From patchwork Sat Nov 17 18:57:12 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 151415 Delivered-To: patch@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp808702ljp; Sat, 17 Nov 2018 10:57:30 -0800 (PST) X-Google-Smtp-Source: AJdET5fpoNXDYvRHkVWUpd/wkR1vPVfoo27XcOneUHFf+LEj6z/hS41ovStJmR0eZqMe+8nuYVZt X-Received: by 2002:a63:db02:: with SMTP id e2mr14621991pgg.419.1542481050689; Sat, 17 Nov 2018 10:57:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542481050; cv=none; d=google.com; s=arc-20160816; b=vZUVeOc1mqSOdukoJErOp15S+gvY5klRWc9dzr87zlR3GCIpuHxYsqnYB+PnOPfmXU /3KqQhm32A1kkzI7VwCUhN7Ufc0C/22bAMv+oa3RhiY1hTor+NiRmmQ1O886kwkgTqeo yUvUWgswIweZJfB7WVuHx2AQk6hlBXNe1BvvwyXUvhuS7G4/xW/sHxQupZaIlb6Zcc2u wJBZHL8tdCKsj5J2HOxJtPPigAzSWi/+i5S57cQQujk/QSbMtPS6xZ1m4ddHreQvwvUy A4n31oAx5Mh9rVFu14ePdD6V2FUVwSS4aVDidMe6MDujHJFe/JX6U4V9+h2PjJ4JMVdR nhow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=vKtcwajq6uet7RwpHABNJRRfvhJ5RLh+7DwnrP6tkoU=; b=QaTeoSukVjLyuEJz5MSbAzMgXbbGyQOIeQbpCXlaqbKPpiidDczlMQeYy9HYJLfPuf PfYn4MZta9AhXYU1dHXkGDB17j13yEbgw8QKrcsBD75qB9WlxC57r7xmA8Ed2eASIfM6 AeWWvOhxzy0m+6HQ2woMMGmPUWVdofghb8p8HkT3JBhXDoZVPhOt5r6UNHc2CVoOFQkt KnGN+Jgmr3cvzCI3eGZMD33L1h3tU4ZygHdOYChRqZve4at10JI+KEdlrfUnQXmjIqm6 Fe0eHU6THlxQ7CvZ+XGT80oKJyMeCv+/mwc3i3ZsXIGlTmfsojU6YxElutHyV4tyrCYi hO4A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=HCrZnyJK; spf=pass (google.com: best guess record for domain of netdev-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=netdev-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o68si346275pfo.140.2018.11.17.10.57.30; Sat, 17 Nov 2018 10:57:30 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of netdev-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=HCrZnyJK; spf=pass (google.com: best guess record for domain of netdev-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=netdev-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726548AbeKRFOz (ORCPT + 10 others); Sun, 18 Nov 2018 00:14:55 -0500 Received: from mail-pf1-f196.google.com ([209.85.210.196]:37582 "EHLO mail-pf1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726151AbeKRFOz (ORCPT ); Sun, 18 Nov 2018 00:14:55 -0500 Received: by mail-pf1-f196.google.com with SMTP id u3-v6so10252332pfm.4 for ; Sat, 17 Nov 2018 10:57:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=vKtcwajq6uet7RwpHABNJRRfvhJ5RLh+7DwnrP6tkoU=; b=HCrZnyJKCfFnJaZK1DpCvziEmRstnj4rwYTbT92UFXz73rvqQ9ZSjTGDU8wRnGgNJ+ ExMscyjZDgE+uBnbk94MoYbWGi/Ppcc1XZG5FsvUrcfYFnni03qp7O8Pw8kD/mV3EtA8 4qJ0sf0q5nq3snS/fKcmV1/2jIO7ddsYaFvVw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=vKtcwajq6uet7RwpHABNJRRfvhJ5RLh+7DwnrP6tkoU=; b=X82le7KoDcqIl3R+DTu6AGLYN58cFeG4SaCJANIToqfefFybyigom4JYS8rLIJQIc9 YWoNF6bX/XVkwZb5o/7nZAjqDnAdyHKaVo+8Q92HYt/EQEVdX7q2VdnpJuxEUmM5gGGL RCbQIqyoVFDQRRsoXFwrpzzLhhiG4bt+5XfRgTZ9M4K0UNT1Urk4pjXzqbWJ0C6WU9qB jL1E+R0OQoAg90M3m5+Z/Yz3JF15z++w/QJ1m5Jzh40GXP5koTp2ffW0Y5uKdK4sGWPB KFiJI0TCQ+VrtEqTuXyzhHvFutiq1VJJ5IyN2qapk8cl1AU19ovl/allumXMTtplLUw4 36AA== X-Gm-Message-State: AGRZ1gLXY1FMu5fUo0CmFgizbJ4IJWx2CTYvrkXO62ss92D+NVK/Qigg 4tkNE3S+Sf8/y2+ySwb+5fcjGA== X-Received: by 2002:a62:cac4:: with SMTP id y65-v6mr16264821pfk.27.1542481040868; Sat, 17 Nov 2018 10:57:20 -0800 (PST) Received: from mba13.psav.com ([64.114.255.114]) by smtp.gmail.com with ESMTPSA id u76-v6sm49550745pfa.176.2018.11.17.10.57.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 17 Nov 2018 10:57:20 -0800 (PST) From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: Ard Biesheuvel , Daniel Borkmann , Alexei Starovoitov , Rick Edgecombe , Eric Dumazet , Jann Horn , Kees Cook , Jessica Yu , Arnd Bergmann , Catalin Marinas , Will Deacon , Mark Rutland , Ralf Baechle , Paul Burton , James Hogan , Benjamin Herrenschmidt , Paul Mackerras , Michael Ellerman , "David S. Miller" , linux-arm-kernel@lists.infradead.org, linux-mips@linux-mips.org, linuxppc-dev@lists.ozlabs.org, sparclinux@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH 1/4] bpf: account for freed JIT allocations in arch code Date: Sat, 17 Nov 2018 10:57:12 -0800 Message-Id: <20181117185715.25198-2-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181117185715.25198-1-ard.biesheuvel@linaro.org> References: <20181117185715.25198-1-ard.biesheuvel@linaro.org> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Commit ede95a63b5e84 ("bpf: add bpf_jit_limit knob to restrict unpriv allocations") added a call to bpf_jit_uncharge_modmem() to the routine bpf_jit_binary_free() which is called from the __weak bpf_jit_free(). This function is overridden by arches, some of which do not call bpf_jit_binary_free() to release the memory, and so the released memory is not accounted for, potentially leading to spurious allocation failures. So replace the direct calls to module_memfree() in the arch code with calls to bpf_jit_binary_free(). Signed-off-by: Ard Biesheuvel --- arch/mips/net/bpf_jit.c | 2 +- arch/powerpc/net/bpf_jit_comp.c | 2 +- arch/powerpc/net/bpf_jit_comp64.c | 5 +---- arch/sparc/net/bpf_jit_comp_32.c | 2 +- 4 files changed, 4 insertions(+), 7 deletions(-) -- 2.17.1 diff --git a/arch/mips/net/bpf_jit.c b/arch/mips/net/bpf_jit.c index 4d8cb9bb8365..1b69897274a1 100644 --- a/arch/mips/net/bpf_jit.c +++ b/arch/mips/net/bpf_jit.c @@ -1264,7 +1264,7 @@ void bpf_jit_compile(struct bpf_prog *fp) void bpf_jit_free(struct bpf_prog *fp) { if (fp->jited) - module_memfree(fp->bpf_func); + bpf_jit_binary_free(bpf_jit_binary_hdr(fp)); bpf_prog_unlock_free(fp); } diff --git a/arch/powerpc/net/bpf_jit_comp.c b/arch/powerpc/net/bpf_jit_comp.c index d5bfe24bb3b5..a1ea1ea6b40d 100644 --- a/arch/powerpc/net/bpf_jit_comp.c +++ b/arch/powerpc/net/bpf_jit_comp.c @@ -683,7 +683,7 @@ void bpf_jit_compile(struct bpf_prog *fp) void bpf_jit_free(struct bpf_prog *fp) { if (fp->jited) - module_memfree(fp->bpf_func); + bpf_jit_binary_free(bpf_jit_binary_hdr(fp)); bpf_prog_unlock_free(fp); } diff --git a/arch/powerpc/net/bpf_jit_comp64.c b/arch/powerpc/net/bpf_jit_comp64.c index 50b129785aee..84c8f013a6c6 100644 --- a/arch/powerpc/net/bpf_jit_comp64.c +++ b/arch/powerpc/net/bpf_jit_comp64.c @@ -1024,11 +1024,8 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *fp) /* Overriding bpf_jit_free() as we don't set images read-only. */ void bpf_jit_free(struct bpf_prog *fp) { - unsigned long addr = (unsigned long)fp->bpf_func & PAGE_MASK; - struct bpf_binary_header *bpf_hdr = (void *)addr; - if (fp->jited) - bpf_jit_binary_free(bpf_hdr); + bpf_jit_binary_free(bpf_jit_binary_hdr(fp)); bpf_prog_unlock_free(fp); } diff --git a/arch/sparc/net/bpf_jit_comp_32.c b/arch/sparc/net/bpf_jit_comp_32.c index a5ff88643d5c..01bda6bc9e7f 100644 --- a/arch/sparc/net/bpf_jit_comp_32.c +++ b/arch/sparc/net/bpf_jit_comp_32.c @@ -759,7 +759,7 @@ cond_branch: f_offset = addrs[i + filter[i].jf]; void bpf_jit_free(struct bpf_prog *fp) { if (fp->jited) - module_memfree(fp->bpf_func); + bpf_jit_binary_free(bpf_jit_binary_hdr(fp)); bpf_prog_unlock_free(fp); } From patchwork Sat Nov 17 18:57:15 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 151418 Delivered-To: patch@linaro.org Received: by 2002:a2e:299d:0:0:0:0:0 with SMTP id p29-v6csp808723ljp; Sat, 17 Nov 2018 10:57:32 -0800 (PST) X-Google-Smtp-Source: AJdET5dY53dB7AccI6n5gOXAGQLoZuJ4y1Z6ydLL91EJfu7LCWRDckGGbj1y6KXvB4Mn5ww38Hj/ X-Received: by 2002:a63:594d:: with SMTP id j13mr14435716pgm.210.1542481052608; Sat, 17 Nov 2018 10:57:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542481052; cv=none; d=google.com; s=arc-20160816; b=lKnHxqVoO77yKcNE1d1YixU2FqXKz7y01KqizlmKevXtU09qQvkeHphFmC8RSt6AHk K4uHWt0zZ25VApiuybig1gF0BQLuYuat1+k8CzLjwaNFYaN2FuYAeY03UBfU1zJ0KBzl FFgibcqfihzUbuVNZ1/7JscZwIE+IoSWwfRfhDnbh4pmIjOu48aF/ihNnYRk00m+MQyD e7YHVpx+e7vKmqLiNWE8ww4aYJR9tS6pN1FGmumUJ2UBi2t3jTGy7FDlb2CLF4PNP1pd umEdzwFM/PaQYzh6LYhwU191/CDGceEDnhWtHb4en+1KsSOKR2k7EAiUiL5+VO3+yX3J B4fw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=JmtMWaiD9FenKM3ns0kNxP2J4QR+RUeNI/5TJ/tQ45I=; b=eN0jUp5cbax8mqpuA+EmHPHgQUIo52BcOO8/6O9nMvGM3Hut51GPwx2Bep+HQAq2ER aHjzDg+3Kn4Sx3V3tL2douU0Vx2wbriTLVuupyXohQK+W544W5yAkYU80aezHZn1bIXd RBl8/QhCVL+oD8O6yy8FzQhHQYKQFTUDubRaCX//5jbgPKUp592ph9RYnen2ZCdQfCom Ng9C81YoyS06PoGsy85r3+Wa4xcaiHZZKY9L7D8/C90qDx3jRsLyWoo5HuursFLQJY+E Ygj0wYEPpXzF9n27jGQrCoIqm3U7/xEmLjYiigKqkZynaWH2WmFwvoju+7H+mxMiFBDB 0cNA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=KAW8uS2e; spf=pass (google.com: best guess record for domain of netdev-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=netdev-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o68si346275pfo.140.2018.11.17.10.57.32; Sat, 17 Nov 2018 10:57:32 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of netdev-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=KAW8uS2e; spf=pass (google.com: best guess record for domain of netdev-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=netdev-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726982AbeKRFO7 (ORCPT + 10 others); Sun, 18 Nov 2018 00:14:59 -0500 Received: from mail-pg1-f196.google.com ([209.85.215.196]:36701 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726932AbeKRFO7 (ORCPT ); Sun, 18 Nov 2018 00:14:59 -0500 Received: by mail-pg1-f196.google.com with SMTP id n2so4852676pgm.3 for ; Sat, 17 Nov 2018 10:57:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=JmtMWaiD9FenKM3ns0kNxP2J4QR+RUeNI/5TJ/tQ45I=; b=KAW8uS2esdTjeBcDfFodpTuBiPuzrfOgpEvhmkdmizzqp7CMEjaFC2ORlF9MeL+yeA stdwlyxwK9cJAK+MAYm3DEfW4lRgMCiJRj3yewaXsrtQx5DmclC4R/K9qjVetVNcal+H pjN2zNK/65b6+lBFp6r24jInRxn3xDvrMAU8w= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=JmtMWaiD9FenKM3ns0kNxP2J4QR+RUeNI/5TJ/tQ45I=; b=E7lth4bn2d70y5xezqkL8XUMRDGey1ljXRrYFF16KhIf2HrQvRHseRSO5RXERKrHzb y9zLj3UtjcHBwqWBbfHjBK3kk+Wqq8u94GZujepBaz2ZWuor1uUvQvaG4z9VbR35E7Cr GsB32m+fVtw/fD/GhPdVdmUX7GRNSzvPcvKgn1EjTIvStnOiWk2+gIM15VQ9xyQYtkyN RzYtrbmfDwmkf4Daf2UxHnJaMaEhvxCRrkhkDvqr1APVAF1TnZa+XxU4hYDPlw1mwRXr jB2YyMZXbPkY8mGRWjNbGj7gaHggDaizluW0m65qsztWEX4jmeDwGn6ph3B2lw9/BRqJ yohw== X-Gm-Message-State: AGRZ1gIWZWkil/Eg4f7yy5Sqvzy3NaLOZhnMXjIRe4YHqk+tjW9TlS69 hgP2jplChXVOfmyOdXHKexcBiw== X-Received: by 2002:a62:ed09:: with SMTP id u9-v6mr16036733pfh.188.1542481044594; Sat, 17 Nov 2018 10:57:24 -0800 (PST) Received: from mba13.psav.com ([64.114.255.114]) by smtp.gmail.com with ESMTPSA id u76-v6sm49550745pfa.176.2018.11.17.10.57.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 17 Nov 2018 10:57:23 -0800 (PST) From: Ard Biesheuvel To: linux-kernel@vger.kernel.org Cc: Ard Biesheuvel , Daniel Borkmann , Alexei Starovoitov , Rick Edgecombe , Eric Dumazet , Jann Horn , Kees Cook , Jessica Yu , Arnd Bergmann , Catalin Marinas , Will Deacon , Mark Rutland , Ralf Baechle , Paul Burton , James Hogan , Benjamin Herrenschmidt , Paul Mackerras , Michael Ellerman , "David S. Miller" , linux-arm-kernel@lists.infradead.org, linux-mips@linux-mips.org, linuxppc-dev@lists.ozlabs.org, sparclinux@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH 4/4] arm64/bpf: don't allocate BPF JIT programs in module memory Date: Sat, 17 Nov 2018 10:57:15 -0800 Message-Id: <20181117185715.25198-5-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181117185715.25198-1-ard.biesheuvel@linaro.org> References: <20181117185715.25198-1-ard.biesheuvel@linaro.org> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org The arm64 module region is a 128 MB region that is kept close to the core kernel, in order to ensure that relative branches are always in range. So using the same region for programs that do not have this restriction is wasteful, and preferably avoided. Now that the core BPF JIT code permits the alloc/free routines to be overridden, implement them by simple vmalloc_exec()/vfree() calls, which can be served from anywere. This also solves an issue under KASAN, where shadow memory is needlessly allocated for all BPF programs (which don't require KASAN shadow pages since they are not KASAN instrumented) Signed-off-by: Ard Biesheuvel --- arch/arm64/net/bpf_jit_comp.c | 11 +++++++++++ 1 file changed, 11 insertions(+) -- 2.17.1 diff --git a/arch/arm64/net/bpf_jit_comp.c b/arch/arm64/net/bpf_jit_comp.c index a6fdaea07c63..e0c702c2f682 100644 --- a/arch/arm64/net/bpf_jit_comp.c +++ b/arch/arm64/net/bpf_jit_comp.c @@ -940,3 +940,14 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog) tmp : orig_prog); return prog; } + +void *bpf_jit_alloc_exec(unsigned long size) +{ + return vmalloc_exec(size); +} + +void bpf_jit_binary_free(struct bpf_binary_header *hdr) +{ + bpf_jit_binary_unlock_ro(hdr); + vfree(hdr); +}