Re: [PATCH v2 bpf-next 0/2] enforce W^X for trampoline and dispatcher

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 26/09/2022 20.47, Song Liu wrote:
Changes v1 => v2:
1. Update arch_prepare_bpf_dispatcher to use a RO image and a RW buffer.
    (Alexei) Note: I haven't found an existing test to cover this part, so
    this part was tested manually (comparing the generated dispatcher is
    the same).

Jeff Layton reported CPA W^X warning linux-next [1]. It turns out to be
W^X issue with bpf trampoline and bpf dispatcher. Fix these by:

1. Use bpf_prog_pack for bpf_dispatcher;
2. Set memory permission properly with bpf trampoline.

Indirectly related to your patchset[0].
 - TL;DR calling set_memory_x() have side-effects

We are getting reports that loading BPF-progs (jit stage) cause issues for RT in the form of triggering work on isolated CPUs. It looks like BTF JIT stage cause a TLB flush on all CPUs, including isolated CPUs.

The triggering function is set_memory_x() (see call-stack[2]).

We have noticed (and appreciate) you have previously improved the situation in this patchset[3]: [3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=80123f0ac4a6

Is this patchset also part of improving the situation, or does it introduce more calls to set_memory_x() ?


[1] https://lore.kernel.org/lkml/c84cc27c1a5031a003039748c3c099732a718aec.camel@xxxxxxxxxx/


[2] Call stack triggering issue:

        smp_call_function_many_cond+0x1
        smp_call_function+0x39
        on_each_cpu+0x2a
        cpa_flush+0x11a
        change_page_attr_set_clr+0x129
        set_memory_x+0x37
        bpf_int_jit_compile+0x36f
        bpf_prog_select_runtime+0xc6
        bpf_prepare_filter+0x523
        sk_attach_filter+0x13
        sock_setsockopt+0x920
        __sys_setsockopt+0x16a
        __x64_sys_setsockopt+0x20
        do_syscall_64+0x87
        entry_SYSCALL_64_after_hwframe+0x65


[0] https://lore.kernel.org/all/20220926184739.3512547-1-song@xxxxxxxxxx/#r

--Jesper





[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux