Re: [PATCH bpf-next v2 7/8] bpf: Add tests for task_local_storage

From: KP Singh
Date: Wed Nov 04 2020 - 06:03:56 EST


[...]

> > Ahh. Yes. That should do it. Right now I don't see concerns with safety
> > of the bpf_spin_lock in bpf_lsm progs.
>
> What about sleepable lsm hooks? Normally we wouldn't expect to sleep with
> a spinlock held. Should we have a check to ensure programs bpf_spin_lock
> are not also sleepable?

Thanks. Yes, I added that to my patch:

diff --git a/kernel/bpf/bpf_lsm.c b/kernel/bpf/bpf_lsm.c
index 61f8cc52fd5b..93383df2140b 100644
--- a/kernel/bpf/bpf_lsm.c
+++ b/kernel/bpf/bpf_lsm.c
@@ -63,6 +63,10 @@ bpf_lsm_func_proto(enum bpf_func_id func_id, const
struct bpf_prog *prog)
return &bpf_task_storage_get_proto;
case BPF_FUNC_task_storage_delete:
return &bpf_task_storage_delete_proto;
+ case BPF_FUNC_spin_lock:
+ return &bpf_spin_lock_proto;
+ case BPF_FUNC_spin_unlock:
+ return &bpf_spin_unlock_proto;
default:
return tracing_prog_func_proto(func_id, prog);
}
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 314018e8fc12..8892f7ba2041 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -9739,6 +9739,23 @@ static int check_map_prog_compatibility(struct
bpf_verifier_env *env,
return -EINVAL;
}

+ if (map_value_has_spin_lock(map)) {
+ if (prog_type == BPF_PROG_TYPE_SOCKET_FILTER) {
+ verbose(env, "socket filter progs cannot use
bpf_spin_lock yet\n");
+ return -EINVAL;
+ }
+
+ if (is_tracing_prog_type(prog_type)) {
+ verbose(env, "tracing progs cannot use
bpf_spin_lock yet\n");
+ return -EINVAL;
+ }
+
+ if (prog->aux->sleepable) {
+ verbose(env, "sleepable progs cannot use
bpf_spin_lock\n");
+ return -EINVAL;
+ }
+ }
+