All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Zidenberg, Tsahi" <tsahee@amazon.com>
To: Greg KH <gregkh@linuxfoundation.org>
Cc: Sasha Levin <sashal@kernel.org>, <stable@vger.kernel.org>
Subject: Re: [PATCH 1/2] bpf: fix userspace access for bpf_probe_read{, str}()
Date: Mon, 12 Apr 2021 23:01:59 +0300	[thread overview]
Message-ID: <7f022c63-f0d9-cf5d-9330-d8548e4095b4@amazon.com> (raw)
In-Reply-To: <YHGMAxjfn1fKfgGE@kroah.com>



On 10/04/2021 14:29, Greg KH wrote:
> On Sun, Apr 04, 2021 at 12:13:46PM +0300, Zidenberg, Tsahi wrote:
>> On 03/04/2021 12:56, Greg KH wrote:
>>>
>>> Again that would make things different from Linus's tree, which is what
>>> we want to avoid if at all possible.
>>>
>>> What commits in 5.8 are you talking about here, if the changes are there
>>> that work here in 5.4, that's fine.
>> In 5.5 (mostly 6ae08ae3dea2) BPF UAPI was changed, bpf_probe_read was split
>> into compat (original), user and kernel variants. Compat here just calls the
>> kernel variant, which means it's still broken.
> That's not a UAPI change, that does not change the userspace-visable
> part, right?  Did something change?
>
>> In 5.8 (8d92db5c04d10), compat was fixed to call user/kernel variants
>> according to address in machines where it makes sense, and disabled on other
>> machines. I am trying to take the fix for machines where it's possible, and
>> leave other machines untouched.
>>
>> As I understand it, there are 3 options:
>> 1)  Implement the same fix as v5.8, while staying with v5.4 code/API.
>>     That's what my original patch did.
>> 2)  Import the new 5.5 API + 5.8 fix. It's not trivial to get API-compatibility
>>     right. Specifically - need to solve skb_output (a7658e1a4164c), another
>>     entry in the BPF enum, introduced before the new read variants.
> What "API-compatibility" are you trying for here?  There is no issues
> with in-kernel changes of apis.
>
> What commits exactly does this require?  It is almost always better to
> keep the same identical patches that are in newer kernels to be
> backported than to do something different like you are doing in 1).
> That way any future changes/fixes can easily also be backported.
> Otherwise it gets harder and harder over time.
This is how I understand it, please correct me if/where I'm wrong:

include/uapi/linux/bpf.h is part of the UAPI. Specifically, bpf_func_id
enum is part of the UAPI. This enum matches function I.D to bpf helper,
and the indexes are kept constant across kernel versions.

Kernel 5.5 added skb_output helper (irrelevant to our fix) to that enum,
and then added probe_read_{user,kernel}* functions on top of that. Taking
probe_read_{user,kernel}* from commit 6ae08ae3dea2 itself is changing
UAPI. The mainline fix in 5.8 (8d92db5c04d10) depends on that UAPI change.

Appending another function is not a terrrible UAPI change, but to
keep these functions at the same index as later kernel versions - we'd
also need to either take skb_output or add a replacement.


Thank you!
Tsahi.

  reply	other threads:[~2021-04-12 20:02 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-29 10:56 [PATCH 0/2] fix userspace access on arm64 for linux 5.4 Zidenberg, Tsahi
2021-03-29 10:58 ` [PATCH 1/2] bpf: fix userspace access for bpf_probe_read{, str}() Zidenberg, Tsahi
2021-03-30 17:21   ` Sasha Levin
2021-03-31 18:37     ` Zidenberg, Tsahi
2021-04-03  9:56       ` Greg KH
2021-04-04  9:13         ` Zidenberg, Tsahi
2021-04-10 11:29           ` Greg KH
2021-04-12 20:01             ` Zidenberg, Tsahi [this message]
2021-04-13  7:28               ` Greg KH
2021-03-29 10:59 ` [PATCH 2/2] tracing/kprobes: handle userspace access on unified probes Zidenberg, Tsahi
2021-04-10 11:29   ` Greg KH
2021-04-10 11:30 ` [PATCH 0/2] fix userspace access on arm64 for linux 5.4 Greg KH
2021-04-12 19:46   ` Zidenberg, Tsahi
2021-04-13  7:27     ` Greg KH
2021-04-21 13:04       ` Zidenberg, Tsahi
2021-04-21 13:26         ` Greg KH

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7f022c63-f0d9-cf5d-9330-d8548e4095b4@amazon.com \
    --to=tsahee@amazon.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=sashal@kernel.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.