From: Song Liu <songliubraving@fb.com>
To: Linus Torvalds <torvalds@linux-foundation.org>,
Peter Zijlstra <peterz@infradead.org>
Cc: Song Liu <song@kernel.org>,
Alexei Starovoitov <alexei.starovoitov@gmail.com>,
bpf <bpf@vger.kernel.org>, Linux-MM <linux-mm@kvack.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Kernel Team <Kernel-team@fb.com>,
Andrew Morton <akpm@linux-foundation.org>,
"Edgecombe, Rick P" <rick.p.edgecombe@intel.com>,
Christoph Hellwig <hch@infradead.org>,
Andrii Nakryiko <andrii@kernel.org>
Subject: Re: [PATCH bpf] bpf: invalidate unused part of bpf_prog_pack
Date: Thu, 21 Apr 2022 22:51:52 +0000 [thread overview]
Message-ID: <8F788446-899C-4BA3-8236-612A94D98582@fb.com> (raw)
In-Reply-To: <CAHk-=wi62LDc5B3DOr5pyVtOUOuLkLzHvmZQApH9q=raqaGkUg@mail.gmail.com>
Hi Linus,
> On Apr 21, 2022, at 3:30 PM, Linus Torvalds <torvalds@linux-foundation.org> wrote:
>
> On Thu, Apr 21, 2022 at 2:53 PM Song Liu <songliubraving@fb.com> wrote:
>>
>> However, we cannot really use the same function at free time. The
>> huge page is RO+X at free time, but we are only zeroing out a chunk
>> of it. So regular memset/memcpy won’t work. Instead, we will need
>> something like bpf_arch_text_copy().
>
> I actually think bpf_arch_text_copy() is another horribly badly done thing.
>
> It seems only implemented on x86 (I'm not sure how anything else is
> supposed to work, I didn't go look), and there it is horribly badly
> done, using __text_poke() that does all these magical things just to
> make it atomic wrt concurrent code execution.
>
> None of which is *AT*ALL* relevant for this case, since concurrent
> code execution simply isn't a thing (and if it were, you would already
> have lost).
>
> And if that wasn't pointless enough, it does all that magic "map the
> page writably at a different virtual address using poking_addr in
> poking_mm" and a different address space entirely.
>
> All of that is required for REAL KERNEL CODE.
>
> But the thing is, for bpf_prog_pack, all of that is just completely
> pointless and stupid complexity.
>
> We already *have* the other non-executable address that is writable:
> it's the actual pages that got vmalloc'ed. Just use vmalloc_to_page()
> and it's RIGHT THERE.
I think this won’t work, as set_memory_ro makes all the aliases of
these pages read only. We can probably add set_memory_ro_noalias(),
which will be similar to set_memory_np_noalias(). This approach was
NACKed by Peter[1]. So we went with the bpf_arch_text_copy approach.
If we can loosen the W^X requirement for BPF programs, other parts
of bpf_prog_pack could also be simplified.
Thanks,
Song
[1] https://lore.kernel.org/netdev/20211116080051.GU174703@worktop.programming.kicks-ass.net/
>
> At which point you just use the same bpf_jit_fill_hole() function, and
> you're done.
>
> In other words, all of this seems excessively stupidly done, for no
> good reason. It's only making it much too complicated, and just not
> doing the right thing at all.
>
> Linus
next prev parent reply other threads:[~2022-04-21 22:52 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-21 7:22 [PATCH bpf] bpf: invalidate unused part of bpf_prog_pack Song Liu
2022-04-21 17:09 ` Linus Torvalds
2022-04-21 18:24 ` Alexei Starovoitov
2022-04-21 18:59 ` Linus Torvalds
2022-04-21 19:40 ` Song Liu
2022-04-21 21:28 ` Linus Torvalds
2022-04-21 21:52 ` Song Liu
2022-04-21 22:30 ` Linus Torvalds
2022-04-21 22:51 ` Song Liu [this message]
2022-04-21 23:10 ` Linus Torvalds
2022-04-22 1:31 ` Song Liu
2022-04-22 7:31 ` Peter Zijlstra
2022-04-23 5:25 ` Song Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8F788446-899C-4BA3-8236-612A94D98582@fb.com \
--to=songliubraving@fb.com \
--cc=Kernel-team@fb.com \
--cc=akpm@linux-foundation.org \
--cc=alexei.starovoitov@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=hch@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=peterz@infradead.org \
--cc=rick.p.edgecombe@intel.com \
--cc=song@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.