All of lore.kernel.org
 help / color / mirror / Atom feed
From: Jiri Olsa <jolsa@redhat.com>
To: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>, Alexei Starovoitov <ast@kernel.org>,
	Daniel Borkmann <daniel@iogearbox.net>,
	Andrii Nakryiko <andriin@fb.com>,
	Network Development <netdev@vger.kernel.org>,
	bpf <bpf@vger.kernel.org>, Martin KaFai Lau <kafai@fb.com>,
	Song Liu <songliubraving@fb.com>, Yonghong Song <yhs@fb.com>,
	John Fastabend <john.fastabend@gmail.com>,
	KP Singh <kpsingh@chromium.org>
Subject: Re: [PATCHv2] bpf: Add deny list of btf ids check for tracing programs
Date: Mon, 10 May 2021 11:50:01 +0200	[thread overview]
Message-ID: <YJkByQ4bGa7jrvWR@krava> (raw)
In-Reply-To: <CAADnVQLDwjE8KFcqbzB5op5b=fC2941tnnWOtQ+X1DYi6Yw1xA@mail.gmail.com>

On Thu, May 06, 2021 at 06:36:38PM -0700, Alexei Starovoitov wrote:
> On Thu, Apr 29, 2021 at 4:47 AM Jiri Olsa <jolsa@kernel.org> wrote:
> >
> > The recursion check in __bpf_prog_enter and __bpf_prog_exit
> > leaves some (not inlined) functions unprotected:
> >
> > In __bpf_prog_enter:
> >   - migrate_disable is called before prog->active is checked
> >
> > In __bpf_prog_exit:
> >   - migrate_enable,rcu_read_unlock_strict are called after
> >     prog->active is decreased
> >
> > When attaching trampoline to them we get panic like:
> >
> >   traps: PANIC: double fault, error_code: 0x0
> >   double fault: 0000 [#1] SMP PTI
> >   RIP: 0010:__bpf_prog_enter+0x4/0x50
> >   ...
> >   Call Trace:
> >    <IRQ>
> >    bpf_trampoline_6442466513_0+0x18/0x1000
> >    migrate_disable+0x5/0x50
> >    __bpf_prog_enter+0x9/0x50
> >    bpf_trampoline_6442466513_0+0x18/0x1000
> >    migrate_disable+0x5/0x50
> >    __bpf_prog_enter+0x9/0x50
> >    bpf_trampoline_6442466513_0+0x18/0x1000
> >    migrate_disable+0x5/0x50
> >    __bpf_prog_enter+0x9/0x50
> >    bpf_trampoline_6442466513_0+0x18/0x1000
> >    migrate_disable+0x5/0x50
> >    ...
> >
> > Fixing this by adding deny list of btf ids for tracing
> > programs and checking btf id during program verification.
> > Adding above functions to this list.
> >
> > Suggested-by: Alexei Starovoitov <ast@kernel.org>
> > Signed-off-by: Jiri Olsa <jolsa@kernel.org>
> > ---
> > v2 changes:
> >   - drop check for EXT programs [Andrii]
> >
> >  kernel/bpf/verifier.c | 14 ++++++++++++++
> >  1 file changed, 14 insertions(+)
> >
> > diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> > index 2579f6fbb5c3..42311e51ac71 100644
> > --- a/kernel/bpf/verifier.c
> > +++ b/kernel/bpf/verifier.c
> > @@ -13112,6 +13112,17 @@ int bpf_check_attach_target(struct bpf_verifier_log *log,
> >         return 0;
> >  }
> >
> > +BTF_SET_START(btf_id_deny)
> > +BTF_ID_UNUSED
> > +#ifdef CONFIG_SMP
> > +BTF_ID(func, migrate_disable)
> > +BTF_ID(func, migrate_enable)
> > +#endif
> > +#if !defined CONFIG_PREEMPT_RCU && !defined CONFIG_TINY_RCU
> > +BTF_ID(func, rcu_read_unlock_strict)
> > +#endif
> > +BTF_SET_END(btf_id_deny)
> 
> I was wondering whether it makes sense to do this on pahole side instead ?
> It can do more flexible regex matching and excluding all such functions
> from vmlinux btf without the kernel having to do a maze of #ifdef
> depending on config.
> On one side we will lose BTF info about such functions, but what do we
> need it for?
> On the other side it will be a tiny reduction in vmlinux btf :)
> Thoughts?

we just removed the ftrace filter so BTF will have 'all' functions

I think the filtering on pahole side could cause problems like
the recent one with cubictcp_state.. it's just 3 functions, but
what if they rename? this way we at least get compilation error ;-)

I'd go with all functions in BTF and restrict attachment for those
that cause problems

jirka


  reply	other threads:[~2021-05-10  9:50 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-29 11:47 [PATCHv2] bpf: Add deny list of btf ids check for tracing programs Jiri Olsa
2021-05-07  1:36 ` Alexei Starovoitov
2021-05-10  9:50   ` Jiri Olsa [this message]
2021-05-11 21:05     ` Alexei Starovoitov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YJkByQ4bGa7jrvWR@krava \
    --to=jolsa@redhat.com \
    --cc=alexei.starovoitov@gmail.com \
    --cc=andriin@fb.com \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=john.fastabend@gmail.com \
    --cc=jolsa@kernel.org \
    --cc=kafai@fb.com \
    --cc=kpsingh@chromium.org \
    --cc=netdev@vger.kernel.org \
    --cc=songliubraving@fb.com \
    --cc=yhs@fb.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.