| Message ID | 20201106103747.2780972-2-kpsingh@chromium.org (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 9e7a4d9831e836eb03dedab89902277ee94eb7a6 |
| Delegated to: | BPF |
| Headers | show |
| Series | [bpf-next,v6,1/9] bpf: Allow LSM programs to use bpf spin locks | expand |
Hello: This series was applied to bpf/bpf-next.git (refs/heads/master): On Fri, 6 Nov 2020 10:37:39 +0000 you wrote: > From: KP Singh <kpsingh@google.com> > > Usage of spin locks was not allowed for tracing programs due to > insufficient preemption checks. The verifier does not currently prevent > LSM programs from using spin locks, but the helpers are not exposed > via bpf_lsm_func_proto. > > [...] Here is the summary with links: - [bpf-next,v6,1/9] bpf: Allow LSM programs to use bpf spin locks https://git.kernel.org/bpf/bpf-next/c/9e7a4d9831e8 - [bpf-next,v6,2/9] bpf: Implement task local storage https://git.kernel.org/bpf/bpf-next/c/4cf1bc1f1045 - [bpf-next,v6,3/9] libbpf: Add support for task local storage https://git.kernel.org/bpf/bpf-next/c/8885274d2259 - [bpf-next,v6,4/9] bpftool: Add support for task local storage https://git.kernel.org/bpf/bpf-next/c/864ab0616dcc - [bpf-next,v6,5/9] bpf: Implement get_current_task_btf and RET_PTR_TO_BTF_ID https://git.kernel.org/bpf/bpf-next/c/3ca1032ab7ab - [bpf-next,v6,6/9] bpf: Fix tests for local_storage https://git.kernel.org/bpf/bpf-next/c/f0e5ba0bc481 - [bpf-next,v6,7/9] bpf: Update selftests for local_storage to use vmlinux.h https://git.kernel.org/bpf/bpf-next/c/a367efa71b3f - [bpf-next,v6,8/9] bpf: Add tests for task_local_storage https://git.kernel.org/bpf/bpf-next/c/9cde3beeadb3 - [bpf-next,v6,9/9] bpf: Exercise syscall operations for inode and sk storage https://git.kernel.org/bpf/bpf-next/c/4170bc6baa54 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html
diff --git a/kernel/bpf/bpf_lsm.c b/kernel/bpf/bpf_lsm.c index 78ea8a7bd27f..cd8a617f2109 100644 --- a/kernel/bpf/bpf_lsm.c +++ b/kernel/bpf/bpf_lsm.c @@ -59,6 +59,10 @@ bpf_lsm_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) return &bpf_sk_storage_get_proto; case BPF_FUNC_sk_storage_delete: return &bpf_sk_storage_delete_proto; + case BPF_FUNC_spin_lock: + return &bpf_spin_lock_proto; + case BPF_FUNC_spin_unlock: + return &bpf_spin_unlock_proto; default: return tracing_prog_func_proto(func_id, prog); } diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 6200519582a6..f863aa84d0a2 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -9719,11 +9719,21 @@ static int check_map_prog_compatibility(struct bpf_verifier_env *env, verbose(env, "trace type programs with run-time allocated hash maps are unsafe. Switch to preallocated hash maps.\n"); } - if ((is_tracing_prog_type(prog_type) || - prog_type == BPF_PROG_TYPE_SOCKET_FILTER) && - map_value_has_spin_lock(map)) { - verbose(env, "tracing progs cannot use bpf_spin_lock yet\n"); - return -EINVAL; + if (map_value_has_spin_lock(map)) { + if (prog_type == BPF_PROG_TYPE_SOCKET_FILTER) { + verbose(env, "socket filter progs cannot use bpf_spin_lock yet\n"); + return -EINVAL; + } + + if (is_tracing_prog_type(prog_type)) { + verbose(env, "tracing progs cannot use bpf_spin_lock yet\n"); + return -EINVAL; + } + + if (prog->aux->sleepable) { + verbose(env, "sleepable progs cannot use bpf_spin_lock yet\n"); + return -EINVAL; + } } if ((bpf_prog_is_dev_bound(prog->aux) || bpf_map_is_dev_bound(map)) &&