From patchwork Tue Jul 28 15:21:24 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jean-Philippe Brucker X-Patchwork-Id: 11689433 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6111A13B1 for ; Tue, 28 Jul 2020 15:37:30 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 39D89207F5 for ; Tue, 28 Jul 2020 15:37:30 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="Dz71tUht"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=linaro.org header.i=@linaro.org header.b="YWZIxtj1" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 39D89207F5 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:To:From: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=hEuIWgZuXljOSaNgRqKHcXDPfngG4qC0E6XE9WMnLxc=; b=Dz71tUht5ZLiBMW0wQYOlftw7h gu7dI1nVQzWAl6R5veUivy7+shzYvNZTShm1exZELbQzblaKmTAB4LHU2movVPPM+kv9eBfxJHkYZ KoM1hiSrGiqOI0SxrPzpMFjPZNbVfOmpiiUS6xu1/kp6XF5gaU6BXGomWO564dqSpwewb5iGyR/Wz jxfUCCUUPHCNqSnG0xz2tG0sdbav0UTxLeavCnxyZtzZ9P/eVtdZD/kHS7LpssTLRELcFxv96YRoz ppJ0wdowM1f3DhXq18qdyaydNdZXGtKzyRNKXhnj9czHalnacwI13/OEsHC5yfu4Ibn8P06z5CNk3 Xdmuu3Gg==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1k0Rdz-00039G-UB; Tue, 28 Jul 2020 15:35:55 +0000 Received: from mail-ed1-x541.google.com ([2a00:1450:4864:20::541]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1k0Rdk-00034R-4V for linux-arm-kernel@lists.infradead.org; Tue, 28 Jul 2020 15:35:41 +0000 Received: by mail-ed1-x541.google.com with SMTP id q4so11924902edv.13 for ; Tue, 28 Jul 2020 08:35:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=db/TRpT5kV/W8mcFEsxSUdSWdjO0G1cFFZkEW6SG77U=; b=YWZIxtj1nPUiZ1MC1oJx0lMh/mIsKru+t0v/IzNkA6DutuUZpgrzNTEVphX+lyVyIp U8cs+bYxU4mRBTlPUji7TUQToVheFDsIijvV6SwTjvl7LLEpsw5BjBJEuOkOYVGM/2nL KENJThcY76ozCAet7kx7yLOyjYL7RrD6An/GmrI7vvlNxhBKgYA11gBbOjvldXqr893s SIk3XUZMf+l/PfSNwAH5MFn/7FcmLE1fkWDbyi8XYu/WAEvoJ6bdkWAPQDlrdjpkA0It X3qBRVfaNsH6TFdh+gERF2hRHfH6XpvZNvSEY9BPoqseQyp8Hb5WUIQOh9Hqy8VMoBEh NswA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=db/TRpT5kV/W8mcFEsxSUdSWdjO0G1cFFZkEW6SG77U=; b=R1oa+mYpNbOh9NLnrzFu5Ih2KFwWp7lpusqnnJHSahmyGtVtjCoX8qWhOXm8bq27xD nczfZR5KH4kreyQJa63DtelQD0tIteOk0hr5bAV64E4g5i8VXyqzmMBwIsWMgHclgvYB QmS0GzoD5eg7hJizg3ZmVAMESr4Cb2QQ5VfdtQXpnwmF7W4jTHz2/zVlNOCg0p1NOapg hUA7mT1L2SUWoiOcm8AhZPFYdHyMDF+MijWNSfw2VHscVppb72/0e+SqQpyA9zlK8qrz ibc41WR5tMOO2Hdyr4FvAZTnXcDhteIkz85ze7BsO9NQbBvK5bsV1rKMC8fXglxnJHF2 W0JQ== X-Gm-Message-State: AOAM532fM6XHWLaww1bkGkTRkaumC6YfbbJDtl7+/S2oylFC1av36nbn MajHwSPd8dSV7fPh9c2GxKjpkT8xTxAMqw== X-Google-Smtp-Source: ABdhPJw2DUvpmrLaI1mp6J4Wh3Uj9MM6l2x/Qwj6OjuK47yvJlkWRX+9ONB5atmFIyKYc3K+RX2gcQ== X-Received: by 2002:a50:e1c5:: with SMTP id m5mr26085799edl.138.1595950537354; Tue, 28 Jul 2020 08:35:37 -0700 (PDT) Received: from localhost.localdomain ([2001:1715:4e26:a7e0:116c:c27a:3e7f:5eaf]) by smtp.gmail.com with ESMTPSA id ce12sm10217235edb.4.2020.07.28.08.35.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Jul 2020 08:35:36 -0700 (PDT) From: Jean-Philippe Brucker To: linux-arm-kernel@lists.infradead.org, bpf@vger.kernel.org Subject: [PATCH bpf-next 0/1] arm64: Add BPF exception tables Date: Tue, 28 Jul 2020 17:21:24 +0200 Message-Id: <20200728152122.1292756-1-jean-philippe@linaro.org> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200728_113540_566816_BAF349BF X-CRM114-Status: GOOD ( 19.07 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:541 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jean-Philippe Brucker , songliubraving@fb.com, andriin@fb.com, daniel@iogearbox.net, catalin.marinas@arm.com, john.fastabend@gmail.com, ast@kernel.org, zlim.lnx@gmail.com, kpsingh@chromium.org, yhs@fb.com, will@kernel.org, kafai@fb.com Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+patchwork-linux-arm=patchwork.kernel.org@lists.infradead.org The following patch adds support for BPF_PROBE_MEM on arm64. The implementation is simple but I wanted to give a bit of background first. If you're familiar with recent BPF development you can skip to the patch (or fact-check the following blurb). BPF programs used for tracing can inspect any of the traced function's arguments and follow pointers in struct members. Traditionally the BPF program would get a struct pt_regs as argument and cast the register values to the appropriate struct pointer. The BPF verifier would mandate that any memory access uses the bpf_probe_read() helper, to suppress page faults (see samples/bpf/tracex1_kern.c). With BPF Type Format embedded into the kernel (CONFIG_DEBUG_INFO_BTF), the verifier can now check the type of any access performed by a BPF program. It rejects for example programs that cast to a different structure and perform out-of-bounds accesses, or programs that attempt to dereference something that isn't a pointer, or that hasn't gone through a NULL check. As this makes tracing programs safer, the verifier now allows loading programs that access struct members without bpf_probe_read(). It is however still possible to trigger page faults. For example in the following example with which I've tested this patch, the verifier does not mandate a NULL check for the second-level pointer: /* * From tools/testing/selftests/bpf/progs/bpf_iter_task.c * dump_task() is called for each task. */ SEC("iter/task") int dump_task(struct bpf_iter__task *ctx) { struct seq_file *seq = ctx->meta->seq; struct task_struct *task = ctx->task; /* Program would be rejected without this check */ if (task == NULL) return 0; /* * However the verifier does not currently mandate * checking task->mm, and the following faults for kernel * threads. */ BPF_SEQ_PRINTF(seq, "pid=%d vm=%d", task->pid, task->mm->total_vm); return 0; } Even if it checked this case, the verifier couldn't guarantee that all accesses are safe since kernel structures could in theory contain garbage or error pointers. So to allow fast access without bpf_probe_read(), a JIT implementation must support BPF exception tables. For each access to a BTF pointer, the JIT generates an entry into an exception table appended to the BPF program. If the access faults at runtime, the handler skips the faulting instruction. The example above will display vm=0 for kernel threads. See also * The original implementation on x86 https://lore.kernel.org/bpf/20191016032505.2089704-1-ast@kernel.org/ * The s390 implementation https://lore.kernel.org/bpf/20200715233301.933201-1-iii@linux.ibm.com/ Jean-Philippe Brucker (1): arm64: bpf: Add BPF exception tables arch/arm64/include/asm/extable.h | 3 ++ arch/arm64/mm/extable.c | 11 ++-- arch/arm64/net/bpf_jit_comp.c | 93 +++++++++++++++++++++++++++++--- 3 files changed, 98 insertions(+), 9 deletions(-)