From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4CAF8C77B75 for ; Mon, 22 May 2023 20:34:46 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id DA928280002; Mon, 22 May 2023 16:34:45 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D5903900002; Mon, 22 May 2023 16:34:45 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C4837280002; Mon, 22 May 2023 16:34:45 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id ACBB4900002 for ; Mon, 22 May 2023 16:34:45 -0400 (EDT) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 74C8EC04B9 for ; Mon, 22 May 2023 20:34:45 +0000 (UTC) X-FDA: 80819044530.08.71ABA12 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf10.hostedemail.com (Postfix) with ESMTP id BA76EC001A for ; Mon, 22 May 2023 20:34:43 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=OjIfMDYx; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf10.hostedemail.com: domain of jolsa@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=jolsa@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1684787683; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=yA4ZAyo3R1CKvYpgfShk8VphMtVzTLmquJ0JGQ9CRW0=; b=Nv0iGVLF00i0v9fl+PjqURGMLq6HAqXcD1L9KXB3/+piU7ED0REPSAztyg1AEgpYsR5sWg ottMYLb3N3xpEDzsb3IwNyXI0c0JWjJdYa0Gj11MwcNThxpOkbjbWhxn7I/g6DZAQEfele cIu4li7e3RjYKyzHj7cVyqsubkvmbUU= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=OjIfMDYx; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf10.hostedemail.com: domain of jolsa@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=jolsa@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1684787683; a=rsa-sha256; cv=none; b=DhyricbHKLBhboPRIcHQ6W6HTJhbEg3rzGwQJGXFViU3sIb7wDqkatwum3+4kewgH3b+hl Ly9PAH6RkTQfyx/P30z/8AjPbyz23/p2yjBNg0qRVQNiItU4e2oh6GHqOMdNU+inT2OQoq +gaZtZuIH0e36w8PBK0RYEYsscJ1ez4= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id D38F062BD7; Mon, 22 May 2023 20:34:42 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id DB531C433D2; Mon, 22 May 2023 20:34:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1684787682; bh=1nSMve/w+XuFrnfWUZ8RsoJsky+kpG672VPmYmGZMVI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=OjIfMDYxThs+94da/eP9DyEKjk1djZsZmlgvOcUGIyktqWEeB8FDfqbvX2OvN1Ndg 4LNUZF1YbqGcHFMGy/wYetTmlYq8TMdF5GxRgf8C25A1ztK1VriLnqHLM86GQymu+N UYv/1/079BM+ixi2hmsqeYBlLheImXe17wtzaveWoqaxNyL4B96eiccZWuQx+c9KKT iOIaHcGr+VxdNg5jK1RnmG9WcMbVc5OXeqScKHS85tqpBm4x+jT7qFp5OXLLDvS+75 GEV8VDoTAwzMkTCEIWJ0XQq3rYjyuGT9eB7fuONVoKHETfPESc+IkYgvd4IDAy1o+Q 7Mk933+rF7JDg== From: Jiri Olsa To: stable@vger.kernel.org Cc: Linus Torvalds , Masami Hiramatsu , Brendan Gregg , Christoph Hellwig , linux-mm@kvack.org, bpf@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, Tsahee Zidenberg , Andrii Nakryiko , Daniel Borkmann , Thomas Gleixner , =?UTF-8?q?Mah=C3=A9=20Tardy?= , linux-arm-kernel@lists.infradead.org Subject: [RFC PATCH stable 5.4 3/8] bpf: Restrict bpf_probe_read{, str}() only to archs where they work Date: Mon, 22 May 2023 22:33:47 +0200 Message-Id: <20230522203352.738576-4-jolsa@kernel.org> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230522203352.738576-1-jolsa@kernel.org> References: <20230522203352.738576-1-jolsa@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: BA76EC001A X-Stat-Signature: gyquqmjwuzwnh8hmy6bnh4iyrjiemu13 X-Rspam-User: X-HE-Tag: 1684787683-164325 X-HE-Meta: U2FsdGVkX19UmZpGU9hW9poaKZQaVpm9tn91hhzDxzje7KZIsW/3Zaz1vzJg1K/oQHkY10GsnFT47dPWQt3K0gdMpo9uqPhvBZhhzgimg5MjZacrVpEk6NSwRyXvFPaWPf5p2TNiSrODDYVrTkOOXO1k+NQSKwpSKMLRIFu9hx7RIFxmmn1eHCbjum/2Rp3SVjYmLoBHNSEkHtoPqd65jT79L/ZdQOYC7T3IuzeHu8fHSCWu24p0oSdlJhXjGzXUEzaskS1QWYSwXnowmY0OjW9skaV4BOiBEDZtaDjeqqfDWsQLqSDvoJWc9G+368a3iiPyHwNFvUzm1uc/2qcdNX6xa4j3o1CLzQIidelxJQWHkVR15HPpJwWat5UdgTGcNMTfLX0Uo9KxlD3Pu96uwKqHouBDTfFK9ybs2hqPnkHK5c8szhBNPD/+PD89O38yvf5GWCu1Uj0UWgInpKe8bHaXT0MNA6OnjELLR3v4l0UsFANpa55NSueyo/PkIgAI9PqEGWfIt+qfBA08/jJ0BSAvkBqg2fgK9IquglDeEPqoM91XBBbYQrhaHCcY8aRi5GYhJnlRlLX0ZBY/rD7vpNGhYoLu44gU03baS1kxmNXgDlNBt/jjHWMmxTy2mJnzQzrJLqQDB/tASIWvqbm53+7xJz58TgdFmUIqIjhJfTjV9Y9dRy1LOQpNgOHcp3cC7ydcXI4OZprxLQz5dLs+4xoor9FgSOt7epli+nwxtCl/PxXDVvwb7CEM1O4Gm0SWOgN4LAotkbx1xabVpgsG8nvPXzEHdlsEvsGGu4CgywSYr4QPxjKHvqzkP6W8ViSn6lcMsQCkpDJrpD0vazUZ+VZr78nd6FHgN5jtu1b/pWkLZp0N0uzOrlrNL+Rh0HnWzRSFehTYmvoaJBPb+BaObZUhFX13io6rn/0wmHfc8ZtPEvBqULob86WkGS3AHlstjeW0l0qjk5sqncZ85Nt gVss7rbc B3w3gApLgDSkkNQbgFUgM579DgGvhGiuPBGJo4M9aswT+nQ5msBzS3Wp6p9KiAm05Oji2ZJyBpv5SNd9iHBS4gQ6SkBt50UDWK7mgn2TpwQV8ayn3ZyYFczFXdugsTjBoWkonS8WkWnl8MPM+sG+SgHrZPHC2eOHBaaOc2e8RhiekGhZDsXWHUERAWTLVX7eQ3gtgdhVoy1R2yoGw6NcvE+PtyBY/y/DXlgjatOdhKFux2xG/k+kg/5UNBjtfI/5+jfKqfxMG6vFt4REVSRnV/8FJfVWBZ9P9QRIy4IvVL9yeaC26vsPZ6Q29LsHMcqhDujEKHp4j4L7KocjM6OqAsG5WTH+FYWxe+Aj7p251zEx5i6wa9s+FJumQvQHrmUqTYklSFf8rGpwoSZBibnZWq863z1Jrgy0Tuz+JokZ6d7yWpApg8qTJGYP3/cBiYy7hdGMwe9G49EFp/2tT5zVnnsOEvQiUOX9fvjX5wYPGBfSbA3mcSf5hEOvh3u7FsEgTztidwiXKeQKMMyjolQMkeVj4eel0I2YyAY7ExDtoIircFnXD9Futnvt2401Le+ox/xRX8lJo47KeC3eFfhKeZVpaG3rqamqC4Xb+2lJcE/6pIqiO2RR0PuKZNU8rmqyWm4JQ X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Daniel Borkmann commit 0ebeea8ca8a4d1d453ad299aef0507dab04f6e8d upstream. [Small context conflicts due to not bckported changes in previous patch] Given the legacy bpf_probe_read{,str}() BPF helpers are broken on archs with overlapping address ranges, we should really take the next step to disable them from BPF use there. To generally fix the situation, we've recently added new helper variants bpf_probe_read_{user,kernel}() and bpf_probe_read_{user,kernel}_str(). For details on them, see 6ae08ae3dea2 ("bpf: Add probe_read_{user, kernel} and probe_read_{user,kernel}_str helpers"). Given bpf_probe_read{,str}() have been around for ~5 years by now, there are plenty of users at least on x86 still relying on them today, so we cannot remove them entirely w/o breaking the BPF tracing ecosystem. However, their use should be restricted to archs with non-overlapping address ranges where they are working in their current form. Therefore, move this behind a CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE and have x86, arm64, arm select it (other archs supporting it can follow-up on it as well). For the remaining archs, they can workaround easily by relying on the feature probe from bpftool which spills out defines that can be used out of BPF C code to implement the drop-in replacement for old/new kernels via: bpftool feature probe macro Suggested-by: Linus Torvalds Signed-off-by: Daniel Borkmann Signed-off-by: Alexei Starovoitov Reviewed-by: Masami Hiramatsu Acked-by: Linus Torvalds Cc: Brendan Gregg Cc: Christoph Hellwig Link: https://lore.kernel.org/bpf/20200515101118.6508-2-daniel@iogearbox.net --- arch/arm/Kconfig | 1 + arch/arm64/Kconfig | 1 + arch/x86/Kconfig | 1 + init/Kconfig | 3 +++ kernel/trace/bpf_trace.c | 2 ++ 5 files changed, 8 insertions(+) diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index a70696a95b79..7c1cb0ebdb18 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -14,6 +14,7 @@ config ARM select ARCH_HAS_KEEPINITRD select ARCH_HAS_KCOV select ARCH_HAS_MEMBARRIER_SYNC_CORE + select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE select ARCH_HAS_PTE_SPECIAL if ARM_LPAE select ARCH_HAS_PHYS_TO_DMA select ARCH_HAS_SETUP_DMA_OPS diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 384b1bf56667..0d96acb2ca3e 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -22,6 +22,7 @@ config ARM64 select ARCH_HAS_KCOV select ARCH_HAS_KEEPINITRD select ARCH_HAS_MEMBARRIER_SYNC_CORE + select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE select ARCH_HAS_PTE_DEVMAP select ARCH_HAS_PTE_SPECIAL select ARCH_HAS_SETUP_DMA_OPS diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 6002252692af..7be388116732 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -70,6 +70,7 @@ config X86 select ARCH_HAS_KCOV if X86_64 select ARCH_HAS_MEM_ENCRYPT select ARCH_HAS_MEMBARRIER_SYNC_CORE + select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE select ARCH_HAS_PMEM_API if X86_64 select ARCH_HAS_PTE_DEVMAP if X86_64 select ARCH_HAS_PTE_SPECIAL diff --git a/init/Kconfig b/init/Kconfig index f641518f4ac5..2297b7ce6665 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -2231,6 +2231,9 @@ config ASN1 source "kernel/Kconfig.locks" +config ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE + bool + config ARCH_HAS_SYNC_CORE_BEFORE_USERMODE bool diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index 9ac27d48cc8e..61c81c38202b 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -737,10 +737,12 @@ tracing_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) return &bpf_current_task_under_cgroup_proto; case BPF_FUNC_get_prandom_u32: return &bpf_get_prandom_u32_proto; +#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE case BPF_FUNC_probe_read: return &bpf_probe_read_compat_proto; case BPF_FUNC_probe_read_str: return &bpf_probe_read_compat_str_proto; +#endif #ifdef CONFIG_CGROUPS case BPF_FUNC_get_current_cgroup_id: return &bpf_get_current_cgroup_id_proto; -- 2.40.1