Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp7928676rwb; Mon, 12 Dec 2022 23:01:47 -0800 (PST) X-Google-Smtp-Source: AA0mqf5BPjwxB5wNSMlArdANAtiYAYMPJDjp4bGGJSvGpDCH5WoLqpAt6etmABWe/j0bkrS4pPtO X-Received: by 2002:a17:906:7193:b0:7c1:39e:db7e with SMTP id h19-20020a170906719300b007c1039edb7emr21166597ejk.59.1670914907450; Mon, 12 Dec 2022 23:01:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670914907; cv=none; d=google.com; s=arc-20160816; b=TxZE9DN6zjn9GcsLNS0NBUk6WAo90aQV3/HLSoR/7ccpvzsDsgPxFQMcIS4l0hB+kA vDZAwLKlYvpQbjf6jXZdr/OgIcr+H2Qm6eGPztXFz4hssN7hFV4Ir29maH59rebwJPRr j5FumAvyy31ZyyZF9PX1eyT25F6LgP246efjo+OCd6DBlflW3R3NT9wqmES8e3ZLBNak zHpx0jmS0yZX+u7v7CbhWhFYJcBP7/tp2DC3apQGfpHvQfFd/2z3ytz0hvQ+5JHj4gph xdC58xtYnxyPb4W9tyC4KejXB9iOZrm+dmfG9NWNMyLT13pTW0SW0UHPcNjFcLedTU/j di4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=sro8Tb5PQ+ikKqgpfQUR8J9GPeSYX3JoGhl49FFTwK4=; b=pka0tVhuIBtpqns0D/9Pz51/ReeXKQL45aTLX5ktDcx6R2WHrtyo3ygBDRWUf9FtRu S0z0XegINt+NAlBIjrQohkOZ312JbS0VvuOvg2vwc2udmZfetXFN03sA1t4fipcyW88C 21j1HafaEJEEFba1BcMQsmuJUdklP2J/8JVnASp67jzJ3PbRkM8zCzzOXQcaWowpKl/W A5SX+6rlSRbxoCghzP1BL6XvBQa4vTRXmUDzUpdRw30wm/kbKNYOcHMtW1QKaGVdyRT4 Pq++MaPKYHRskW8qICXXHWZDjtn5VtjQunKPTnPbBZZLk3lsa55A8zxvysrbZNstozEq zy0g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="MJKrvgj/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id js18-20020a17090797d200b007c115fb8501si8935628ejc.252.2022.12.12.23.01.27; Mon, 12 Dec 2022 23:01:47 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="MJKrvgj/"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234573AbiLMG21 (ORCPT + 74 others); Tue, 13 Dec 2022 01:28:27 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59280 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234384AbiLMG2Y (ORCPT ); Tue, 13 Dec 2022 01:28:24 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7834A1F60D; Mon, 12 Dec 2022 22:28:23 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 10EB5612CC; Tue, 13 Dec 2022 06:28:23 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 9CDC4C433D2; Tue, 13 Dec 2022 06:28:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1670912902; bh=uI9Ao0SciAAwTHod6G70GoHTrSCkbTWfoHihc8zqEeY=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=MJKrvgj/Y0j3/73ALgH3QmJwIQPSa690Ayez+uoxVpATMCgziHCrC1hCs0Kqcx5Oq TtghrxIVbi2E/0Wt+D7TutZN0UaF9ydIhRuBbzBLI0ZQjYGnHRtpGP3vaE93EHk+7R y27mw6pKl6V6B1Ylsq+k8FaeE60fhIn9nMq1U3Fk= Date: Tue, 13 Dec 2022 07:28:19 +0100 From: Greg KH To: Yonghong Song Cc: Benjamin Tissoires , Jiri Kosina , Jonathan Corbet , Shuah Khan , Alexei Starovoitov , Tero Kristo , linux-kernel@vger.kernel.org, linux-input@vger.kernel.org, bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-doc@vger.kernel.org Subject: Re: [PATCH hid v12 05/15] HID: bpf jmp table: simplify the logic of cleaning up programs Message-ID: References: <20221103155756.687789-1-benjamin.tissoires@redhat.com> <20221103155756.687789-6-benjamin.tissoires@redhat.com> <53f21d98-4ee6-c0e9-1c0a-5fae23c1b9a8@meta.com> <43e6e9ec-3a0c-7238-30b2-daa7e71b169b@meta.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <43e6e9ec-3a0c-7238-30b2-daa7e71b169b@meta.com> X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Dec 12, 2022 at 10:39:26AM -0800, Yonghong Song wrote: > > > On 12/12/22 10:20 AM, Greg KH wrote: > > On Mon, Dec 12, 2022 at 09:52:03AM -0800, Yonghong Song wrote: > > > > > > > > > On 12/12/22 9:02 AM, Benjamin Tissoires wrote: > > > > On Thu, Nov 3, 2022 at 4:58 PM Benjamin Tissoires > > > > wrote: > > > > > > > > > > Kind of a hack, but works for now: > > > > > > > > > > Instead of listening for any close of eBPF program, we now > > > > > decrement the refcount when we insert it in our internal > > > > > map of fd progs. > > > > > > > > > > This is safe to do because: > > > > > - we listen to any call of destructor of programs > > > > > - when a program is being destroyed, we disable it by removing > > > > > it from any RCU list used by any HID device (so it will never > > > > > be called) > > > > > - we then trigger a job to cleanup the prog fd map, but we overwrite > > > > > the removal of the elements to not do anything on the programs, just > > > > > remove the allocated space > > > > > > > > > > This is better than previously because we can remove the map of known > > > > > programs and their usage count. We now rely on the refcount of > > > > > bpf, which has greater chances of being accurate. > > > > > > > > > > Signed-off-by: Benjamin Tissoires > > > > > > > > > > --- > > > > > > > > So... I am a little bit embarrassed, but it turns out that this hack > > > > is not safe enough. > > > > > > > > If I compile the kernel with LLVM=1, the function > > > > bpf_prog_put_deferred() is optimized in a weird way: if we are not in > > > > irq, the function is inlined into __bpf_prog_put(), but if we are, the > > > > function is still kept around as it is called in a scheduled work > > > > item. > > > > > > > > This is something I completely overlooked: I assume that if the > > > > function would be inlined, the HID entrypoint BPF preloaded object > > > > would not be able to bind, thus deactivating HID-BPF safely. But if a > > > > function can be both inlined and not inlined, then I have no > > > > guarantees that my cleanup call will be called. Meaning that a HID > > > > device might believe there is still a bpf function to call. And things > > > > will get messy, with kernel crashes and others. > > > > > > You should not rely fentry to a static function. This is unstable > > > as compiler could inline it if that static function is called > > > directly. You could attach to a global function if it is not > > > compiled with lto. > > > > But now that the kernel does support LTO, how can you be sure this will > > always work properly? The code author does not know if LTO will kick in > > and optimize this away or not, that's the linker's job. > > Ya, that is right. So for in-kernel bpf programs, attaching to global > functions are not safe either. For other not-in-kernel bpf programs, it > may not work but that is user's responsibility to adjust properly > (to different functions based on a particular build, etc.). So if in-kernel bpf programs will not work or are not safe, how will in-kernel bpf programs properly attach? confused, greg k-h