Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp312322lqp; Thu, 21 Mar 2024 01:46:14 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWUGXYHwtZgR5cN59Tn4Jp1awBJD5qxhGdNsPS2PgHZXZlfsvfdnj3+RIZqV/Jqw5sJ6VPyCiGgCZXrlonTQuoCRWWKpJxYxFvLDryh9A== X-Google-Smtp-Source: AGHT+IGZL73rES8QLC/8qpOjMTleQEZ6u1mGPdtk2PvnpsI7s5v2RPq3nL+4xY86SBoIaUFrzlyq X-Received: by 2002:a05:6a00:1911:b0:6ea:7983:2014 with SMTP id y17-20020a056a00191100b006ea79832014mr244922pfi.13.1711010774662; Thu, 21 Mar 2024 01:46:14 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711010774; cv=pass; d=google.com; s=arc-20160816; b=r5qLjxKyc4MTKWpjANymlMjO2TBDJRq+8gNaKaLh5agr6Wh1wj3EB/dh3sf0oT82IS pyMq9qWfr9+0VrO6/cx3JM2tm7zS0XX+UE9/F+JDXE2scLpnh9UNDHjaSD2RQuVgb30K RBUC/qAMiwtntERcmI2GnZJUhStrNpLlz1BqfZ7w06CA2OVR9SeWNDhbVc2x59ppHqsD DXdoAGjfAQA6VBYprepMmjof6ovQoFMzyX2NVvl6cgVPw1Fy/X8Qqm5pSqLcTeNeoTNI julPia5J94jR+dE3j9c9yHkV5HXVwMR8MbhDT4771OjBbNvvFh3c6zCyKXHBmXX0tT5b 0BoQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:from:date:dkim-signature; bh=eON5wf8vXjUbhAWLa3fsuk9PyIi46INytgA4dC5vzVQ=; fh=u87NkSU2EJon0jqbyis7ZBKd9cThb5aCB852KL1iH6w=; b=pMC67RhAteEIaW/QW0Qeuu6VQBEyhs75C+SE7h7mhYVcyK/kp/OLrI4YPkJrWLON4M gZxihH0Td1TAgBLanEt2Nzl2jnRyblj7I+dbn9azQIuGZHWsdOQTqfXAEF7p9QOMgjRA P9/9b1f5kEnpwleVYN3ZC/CQbdIf04Wj1kn+kQZm0mkoTr9zLVO3vhBhJSf64sl7F5de C5gftvfjrGx5lk2IMpWg5XpzPueVhVW7Fp0icP8v76AsFXcUMbRzAVEh2bloUb0X8Itz RDMgeKh50lsydLrjddhIiK+p7tKF9sTyZvPzZYFXzEZyDgrIH9fTZKYuMrAgWe69XcG3 uAKA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=WLHgw0Oc; arc=pass (i=1 spf=pass spfdomain=linux.ibm.com dkim=pass dkdomain=ibm.com dmarc=pass fromdomain=linux.ibm.com); spf=pass (google.com: domain of linux-kernel+bounces-109808-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-109808-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id n34-20020a635c62000000b005dbedc825b5si13771495pgm.521.2024.03.21.01.46.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Mar 2024 01:46:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-109808-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=WLHgw0Oc; arc=pass (i=1 spf=pass spfdomain=linux.ibm.com dkim=pass dkdomain=ibm.com dmarc=pass fromdomain=linux.ibm.com); spf=pass (google.com: domain of linux-kernel+bounces-109808-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-109808-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 5C16DB21756 for ; Thu, 21 Mar 2024 08:46:13 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B0E962C86A; Thu, 21 Mar 2024 08:46:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b="WLHgw0Oc" Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6D7961CD1E; Thu, 21 Mar 2024 08:45:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.163.156.1 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711010761; cv=none; b=XvpEklfknJgyVsVgUFpbgaPizJ+9JKhHUUt25/gYfubdccjaukBq4PP4YbNsF2L+wLUquOivw+uY6jPPmcGmZgcbJBYnT1X1Bw/SInGcAPw3EwfkvWBkiCNXk9H1PMpVmnYdTMleyoE6XV+FOQFwGS5oeiZ+Uw6dMq9dPwRWEEA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711010761; c=relaxed/simple; bh=vY+pgNxP5agnZS3lZvczA7j/a5myVK7NY475boIDNL0=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=A96jZQQiHesxXknOxe/AuYdl5++CRcb4t2TxR6Fjb86YhUMmPi7sO/SDXxzdw5nPR87/x5NmZ2IrHS40rjHMHN/BQXKC6fN6JNO9qasR02LmCp8swipjLf6we3y7AUsNCU7+LcIVJsXBspKMI/6CaBKQkNYD88eTqxpfBxxH/xU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com; spf=pass smtp.mailfrom=linux.ibm.com; dkim=pass (2048-bit key) header.d=ibm.com header.i=@ibm.com header.b=WLHgw0Oc; arc=none smtp.client-ip=148.163.156.1 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.ibm.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.ibm.com Received: from pps.filterd (m0353727.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 42L8VgFu006435; Thu, 21 Mar 2024 08:45:14 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : content-transfer-encoding : in-reply-to; s=pp1; bh=eON5wf8vXjUbhAWLa3fsuk9PyIi46INytgA4dC5vzVQ=; b=WLHgw0Ocq6Z0manE5cztoT1WoD+LXEfUa0QtTLvNJNv0/1KqRSXpRkxV1CojFnbUbI1k Z6D1JjqJWTHI0Yt/TEKujnfD0LG3YP17BOS4dKY/E4Arm0kthsQqhivq3Y0zZqEY87q2 7w11pnYRlUTmM9Wf2lqETVpshSnxBS47iv2KNAhlxo3UmxXvXSf7t+xOynGSePuRzYPg 5PobxeUVyxOrJ5LayeIPRFeg3YVqUA3Z4t3leqaWaAL7+T/mfEbA6CY3e3b2w6274sQw xgaLvzamiZiCjhWvLWGZkmga/xfukuYdNBoSAVE0R+zUeVQujoflpCWEX8Lp0I1zz/Kb zg== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3x0hfb80vb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 21 Mar 2024 08:45:14 +0000 Received: from m0353727.ppops.net (m0353727.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 42L8jDBD028522; Thu, 21 Mar 2024 08:45:13 GMT Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3x0hfb80v4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 21 Mar 2024 08:45:13 +0000 Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 42L7FR6h019872; Thu, 21 Mar 2024 08:45:12 GMT Received: from smtprelay04.fra02v.mail.ibm.com ([9.218.2.228]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 3wwqykum6x-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 21 Mar 2024 08:45:12 +0000 Received: from smtpav03.fra02v.mail.ibm.com (smtpav03.fra02v.mail.ibm.com [10.20.54.102]) by smtprelay04.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 42L8j8RQ30999282 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 21 Mar 2024 08:45:10 GMT Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9324520040; Thu, 21 Mar 2024 08:45:08 +0000 (GMT) Received: from smtpav03.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 531A32004B; Thu, 21 Mar 2024 08:45:07 +0000 (GMT) Received: from heavy (unknown [9.171.8.38]) by smtpav03.fra02v.mail.ibm.com (Postfix) with ESMTPS; Thu, 21 Mar 2024 08:45:07 +0000 (GMT) Date: Thu, 21 Mar 2024 09:45:05 +0100 From: Ilya Leoshkevich To: Alexei Starovoitov , Puranjay Mohan Cc: "David S. Miller" , David Ahern , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , X86 ML , "H. Peter Anvin" , Jean-Philippe Brucker , Network Development , bpf , LKML Subject: Re: [PATCH bpf] bpf: verifier: prevent userspace memory access Message-ID: References: <20240320105436.4781-1-puranjay12@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: TYjvFxQwEBdE5__OC1dzjMlHjdsm_YEY X-Proofpoint-GUID: Op4zlibBI5OweaTnIoIg1COwJwRAnpk3 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-03-21_06,2024-03-18_03,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 phishscore=0 adultscore=0 bulkscore=0 mlxlogscore=798 priorityscore=1501 mlxscore=0 spamscore=0 suspectscore=0 malwarescore=0 impostorscore=0 clxscore=1011 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2403140000 definitions=main-2403210059 On Wed, Mar 20, 2024 at 11:08:00PM -0700, Alexei Starovoitov wrote: > On Wed, Mar 20, 2024 at 3:55 AM Puranjay Mohan wrote: > > > > The JITs need to implement bpf_arch_uaddress_limit() to define where > > the userspace addresses end for that architecture or TASK_SIZE is taken > > as default. > > > > The implementation is as follows: > > > > REG_AX = SRC_REG > > if(offset) > > REG_AX += offset; > > REG_AX >>= 32; > > if (REG_AX <= (uaddress_limit >> 32)) > > DST_REG = 0; > > else > > DST_REG = *(size *)(SRC_REG + offset); > > The patch looks good, but it seems to be causing s390 CI failures. > > Ilya, > could you help us understand is this check needed on s390 > and if so, what should be the uaddress_limit ? s390x does not define ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE. Userspace and kernel run in completely different and isolated address spaces, so it's not possible to determine from a pointer value whether it's a user or a kernel pointer. But the good news is that whatever you deference without using special instruction sequences will refer to the kernel address space. So I wonder if we could somehow disable this check on s390x altogether? And if we are not sure whether it's a valid pointer, use BPF_PROBE_MEM as always.