| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7f1c3db7-a958-4bb5-b552-a20fb5b60a2e@redhat.com> Date: Wed, 8 Jan 2025 21:58:46 -0500 From: Waiman Long <llong@...hat.com> To: Alexei Starovoitov <alexei.starovoitov@...il.com>, Waiman Long <llong@...hat.com> Cc: Kumar Kartikeya Dwivedi <memxor@...il.com>, bpf <bpf@...r.kernel.org>, LKML <linux-kernel@...r.kernel.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Peter Zijlstra <peterz@...radead.org>, Alexei Starovoitov <ast@...nel.org>, Andrii Nakryiko <andrii@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, Martin KaFai Lau <martin.lau@...nel.org>, Eduard Zingerman <eddyz87@...il.com>, "Paul E. McKenney" <paulmck@...nel.org>, Tejun Heo <tj@...nel.org>, Barret Rhoden <brho@...gle.com>, Josh Don <joshdon@...gle.com>, Dohyun Kim <dohyunkim@...gle.com>, Kernel Team <kernel-team@...a.com> Subject: Re: [PATCH bpf-next v1 12/22] rqspinlock: Add basic support for CONFIG_PARAVIRT On 1/8/25 9:42 PM, Alexei Starovoitov wrote: > On Wed, Jan 8, 2025 at 4:48 PM Waiman Long <llong@...hat.com> wrote: >> Is the intention to only replace raw_spinlock_t by rqspinlock but never >> spinlock_t? > Correct. We brainstormed whether we can introduce resilient mutex > for sleepable context, but it's way out of scope and PI > considerations are too complex to think through. > rqspinlock is a spinning lock, so it's a replacement for raw_spin_lock > and really only for bpf use cases. Thank for the confirmation. I think we should document the fact that rqspinlock is a replacement for raw_spin_lock only in the rqspinlock.c file to prevent possible abuse in the future. > > We considered placing rqspinlock.c in kernel/bpf/ directory > to discourage any other use beyond bpf, > but decided to keep in kernel/locking/ only because > it's using mcs_spinlock.h and qspinlock_stat.h > and doing #include "../locking/mcs_spinlock.h" > is kinda ugly. > > Patch 16 does: > +++ b/kernel/locking/Makefile > @@ -24,6 +24,9 @@ obj-$(CONFIG_SMP) += spinlock.o > obj-$(CONFIG_LOCK_SPIN_ON_OWNER) += osq_lock.o > obj-$(CONFIG_PROVE_LOCKING) += spinlock.o > obj-$(CONFIG_QUEUED_SPINLOCKS) += qspinlock.o > +ifeq ($(CONFIG_BPF_SYSCALL),y) > +obj-$(CONFIG_QUEUED_SPINLOCKS) += rqspinlock.o > +endif > > so that should give enough of a hint that it's for bpf usage. > >> As for the locking semantics allowed by the BPF verifier, is it possible >> to enforce the strict locking rules for PREEMPT_RT kernel and use the >> relaxed semantics for non-PREEMPT_RT kernel. We don't want the loading >> of an arbitrary BPF program to break the latency guarantee of a >> PREEMPT_RT kernel. > Not really. > root can load silly bpf progs that take significant > amount time without abusing spinlocks. > Like 100k integer divides or a sequence of thousands of calls to map_update. > Long runtime of broken progs is a known issue. > We're working on a runtime termination check/watchdog that > will detect long running progs and will terminate them. > Safe termination is tricky, as you can imagine. Right. In that case, we just have to warn users that they can load BPF prog at their own risk and PREEMPT_RT kernel may break its latency guarantee. Thanks, Longman
Powered by blists - more mailing lists