Message ID | 20231215091216.135791411@infradead.org |
---|---|
Headers |
Return-Path: <linux-kernel+bounces-689-ouuuleilei=gmail.com@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:3b04:b0:fb:cd0c:d3e with SMTP id c4csp9149676dys; Fri, 15 Dec 2023 01:36:58 -0800 (PST) X-Google-Smtp-Source: AGHT+IGmjSXW0kDHIcB3c5Q8kkYtP2dShTGfdqukkwsWzBUKHFR7py4nd69YIHPCI61fvTkAt9dJ X-Received: by 2002:a05:620a:815:b0:77f:a45c:26f2 with SMTP id s21-20020a05620a081500b0077fa45c26f2mr2652543qks.98.1702633017895; Fri, 15 Dec 2023 01:36:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702633017; cv=none; d=google.com; s=arc-20160816; b=S2oEi8lWWwd+HwNAi3XwszEPrAV1QsWW2GWfknu9ivaJGiaji/X6GaImoVQLs3iU8n dAavyDyJJ8OqVlsWTLU8mUJBaITz33RHOepDUPQLB3ZT8AfGAgEDhk1BwyVEQc6qEAsw Tq1wpX1ubz6cUzbhAY4x0RbQeo2QyprhOUA5qEm17PIT77riCDCYSEmix2yTFYXuVrl9 fT0gEAMvDxjIj6gJ7zIzYO9MyDEBVrRT77heomqbTwfBmC3PaDBpAId+ef9cLUk2U4r8 LTV9zNaAgr/gSYL9XdNg8O0uGggq7uWyglrYcfTI5LnHYa0WXoqCl2N1NxBlLa5PlV2D l7xg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-id:precedence:subject:cc:to :from:date:user-agent:message-id:dkim-signature; bh=M6xOa2fYXl3T5Nij1IGMapcelc4vod3qWujvkNL82EQ=; fh=vd912/km9qZuP2V7TBjqUWoA7VSy9ThzbPxJdH/Qh1E=; b=qD/Z2sWAPJxTiO6LUUcm+1Cf5NhKyR1q6YYKYognwZq3akvZJO5cVbTcytMdsi7fGt 2Om5OAPYdT4zMAbIghXxoNFaFafGeQQvalq5C+qh7Ty+oZ3T3qP4eQHABlj05COTgqLt /NfWnyrhL3Cdko+qv4KARAPuRBxR8U83fH3bMvRMlYgR/V3DIXiiEiuBTRxFWng2LyIR T0bIqBt+4HqGmqKzyF6mcA28rnzfBV/lS0tMbTIbZagi8+nArBWuO/O8Flw2nUmhIwbU psxphOZf6EgfY3cz0BcR+adm4pwxkkY9CbRUue4YaQ1fJaXEDuYolgfXmtG96h3a/Mc1 6uiw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@infradead.org header.s=desiato.20200630 header.b=j2nwutH6; spf=pass (google.com: domain of linux-kernel+bounces-689-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-689-ouuuleilei=gmail.com@vger.kernel.org" Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id bs33-20020a05620a472100b0077d9abb901fsi17748854qkb.242.2023.12.15.01.36.57 for <ouuuleilei@gmail.com> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Dec 2023 01:36:57 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-689-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=desiato.20200630 header.b=j2nwutH6; spf=pass (google.com: domain of linux-kernel+bounces-689-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-689-ouuuleilei=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 996341C223EF for <ouuuleilei@gmail.com>; Fri, 15 Dec 2023 09:36:57 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 23468179B1; Fri, 15 Dec 2023 09:33:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="j2nwutH6" X-Original-To: linux-kernel@vger.kernel.org Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7CA6119BDF; Fri, 15 Dec 2023 09:33:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=infradead.org Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=desiato.20200630; h=Subject:Cc:To:From:Date:Message-Id: Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:In-Reply-To:References; bh=M6xOa2fYXl3T5Nij1IGMapcelc4vod3qWujvkNL82EQ=; b=j2nwutH6cjxGn6zu9q2Jxr8W3/ lkRuWHA2VNVNiroJZLzT3fOMTKjNSK3zCVlitlmqCKQRc9laFozuwpeLaX80Nl7i1NNbb0Kkkv5Hs zNiDBMcPiWrP8fj+JA+GnjcNpHzvNZ2IXuwpp7btsy8hWHGWejQeP82Tud78W4yQ2XkZiAAYMOfll HNyB5ItcoZlsTNiJ4XPTiu0S/fO4WybnLTjLpeBqgENl/hsbTr3bpZciOgIQFP2jjLI9l3eElim4H bzk1m8T76cJeCvy43cpiRZwwtWYIkWf5BK1MB6n8Ia2VTaIl/vzPClRahZBKIudlpWS+fp3yQpKD5 Qm4R46Ig==; Received: from j130084.upc-j.chello.nl ([24.132.130.84] helo=noisy.programming.kicks-ass.net) by desiato.infradead.org with esmtpsa (Exim 4.96 #2 (Red Hat Linux)) id 1rE4ZE-009rFx-0N; Fri, 15 Dec 2023 09:33:12 +0000 Received: by noisy.programming.kicks-ass.net (Postfix, from userid 0) id BCB7C3005B2; Fri, 15 Dec 2023 10:33:11 +0100 (CET) Message-Id: <20231215091216.135791411@infradead.org> User-Agent: quilt/0.65 Date: Fri, 15 Dec 2023 10:12:16 +0100 From: Peter Zijlstra <peterz@infradead.org> To: Alexei Starovoitov <alexei.starovoitov@gmail.com> Cc: paul.walmsley@sifive.com, palmer@dabbelt.com, aou@eecs.berkeley.edu, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, davem@davemloft.net, dsahern@kernel.org, daniel@iogearbox.net, andrii@kernel.org, martin.lau@linux.dev, song@kernel.org, yonghong.song@linux.dev, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@google.com, haoluo@google.com, jolsa@kernel.org, Arnd Bergmann <arnd@arndb.de>, samitolvanen@google.com, keescook@chromium.org, nathan@kernel.org, ndesaulniers@google.com, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, bpf@vger.kernel.org, linux-arch@vger.kernel.org, llvm@lists.linux.dev, jpoimboe@kernel.org, joao@overdrivepizza.com, mark.rutland@arm.com, peterz@infradead.org Subject: [PATCH v3 0/7] x86/cfi,bpf: Fix CFI vs eBPF Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: <linux-kernel.vger.kernel.org> List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org> List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org> X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1785340119521476090 X-GMAIL-MSGID: 1785340119521476090 |
Series |
x86/cfi,bpf: Fix CFI vs eBPF
|
|
Message
Peter Zijlstra
Dec. 15, 2023, 9:12 a.m. UTC
Hi! What started with the simple observation that bpf_dispatcher_*_func() was broken for calling CFI functions with a __nocfi calling context for FineIBT ended up with a complete BPF wide CFI fixup. With these changes on the BPF selftest suite passes without crashing -- there's still a few failures, but Alexei has graciously offered to look into those. (Alexei, I have presumed your SoB on the very last patch, please update as you see fit) Changes since v2 are numerous but include: - cfi_get_offset() -- as a means to communicate the offset (ast) - 5 new patches fixing various BPF internals to be CFI clean Note: it *might* be possible to merge the bpf_bpf_tcp_ca.c:unsupported_ops[] thing into the CFI stubs, as is get_info will have a NULL stub, unlike the others. --- arch/riscv/include/asm/cfi.h | 3 +- arch/riscv/kernel/cfi.c | 2 +- arch/x86/include/asm/cfi.h | 126 +++++++++++++++++++++++++++++++++++++- arch/x86/kernel/alternative.c | 87 +++++++++++++++++++++++--- arch/x86/kernel/cfi.c | 4 +- arch/x86/net/bpf_jit_comp.c | 134 +++++++++++++++++++++++++++++++++++------ include/asm-generic/Kbuild | 1 + include/linux/bpf.h | 27 ++++++++- include/linux/cfi.h | 12 ++++ kernel/bpf/bpf_struct_ops.c | 16 ++--- kernel/bpf/core.c | 25 ++++++++ kernel/bpf/cpumask.c | 8 ++- kernel/bpf/helpers.c | 18 +++++- net/bpf/bpf_dummy_struct_ops.c | 31 +++++++++- net/bpf/test_run.c | 15 ++++- net/ipv4/bpf_tcp_ca.c | 69 +++++++++++++++++++++ 16 files changed, 528 insertions(+), 50 deletions(-)
Comments
Hello: This series was applied to bpf/bpf-next.git (master) by Alexei Starovoitov <ast@kernel.org>: On Fri, 15 Dec 2023 10:12:16 +0100 you wrote: > Hi! > > What started with the simple observation that bpf_dispatcher_*_func() was > broken for calling CFI functions with a __nocfi calling context for FineIBT > ended up with a complete BPF wide CFI fixup. > > With these changes on the BPF selftest suite passes without crashing -- there's > still a few failures, but Alexei has graciously offered to look into those. > > [...] Here is the summary with links: - [v3,1/7] cfi: Flip headers https://git.kernel.org/bpf/bpf-next/c/4382159696c9 - [v3,2/7] x86/cfi,bpf: Fix BPF JIT call https://git.kernel.org/bpf/bpf-next/c/4f9087f16651 - [v3,3/7] x86/cfi,bpf: Fix bpf_callback_t CFI https://git.kernel.org/bpf/bpf-next/c/e72d88d18df4 - [v3,4/7] x86/cfi,bpf: Fix bpf_struct_ops CFI https://git.kernel.org/bpf/bpf-next/c/2cd3e3772e41 - [v3,5/7] cfi: Add CFI_NOSEAL() https://git.kernel.org/bpf/bpf-next/c/e9d13b9d2f99 - [v3,6/7] bpf: Fix dtor CFI https://git.kernel.org/bpf/bpf-next/c/e4c00339891c - [v3,7/7] x86/cfi,bpf: Fix bpf_exception_cb() signature https://git.kernel.org/bpf/bpf-next/c/852486b35f34 You are awesome, thank you!
On Fri, Dec 15, 2023 at 1:33 AM Peter Zijlstra <peterz@infradead.org> wrote: > > Hi! > > What started with the simple observation that bpf_dispatcher_*_func() was > broken for calling CFI functions with a __nocfi calling context for FineIBT > ended up with a complete BPF wide CFI fixup. > > With these changes on the BPF selftest suite passes without crashing -- there's > still a few failures, but Alexei has graciously offered to look into those. > > (Alexei, I have presumed your SoB on the very last patch, please update > as you see fit) > > Changes since v2 are numerous but include: > - cfi_get_offset() -- as a means to communicate the offset (ast) > - 5 new patches fixing various BPF internals to be CFI clean Looks great to me. Pushed to bpf-next. There is a failure on s390 that I temporarily denylisted with an extra patch. And sent a proposed fix: https://lore.kernel.org/bpf/20231216004549.78355-1-alexei.starovoitov@gmail.com/ Ilya, please take a look. > Note: it *might* be possible to merge the > bpf_bpf_tcp_ca.c:unsupported_ops[] thing into the CFI stubs, as is > get_info will have a NULL stub, unlike the others. That's a good idea. Will clean up unsupported_ops. Either myself or Martin will follow up.