On Wed, Sep 10, 2025 at 10:44:42AM +0800, Yafang Shao wrote:
> When CONFIG_MEMCG is enabled, we can access mm->owner under RCU. The
> owner can be NULL. With this change, BPF helpers can safely access
> mm->owner to retrieve the associated task from the mm. We can then make
> policy decision based on the task attribute.
>
> The typical use case is as follows,
>
> bpf_rcu_read_lock(); // rcu lock must be held for rcu trusted field
> @owner = @mm->owner; // mm_struct::owner is rcu trusted or null
> if (!@owner)
> goto out;
>
> /* Do something based on the task attribute */
>
> out:
> bpf_rcu_read_unlock();
>
> Suggested-by: Andrii Nakryiko <andrii@xxxxxxxxxx>
This is one for the BPF people, but this seems reasonable afaict so:
Acked-by: Lorenzo Stoakes <lorenzo.stoakes@xxxxxxxxxx>
> Signed-off-by: Yafang Shao <laoar.shao@xxxxxxxxx>
> ---
> kernel/bpf/verifier.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index c4f69a9e9af6..d400e18ee31e 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -7123,6 +7123,9 @@ BTF_TYPE_SAFE_RCU(struct cgroup_subsys_state) {
> /* RCU trusted: these fields are trusted in RCU CS and can be NULL */
> BTF_TYPE_SAFE_RCU_OR_NULL(struct mm_struct) {
> struct file __rcu *exe_file;
> +#ifdef CONFIG_MEMCG
> + struct task_struct __rcu *owner;
> +#endif
> };
>
> /* skb->sk, req->sk are not RCU protected, but we mark them as such
> --
> 2.47.3
>
