| Message ID | 20200514161607.9212-2-daniel@iogearbox.net |
|---|---|
| State | Changes Requested |
| Delegated to: | BPF Maintainers |
| Headers | show |
| Series | Restrict bpf_probe_read{,str}() and bpf_trace_printk()'s %s | expand |
On Thu, May 14, 2020 at 9:18 AM Daniel Borkmann <daniel@iogearbox.net> wrote: > > However, their use should be restricted to archs with non-overlapping > address ranges where they are working in their current form. Therefore, > move this behind a CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE and > have x86, arm64, arm select it (other archs supporting it can follow-up > on it as well). Ack, looks sane to me. Linus
On Thu, 14 May 2020 18:16:05 +0200 Daniel Borkmann <daniel@iogearbox.net> wrote: > Given the legacy bpf_probe_read{,str}() BPF helpers are broken on archs > with overlapping address ranges, we should really take the next step to > disable them from BPF use there. > > To generally fix the situation, we've recently added new helper variants > bpf_probe_read_{user,kernel}() and bpf_probe_read_{user,kernel}_str(). > For details on them, see 6ae08ae3dea2 ("bpf: Add probe_read_{user, kernel} > and probe_read_{user,kernel}_str helpers"). > > Given bpf_probe_read{,str}() have been around for ~5 years by now, there > are plenty of users at least on x86 still relying on them today, so we > cannot remove them entirely w/o breaking the BPF tracing ecosystem. > > However, their use should be restricted to archs with non-overlapping > address ranges where they are working in their current form. Therefore, > move this behind a CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE and > have x86, arm64, arm select it (other archs supporting it can follow-up > on it as well). > > Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> > Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> > Cc: Masami Hiramatsu <mhiramat@kernel.org> > Cc: Brendan Gregg <brendan.d.gregg@gmail.com> > Cc: Christoph Hellwig <hch@lst.de> Thanks for the config! Looks good to me. Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org> > --- > arch/arm/Kconfig | 1 + > arch/arm64/Kconfig | 1 + > arch/x86/Kconfig | 1 + > init/Kconfig | 3 +++ > kernel/trace/bpf_trace.c | 6 ++++-- > 5 files changed, 10 insertions(+), 2 deletions(-) > > diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig > index 66a04f6f4775..c77c93c485a0 100644 > --- a/arch/arm/Kconfig > +++ b/arch/arm/Kconfig > @@ -12,6 +12,7 @@ config ARM > select ARCH_HAS_KEEPINITRD > select ARCH_HAS_KCOV > select ARCH_HAS_MEMBARRIER_SYNC_CORE > + select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE > select ARCH_HAS_PTE_SPECIAL if ARM_LPAE > select ARCH_HAS_PHYS_TO_DMA > select ARCH_HAS_SETUP_DMA_OPS > diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig > index 40fb05d96c60..5d513f461957 100644 > --- a/arch/arm64/Kconfig > +++ b/arch/arm64/Kconfig > @@ -20,6 +20,7 @@ config ARM64 > select ARCH_HAS_KCOV > select ARCH_HAS_KEEPINITRD > select ARCH_HAS_MEMBARRIER_SYNC_CORE > + select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE > select ARCH_HAS_PTE_DEVMAP > select ARCH_HAS_PTE_SPECIAL > select ARCH_HAS_SETUP_DMA_OPS > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > index 1197b5596d5a..2d3f963fd6f1 100644 > --- a/arch/x86/Kconfig > +++ b/arch/x86/Kconfig > @@ -68,6 +68,7 @@ config X86 > select ARCH_HAS_KCOV if X86_64 > select ARCH_HAS_MEM_ENCRYPT > select ARCH_HAS_MEMBARRIER_SYNC_CORE > + select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE > select ARCH_HAS_PMEM_API if X86_64 > select ARCH_HAS_PTE_DEVMAP if X86_64 > select ARCH_HAS_PTE_SPECIAL > diff --git a/init/Kconfig b/init/Kconfig > index 9e22ee8fbd75..6fd13a051342 100644 > --- a/init/Kconfig > +++ b/init/Kconfig > @@ -2279,6 +2279,9 @@ config ASN1 > > source "kernel/Kconfig.locks" > > +config ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE > + bool > + > config ARCH_HAS_SYNC_CORE_BEFORE_USERMODE > bool > > diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c > index ca1796747a77..b83bdaa31c7b 100644 > --- a/kernel/trace/bpf_trace.c > +++ b/kernel/trace/bpf_trace.c > @@ -825,14 +825,16 @@ bpf_tracing_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) > return &bpf_probe_read_user_proto; > case BPF_FUNC_probe_read_kernel: > return &bpf_probe_read_kernel_proto; > - case BPF_FUNC_probe_read: > - return &bpf_probe_read_compat_proto; > case BPF_FUNC_probe_read_user_str: > return &bpf_probe_read_user_str_proto; > case BPF_FUNC_probe_read_kernel_str: > return &bpf_probe_read_kernel_str_proto; > +#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE > + case BPF_FUNC_probe_read: > + return &bpf_probe_read_compat_proto; > case BPF_FUNC_probe_read_str: > return &bpf_probe_read_compat_str_proto; > +#endif > #ifdef CONFIG_CGROUPS > case BPF_FUNC_get_current_cgroup_id: > return &bpf_get_current_cgroup_id_proto; > -- > 2.21.0 >
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 66a04f6f4775..c77c93c485a0 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -12,6 +12,7 @@ config ARM select ARCH_HAS_KEEPINITRD select ARCH_HAS_KCOV select ARCH_HAS_MEMBARRIER_SYNC_CORE + select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE select ARCH_HAS_PTE_SPECIAL if ARM_LPAE select ARCH_HAS_PHYS_TO_DMA select ARCH_HAS_SETUP_DMA_OPS diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 40fb05d96c60..5d513f461957 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -20,6 +20,7 @@ config ARM64 select ARCH_HAS_KCOV select ARCH_HAS_KEEPINITRD select ARCH_HAS_MEMBARRIER_SYNC_CORE + select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE select ARCH_HAS_PTE_DEVMAP select ARCH_HAS_PTE_SPECIAL select ARCH_HAS_SETUP_DMA_OPS diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 1197b5596d5a..2d3f963fd6f1 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -68,6 +68,7 @@ config X86 select ARCH_HAS_KCOV if X86_64 select ARCH_HAS_MEM_ENCRYPT select ARCH_HAS_MEMBARRIER_SYNC_CORE + select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE select ARCH_HAS_PMEM_API if X86_64 select ARCH_HAS_PTE_DEVMAP if X86_64 select ARCH_HAS_PTE_SPECIAL diff --git a/init/Kconfig b/init/Kconfig index 9e22ee8fbd75..6fd13a051342 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -2279,6 +2279,9 @@ config ASN1 source "kernel/Kconfig.locks" +config ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE + bool + config ARCH_HAS_SYNC_CORE_BEFORE_USERMODE bool diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index ca1796747a77..b83bdaa31c7b 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -825,14 +825,16 @@ bpf_tracing_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) return &bpf_probe_read_user_proto; case BPF_FUNC_probe_read_kernel: return &bpf_probe_read_kernel_proto; - case BPF_FUNC_probe_read: - return &bpf_probe_read_compat_proto; case BPF_FUNC_probe_read_user_str: return &bpf_probe_read_user_str_proto; case BPF_FUNC_probe_read_kernel_str: return &bpf_probe_read_kernel_str_proto; +#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE + case BPF_FUNC_probe_read: + return &bpf_probe_read_compat_proto; case BPF_FUNC_probe_read_str: return &bpf_probe_read_compat_str_proto; +#endif #ifdef CONFIG_CGROUPS case BPF_FUNC_get_current_cgroup_id: return &bpf_get_current_cgroup_id_proto;
Given the legacy bpf_probe_read{,str}() BPF helpers are broken on archs with overlapping address ranges, we should really take the next step to disable them from BPF use there. To generally fix the situation, we've recently added new helper variants bpf_probe_read_{user,kernel}() and bpf_probe_read_{user,kernel}_str(). For details on them, see 6ae08ae3dea2 ("bpf: Add probe_read_{user, kernel} and probe_read_{user,kernel}_str helpers"). Given bpf_probe_read{,str}() have been around for ~5 years by now, there are plenty of users at least on x86 still relying on them today, so we cannot remove them entirely w/o breaking the BPF tracing ecosystem. However, their use should be restricted to archs with non-overlapping address ranges where they are working in their current form. Therefore, move this behind a CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE and have x86, arm64, arm select it (other archs supporting it can follow-up on it as well). Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: Brendan Gregg <brendan.d.gregg@gmail.com> Cc: Christoph Hellwig <hch@lst.de> --- arch/arm/Kconfig | 1 + arch/arm64/Kconfig | 1 + arch/x86/Kconfig | 1 + init/Kconfig | 3 +++ kernel/trace/bpf_trace.c | 6 ++++-- 5 files changed, 10 insertions(+), 2 deletions(-)