All of lore.kernel.org
 help / color / mirror / Atom feed
From: Song Liu <songliubraving@fb.com>
To: Linus Torvalds <torvalds@linux-foundation.org>,
	Peter Zijlstra <peterz@infradead.org>
Cc: Song Liu <song@kernel.org>,
	Alexei Starovoitov <alexei.starovoitov@gmail.com>,
	bpf <bpf@vger.kernel.org>, Linux-MM <linux-mm@kvack.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	Alexei Starovoitov <ast@kernel.org>,
	Daniel Borkmann <daniel@iogearbox.net>,
	Kernel Team <Kernel-team@fb.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	"Edgecombe, Rick P" <rick.p.edgecombe@intel.com>,
	Christoph Hellwig <hch@infradead.org>,
	Andrii Nakryiko <andrii@kernel.org>
Subject: Re: [PATCH bpf] bpf: invalidate unused part of bpf_prog_pack
Date: Thu, 21 Apr 2022 22:51:52 +0000	[thread overview]
Message-ID: <8F788446-899C-4BA3-8236-612A94D98582@fb.com> (raw)
In-Reply-To: <CAHk-=wi62LDc5B3DOr5pyVtOUOuLkLzHvmZQApH9q=raqaGkUg@mail.gmail.com>

Hi Linus,

> On Apr 21, 2022, at 3:30 PM, Linus Torvalds <torvalds@linux-foundation.org> wrote:
> 
> On Thu, Apr 21, 2022 at 2:53 PM Song Liu <songliubraving@fb.com> wrote:
>> 
>> However, we cannot really use the same function at free time. The
>> huge page is RO+X at free time, but we are only zeroing out a chunk
>> of it. So regular memset/memcpy won’t work. Instead, we will need
>> something like bpf_arch_text_copy().
> 
> I actually think bpf_arch_text_copy() is another horribly badly done thing.
> 
> It seems only implemented on x86 (I'm not sure how anything else is
> supposed to work, I didn't go look), and there it is horribly badly
> done, using __text_poke() that does all these magical things just to
> make it atomic wrt concurrent code execution.
> 
> None of which is *AT*ALL* relevant for this case, since concurrent
> code execution simply isn't a thing (and if it were, you would already
> have lost).
> 
> And if that wasn't pointless enough, it does all that magic "map the
> page writably at a different virtual address using poking_addr in
> poking_mm" and a different address space entirely.
> 
> All of that is required for REAL KERNEL CODE.
> 
> But the thing is, for bpf_prog_pack, all of that is just completely
> pointless and stupid complexity.
> 
> We already *have* the other non-executable address that is writable:
> it's the actual pages that got vmalloc'ed. Just use vmalloc_to_page()
> and it's RIGHT THERE.

I think this won’t work, as set_memory_ro makes all the aliases of 
these pages read only. We can probably add set_memory_ro_noalias(), 
which will be similar to set_memory_np_noalias(). This approach was 
NACKed by Peter[1]. So we went with the bpf_arch_text_copy approach.

If we can loosen the W^X requirement for BPF programs, other parts 
of bpf_prog_pack could also be simplified. 

Thanks,
Song

[1] https://lore.kernel.org/netdev/20211116080051.GU174703@worktop.programming.kicks-ass.net/

> 
> At which point you just use the same bpf_jit_fill_hole() function, and
> you're done.
> 
> In other words, all of this seems excessively stupidly done, for no
> good reason.  It's only making it much too complicated, and just not
> doing the right thing at all.
> 
>                Linus


  reply	other threads:[~2022-04-21 22:52 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-21  7:22 [PATCH bpf] bpf: invalidate unused part of bpf_prog_pack Song Liu
2022-04-21 17:09 ` Linus Torvalds
2022-04-21 18:24   ` Alexei Starovoitov
2022-04-21 18:59     ` Linus Torvalds
2022-04-21 19:40       ` Song Liu
2022-04-21 21:28         ` Linus Torvalds
2022-04-21 21:52           ` Song Liu
2022-04-21 22:30             ` Linus Torvalds
2022-04-21 22:51               ` Song Liu [this message]
2022-04-21 23:10                 ` Linus Torvalds
2022-04-22  1:31                   ` Song Liu
2022-04-22  7:31                 ` Peter Zijlstra
2022-04-23  5:25                   ` Song Liu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=8F788446-899C-4BA3-8236-612A94D98582@fb.com \
    --to=songliubraving@fb.com \
    --cc=Kernel-team@fb.com \
    --cc=akpm@linux-foundation.org \
    --cc=alexei.starovoitov@gmail.com \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=hch@infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=peterz@infradead.org \
    --cc=rick.p.edgecombe@intel.com \
    --cc=song@kernel.org \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.