On Mon, May 10, 2021 at 2:50 AM Jiri Olsa <jolsa@xxxxxxxxxx> wrote: > > On Thu, May 06, 2021 at 06:36:38PM -0700, Alexei Starovoitov wrote: > > On Thu, Apr 29, 2021 at 4:47 AM Jiri Olsa <jolsa@xxxxxxxxxx> wrote: > > > > > > The recursion check in __bpf_prog_enter and __bpf_prog_exit > > > leaves some (not inlined) functions unprotected: > > > > > > In __bpf_prog_enter: > > > - migrate_disable is called before prog->active is checked > > > > > > In __bpf_prog_exit: > > > - migrate_enable,rcu_read_unlock_strict are called after > > > prog->active is decreased > > > > > > When attaching trampoline to them we get panic like: > > > > > > traps: PANIC: double fault, error_code: 0x0 > > > double fault: 0000 [#1] SMP PTI > > > RIP: 0010:__bpf_prog_enter+0x4/0x50 > > > ... > > > Call Trace: > > > <IRQ> > > > bpf_trampoline_6442466513_0+0x18/0x1000 > > > migrate_disable+0x5/0x50 > > > __bpf_prog_enter+0x9/0x50 > > > bpf_trampoline_6442466513_0+0x18/0x1000 > > > migrate_disable+0x5/0x50 > > > __bpf_prog_enter+0x9/0x50 > > > bpf_trampoline_6442466513_0+0x18/0x1000 > > > migrate_disable+0x5/0x50 > > > __bpf_prog_enter+0x9/0x50 > > > bpf_trampoline_6442466513_0+0x18/0x1000 > > > migrate_disable+0x5/0x50 > > > ... > > > > > > Fixing this by adding deny list of btf ids for tracing > > > programs and checking btf id during program verification. > > > Adding above functions to this list. > > > > > > Suggested-by: Alexei Starovoitov <ast@xxxxxxxxxx> > > > Signed-off-by: Jiri Olsa <jolsa@xxxxxxxxxx> > > > --- > > > v2 changes: > > > - drop check for EXT programs [Andrii] > > > > > > kernel/bpf/verifier.c | 14 ++++++++++++++ > > > 1 file changed, 14 insertions(+) > > > > > > diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c > > > index 2579f6fbb5c3..42311e51ac71 100644 > > > --- a/kernel/bpf/verifier.c > > > +++ b/kernel/bpf/verifier.c > > > @@ -13112,6 +13112,17 @@ int bpf_check_attach_target(struct bpf_verifier_log *log, > > > return 0; > > > } > > > > > > +BTF_SET_START(btf_id_deny) > > > +BTF_ID_UNUSED > > > +#ifdef CONFIG_SMP > > > +BTF_ID(func, migrate_disable) > > > +BTF_ID(func, migrate_enable) > > > +#endif > > > +#if !defined CONFIG_PREEMPT_RCU && !defined CONFIG_TINY_RCU > > > +BTF_ID(func, rcu_read_unlock_strict) > > > +#endif > > > +BTF_SET_END(btf_id_deny) > > > > I was wondering whether it makes sense to do this on pahole side instead ? > > It can do more flexible regex matching and excluding all such functions > > from vmlinux btf without the kernel having to do a maze of #ifdef > > depending on config. > > On one side we will lose BTF info about such functions, but what do we > > need it for? > > On the other side it will be a tiny reduction in vmlinux btf :) > > Thoughts? > > we just removed the ftrace filter so BTF will have 'all' functions > > I think the filtering on pahole side could cause problems like > the recent one with cubictcp_state.. it's just 3 functions, but > what if they rename? this way we at least get compilation error ;-) > > I'd go with all functions in BTF and restrict attachment for those > that cause problems Ok. Let's see how it will work in practice. Applied to bpf tree.
