Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2567402imu; Mon, 19 Nov 2018 02:38:50 -0800 (PST) X-Google-Smtp-Source: AJdET5eivsIwPztxx9skpvALERxhlGV7iAtEVkNAuoSScHM04aP/R/fbjAVAQ4+IKyU0aEUB3JRr X-Received: by 2002:a17:902:7848:: with SMTP id e8mr22344269pln.100.1542623930467; Mon, 19 Nov 2018 02:38:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542623930; cv=none; d=google.com; s=arc-20160816; b=JY8UtpPM8G/darRVcAVVHsQWMTxRUVYH38pRwoF+qs1RbfX2va9/JbkMACs7dZkH2g 9GGJGZ0WJ3em2g0L0hr/s+D0mFbMXSTsyoXKWwmn8bNrsh/bSqXV6r5EWgGwBka/Zdip rKI9Au1D9irib1N4zVaP9aIBuXsMsUwdXEibgBh+1zGqrbRYN3szRwuDxIwJ2Xcj1YEh zvgcsmRLAZnGEbAmgoJSZudzXck1Yu3zEJTbFawOUSA9qVCtLkcMo0PRA7UgpKMcrs8j iNX98iM73ihsC55tsRXq4Wcg/6Ul/sEDoa5pmRs+vMUs/5pUSc3CuZNC66Mkcdxo8l39 WezA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=iTCMQjybzXvhCiRz2Hgc1LDSKwtlp9NkaN1qB1pu3ls=; b=B2ZJnHiptya1Ka4yWRMjdLMk185IEzZl7O16LGoY+sJzj5zqbuxp4zJqGxBDxhwa+e G9CQcvWLLcgL0DjPeNZNU7PNKJejnM6jFzhxYbRF/Fx07OTIetkUbav6uHCMdmtKfZtF Rd//oViUD94pgKd83fxQ+GQEtpDrecIZla5nY41bsCDdCr0c1KkQI3dLzPE7zxbZrt3w m7ivaPOk0mZQZbSl3uRYku4ST521Omlm4Pb48V7XpB7rjKorlhMD2XlCQLiFsuCuDuKk kSRGa4LrCVQkKdWlxaVaCOehcb8aN+/VNKULBD5hWZVuGYGD6g8b2d4selZMINyHO/uh 4mAQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m75si18377054pga.432.2018.11.19.02.38.35; Mon, 19 Nov 2018 02:38:50 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727844AbeKSVBJ (ORCPT + 99 others); Mon, 19 Nov 2018 16:01:09 -0500 Received: from www62.your-server.de ([213.133.104.62]:58854 "EHLO www62.your-server.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727545AbeKSVBJ (ORCPT ); Mon, 19 Nov 2018 16:01:09 -0500 Received: from [88.198.220.132] (helo=sslproxy03.your-server.de) by www62.your-server.de with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89_1) (envelope-from ) id 1gOgwB-0003ic-UY; Mon, 19 Nov 2018 11:37:51 +0100 Received: from [2a02:1203:ecb1:b710:c81f:d2d6:50a9:c2d] (helo=linux.home) by sslproxy03.your-server.de with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1gOgwB-0005yq-Ig; Mon, 19 Nov 2018 11:37:51 +0100 Subject: Re: [PATCH 1/4] bpf: account for freed JIT allocations in arch code To: Ard Biesheuvel , linux-kernel@vger.kernel.org Cc: Alexei Starovoitov , Rick Edgecombe , Eric Dumazet , Jann Horn , Kees Cook , Jessica Yu , Arnd Bergmann , Catalin Marinas , Will Deacon , Mark Rutland , Ralf Baechle , Paul Burton , James Hogan , Benjamin Herrenschmidt , Paul Mackerras , Michael Ellerman , "David S. Miller" , linux-arm-kernel@lists.infradead.org, linux-mips@linux-mips.org, linuxppc-dev@lists.ozlabs.org, sparclinux@vger.kernel.org, netdev@vger.kernel.org References: <20181117185715.25198-1-ard.biesheuvel@linaro.org> <20181117185715.25198-2-ard.biesheuvel@linaro.org> From: Daniel Borkmann Message-ID: Date: Mon, 19 Nov 2018 11:37:49 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <20181117185715.25198-2-ard.biesheuvel@linaro.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Authenticated-Sender: daniel@iogearbox.net X-Virus-Scanned: Clear (ClamAV 0.100.2/25134/Mon Nov 19 07:16:12 2018) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 11/17/2018 07:57 PM, Ard Biesheuvel wrote: > Commit ede95a63b5e84 ("bpf: add bpf_jit_limit knob to restrict unpriv > allocations") added a call to bpf_jit_uncharge_modmem() to the routine > bpf_jit_binary_free() which is called from the __weak bpf_jit_free(). > This function is overridden by arches, some of which do not call > bpf_jit_binary_free() to release the memory, and so the released > memory is not accounted for, potentially leading to spurious allocation > failures. > > So replace the direct calls to module_memfree() in the arch code with > calls to bpf_jit_binary_free(). Sorry but this patch is completely buggy, and above description on the accounting incorrect as well. Looks like this patch was not tested at all. The below cBPF JITs that use module_memfree() which you replace with bpf_jit_binary_free() are using module_alloc() internally to get the JIT image buffer ... > Signed-off-by: Ard Biesheuvel > --- > arch/mips/net/bpf_jit.c | 2 +- > arch/powerpc/net/bpf_jit_comp.c | 2 +- > arch/powerpc/net/bpf_jit_comp64.c | 5 +---- > arch/sparc/net/bpf_jit_comp_32.c | 2 +- > 4 files changed, 4 insertions(+), 7 deletions(-) > > diff --git a/arch/mips/net/bpf_jit.c b/arch/mips/net/bpf_jit.c > index 4d8cb9bb8365..1b69897274a1 100644 > --- a/arch/mips/net/bpf_jit.c > +++ b/arch/mips/net/bpf_jit.c > @@ -1264,7 +1264,7 @@ void bpf_jit_compile(struct bpf_prog *fp) > void bpf_jit_free(struct bpf_prog *fp) > { > if (fp->jited) > - module_memfree(fp->bpf_func); > + bpf_jit_binary_free(bpf_jit_binary_hdr(fp)); > > bpf_prog_unlock_free(fp); > } > diff --git a/arch/powerpc/net/bpf_jit_comp.c b/arch/powerpc/net/bpf_jit_comp.c > index d5bfe24bb3b5..a1ea1ea6b40d 100644 > --- a/arch/powerpc/net/bpf_jit_comp.c > +++ b/arch/powerpc/net/bpf_jit_comp.c > @@ -683,7 +683,7 @@ void bpf_jit_compile(struct bpf_prog *fp) > void bpf_jit_free(struct bpf_prog *fp) > { > if (fp->jited) > - module_memfree(fp->bpf_func); > + bpf_jit_binary_free(bpf_jit_binary_hdr(fp)); > > bpf_prog_unlock_free(fp); > } > diff --git a/arch/powerpc/net/bpf_jit_comp64.c b/arch/powerpc/net/bpf_jit_comp64.c > index 50b129785aee..84c8f013a6c6 100644 > --- a/arch/powerpc/net/bpf_jit_comp64.c > +++ b/arch/powerpc/net/bpf_jit_comp64.c > @@ -1024,11 +1024,8 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *fp) > /* Overriding bpf_jit_free() as we don't set images read-only. */ > void bpf_jit_free(struct bpf_prog *fp) > { > - unsigned long addr = (unsigned long)fp->bpf_func & PAGE_MASK; > - struct bpf_binary_header *bpf_hdr = (void *)addr; > - > if (fp->jited) > - bpf_jit_binary_free(bpf_hdr); > + bpf_jit_binary_free(bpf_jit_binary_hdr(fp)); > > bpf_prog_unlock_free(fp); > } > diff --git a/arch/sparc/net/bpf_jit_comp_32.c b/arch/sparc/net/bpf_jit_comp_32.c > index a5ff88643d5c..01bda6bc9e7f 100644 > --- a/arch/sparc/net/bpf_jit_comp_32.c > +++ b/arch/sparc/net/bpf_jit_comp_32.c > @@ -759,7 +759,7 @@ cond_branch: f_offset = addrs[i + filter[i].jf]; > void bpf_jit_free(struct bpf_prog *fp) > { > if (fp->jited) > - module_memfree(fp->bpf_func); > + bpf_jit_binary_free(bpf_jit_binary_hdr(fp)); > > bpf_prog_unlock_free(fp); > } >