Message ID | 20230522203352.738576-1-jolsa@kernel.org |
---|---|
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp1710395vqo; Mon, 22 May 2023 13:48:55 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4UuNrPC4aWNUio5/9WBO3J1kbVhBR1IZv6vYnKB9MhXziCCE+twLGd+yTqsTU9SrGzXLJF X-Received: by 2002:a17:902:e811:b0:1af:981b:eeff with SMTP id u17-20020a170902e81100b001af981beeffmr9629575plg.64.1684788535594; Mon, 22 May 2023 13:48:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684788535; cv=none; d=google.com; s=arc-20160816; b=gQ0bAqPRwZ6FbZQvv0UCutReo7cAupxkMlPXUoMVWm0BeCeVRqN0y7X4tZO1dwewzT FQ0NzMnS3jF2asDsMbH9FK3aAkvJSg+cvhrYkkTUlpUvf9UJKO9Rg53Y+drydon99fl2 lgwNSuFWVXZtXyAhbOtKQRMpx1eCR/oLqPIQj0a1v2HL121uu7FgeXdgcCEgTGWLJrq9 y/4cfue/mxFDAUfeokEx7jrO/PWLF6XO3FjkVDTEbqiUM6cuDJ1yp0DFC3mnx5jPMG09 sBcIg8g3y3WUM65shd+ZcrP6uY+JPoEAWDtSK6djqiOC6jlNEiUzOfqTpBLu7/ebZ5HL vKfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=rI/sX+Qhr8YXpme3g/00wyoLEy6ESqMH5yrRDNI+E3M=; b=Rm7RS8dvJ0IUGjgsPURktBKjqI5QeBzesHM15cX9AomK/xslyQE9r4mT4voPMj7tXO XtOUSEQES/sB8sHi/nGn7KnAphW1kzIZbp0AWoYnzJNY2yPSsMdgCxKwgO6u6v31HVXR 79Su9CaviyeMNnWGL+XigGKdAgg55NzDVOTM4ZKlh6z+hxkObFZ5mPZA79NuP5V6cH2K YpgT/GvdOfwPZ8gQoy+b2CaUDx9TkRJeZr6ccSP3ywMd+wEEvYdnahIDxpifl3GTX2N9 NUPGA1U25fleyowo415XOPxKVI02JeLn/9Np22qXgJx+0GFxV+9Tdu//UYhGxXSYDeRU /x/Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=nNUGh6B8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z8-20020a17090abd8800b00252f5383678si7333104pjr.141.2023.05.22.13.48.43; Mon, 22 May 2023 13:48:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=nNUGh6B8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233898AbjEVUeI (ORCPT <rfc822;wlfightup@gmail.com> + 99 others); Mon, 22 May 2023 16:34:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41940 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232184AbjEVUeH (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Mon, 22 May 2023 16:34:07 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EC69FB9; Mon, 22 May 2023 13:34:05 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 71F6462BBC; Mon, 22 May 2023 20:34:05 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B8A8EC433D2; Mon, 22 May 2023 20:33:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1684787644; bh=k0aB+o1daihaSdDKLS6VLR59jpZRIAxsFLSrVS0dxVg=; h=From:To:Cc:Subject:Date:From; b=nNUGh6B848Qg2olakHNvKLbIpygbHL/4n4FAtRuXBc9b+WyxeSw5LFiNyaZU1X4p/ rJAWZFLLZZ0CvvZrAmsFyWbNaAuwNNJjf0SOONItglQgyNRqR0a7YIN7y2V++0vLLp mEstsbuyQAnaxkjQXjTdyHzRFLCCCmIEgDp9oj+kn42+nYdSXA5VEKUSBVpNruyV7H UdVi0sLfLULBWapo0eu79sUlmdfOwKgtxfzgNrKH98X53JT8gLZFO7Mie/EVJVgU5v SZv7KaPiq1/PhJojS200YUAk1ozmggGCQ8nICFt+H/SgLXiXg74ETpgbC8ZsocvDNE nq4aYJX/EOvJw== From: Jiri Olsa <jolsa@kernel.org> To: stable@vger.kernel.org Cc: linux-mm@kvack.org, bpf@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, Masami Hiramatsu <mhiramat@kernel.org>, Tsahee Zidenberg <tsahee@annapurnalabs.com>, Andrii Nakryiko <andrii@kernel.org>, Christoph Hellwig <hch@lst.de>, Daniel Borkmann <daniel@iogearbox.net>, Thomas Gleixner <tglx@linutronix.de>, =?utf-8?q?Mah=C3=A9_Tardy?= <mahe.tardy@isovalent.com>, linux-arm-kernel@lists.infradead.org Subject: [RFC PATCH stable 5.4 0/8] bpf: Fix bpf_probe_read/bpf_probe_read_str helpers Date: Mon, 22 May 2023 22:33:44 +0200 Message-Id: <20230522203352.738576-1-jolsa@kernel.org> X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1766628823718839512?= X-GMAIL-MSGID: =?utf-8?q?1766628823718839512?= |
Series |
bpf: Fix bpf_probe_read/bpf_probe_read_str helpers
|
|
Message
Jiri Olsa
May 22, 2023, 8:33 p.m. UTC
hi, we see broken access to user space with bpf_probe_read/bpf_probe_read_str helpers on arm64 with 5.4 kernel. The problem is that both helpers try to read user memory by calling probe_kernel_read, which seems to work on x86 but fails on arm64. There are several fixes after v5.4 to address this issue. There was an attempt to fix that in past [1], but it deviated far from upstream changes. This patchset tries to follow the upstream changes with 2 notable exceptions: 1) bpf: Add probe_read_{user, kernel} and probe_read_{user, kernel}_str helpers - this upsgream patch adds new helpers, which we don't need to do, we just need following functions (and related helper's glue): bpf_probe_read_kernel_common bpf_probe_read_kernel_str_common that implement bpf_probe_read* helpers and receive fix in next patch below, ommiting any other hunks 2) bpf: rework the compat kernel probe handling - taking only fixes for functions and realted helper's glue that we took from patch above, ommiting any other hunks It's possible to add new helpers and keep the patches closer to upstream, but I thought trying this way first as RFC without adding any new helpers into stable kernel, which might possibly end up later with additional fixes. Also I'm sending this as RFC, because I might be missing some mm related dependency change, that I'm not aware of. We tested new kernel with our use case on arm64 and x86. thanks, jirka [1] https://yhbt.net/lore/all/YHGMFzQlHomDtZYG@kroah.com/t/ --- Andrii Nakryiko (1): bpf: bpf_probe_read_kernel_str() has to return amount of data read on success Christoph Hellwig (4): maccess: clarify kerneldoc comments maccess: rename strncpy_from_unsafe_user to strncpy_from_user_nofault maccess: rename strncpy_from_unsafe_strict to strncpy_from_kernel_nofault bpf: rework the compat kernel probe handling Daniel Borkmann (3): uaccess: Add strict non-pagefault kernel-space read function bpf: Add probe_read_{user, kernel} and probe_read_{user, kernel}_str helpers bpf: Restrict bpf_probe_read{, str}() only to archs where they work arch/arm/Kconfig | 1 + arch/arm64/Kconfig | 1 + arch/x86/Kconfig | 1 + arch/x86/mm/Makefile | 2 +- arch/x86/mm/maccess.c | 43 ++++++++++++++++++++++++++++++++++++++ include/linux/uaccess.h | 8 +++++-- init/Kconfig | 3 +++ kernel/trace/bpf_trace.c | 140 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----------------------------------------- kernel/trace/trace_kprobe.c | 2 +- mm/maccess.c | 63 ++++++++++++++++++++++++++++++++++++++++++++++++------- 10 files changed, 207 insertions(+), 57 deletions(-) create mode 100644 arch/x86/mm/maccess.c
Comments
On Mon, May 22, 2023 at 10:33:44PM +0200, Jiri Olsa wrote: > hi, > we see broken access to user space with bpf_probe_read/bpf_probe_read_str > helpers on arm64 with 5.4 kernel. The problem is that both helpers try to > read user memory by calling probe_kernel_read, which seems to work on x86 > but fails on arm64. Has this ever worked on arm64 for the 5.4 kernel tree? If not, it's not really a regression, and so, why not use a newer kernel that has this new feature added to it there? In other words, what requires you to use the 5.4.y tree and requires feature parity across architectures? thanks, greg k-h
On Fri, May 26, 2023 at 07:54:17PM +0100, Greg KH wrote: > On Mon, May 22, 2023 at 10:33:44PM +0200, Jiri Olsa wrote: > > hi, > > we see broken access to user space with bpf_probe_read/bpf_probe_read_str > > helpers on arm64 with 5.4 kernel. The problem is that both helpers try to > > read user memory by calling probe_kernel_read, which seems to work on x86 > > but fails on arm64. > > Has this ever worked on arm64 for the 5.4 kernel tree? If not, it's not > really a regression, and so, why not use a newer kernel that has this > new feature added to it there? > > In other words, what requires you to use the 5.4.y tree and requires > feature parity across architectures? we have a customer running ok on x86 v5.4, but arm64 is broken with the same bpf/user space code upgrade is an option of course, but it's not a big change and we can have 5.4 working on arm64 as well I can send out the change that will be closer to upstream changes, if that's a concern.. with adding the new probe helpers, which I guess is not a problem, because it does not change current API jirka
On Sun, May 28, 2023 at 10:02:49PM +0200, Jiri Olsa wrote: > On Fri, May 26, 2023 at 07:54:17PM +0100, Greg KH wrote: > > On Mon, May 22, 2023 at 10:33:44PM +0200, Jiri Olsa wrote: > > > hi, > > > we see broken access to user space with bpf_probe_read/bpf_probe_read_str > > > helpers on arm64 with 5.4 kernel. The problem is that both helpers try to > > > read user memory by calling probe_kernel_read, which seems to work on x86 > > > but fails on arm64. > > > > Has this ever worked on arm64 for the 5.4 kernel tree? If not, it's not > > really a regression, and so, why not use a newer kernel that has this > > new feature added to it there? > > > > In other words, what requires you to use the 5.4.y tree and requires > > feature parity across architectures? > > we have a customer running ok on x86 v5.4, but arm64 is broken with > the same bpf/user space code Again why can they not use a newer kernel version? What forces this customer to be stuck with a specific kernel version that spans different processor types? > upgrade is an option of course, but it's not a big change and we can > have 5.4 working on arm64 as well For loads of other reasons, I'd recommend 5.15 or newer for arm64, so why not use that? > I can send out the change that will be closer to upstream changes, > if that's a concern.. with adding the new probe helpers, which I > guess is not a problem, because it does not change current API You are trying to add features to a stable kernel that are not regression fixes, which is something that we generally do not accept into stable kernels. thnaks, greg k-h