Re: [PATCH bpf-next 1/2] bpf: introduce helper bpf_find_vma

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> On Nov 1, 2021, at 3:23 PM, Daniel Borkmann <daniel@xxxxxxxxxxxxx> wrote:
> 
> On 10/28/21 12:00 AM, Song Liu wrote:
> [...]
>>  /* integer value in 'imm' field of BPF_CALL instruction selects which helper
>> diff --git a/kernel/bpf/task_iter.c b/kernel/bpf/task_iter.c
>> index b48750bfba5aa..ad30f2e885356 100644
>> --- a/kernel/bpf/task_iter.c
>> +++ b/kernel/bpf/task_iter.c
>> @@ -8,6 +8,7 @@
>>  #include <linux/fdtable.h>
>>  #include <linux/filter.h>
>>  #include <linux/btf_ids.h>
>> +#include <linux/irq_work.h>
>>    struct bpf_iter_seq_task_common {
>>  	struct pid_namespace *ns;
>> @@ -21,6 +22,25 @@ struct bpf_iter_seq_task_info {
>>  	u32 tid;
>>  };
>>  +/* irq_work to run mmap_read_unlock() */
>> +struct task_iter_irq_work {
>> +	struct irq_work irq_work;
>> +	struct mm_struct *mm;
>> +};
>> +
>> +static DEFINE_PER_CPU(struct task_iter_irq_work, mmap_unlock_work);
>> +
>> +static void do_mmap_read_unlock(struct irq_work *entry)
>> +{
>> +	struct task_iter_irq_work *work;
>> +
>> +	if (WARN_ON_ONCE(IS_ENABLED(CONFIG_PREEMPT_RT)))
>> +		return;
>> +
>> +	work = container_of(entry, struct task_iter_irq_work, irq_work);
>> +	mmap_read_unlock_non_owner(work->mm);
>> +}
>> +
>>  static struct task_struct *task_seq_get_next(struct pid_namespace *ns,
>>  					     u32 *tid,
>>  					     bool skip_if_dup_files)
>> @@ -586,9 +606,89 @@ static struct bpf_iter_reg task_vma_reg_info = {
>>  	.seq_info		= &task_vma_seq_info,
>>  };
>>  +BPF_CALL_5(bpf_find_vma, struct task_struct *, task, u64, start,
>> +	   bpf_callback_t, callback_fn, void *, callback_ctx, u64, flags)
>> +{
>> +	struct task_iter_irq_work *work = NULL;
>> +	struct mm_struct *mm = task->mm;
> 
> Won't this NULL deref if called with task argument as NULL?

Will fix. 

> 
>> +	struct vm_area_struct *vma;
>> +	bool irq_work_busy = false;
>> +	int ret = -ENOENT;
>> +
>> +	if (flags)
>> +		return -EINVAL;
>> +
>> +	if (!mm)
>> +		return -ENOENT;
>> +
>> +	/*
>> +	 * Similar to stackmap with build_id support, we cannot simply do
>> +	 * mmap_read_unlock when the irq is disabled. Instead, we need do
>> +	 * the unlock in the irq_work.
>> +	 */
>> +	if (irqs_disabled()) {
>> +		if (!IS_ENABLED(CONFIG_PREEMPT_RT)) {
>> +			work = this_cpu_ptr(&mmap_unlock_work);
>> +			if (irq_work_is_busy(&work->irq_work)) {
>> +				/* cannot queue more mmap_unlock, abort. */
>> +				irq_work_busy = true;
>> +			}
>> +		} else {
>> +			/*
>> +			 * PREEMPT_RT does not allow to trylock mmap sem in
>> +			 * interrupt disabled context, abort.
>> +			 */
>> +			irq_work_busy = true;
>> +		}
>> +	}
>> +
>> +	if (irq_work_busy || !mmap_read_trylock(mm))
>> +		return -EBUSY;
>> +
>> +	vma = find_vma(mm, start);
>> +
>> +	if (vma && vma->vm_start <= start && vma->vm_end > start) {
>> +		callback_fn((u64)(long)task, (u64)(long)vma,
>> +			    (u64)(long)callback_ctx, 0, 0);
>> +		ret = 0;
>> +	}
>> +	if (!work) {
>> +		mmap_read_unlock(current->mm);
>> +	} else {
>> +		work->mm = current->mm;
>> +
>> +		/* The lock will be released once we're out of interrupt
>> +		 * context. Tell lockdep that we've released it now so
>> +		 * it doesn't complain that we forgot to release it.
>> +		 */
>> +		rwsem_release(&current->mm->mmap_lock.dep_map, _RET_IP_);
>> +		irq_work_queue(&work->irq_work);
>> +	}
> 
> Given this is pretty much the same logic around the vma retrieval, could this be
> refactored/consolidated with stack map build id retrieval into a common function?

I thought about sharing the irq_work code amount the two. The problem was we need
to include irq_work.h in bpf.h. But on a second thought, maybe we should just 
move bpf_find_vma to stackmap.c? This will avoid including irq_work.h. I guess it 
is not too weird to have bpf_find_vma in stackmap.c.  

> 
>> +	return ret;
>> +}
>> +
>> +BTF_ID_LIST_SINGLE(btf_find_vma_ids, struct, task_struct)
>> +
>> +const struct bpf_func_proto bpf_find_vma_proto = {
>> +	.func		= bpf_find_vma,
>> +	.ret_type	= RET_INTEGER,
>> +	.arg1_type	= ARG_PTR_TO_BTF_ID,
>> +	.arg1_btf_id	= &btf_find_vma_ids[0],
>> +	.arg2_type	= ARG_ANYTHING,
>> +	.arg3_type	= ARG_PTR_TO_FUNC,
>> +	.arg4_type	= ARG_PTR_TO_STACK_OR_NULL,
>> +	.arg5_type	= ARG_ANYTHING,
>> +};
> [...]
>> diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
>> index c108200378834..056c00da1b5d6 100644
>> --- a/tools/include/uapi/linux/bpf.h
>> +++ b/tools/include/uapi/linux/bpf.h
>> @@ -4915,6 +4915,24 @@ union bpf_attr {
>>   *		Dynamically cast a *sk* pointer to a *unix_sock* pointer.
>>   *	Return
>>   *		*sk* if casting is valid, or **NULL** otherwise.
>> + * long bpf_find_vma(struct task_struct *task, u64 addr, void *callback_fn, void *callback_ctx, u64 flags)
> 
> nit: Wrongly copied uapi header over to tooling?

Right... You get really good eyes. :-)

[...]



[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux