1. 05 Dec, 2018 2 commits
    • Ard Biesheuvel's avatar
      arm64/bpf: don't allocate BPF JIT programs in module memory · 91fc957c
      Ard Biesheuvel authored
      The arm64 module region is a 128 MB region that is kept close to
      the core kernel, in order to ensure that relative branches are
      always in range. So using the same region for programs that do
      not have this restriction is wasteful, and preferably avoided.
      
      Now that the core BPF JIT code permits the alloc/free routines to
      be overridden, implement them by vmalloc()/vfree() calls from a
      dedicated 128 MB region set aside for BPF programs. This ensures
      that BPF programs are still in branching range of each other, which
      is something the JIT currently depends upon (and is not guaranteed
      when using module_alloc() on KASLR kernels like we do currently).
      It also ensures that placement of BPF programs does not correlate
      with the placement of the core kernel or modules, making it less
      likely that leaking the former will reveal the latter.
      
      This also solves an issue under KASAN, where shadow memory is
      needlessly allocated for all BPF programs (which don't require KASAN
      shadow pages since they are not KASAN instrumented)
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Acked-by: default avatarWill Deacon <will.deacon@arm.com>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      91fc957c
    • Ard Biesheuvel's avatar
      bpf: add __weak hook for allocating executable memory · dc002bb6
      Ard Biesheuvel authored
      By default, BPF uses module_alloc() to allocate executable memory,
      but this is not necessary on all arches and potentially undesirable
      on some of them.
      
      So break out the module_alloc() and module_memfree() calls into __weak
      functions to allow them to be overridden in arch code.
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      dc002bb6
  2. 04 Dec, 2018 5 commits
  3. 03 Dec, 2018 4 commits
  4. 02 Dec, 2018 1 commit
  5. 01 Dec, 2018 9 commits
    • Alexei Starovoitov's avatar
      Merge branch 'xdp1-improvements' · 71fc156f
      Alexei Starovoitov authored
      Matteo Croce says:
      
      ====================
      Small improvements to improve the readability and easiness
      to use of the xdp1 sample.
      ====================
      Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      71fc156f
    • Matteo Croce's avatar
      samples: bpf: get ifindex from ifname · dc378a1a
      Matteo Croce authored
      Find the ifindex with if_nametoindex() instead of requiring the
      numeric ifindex.
      Signed-off-by: default avatarMatteo Croce <mcroce@redhat.com>
      Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      dc378a1a
    • Matteo Croce's avatar
      samples: bpf: improve xdp1 example · d606ee5c
      Matteo Croce authored
      Store only the total packet count for every protocol, instead of the
      whole per-cpu array.
      Use bpf_map_get_next_key() to iterate the map, instead of looking up
      all the protocols.
      Signed-off-by: default avatarMatteo Croce <mcroce@redhat.com>
      Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      d606ee5c
    • Alexei Starovoitov's avatar
      Merge branch 'improve-test-coverage-sparc' · 9ffd05d9
      Alexei Starovoitov authored
      David Miller says:
      
      ====================
      On sparc64 a ton of test cases in test_verifier.c fail because
      the memory accesses in the test case are unaligned (or cannot
      be proven to be aligned by the verifier).
      
      Perhaps we can eventually try to (carefully) modify each test case
      which has this problem to not use unaligned accesses but:
      
      1) That is delicate work.
      
      2) The changes might not fully respect the original
         intention of the testcase.
      
      3) In some cases, such a transformation might not even
         be feasible at all.
      
      So add an "any alignment" flag to tell the verifier to forcefully
      disable it's alignment checks completely.
      
      test_verifier.c is then annotated to use this flag when necessary.
      
      The presence of the flag in each test case is good documentation to
      anyone who wants to actually tackle the job of eliminating the
      unaligned memory accesses in the test cases.
      
      I've also seen several weird things in test cases, like trying to
      access __skb->mark in a packet buffer.
      
      This gets rid of 104 test_verifier.c failures on sparc64.
      
      Changes since v1:
      
      1) Explain the new BPF_PROG_LOAD flag in easier to understand terms.
         Suggested by Alexei.
      
      2) Make bpf_verify_program() just take a __u32 prog_flags instead of
         just accumulating boolean arguments over and over.  Also suggested
         by Alexei.
      
      Changes since RFC:
      
      1) Only the admin can allow the relaxation of alignment restrictions
         on inefficient unaligned access architectures.
      
      2) Use F_NEEDS_EFFICIENT_UNALIGNED_ACCESS instead of making a new
         flag.
      
      3) Annotate in the output, when we have a test case that the verifier
         accepted but we did not try to execute because we are on an
         inefficient unaligned access platform.  Maybe with some arch
         machinery we can avoid this in the future.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ====================
      Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      9ffd05d9
    • David Miller's avatar
      bpf: Apply F_NEEDS_EFFICIENT_UNALIGNED_ACCESS to more ACCEPT test cases. · 0a686324
      David Miller authored
      If a testcase has alignment problems but is expected to be ACCEPT,
      verify it using F_NEEDS_EFFICIENT_UNALIGNED_ACCESS too.
      
      Maybe in the future if we add some architecture specific code to elide
      the unaligned memory access warnings during the test, we can execute
      these as well.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      0a686324
    • David Miller's avatar
      bpf: Make more use of 'any' alignment in test_verifier.c · 2acc5fd5
      David Miller authored
      Use F_NEEDS_EFFICIENT_UNALIGNED_ACCESS in more tests where the
      expected result is REJECT.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      2acc5fd5
    • David Miller's avatar
      bpf: Adjust F_NEEDS_EFFICIENT_UNALIGNED_ACCESS handling in test_verifier.c · c7665702
      David Miller authored
      Make it set the flag argument to bpf_verify_program() which will relax
      the alignment restrictions.
      
      Now all such test cases will go properly through the verifier even on
      inefficient unaligned access architectures.
      
      On inefficient unaligned access architectures do not try to run such
      programs, instead mark the test case as passing but annotate the
      result similarly to how it is done now in the presence of this flag.
      
      So, we get complete full coverage for all REJECT test cases, and at
      least verifier level coverage for ACCEPT test cases.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      c7665702
    • David Miller's avatar
      bpf: Add BPF_F_ANY_ALIGNMENT. · e9ee9efc
      David Miller authored
      Often we want to write tests cases that check things like bad context
      offset accesses.  And one way to do this is to use an odd offset on,
      for example, a 32-bit load.
      
      This unfortunately triggers the alignment checks first on platforms
      that do not set CONFIG_EFFICIENT_UNALIGNED_ACCESS.  So the test
      case see the alignment failure rather than what it was testing for.
      
      It is often not completely possible to respect the original intention
      of the test, or even test the same exact thing, while solving the
      alignment issue.
      
      Another option could have been to check the alignment after the
      context and other validations are performed by the verifier, but
      that is a non-trivial change to the verifier.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      e9ee9efc
    • David Miller's avatar
      bpf: Fix verifier log string check for bad alignment. · 88945f46
      David Miller authored
      The message got changed a lot time ago.
      
      This was responsible for 36 test case failures on sparc64.
      
      Fixes: f1174f77 ("bpf/verifier: rework value tracking")
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      88945f46
  6. 30 Nov, 2018 10 commits
  7. 29 Nov, 2018 9 commits