From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 49E3FC28D13
	for <linux-mm@archiver.kernel.org>; Fri, 19 Aug 2022 23:01:22 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id A28CA6B0073; Fri, 19 Aug 2022 19:01:21 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 9D97D6B0074; Fri, 19 Aug 2022 19:01:21 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 89FD18D0001; Fri, 19 Aug 2022 19:01:21 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17])
	by kanga.kvack.org (Postfix) with ESMTP id 7B7246B0073
	for <linux-mm@kvack.org>; Fri, 19 Aug 2022 19:01:21 -0400 (EDT)
Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay03.hostedemail.com (Postfix) with ESMTP id 4EA12A1B64
	for <linux-mm@kvack.org>; Fri, 19 Aug 2022 23:01:21 +0000 (UTC)
X-FDA: 79817865162.06.4AF5207
Received: from mail-ej1-f50.google.com (mail-ej1-f50.google.com [209.85.218.50])
	by imf02.hostedemail.com (Postfix) with ESMTP id F40AC80011
	for <linux-mm@kvack.org>; Fri, 19 Aug 2022 23:01:20 +0000 (UTC)
Received: by mail-ej1-f50.google.com with SMTP id dc19so11312805ejb.12
        for <linux-mm@kvack.org>; Fri, 19 Aug 2022 16:01:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc;
        bh=DeLotKDnm1W9Sm/K3ySjCvSBY2vLq82CSDe7WjRLcqc=;
        b=kBdtes5N3UtjzjnhMZzG6liZ2+EvOCx/H94tnZSfqc13HQzzQskl1RPFfZyqWn156m
         ewHw8fHvh4MHGBpZGeAYKaCyxxAbk91IZsh57EXicYR1ZL2lf8EkQQUL9UbJucXiysgZ
         B1zPI1LuJnSeAHD0H6nvEM3xgfj0Kofe9/1rz5YSfeLVidChg/DRFT/zJ9XThjhbBfZ1
         elMmabizvGDpsVyz7NiYxCDMFEOMSPWMigi99NFwv5UKBtf7nL3RcW9tOdkDdsYFtE4X
         xsexwnRwSFvUsXDuKYMKrz5KD8sKdArxlPC17M02CErGPHFZXWURTjoYO3UH6lFWeP9Y
         dNgg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc;
        bh=DeLotKDnm1W9Sm/K3ySjCvSBY2vLq82CSDe7WjRLcqc=;
        b=FsBjX1uPAOTa3zVMBMNvheE12ZFNGeFI6h8BjEWb/eZNFqECTDbbBcE7NPAXFtJh+C
         1T36+TXO7VypMhA5h2y6UbUgyJ1rfpwjhbcvSpfBIS8iNSxs//ofQI44nVogNmSOR4KX
         Es2TkIvUfCnuE/hUtz9CsluT/dV0XpqEGEje5Z0ZWYXJha+sbaE7Q0CJLl2P1SBX+g3k
         hjtDq2Z7aAqQhnVkTvu/jEcLclEJT/qAccjmejCDm7TWJEC3uRpXYDCKu9Rhsr+kK2Du
         J4RbVT1Y5QLKrs2p8Upp/FKhOYrm4KGBUBlp2XRXvX6crHPAOt3jRXk2HsA1AbxSun1r
         hKBA==
X-Gm-Message-State: ACgBeo3MF9Z6GEuCLb0zfJY//yWHDqMs+jJd8x2Y/nnX4txviLTG1bO5
	iEUJFz7oeoE4r958kmMtAIAc0gj0hPZCKDilxJg=
X-Google-Smtp-Source: AA6agR6OIk4Qer0KXPbkajEDbVSXNvTmhfgusw4vUtg1cRO8tKlkiWiNmRnvrh+mcyNnu3mENwyGeuPWEcBqexyp3ME=
X-Received: by 2002:a17:907:272a:b0:731:4699:b375 with SMTP id
 d10-20020a170907272a00b007314699b375mr6198595ejl.633.1660950079717; Fri, 19
 Aug 2022 16:01:19 -0700 (PDT)
MIME-Version: 1.0
References: <20220819214232.18784-1-alexei.starovoitov@gmail.com>
 <20220819214232.18784-14-alexei.starovoitov@gmail.com> <CAP01T75MUMKzacdE+AcKqgXy1jA5FyMwKXxiibD0ML3OFSqvsw@mail.gmail.com>
 <20220819224317.i3mwmr5atdztudtt@MacBook-Pro-3.local.dhcp.thefacebook.com> <CAP01T77A1pqYQKeECDSCoxH1pQ1Vxcm84B8_D_r0xoZv_bbq_A@mail.gmail.com>
In-Reply-To: <CAP01T77A1pqYQKeECDSCoxH1pQ1Vxcm84B8_D_r0xoZv_bbq_A@mail.gmail.com>
From: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Date: Fri, 19 Aug 2022 16:01:08 -0700
Message-ID: <CAADnVQLXKaNsP7VuGBfnrsNwEZ2BYQYcQ=s3EGS-g6HhM9E1uA@mail.gmail.com>
Subject: Re: [PATCH v3 bpf-next 13/15] bpf: Prepare bpf_mem_alloc to be used
 by sleepable bpf programs.
To: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Cc: "David S. Miller" <davem@davemloft.net>, Daniel Borkmann <daniel@iogearbox.net>, 
	Andrii Nakryiko <andrii@kernel.org>, Tejun Heo <tj@kernel.org>, Delyan Kratunov <delyank@fb.com>, 
	linux-mm <linux-mm@kvack.org>, bpf <bpf@vger.kernel.org>, 
	Kernel Team <kernel-team@fb.com>
Content-Type: text/plain; charset="UTF-8"
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1660950080;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=DeLotKDnm1W9Sm/K3ySjCvSBY2vLq82CSDe7WjRLcqc=;
	b=hkmeSYXSdFAm39BIQ88Amu/UPM1oOMHsl7gKC1bGwbTDfMGf3+LPRCCrqUE5MQRtC04hw+
	OeV4uq6NjfLSZOSnQ9ooW6bMvWmNM/5GvmQcefv5lCT9AYibEVJljvvn91Ab5P1z7hWh6H
	P6xpBawlrAgaQGecXOdIzxaP6rBGXMg=
ARC-Authentication-Results: i=1;
	imf02.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20210112 header.b=kBdtes5N;
	spf=pass (imf02.hostedemail.com: domain of alexei.starovoitov@gmail.com designates 209.85.218.50 as permitted sender) smtp.mailfrom=alexei.starovoitov@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1660950080; a=rsa-sha256;
	cv=none;
	b=aJeLGYyCHi3cAQrOzbCvZRiIIM/XVkdeFYbw7lCeG7gt1kYH0M+qwxa96KdVdkL62VyiEA
	nxALTtukIeZpW03TOTWtVucstcSWhtle8M2v+G77e/6ZMGQUN3XPWULFuFvBmWDoIdWxz2
	G+H32l9/kd9RxDkBf0oOzqBxbprhfPg=
X-Rspam-User: 
X-Rspamd-Queue-Id: F40AC80011
Authentication-Results: imf02.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20210112 header.b=kBdtes5N;
	spf=pass (imf02.hostedemail.com: domain of alexei.starovoitov@gmail.com designates 209.85.218.50 as permitted sender) smtp.mailfrom=alexei.starovoitov@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
X-Stat-Signature: 9eucnowu6wefurwt66quz8jr57ahcus4
X-Rspamd-Server: rspam10
X-HE-Tag: 1660950080-616424
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Fri, Aug 19, 2022 at 3:56 PM Kumar Kartikeya Dwivedi
<memxor@gmail.com> wrote:
>
> On Sat, 20 Aug 2022 at 00:43, Alexei Starovoitov
> <alexei.starovoitov@gmail.com> wrote:
> >
> > On Sat, Aug 20, 2022 at 12:21:46AM +0200, Kumar Kartikeya Dwivedi wrote:
> > > On Fri, 19 Aug 2022 at 23:43, Alexei Starovoitov
> > > <alexei.starovoitov@gmail.com> wrote:
> > > >
> > > > From: Alexei Starovoitov <ast@kernel.org>
> > > >
> > > > Use call_rcu_tasks_trace() to wait for sleepable progs to finish.
> > > > Then use call_rcu() to wait for normal progs to finish
> > > > and finally do free_one() on each element when freeing objects
> > > > into global memory pool.
> > > >
> > > > Signed-off-by: Alexei Starovoitov <ast@kernel.org>
> > > > ---
> > >
> > > I fear this can make OOM issues very easy to run into, because one
> > > sleepable prog that sleeps for a long period of time can hold the
> > > freeing of elements from another sleepable prog which either does not
> > > sleep often or sleeps for a very short period of time, and has a high
> > > update frequency. I'm mostly worried that unrelated sleepable programs
> > > not even using the same map will begin to affect each other.
> >
> > 'sleep for long time'? sleepable bpf prog doesn't mean that they can sleep.
> > sleepable progs can copy_from_user, but they're not allowed to waste time.
>
> It is certainly possible to waste time, but indirectly, not through
> the BPF program itself.
>
> If you have userfaultfd enabled (for unpriv users), an unprivileged
> user can trap a sleepable BPF prog (say LSM) using bpf_copy_from_user
> for as long as it wants. A similar case can be done using FUSE, IIRC.
>
> You can then say it's a problem about unprivileged users being able to
> use userfaultfd or FUSE, or we could think about fixing
> bpf_copy_from_user to return -EFAULT for this case, but it is totally
> possible right now for malicious userspace to extend the tasks trace
> gp like this for minutes (or even longer) on a system where sleepable
> BPF programs are using e.g. bpf_copy_from_user.

Well in that sense userfaultfd can keep all sorts of things
in the kernel from making progress.
But nothing to do with OOM.
There is still the max_entries limit.
The amount of objects in waiting_for_gp is guaranteed to be less
than full prealloc.