Re: [PATCH RESEND v8 16/16] bpf: remove CONFIG_BPF_JIT dependency on CONFIG_MODULES of
On 2024-05-17 17:46, Will Deacon wrote: Hi Klara, On Fri, May 17, 2024 at 01:00:31AM +0200, Klara Modin wrote: This does not seem to work entirely. If build with BPF_JIT without module support for my Raspberry Pi 3 B I get warnings in my kernel log (easiest way to trigger it seems to be trying to ssh into it, which fails). Thanks for the report. I was able to reproduce this using QEMU and it looks like the problem is because bpf_arch_text_copy() silently fails to write to the read-only area as a result of patch_map() faulting and the resulting -EFAULT being chucked away. Please can you try the diff below? Will --->8 diff --git a/arch/arm64/kernel/patching.c b/arch/arm64/kernel/patching.c index 255534930368..94b9fea65aca 100644 --- a/arch/arm64/kernel/patching.c +++ b/arch/arm64/kernel/patching.c @@ -36,7 +36,7 @@ static void __kprobes *patch_map(void *addr, int fixmap) if (image) page = phys_to_page(__pa_symbol(addr)); - else if (IS_ENABLED(CONFIG_STRICT_MODULE_RWX)) + else if (IS_ENABLED(CONFIG_EXECMEM)) page = vmalloc_to_page(addr); else return addr; This seems to work from my short testing. Thanks, Tested-by: Klara Modin
Re: [PATCH RESEND v8 16/16] bpf: remove CONFIG_BPF_JIT dependency on CONFIG_MODULES of
Hi Klara, On Fri, May 17, 2024 at 01:00:31AM +0200, Klara Modin wrote: > On 2024-05-05 18:06, Mike Rapoport wrote: > > From: "Mike Rapoport (IBM)" > > > > BPF just-in-time compiler depended on CONFIG_MODULES because it used > > module_alloc() to allocate memory for the generated code. > > > > Since code allocations are now implemented with execmem, drop dependency of > > CONFIG_BPF_JIT on CONFIG_MODULES and make it select CONFIG_EXECMEM. > > > > Suggested-by: Björn Töpel > > Signed-off-by: Mike Rapoport (IBM) > > --- > > kernel/bpf/Kconfig | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/kernel/bpf/Kconfig b/kernel/bpf/Kconfig > > index bc25f5098a25..f999e4e0b344 100644 > > --- a/kernel/bpf/Kconfig > > +++ b/kernel/bpf/Kconfig > > @@ -43,7 +43,7 @@ config BPF_JIT > > bool "Enable BPF Just In Time compiler" > > depends on BPF > > depends on HAVE_CBPF_JIT || HAVE_EBPF_JIT > > - depends on MODULES > > + select EXECMEM > > help > > BPF programs are normally handled by a BPF interpreter. This option > > allows the kernel to generate native code when a program is loaded > > This does not seem to work entirely. If build with BPF_JIT without module > support for my Raspberry Pi 3 B I get warnings in my kernel log (easiest way > to trigger it seems to be trying to ssh into it, which fails). Thanks for the report. I was able to reproduce this using QEMU and it looks like the problem is because bpf_arch_text_copy() silently fails to write to the read-only area as a result of patch_map() faulting and the resulting -EFAULT being chucked away. Please can you try the diff below? Will --->8 diff --git a/arch/arm64/kernel/patching.c b/arch/arm64/kernel/patching.c index 255534930368..94b9fea65aca 100644 --- a/arch/arm64/kernel/patching.c +++ b/arch/arm64/kernel/patching.c @@ -36,7 +36,7 @@ static void __kprobes *patch_map(void *addr, int fixmap) if (image) page = phys_to_page(__pa_symbol(addr)); - else if (IS_ENABLED(CONFIG_STRICT_MODULE_RWX)) + else if (IS_ENABLED(CONFIG_EXECMEM)) page = vmalloc_to_page(addr); else return addr;
Re: [PATCH RESEND v8 16/16] bpf: remove CONFIG_BPF_JIT dependency on CONFIG_MODULES of
Hi, On 2024-05-05 18:06, Mike Rapoport wrote: From: "Mike Rapoport (IBM)" BPF just-in-time compiler depended on CONFIG_MODULES because it used module_alloc() to allocate memory for the generated code. Since code allocations are now implemented with execmem, drop dependency of CONFIG_BPF_JIT on CONFIG_MODULES and make it select CONFIG_EXECMEM. Suggested-by: Björn Töpel Signed-off-by: Mike Rapoport (IBM) --- kernel/bpf/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/bpf/Kconfig b/kernel/bpf/Kconfig index bc25f5098a25..f999e4e0b344 100644 --- a/kernel/bpf/Kconfig +++ b/kernel/bpf/Kconfig @@ -43,7 +43,7 @@ config BPF_JIT bool "Enable BPF Just In Time compiler" depends on BPF depends on HAVE_CBPF_JIT || HAVE_EBPF_JIT - depends on MODULES + select EXECMEM help BPF programs are normally handled by a BPF interpreter. This option allows the kernel to generate native code when a program is loaded This does not seem to work entirely. If build with BPF_JIT without module support for my Raspberry Pi 3 B I get warnings in my kernel log (easiest way to trigger it seems to be trying to ssh into it, which fails). Kind regards, Klara Modinldrop login: [ 43.741638] Internal error: BRK handler: f2000100 [#1] SMP [ 43.749269] CPU: 3 PID: 2083 Comm: sshd Not tainted 6.9.0-01786-g2c9e5d4a0082 #25 [ 43.758216] Hardware name: Raspberry Pi 3 Model B (DT) [ 43.764769] pstate: 8005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 43.773199] pc : 0x8000814dd8b8 [ 43.778084] lr : __seccomp_filter (include/linux/bpf.h:1234 include/linux/filter.h:657 include/linux/filter.h:664 include/linux/filter.h:681 kernel/seccomp.c:426 kernel/seccomp.c:1222) [ 43.783784] sp : 8000855a3d40 [ 43.788471] x29: 8000855a3d90 x28: x27: 0001 [ 43.797082] x26: 00de x25: x24: 7fff [ 43.805652] x23: 8000 x22: 8000855a3d48 x21: 05446480 [ 43.814189] x20: 046ad300 x19: 80008147d000 x18: [ 43.822694] x17: x16: x15: [ 43.831160] x14: x13: x12: [ 43.839577] x11: x10: x9 : [ 43.847966] x8 : x7 : 1000 x6 : 0022 [ 43.856311] x5 : 0003 x4 : x3 : 0001 [ 43.864636] x2 : 8000814dd8b8 x1 : 80008147d048 x0 : 8000855a3d48 [ 43.872958] Call trace: [ 43.876450] 0x8000814dd8b8 [ 43.880610] __secure_computing (kernel/seccomp.c:1363) [ 43.885622] syscall_trace_enter (arch/arm64/kernel/ptrace.c:2242 (discriminator 1)) [ 43.890826] el0_svc_common.constprop.0 (arch/arm64/kernel/syscall.c:128) [ 43.896593] do_el0_svc (arch/arm64/kernel/syscall.c:153) [ 43.900909] el0_svc (arch/arm64/include/asm/irqflags.h:56 arch/arm64/include/asm/irqflags.h:77 arch/arm64/kernel/entry-common.c:165 arch/arm64/kernel/entry-common.c:178 arch/arm64/kernel/entry-common.c:713) [ 43.904922] el0t_64_sync_handler (arch/arm64/kernel/entry-common.c:731) [ 43.910232] el0t_64_sync (arch/arm64/kernel/entry.S:598) [ 43.914795] Code: d4202000 d4202000 d4202000 d4202000 (d4202000) All code 0:* 00 20 add%ah,(%rax) <-- trapping instruction 2: 20 d4 and%dl,%ah 4: 00 20 add%ah,(%rax) 6: 20 d4 and%dl,%ah 8: 00 20 add%ah,(%rax) a: 20 d4 and%dl,%ah c: 00 20 add%ah,(%rax) e: 20 d4 and%dl,%ah 10: 00 20 add%ah,(%rax) 12: 20 d4 and%dl,%ah Code starting with the faulting instruction === 0: 00 20 add%ah,(%rax) 2: 20 d4 and%dl,%ah [ 43.921826] ---[ end trace ]--- [ 43.927335] note: sshd[2083] exited with irqs disabled [ 43.933417] note: sshd[2083] exited with preempt_count 1 [ 43.934685] [ cut here ] [ 43.945156] WARNING: CPU: 3 PID: 0 at kernel/context_tracking.c:128 ct_kernel_exit.constprop.0 (kernel/context_tracking.c:128 (discriminator 1)) [ 43.956500] CPU: 3 PID: 0 Comm: swapper/3 Tainted: G D 6.9.0-01786-g2c9e5d4a0082 #25 [ 43.967570] Hardware name: Raspberry Pi 3 Model B (DT) [ 43.973716] pstate: 23c5 (nzCv DAIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 43.981774] pc : ct_kernel_exit.constprop.0 (kernel/context_tracking.c:128 (discriminator 1)) [ 43.987920] lr : ct_idle_enter (kernel/context_tracking.c:321) [ 43.992926] sp : 80008144bdd0 [ 43.997312] x29: 80008144bdd0 x28:
[PATCH RESEND v8 16/16] bpf: remove CONFIG_BPF_JIT dependency on CONFIG_MODULES of
From: "Mike Rapoport (IBM)" BPF just-in-time compiler depended on CONFIG_MODULES because it used module_alloc() to allocate memory for the generated code. Since code allocations are now implemented with execmem, drop dependency of CONFIG_BPF_JIT on CONFIG_MODULES and make it select CONFIG_EXECMEM. Suggested-by: Björn Töpel Signed-off-by: Mike Rapoport (IBM) --- kernel/bpf/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/bpf/Kconfig b/kernel/bpf/Kconfig index bc25f5098a25..f999e4e0b344 100644 --- a/kernel/bpf/Kconfig +++ b/kernel/bpf/Kconfig @@ -43,7 +43,7 @@ config BPF_JIT bool "Enable BPF Just In Time compiler" depends on BPF depends on HAVE_CBPF_JIT || HAVE_EBPF_JIT - depends on MODULES + select EXECMEM help BPF programs are normally handled by a BPF interpreter. This option allows the kernel to generate native code when a program is loaded -- 2.43.0