bpf: Add pid filter support for uprobe_multi link

Adding support to specify pid for uprobe_multi link and the uprobes
are created only for task with given pid value.

Using the consumer.filter filter callback for that, so the task gets
filtered during the uprobe installation.

We still need to check the task during runtime in the uprobe handler,
because the handler could get executed if there's another system
wide consumer on the same uprobe (thanks Oleg for the insight).

Cc: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Acked-by: Yonghong Song <yonghong.song@linux.dev>
Link: https://lore.kernel.org/r/20230809083440.3209381-6-jolsa@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index d7f4f50b1e58ab051573057a9d72db7ec4448d3c..8790b3962e4b85f22593f8f9c9f8d94eaf6981f3 100644 (file)
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -1642,6 +1642,7 @@ union bpf_attr {
                                __aligned_u64   cookies;
                                __u32           cnt;
                                __u32           flags;
+                               __u32           pid;
                        } uprobe_multi;
                };
        } link_create;

diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index ef17cd05262e65978967e5a0b1474083ac44e370..10666d17b9e3ba8647e29c30c80bad59689c941e 100644 (file)
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -4882,7 +4882,7 @@ err_put:
        return err;
 }
 
-#define BPF_LINK_CREATE_LAST_FIELD link_create.uprobe_multi.flags
+#define BPF_LINK_CREATE_LAST_FIELD link_create.uprobe_multi.pid
 static int link_create(union bpf_attr *attr, bpfptr_t uattr)
 {
        struct bpf_prog *prog;

diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index 0d59cac30c7ed72f6fd7f93d61061c906ce1a83d..e45aebed62f52b099a71b1af5032478b380c6f89 100644 (file)
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -3003,6 +3003,7 @@ struct bpf_uprobe_multi_link {
        struct bpf_link link;
        u32 cnt;
        struct bpf_uprobe *uprobes;
+       struct task_struct *task;
 };
 
 struct bpf_uprobe_multi_run_ctx {
@@ -3035,6 +3036,8 @@ static void bpf_uprobe_multi_link_dealloc(struct bpf_link *link)
        struct bpf_uprobe_multi_link *umulti_link;
 
        umulti_link = container_of(link, struct bpf_uprobe_multi_link, link);
+       if (umulti_link->task)
+               put_task_struct(umulti_link->task);
        path_put(&umulti_link->path);
        kvfree(umulti_link->uprobes);
        kfree(umulti_link);
@@ -3059,6 +3062,9 @@ static int uprobe_prog_run(struct bpf_uprobe *uprobe,
        struct bpf_run_ctx *old_run_ctx;
        int err = 0;
 
+       if (link->task && current != link->task)
+               return 0;
+
        if (sleepable)
                rcu_read_lock_trace();
        else
@@ -3079,6 +3085,16 @@ static int uprobe_prog_run(struct bpf_uprobe *uprobe,
        return err;
 }
 
+static bool
+uprobe_multi_link_filter(struct uprobe_consumer *con, enum uprobe_filter_ctx ctx,
+                        struct mm_struct *mm)
+{
+       struct bpf_uprobe *uprobe;
+
+       uprobe = container_of(con, struct bpf_uprobe, consumer);
+       return uprobe->link->task->mm == mm;
+}
+
 static int
 uprobe_multi_link_handler(struct uprobe_consumer *con, struct pt_regs *regs)
 {
@@ -3112,12 +3128,14 @@ int bpf_uprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr
        unsigned long *ref_ctr_offsets = NULL;
        struct bpf_link_primer link_primer;
        struct bpf_uprobe *uprobes = NULL;
+       struct task_struct *task = NULL;
        unsigned long __user *uoffsets;
        u64 __user *ucookies;
        void __user *upath;
        u32 flags, cnt, i;
        struct path path;
        char *name;
+       pid_t pid;
        int err;
 
        /* no support for 32bit archs yet */
@@ -3161,6 +3179,15 @@ int bpf_uprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr
                goto error_path_put;
        }
 
+       pid = attr->link_create.uprobe_multi.pid;
+       if (pid) {
+               rcu_read_lock();
+               task = get_pid_task(find_vpid(pid), PIDTYPE_PID);
+               rcu_read_unlock();
+               if (!task)
+                       goto error_path_put;
+       }
+
        err = -ENOMEM;
 
        link = kzalloc(sizeof(*link), GFP_KERNEL);
@@ -3195,11 +3222,15 @@ int bpf_uprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr
                        uprobes[i].consumer.ret_handler = uprobe_multi_link_ret_handler;
                else
                        uprobes[i].consumer.handler = uprobe_multi_link_handler;
+
+               if (pid)
+                       uprobes[i].consumer.filter = uprobe_multi_link_filter;
        }
 
        link->cnt = cnt;
        link->uprobes = uprobes;
        link->path = path;
+       link->task = task;
 
        bpf_link_init(&link->link, BPF_LINK_TYPE_UPROBE_MULTI,
                      &bpf_uprobe_multi_link_lops, prog);
@@ -3226,6 +3257,8 @@ error_free:
        kvfree(ref_ctr_offsets);
        kvfree(uprobes);
        kfree(link);
+       if (task)
+               put_task_struct(task);
 error_path_put:
        path_put(&path);
        return err;

diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
index d7f4f50b1e58ab051573057a9d72db7ec4448d3c..8790b3962e4b85f22593f8f9c9f8d94eaf6981f3 100644 (file)
--- a/tools/include/uapi/linux/bpf.h
+++ b/tools/include/uapi/linux/bpf.h
@@ -1642,6 +1642,7 @@ union bpf_attr {
                                __aligned_u64   cookies;
                                __u32           cnt;
                                __u32           flags;
+                               __u32           pid;
                        } uprobe_multi;
                };
        } link_create;