diff mbox series

[RFC,bpf-next,2/8] sched_ext: Add filter for scx_kfunc_ids_select_cpu

Message ID AM6PR03MB50805D6F4B8710EDB304CF5C99F72@AM6PR03MB5080.eurprd03.prod.outlook.com (mailing list archive)
State Superseded
Delegated to: BPF
Headers show
Series bpf, sched_ext: Make kfunc filters support struct_ops context to reduce runtime overhead | expand

Checks

Context Check Description
bpf/vmtest-bpf-next-PR success PR summary
bpf/vmtest-bpf-next-VM_Test-3 success Logs for Validate matrix.py
bpf/vmtest-bpf-next-VM_Test-0 success Logs for Lint
bpf/vmtest-bpf-next-VM_Test-4 pending Logs for aarch64-gcc / build / build for aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-6 pending Logs for s390x-gcc / build / build for s390x with gcc
bpf/vmtest-bpf-next-VM_Test-2 success Logs for Unittests
bpf/vmtest-bpf-next-VM_Test-9 pending Logs for x86_64-gcc / build / build for x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-7 success Logs for s390x-gcc / build-release
bpf/vmtest-bpf-next-VM_Test-5 success Logs for aarch64-gcc / build-release
bpf/vmtest-bpf-next-VM_Test-8 success Logs for set-matrix
bpf/vmtest-bpf-next-VM_Test-10 success Logs for x86_64-gcc / build-release
bpf/vmtest-bpf-next-VM_Test-11 pending Logs for x86_64-llvm-17 / build / build for x86_64 with llvm-17
bpf/vmtest-bpf-next-VM_Test-12 pending Logs for x86_64-llvm-17 / build-release / build for x86_64 with llvm-17-O2
bpf/vmtest-bpf-next-VM_Test-1 success Logs for ShellCheck
bpf/vmtest-bpf-next-VM_Test-13 pending Logs for x86_64-llvm-18 / build / build for x86_64 with llvm-18
bpf/vmtest-bpf-next-VM_Test-14 pending Logs for x86_64-llvm-18 / build-release / build for x86_64 with llvm-18-O2
netdev/series_format success Posting correctly formatted
netdev/tree_selection success Clearly marked for bpf-next, async
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 0 this patch: 0
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers warning 9 maintainers not CCed: dietmar.eggemann@arm.com peterz@infradead.org juri.lelli@redhat.com bsegall@google.com vincent.guittot@linaro.org mingo@redhat.com rostedt@goodmis.org mgorman@suse.de vschneid@redhat.com
netdev/build_clang success Errors and warnings before: 0 this patch: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 0 this patch: 0
netdev/checkpatch warning WARNING: line length of 85 exceeds 80 columns WARNING: line length of 89 exceeds 80 columns
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 33 this patch: 33
netdev/source_inline success Was 0 now: 0

Commit Message

Juntong Deng Feb. 5, 2025, 7:30 p.m. UTC 
This patch adds filter for scx_kfunc_ids_select_cpu.

The kfuncs in the scx_kfunc_ids_select_cpu set can be used in select_cpu
and other rq-locked operations.

Signed-off-by: Juntong Deng <juntong.deng@outlook.com>
---
 kernel/sched/ext.c | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)

Comments

Andrea Righi Feb. 6, 2025, 10:43 p.m. UTC | #1 
Hi Juntong,

On Wed, Feb 05, 2025 at 07:30:14PM +0000, Juntong Deng wrote:
> This patch adds filter for scx_kfunc_ids_select_cpu.
> 
> The kfuncs in the scx_kfunc_ids_select_cpu set can be used in select_cpu
> and other rq-locked operations.

The only function in scx_kfunc_ids_select_cpu is scx_bpf_select_cpu_dfl(),
which should be called exclusively from ops.select_cpu() and not from any
rq-locked ops.

> 
> Signed-off-by: Juntong Deng <juntong.deng@outlook.com>
> ---
>  kernel/sched/ext.c | 42 ++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 42 insertions(+)
> 
> diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c
> index 8857c0709bdd..c92949aa23f6 100644
> --- a/kernel/sched/ext.c
> +++ b/kernel/sched/ext.c
> @@ -6401,9 +6401,51 @@ BTF_KFUNCS_START(scx_kfunc_ids_select_cpu)
>  BTF_ID_FLAGS(func, scx_bpf_select_cpu_dfl, KF_RCU)
>  BTF_KFUNCS_END(scx_kfunc_ids_select_cpu)
>  
> +static int scx_kfunc_ids_other_rqlocked_filter(const struct bpf_prog *prog, u32 kfunc_id)
> +{
> +	u32 moff = prog->aux->attach_st_ops_member_off;
> +
> +	if (moff == offsetof(struct sched_ext_ops, runnable) ||
> +	    moff == offsetof(struct sched_ext_ops, dequeue) ||
> +	    moff == offsetof(struct sched_ext_ops, stopping) ||
> +	    moff == offsetof(struct sched_ext_ops, quiescent) ||
> +	    moff == offsetof(struct sched_ext_ops, yield) ||
> +	    moff == offsetof(struct sched_ext_ops, cpu_acquire) ||
> +	    moff == offsetof(struct sched_ext_ops, running) ||
> +	    moff == offsetof(struct sched_ext_ops, core_sched_before) ||
> +	    moff == offsetof(struct sched_ext_ops, set_cpumask) ||
> +	    moff == offsetof(struct sched_ext_ops, update_idle) ||
> +	    moff == offsetof(struct sched_ext_ops, tick) ||
> +	    moff == offsetof(struct sched_ext_ops, enable) ||
> +	    moff == offsetof(struct sched_ext_ops, set_weight) ||
> +	    moff == offsetof(struct sched_ext_ops, disable) ||
> +	    moff == offsetof(struct sched_ext_ops, exit_task) ||
> +	    moff == offsetof(struct sched_ext_ops, dump_task) ||
> +	    moff == offsetof(struct sched_ext_ops, dump_cpu))
> +		return 0;
> +
> +	return -EACCES;
> +}
> +
> +static int scx_kfunc_ids_select_cpu_filter(const struct bpf_prog *prog, u32 kfunc_id)
> +{
> +	u32 moff;
> +
> +	if (!btf_id_set8_contains(&scx_kfunc_ids_select_cpu, kfunc_id) ||
> +	    prog->aux->st_ops != &bpf_sched_ext_ops)
> +		return 0;
> +
> +	moff = prog->aux->attach_st_ops_member_off;
> +	if (moff == offsetof(struct sched_ext_ops, select_cpu))
> +		return 0;
> +
> +	return scx_kfunc_ids_other_rqlocked_filter(prog, kfunc_id);

So, I think we just need to return -EACCES here.

> +}
> +
>  static const struct btf_kfunc_id_set scx_kfunc_set_select_cpu = {
>  	.owner			= THIS_MODULE,
>  	.set			= &scx_kfunc_ids_select_cpu,
> +	.filter			= scx_kfunc_ids_select_cpu_filter,
>  };
>  
>  static bool scx_dsq_insert_preamble(struct task_struct *p, u64 enq_flags)
> -- 
> 2.39.5
> 

Thanks,
-Andrea
Andrea Righi Feb. 6, 2025, 11:39 p.m. UTC | #2 
On Wed, Feb 05, 2025 at 07:30:14PM +0000, Juntong Deng wrote:
...
> +static int scx_kfunc_ids_other_rqlocked_filter(const struct bpf_prog *prog, u32 kfunc_id)
> +{
> +	u32 moff = prog->aux->attach_st_ops_member_off;
> +
> +	if (moff == offsetof(struct sched_ext_ops, runnable) ||
> +	    moff == offsetof(struct sched_ext_ops, dequeue) ||
> +	    moff == offsetof(struct sched_ext_ops, stopping) ||
> +	    moff == offsetof(struct sched_ext_ops, quiescent) ||
> +	    moff == offsetof(struct sched_ext_ops, yield) ||
> +	    moff == offsetof(struct sched_ext_ops, cpu_acquire) ||
> +	    moff == offsetof(struct sched_ext_ops, running) ||
> +	    moff == offsetof(struct sched_ext_ops, core_sched_before) ||
> +	    moff == offsetof(struct sched_ext_ops, set_cpumask) ||
> +	    moff == offsetof(struct sched_ext_ops, update_idle) ||
> +	    moff == offsetof(struct sched_ext_ops, tick) ||
> +	    moff == offsetof(struct sched_ext_ops, enable) ||
> +	    moff == offsetof(struct sched_ext_ops, set_weight) ||
> +	    moff == offsetof(struct sched_ext_ops, disable) ||
> +	    moff == offsetof(struct sched_ext_ops, exit_task) ||
> +	    moff == offsetof(struct sched_ext_ops, dump_task) ||
> +	    moff == offsetof(struct sched_ext_ops, dump_cpu))
> +		return 0;
> +
> +	return -EACCES;

Actually, do we need this filter at all?

I think the other filters in your patch set should be sufficient to
establish the correct permissions for all kfuncs, as none of them need to
be called from any rq-locked operations. Or am I missing something?

-Andrea
Juntong Deng Feb. 7, 2025, 12:02 a.m. UTC | #3 
On 2025/2/6 23:39, Andrea Righi wrote:
> On Wed, Feb 05, 2025 at 07:30:14PM +0000, Juntong Deng wrote:
> ...
>> +static int scx_kfunc_ids_other_rqlocked_filter(const struct bpf_prog *prog, u32 kfunc_id)
>> +{
>> +	u32 moff = prog->aux->attach_st_ops_member_off;
>> +
>> +	if (moff == offsetof(struct sched_ext_ops, runnable) ||
>> +	    moff == offsetof(struct sched_ext_ops, dequeue) ||
>> +	    moff == offsetof(struct sched_ext_ops, stopping) ||
>> +	    moff == offsetof(struct sched_ext_ops, quiescent) ||
>> +	    moff == offsetof(struct sched_ext_ops, yield) ||
>> +	    moff == offsetof(struct sched_ext_ops, cpu_acquire) ||
>> +	    moff == offsetof(struct sched_ext_ops, running) ||
>> +	    moff == offsetof(struct sched_ext_ops, core_sched_before) ||
>> +	    moff == offsetof(struct sched_ext_ops, set_cpumask) ||
>> +	    moff == offsetof(struct sched_ext_ops, update_idle) ||
>> +	    moff == offsetof(struct sched_ext_ops, tick) ||
>> +	    moff == offsetof(struct sched_ext_ops, enable) ||
>> +	    moff == offsetof(struct sched_ext_ops, set_weight) ||
>> +	    moff == offsetof(struct sched_ext_ops, disable) ||
>> +	    moff == offsetof(struct sched_ext_ops, exit_task) ||
>> +	    moff == offsetof(struct sched_ext_ops, dump_task) ||
>> +	    moff == offsetof(struct sched_ext_ops, dump_cpu))
>> +		return 0;
>> +
>> +	return -EACCES;
> 
> Actually, do we need this filter at all?
> 
> I think the other filters in your patch set should be sufficient to
> establish the correct permissions for all kfuncs, as none of them need to
> be called from any rq-locked operations. Or am I missing something?
> 

Thanks for your reply.

I think I misunderstood SCX_KF_REST.

I incorrectly thought that all but SCX_KF_UNLOCKED belonged to
SCX_KF_REST (including SCX_KF_CPU_RELEASE, SCX_KF_DISPATCH, etc.).

I will remove scx_kfunc_ids_other_rqlocked_filter in the next version.

If you find any other mistakes, please let me know.

> -Andrea
diff mbox series

Patch

diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c
index 8857c0709bdd..c92949aa23f6 100644
--- a/kernel/sched/ext.c
+++ b/kernel/sched/ext.c
@@ -6401,9 +6401,51 @@  BTF_KFUNCS_START(scx_kfunc_ids_select_cpu)
 BTF_ID_FLAGS(func, scx_bpf_select_cpu_dfl, KF_RCU)
 BTF_KFUNCS_END(scx_kfunc_ids_select_cpu)
 
+static int scx_kfunc_ids_other_rqlocked_filter(const struct bpf_prog *prog, u32 kfunc_id)
+{
+	u32 moff = prog->aux->attach_st_ops_member_off;
+
+	if (moff == offsetof(struct sched_ext_ops, runnable) ||
+	    moff == offsetof(struct sched_ext_ops, dequeue) ||
+	    moff == offsetof(struct sched_ext_ops, stopping) ||
+	    moff == offsetof(struct sched_ext_ops, quiescent) ||
+	    moff == offsetof(struct sched_ext_ops, yield) ||
+	    moff == offsetof(struct sched_ext_ops, cpu_acquire) ||
+	    moff == offsetof(struct sched_ext_ops, running) ||
+	    moff == offsetof(struct sched_ext_ops, core_sched_before) ||
+	    moff == offsetof(struct sched_ext_ops, set_cpumask) ||
+	    moff == offsetof(struct sched_ext_ops, update_idle) ||
+	    moff == offsetof(struct sched_ext_ops, tick) ||
+	    moff == offsetof(struct sched_ext_ops, enable) ||
+	    moff == offsetof(struct sched_ext_ops, set_weight) ||
+	    moff == offsetof(struct sched_ext_ops, disable) ||
+	    moff == offsetof(struct sched_ext_ops, exit_task) ||
+	    moff == offsetof(struct sched_ext_ops, dump_task) ||
+	    moff == offsetof(struct sched_ext_ops, dump_cpu))
+		return 0;
+
+	return -EACCES;
+}
+
+static int scx_kfunc_ids_select_cpu_filter(const struct bpf_prog *prog, u32 kfunc_id)
+{
+	u32 moff;
+
+	if (!btf_id_set8_contains(&scx_kfunc_ids_select_cpu, kfunc_id) ||
+	    prog->aux->st_ops != &bpf_sched_ext_ops)
+		return 0;
+
+	moff = prog->aux->attach_st_ops_member_off;
+	if (moff == offsetof(struct sched_ext_ops, select_cpu))
+		return 0;
+
+	return scx_kfunc_ids_other_rqlocked_filter(prog, kfunc_id);
+}
+
 static const struct btf_kfunc_id_set scx_kfunc_set_select_cpu = {
 	.owner			= THIS_MODULE,
 	.set			= &scx_kfunc_ids_select_cpu,
+	.filter			= scx_kfunc_ids_select_cpu_filter,
 };
 
 static bool scx_dsq_insert_preamble(struct task_struct *p, u64 enq_flags)