying with EFFECTIVE flags, >> exporting attach flags does not make sense. so we don't need to >> populate prog_attach_flags array when effective query. > > prog_attach_flags has been added to 6.0 which is in rc5.  It is still > doable (and cleaner) to reject prog_attach_flags when it is an > effective_query.  This should be done regardless of 'type == > BPF_LSM_CGROUP' or not.  Something like: > > if (effective_query && prog_attach_flags) >     return -EINVAL; > > Otherwise, the whole prog_attach_flags needs to be set to 0 during > effective_query.  Please target the change to the bpf tree instead of > bpf-next such that this uapi bit can be fixed before 6.0. > Okay, will handle in next version. > Also, the effective_query issue is not limited to the prog_attach_flags? > For the older uattr->query.attach_flags, it should be set to 0 also when > it is an effective_query, right? For output uattr->query.attach_flags, we certainly don't need to copy it to userspace when effective query. Since we do not utilize uattr->query.attach_flags in the cgroup query function, should we need to take it as input and reject when it is non-zero in effective query? Something like: if (effective_query && (prog_attach_flags || attr->query.attach_flags)) For both output and input scenarios, we are faced with the problem that there is a ambiguity in attach_flags being 0. When we do not copy to the userspace, libbpf will set it to 0 by default, and 0 can mean NONE flag attach, or no attach prog. The same is true for input scenarios. So should we need to define NONE attach flag and redefine the others? Such as follow: #define BPF_F_ALLOW_NONE (1U << 0) #define BPF_F_ALLOW_OVERRIDE (1U << 1) #define BPF_F_ALLOW_MULTI (1U << 2) #define BPF_F_REPLACE (1U << 3) And then attach flags being 0 certainly means no attach any prog.