From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 12AB7C282CB for ; Tue, 5 Feb 2019 22:54:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id D1D4A2175B for ; Tue, 5 Feb 2019 22:54:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730384AbfBEWyO (ORCPT ); Tue, 5 Feb 2019 17:54:14 -0500 Received: from mga12.intel.com ([192.55.52.136]:13884 "EHLO mga12.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730328AbfBEWyN (ORCPT ); Tue, 5 Feb 2019 17:54:13 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga106.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Feb 2019 14:54:12 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.58,337,1544515200"; d="scan'208";a="140983160" Received: from linksys13920.jf.intel.com (HELO rpedgeco-DESK5.jf.intel.com) ([10.54.75.11]) by fmsmga002.fm.intel.com with ESMTP; 05 Feb 2019 14:54:12 -0800 From: Rick Edgecombe To: daniel@iogearbox.net, ast@fb.com Cc: netdev@vger.kernel.org, ard.biesheuvel@linaro.org, dave.hansen@intel.com, kristen@linux.intel.com, Rick Edgecombe Subject: [RFC PATCH 4/4] bpf, x64: Enable unprivlidged jit in vmalloc Date: Tue, 5 Feb 2019 14:51:03 -0800 Message-Id: <20190205225103.28296-5-rick.p.edgecombe@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20190205225103.28296-1-rick.p.edgecombe@intel.com> References: <20190205225103.28296-1-rick.p.edgecombe@intel.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org This enables unprivlidged JIT allocations to be made in vmalloc space when the bpf jit limit is exceeded. The logic is we use module space unless it is full or we are not CAP_SYS_ADMIN and bpf_jit_limit is exceeded, in which case we use vmalloc space. So vmalloc is only used when either the insertion would fail, or BPF would fallback to the interpreter. In the case of using vmalloc, it is not charged against bpf_jit_limit. Cc: Daniel Borkmann Cc: Alexei Starovoitov Signed-off-by: Rick Edgecombe --- arch/x86/net/bpf_jit_comp.c | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c index c9781d471e31..66d2b32a1db1 100644 --- a/arch/x86/net/bpf_jit_comp.c +++ b/arch/x86/net/bpf_jit_comp.c @@ -1118,6 +1118,38 @@ struct x64_jit_data { struct jit_context ctx; }; +void *bpf_jit_alloc_exec(unsigned long size) +{ + void *ret; + u32 pages = size / PAGE_SIZE; + + /* + * The logic is we use module space unless it is full or we are not + * CAP_SYS_ADMIN and bpf_jit_limit is exceeded, in which case we use + * vmalloc space. + */ + if (bpf_jit_charge_modmem(pages)) + return vmalloc_exec(size); + + ret = module_alloc(size); + + if (!ret) { + bpf_jit_uncharge_modmem(pages); + /* If module space is full, try vmalloc */ + return vmalloc_exec(size); + } + + return ret; +} + +void bpf_jit_free_exec(void *addr) +{ + if (is_vmalloc_addr(addr)) + vfree(addr); + else + module_memfree(addr); +} + struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog) { struct bpf_binary_header *header = NULL; -- 2.17.1