1. 06 12月, 2018 1 次提交
    • M
      bpf: Improve the info.func_info and info.func_info_rec_size behavior · 7337224f
      Martin KaFai Lau 提交于
      1) When bpf_dump_raw_ok() == false and the kernel can provide >=1
         func_info to the userspace, the current behavior is setting
         the info.func_info_cnt to 0 instead of setting info.func_info
         to 0.
      
         It is different from the behavior in jited_func_lens/nr_jited_func_lens,
         jited_ksyms/nr_jited_ksyms...etc.
      
         This patch fixes it. (i.e. set func_info to 0 instead of
         func_info_cnt to 0 when bpf_dump_raw_ok() == false).
      
      2) When the userspace passed in info.func_info_cnt == 0, the kernel
         will set the expected func_info size back to the
         info.func_info_rec_size.  It is a way for the userspace to learn
         the kernel expected func_info_rec_size introduced in
         commit 838e9690 ("bpf: Introduce bpf_func_info").
      
         An exception is the kernel expected size is not set when
         func_info is not available for a bpf_prog.  This makes the
         returned info.func_info_rec_size has different values
         depending on the returned value of info.func_info_cnt.
      
         This patch sets the kernel expected size to info.func_info_rec_size
         independent of the info.func_info_cnt.
      
      3) The current logic only rejects invalid func_info_rec_size if
         func_info_cnt is non zero.  This patch also rejects invalid
         nonzero info.func_info_rec_size and not equal to the kernel
         expected size.
      
      4) Set info.btf_id as long as prog->aux->btf != NULL.  That will
         setup the later copy_to_user() codes look the same as others
         which then easier to understand and maintain.
      
         prog->aux->btf is not NULL only if prog->aux->func_info_cnt > 0.
      
         Breaking up info.btf_id from prog->aux->func_info_cnt is needed
         for the later line info patch anyway.
      
         A similar change is made to bpf_get_prog_name().
      
      Fixes: 838e9690 ("bpf: Introduce bpf_func_info")
      Signed-off-by: NMartin KaFai Lau <kafai@fb.com>
      Acked-by: NYonghong Song <yhs@fb.com>
      Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
      7337224f
  2. 05 12月, 2018 9 次提交
    • Q
      tools: bpftool: add a command to dump the trace pipe · 30da46b5
      Quentin Monnet 提交于
      BPF programs can use the bpf_trace_printk() helper to print debug
      information into the trace pipe. Add a subcommand
      "bpftool prog tracelog" to simply dump this pipe to the console.
      
      This is for a good part copied from iproute2, where the feature is
      available with "tc exec bpf dbg". Changes include dumping pipe content
      to stdout instead of stderr and adding JSON support (content is dumped
      as an array of strings, one per line read from the pipe). This version
      is dual-licensed, with Daniel's permission.
      
      Cc: Daniel Borkmann <daniel@iogearbox.net>
      Suggested-by: NDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NQuentin Monnet <quentin.monnet@netronome.com>
      Reviewed-by: NJakub Kicinski <jakub.kicinski@netronome.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      30da46b5
    • D
      Merge branch 'bpf-jit-overridable-alloc' · 41888179
      Daniel Borkmann 提交于
      Ard Biesheuvel says:
      
      ====================
      On arm64, modules are allocated from a 128 MB window which is close to
      the core kernel, so that relative direct branches are guaranteed to be
      in range (except in some KASLR configurations). Also, module_alloc()
      is in charge of allocating KASAN shadow memory when running with KASAN
      enabled.
      
      This means that the way BPF reuses module_alloc()/module_memfree() is
      undesirable on arm64 (and potentially other architectures as well),
      and so this series refactors BPF's use of those functions to permit
      architectures to change this behavior.
      
      Patch #1 breaks out the module_alloc() and module_memfree() calls into
      __weak functions so they can be overridden.
      
      Patch #2 implements the new alloc/free overrides for arm64
      
      Changes since v3:
      - drop 'const' modifier for free() hook void* argument
      - move the dedicated BPF region to before the module region, putting it
        within 4GB of the module and kernel regions on non-KASLR kernels
      
      Changes since v2:
      - properly build time and runtime tested this time (log after the diffstat)
      - create a dedicated 128 MB region at the top of the vmalloc space for BPF
        programs, ensuring that the programs will be in branching range of each
        other (which we currently rely upon) but at an arbitrary distance from
        the kernel and modules (which we don't care about)
      
      Changes since v1:
      - Drop misguided attempt to 'fix' and refactor the free path. Instead,
        just add another __weak wrapper for the invocation of module_memfree()
      ====================
      
      Cc: Daniel Borkmann <daniel@iogearbox.net>
      Cc: Alexei Starovoitov <ast@kernel.org>
      Cc: Rick Edgecombe <rick.p.edgecombe@intel.com>
      Cc: Eric Dumazet <eric.dumazet@gmail.com>
      Cc: Jann Horn <jannh@google.com>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Jessica Yu <jeyu@kernel.org>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: linux-arm-kernel@lists.infradead.org
      Cc: linux-kernel@vger.kernel.org
      Cc: netdev@vger.kernel.org
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      41888179
    • A
      arm64/bpf: don't allocate BPF JIT programs in module memory · 91fc957c
      Ard Biesheuvel 提交于
      The arm64 module region is a 128 MB region that is kept close to
      the core kernel, in order to ensure that relative branches are
      always in range. So using the same region for programs that do
      not have this restriction is wasteful, and preferably avoided.
      
      Now that the core BPF JIT code permits the alloc/free routines to
      be overridden, implement them by vmalloc()/vfree() calls from a
      dedicated 128 MB region set aside for BPF programs. This ensures
      that BPF programs are still in branching range of each other, which
      is something the JIT currently depends upon (and is not guaranteed
      when using module_alloc() on KASLR kernels like we do currently).
      It also ensures that placement of BPF programs does not correlate
      with the placement of the core kernel or modules, making it less
      likely that leaking the former will reveal the latter.
      
      This also solves an issue under KASAN, where shadow memory is
      needlessly allocated for all BPF programs (which don't require KASAN
      shadow pages since they are not KASAN instrumented)
      Signed-off-by: NArd Biesheuvel <ard.biesheuvel@linaro.org>
      Acked-by: NWill Deacon <will.deacon@arm.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      91fc957c
    • A
      bpf: add __weak hook for allocating executable memory · dc002bb6
      Ard Biesheuvel 提交于
      By default, BPF uses module_alloc() to allocate executable memory,
      but this is not necessary on all arches and potentially undesirable
      on some of them.
      
      So break out the module_alloc() and module_memfree() calls into __weak
      functions to allow them to be overridden in arch code.
      Signed-off-by: NArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      dc002bb6
    • A
      Merge branch 'prog_test_run-improvement' · 2a95471c
      Alexei Starovoitov 提交于
      Lorenz Bauer says:
      
      ====================
      Right now, there is no safe way to use BPF_PROG_TEST_RUN with data_out.
      This is because bpf_test_finish copies the output buffer to user space
      without checking its size. This can lead to the kernel overwriting
      data in user space after the buffer if xdp_adjust_head and friends are
      in play.
      
      Thanks to everyone for their advice and patience with this patch set!
      
      Changes in v5:
      * Fix up libbpf.map
      
      Changes in v4:
      * Document bpf_prog_test_run and bpf_prog_test_run_xattr
      * Use struct bpf_prog_test_run_attr for return values
      
      Changes in v3:
      * Introduce bpf_prog_test_run_xattr instead of modifying the existing
        function
      
      Changes in v2:
      * Make the syscall return ENOSPC if data_size_out is too small
      * Make bpf_prog_test_run return EINVAL if size_out is missing
      * Document the new behaviour of data_size_out
      ====================
      Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
      2a95471c
    • L
      selftests: add a test for bpf_prog_test_run_xattr · df47fc37
      Lorenz Bauer 提交于
      Make sure that bpf_prog_test_run_xattr returns the correct length
      and that the kernel respects the output size hint. Also check
      that errno indicates ENOSPC if there is a short output buffer given.
      Signed-off-by: NLorenz Bauer <lmb@cloudflare.com>
      Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
      df47fc37
    • L
      libbpf: add bpf_prog_test_run_xattr · 64a97591
      Lorenz Bauer 提交于
      Add a new function, which encourages safe usage of the test interface.
      bpf_prog_test_run continues to work as before, but should be considered
      unsafe.
      Signed-off-by: NLorenz Bauer <lmb@cloudflare.com>
      Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
      64a97591
    • L
      tools: sync uapi/linux/bpf.h · 2587a974
      Lorenz Bauer 提交于
      Pull changes from "bpf: respect size hint to BPF_PROG_TEST_RUN if present".
      Signed-off-by: NLorenz Bauer <lmb@cloudflare.com>
      Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
      2587a974
    • L
      bpf: respect size hint to BPF_PROG_TEST_RUN if present · b5a36b1e
      Lorenz Bauer 提交于
      Use data_size_out as a size hint when copying test output to user space.
      ENOSPC is returned if the output buffer is too small.
      Callers which so far did not set data_size_out are not affected.
      Signed-off-by: NLorenz Bauer <lmb@cloudflare.com>
      Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
      b5a36b1e
  3. 04 12月, 2018 4 次提交
  4. 03 12月, 2018 1 次提交
  5. 01 12月, 2018 15 次提交
  6. 30 11月, 2018 10 次提交
新手
引导
客服 返回
顶部