On Tue, Aug 13, 2024 at 4:03 PM Andrii Nakryiko <andrii@xxxxxxxxxx> wrote: > > This patch set extracts all the BPF-related changes done in [0] into > a separate series based on top of stable-struct_fd branch ([1]) merged into > bpf-next tree. There are also a few changes, additions, and adjustments: > > - patch subjects adjusted to use "bpf: " prefix consistently; > - patch #2 is extracting bpf-related changes from original patch #19 > ("fdget_raw() users: switch to CLASS(fd_raw, ...)") and is ordered a bit > earlier in this patch set; > - patch #3 is reimplemented and replaces original patch #17 > ("bpf: resolve_pseudo_ldimm64(): take handling of a single ldimm64 insn into helper") > completely; > - in patch #4 ("bpf: switch maps to CLASS(fd, ...)"), which was originally > patch #18 ("bpf maps: switch to CLASS(fd, ...)"), I've combined > __bpf_get_map() and bpf_file_to_map() into __bpf_get_map(), as the latter > is only used from it and makes no sense to keep separate; > - as part of rebasing patch #4, I adjusted newly added in patch #3 > add_used_map_from_fd() function to use CLASS(fd, ...), as now > __bpf_get_map() doesn't do its own fdput() anymore. This made unnecessary > any further bpf_map_inc() changes, because we still rely on struct fd to > keep map's file reference alive; > - patches #5 and #6 are BPF-specific bits extracted from original patch #23 > ("fdget(), trivial conversions") and #24 ("fdget(), more trivial conversions"); > - patch #7 constifies security_bpf_token_create() LSM hook; > - patch #8 is original patch #35 ("convert bpf_token_create()"), with > path_get()+path_put() removed now that LSM hook above was adjusted. > > All these patches were pushed into a separate bpf-next/struct_fd branch ([2]). > They were also merged into bpf-next/for-next so they can get early testing in > linux-next. > > [0] https://lore.kernel.org/bpf/20240730050927.GC5334@ZenIV/ > [1] https://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git/log/?h=stable-struct_fd > [2] https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/log/?h=struct_fd > > Al Viro (6): > bpf: convert __bpf_prog_get() to CLASS(fd, ...) > bpf: switch fdget_raw() uses to CLASS(fd_raw, ...) > bpf: switch maps to CLASS(fd, ...) > bpf: trivial conversions for fdget() > bpf: more trivial fdget() conversions > bpf: convert bpf_token_create() to CLASS(fd, ...) > > Andrii Nakryiko (2): > bpf: factor out fetching bpf_map from FD and adding it to used_maps > list > security,bpf: constify struct path in bpf_token_create() LSM hook > Al, Christian, Can you guys please take a look and let us know if this looks sane and fine to you? I kept Al's patches mostly intact (see my notes in the cover letter above), and patch #3 does the refactoring I proposed earlier, keeping explicit fdput() temporarily, until Al's __bpf_map_get() refactoring which allows and nice and simple CLASS(fd) conversion. I think we end up at exactly what the end goal of the original series is: using CLASS(fd, ...) throughout with all the benefits. > include/linux/bpf.h | 11 +- > include/linux/lsm_hook_defs.h | 2 +- > include/linux/security.h | 4 +- > kernel/bpf/bpf_inode_storage.c | 24 ++--- > kernel/bpf/btf.c | 11 +- > kernel/bpf/map_in_map.c | 38 ++----- > kernel/bpf/syscall.c | 181 +++++++++------------------------ > kernel/bpf/token.c | 74 +++++--------- > kernel/bpf/verifier.c | 110 +++++++++++--------- > net/core/sock_map.c | 23 ++--- > security/security.c | 2 +- > security/selinux/hooks.c | 2 +- > 12 files changed, 179 insertions(+), 303 deletions(-) > > -- > 2.43.5 >