lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5F31E9DE-9DB5-4FEB-AFAD-685F71093105@fb.com>
Date:   Thu, 20 May 2021 23:34:47 +0000
From:   Song Liu <songliubraving@...com>
To:     Pavel Begunkov <asml.silence@...il.com>
CC:     "io-uring@...r.kernel.org" <io-uring@...r.kernel.org>,
        Networking <netdev@...r.kernel.org>,
        "open list:BPF (Safe dynamic programs and tools)" 
        <bpf@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Jens Axboe <axboe@...nel.dk>,
        "Alexei Starovoitov" <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        "Andrii Nakryiko" <andrii@...nel.org>, Martin Lau <kafai@...com>,
        Yonghong Song <yhs@...com>,
        John Fastabend <john.fastabend@...il.com>,
        KP Singh <kpsingh@...nel.org>,
        Horst Schirmeier <horst.schirmeier@...dortmund.de>,
        "Franz-B . Tuneke" <franz-bernhard.tuneke@...dortmund.de>,
        Christian Dietrich <stettberger@...ucode.de>
Subject: Re: [PATCH 12/23] bpf: add IOURING program type



> On May 19, 2021, at 7:13 AM, Pavel Begunkov <asml.silence@...il.com> wrote:
> 
> Draft a new program type BPF_PROG_TYPE_IOURING, which will be used by
> io_uring to execute BPF-based requests.
> 
> Signed-off-by: Pavel Begunkov <asml.silence@...il.com>
> ---
> fs/io_uring.c             | 21 +++++++++++++++++++++
> include/linux/bpf_types.h |  2 ++
> include/uapi/linux/bpf.h  |  1 +
> kernel/bpf/syscall.c      |  1 +
> kernel/bpf/verifier.c     |  5 ++++-
> 5 files changed, 29 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/io_uring.c b/fs/io_uring.c
> index 1a4c9e513ac9..882b16b5e5eb 100644
> --- a/fs/io_uring.c
> +++ b/fs/io_uring.c
> @@ -10201,6 +10201,27 @@ static int __io_uring_register(struct io_ring_ctx *ctx, unsigned opcode,
> 	return ret;
> }
> 
> +static const struct bpf_func_proto *
> +io_bpf_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
> +{
> +	return bpf_base_func_proto(func_id);
> +}
> +
> +static bool io_bpf_is_valid_access(int off, int size,
> +				   enum bpf_access_type type,
> +				   const struct bpf_prog *prog,
> +				   struct bpf_insn_access_aux *info)
> +{
> +	return false;
> +}
> +
> +const struct bpf_prog_ops bpf_io_uring_prog_ops = {};
> +
> +const struct bpf_verifier_ops bpf_io_uring_verifier_ops = {
> +	.get_func_proto		= io_bpf_func_proto,
> +	.is_valid_access	= io_bpf_is_valid_access,
> +};
> +
> SYSCALL_DEFINE4(io_uring_register, unsigned int, fd, unsigned int, opcode,
> 		void __user *, arg, unsigned int, nr_args)
> {
> diff --git a/include/linux/bpf_types.h b/include/linux/bpf_types.h
> index 99f7fd657d87..d0b7954887bd 100644
> --- a/include/linux/bpf_types.h
> +++ b/include/linux/bpf_types.h
> @@ -77,6 +77,8 @@ BPF_PROG_TYPE(BPF_PROG_TYPE_LSM, lsm,
> 	       void *, void *)
> #endif /* CONFIG_BPF_LSM */
> #endif
> +BPF_PROG_TYPE(BPF_PROG_TYPE_IOURING, bpf_io_uring,
> +	      void *, void *)
> 
> BPF_MAP_TYPE(BPF_MAP_TYPE_ARRAY, array_map_ops)
> BPF_MAP_TYPE(BPF_MAP_TYPE_PERCPU_ARRAY, percpu_array_map_ops)
> diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
> index 4ba4ef0ff63a..de544f0fbeef 100644
> --- a/include/uapi/linux/bpf.h
> +++ b/include/uapi/linux/bpf.h
> @@ -206,6 +206,7 @@ enum bpf_prog_type {
> 	BPF_PROG_TYPE_EXT,
> 	BPF_PROG_TYPE_LSM,
> 	BPF_PROG_TYPE_SK_LOOKUP,
> +	BPF_PROG_TYPE_IOURING,
> };
> 
> enum bpf_attach_type {
> diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
> index 250503482cda..6ef7a26f4dc3 100644
> --- a/kernel/bpf/syscall.c
> +++ b/kernel/bpf/syscall.c
> @@ -2041,6 +2041,7 @@ static bool is_net_admin_prog_type(enum bpf_prog_type prog_type)
> 	case BPF_PROG_TYPE_CGROUP_SOCKOPT:
> 	case BPF_PROG_TYPE_CGROUP_SYSCTL:
> 	case BPF_PROG_TYPE_SOCK_OPS:
> +	case BPF_PROG_TYPE_IOURING:
> 	case BPF_PROG_TYPE_EXT: /* extends any prog */
> 		return true;
> 	case BPF_PROG_TYPE_CGROUP_SKB:
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 0399ac092b36..2a53f44618a7 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -8558,6 +8558,9 @@ static int check_return_code(struct bpf_verifier_env *env)
> 	case BPF_PROG_TYPE_SK_LOOKUP:
> 		range = tnum_range(SK_DROP, SK_PASS);
> 		break;
> +	case BPF_PROG_TYPE_IOURING:
> +		range = tnum_const(0);
> +		break;
> 	case BPF_PROG_TYPE_EXT:
> 		/* freplace program can return anything as its return value
> 		 * depends on the to-be-replaced kernel func or bpf program.
> @@ -12560,7 +12563,7 @@ static int check_attach_btf_id(struct bpf_verifier_env *env)
> 	u64 key;
> 
> 	if (prog->aux->sleepable && prog->type != BPF_PROG_TYPE_TRACING &&
> -	    prog->type != BPF_PROG_TYPE_LSM) {
> +	    prog->type != BPF_PROG_TYPE_LSM && prog->type != BPF_PROG_TYPE_IOURING) {

Is IOURING program sleepable? If so, please highlight that in the commit log 
and update the warning below. 

> 		verbose(env, "Only fentry/fexit/fmod_ret and lsm programs can be sleepable\n");
> 		return -EINVAL;
> 	}
> -- 
> 2.31.1
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ