On Fri, Jun 20, 2025 at 2:44 PM Alexei Starovoitov
<alexei.starovoitov@xxxxxxxxx> wrote:
>
> On Thu, Jun 19, 2025 at 8:11 PM Emil Tsalapatis <emil@xxxxxxxxxxxxxxx> wrote:
> >
> > Add a new BPF arena kfunc from protecting a range of pages. These pages
> > cannot be allocated, either explicitly through bpf_arena_alloc_pages()
> > or implicitly through userspace page faults.
> >
> > Signed-off-by: Emil Tsalapatis <emil@xxxxxxxxxxxxxxx>
> > ---
> > kernel/bpf/arena.c | 95 ++++++++++++++++++++++++++++++++++++++++++++--
> > 1 file changed, 92 insertions(+), 3 deletions(-)
> >
> > diff --git a/kernel/bpf/arena.c b/kernel/bpf/arena.c
> > index 0d56cea71602..2f9293eb7151 100644
> > --- a/kernel/bpf/arena.c
> > +++ b/kernel/bpf/arena.c
> > @@ -48,6 +48,7 @@ struct bpf_arena {
> > u64 user_vm_end;
> > struct vm_struct *kern_vm;
> > struct range_tree rt;
> > + struct range_tree rt_guard;
>
> ...
>
> > }
> > @@ -282,6 +298,11 @@ static vm_fault_t arena_vm_fault(struct vm_fault *vmf)
> > /* User space requested to segfault when page is not allocated by bpf prog */
> > return VM_FAULT_SIGSEGV;
> >
> > + /* Make sure the page is not guarded. */
> > + ret = is_range_tree_set(&arena->rt_guard, vmf->pgoff, 1);
> > + if (ret)
> > + return VM_FAULT_SIGSEGV;
> > +
> > ret = range_tree_clear(&arena->rt, vmf->pgoff, 1);
>
> Why complicate things with another tree ?
> The logic has to range_tree_clear(&arena->rt, ... anyway
> and here check:
> is_range_tree_set(&arena->rt, ...
>
The idea was to distinguish between allocated and reserved regions to
avoid a stray bpf_arena_free_pages() from freeing a guarded region or
using bpf_arena_guard_pages twice on the same set of addresses. We can
remove the extra tree If we don't care about particularly egregious
misuses of the bpf_arena_* API.
> bpf_arena_guard_pages() won't have EALREADY errors, so be it.
> Keeping another range_tree and spending kernel memory
> just to produce an error to buggy bpf prog is imo wrong trade off.
Same as above, we can remove the checks and extra tree if that's the case.
