Received: by 2002:a05:7412:6592:b0:d7:7d3a:4fe2 with SMTP id m18csp1187575rdg;
        Fri, 11 Aug 2023 12:42:25 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IFc4yWI0UArsaN58NWM8xS95flJDnTB/K1ybuF+AcJQ1kbWC7HHGOD8QZ4V9n3urLnWrv1W
X-Received: by 2002:a17:907:3f9c:b0:992:103c:43fa with SMTP id hr28-20020a1709073f9c00b00992103c43famr7868819ejc.30.1691782944991;
        Fri, 11 Aug 2023 12:42:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1691782944; cv=none;
        d=google.com; s=arc-20160816;
        b=OtTt9e0huM8UtuPqjoqz2MEhjwi6jVzGO0s6uL5Fb42WauE5IbYIWBbBkLDUoFTyl6
         nOP9aoBfzwv5Nfv/XKQOB+bHwyQFZ8chz5QHPbmJzeNhooi9lhrjIu9ajpq4PwhA0MPe
         ToqScPfZOtc/3YvXHNkDSvIwsQlqjDwMpry5P6N0aIbkrcpqhdugMP+CmnVlLPECPwA1
         S9GuXm8lEaAi86zGTPs5E+W7FqFt/gL1VodaMJfdn3uEWsK3vTevtUhn+fXffuQIhbip
         VoOwp6hi0MUmtp7ySNzGaTA3xTo7Mer7zoboL0cBWh0pUAoiXBe+K+x5g/iQz645tegg
         mEtg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:in-reply-to:from
         :references:cc:to:content-language:subject:mime-version:date
         :dkim-signature:message-id;
        bh=pY6Cy8ELt8uF4S5CTSWG28fXXJyMELP2kXVCeOe44cA=;
        fh=167WG/v2gSjr9V9fesDQjJK4FjKyNSbxpIa1Xvm+JZ4=;
        b=XnXW/NogdRSMG7P+JuWTpJ/B8Q6Eh9775zULtpo/3SMGQcxwP68Rz0eRu2Y/ueqndR
         iyIUvXAwZue8pCAkYqS/tbo7Kn9oXTGSnpJFaD4pIK6AKPxUIZkpOyZW1SE8Py+nEYNN
         XWCk5tE66xWG0YRP7+xGxytrK/gkdA88biRJGs3JseORVSIBSFOLhxDvU5mzfCCRLB6V
         G0BelRpOJrJzXjXhnTXQY6NyYmpUXHODoa4S9ft1Y2RVplQ5ccJnvsr/HmWMouseFaHI
         nPexkTljcPlJxFjfNSWxBTH0GW8hELeeosH51ywxWT1d1hKO2ZAmSZdsQnKmcHCe9lvW
         LxHA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linux.dev header.s=key1 header.b="pO/in5PQ";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id h19-20020a170906591300b009930d9d6b4csi3812790ejq.888.2023.08.11.12.41.59;
        Fri, 11 Aug 2023 12:42:24 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux.dev header.s=key1 header.b="pO/in5PQ";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236127AbjHKRfO (ORCPT <rfc822;artur.folwarczny@gmail.com>
        + 99 others); Fri, 11 Aug 2023 13:35:14 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55412 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S236843AbjHKRfN (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 11 Aug 2023 13:35:13 -0400
Received: from out-109.mta0.migadu.com (out-109.mta0.migadu.com [91.218.175.109])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8D1DB30D7
        for <linux-kernel@vger.kernel.org>; Fri, 11 Aug 2023 10:35:12 -0700 (PDT)
Message-ID: <fe388d79-bdfc-0480-5f4b-1a40016fd53d@linux.dev>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1;
        t=1691775310;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=pY6Cy8ELt8uF4S5CTSWG28fXXJyMELP2kXVCeOe44cA=;
        b=pO/in5PQR2CzyBbHhwtz7LEuPFiUmbd/6yRlYQl25/FiyGlxRcV7HpWsE+zUP1MCH4Llxn
        +IuEMEMgZfxhJSYcbvlOyRXZJPvH8E0qVfDfEZl+C6WvPgY49PtvnJcynR5Y2BXdNMCux3
        Ss+I49Ff1pbQEjrotsbmOdlke4+RPwM=
Date:   Fri, 11 Aug 2023 10:35:03 -0700
MIME-Version: 1.0
Subject: Re: [PATCH bpf-next] bpf: Support default .validate() and .update()
 behavior for struct_ops links
Content-Language: en-US
To:     David Vernet <void@manifault.com>
Cc:     bpf@vger.kernel.org, ast@kernel.org, daniel@iogearbox.net,
        andrii@kernel.org, song@kernel.org, yhs@fb.com,
        john.fastabend@gmail.com, kpsingh@kernel.org, haoluo@google.com,
        jolsa@kernel.org, linux-kernel@vger.kernel.org,
        kernel-team@meta.com, tj@kernel.org, clm@meta.com,
        thinker.li@gmail.com, Stanislav Fomichev <sdf@google.com>
References: <20230810220456.521517-1-void@manifault.com>
 <ZNVousfpuRFgfuAo@google.com> <20230810230141.GA529552@maniforge>
 <ZNVvfYEsLyotn+G1@google.com>
X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers.
From:   Martin KaFai Lau <martin.lau@linux.dev>
In-Reply-To: <ZNVvfYEsLyotn+G1@google.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Migadu-Flow: FLOW_OUT
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED,
        SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 8/10/23 4:15 PM, Stanislav Fomichev wrote:
> On 08/10, David Vernet wrote:
>> On Thu, Aug 10, 2023 at 03:46:18PM -0700, Stanislav Fomichev wrote:
>>> On 08/10, David Vernet wrote:
>>>> Currently, if a struct_ops map is loaded with BPF_F_LINK, it must also
>>>> define the .validate() and .update() callbacks in its corresponding
>>>> struct bpf_struct_ops in the kernel. Enabling struct_ops link is useful
>>>> in its own right to ensure that the map is unloaded if an application
>>>> crashes. For example, with sched_ext, we want to automatically unload
>>>> the host-wide scheduler if the application crashes. We would likely
>>>> never support updating elements of a sched_ext struct_ops map, so we'd
>>>> have to implement these callbacks showing that they _can't_ support
>>>> element updates just to benefit from the basic lifetime management of
>>>> struct_ops links.
>>>>
>>>> Let's enable struct_ops maps to work with BPF_F_LINK even if they
>>>> haven't defined these callbacks, by assuming that a struct_ops map
>>>> element cannot be updated by default.
>>>
>>> Any reason this is not part of sched_ext series? As you mention,
>>> we don't seem to have such users in the three?
>>
>> Hi Stanislav,
>>
>> The sched_ext series [0] implements these callbacks. See
>> bpf_scx_update() and bpf_scx_validate().
>>
>> [0]: https://lore.kernel.org/all/20230711011412.100319-13-tj@kernel.org/
>>
>> We could add this into that series and remove those callbacks, but this
>> patch is fixing a UX / API issue with struct_ops links that's not really
>> relevant to sched_ext. I don't think there's any reason to couple
>> updating struct_ops map elements with allowing the kernel to manage the
>> lifetime of struct_ops maps -- just because we only have 1 (non-test)

Agree the link-update does not necessarily couple with link-creation, so 
removing 'link' update function enforcement is ok. The intention was to avoid 
the struct_ops link inconsistent experience (one struct_ops link support update 
and another struct_ops link does not) because consistency was one of the reason 
for the true kernel backed link support that Kui-Feng did. tcp-cc is the only 
one for now in struct_ops and it can support update, so the enforcement is here. 
I can see Stan's point that removing it now looks immature before a struct_ops 
landed in the kernel showing it does not make sense or very hard to support 
'link' update. However, the scx patch set has shown this point, so I think it is 
good enough.

For 'validate', it is not related a 'link' update. It is for the struct_ops 
'map' update. If the loaded struct_ops map is invalid, it will end up having a 
useless struct_ops map and no link can be created from it. I can see some 
struct_ops subsystem check all the 'ops' function for NULL before calling (like 
the FUSE RFC). I can also see some future struct_ops will prefer not to check 
NULL at all and prefer to assume a subset of the ops is always valid. Does 
having a 'validate' enforcement is blocking the scx patchset in some way? If 
not, I would like to keep this for now. Once it is removed, there is no turning 
back.

>> struct_ops implementation in-tree doesn't mean we shouldn't improve APIs
>> where it makes sense.
>>
>> Thanks,
>> David
> 
> Ack. I guess up to you and Martin. Just trying to understand whether I'm
> missing something or the patch does indeed fix some use-case :-)