lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20191108213624.GM3079@worktop.programming.kicks-ass.net>
Date:   Fri, 8 Nov 2019 22:36:24 +0100
From:   Peter Zijlstra <peterz@...radead.org>
To:     Alexei Starovoitov <alexei.starovoitov@...il.com>
Cc:     Alexei Starovoitov <ast@...nel.org>,
        "davem@...emloft.net" <davem@...emloft.net>,
        "daniel@...earbox.net" <daniel@...earbox.net>,
        "x86@...nel.org" <x86@...nel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "bpf@...r.kernel.org" <bpf@...r.kernel.org>,
        Kernel Team <Kernel-team@...com>
Subject: Re: [PATCH v3 bpf-next 02/18] bpf: Add bpf_arch_text_poke() helper

On Fri, Nov 08, 2019 at 11:32:41AM -0800, Alexei Starovoitov wrote:
> On Fri, Nov 8, 2019 at 5:42 AM Alexei Starovoitov <ast@...com> wrote:
> >
> > On 11/8/19 1:36 AM, Peter Zijlstra wrote:
> > > On Fri, Nov 08, 2019 at 10:11:56AM +0100, Peter Zijlstra wrote:
> > >> On Thu, Nov 07, 2019 at 10:40:23PM -0800, Alexei Starovoitov wrote:
> > >>> Add bpf_arch_text_poke() helper that is used by BPF trampoline logic to patch
> > >>> nops/calls in kernel text into calls into BPF trampoline and to patch
> > >>> calls/nops inside BPF programs too.
> > >>
> > >> This thing assumes the text is unused, right? That isn't spelled out
> > >> anywhere. The implementation is very much unsafe vs concurrent execution
> > >> of the text.
> > >
> > > Also, what NOP/CALL instructions will you be hijacking? If you're
> > > planning on using the fentry nops, then what ensures this and ftrace
> > > don't trample on one another? Similar for kprobes.
> > >
> > > In general, what ensures every instruction only has a single modifier?
> >
> > Looks like you didn't bother reading cover letter and missed a month

I did indeed not. A Changelog should be self sufficient and this one is
sorely lacking. The cover leter is not preserved and should therefore
not contain anything of value that is not also covered in the
Changelogs.

> > of discussions between my and Steven regarding exactly this topic
> > though you were directly cc-ed in all threads :(

I read some of it; it is a sad fact that I cannot read all email in my
inbox, esp. not if, like in the last week or so, I'm busy hunting a
regression.

And what I did remember of the emails I saw left me with the questions
that were not answered by the changelog.

> > tldr for kernel fentry nops it will be converted to use
> > register_ftrace_direct() whenever it's available.

So why the rush and not wait for that work to complete? It appears to me
that without due coordination between bpf and ftrace badness could
happen.

> > For all other nops, calls, jumps that are inside BPF programs BPF infra
> > will continue modifying them through this helper.
> > Daniel's upcoming bpf_tail_call() optimization will use text_poke as well.

This is probably off topic, but isn't tail-call optimization something
done at JIT time and therefore not in need ot text_poke()?

> >  > I'm very uncomfortable letting random bpf proglets poke around in the
> > kernel text.
> >
> > 1. There is no such thing as 'proglet'. Please don't invent meaningless
> > names.

Again offtopic, but I'm not inventing stuff here:

  /prog'let/ [UK] A short extempore program written to meet an immediate, transient need.

which, methinks, succinctly captures the spirit of BPF.

> > 2. BPF programs have no ability to modify kernel text.

OK, that is good.

> > 3. BPF infra taking all necessary measures to make sure that poking
> > kernel's and BPF generated text is safe.

>From the other subthread and your response below, it seems you are aware
that you in fact need text_poke_bp(). Again, it would've been excellent
Changelog/comment material to call out that the patch as presented is in
fact broken.

> I was thinking more about this.
> Peter,
> do you mind we apply your first patch:
> https://lore.kernel.org/lkml/20191007081944.88332264.2@infradead.org/
> to both tip and bpf-next trees?

That would indeed be a much better solution. I'll repost much of that on
Monday, and then we'll work on getting at the very least that one patch
in a tip/branch we can share.

> Then I can use text_poke_bp() as-is without any additional ugliness
> on my side that would need to be removed in few weeks.

This I do _NOT_ understand. Why are you willing to merge a known broken
patch? What is the rush, why can't you wait for all the prerequisites to
land?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ