Received: by 2002:a05:7412:2a91:b0:fc:a2b0:25d7 with SMTP id u17csp716102rdh; Wed, 14 Feb 2024 09:12:31 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWLl1p4K8Z882JSJFENLnK2nMlrbHnoTckJxoWVktmGK5qPG9ZEthIBlhfG951DshdeliTq0Nvd2It906TLAAk/wkGPZlveuBpQ0JuJeQ== X-Google-Smtp-Source: AGHT+IEFayQgmbJscHHNDfc6GzUhOsvzC0CSms5dgVbLNCIYixyMQVUkilBytSHBK8EQ2NUYJEpi X-Received: by 2002:a05:6358:7699:b0:17a:e788:9dc6 with SMTP id e25-20020a056358769900b0017ae7889dc6mr4503537rwg.9.1707930750927; Wed, 14 Feb 2024 09:12:30 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707930750; cv=pass; d=google.com; s=arc-20160816; b=pdaoK3tOJEV1yf/rB7914aMw5Md7PLYimQnKi7OoC7Z0wWiann82z8MDw5pM5T/DHg +hB9oIC29ztstsGuJGtC7rsYqAzFz/Hl7i4GvDLP1jXZaRaohbyXnE1BjgtlEgXY49O2 SQuP99o4KfbdZWuoNI5KRcX9mqP0+aRyOyYIRGPns52ri9piYvit1eUd5U1nwwu/VbJc +boi9VRDER84UAsVZc4SVWV1HFTqFIybrhbFds6nytVZYTWIwvURBpPg8UEbxPaB4PlC MNPyVV7jq4EQxUCZM5DHMWL+DNa/w6Rj77M3aiuBxtU6aUYbG3YJ2LDhMMoWqw3PDTFo 5UDw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:from:date:dkim-signature; bh=qv91V0eIU+1RU+rHjc/XaIxKMIqOwr2WbJl8TYVwNG4=; fh=9FIEHNzLrvvL/cM96sASv+itaxSBkItbR3T9BxsQpAw=; b=WwJjUoHtvp5PNlq41FQrXRzCF1HVPUHVjNOsub9LLhR//abfLlaAw7Y5z3wzFButHj quoH79ttyVUyILo+w+XK+9i0nnK5bFyl2uAKMjpsC1djrwUhPGHq06HBzK3ihzU561O0 bd3t4OQGXtFTQMUBIIfSy5IkD5FNYMiDVArJca1FHYbZtyOC/fj2rN0dI5f5Dyo0nM7m NXfB3wKCKVhTv20RPsRMIywjrEvh+YbNixEutQaK60ewUhr4WPDch+kr2mQ6lXyUyFnJ 0+CLakxPHUQ9kmL2lhoyqBW2TQW/oucjx3lPnrIWI88qPBcibnGyHEvriAuXpq0lF5IO rS6g==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=uSBuA6CN; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-65624-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-65624-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org X-Forwarded-Encrypted: i=2; AJvYcCV3B7nulxZ9YvnIEfjXJ2QpoE8oZrsZvdkT6EbiC1kQLqLEAMSPMgryf1fjIE5/iIKL8UFTg0FhVex3tHMZlRP3RdEfwKgYJpHVlio/RQ== Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id v17-20020ac873d1000000b0042c72b76383si5421557qtp.53.2024.02.14.09.12.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 14 Feb 2024 09:12:30 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-65624-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=uSBuA6CN; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-65624-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-65624-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 736BB1C28DE2 for ; Wed, 14 Feb 2024 17:12:30 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3986160BAE; Wed, 14 Feb 2024 17:11:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="uSBuA6CN" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 273726087D; Wed, 14 Feb 2024 17:10:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707930661; cv=none; b=F2hrDwDkUewkKUDB4oYFur6ik3MG/73VsPGz5QMfItIZw8BQ2EOQoWad7J2PjR1wflukDN957KtJS1Q/JkP/LzfSz+kT9KYIZQqHPKopMIBR2hha523SIH4XZAf7a+0uhPtMBxnB990GegEzutmprpkJxcmQxnF94t5pdYtOMX8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707930661; c=relaxed/simple; bh=A6NbyRZQhC46qPsrT0BBp6me28szmBiiUUjKG4u5PT4=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=GIbKYlWp6IWUo5/wx1S+PqyZCFZTPgiNKjpnn4jriiqHctDBrXQQI1pOyKyZqoKW9ON7eLvhT61gy0kj7+85qhMGKbuuXDHBqiA83j0CbMSoqcw6j/fyAR4KbI8HgZp+Iqa4Ymll8GqJ7gd/8gD0yJqs5C6ECshRULzkrmsM27Q= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=uSBuA6CN; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id F2FB4C43601; Wed, 14 Feb 2024 17:10:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1707930659; bh=A6NbyRZQhC46qPsrT0BBp6me28szmBiiUUjKG4u5PT4=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=uSBuA6CNHXE7KeWvUxHCv8XUEy7YyEQ9KOnw8syeKd65PeMoml6JLITOjmUgZL1h1 1r/o39U9gpoI3eLY8Dy+Woi+y2ZESnI1lE0i+utAPjHGI2JOJfpUv4gUM+FnhHuFyA zTlD9IzT08eFSfjrV5UL97Niv7ZvXsoZ5Ui+8RwkDpYJGYK3Y0m9RafBu49bD0sw0t C6fuAet39YnNfFNzXtxtklDO2ougI34VJtKJQAOComG2377YMWV0j9zWwZ80adERtr BCGw8R1eM03m1UsEQL47IXzebdDou5lyWiZn3IX0XiOOsVpvyX40iQXi/fkUi1FIYE /UqfYUDMIBHYA== Date: Wed, 14 Feb 2024 18:10:51 +0100 From: Benjamin Tissoires To: Kumar Kartikeya Dwivedi Cc: Alexei Starovoitov , Benjamin Tissoires , Toke =?utf-8?Q?H=C3=B8iland-J=C3=B8rgensen?= , Alexei Starovoitov , Daniel Borkmann , John Fastabend , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Jiri Kosina , Jonathan Corbet , Shuah Khan , bpf , LKML , "open list:HID CORE LAYER" , "open list:DOCUMENTATION" , "open list:KERNEL SELFTEST FRAMEWORK" Subject: Re: [PATCH RFC bpf-next 0/9] allow HID-BPF to do device IOs Message-ID: References: <20240209-hid-bpf-sleepable-v1-0-4cc895b5adbd@kernel.org> <87bk8pve2z.fsf@toke.dk> <875xyxva9u.fsf@toke.dk> <87r0hhfudh.fsf@toke.dk> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: On Feb 13 2024, Kumar Kartikeya Dwivedi wrote: > On Tue, 13 Feb 2024 at 18:46, Benjamin Tissoires wrote: > > > > On Feb 12 2024, Alexei Starovoitov wrote: > > > On Mon, Feb 12, 2024 at 10:21 AM Benjamin Tissoires > > > wrote: > > > > > > > > On Mon, Feb 12, 2024 at 6:46 PM Toke Høiland-Jørgensen wrote: > > > > > > > > > > Benjamin Tissoires writes: > > > > > > > [...] > > > I agree that workqueue delegation fits into the bpf_timer concept and > > > a lot of code can and should be shared. > > > > Thanks Alexei for the detailed answer. I've given it an attempt but still can not > > figure it out entirely. > > > > > All the lessons(bugs) learned with bpf_timer don't need to be re-discovered :) > > > Too bad, bpf_timer_set_callback() doesn't have a flag argument, > > > so we need a new kfunc to set a sleepable callback. > > > Maybe > > > bpf_timer_set_sleepable_cb() ? > > > > OK. So I guess I should drop Toke's suggestion with the bpf_timer_ini() flag? > > > > > The verifier will set is_async_cb = true for it (like it does for regular cb-s). > > > And since prog->aux->sleepable is kinda "global" we need another > > > per subprog flag: > > > bool is_sleepable: 1; > > > > done (in push_callback_call()) > > > > > > > > We can factor out a check "if (prog->aux->sleepable)" into a helper > > > that will check that "global" flag and another env->cur_state->in_sleepable > > > flag that will work similar to active_rcu_lock. > > > > done (I think), cf patch 2 below > > > > > Once the verifier starts processing subprog->is_sleepable > > > it will set cur_state->in_sleepable = true; > > > to make all subprogs called from that cb to be recognized as sleepable too. > > > > That's the point I don't know where to put the new code. > > > > I think that would go in the already existing special case for > push_async_cb where you get the verifier state of the async callback. > You can make setting the boolean in that verifier state conditional on > whether it's your kfunc/helper you're processing taking a sleepable > callback. Hehe, thanks a lot. Indeed, it was a simple fix. I tried to put this everywhere but here, and with your help got it working in 2 mins :) > > > It seems the best place would be in do_check(), but I am under the impression > > that the code of the callback is added at the end of the instruction list, meaning > > that I do not know where it starts, and which subprog index it corresponds to. > > > > > > > > A bit of a challenge is what to do with global subprogs, > > > since they're verified lazily. They can be called from > > > sleepable and non-sleepable contex. Should be solvable. > > > > I must confess this is way over me (and given that I didn't even managed to make > > the "easy" case working, that might explain things a little :-P ) > > > > I think it will be solvable but made somewhat difficult by the fact > that even if we mark subprog_info of some global_func A as > in_sleepable, so that we explore it as sleepable during its > verification, we might encounter later another global_func that calls > a global func, already explored as non-sleepable, in sleepable > context. In this case I think we need to redo the verification of that > global func as sleepable once again. It could be that it is called > from both non-sleepable and sleepable contexts, so both paths > (in_sleepable = true, and in_sleepable = false) need to be explored, > or we could reject such cases, but it might be a little restrictive. > > Some common helper global func unrelated to caller context doing some > auxiliary work, called from sleepable timer callback and normal main > subprog might be an example where rejection will be prohibitive. > > An approach might be to explore main and global subprogs once as we do > now, and then keep a list of global subprogs that need to be revisited > as in_sleepable (due to being called from a sleepable context) and > trigger do_check_common for them again, this might have to be repeated > as the list grows on each iteration, but eventually we will have > explored all of them as in_sleepable if need be, and the loop will > end. Surely, this trades off logical simplicity of verifier code with > redoing verification of global subprogs again. > > To add items to such a list, for each global subprog we encounter that > needs to be analyzed as in_sleepable, we will also collect all its > callee global subprogs by walking its instructions (a bit like > check_max_stack_depth does). FWIW, this (or Alexei's suggestion) is still not implemented in v2 > > > > > > > Overall I think this feature is needed urgently, > > > so if you don't have cycles to work on this soon, > > > I can prioritize it right after bpf_arena work. > > > > I can try to spare a few cycles on it. Even if your instructions were on > > spot, I still can't make the subprogs recognized as sleepable. > > > > For reference, this is where I am (probably bogus, but seems to be > > working when timer_set_sleepable_cb() is called from a sleepable context > > as mentioned by Toke): > > > > I just skimmed the patch but I think it's already 90% there. The only > other change I would suggest is switching from helper to kfunc, as > originally proposed by Alexei. the kfunc was a rabbit hole: - I needed to teach the verifier about BPF_TIMER in kfunc - I needed to teach the verifier about the kfunc itself - I'm failing at calling the callback :( Anyway, I'm about to send a second RFC so we can discuss on the code and see where my monkey patching capabilities are reaching their limits. Cheers, Benjamin