From patchwork Mon May 22 20:33:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jiri Olsa X-Patchwork-Id: 9692 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp1710395vqo; Mon, 22 May 2023 13:48:55 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4UuNrPC4aWNUio5/9WBO3J1kbVhBR1IZv6vYnKB9MhXziCCE+twLGd+yTqsTU9SrGzXLJF X-Received: by 2002:a17:902:e811:b0:1af:981b:eeff with SMTP id u17-20020a170902e81100b001af981beeffmr9629575plg.64.1684788535594; Mon, 22 May 2023 13:48:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684788535; cv=none; d=google.com; s=arc-20160816; b=gQ0bAqPRwZ6FbZQvv0UCutReo7cAupxkMlPXUoMVWm0BeCeVRqN0y7X4tZO1dwewzT FQ0NzMnS3jF2asDsMbH9FK3aAkvJSg+cvhrYkkTUlpUvf9UJKO9Rg53Y+drydon99fl2 lgwNSuFWVXZtXyAhbOtKQRMpx1eCR/oLqPIQj0a1v2HL121uu7FgeXdgcCEgTGWLJrq9 y/4cfue/mxFDAUfeokEx7jrO/PWLF6XO3FjkVDTEbqiUM6cuDJ1yp0DFC3mnx5jPMG09 sBcIg8g3y3WUM65shd+ZcrP6uY+JPoEAWDtSK6djqiOC6jlNEiUzOfqTpBLu7/ebZ5HL vKfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=rI/sX+Qhr8YXpme3g/00wyoLEy6ESqMH5yrRDNI+E3M=; b=Rm7RS8dvJ0IUGjgsPURktBKjqI5QeBzesHM15cX9AomK/xslyQE9r4mT4voPMj7tXO XtOUSEQES/sB8sHi/nGn7KnAphW1kzIZbp0AWoYnzJNY2yPSsMdgCxKwgO6u6v31HVXR 79Su9CaviyeMNnWGL+XigGKdAgg55NzDVOTM4ZKlh6z+hxkObFZ5mPZA79NuP5V6cH2K YpgT/GvdOfwPZ8gQoy+b2CaUDx9TkRJeZr6ccSP3ywMd+wEEvYdnahIDxpifl3GTX2N9 NUPGA1U25fleyowo415XOPxKVI02JeLn/9Np22qXgJx+0GFxV+9Tdu//UYhGxXSYDeRU /x/Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=nNUGh6B8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z8-20020a17090abd8800b00252f5383678si7333104pjr.141.2023.05.22.13.48.43; Mon, 22 May 2023 13:48:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=nNUGh6B8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233898AbjEVUeI (ORCPT + 99 others); Mon, 22 May 2023 16:34:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41940 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232184AbjEVUeH (ORCPT ); Mon, 22 May 2023 16:34:07 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EC69FB9; Mon, 22 May 2023 13:34:05 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 71F6462BBC; Mon, 22 May 2023 20:34:05 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B8A8EC433D2; Mon, 22 May 2023 20:33:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1684787644; bh=k0aB+o1daihaSdDKLS6VLR59jpZRIAxsFLSrVS0dxVg=; h=From:To:Cc:Subject:Date:From; b=nNUGh6B848Qg2olakHNvKLbIpygbHL/4n4FAtRuXBc9b+WyxeSw5LFiNyaZU1X4p/ rJAWZFLLZZ0CvvZrAmsFyWbNaAuwNNJjf0SOONItglQgyNRqR0a7YIN7y2V++0vLLp mEstsbuyQAnaxkjQXjTdyHzRFLCCCmIEgDp9oj+kn42+nYdSXA5VEKUSBVpNruyV7H UdVi0sLfLULBWapo0eu79sUlmdfOwKgtxfzgNrKH98X53JT8gLZFO7Mie/EVJVgU5v SZv7KaPiq1/PhJojS200YUAk1ozmggGCQ8nICFt+H/SgLXiXg74ETpgbC8ZsocvDNE nq4aYJX/EOvJw== From: Jiri Olsa To: stable@vger.kernel.org Cc: linux-mm@kvack.org, bpf@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, Masami Hiramatsu , Tsahee Zidenberg , Andrii Nakryiko , Christoph Hellwig , Daniel Borkmann , Thomas Gleixner , =?utf-8?q?Mah=C3=A9_Tardy?= , linux-arm-kernel@lists.infradead.org Subject: [RFC PATCH stable 5.4 0/8] bpf: Fix bpf_probe_read/bpf_probe_read_str helpers Date: Mon, 22 May 2023 22:33:44 +0200 Message-Id: <20230522203352.738576-1-jolsa@kernel.org> X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1766628823718839512?= X-GMAIL-MSGID: =?utf-8?q?1766628823718839512?= hi, we see broken access to user space with bpf_probe_read/bpf_probe_read_str helpers on arm64 with 5.4 kernel. The problem is that both helpers try to read user memory by calling probe_kernel_read, which seems to work on x86 but fails on arm64. There are several fixes after v5.4 to address this issue. There was an attempt to fix that in past [1], but it deviated far from upstream changes. This patchset tries to follow the upstream changes with 2 notable exceptions: 1) bpf: Add probe_read_{user, kernel} and probe_read_{user, kernel}_str helpers - this upsgream patch adds new helpers, which we don't need to do, we just need following functions (and related helper's glue): bpf_probe_read_kernel_common bpf_probe_read_kernel_str_common that implement bpf_probe_read* helpers and receive fix in next patch below, ommiting any other hunks 2) bpf: rework the compat kernel probe handling - taking only fixes for functions and realted helper's glue that we took from patch above, ommiting any other hunks It's possible to add new helpers and keep the patches closer to upstream, but I thought trying this way first as RFC without adding any new helpers into stable kernel, which might possibly end up later with additional fixes. Also I'm sending this as RFC, because I might be missing some mm related dependency change, that I'm not aware of. We tested new kernel with our use case on arm64 and x86. thanks, jirka [1] https://yhbt.net/lore/all/YHGMFzQlHomDtZYG@kroah.com/t/ --- Andrii Nakryiko (1): bpf: bpf_probe_read_kernel_str() has to return amount of data read on success Christoph Hellwig (4): maccess: clarify kerneldoc comments maccess: rename strncpy_from_unsafe_user to strncpy_from_user_nofault maccess: rename strncpy_from_unsafe_strict to strncpy_from_kernel_nofault bpf: rework the compat kernel probe handling Daniel Borkmann (3): uaccess: Add strict non-pagefault kernel-space read function bpf: Add probe_read_{user, kernel} and probe_read_{user, kernel}_str helpers bpf: Restrict bpf_probe_read{, str}() only to archs where they work arch/arm/Kconfig | 1 + arch/arm64/Kconfig | 1 + arch/x86/Kconfig | 1 + arch/x86/mm/Makefile | 2 +- arch/x86/mm/maccess.c | 43 ++++++++++++++++++++++++++++++++++++++ include/linux/uaccess.h | 8 +++++-- init/Kconfig | 3 +++ kernel/trace/bpf_trace.c | 140 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----------------------------------------- kernel/trace/trace_kprobe.c | 2 +- mm/maccess.c | 63 ++++++++++++++++++++++++++++++++++++++++++++++++------- 10 files changed, 207 insertions(+), 57 deletions(-) create mode 100644 arch/x86/mm/maccess.c