08a7ce384e
This patch uses bpf_mem_alloc for the task and cgroup local storage that the bpf prog can easily get a hold of the storage owner's PTR_TO_BTF_ID. eg. bpf_get_current_task_btf() can be used in some of the kmalloc code path which will cause deadlock/recursion. bpf_mem_cache_alloc is deadlock free and will solve a legit use case in [1]. For sk storage, its batch creation benchmark shows a few percent regression when the sk create/destroy batch size is larger than 32. The sk creation/destruction happens much more often and depends on external traffic. Considering it is hypothetical to be able to cause deadlock with sk storage, it can cross the bridge to use bpf_mem_alloc till a legit (ie. useful) use case comes up. For inode storage, bpf_local_storage_destroy() is called before waiting for a rcu gp and its memory cannot be reused immediately. inode stays with kmalloc/kfree after the rcu [or tasks_trace] gp. A 'bool bpf_ma' argument is added to bpf_local_storage_map_alloc(). Only task and cgroup storage have 'bpf_ma == true' which means to use bpf_mem_cache_alloc/free(). This patch only changes selem to use bpf_mem_alloc for task and cgroup. The next patch will change the local_storage to use bpf_mem_alloc also for task and cgroup. Here is some more details on the changes: * memory allocation: After bpf_mem_cache_alloc(), the SDATA(selem)->data is zero-ed because bpf_mem_cache_alloc() could return a reused selem. It is to keep the existing bpf_map_kzalloc() behavior. Only SDATA(selem)->data is zero-ed. SDATA(selem)->data is the visible part to the bpf prog. No need to use zero_map_value() to do the zeroing because bpf_selem_free(..., reuse_now = true) ensures no bpf prog is using the selem before returning the selem through bpf_mem_cache_free(). For the internal fields of selem, they will be initialized when linking to the new smap and the new local_storage. When 'bpf_ma == false', nothing changes in this patch. It will stay with the bpf_map_kzalloc(). * memory free: The bpf_selem_free() and bpf_selem_free_rcu() are modified to handle the bpf_ma == true case. For the common selem free path where its owner is also being destroyed, the mem is freed in bpf_local_storage_destroy(), the owner (task and cgroup) has gone through a rcu gp. The memory can be reused immediately, so bpf_local_storage_destroy() will call bpf_selem_free(..., reuse_now = true) which will do bpf_mem_cache_free() for immediate reuse consideration. An exception is the delete elem code path. The delete elem code path is called from the helper bpf_*_storage_delete() and the syscall bpf_map_delete_elem(). This path is an unusual case for local storage because the common use case is to have the local storage staying with its owner life time so that the bpf prog and the user space does not have to monitor the owner's destruction. For the delete elem path, the selem cannot be reused immediately because there could be bpf prog using it. It will call bpf_selem_free(..., reuse_now = false) and it will wait for a rcu tasks trace gp before freeing the elem. The rcu callback is changed to do bpf_mem_cache_raw_free() instead of kfree(). When 'bpf_ma == false', it should be the same as before. __bpf_selem_free() is added to do the kfree_rcu and call_tasks_trace_rcu(). A few words on the 'reuse_now == true'. When 'reuse_now == true', it is still racing with bpf_local_storage_map_free which is under rcu protection, so it still needs to wait for a rcu gp instead of kfree(). Otherwise, the selem may be reused by slab for a totally different struct while the bpf_local_storage_map_free() is still using it (as a rcu reader). For the inode case, there may be other rcu readers also. In short, when bpf_ma == false and reuse_now == true => vanilla rcu. [1]: https://lore.kernel.org/bpf/20221118190109.1512674-1-namhyung@kernel.org/ Cc: Namhyung Kim <namhyung@kernel.org> Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org> Link: https://lore.kernel.org/r/20230322215246.1675516-3-martin.lau@linux.dev Signed-off-by: Alexei Starovoitov <ast@kernel.org>
241 lines
5.9 KiB
C
241 lines
5.9 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
/*
|
|
* Copyright (c) 2022 Meta Platforms, Inc. and affiliates.
|
|
*/
|
|
|
|
#include <linux/types.h>
|
|
#include <linux/bpf.h>
|
|
#include <linux/bpf_local_storage.h>
|
|
#include <uapi/linux/btf.h>
|
|
#include <linux/btf_ids.h>
|
|
|
|
DEFINE_BPF_STORAGE_CACHE(cgroup_cache);
|
|
|
|
static DEFINE_PER_CPU(int, bpf_cgrp_storage_busy);
|
|
|
|
static void bpf_cgrp_storage_lock(void)
|
|
{
|
|
migrate_disable();
|
|
this_cpu_inc(bpf_cgrp_storage_busy);
|
|
}
|
|
|
|
static void bpf_cgrp_storage_unlock(void)
|
|
{
|
|
this_cpu_dec(bpf_cgrp_storage_busy);
|
|
migrate_enable();
|
|
}
|
|
|
|
static bool bpf_cgrp_storage_trylock(void)
|
|
{
|
|
migrate_disable();
|
|
if (unlikely(this_cpu_inc_return(bpf_cgrp_storage_busy) != 1)) {
|
|
this_cpu_dec(bpf_cgrp_storage_busy);
|
|
migrate_enable();
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
static struct bpf_local_storage __rcu **cgroup_storage_ptr(void *owner)
|
|
{
|
|
struct cgroup *cg = owner;
|
|
|
|
return &cg->bpf_cgrp_storage;
|
|
}
|
|
|
|
void bpf_cgrp_storage_free(struct cgroup *cgroup)
|
|
{
|
|
struct bpf_local_storage *local_storage;
|
|
|
|
rcu_read_lock();
|
|
local_storage = rcu_dereference(cgroup->bpf_cgrp_storage);
|
|
if (!local_storage) {
|
|
rcu_read_unlock();
|
|
return;
|
|
}
|
|
|
|
bpf_cgrp_storage_lock();
|
|
bpf_local_storage_destroy(local_storage);
|
|
bpf_cgrp_storage_unlock();
|
|
rcu_read_unlock();
|
|
}
|
|
|
|
static struct bpf_local_storage_data *
|
|
cgroup_storage_lookup(struct cgroup *cgroup, struct bpf_map *map, bool cacheit_lockit)
|
|
{
|
|
struct bpf_local_storage *cgroup_storage;
|
|
struct bpf_local_storage_map *smap;
|
|
|
|
cgroup_storage = rcu_dereference_check(cgroup->bpf_cgrp_storage,
|
|
bpf_rcu_lock_held());
|
|
if (!cgroup_storage)
|
|
return NULL;
|
|
|
|
smap = (struct bpf_local_storage_map *)map;
|
|
return bpf_local_storage_lookup(cgroup_storage, smap, cacheit_lockit);
|
|
}
|
|
|
|
static void *bpf_cgrp_storage_lookup_elem(struct bpf_map *map, void *key)
|
|
{
|
|
struct bpf_local_storage_data *sdata;
|
|
struct cgroup *cgroup;
|
|
int fd;
|
|
|
|
fd = *(int *)key;
|
|
cgroup = cgroup_get_from_fd(fd);
|
|
if (IS_ERR(cgroup))
|
|
return ERR_CAST(cgroup);
|
|
|
|
bpf_cgrp_storage_lock();
|
|
sdata = cgroup_storage_lookup(cgroup, map, true);
|
|
bpf_cgrp_storage_unlock();
|
|
cgroup_put(cgroup);
|
|
return sdata ? sdata->data : NULL;
|
|
}
|
|
|
|
static long bpf_cgrp_storage_update_elem(struct bpf_map *map, void *key,
|
|
void *value, u64 map_flags)
|
|
{
|
|
struct bpf_local_storage_data *sdata;
|
|
struct cgroup *cgroup;
|
|
int fd;
|
|
|
|
fd = *(int *)key;
|
|
cgroup = cgroup_get_from_fd(fd);
|
|
if (IS_ERR(cgroup))
|
|
return PTR_ERR(cgroup);
|
|
|
|
bpf_cgrp_storage_lock();
|
|
sdata = bpf_local_storage_update(cgroup, (struct bpf_local_storage_map *)map,
|
|
value, map_flags, GFP_ATOMIC);
|
|
bpf_cgrp_storage_unlock();
|
|
cgroup_put(cgroup);
|
|
return PTR_ERR_OR_ZERO(sdata);
|
|
}
|
|
|
|
static int cgroup_storage_delete(struct cgroup *cgroup, struct bpf_map *map)
|
|
{
|
|
struct bpf_local_storage_data *sdata;
|
|
|
|
sdata = cgroup_storage_lookup(cgroup, map, false);
|
|
if (!sdata)
|
|
return -ENOENT;
|
|
|
|
bpf_selem_unlink(SELEM(sdata), false);
|
|
return 0;
|
|
}
|
|
|
|
static long bpf_cgrp_storage_delete_elem(struct bpf_map *map, void *key)
|
|
{
|
|
struct cgroup *cgroup;
|
|
int err, fd;
|
|
|
|
fd = *(int *)key;
|
|
cgroup = cgroup_get_from_fd(fd);
|
|
if (IS_ERR(cgroup))
|
|
return PTR_ERR(cgroup);
|
|
|
|
bpf_cgrp_storage_lock();
|
|
err = cgroup_storage_delete(cgroup, map);
|
|
bpf_cgrp_storage_unlock();
|
|
cgroup_put(cgroup);
|
|
return err;
|
|
}
|
|
|
|
static int notsupp_get_next_key(struct bpf_map *map, void *key, void *next_key)
|
|
{
|
|
return -ENOTSUPP;
|
|
}
|
|
|
|
static struct bpf_map *cgroup_storage_map_alloc(union bpf_attr *attr)
|
|
{
|
|
return bpf_local_storage_map_alloc(attr, &cgroup_cache, true);
|
|
}
|
|
|
|
static void cgroup_storage_map_free(struct bpf_map *map)
|
|
{
|
|
bpf_local_storage_map_free(map, &cgroup_cache, NULL);
|
|
}
|
|
|
|
/* *gfp_flags* is a hidden argument provided by the verifier */
|
|
BPF_CALL_5(bpf_cgrp_storage_get, struct bpf_map *, map, struct cgroup *, cgroup,
|
|
void *, value, u64, flags, gfp_t, gfp_flags)
|
|
{
|
|
struct bpf_local_storage_data *sdata;
|
|
|
|
WARN_ON_ONCE(!bpf_rcu_lock_held());
|
|
if (flags & ~(BPF_LOCAL_STORAGE_GET_F_CREATE))
|
|
return (unsigned long)NULL;
|
|
|
|
if (!cgroup)
|
|
return (unsigned long)NULL;
|
|
|
|
if (!bpf_cgrp_storage_trylock())
|
|
return (unsigned long)NULL;
|
|
|
|
sdata = cgroup_storage_lookup(cgroup, map, true);
|
|
if (sdata)
|
|
goto unlock;
|
|
|
|
/* only allocate new storage, when the cgroup is refcounted */
|
|
if (!percpu_ref_is_dying(&cgroup->self.refcnt) &&
|
|
(flags & BPF_LOCAL_STORAGE_GET_F_CREATE))
|
|
sdata = bpf_local_storage_update(cgroup, (struct bpf_local_storage_map *)map,
|
|
value, BPF_NOEXIST, gfp_flags);
|
|
|
|
unlock:
|
|
bpf_cgrp_storage_unlock();
|
|
return IS_ERR_OR_NULL(sdata) ? (unsigned long)NULL : (unsigned long)sdata->data;
|
|
}
|
|
|
|
BPF_CALL_2(bpf_cgrp_storage_delete, struct bpf_map *, map, struct cgroup *, cgroup)
|
|
{
|
|
int ret;
|
|
|
|
WARN_ON_ONCE(!bpf_rcu_lock_held());
|
|
if (!cgroup)
|
|
return -EINVAL;
|
|
|
|
if (!bpf_cgrp_storage_trylock())
|
|
return -EBUSY;
|
|
|
|
ret = cgroup_storage_delete(cgroup, map);
|
|
bpf_cgrp_storage_unlock();
|
|
return ret;
|
|
}
|
|
|
|
const struct bpf_map_ops cgrp_storage_map_ops = {
|
|
.map_meta_equal = bpf_map_meta_equal,
|
|
.map_alloc_check = bpf_local_storage_map_alloc_check,
|
|
.map_alloc = cgroup_storage_map_alloc,
|
|
.map_free = cgroup_storage_map_free,
|
|
.map_get_next_key = notsupp_get_next_key,
|
|
.map_lookup_elem = bpf_cgrp_storage_lookup_elem,
|
|
.map_update_elem = bpf_cgrp_storage_update_elem,
|
|
.map_delete_elem = bpf_cgrp_storage_delete_elem,
|
|
.map_check_btf = bpf_local_storage_map_check_btf,
|
|
.map_mem_usage = bpf_local_storage_map_mem_usage,
|
|
.map_btf_id = &bpf_local_storage_map_btf_id[0],
|
|
.map_owner_storage_ptr = cgroup_storage_ptr,
|
|
};
|
|
|
|
const struct bpf_func_proto bpf_cgrp_storage_get_proto = {
|
|
.func = bpf_cgrp_storage_get,
|
|
.gpl_only = false,
|
|
.ret_type = RET_PTR_TO_MAP_VALUE_OR_NULL,
|
|
.arg1_type = ARG_CONST_MAP_PTR,
|
|
.arg2_type = ARG_PTR_TO_BTF_ID,
|
|
.arg2_btf_id = &bpf_cgroup_btf_id[0],
|
|
.arg3_type = ARG_PTR_TO_MAP_VALUE_OR_NULL,
|
|
.arg4_type = ARG_ANYTHING,
|
|
};
|
|
|
|
const struct bpf_func_proto bpf_cgrp_storage_delete_proto = {
|
|
.func = bpf_cgrp_storage_delete,
|
|
.gpl_only = false,
|
|
.ret_type = RET_INTEGER,
|
|
.arg1_type = ARG_CONST_MAP_PTR,
|
|
.arg2_type = ARG_PTR_TO_BTF_ID,
|
|
.arg2_btf_id = &bpf_cgroup_btf_id[0],
|
|
};
|