All of lore.kernel.org
 help / color / mirror / Atom feed
From: Jean-Philippe Brucker <jean-philippe@linaro.org>
To: Daniel Borkmann <daniel@iogearbox.net>
Cc: Song Liu <song@kernel.org>,
	linux-arm-kernel@lists.infradead.org, bpf <bpf@vger.kernel.org>,
	Catalin Marinas <catalin.marinas@arm.com>,
	Will Deacon <will@kernel.org>,
	Alexei Starovoitov <ast@kernel.org>,
	zlim.lnx@gmail.com, Martin KaFai Lau <kafai@fb.com>,
	Song Liu <songliubraving@fb.com>, Yonghong Song <yhs@fb.com>,
	Andrii Nakryiko <andriin@fb.com>,
	John Fastabend <john.fastabend@gmail.com>,
	KP Singh <kpsingh@chromium.org>
Subject: Re: [PATCH bpf-next 1/1] arm64: bpf: Add BPF exception tables
Date: Thu, 30 Jul 2020 10:28:53 +0200	[thread overview]
Message-ID: <20200730082853.GA1529030@myrica> (raw)
In-Reply-To: <4791872a-9f7e-1c1c-392c-8b68a13091e3@iogearbox.net>

On Wed, Jul 29, 2020 at 11:29:43PM +0200, Daniel Borkmann wrote:
> On 7/29/20 7:28 PM, Song Liu wrote:
> > On Tue, Jul 28, 2020 at 8:37 AM Jean-Philippe Brucker
> > <jean-philippe@linaro.org> wrote:
> > > 
> > > When a tracing BPF program attempts to read memory without using the
> > > bpf_probe_read() helper, the verifier marks the load instruction with
> > > the BPF_PROBE_MEM flag. Since the arm64 JIT does not currently recognize
> > > this flag it falls back to the interpreter.
> > > 
> > > Add support for BPF_PROBE_MEM, by appending an exception table to the
> > > BPF program. If the load instruction causes a data abort, the fixup
> > > infrastructure finds the exception table and fixes up the fault, by
> > > clearing the destination register and jumping over the faulting
> > > instruction.
> > > 
> > > To keep the compact exception table entry format, inspect the pc in
> > > fixup_exception(). A more generic solution would add a "handler" field
> > > to the table entry, like on x86 and s390.
> > > 
> > > Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
> > 
> > This patch looks good to me.
> > 
> > Acked-by: Song Liu <songliubraving@fb.com>
> 
> +1, applied, thanks a lot!
> 
> > It is possible to add a selftest for this? I thought about this a
> > little bit, but
> > didn't get a good idea.
> 
> Why not adding a test_verifier.c test case which calls into bpf_get_current_task()
> to fetch pointer to current and then read out some field via BPF_PROBE_MEM which
> should then succeed on x86/s390x/arm64 but be skipped on the other archs? Jean-Philippe,
> could you look into following up with such test case(s)?

Sure I'll take a look. Ilya also added a selftests to trigger exceptions
in https://lore.kernel.org/bpf/20200715233301.933201-5-iii@linux.ibm.com/
It's useful but I think it relies on the verifier not mandating NULL
checks for next-level pointers (they are ptr_ instead of ptr_or_null_),
which might change in the future. So I'm wondering if we can deliberately
access an invalid pointer with the help of bpf_test_run, and check that
the result is zero. 

Thanks,
Jean

WARNING: multiple messages have this Message-ID (diff)
From: Jean-Philippe Brucker <jean-philippe@linaro.org>
To: Daniel Borkmann <daniel@iogearbox.net>
Cc: Song Liu <songliubraving@fb.com>,
	Andrii Nakryiko <andriin@fb.com>,
	Catalin Marinas <catalin.marinas@arm.com>,
	John Fastabend <john.fastabend@gmail.com>,
	Alexei Starovoitov <ast@kernel.org>, Song Liu <song@kernel.org>,
	zlim.lnx@gmail.com, KP Singh <kpsingh@chromium.org>,
	Yonghong Song <yhs@fb.com>, bpf <bpf@vger.kernel.org>,
	Will Deacon <will@kernel.org>, Martin KaFai Lau <kafai@fb.com>,
	linux-arm-kernel@lists.infradead.org
Subject: Re: [PATCH bpf-next 1/1] arm64: bpf: Add BPF exception tables
Date: Thu, 30 Jul 2020 10:28:53 +0200	[thread overview]
Message-ID: <20200730082853.GA1529030@myrica> (raw)
In-Reply-To: <4791872a-9f7e-1c1c-392c-8b68a13091e3@iogearbox.net>

On Wed, Jul 29, 2020 at 11:29:43PM +0200, Daniel Borkmann wrote:
> On 7/29/20 7:28 PM, Song Liu wrote:
> > On Tue, Jul 28, 2020 at 8:37 AM Jean-Philippe Brucker
> > <jean-philippe@linaro.org> wrote:
> > > 
> > > When a tracing BPF program attempts to read memory without using the
> > > bpf_probe_read() helper, the verifier marks the load instruction with
> > > the BPF_PROBE_MEM flag. Since the arm64 JIT does not currently recognize
> > > this flag it falls back to the interpreter.
> > > 
> > > Add support for BPF_PROBE_MEM, by appending an exception table to the
> > > BPF program. If the load instruction causes a data abort, the fixup
> > > infrastructure finds the exception table and fixes up the fault, by
> > > clearing the destination register and jumping over the faulting
> > > instruction.
> > > 
> > > To keep the compact exception table entry format, inspect the pc in
> > > fixup_exception(). A more generic solution would add a "handler" field
> > > to the table entry, like on x86 and s390.
> > > 
> > > Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
> > 
> > This patch looks good to me.
> > 
> > Acked-by: Song Liu <songliubraving@fb.com>
> 
> +1, applied, thanks a lot!
> 
> > It is possible to add a selftest for this? I thought about this a
> > little bit, but
> > didn't get a good idea.
> 
> Why not adding a test_verifier.c test case which calls into bpf_get_current_task()
> to fetch pointer to current and then read out some field via BPF_PROBE_MEM which
> should then succeed on x86/s390x/arm64 but be skipped on the other archs? Jean-Philippe,
> could you look into following up with such test case(s)?

Sure I'll take a look. Ilya also added a selftests to trigger exceptions
in https://lore.kernel.org/bpf/20200715233301.933201-5-iii@linux.ibm.com/
It's useful but I think it relies on the verifier not mandating NULL
checks for next-level pointers (they are ptr_ instead of ptr_or_null_),
which might change in the future. So I'm wondering if we can deliberately
access an invalid pointer with the help of bpf_test_run, and check that
the result is zero. 

Thanks,
Jean

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

  reply	other threads:[~2020-07-30  8:29 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-28 15:21 [PATCH bpf-next 0/1] arm64: Add BPF exception tables Jean-Philippe Brucker
2020-07-28 15:21 ` Jean-Philippe Brucker
2020-07-28 15:21 ` [PATCH bpf-next 1/1] arm64: bpf: " Jean-Philippe Brucker
2020-07-28 15:21   ` Jean-Philippe Brucker
2020-07-29 17:28   ` Song Liu
2020-07-29 17:28     ` Song Liu
2020-07-29 21:29     ` Daniel Borkmann
2020-07-29 21:29       ` Daniel Borkmann
2020-07-30  8:28       ` Jean-Philippe Brucker [this message]
2020-07-30  8:28         ` Jean-Philippe Brucker
2020-07-30 12:28   ` Qian Cai
2020-07-30 12:28     ` Qian Cai
2020-07-30 14:22     ` Jean-Philippe Brucker
2020-07-30 14:22       ` Jean-Philippe Brucker
2020-07-30 19:47       ` Daniel Borkmann
2020-07-30 19:47         ` Daniel Borkmann
2020-07-30 21:14         ` Jean-Philippe Brucker
2020-07-30 21:14           ` Jean-Philippe Brucker
2020-07-30 22:45           ` Daniel Borkmann
2020-07-30 22:45             ` Daniel Borkmann
2021-06-09 12:04 ` [PATCH bpf-next 0/1] arm64: " Ravi Bangoria
2021-06-09 12:04   ` Ravi Bangoria
2021-06-11  0:12   ` Alexei Starovoitov
2021-06-11  0:12     ` Alexei Starovoitov
2021-06-17  6:58     ` Ravi Bangoria
2021-06-17  6:58       ` Ravi Bangoria
2021-06-18 16:34       ` Alexei Starovoitov
2021-06-18 16:34         ` Alexei Starovoitov
2021-06-22  7:10         ` Ravi Bangoria
2021-06-22  7:10           ` Ravi Bangoria
2021-06-22 11:00         ` [PATCH] x86 bpf: Fix extable offset calculation Ravi Bangoria
2021-06-25  4:01           ` Alexei Starovoitov
2021-06-25  6:22             ` Ravi Bangoria
2021-06-25 15:07               ` Alexei Starovoitov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200730082853.GA1529030@myrica \
    --to=jean-philippe@linaro.org \
    --cc=andriin@fb.com \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=catalin.marinas@arm.com \
    --cc=daniel@iogearbox.net \
    --cc=john.fastabend@gmail.com \
    --cc=kafai@fb.com \
    --cc=kpsingh@chromium.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=song@kernel.org \
    --cc=songliubraving@fb.com \
    --cc=will@kernel.org \
    --cc=yhs@fb.com \
    --cc=zlim.lnx@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.