From: Peter Zijlstra <peterz@infradead.org>
To: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: Song Liu <song@kernel.org>, Song Liu <songliubraving@meta.com>,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
X86 ML <x86@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>,
"David S. Miller" <davem@davemloft.net>,
David Ahern <dsahern@kernel.org>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
Martin KaFai Lau <martin.lau@linux.dev>,
Yonghong Song <yonghong.song@linux.dev>,
John Fastabend <john.fastabend@gmail.com>,
KP Singh <kpsingh@kernel.org>,
Stanislav Fomichev <sdf@google.com>, Hao Luo <haoluo@google.com>,
Jiri Olsa <jolsa@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
Sami Tolvanen <samitolvanen@google.com>,
Kees Cook <keescook@chromium.org>,
Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>,
linux-riscv <linux-riscv@lists.infradead.org>,
LKML <linux-kernel@vger.kernel.org>,
Network Development <netdev@vger.kernel.org>,
bpf <bpf@vger.kernel.org>,
linux-arch <linux-arch@vger.kernel.org>,
clang-built-linux <llvm@lists.linux.dev>,
Josh Poimboeuf <jpoimboe@kernel.org>,
Joao Moreira <joao@overdrivepizza.com>,
Mark Rutland <mark.rutland@arm.com>
Subject: Re: [PATCH v2 2/2] x86/cfi,bpf: Fix BPF JIT call
Date: Mon, 4 Dec 2023 13:52:39 +0100 [thread overview]
Message-ID: <20231204125239.GA1319@noisy.programming.kicks-ass.net> (raw)
In-Reply-To: <20231204111128.GV8262@noisy.programming.kicks-ass.net>
On Mon, Dec 04, 2023 at 12:11:28PM +0100, Peter Zijlstra wrote:
> On Mon, Dec 04, 2023 at 10:13:34AM +0100, Peter Zijlstra wrote:
>
> > > Just running test_progs it splats right away:
> > >
> > > [ 74.047757] kmemleak: Found object by alias at 0xffffffffa0001d80
> > > [ 74.048272] CPU: 14 PID: 104 Comm: kworker/14:0 Tainted: G W
> > > O 6.7.0-rc3-00702-g41c30fec304d-dirty #5241
> > > [ 74.049118] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
> > > BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
> > > [ 74.050042] Workqueue: events bpf_prog_free_deferred
> > > [ 74.050448] Call Trace:
> > > [ 74.050663] <TASK>
> > > [ 74.050841] dump_stack_lvl+0x55/0x80
> > > [ 74.051141] __find_and_remove_object+0xdb/0x110
> > > [ 74.051521] kmemleak_free+0x41/0x70
> > > [ 74.051828] vfree+0x36/0x130
> >
> > Durr, I'll see if I can get that stuff running locally, and otherwise
> > play with the robot as you suggested. Thanks!
>
> I think it is bpf_jit_binary_pack_hdr(), which is using prog->bpf_func
> as a start address for the image, instead of jit_data->image.
>
> This used to be true, but now it's offset.
>
> Let me see what to do about that...
Not the prettiest of things, but the below seems to make the thing
happy...
---
diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
index 196cc1481dec..f4357c3211bc 100644
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -3024,6 +3024,7 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog)
prog->bpf_func = (void *)image + ctx.prog_offset;
prog->jited = 1;
prog->jited_len = proglen - ctx.prog_offset;
+ prog->aux->cfi_offset = ctx.prog_offset;
} else {
prog = orig_prog;
}
@@ -3078,6 +3079,7 @@ void bpf_jit_free(struct bpf_prog *prog)
kvfree(jit_data->addrs);
kfree(jit_data);
}
+ prog->bpf_func = (void *)prog->bpf_func - prog->aux->cfi_offset;
hdr = bpf_jit_binary_pack_hdr(prog);
bpf_jit_binary_pack_free(hdr, NULL);
WARN_ON_ONCE(!bpf_prog_kallsyms_verify_off(prog));
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index 8b725776e70a..e5fa0852a20f 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -1483,6 +1483,7 @@ struct bpf_prog_aux {
struct work_struct work;
struct rcu_head rcu;
};
+ u32 cfi_offset;
};
struct bpf_prog {
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index 5c84a935ba63..763742f4740f 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -121,6 +121,9 @@ struct bpf_prog *bpf_prog_alloc_no_stats(unsigned int size, gfp_t gfp_extra_flag
#endif
INIT_LIST_HEAD_RCU(&fp->aux->ksym.lnode);
+#ifdef CONFIG_FINEIBT
+ INIT_LIST_HEAD_RCU(&fp->aux->ksym_prefix.lnode);
+#endif
mutex_init(&fp->aux->used_maps_mutex);
mutex_init(&fp->aux->dst_mutex);
@@ -709,6 +712,8 @@ void bpf_prog_kallsyms_del(struct bpf_prog *fp)
bpf_ksym_del(&fp->aux->ksym);
#ifdef CONFIG_FINEIBT
+ if (cfi_mode != CFI_FINEIBT)
+ return;
bpf_ksym_del(&fp->aux->ksym_prefix);
#endif
}
WARNING: multiple messages have this Message-ID (diff)
From: Peter Zijlstra <peterz@infradead.org>
To: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: Song Liu <song@kernel.org>, Song Liu <songliubraving@meta.com>,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
X86 ML <x86@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>,
"David S. Miller" <davem@davemloft.net>,
David Ahern <dsahern@kernel.org>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
Martin KaFai Lau <martin.lau@linux.dev>,
Yonghong Song <yonghong.song@linux.dev>,
John Fastabend <john.fastabend@gmail.com>,
KP Singh <kpsingh@kernel.org>,
Stanislav Fomichev <sdf@google.com>, Hao Luo <haoluo@google.com>,
Jiri Olsa <jolsa@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
Sami Tolvanen <samitolvanen@google.com>,
Kees Cook <keescook@chromium.org>,
Nathan Chancellor <nathan@kernel.org>,
Nick Desaulniers <ndesaulniers@google.com>,
linux-riscv <linux-riscv@lists.infradead.org>,
LKML <linux-kernel@vger.kernel.org>,
Network Development <netdev@vger.kernel.org>,
bpf <bpf@vger.kernel.org>,
linux-arch <linux-arch@vger.kernel.org>,
clang-built-linux <llvm@lists.linux.dev>,
Josh Poimboeuf <jpoimboe@kernel.org>,
Joao Moreira <joao@overdrivepizza.com>,
Mark Rutland <mark.rutland@arm.com>
Subject: Re: [PATCH v2 2/2] x86/cfi,bpf: Fix BPF JIT call
Date: Mon, 4 Dec 2023 13:52:39 +0100 [thread overview]
Message-ID: <20231204125239.GA1319@noisy.programming.kicks-ass.net> (raw)
In-Reply-To: <20231204111128.GV8262@noisy.programming.kicks-ass.net>
On Mon, Dec 04, 2023 at 12:11:28PM +0100, Peter Zijlstra wrote:
> On Mon, Dec 04, 2023 at 10:13:34AM +0100, Peter Zijlstra wrote:
>
> > > Just running test_progs it splats right away:
> > >
> > > [ 74.047757] kmemleak: Found object by alias at 0xffffffffa0001d80
> > > [ 74.048272] CPU: 14 PID: 104 Comm: kworker/14:0 Tainted: G W
> > > O 6.7.0-rc3-00702-g41c30fec304d-dirty #5241
> > > [ 74.049118] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
> > > BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
> > > [ 74.050042] Workqueue: events bpf_prog_free_deferred
> > > [ 74.050448] Call Trace:
> > > [ 74.050663] <TASK>
> > > [ 74.050841] dump_stack_lvl+0x55/0x80
> > > [ 74.051141] __find_and_remove_object+0xdb/0x110
> > > [ 74.051521] kmemleak_free+0x41/0x70
> > > [ 74.051828] vfree+0x36/0x130
> >
> > Durr, I'll see if I can get that stuff running locally, and otherwise
> > play with the robot as you suggested. Thanks!
>
> I think it is bpf_jit_binary_pack_hdr(), which is using prog->bpf_func
> as a start address for the image, instead of jit_data->image.
>
> This used to be true, but now it's offset.
>
> Let me see what to do about that...
Not the prettiest of things, but the below seems to make the thing
happy...
---
diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
index 196cc1481dec..f4357c3211bc 100644
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -3024,6 +3024,7 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog)
prog->bpf_func = (void *)image + ctx.prog_offset;
prog->jited = 1;
prog->jited_len = proglen - ctx.prog_offset;
+ prog->aux->cfi_offset = ctx.prog_offset;
} else {
prog = orig_prog;
}
@@ -3078,6 +3079,7 @@ void bpf_jit_free(struct bpf_prog *prog)
kvfree(jit_data->addrs);
kfree(jit_data);
}
+ prog->bpf_func = (void *)prog->bpf_func - prog->aux->cfi_offset;
hdr = bpf_jit_binary_pack_hdr(prog);
bpf_jit_binary_pack_free(hdr, NULL);
WARN_ON_ONCE(!bpf_prog_kallsyms_verify_off(prog));
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index 8b725776e70a..e5fa0852a20f 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -1483,6 +1483,7 @@ struct bpf_prog_aux {
struct work_struct work;
struct rcu_head rcu;
};
+ u32 cfi_offset;
};
struct bpf_prog {
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index 5c84a935ba63..763742f4740f 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -121,6 +121,9 @@ struct bpf_prog *bpf_prog_alloc_no_stats(unsigned int size, gfp_t gfp_extra_flag
#endif
INIT_LIST_HEAD_RCU(&fp->aux->ksym.lnode);
+#ifdef CONFIG_FINEIBT
+ INIT_LIST_HEAD_RCU(&fp->aux->ksym_prefix.lnode);
+#endif
mutex_init(&fp->aux->used_maps_mutex);
mutex_init(&fp->aux->dst_mutex);
@@ -709,6 +712,8 @@ void bpf_prog_kallsyms_del(struct bpf_prog *fp)
bpf_ksym_del(&fp->aux->ksym);
#ifdef CONFIG_FINEIBT
+ if (cfi_mode != CFI_FINEIBT)
+ return;
bpf_ksym_del(&fp->aux->ksym_prefix);
#endif
}
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
next prev parent reply other threads:[~2023-12-04 12:53 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-30 13:36 [PATCH v2 0/2] x86/bpf: Fix FineIBT vs eBPF Peter Zijlstra
2023-11-30 13:36 ` Peter Zijlstra
2023-11-30 13:36 ` [PATCH v2 1/2] cfi: Flip headers Peter Zijlstra
2023-11-30 13:36 ` Peter Zijlstra
2023-12-04 19:18 ` Sami Tolvanen
2023-12-04 19:18 ` Sami Tolvanen
2023-11-30 13:36 ` [PATCH v2 2/2] x86/cfi,bpf: Fix BPF JIT call Peter Zijlstra
2023-11-30 13:36 ` Peter Zijlstra
2023-12-03 22:56 ` Alexei Starovoitov
2023-12-03 22:56 ` Alexei Starovoitov
2023-12-04 9:13 ` Peter Zijlstra
2023-12-04 9:13 ` Peter Zijlstra
2023-12-04 11:11 ` Peter Zijlstra
2023-12-04 11:11 ` Peter Zijlstra
2023-12-04 12:52 ` Peter Zijlstra [this message]
2023-12-04 12:52 ` Peter Zijlstra
2023-12-04 17:25 ` Jiri Olsa
2023-12-04 17:25 ` Jiri Olsa
2023-12-04 18:16 ` Peter Zijlstra
2023-12-04 18:16 ` Peter Zijlstra
2023-12-04 18:33 ` Peter Zijlstra
2023-12-04 18:33 ` Peter Zijlstra
2023-12-04 18:58 ` Sami Tolvanen
2023-12-04 18:58 ` Sami Tolvanen
2023-12-05 1:18 ` Alexei Starovoitov
2023-12-05 1:18 ` Alexei Starovoitov
2023-12-06 15:35 ` Peter Zijlstra
2023-12-06 15:35 ` Peter Zijlstra
2023-12-06 16:38 ` Peter Zijlstra
2023-12-06 16:38 ` Peter Zijlstra
2023-12-06 18:37 ` Peter Zijlstra
2023-12-06 18:37 ` Peter Zijlstra
2023-12-06 21:39 ` Alexei Starovoitov
2023-12-06 21:39 ` Alexei Starovoitov
2023-12-07 9:31 ` Peter Zijlstra
2023-12-07 9:31 ` Peter Zijlstra
2023-12-07 22:32 ` Alexei Starovoitov
2023-12-07 22:32 ` Alexei Starovoitov
2023-12-08 10:29 ` Peter Zijlstra
2023-12-08 10:29 ` Peter Zijlstra
2023-12-08 13:40 ` Peter Zijlstra
2023-12-08 13:40 ` Peter Zijlstra
2023-12-08 17:21 ` Peter Zijlstra
2023-12-08 17:21 ` Peter Zijlstra
2023-12-08 19:40 ` Alexei Starovoitov
2023-12-08 19:40 ` Alexei Starovoitov
2023-12-08 20:27 ` Peter Zijlstra
2023-12-08 20:27 ` Peter Zijlstra
2023-12-08 20:35 ` Peter Zijlstra
2023-12-08 20:35 ` Peter Zijlstra
2023-12-08 20:41 ` Alexei Starovoitov
2023-12-08 20:41 ` Alexei Starovoitov
2023-12-08 20:52 ` Peter Zijlstra
2023-12-08 20:52 ` Peter Zijlstra
2023-12-08 20:58 ` Alexei Starovoitov
2023-12-08 20:58 ` Alexei Starovoitov
2023-12-08 22:45 ` Peter Zijlstra
2023-12-08 22:45 ` Peter Zijlstra
2023-12-09 4:51 ` Alexei Starovoitov
2023-12-09 4:51 ` Alexei Starovoitov
2023-12-08 19:32 ` Alexei Starovoitov
2023-12-08 19:32 ` Alexei Starovoitov
2023-12-08 20:18 ` Peter Zijlstra
2023-12-08 20:18 ` Peter Zijlstra
2023-12-08 20:45 ` Alexei Starovoitov
2023-12-08 20:45 ` Alexei Starovoitov
2023-12-08 20:56 ` Peter Zijlstra
2023-12-08 20:56 ` Peter Zijlstra
2023-12-08 21:04 ` Alexei Starovoitov
2023-12-08 21:04 ` Alexei Starovoitov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231204125239.GA1319@noisy.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=alexei.starovoitov@gmail.com \
--cc=andrii@kernel.org \
--cc=aou@eecs.berkeley.edu \
--cc=arnd@arndb.de \
--cc=ast@kernel.org \
--cc=bp@alien8.de \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=haoluo@google.com \
--cc=hpa@zytor.com \
--cc=joao@overdrivepizza.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=jpoimboe@kernel.org \
--cc=keescook@chromium.org \
--cc=kpsingh@kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=llvm@lists.linux.dev \
--cc=mark.rutland@arm.com \
--cc=martin.lau@linux.dev \
--cc=mingo@redhat.com \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=netdev@vger.kernel.org \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=samitolvanen@google.com \
--cc=sdf@google.com \
--cc=song@kernel.org \
--cc=songliubraving@meta.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.