public inbox for netdev@vger.kernel.org 
 help / color / mirror / Atom feed

From: Thomas Gleixner <tglx@linutronix•de>
To: LKML <linux-kernel@vger•kernel.org>
Cc: David Miller <davem@davemloft•net>,
	bpf@vger•kernel.org, netdev@vger•kernel.org,
	Alexei Starovoitov <ast@kernel•org>,
	Daniel Borkmann <daniel@iogearbox•net>,
	Sebastian Sewior <bigeasy@linutronix•de>,
	Peter Zijlstra <peterz@infradead•org>,
	Clark Williams <williams@redhat•com>,
	Steven Rostedt <rostedt@goodmis•org>,
	Juri Lelli <juri.lelli@redhat•com>,
	Ingo Molnar <mingo@kernel•org>,
	Mathieu Desnoyers <mathieu.desnoyers@efficios•com>,
	Vinicius Costa Gomes <vinicius.gomes@intel•com>,
	Jakub Kicinski <kuba@kernel•org>
Subject: [patch V3 02/22] bpf: Enforce preallocation for instrumentation programs on RT
Date: Mon, 24 Feb 2020 15:01:33 +0100	[thread overview]
Message-ID: <20200224145642.648784007@linutronix.de> (raw)
In-Reply-To: 20200224140131.461979697@linutronix.de

Aside of the general unsafety of run-time map allocation for
instrumentation type programs RT enabled kernels have another constraint:

The instrumentation programs are invoked with preemption disabled, but the
memory allocator spinlocks cannot be acquired in atomic context because
they are converted to 'sleeping' spinlocks on RT.

Therefore enforce map preallocation for these programs types when RT is
enabled.

Signed-off-by: Thomas Gleixner <tglx@linutronix•de>
---
V3: New patch
---
 kernel/bpf/verifier.c |   13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -8168,16 +8168,21 @@ static int check_map_prog_compatibility(
 	 * of the memory allocator or at a place where a recursion into the
 	 * memory allocator would see inconsistent state.
 	 *
-	 * For now running such programs is allowed for backwards
-	 * compatibility reasons, but warnings are emitted so developers are
-	 * made aware of the unsafety and can fix their programs before this
-	 * is enforced.
+	 * On RT enabled kernels run-time allocation of all trace type
+	 * programs is strictly prohibited due to lock type constraints. On
+	 * !RT kernels it is allowed for backwards compatibility reasons for
+	 * now, but warnings are emitted so developers are made aware of
+	 * the unsafety and can fix their programs before this is enforced.
 	 */
 	if (is_tracing_prog_type(prog->type) && !is_preallocated_map(map)) {
 		if (prog->type == BPF_PROG_TYPE_PERF_EVENT) {
 			verbose(env, "perf_event programs can only use preallocated hash map\n");
 			return -EINVAL;
 		}
+		if (IS_ENABLED(CONFIG_PREEMPT_RT)) {
+			verbose(env, "trace type programs can only use preallocated hash map\n");
+			return -EINVAL;
+		}
 		WARN_ONCE(1, "trace type BPF program uses run-time allocation\n");
 		verbose(env, "trace type programs with run-time allocated hash maps are unsafe. Switch to preallocated hash maps.\n");
 	}

next prev parent reply	other threads:[~2020-02-24 15:04 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-02-24 14:01 [patch V3 00/22] bpf: Make BPF and PREEMPT_RT co-exist Thomas Gleixner
2020-02-24 14:01 ` [patch V3 01/22] bpf: Tighten the requirements for preallocated hash maps Thomas Gleixner
2020-02-24 14:01 ` Thomas Gleixner [this message]
2020-02-24 14:01 ` [patch V3 03/22] bpf: Update locking comment in hashtab code Thomas Gleixner
2020-02-24 14:01 ` [patch V3 04/22] bpf/tracing: Remove redundant preempt_disable() in __bpf_trace_run() Thomas Gleixner
2020-02-24 14:01 ` [patch V3 05/22] bpf/trace: Remove EXPORT from trace_call_bpf() Thomas Gleixner
2020-02-24 18:16   ` Alexei Starovoitov
2020-02-24 14:01 ` [patch V3 06/22] bpf/trace: Remove redundant preempt_disable " Thomas Gleixner
2020-02-24 19:40   ` Alexei Starovoitov
2020-02-24 20:42     ` Thomas Gleixner
2020-02-25  0:33       ` Alexei Starovoitov
2020-02-25 12:36         ` Thomas Gleixner
2020-02-24 14:01 ` [patch V3 07/22] perf/bpf: Remove preempt disable around BPF invocation Thomas Gleixner
2020-02-24 14:01 ` [patch V3 08/22] bpf: Remove recursion prevention from rcu free callback Thomas Gleixner
2020-02-24 14:01 ` [patch V3 09/22] bpf: Dont iterate over possible CPUs with interrupts disabled Thomas Gleixner
2020-02-24 14:01 ` [patch V3 10/22] bpf: Provide bpf_prog_run_pin_on_cpu() helper Thomas Gleixner
2020-02-24 18:14   ` Thomas Gleixner
2020-02-24 18:41   ` [patch V4 " Thomas Gleixner
2020-02-24 14:01 ` [patch V3 11/22] bpf: Replace cant_sleep() with cant_migrate() Thomas Gleixner
2020-02-24 14:01 ` [patch V3 12/22] bpf: Use bpf_prog_run_pin_on_cpu() at simple call sites Thomas Gleixner
2020-02-24 14:01 ` [patch V3 13/22] bpf/tests: Use migrate disable instead of preempt disable Thomas Gleixner
2020-02-24 14:01 ` [patch V3 14/22] bpf: Use migrate_disable/enabe() in trampoline code Thomas Gleixner
2020-02-24 14:01 ` [patch V3 15/22] bpf: Use migrate_disable/enable in array macros and cgroup/lirc code Thomas Gleixner
2020-02-24 14:01 ` [patch V3 16/22] bpf: Provide recursion prevention helpers Thomas Gleixner
2020-02-24 14:01 ` [patch V3 17/22] bpf: Use recursion prevention helpers in hashtab code Thomas Gleixner
2020-02-24 14:01 ` [patch V3 18/22] bpf: Replace open coded recursion prevention in sys_bpf() Thomas Gleixner
2020-02-24 14:01 ` [patch V3 19/22] bpf: Factor out hashtab bucket lock operations Thomas Gleixner
2020-02-24 14:01 ` [patch V3 20/22] bpf: Prepare hashtab locking for PREEMPT_RT Thomas Gleixner
2020-02-24 14:01 ` [patch V3 21/22] bpf, lpm: Make locking RT friendly Thomas Gleixner
2020-02-24 14:01 ` [patch V3 22/22] bpf/stackmap: Dont trylock mmap_sem with PREEMPT_RT and interrupts disabled Thomas Gleixner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200224145642.648784007@linutronix.de \
    --to=tglx@linutronix$(echo .)de \
    --cc=ast@kernel$(echo .)org \
    --cc=bigeasy@linutronix$(echo .)de \
    --cc=bpf@vger$(echo .)kernel.org \
    --cc=daniel@iogearbox$(echo .)net \
    --cc=davem@davemloft$(echo .)net \
    --cc=juri.lelli@redhat$(echo .)com \
    --cc=kuba@kernel$(echo .)org \
    --cc=linux-kernel@vger$(echo .)kernel.org \
    --cc=mathieu.desnoyers@efficios$(echo .)com \
    --cc=mingo@kernel$(echo .)org \
    --cc=netdev@vger$(echo .)kernel.org \
    --cc=peterz@infradead$(echo .)org \
    --cc=rostedt@goodmis$(echo .)org \
    --cc=vinicius.gomes@intel$(echo .)com \
    --cc=williams@redhat$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox