Re: [PATCH bpf v3 2/2] bpf_trace: bail out from bpf_kprobe_multi_link_attach when in compat

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 5/18/22 1:03 PM, Eugene Syromiatnikov wrote:
On Wed, May 18, 2022 at 09:55:05AM -0700, Yonghong Song wrote:


On 5/18/22 5:22 AM, Eugene Syromiatnikov wrote:
Since bpf_kprobe_multi_link_attach doesn't support 32-bit kernels
for whatever reason, having it enabled for compat processes on 64-bit
kernels makes even less sense due to discrepances in the type sizes
that it does not handle.

If I understand correctly, the reason is due to
in libbpf we have
struct bpf_link_create_opts {
         size_t sz; /* size of this struct for forward/backward compatibility
*/
         __u32 flags;
         union bpf_iter_link_info *iter_info;
         __u32 iter_info_len;
         __u32 target_btf_id;
         union {
                 struct {
                         __u64 bpf_cookie;
                 } perf_event;
                 struct {
                         __u32 flags;
                         __u32 cnt;
                         const char **syms;
                         const unsigned long *addrs;
                         const __u64 *cookies;
                 } kprobe_multi;
         };
         size_t :0;
};

Note that we have `const unsigned long *addrs;`

If we have 32-bit user space application and 64bit kernel,
and we will have userspace 32-bit pointers and kernel as
64bit pointers and current kernel doesn't handle 32-bit
user pointer properly.

Consider this may involve libbpf uapi change, maybe
we should change "const unsigned long *addrs;" to
"const __u64 *addrs;" considering we haven't freeze
libbpf UAPI yet.

Otherwise, we stick to current code with this patch,
it will make it difficult to support 32-bit app with
64-bit kernel for kprobe_multi in the future due to
uapi issues.

WDYT?

As 32 bit arches are "unsupported" currently, the change would be more
a semantic one rather then practical;  I don't mind having it here (basically,
the tools/* part of [1]), though (assuming it is still possible to get it
in 5.18).

[1] https://lore.kernel.org/lkml/6ef675aeeea442fa8fc168cd1cb4e4e474f65a3f.1652772731.git.esyr@xxxxxxxxxx/

I think for patch [1], we only need libbpf and selftest change, no
kernel change is needed since we
explicitly does not support 32bit kernel in the
beginning of function bpf_kprobe_multi_link_attach():

        /* no support for 32bit archs yet */
        if (sizeof(u64) != sizeof(void *))
                return -EOPNOTSUPP;

and in kernel, address (pointer) size will be considered
long (64bit) which is exactly the libbpf change did that.



Fixes: 0dcac272540613d4 ("bpf: Add multi kprobe link")
Signed-off-by: Eugene Syromiatnikov <esyr@xxxxxxxxxx>
---
  kernel/trace/bpf_trace.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index 212faa4..2f83489 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -2412,7 +2412,7 @@ int bpf_kprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr
  	int err;
  	/* no support for 32bit archs yet */
-	if (sizeof(u64) != sizeof(void *))
+	if (sizeof(u64) != sizeof(void *) || in_compat_syscall())
  		return -EOPNOTSUPP;
  	if (prog->expected_attach_type != BPF_TRACE_KPROBE_MULTI)





[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux