diff mbox series

[bpf-next,2/2] bpf: Expose bpf_d_path helper to sleepable LSM hooks

Message ID 20201112171907.373433-2-kpsingh@chromium.org (mailing list archive)
State Changes Requested
Delegated to: BPF
Headers show
Series [bpf-next,1/2] bpf: Augment the set of sleepable LSM hooks | expand

Checks

Context Check Description
netdev/cover_letter success Link
netdev/fixes_present success Link
netdev/patch_count success Link
netdev/tree_selection success Clearly marked for bpf-next
netdev/subject_prefix success Link
netdev/source_inline success Was 0 now: 0
netdev/verify_signedoff success Link
netdev/module_param success Was 0 now: 0
netdev/build_32bit fail Errors and warnings before: 37 this patch: 37
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/verify_fixes success Link
netdev/checkpatch fail Link
netdev/build_allmodconfig_warn success Errors and warnings before: 33 this patch: 33
netdev/header_inline success Link
netdev/stable success Stable not CCed

Commit Message

KP Singh Nov. 12, 2020, 5:19 p.m. UTC
From: KP Singh <kpsingh@google.com>

Sleepable hooks are never called from an NMI/interrupt context, so it is
safe to use the bpf_d_path helper in LSM programs attaching to these
hooks.

The helper is not restricted to sleepable programs and merely uses the
list of sleeable hooks as the initial subset of LSM hooks where it can
be used.

Signed-off-by: KP Singh <kpsingh@google.com>
---
 kernel/trace/bpf_trace.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

Comments

Andrii Nakryiko Nov. 12, 2020, 6:50 p.m. UTC | #1
On Thu, Nov 12, 2020 at 9:20 AM KP Singh <kpsingh@chromium.org> wrote:
>
> From: KP Singh <kpsingh@google.com>
>
> Sleepable hooks are never called from an NMI/interrupt context, so it is
> safe to use the bpf_d_path helper in LSM programs attaching to these
> hooks.
>
> The helper is not restricted to sleepable programs and merely uses the
> list of sleeable hooks as the initial subset of LSM hooks where it can
> be used.
>
> Signed-off-by: KP Singh <kpsingh@google.com>
> ---

LGTM.

Acked-by: Andrii Nakryiko <andrii@kernel.org>


>  kernel/trace/bpf_trace.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
> index e4515b0f62a8..eab1af02c90d 100644
> --- a/kernel/trace/bpf_trace.c
> +++ b/kernel/trace/bpf_trace.c
> @@ -16,6 +16,7 @@
>  #include <linux/syscalls.h>
>  #include <linux/error-injection.h>
>  #include <linux/btf_ids.h>
> +#include <linux/bpf_lsm.h>
>
>  #include <uapi/linux/bpf.h>
>  #include <uapi/linux/btf.h>
> @@ -1178,7 +1179,11 @@ BTF_SET_END(btf_allowlist_d_path)
>
>  static bool bpf_d_path_allowed(const struct bpf_prog *prog)
>  {
> -       return btf_id_set_contains(&btf_allowlist_d_path, prog->aux->attach_btf_id);
> +       if (prog->type == BPF_PROG_TYPE_LSM)
> +               return bpf_lsm_is_sleepable_hook(prog->aux->attach_btf_id);
> +
> +       return btf_id_set_contains(&btf_allowlist_d_path,
> +                                  prog->aux->attach_btf_id);
>  }
>
>  BTF_ID_LIST_SINGLE(bpf_d_path_btf_ids, struct, path)
> --
> 2.29.2.222.g5d2a92d10f8-goog
>
Yonghong Song Nov. 13, 2020, 3:18 a.m. UTC | #2
On 11/12/20 9:19 AM, KP Singh wrote:
> From: KP Singh <kpsingh@google.com>
> 
> Sleepable hooks are never called from an NMI/interrupt context, so it is
> safe to use the bpf_d_path helper in LSM programs attaching to these
> hooks.
> 
> The helper is not restricted to sleepable programs and merely uses the
> list of sleeable hooks as the initial subset of LSM hooks where it can

sleeable => sleepable

probably not need to resend if no other major changes. The maintainer
can just fix it up before merging.

> be used.
> 
> Signed-off-by: KP Singh <kpsingh@google.com>

Acked-by: Yonghong Song <yhs@fb.com>
Daniel Borkmann Nov. 13, 2020, 3:33 p.m. UTC | #3
On 11/13/20 4:18 AM, Yonghong Song wrote:
> 
> 
> On 11/12/20 9:19 AM, KP Singh wrote:
>> From: KP Singh <kpsingh@google.com>
>>
>> Sleepable hooks are never called from an NMI/interrupt context, so it is
>> safe to use the bpf_d_path helper in LSM programs attaching to these
>> hooks.
>>
>> The helper is not restricted to sleepable programs and merely uses the
>> list of sleeable hooks as the initial subset of LSM hooks where it can
> 
> sleeable => sleepable
> 
> probably not need to resend if no other major changes. The maintainer
> can just fix it up before merging.

Did while rebasing & applying, thanks everyone!

>> be used.
>>
>> Signed-off-by: KP Singh <kpsingh@google.com>
> 
> Acked-by: Yonghong Song <yhs@fb.com>
diff mbox series

Patch

diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index e4515b0f62a8..eab1af02c90d 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -16,6 +16,7 @@ 
 #include <linux/syscalls.h>
 #include <linux/error-injection.h>
 #include <linux/btf_ids.h>
+#include <linux/bpf_lsm.h>
 
 #include <uapi/linux/bpf.h>
 #include <uapi/linux/btf.h>
@@ -1178,7 +1179,11 @@  BTF_SET_END(btf_allowlist_d_path)
 
 static bool bpf_d_path_allowed(const struct bpf_prog *prog)
 {
-	return btf_id_set_contains(&btf_allowlist_d_path, prog->aux->attach_btf_id);
+	if (prog->type == BPF_PROG_TYPE_LSM)
+		return bpf_lsm_is_sleepable_hook(prog->aux->attach_btf_id);
+
+	return btf_id_set_contains(&btf_allowlist_d_path,
+				   prog->aux->attach_btf_id);
 }
 
 BTF_ID_LIST_SINGLE(bpf_d_path_btf_ids, struct, path)