Ilya Leoshkevich <iii@xxxxxxxxxxxxx> writes: > On Wed, Mar 20, 2024 at 11:08:00PM -0700, Alexei Starovoitov wrote: >> On Wed, Mar 20, 2024 at 3:55 AM Puranjay Mohan <puranjay12@xxxxxxxxx> wrote: >> > >> > The JITs need to implement bpf_arch_uaddress_limit() to define where >> > the userspace addresses end for that architecture or TASK_SIZE is taken >> > as default. >> > >> > The implementation is as follows: >> > >> > REG_AX = SRC_REG >> > if(offset) >> > REG_AX += offset; >> > REG_AX >>= 32; >> > if (REG_AX <= (uaddress_limit >> 32)) >> > DST_REG = 0; >> > else >> > DST_REG = *(size *)(SRC_REG + offset); >> >> The patch looks good, but it seems to be causing s390 CI failures. >> >> Ilya, >> could you help us understand is this check needed on s390 >> and if so, what should be the uaddress_limit ? > > s390x does not define ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE. > Userspace and kernel run in completely different and isolated address > spaces, so it's not possible to determine from a pointer value whether > it's a user or a kernel pointer. > But the good news is that whatever you deference without using > special instruction sequences will refer to the kernel address space. > So I wonder if we could somehow disable this check on s390x altogether? > And if we are not sure whether it's a valid pointer, use BPF_PROBE_MEM > as always. Thanks for the details. I understand that s390x doesn't need this extra check because all normal accesses are in the kernel address space and they will be marked with BPF_PROBE_MEM by the verifier if the pointer is untrusted. I have sent v2 of this patch with this check disabled on s390x https://lore.kernel.org/bpf/20240321101058.68530-1-puranjay12@xxxxxxxxx/ Thanks, Puranjay
