lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20240508-hid_bpf_async_fun-v1-3-558375a25657@kernel.org>
Date: Wed, 08 May 2024 12:26:38 +0200
From: Benjamin Tissoires <bentiss@...nel.org>
To: Benjamin Tissoires <benjamin.tissoires@...hat.com>
Cc: linux-kernel@...r.kernel.org, linux-input@...r.kernel.org, 
 bpf@...r.kernel.org, Benjamin Tissoires <bentiss@...nel.org>
Subject: [PATCH RFC HID 3/7] HID: bpf: allow for sleepable bpf hooks

Signed-off-by: Benjamin Tissoires <bentiss@...nel.org>
---
 drivers/hid/bpf/hid_bpf_dispatch.c  | 111 ++++++++++++++++++++++--------------
 drivers/hid/bpf/hid_bpf_dispatch.h  |   4 +-
 drivers/hid/bpf/hid_bpf_jmp_table.c |  30 +++++++---
 3 files changed, 92 insertions(+), 53 deletions(-)

diff --git a/drivers/hid/bpf/hid_bpf_dispatch.c b/drivers/hid/bpf/hid_bpf_dispatch.c
index 81073db6c617..7ede657f459b 100644
--- a/drivers/hid/bpf/hid_bpf_dispatch.c
+++ b/drivers/hid/bpf/hid_bpf_dispatch.c
@@ -70,7 +70,7 @@ dispatch_hid_bpf_device_event(struct hid_device *hdev, enum hid_report_type type
 	memset(ctx_kern.data, 0, hdev->bpf.allocated_data);
 	memcpy(ctx_kern.data, data, *size);
 
-	ret = hid_bpf_prog_run(hdev, HID_BPF_PROG_TYPE_DEVICE_EVENT, &ctx_kern);
+	ret = hid_bpf_prog_run(hdev, HID_BPF_PROG_TYPE_DEVICE_EVENT, &ctx_kern, false);
 	if (ret < 0)
 		return ERR_PTR(ret);
 
@@ -122,7 +122,7 @@ u8 *call_hid_bpf_rdesc_fixup(struct hid_device *hdev, u8 *rdesc, unsigned int *s
 
 	memcpy(ctx_kern.data, rdesc, min_t(unsigned int, *size, HID_MAX_DESCRIPTOR_SIZE));
 
-	ret = hid_bpf_prog_run(hdev, HID_BPF_PROG_TYPE_RDESC_FIXUP, &ctx_kern);
+	ret = hid_bpf_prog_run(hdev, HID_BPF_PROG_TYPE_RDESC_FIXUP, &ctx_kern, false);
 	if (ret < 0)
 		goto ignore_bpf;
 
@@ -205,7 +205,7 @@ int hid_bpf_reconnect(struct hid_device *hdev)
 
 static int do_hid_bpf_attach_prog(struct hid_device *hdev, enum hid_bpf_prog_type prog_type,
 				  hid_bpf_cb_t prog_fn, struct bpf_prog *prog,
-				  __u32 flags)
+				  __u32 flags, bool sleepable)
 {
 	int fd, err;
 
@@ -213,7 +213,7 @@ static int do_hid_bpf_attach_prog(struct hid_device *hdev, enum hid_bpf_prog_typ
 	if (err)
 		return err;
 
-	fd = __hid_bpf_attach_prog(hdev, prog_type, prog_fn, prog, flags);
+	fd = __hid_bpf_attach_prog(hdev, prog_type, prog_fn, prog, flags, sleepable);
 	if (fd < 0)
 		return fd;
 
@@ -228,6 +228,56 @@ static int do_hid_bpf_attach_prog(struct hid_device *hdev, enum hid_bpf_prog_typ
 	return fd;
 }
 
+static int
+hid_bpf_attach_prog(unsigned int hid_id, enum hid_bpf_prog_type prog_type,
+		    hid_bpf_cb_t prog_fn, __u32 flags, void *prog__aux,
+		    bool sleepable)
+{
+	struct bpf_prog_aux *aux = (struct bpf_prog_aux *)prog__aux;
+	struct bpf_prog *prog = aux->prog;
+	struct hid_device *hdev;
+	struct device *dev;
+	int err, fd;
+
+	if (!hid_bpf_ops)
+		return -EINVAL;
+
+	if ((flags & ~HID_BPF_FLAG_MASK))
+		return -EINVAL;
+
+	if (prog_type < 0 || prog_type >= HID_BPF_PROG_TYPE_MAX)
+		return -EINVAL;
+
+	dev = bus_find_device(hid_bpf_ops->bus_type, NULL, &hid_id, device_match_id);
+	if (!dev)
+		return -EINVAL;
+
+	hdev = to_hid_device(dev);
+
+	/*
+	 * take a ref on the prog itself, it will be released
+	 * on errors or when it'll be detached
+	 */
+	prog = bpf_prog_inc_not_zero(prog);
+	if (IS_ERR(prog)) {
+		err = PTR_ERR(prog);
+		goto out_dev_put;
+	}
+
+	fd = do_hid_bpf_attach_prog(hdev, prog_type, prog_fn, prog, flags, sleepable);
+	if (fd < 0) {
+		err = fd;
+		goto out_prog_put;
+	}
+
+	return fd;
+
+ out_prog_put:
+	bpf_prog_put(prog);
+ out_dev_put:
+	put_device(dev);
+	return err;
+}
 /* Disables missing prototype warnings */
 __bpf_kfunc_start_defs();
 
@@ -272,50 +322,22 @@ __bpf_kfunc int
 hid_bpf_attach_prog_impl(unsigned int hid_id, enum hid_bpf_prog_type prog_type,
 			 hid_bpf_cb_t prog_fn__async, __u32 flags, void *prog__aux)
 {
-	struct bpf_prog_aux *aux = (struct bpf_prog_aux *)prog__aux;
-	struct bpf_prog *prog = aux->prog;
-	struct hid_device *hdev;
-	struct device *dev;
-	int err, fd;
-
-	if (!hid_bpf_ops)
-		return -EINVAL;
-
-	if ((flags & ~HID_BPF_FLAG_MASK))
-		return -EINVAL;
-
-	if (prog_type < 0 || prog_type >= HID_BPF_PROG_TYPE_MAX)
-		return -EINVAL;
+	return hid_bpf_attach_prog(hid_id, prog_type, prog_fn__async, flags, prog__aux, false);
+}
 
-	dev = bus_find_device(hid_bpf_ops->bus_type, NULL, &hid_id, device_match_id);
-	if (!dev)
+__bpf_kfunc int
+hid_bpf_attach_sleepable_prog_impl(unsigned int hid_id, enum hid_bpf_prog_type prog_type,
+				   hid_bpf_cb_t prog_fn__s_async, __u32 flags, void *prog__aux)
+{
+	switch (prog_type) {
+	case HID_BPF_PROG_TYPE_RAW_REQUEST:
+		/* OK */
+		break;
+	default:
 		return -EINVAL;
-
-	hdev = to_hid_device(dev);
-
-	/*
-	 * take a ref on the prog itself, it will be released
-	 * on errors or when it'll be detached
-	 */
-	prog = bpf_prog_inc_not_zero(prog);
-	if (IS_ERR(prog)) {
-		err = PTR_ERR(prog);
-		goto out_dev_put;
-	}
-
-	fd = do_hid_bpf_attach_prog(hdev, prog_type, prog_fn__async, prog, flags);
-	if (fd < 0) {
-		err = fd;
-		goto out_prog_put;
 	}
 
-	return fd;
-
- out_prog_put:
-	bpf_prog_put(prog);
- out_dev_put:
-	put_device(dev);
-	return err;
+	return hid_bpf_attach_prog(hid_id, prog_type, prog_fn__s_async, flags, prog__aux, true);
 }
 
 /**
@@ -538,6 +560,7 @@ __bpf_kfunc_end_defs();
 BTF_KFUNCS_START(hid_bpf_kfunc_ids)
 BTF_ID_FLAGS(func, hid_bpf_get_data, KF_RET_NULL)
 BTF_ID_FLAGS(func, hid_bpf_attach_prog_impl, KF_SLEEPABLE)
+BTF_ID_FLAGS(func, hid_bpf_attach_sleepable_prog_impl, KF_SLEEPABLE)
 BTF_ID_FLAGS(func, hid_bpf_allocate_context, KF_ACQUIRE | KF_RET_NULL | KF_SLEEPABLE)
 BTF_ID_FLAGS(func, hid_bpf_release_context, KF_RELEASE | KF_SLEEPABLE)
 BTF_ID_FLAGS(func, hid_bpf_hw_request, KF_SLEEPABLE)
diff --git a/drivers/hid/bpf/hid_bpf_dispatch.h b/drivers/hid/bpf/hid_bpf_dispatch.h
index 60455a2af216..f9833603e49f 100644
--- a/drivers/hid/bpf/hid_bpf_dispatch.h
+++ b/drivers/hid/bpf/hid_bpf_dispatch.h
@@ -14,10 +14,10 @@ typedef int (*hid_bpf_cb_t)(struct hid_bpf_ctx *hid_ctx);
 
 int __hid_bpf_attach_prog(struct hid_device *hdev, enum hid_bpf_prog_type prog_type,
 			  int (prog_fn__async)(struct hid_bpf_ctx *hid_ctx),
-			  struct bpf_prog *prog, __u32 flags);
+			  struct bpf_prog *prog, __u32 flags, bool sleepable);
 void __hid_bpf_destroy_device(struct hid_device *hdev);
 int hid_bpf_prog_run(struct hid_device *hdev, enum hid_bpf_prog_type type,
-		     struct hid_bpf_ctx_kern *ctx_kern);
+		     struct hid_bpf_ctx_kern *ctx_kern, bool is_sleepable);
 int hid_bpf_reconnect(struct hid_device *hdev);
 
 struct bpf_prog;
diff --git a/drivers/hid/bpf/hid_bpf_jmp_table.c b/drivers/hid/bpf/hid_bpf_jmp_table.c
index 8d53d41b599b..4cceff354962 100644
--- a/drivers/hid/bpf/hid_bpf_jmp_table.c
+++ b/drivers/hid/bpf/hid_bpf_jmp_table.c
@@ -39,6 +39,7 @@ struct hid_bpf_prog_entry {
 struct hid_bpf_prog_cb {
 	struct bpf_prog *prog;
 	void *fn;
+	bool sleepable;
 };
 
 struct hid_bpf_jmp_table {
@@ -99,14 +100,20 @@ static int hid_bpf_program_count(struct hid_device *hdev,
 }
 
 int hid_bpf_prog_run(struct hid_device *hdev, enum hid_bpf_prog_type type,
-		     struct hid_bpf_ctx_kern *ctx_kern)
+		     struct hid_bpf_ctx_kern *ctx_kern, bool is_sleepable)
 {
 	struct hid_bpf_prog_list *prog_list;
 	bpf_callback_t prog_fn;
 	int i, idx, err = 0;
 
-	rcu_read_lock();
-	prog_list = rcu_dereference(hdev->bpf.progs[type]);
+	if (is_sleepable) {
+		prog_list = READ_ONCE(hdev->bpf.progs[type]);
+		rcu_read_lock_trace();
+		might_fault();
+	} else {
+		rcu_read_lock();
+		prog_list = rcu_dereference(hdev->bpf.progs[type]);
+	}
 
 	if (!prog_list)
 		goto out_unlock;
@@ -117,6 +124,10 @@ int hid_bpf_prog_run(struct hid_device *hdev, enum hid_bpf_prog_type type,
 		if (!test_bit(idx, jmp_table.enabled))
 			continue;
 
+		/* prevent a sleepable program to be run in a non sleepable context */
+		if (!is_sleepable && jmp_table.prog_cbs[idx].sleepable)
+			continue;
+
 		ctx_kern->ctx.index = idx;
 		prog_fn = jmp_table.prog_cbs[idx].fn;
 		migrate_disable();
@@ -129,7 +140,10 @@ int hid_bpf_prog_run(struct hid_device *hdev, enum hid_bpf_prog_type type,
 	}
 
  out_unlock:
-	rcu_read_unlock();
+	if (is_sleepable)
+		rcu_read_unlock_trace();
+	else
+		rcu_read_unlock();
 
 	return err;
 }
@@ -279,7 +293,7 @@ static void hid_bpf_release_progs(struct work_struct *work)
  * Insert the given BPF program represented by its function call in the jmp table.
  * Returns the index in the jump table or a negative error.
  */
-static int hid_bpf_insert_prog(struct bpf_prog *prog, hid_bpf_cb_t prog_fn)
+static int hid_bpf_insert_prog(struct bpf_prog *prog, hid_bpf_cb_t prog_fn, bool sleepable)
 {
 	int i, index = -1, err = -EINVAL;
 
@@ -289,6 +303,7 @@ static int hid_bpf_insert_prog(struct bpf_prog *prog, hid_bpf_cb_t prog_fn)
 			/* mark the index as used */
 			jmp_table.prog_cbs[i].fn = prog_fn;
 			jmp_table.prog_cbs[i].prog = prog;
+			jmp_table.prog_cbs[i].sleepable = sleepable;
 			index = i;
 			__set_bit(i, jmp_table.enabled);
 		}
@@ -340,7 +355,8 @@ static const struct bpf_link_ops hid_bpf_link_lops = {
 /* called from syscall */
 noinline int
 __hid_bpf_attach_prog(struct hid_device *hdev, enum hid_bpf_prog_type prog_type,
-		      hid_bpf_cb_t prog_fn, struct bpf_prog *prog, __u32 flags)
+		      hid_bpf_cb_t prog_fn, struct bpf_prog *prog, __u32 flags,
+		      bool sleepable)
 {
 	struct bpf_link_primer link_primer;
 	struct hid_bpf_link *link;
@@ -370,7 +386,7 @@ __hid_bpf_attach_prog(struct hid_device *hdev, enum hid_bpf_prog_type prog_type,
 		goto err_unlock;
 	}
 
-	prog_table_idx = hid_bpf_insert_prog(prog, prog_fn);
+	prog_table_idx = hid_bpf_insert_prog(prog, prog_fn, sleepable);
 	/* if the jmp table is full, abort */
 	if (prog_table_idx < 0) {
 		err = prog_table_idx;

-- 
2.44.0


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ