Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp7135269rwb; Mon, 12 Dec 2022 10:28:44 -0800 (PST) X-Google-Smtp-Source: AA0mqf4Gb6gdWMM75Cl8menGzy/OwH8HjYqMyAJOPJT4pK5d07Ya5hEyHA8cbHQN4tDah/cnj678 X-Received: by 2002:a17:903:1d0:b0:188:f5de:891f with SMTP id e16-20020a17090301d000b00188f5de891fmr22366193plh.11.1670869724726; Mon, 12 Dec 2022 10:28:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670869724; cv=none; d=google.com; s=arc-20160816; b=YlubMomerKbeAFDGbxPK3AtPC9owCpe5SfzIeizaRB5PABlSh9B97NXaR5BfhunwJn J41VSQ2jJdNh/47EkjsqjO2fsn89sC7JVRnFeiM6YCK6TfLfo9PtjnUKpOMKFJxQLvtI 8bXZS7yAe0bCo49EO3vdHv8psybsollrut9Wc76t0dzIQcs9IyXzwkHCuDLrsp8JyCAe 7dH2YjWX0VgSWYDkwNgd8ewO8VVGq2a9LRzXAjEb1AAWxKO9tFV/NmAMD2xOvO7Hm3fs DqSofEuObC0uQgZOGsSqVByaTMq83NDHYn66IqwdU0pKd2sW67h6B+suO5i2Qg2RTm3e Skyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=tGrD1zgnE/I0MouDR4Deh8M+MyjxmKipkPxH2acLrBU=; b=VFaLbe8W6JMPw8aH3Vyg0BLZrNAprMg9ZK7bdreblLxG5pzK/BFOwgxP/t5IkVxL6+ PJCWl3c8lGFuODsgHNwyRLtEm08zIlWb/jRQf1++VbHBBS828lcKXQapKPAIbpHYeD1h 78DvAJC37oCaG8I3zL/44nfZeuDfqBKNcx6+oy5ssd4EtZzTUqzHME4SQkmXUBOkwcPX y2oCSfh2nFt+eC+TaMDALKViQtzX367Ajhkc0kFhOVyyFQbD1qOWJN0UFS+ws2Mw2fmy /Rme7w46oHXCOv0i4wL3BGwPOgwD4ycU3obAAjwsczisuIWEJWqf+KEnNxgQAHwtNaNI by0Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=g4gbQQAb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id v9-20020a1709029a0900b00189bdfb4710si9433920plp.280.2022.12.12.10.28.34; Mon, 12 Dec 2022 10:28:44 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=g4gbQQAb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232492AbiLLSVH (ORCPT + 74 others); Mon, 12 Dec 2022 13:21:07 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45672 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232954AbiLLSU5 (ORCPT ); Mon, 12 Dec 2022 13:20:57 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7E422D63; Mon, 12 Dec 2022 10:20:55 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 1E78C6119E; Mon, 12 Dec 2022 18:20:55 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id EBEA9C433F0; Mon, 12 Dec 2022 18:20:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1670869254; bh=RI5+SmWe0surB49db6NNG2NfZSAFADSc0Xo9XZxiKX4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=g4gbQQAbRE3Nm3l+JyzsTz0j7xSgqKAC1TH31CsKuuPT7wLxtd/oDe2w2ICHUMbAW q7/dJjGe+zBiWWzA3//M7ontpFXzmyM2aYJfx3t42zznwc0ZA+2sHSVaeM4/oh6VXV FOAHZB7ZlWFaaqn1niriFi8ReSBrv2pHc9DWr9HY= Date: Mon, 12 Dec 2022 19:20:51 +0100 From: Greg KH To: Yonghong Song Cc: Benjamin Tissoires , Jiri Kosina , Jonathan Corbet , Shuah Khan , Alexei Starovoitov , Tero Kristo , linux-kernel@vger.kernel.org, linux-input@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-doc@vger.kernel.org Subject: Re: [PATCH hid v12 05/15] HID: bpf jmp table: simplify the logic of cleaning up programs Message-ID: References: <20221103155756.687789-1-benjamin.tissoires@redhat.com> <20221103155756.687789-6-benjamin.tissoires@redhat.com> <53f21d98-4ee6-c0e9-1c0a-5fae23c1b9a8@meta.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <53f21d98-4ee6-c0e9-1c0a-5fae23c1b9a8@meta.com> X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Dec 12, 2022 at 09:52:03AM -0800, Yonghong Song wrote: > > > On 12/12/22 9:02 AM, Benjamin Tissoires wrote: > > On Thu, Nov 3, 2022 at 4:58 PM Benjamin Tissoires > > wrote: > > > > > > Kind of a hack, but works for now: > > > > > > Instead of listening for any close of eBPF program, we now > > > decrement the refcount when we insert it in our internal > > > map of fd progs. > > > > > > This is safe to do because: > > > - we listen to any call of destructor of programs > > > - when a program is being destroyed, we disable it by removing > > > it from any RCU list used by any HID device (so it will never > > > be called) > > > - we then trigger a job to cleanup the prog fd map, but we overwrite > > > the removal of the elements to not do anything on the programs, just > > > remove the allocated space > > > > > > This is better than previously because we can remove the map of known > > > programs and their usage count. We now rely on the refcount of > > > bpf, which has greater chances of being accurate. > > > > > > Signed-off-by: Benjamin Tissoires > > > > > > --- > > > > So... I am a little bit embarrassed, but it turns out that this hack > > is not safe enough. > > > > If I compile the kernel with LLVM=1, the function > > bpf_prog_put_deferred() is optimized in a weird way: if we are not in > > irq, the function is inlined into __bpf_prog_put(), but if we are, the > > function is still kept around as it is called in a scheduled work > > item. > > > > This is something I completely overlooked: I assume that if the > > function would be inlined, the HID entrypoint BPF preloaded object > > would not be able to bind, thus deactivating HID-BPF safely. But if a > > function can be both inlined and not inlined, then I have no > > guarantees that my cleanup call will be called. Meaning that a HID > > device might believe there is still a bpf function to call. And things > > will get messy, with kernel crashes and others. > > You should not rely fentry to a static function. This is unstable > as compiler could inline it if that static function is called > directly. You could attach to a global function if it is not > compiled with lto. But now that the kernel does support LTO, how can you be sure this will always work properly? The code author does not know if LTO will kick in and optimize this away or not, that's the linker's job. thanks, greg k-h