Commit a8d50675 authored by Alexei Starovoitov's avatar Alexei Starovoitov
Browse files

Merge branch 'bpf-verifier-allow-calling-arena-functions-when-holding-bpf-lock' 



Emil Tsalapatis says:

====================
bpf/verifier: Allow calling arena functions when holding BPF lock

BPF arena-related kfuncs now cannot sleep, so they are safe to call
while holding a spinlock. However, the verifier still rejects
programs that do so. Update the verifier to allow arena kfunc
calls while holding a lock.

Signed-off-by: default avatarEmil Tsalapatis <emil@etsalapatis.com>

Changes v1->v2: (https://lore.kernel.org/r/20260106-arena-under-lock-v1-0-6ca9c121d826@etsalapatis.com)
- Added patch to account for active locks in_sleepable_context() (AI)
====================

Link: https://patch.msgid.link/20260106-arena-under-lock-v2-0-378e9eab3066@etsalapatis.com


Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
parents ea180ffb b81d5e9d

kernel/bpf/verifier.c

+11 −1
Original line number Diff line number Diff line
@@ -11466,6 +11466,7 @@ static inline bool in_sleepable_context(struct bpf_verifier_env *env) 
{

	return !env->cur_state->active_rcu_locks &&

	       !env->cur_state->active_preempt_locks &&

	       !env->cur_state->active_locks &&

	       !env->cur_state->active_irq_id &&

	       in_sleepable(env);

}
@@ -12372,6 +12373,7 @@ enum special_kfunc_type { 
	KF_bpf_task_work_schedule_resume_impl,

	KF_bpf_arena_alloc_pages,

	KF_bpf_arena_free_pages,

	KF_bpf_arena_reserve_pages,

};









BTF_ID_LIST(special_kfunc_list)








@@ -12448,6 +12450,7 @@ BTF_ID(func, bpf_task_work_schedule_signal_impl)







BTF_ID(func, bpf_task_work_schedule_resume_impl)









BTF_ID(func, bpf_arena_alloc_pages)









BTF_ID(func, bpf_arena_free_pages)









BTF_ID(func, bpf_arena_reserve_pages)

















static bool is_task_work_add_kfunc(u32 func_id)









{








@@ -12883,10 +12886,17 @@ static bool is_bpf_res_spin_lock_kfunc(u32 btf_id)







	       btf_id == special_kfunc_list[KF_bpf_res_spin_unlock_irqrestore];









}

















static bool is_bpf_arena_kfunc(u32 btf_id)









{









	return btf_id == special_kfunc_list[KF_bpf_arena_alloc_pages] ||









	       btf_id == special_kfunc_list[KF_bpf_arena_free_pages] ||









	       btf_id == special_kfunc_list[KF_bpf_arena_reserve_pages];









}

















static bool kfunc_spin_allowed(u32 btf_id)









{









	return is_bpf_graph_api_kfunc(btf_id) || is_bpf_iter_num_api_kfunc(btf_id) ||









	       is_bpf_res_spin_lock_kfunc(btf_id);









	       is_bpf_res_spin_lock_kfunc(btf_id) || is_bpf_arena_kfunc(btf_id);









}

















static bool is_sync_callback_calling_kfunc(u32 btf_id)
































tools/testing/selftests/bpf/progs/verifier_arena.c



+38
−0






























Original line number
Diff line number
Diff line







@@ -10,6 +10,8 @@







#include "bpf_experimental.h"









#include "bpf_arena_common.h"



















#define private(name) SEC(".bss." #name) __hidden __attribute__((aligned(8)))



















struct {









	__uint(type, BPF_MAP_TYPE_ARENA);









	__uint(map_flags, BPF_F_MMAPABLE);








@@ -439,4 +441,40 @@ int iter_maps3(struct bpf_iter__bpf_map *ctx)







	return 0;









}



















private(ARENA_TESTS) struct bpf_spin_lock arena_bpf_test_lock;



















/* Use the arena kfunc API while under a BPF lock. */









SEC("syscall")









__success __retval(0)









int arena_kfuncs_under_bpf_lock(void *ctx)









{









#if defined(__BPF_FEATURE_ADDR_SPACE_CAST)









	char __arena *page;









	int ret;



















	bpf_spin_lock(&arena_bpf_test_lock);



















	/* Get a separate region of the arena. */









	page = arena_base(&arena);









	ret = bpf_arena_reserve_pages(&arena, page, 1);









	if (ret) {









		bpf_spin_unlock(&arena_bpf_test_lock);









		return 1;









	}



















	bpf_arena_free_pages(&arena, page, 1);



















	page = bpf_arena_alloc_pages(&arena, NULL, 1, NUMA_NO_NODE, 0);









	if (!page) {









		bpf_spin_unlock(&arena_bpf_test_lock);









		return 2;









	}



















	bpf_arena_free_pages(&arena, page, 1);



















	bpf_spin_unlock(&arena_bpf_test_lock);









#endif



















	return 0;









}









char _license[] SEC("license") = "GPL";