From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0B7D8C4829A
	for <linux-mm@archiver.kernel.org>; Tue, 13 Feb 2024 23:19:23 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 9AE778D0022; Tue, 13 Feb 2024 18:19:22 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 95DFA8D000E; Tue, 13 Feb 2024 18:19:22 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 826638D0022; Tue, 13 Feb 2024 18:19:22 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17])
	by kanga.kvack.org (Postfix) with ESMTP id 745968D000E
	for <linux-mm@kvack.org>; Tue, 13 Feb 2024 18:19:22 -0500 (EST)
Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay07.hostedemail.com (Postfix) with ESMTP id 48DFD160388
	for <linux-mm@kvack.org>; Tue, 13 Feb 2024 23:19:22 +0000 (UTC)
X-FDA: 81788348964.09.6A3228E
Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43])
	by imf26.hostedemail.com (Postfix) with ESMTP id 62F4F140003
	for <linux-mm@kvack.org>; Tue, 13 Feb 2024 23:19:20 +0000 (UTC)
Authentication-Results: imf26.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20230601 header.b=BqExwOHh;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (imf26.hostedemail.com: domain of alexei.starovoitov@gmail.com designates 209.85.128.43 as permitted sender) smtp.mailfrom=alexei.starovoitov@gmail.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1707866360;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=kt6s6Ej8MuqAWc5N8F6CKBIyyqaP8ka39LFQocmEaRA=;
	b=4b+m1FvYJpWEypyQGi7nEievf1c/zTWGoMWiBRZSz4cPhZ07CnAW4WOMeH/4HwANuNRMrF
	4jy7psdKeontp7umHbtA9NP6TxmupIEwnOcaw3tXYeyo7ERGSfbNMSzdx78FmQ33YsM5ky
	AOIgz0LB5w5QrjRxCKeUkM8p+/paeZU=
ARC-Authentication-Results: i=1;
	imf26.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20230601 header.b=BqExwOHh;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (imf26.hostedemail.com: domain of alexei.starovoitov@gmail.com designates 209.85.128.43 as permitted sender) smtp.mailfrom=alexei.starovoitov@gmail.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1707866360; a=rsa-sha256;
	cv=none;
	b=hF0uzC7arozmZjxzaZ/e2je7uFrkjDdbwIv82gwPPNWnUwyEVIJfqFHjz5OmneLuMjTtQM
	idT54NtQgxVykk7ZeBDO+rQO9/ymlxp/vNEFEZ/4FHufAbKxNfWLwjiTQo6BzSTlA1VV8W
	0rtTLN3iUy6JVhOsM1d+fgdWycm7zWk=
Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-411dd149c97so2506645e9.2
        for <linux-mm@kvack.org>; Tue, 13 Feb 2024 15:19:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1707866359; x=1708471159; darn=kvack.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=kt6s6Ej8MuqAWc5N8F6CKBIyyqaP8ka39LFQocmEaRA=;
        b=BqExwOHh1xAGRd3IdQscvqNLxkPuEDBY4b1nSWrZt4RD5N/MWGhcWgFcz6TA430Hvs
         iXrdAIXnGVu38VNKqGx/9abDXIZ4e34r23m7bseSEehqlYu8tJkMgjxNie5Xp7xmX1qH
         cKVsBH7gDizXnvHsJCBr/lRg3LMEbTX+yFleREuQ9h9oKS4tlf7MbyOxXdiaqg1ggwl+
         H9ChYW2x7n9iQyRf8hgwSoSHZXPgdDN8GdYQIzkohDFxmvs0+Cs5iueMtqAasbtKptOB
         IcQKfY16pGxAYvdIuBJnb9jrOcG94JMiVOF4uOAmF76yAVbhdS8E+1jjG6qNcRZQrjpW
         ZszA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1707866359; x=1708471159;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=kt6s6Ej8MuqAWc5N8F6CKBIyyqaP8ka39LFQocmEaRA=;
        b=Tvbml1iksBSMTJCkK+t4NY5jhkV5BlbYIHCEBqsSMhyOUQwNLPZPlfsymGwOMOOm/a
         n53Gmiiv2fGigYsQXlDXUBOQrb/2cAmoQMKl05fGI01rXQzNP4N+o4NMhVnEKBxcYh87
         55kvG5DyA0zsSnfGvwGxCB5WGamhUMEpaV2rKye+IwDegxouDcz3gfcat8E6/lDc8VoC
         44CZgtqEUew5/urhWaIz8vhfOc11APXTZOGeuaBJ2DIY75Q8qxZgHrFRMR0mL6EF6vmx
         kwYUTFitUVI37TqOutFa0eXlbAd5Q3zIxDY7y8wVoeOD/32dqyNj1WJL24k7KzHli8GJ
         tBvQ==
X-Forwarded-Encrypted: i=1; AJvYcCVZjDM8ZCWpxF/tsuDJv7n8CC/jB7osTvPG5oKpqxGcA61q/JGDBPKGA6FT3PwZL+GTh0usxbUVJfWYLvFqhN2pVS0=
X-Gm-Message-State: AOJu0YwQUj6mlRvNHIqh/yWruymbXscgeYgYsx4EI1jO41LuPcdgGlEz
	3dI1GwDDzaQjAs19eDxrtgeI/oN3aVMQGtGDfHt0+ii90ar/aZDeIeVYNKPwHy9M/bbCHW4Jx2o
	fPzhceXeCorfhKm+SU77EXhty608=
X-Google-Smtp-Source: AGHT+IFeaxIzToO5yxCQ5kY53F+O0bhe/SExpv3DP7CqPn60+/5hu71SPjam9EDDcJRFQ4HTIzlYj0ca5txX5Zrz/fA=
X-Received: by 2002:a5d:6510:0:b0:33b:1588:2250 with SMTP id
 x16-20020a5d6510000000b0033b15882250mr561440wru.8.1707866358558; Tue, 13 Feb
 2024 15:19:18 -0800 (PST)
MIME-Version: 1.0
References: <20240209040608.98927-1-alexei.starovoitov@gmail.com>
 <20240209040608.98927-18-alexei.starovoitov@gmail.com> <20240209231433.GE975217@maniforge.lan>
 <CAADnVQJsdbUuvkp67_z5xprA+UP=O9rTcwm3xRkpqSArrGqNaA@mail.gmail.com> <CAP01T75qCUabu4-18nYwRDnSyTTgeAgNN3kePY5PXdnoTKt+Cg@mail.gmail.com>
In-Reply-To: <CAP01T75qCUabu4-18nYwRDnSyTTgeAgNN3kePY5PXdnoTKt+Cg@mail.gmail.com>
From: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Date: Tue, 13 Feb 2024 15:19:07 -0800
Message-ID: <CAADnVQLEpADj=BSzCqf69mMTm2Q4dWLOd=VjGEJSW68Qha=9yQ@mail.gmail.com>
Subject: Re: [PATCH v2 bpf-next 17/20] selftests/bpf: Add unit tests for bpf_arena_alloc/free_pages
To: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Cc: David Vernet <void@manifault.com>, bpf <bpf@vger.kernel.org>, 
	Daniel Borkmann <daniel@iogearbox.net>, Andrii Nakryiko <andrii@kernel.org>, Eddy Z <eddyz87@gmail.com>, 
	Tejun Heo <tj@kernel.org>, Barret Rhoden <brho@google.com>, Johannes Weiner <hannes@cmpxchg.org>, 
	Lorenzo Stoakes <lstoakes@gmail.com>, Andrew Morton <akpm@linux-foundation.org>, 
	Uladzislau Rezki <urezki@gmail.com>, Christoph Hellwig <hch@infradead.org>, linux-mm <linux-mm@kvack.org>, 
	Kernel Team <kernel-team@fb.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Queue-Id: 62F4F140003
X-Rspam-User: 
X-Rspamd-Server: rspam04
X-Stat-Signature: 6e7i1inro7g75t8to6zgyzzw1sksnmpa
X-HE-Tag: 1707866360-740942
X-HE-Meta: U2FsdGVkX19DdTPUq5zfsvSJw4Jo0CdBif3j4QzhPZVqc8q/sn5z1ahfLSHRmnGnXxhvp+6vuMXzqwpPJEBaFdsqCjjrUxccjNs2fZMdUtqlHUFOelRyvPT6VEQp0q4uY2HquZXXr5WIKYHKNo9nSKUpJ/g+3LX1a2ztdsDDljIASfgLfYJHeERq/gnEDIuVUUIwkPsv4F1/90nF24Pw+eJLMeSVPXFm2q0jpkATJ/Zdl4iNGGBEu7GeLzJiUzDoKxBvMhL1VXEhg0s5QWBQD5WLjjYtybE2GGXS5QieNUKM0PLEb/3poX8W5uCDWm/WlBwuLaVSYlTPdzxHZbzjRT96irY8zI4rjbRBeyExpeq+fzcar2SO9NATCDVVq58uM0evlasqas9DAWgNvfJBrTte6BiDEOM9CfBCLOMBe41d5QEFVedzsmssema93QvR8hGzZQEBBLC/XwnByXg01N8NTZmlLs4QWDPs85PnKQxlzxq9ADSbMswn1cJERQ2Kea6uye0irrCMOjpaKfuwVyqcME5Dh2/yl6BCrotqCJ2JJGW+6WY+bnoClotWSnM/lndU10dHkqqlND80cqauAnHGwMvNm8YT4qZlVPMhxeV6ER/ai/C1/ZQcR3u9M31UFxNChV/LowXJ5Bd9TZ+uEaiRx+IldKMGjnrhcvBNoOSY5QFs8+DT/Z1Abxx64QwJWPgJeqfLzqvvegYxRr4HmLJr3yL9g2iG3l39N+X9D1VUnfe79R/JkHMBf0672J8omAFEm+0g9gel0tYrFpX4NvjZId4511McKs215qoaPSFGbjhNam1WtcZfCrqME/gnMedvGpR6W+u3taRK/A3SKx5LJ9yAEGnYLIl5Eyl3K34SzKSAhMpU04FkFD93F1xIsv0hGIcHupW1fHec0YHn9PUMV+i44k1YCJAOLQd+VGUahSpK5m8N1bTeVCo83YW5APPOu9bOa0xPsc1RQ3t
 mbzFgu8b
 HA7kJ6P7uKlzi+8ZRhaNLxTGw2eywiK2iWUDX8j5fixbizPrGixNYWPvFN5TkgFzKzfMLjBvq5dqnP7cAvxXKVJuUGS1pKVMUZG1mpGhOe3GqxZcoGFq/77qw9EdR3yBjdgtDnBHtJmS9xd06NIexGT+uINgI9Ae/7W+HKy1EsLdD0L+fmdu1WzAH8UtSZ3YvbVKtx9rzvwRrH+O/Atdx9vr2PV6DjnR10fXe3ogvlLd1uApVPgGO6MYVQQFdK61bGtawEwa0xyEY6ERrQ3M0KwvsBInghVygJJewAM46uDq7eIxExX5iuge4RGXX/IliLloEDCd5VekMFt9JaDnZBr679Mk6gy9GVbZrlFdOZaObIrWVeFMWBPiTkwHc0EvyMf9FiednzgBnsABmwSog/MNd/la4KbJFKA9uFx7SoDmZvBacNwdhWNNtqr/94q0ZJvxU2Vtu7j/he4p78aB56ARwtlOle9PaCvziSPEPrsbgCbBRIx3oCDN9vA5t70up+vgJ
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000001, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Fri, Feb 9, 2024 at 11:03=E2=80=AFPM Kumar Kartikeya Dwivedi
<memxor@gmail.com> wrote:
>
> On Sat, 10 Feb 2024 at 05:35, Alexei Starovoitov
> <alexei.starovoitov@gmail.com> wrote:
> >
> > On Fri, Feb 9, 2024 at 3:14=E2=80=AFPM David Vernet <void@manifault.com=
> wrote:
> > >
> > > > +
> > > > +#ifndef arena_container_of
> > >
> > > Why is this ifndef required if we have a pragma once above?
> >
> > Just a habit to check for a macro before defining it.
> >
> > > Obviously it's way better for us to actually have arenas in the inter=
im
> > > so this is fine for now, but UAF bugs could potentially be pretty
> > > painful until we get proper exception unwinding support.
> >
> > Detection that arena access faulted doesn't have to come after
> > exception unwinding. Exceptions vs cancellable progs are also different=
.
>
> What do you mean exactly by 'cancellable progs'? That they can be
> interrupted at any (or well-known) points and stopped? I believe
> whatever plumbing was done to enable exceptions will be useful there
> as well. The verifier would just need to know e.g. that a load into
> PTR_TO_ARENA may fault, and thus generate descriptors for all frames
> for that pc. Then, at runtime, you could technically release all
> resources by looking up the frame descriptor and unwind the stack and
> return back to the caller of the prog.

I don't think it's a scalable approach.
I'm still trying to understand your exceptions part 2 series,
but from what I understand so far the scalability is a real concern.

>
> > A record of the line in bpf prog that caused the first fault is probabl=
y
> > good enough for prog debugging.
> >
>
> I think it would make more sense to abort the program by default,
> because use-after-free in the arena most certainly means a bug in the
> program.

yes, but aborting vs safe continue and remember the first wrong access
from debuggability pov is the same thing.
aborting by itself also doesn't mean that the prog is auto-detached.
It may run again a split second later and won't hit abort condition.

Recording of first wrong access (either abort or pf in arena) is
must have regardless.