From: Mike Rapoport <rppt@kernel.org>
To: sashiko-reviews@lists.linux.dev
Cc: bpf@vger.kernel.org
Subject: Re: [PATCH bpf-next v2 3/5] bpf: alloc_prog_pack(): skip ROX management for already ROX memory
Date: Sat, 11 Jul 2026 18:27:24 +0300 [thread overview]
Message-ID: <alJg3N5uANoLzIna@kernel.org> (raw)
In-Reply-To: <20260711100032.58B1C1F000E9@smtp.kernel.org>
On Sat, Jul 11, 2026 at 10:00:31AM +0000, sashiko-bot@kernel.org wrote:
>
> bpf: alloc_prog_pack(): skip ROX management for already ROX memory
>
> > @@ -965,7 +972,7 @@ void *bpf_prog_pack_alloc(u32 size, bpf_jit_fill_hole_t bpf_fill_ill_insns, bool
> > pr_warn_once("BPF: Predictors not flushed for allocations greater than BPF_PROG_PACK_SIZE\n");
> > size = round_up(size, PAGE_SIZE);
> > ptr = bpf_jit_alloc_exec(size);
> > - if (ptr) {
> > + if (ptr && !bpf_jit_mem_is_rox()) {
> > int err;
> >
> > bpf_fill_ill_insns(ptr, size);
>
> [Severity: Medium]
> Since this patch protects bpf_prog_pack_alloc() and alloc_new_pack() from
> writing to memory that might already be ROX, does it also need to protect
> other callers of bpf_jit_alloc_exec() that write directly to the allocated
> memory?
>
> For example, bpf_jit_binary_alloc() allocates memory and directly writes
> illegal instructions:
>
> kernel/bpf/core.c:bpf_jit_binary_alloc() {
> ...
> hdr = bpf_jit_alloc_exec(size);
> if (!hdr) {
> bpf_jit_uncharge_modmem(size);
> return NULL;
> }
>
> /* Fill space with illegal/arch-dep instructions. */
> bpf_fill_ill_insns(hdr, size);
> ...
> }
ROX caches are only supported on x86-64, and this is never called there.
> Similarly, on x86, arch_bpf_trampoline_size() allocates memory and passes
> it as a read-write buffer:
>
> arch/x86/net/bpf_jit_comp.c:arch_bpf_trampoline_size() {
> ...
> image = bpf_jit_alloc_exec(PAGE_SIZE);
> if (!image)
> return -ENOMEM;
>
> ret = __arch_prepare_bpf_trampoline(&im, image, image + PAGE_SIZE, image,
> m, flags, tnodes, func_addr);
> ...
> }
>
> Could these paths cause a page fault when EXECMEM_ROX_CACHE is enabled,
> since they attempt to write directly to the read-only memory?
This is handled by the next patch.
--
Sincerely yours,
Mike.
next prev parent reply other threads:[~2026-07-11 15:27 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-11 9:43 [PATCH bpf-next v2 0/5] bpf, x86: enable EXECMEM_ROX_CACHE for BPF allocations Mike Rapoport (Microsoft)
2026-07-11 9:43 ` [PATCH bpf-next v2 1/5] bpf: dispatcher: allocate bpf_dispatcher->rw_image with vmalloc() Mike Rapoport (Microsoft)
2026-07-11 9:55 ` sashiko-bot
2026-07-11 16:28 ` Mike Rapoport
2026-07-11 9:43 ` [PATCH bpf-next v2 2/5] bpf: drop __weak from bpf_jit_alloc_exec() and bpf_jit_free_exec() Mike Rapoport (Microsoft)
2026-07-11 9:43 ` [PATCH bpf-next v2 3/5] bpf: alloc_prog_pack(): skip ROX management for already ROX memory Mike Rapoport (Microsoft)
2026-07-11 10:00 ` sashiko-bot
2026-07-11 15:27 ` Mike Rapoport [this message]
2026-07-11 9:43 ` [PATCH bpf-next v2 4/5] bpf, x86: make sure allocation in arch_bpf_trampoline_size() is writable Mike Rapoport (Microsoft)
2026-07-11 10:02 ` sashiko-bot
2026-07-11 15:36 ` Mike Rapoport
2026-07-11 9:43 ` [PATCH bpf-next v2 5/5] x86/bpf: enable EXECMEM_ROX_CACHE for BPF allocations Mike Rapoport (Microsoft)
2026-07-11 9:59 ` sashiko-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alJg3N5uANoLzIna@kernel.org \
--to=rppt@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.