| Message ID | 20230522203352.738576-1-jolsa@kernel.org |
|---|---|
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp1710395vqo;
Mon, 22 May 2023 13:48:55 -0700 (PDT)
X-Google-Smtp-Source:
ACHHUZ4UuNrPC4aWNUio5/9WBO3J1kbVhBR1IZv6vYnKB9MhXziCCE+twLGd+yTqsTU9SrGzXLJF
X-Received: by 2002:a17:902:e811:b0:1af:981b:eeff with SMTP id
u17-20020a170902e81100b001af981beeffmr9629575plg.64.1684788535594;
Mon, 22 May 2023 13:48:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1684788535; cv=none;
d=google.com; s=arc-20160816;
b=gQ0bAqPRwZ6FbZQvv0UCutReo7cAupxkMlPXUoMVWm0BeCeVRqN0y7X4tZO1dwewzT
FQ0NzMnS3jF2asDsMbH9FK3aAkvJSg+cvhrYkkTUlpUvf9UJKO9Rg53Y+drydon99fl2
lgwNSuFWVXZtXyAhbOtKQRMpx1eCR/oLqPIQj0a1v2HL121uu7FgeXdgcCEgTGWLJrq9
y/4cfue/mxFDAUfeokEx7jrO/PWLF6XO3FjkVDTEbqiUM6cuDJ1yp0DFC3mnx5jPMG09
sBcIg8g3y3WUM65shd+ZcrP6uY+JPoEAWDtSK6djqiOC6jlNEiUzOfqTpBLu7/ebZ5HL
vKfQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from:dkim-signature;
bh=rI/sX+Qhr8YXpme3g/00wyoLEy6ESqMH5yrRDNI+E3M=;
b=Rm7RS8dvJ0IUGjgsPURktBKjqI5QeBzesHM15cX9AomK/xslyQE9r4mT4voPMj7tXO
XtOUSEQES/sB8sHi/nGn7KnAphW1kzIZbp0AWoYnzJNY2yPSsMdgCxKwgO6u6v31HVXR
79Su9CaviyeMNnWGL+XigGKdAgg55NzDVOTM4ZKlh6z+hxkObFZ5mPZA79NuP5V6cH2K
YpgT/GvdOfwPZ8gQoy+b2CaUDx9TkRJeZr6ccSP3ywMd+wEEvYdnahIDxpifl3GTX2N9
NUPGA1U25fleyowo415XOPxKVI02JeLn/9Np22qXgJx+0GFxV+9Tdu//UYhGxXSYDeRU
/x/Q==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@kernel.org header.s=k20201202 header.b=nNUGh6B8;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
z8-20020a17090abd8800b00252f5383678si7333104pjr.141.2023.05.22.13.48.43;
Mon, 22 May 2023 13:48:55 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@kernel.org header.s=k20201202 header.b=nNUGh6B8;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S233898AbjEVUeI (ORCPT <rfc822;wlfightup@gmail.com> + 99 others);
Mon, 22 May 2023 16:34:08 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41940 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S232184AbjEVUeH (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Mon, 22 May 2023 16:34:07 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org
[IPv6:2604:1380:4641:c500::1])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EC69FB9;
Mon, 22 May 2023 13:34:05 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by dfw.source.kernel.org (Postfix) with ESMTPS id 71F6462BBC;
Mon, 22 May 2023 20:34:05 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id B8A8EC433D2;
Mon, 22 May 2023 20:33:59 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
s=k20201202; t=1684787644;
bh=k0aB+o1daihaSdDKLS6VLR59jpZRIAxsFLSrVS0dxVg=;
h=From:To:Cc:Subject:Date:From;
b=nNUGh6B848Qg2olakHNvKLbIpygbHL/4n4FAtRuXBc9b+WyxeSw5LFiNyaZU1X4p/
rJAWZFLLZZ0CvvZrAmsFyWbNaAuwNNJjf0SOONItglQgyNRqR0a7YIN7y2V++0vLLp
mEstsbuyQAnaxkjQXjTdyHzRFLCCCmIEgDp9oj+kn42+nYdSXA5VEKUSBVpNruyV7H
UdVi0sLfLULBWapo0eu79sUlmdfOwKgtxfzgNrKH98X53JT8gLZFO7Mie/EVJVgU5v
SZv7KaPiq1/PhJojS200YUAk1ozmggGCQ8nICFt+H/SgLXiXg74ETpgbC8ZsocvDNE
nq4aYJX/EOvJw==
From: Jiri Olsa <jolsa@kernel.org>
To: stable@vger.kernel.org
Cc: linux-mm@kvack.org, bpf@vger.kernel.org, x86@kernel.org,
linux-kernel@vger.kernel.org, Masami Hiramatsu <mhiramat@kernel.org>,
Tsahee Zidenberg <tsahee@annapurnalabs.com>,
Andrii Nakryiko <andrii@kernel.org>, Christoph Hellwig <hch@lst.de>,
Daniel Borkmann <daniel@iogearbox.net>, Thomas Gleixner <tglx@linutronix.de>,
=?utf-8?q?Mah=C3=A9_Tardy?= <mahe.tardy@isovalent.com>,
linux-arm-kernel@lists.infradead.org
Subject: [RFC PATCH stable 5.4 0/8] bpf: Fix bpf_probe_read/bpf_probe_read_str
helpers
Date: Mon, 22 May 2023 22:33:44 +0200
Message-Id: <20230522203352.738576-1-jolsa@kernel.org>
X-Mailer: git-send-email 2.40.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1766628823718839512?=
X-GMAIL-MSGID: =?utf-8?q?1766628823718839512?=
|
| Series |
bpf: Fix bpf_probe_read/bpf_probe_read_str helpers
|
|
Message
Jiri Olsa
May 22, 2023, 8:33 p.m. UTC
hi,
we see broken access to user space with bpf_probe_read/bpf_probe_read_str
helpers on arm64 with 5.4 kernel. The problem is that both helpers try to
read user memory by calling probe_kernel_read, which seems to work on x86
but fails on arm64.
There are several fixes after v5.4 to address this issue.
There was an attempt to fix that in past [1], but it deviated far from
upstream changes.
This patchset tries to follow the upstream changes with 2 notable exceptions:
1) bpf: Add probe_read_{user, kernel} and probe_read_{user, kernel}_str helpers
- this upsgream patch adds new helpers, which we don't need to do,
we just need following functions (and related helper's glue):
bpf_probe_read_kernel_common
bpf_probe_read_kernel_str_common
that implement bpf_probe_read* helpers and receive fix in next
patch below, ommiting any other hunks
2) bpf: rework the compat kernel probe handling
- taking only fixes for functions and realted helper's glue that we took
from patch above, ommiting any other hunks
It's possible to add new helpers and keep the patches closer to upstream,
but I thought trying this way first as RFC without adding any new helpers
into stable kernel, which might possibly end up later with additional fixes.
Also I'm sending this as RFC, because I might be missing some mm related
dependency change, that I'm not aware of.
We tested new kernel with our use case on arm64 and x86.
thanks,
jirka
[1] https://yhbt.net/lore/all/YHGMFzQlHomDtZYG@kroah.com/t/
---
Andrii Nakryiko (1):
bpf: bpf_probe_read_kernel_str() has to return amount of data read on success
Christoph Hellwig (4):
maccess: clarify kerneldoc comments
maccess: rename strncpy_from_unsafe_user to strncpy_from_user_nofault
maccess: rename strncpy_from_unsafe_strict to strncpy_from_kernel_nofault
bpf: rework the compat kernel probe handling
Daniel Borkmann (3):
uaccess: Add strict non-pagefault kernel-space read function
bpf: Add probe_read_{user, kernel} and probe_read_{user, kernel}_str helpers
bpf: Restrict bpf_probe_read{, str}() only to archs where they work
arch/arm/Kconfig | 1 +
arch/arm64/Kconfig | 1 +
arch/x86/Kconfig | 1 +
arch/x86/mm/Makefile | 2 +-
arch/x86/mm/maccess.c | 43 ++++++++++++++++++++++++++++++++++++++
include/linux/uaccess.h | 8 +++++--
init/Kconfig | 3 +++
kernel/trace/bpf_trace.c | 140 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-----------------------------------------
kernel/trace/trace_kprobe.c | 2 +-
mm/maccess.c | 63 ++++++++++++++++++++++++++++++++++++++++++++++++-------
10 files changed, 207 insertions(+), 57 deletions(-)
create mode 100644 arch/x86/mm/maccess.c
Comments
On Mon, May 22, 2023 at 10:33:44PM +0200, Jiri Olsa wrote: > hi, > we see broken access to user space with bpf_probe_read/bpf_probe_read_str > helpers on arm64 with 5.4 kernel. The problem is that both helpers try to > read user memory by calling probe_kernel_read, which seems to work on x86 > but fails on arm64. Has this ever worked on arm64 for the 5.4 kernel tree? If not, it's not really a regression, and so, why not use a newer kernel that has this new feature added to it there? In other words, what requires you to use the 5.4.y tree and requires feature parity across architectures? thanks, greg k-h
On Fri, May 26, 2023 at 07:54:17PM +0100, Greg KH wrote: > On Mon, May 22, 2023 at 10:33:44PM +0200, Jiri Olsa wrote: > > hi, > > we see broken access to user space with bpf_probe_read/bpf_probe_read_str > > helpers on arm64 with 5.4 kernel. The problem is that both helpers try to > > read user memory by calling probe_kernel_read, which seems to work on x86 > > but fails on arm64. > > Has this ever worked on arm64 for the 5.4 kernel tree? If not, it's not > really a regression, and so, why not use a newer kernel that has this > new feature added to it there? > > In other words, what requires you to use the 5.4.y tree and requires > feature parity across architectures? we have a customer running ok on x86 v5.4, but arm64 is broken with the same bpf/user space code upgrade is an option of course, but it's not a big change and we can have 5.4 working on arm64 as well I can send out the change that will be closer to upstream changes, if that's a concern.. with adding the new probe helpers, which I guess is not a problem, because it does not change current API jirka
On Sun, May 28, 2023 at 10:02:49PM +0200, Jiri Olsa wrote: > On Fri, May 26, 2023 at 07:54:17PM +0100, Greg KH wrote: > > On Mon, May 22, 2023 at 10:33:44PM +0200, Jiri Olsa wrote: > > > hi, > > > we see broken access to user space with bpf_probe_read/bpf_probe_read_str > > > helpers on arm64 with 5.4 kernel. The problem is that both helpers try to > > > read user memory by calling probe_kernel_read, which seems to work on x86 > > > but fails on arm64. > > > > Has this ever worked on arm64 for the 5.4 kernel tree? If not, it's not > > really a regression, and so, why not use a newer kernel that has this > > new feature added to it there? > > > > In other words, what requires you to use the 5.4.y tree and requires > > feature parity across architectures? > > we have a customer running ok on x86 v5.4, but arm64 is broken with > the same bpf/user space code Again why can they not use a newer kernel version? What forces this customer to be stuck with a specific kernel version that spans different processor types? > upgrade is an option of course, but it's not a big change and we can > have 5.4 working on arm64 as well For loads of other reasons, I'd recommend 5.15 or newer for arm64, so why not use that? > I can send out the change that will be closer to upstream changes, > if that's a concern.. with adding the new probe helpers, which I > guess is not a problem, because it does not change current API You are trying to add features to a stable kernel that are not regression fixes, which is something that we generally do not accept into stable kernels. thnaks, greg k-h