Received: by 2002:a25:ef43:0:0:0:0:0 with SMTP id w3csp125602ybm; Tue, 26 May 2020 12:24:45 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwcnAm9ZhERqySHN2HPmLCLUCPXOgfLC0iljb/wSv61fhegwD7KGrHMUSabX9+fDYaoqgyK X-Received: by 2002:a17:906:a1c9:: with SMTP id bx9mr2387824ejb.496.1590521085086; Tue, 26 May 2020 12:24:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590521085; cv=none; d=google.com; s=arc-20160816; b=VcxXD/lf5NMMGThxZ52ZYEZCqmYo/nwxh852dmEc0keCgsm5tmH7f7Ac/J54Fai4fl xqzR0m7lLJCjeYDG68caujC93Ui22WHJKMcz3ApvX64JxfIOybXf1Z85DUohzr4WQZhQ jrBwCKRtKdU7FuNGqPqdPEuXCt8vvSnLIqMkmaTjWHqcvzu2A/SIRzbeDlvF3248jjgl WqinXkKjwQoM03A/tJbjxHSjR2uXnzI3rpq7Vy5wLls9PmWVao7skFlqgJMgfSXtjZMU CW9nSf91Sopnd0wbFAgmuvOsr8MIbO+PffEirdr6YXzTCOCRsXTCZKe7Ozc7o7iZSszY OmKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=6pX8j/Dd47ZrNG/l9gYwTvJQU13LYhEkpJ9NGxCnEQI=; b=P2s7E5dAxLyvXr840v2Jq645GlJsVu282Pjm4DZvBUiYDIx0MTpCTO7LpROxGcoWHT rgGTyAPbAIemITkrzpOltqgzIL/89BP7x8CdmgwZbesmawiAzvVdC6xZC9LDq0vI93GZ /o1cQZFS+n4sRUxyrNhSpnnAlC2xnIb+BIDzdG2J0TMldI+Hoa5YOQlgURq4x5L1AYNz XY2PLTckbcCyOy5P89U42w7C6rc6rJmxZm+5o1pkyxTk5Grr4q3AX1ys7H53L7/Bjyed 3c0Pv5JmbeqpbqIV0DGjMSH2uMs3/pmKhKiYAPWnKY91SAKcrLVwy5jsWO21XQ9Plaiv Thsw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=PmOM5XM5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u13si388849eda.268.2020.05.26.12.24.20; Tue, 26 May 2020 12:24:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=PmOM5XM5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2391669AbgEZTTh (ORCPT + 99 others); Tue, 26 May 2020 15:19:37 -0400 Received: from mail.kernel.org ([198.145.29.99]:43094 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2391767AbgEZTNR (ORCPT ); Tue, 26 May 2020 15:13:17 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 55DDE20776; Tue, 26 May 2020 19:13:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1590520396; bh=yZ5/rhEe7WUsvfHlT+m3Cv1QiRqZebAQm7LCIRuiu1g=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=PmOM5XM5cG+aRiWudI4P4F98XHhKE8KbwmdeH+n4A9RdaBpy/+jo1J1ZQUfkwP9pK Hon0KDV8lyELV77wOx0l3V5RNpcrBN8Bi6/bOqsfusYTN4JHfW0E4UPmqI42tByaq4 AZazhDeZpB1NyE+NedU+ba3XsvC52NWZZet5zst4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Linus Torvalds , Daniel Borkmann , Alexei Starovoitov , Masami Hiramatsu , Brendan Gregg , Christoph Hellwig Subject: [PATCH 5.6 062/126] bpf: Restrict bpf_probe_read{, str}() only to archs where they work Date: Tue, 26 May 2020 20:53:19 +0200 Message-Id: <20200526183943.372135882@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200526183937.471379031@linuxfoundation.org> References: <20200526183937.471379031@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Daniel Borkmann commit 0ebeea8ca8a4d1d453ad299aef0507dab04f6e8d upstream. Given the legacy bpf_probe_read{,str}() BPF helpers are broken on archs with overlapping address ranges, we should really take the next step to disable them from BPF use there. To generally fix the situation, we've recently added new helper variants bpf_probe_read_{user,kernel}() and bpf_probe_read_{user,kernel}_str(). For details on them, see 6ae08ae3dea2 ("bpf: Add probe_read_{user, kernel} and probe_read_{user,kernel}_str helpers"). Given bpf_probe_read{,str}() have been around for ~5 years by now, there are plenty of users at least on x86 still relying on them today, so we cannot remove them entirely w/o breaking the BPF tracing ecosystem. However, their use should be restricted to archs with non-overlapping address ranges where they are working in their current form. Therefore, move this behind a CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE and have x86, arm64, arm select it (other archs supporting it can follow-up on it as well). For the remaining archs, they can workaround easily by relying on the feature probe from bpftool which spills out defines that can be used out of BPF C code to implement the drop-in replacement for old/new kernels via: bpftool feature probe macro Suggested-by: Linus Torvalds Signed-off-by: Daniel Borkmann Signed-off-by: Alexei Starovoitov Reviewed-by: Masami Hiramatsu Acked-by: Linus Torvalds Cc: Brendan Gregg Cc: Christoph Hellwig Link: https://lore.kernel.org/bpf/20200515101118.6508-2-daniel@iogearbox.net Signed-off-by: Greg Kroah-Hartman --- arch/arm/Kconfig | 1 + arch/arm64/Kconfig | 1 + arch/x86/Kconfig | 1 + init/Kconfig | 3 +++ kernel/trace/bpf_trace.c | 6 ++++-- 5 files changed, 10 insertions(+), 2 deletions(-) --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig @@ -13,6 +13,7 @@ config ARM select ARCH_HAS_KEEPINITRD select ARCH_HAS_KCOV select ARCH_HAS_MEMBARRIER_SYNC_CORE + select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE select ARCH_HAS_PTE_SPECIAL if ARM_LPAE select ARCH_HAS_PHYS_TO_DMA select ARCH_HAS_SETUP_DMA_OPS --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -21,6 +21,7 @@ config ARM64 select ARCH_HAS_KCOV select ARCH_HAS_KEEPINITRD select ARCH_HAS_MEMBARRIER_SYNC_CORE + select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE select ARCH_HAS_PTE_DEVMAP select ARCH_HAS_PTE_SPECIAL select ARCH_HAS_SETUP_DMA_OPS --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -70,6 +70,7 @@ config X86 select ARCH_HAS_KCOV if X86_64 select ARCH_HAS_MEM_ENCRYPT select ARCH_HAS_MEMBARRIER_SYNC_CORE + select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE select ARCH_HAS_PMEM_API if X86_64 select ARCH_HAS_PTE_DEVMAP if X86_64 select ARCH_HAS_PTE_SPECIAL --- a/init/Kconfig +++ b/init/Kconfig @@ -2223,6 +2223,9 @@ config ASN1 source "kernel/Kconfig.locks" +config ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE + bool + config ARCH_HAS_SYNC_CORE_BEFORE_USERMODE bool --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -857,14 +857,16 @@ tracing_func_proto(enum bpf_func_id func return &bpf_probe_read_user_proto; case BPF_FUNC_probe_read_kernel: return &bpf_probe_read_kernel_proto; - case BPF_FUNC_probe_read: - return &bpf_probe_read_compat_proto; case BPF_FUNC_probe_read_user_str: return &bpf_probe_read_user_str_proto; case BPF_FUNC_probe_read_kernel_str: return &bpf_probe_read_kernel_str_proto; +#ifdef CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE + case BPF_FUNC_probe_read: + return &bpf_probe_read_compat_proto; case BPF_FUNC_probe_read_str: return &bpf_probe_read_compat_str_proto; +#endif #ifdef CONFIG_CGROUPS case BPF_FUNC_get_current_cgroup_id: return &bpf_get_current_cgroup_id_proto;