Re: [PATCH] bpf: verifier: allow arrays of progs to be used in sleepable context

From: Daniel Borkmann
Date: Mon Apr 22 2024 - 11:44:50 EST


On 4/22/24 9:16 AM, Benjamin Tissoires wrote:
Arrays of progs are underlying using regular arrays, but they can only
be updated from a syscall.
Therefore, they should be safe to use while in a sleepable context.

This is required to be able to call bpf_tail_call() from a sleepable
tracing bpf program.

Signed-off-by: Benjamin Tissoires <bentiss@xxxxxxxxxx>
---
Hi,

a small patch to allow to have:

```
SEC("fmod_ret.s/__hid_bpf_tail_call_sleepable")
int BPF_PROG(hid_tail_call_sleepable, struct hid_bpf_ctx *hctx)
{
bpf_tail_call(ctx, &hid_jmp_table, hctx->index);

return 0;
}
```

This should allow me to add bpf hooks to functions that communicate with
the hardware.

Could you also add selftests to it? In particular, I'm thinking that this is not
sufficient given also bpf_prog_map_compatible() needs to be extended to check on
prog->sleepable. For example we would need to disallow calling sleepable programs
in that map from non-sleepable context.

kernel/bpf/verifier.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 68cfd6fc6ad4..880b32795136 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -18171,6 +18171,7 @@ static int check_map_prog_compatibility(struct bpf_verifier_env *env,
case BPF_MAP_TYPE_QUEUE:
case BPF_MAP_TYPE_STACK:
case BPF_MAP_TYPE_ARENA:
+ case BPF_MAP_TYPE_PROG_ARRAY:
break;
default:
verbose(env,

---
base-commit: 735f5b8a7ccf383e50d76f7d1c25769eee474812
change-id: 20240422-sleepable_array_progs-e0c07b17cabb

Best regards,