| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251010174953.2884682-1-ameryhung@gmail.com> Date: Fri, 10 Oct 2025 10:49:49 -0700 From: Amery Hung <ameryhung@...il.com> To: bpf@...r.kernel.org Cc: netdev@...r.kernel.org, alexei.starovoitov@...il.com, andrii@...nel.org, daniel@...earbox.net, tj@...nel.org, martin.lau@...nel.org, ameryhung@...il.com, kernel-team@...a.com Subject: [RFC PATCH v1 bpf-next 0/4] Support associating BPF programs with struct_ops This patchset adds a new BPF command BPF_STRUCT_OPS_ASSOCIATE_PROG to the bpf() syscall to allow associating a BPF program with a struct_ops. The command is introduced to address a emerging need from struct_ops users. As the number of subsystems adopting struct_ops grows, more users are building their struct_ops-based solution with some help from other BPF programs. For exmample, scx_layer uses a syscall program as a user space trigger to refresh layers [0]. It also uses tracing program to infer whether a task is using GPU and needs to be prioritized [1]. In these use cases, when there are multiple struct_ops instances, the struct_ops kfuncs called from different BPF programs, whether struct_ops or not needs to be able to refer to a specific one, which currently is not possible. The new BPF command will allow users to explicitly associate a BPF program with a struct_ops map. The libbpf wrapper can be called after loading programs and before attaching programs and struct_ops. Internally, it will set prog->aux->st_ops_assoc to the struct_ops struct (i.e., kdata). struct_ops kfuncs can then get the associated struct_ops by adding a "__prog" argument. The value of the speical argument will be fixed up by the verifier during verification. The command conceptually associates the implementation of BPF programs with struct_ops map, not the attachment. A program associated with the map will take a refcount of it so that st_ops_assoc always points to a valid struct_ops struct. However, the struct_ops can be in an uninitialized or unattached state. The struct_ops implementer will be responsible to maintain and check the state of the associated struct_ops before accessing it. We can also consider support associating struct_ops link with BPF programs, which on one hand make struct_ops implementer's job easier, but might complicate libbpf workflow and does not apply to legacy struct_ops attachment. [0] https://github.com/sched-ext/scx/blob/main/scheds/rust/scx_layered/src/bpf/main.bpf.c#L557 [1] https://github.com/sched-ext/scx/blob/main/scheds/rust/scx_layered/src/bpf/main.bpf.c#L754 Amery Hung (4): bpf: Allow verifier to fixup kernel module kfuncs bpf: Support associating BPF program with struct_ops libbpf: Add bpf_struct_ops_associate_prog() API selftests/bpf: Test BPF_STRUCT_OPS_ASSOCIATE_PROG command include/linux/bpf.h | 11 ++ include/uapi/linux/bpf.h | 16 +++ kernel/bpf/bpf_struct_ops.c | 32 ++++++ kernel/bpf/core.c | 6 + kernel/bpf/syscall.c | 38 +++++++ kernel/bpf/verifier.c | 3 +- tools/include/uapi/linux/bpf.h | 16 +++ tools/lib/bpf/bpf.c | 18 +++ tools/lib/bpf/bpf.h | 19 ++++ tools/lib/bpf/libbpf.map | 1 + .../bpf/prog_tests/test_struct_ops_assoc.c | 76 +++++++++++++ .../selftests/bpf/progs/struct_ops_assoc.c | 105 ++++++++++++++++++ .../selftests/bpf/test_kmods/bpf_testmod.c | 17 +++ .../bpf/test_kmods/bpf_testmod_kfunc.h | 1 + 14 files changed, 357 insertions(+), 2 deletions(-) create mode 100644 tools/testing/selftests/bpf/prog_tests/test_struct_ops_assoc.c create mode 100644 tools/testing/selftests/bpf/progs/struct_ops_assoc.c -- 2.47.3
Powered by blists - more mailing lists