Re: [PATCH v3 2/5] powerpc/bpf: implement bpf_arch_text_invalidate for bpf_prog_pack

Christophe Leroy <christophe.leroy@xxxxxxxxxx> · Fri, 25 Aug 2023 15:33:18 +0000

Le 25/08/2023 à 17:18, Hari Bathini a écrit :
> Implement bpf_arch_text_invalidate and use it to fill unused part of
> the bpf_prog_pack with trap instructions when a BPF program is freed.
> 
> Signed-off-by: Hari Bathini <hbathini@xxxxxxxxxxxxx>
> ---
>   arch/powerpc/net/bpf_jit_comp.c | 22 +++++++++++++++++++---
>   1 file changed, 19 insertions(+), 3 deletions(-)
> 
> diff --git a/arch/powerpc/net/bpf_jit_comp.c b/arch/powerpc/net/bpf_jit_comp.c
> index 170ebf8ac0f2..7cd4cf53d61c 100644
> --- a/arch/powerpc/net/bpf_jit_comp.c
> +++ b/arch/powerpc/net/bpf_jit_comp.c
> @@ -30,7 +30,7 @@ static void bpf_jit_fill_ill_insns(void *area, unsigned int size)
>    * Patch 'len' bytes of instructions from opcode to addr, one instruction
>    * at a time. Returns addr on success. ERR_PTR(-EINVAL), otherwise.
>    */
> -static void *bpf_patch_instructions(void *addr, void *opcode, size_t len)
> +static void *bpf_patch_instructions(void *addr, void *opcode, size_t len, bool fill_insn)

It's a pitty that you have to modify in patch 2 a function you have 
added in patch 1 of the same series. Can't you have it right from the 
begining ?

>   {
>   	while (len > 0) {
>   		ppc_inst_t insn = ppc_inst_read(opcode);
> @@ -41,7 +41,8 @@ static void *bpf_patch_instructions(void *addr, void *opcode, size_t len)
>   
>   		len -= ilen;
>   		addr = addr + ilen;
> -		opcode = opcode + ilen;
> +		if (!fill_insn)
> +			opcode = opcode + ilen;
>   	}
>   
>   	return addr;
> @@ -307,7 +308,22 @@ void *bpf_arch_text_copy(void *dst, void *src, size_t len)
>   		return ERR_PTR(-EINVAL);
>   
>   	mutex_lock(&text_mutex);
> -	ret = bpf_patch_instructions(dst, src, len);
> +	ret = bpf_patch_instructions(dst, src, len, false);
> +	mutex_unlock(&text_mutex);
> +
> +	return ret;
> +}
> +
> +int bpf_arch_text_invalidate(void *dst, size_t len)
> +{
> +	u32 insn = BREAKPOINT_INSTRUCTION;
> +	int ret;
> +
> +	if (WARN_ON_ONCE(core_kernel_text((unsigned long)dst)))
> +		return -EINVAL;
> +
> +	mutex_lock(&text_mutex);
> +	ret = IS_ERR(bpf_patch_instructions(dst, &insn, len, true));

Why IS_ERR ?

As far as I understand from the weak definition in kernel/bpf/core.c, 
this function is supposed to return an error, not a bool.

>   	mutex_unlock(&text_mutex);
>   
>   	return ret;