x86/cfi,bpf: Fix CFI vs eBPF

[PATCH v3 0/7] x86/cfi,bpf: Fix CFI vs eBPF

Peter Zijlstra posted 7 patches 2 years ago

Download series mbox

arch/riscv/include/asm/cfi.h   |   3 +-
arch/riscv/kernel/cfi.c        |   2 +-
arch/x86/include/asm/cfi.h     | 126 +++++++++++++++++++++++++++++++++++++-
arch/x86/kernel/alternative.c  |  87 +++++++++++++++++++++++---
arch/x86/kernel/cfi.c          |   4 +-
arch/x86/net/bpf_jit_comp.c    | 134 +++++++++++++++++++++++++++++++++++------
include/asm-generic/Kbuild     |   1 +
include/linux/bpf.h            |  27 ++++++++-
include/linux/cfi.h            |  12 ++++
kernel/bpf/bpf_struct_ops.c    |  16 ++---
kernel/bpf/core.c              |  25 ++++++++
kernel/bpf/cpumask.c           |   8 ++-
kernel/bpf/helpers.c           |  18 +++++-
net/bpf/bpf_dummy_struct_ops.c |  31 +++++++++-
net/bpf/test_run.c             |  15 ++++-
net/ipv4/bpf_tcp_ca.c          |  69 +++++++++++++++++++++
16 files changed, 528 insertions(+), 50 deletions(-)

Expand all Fold all

[PATCH v3 0/7] x86/cfi,bpf: Fix CFI vs eBPF

Posted by Peter Zijlstra 2 years ago

Hi!

What started with the simple observation that bpf_dispatcher_*_func() was
broken for calling CFI functions with a __nocfi calling context for FineIBT
ended up with a complete BPF wide CFI fixup.

With these changes on the BPF selftest suite passes without crashing -- there's
still a few failures, but Alexei has graciously offered to look into those.

(Alexei, I have presumed your SoB on the very last patch, please update
as you see fit)

Changes since v2 are numerous but include:
 - cfi_get_offset() -- as a means to communicate the offset (ast)
 - 5 new patches fixing various BPF internals to be CFI clean

Note: it *might* be possible to merge the
bpf_bpf_tcp_ca.c:unsupported_ops[] thing into the CFI stubs, as is
get_info will have a NULL stub, unlike the others.

---
 arch/riscv/include/asm/cfi.h   |   3 +-
 arch/riscv/kernel/cfi.c        |   2 +-
 arch/x86/include/asm/cfi.h     | 126 +++++++++++++++++++++++++++++++++++++-
 arch/x86/kernel/alternative.c  |  87 +++++++++++++++++++++++---
 arch/x86/kernel/cfi.c          |   4 +-
 arch/x86/net/bpf_jit_comp.c    | 134 +++++++++++++++++++++++++++++++++++------
 include/asm-generic/Kbuild     |   1 +
 include/linux/bpf.h            |  27 ++++++++-
 include/linux/cfi.h            |  12 ++++
 kernel/bpf/bpf_struct_ops.c    |  16 ++---
 kernel/bpf/core.c              |  25 ++++++++
 kernel/bpf/cpumask.c           |   8 ++-
 kernel/bpf/helpers.c           |  18 +++++-
 net/bpf/bpf_dummy_struct_ops.c |  31 +++++++++-
 net/bpf/test_run.c             |  15 ++++-
 net/ipv4/bpf_tcp_ca.c          |  69 +++++++++++++++++++++
 16 files changed, 528 insertions(+), 50 deletions(-)

Re: [PATCH v3 0/7] x86/cfi,bpf: Fix CFI vs eBPF

Posted by Alexei Starovoitov 2 years ago

On Fri, Dec 15, 2023 at 1:33 AM Peter Zijlstra <peterz@infradead.org> wrote:
>
> Hi!
>
> What started with the simple observation that bpf_dispatcher_*_func() was
> broken for calling CFI functions with a __nocfi calling context for FineIBT
> ended up with a complete BPF wide CFI fixup.
>
> With these changes on the BPF selftest suite passes without crashing -- there's
> still a few failures, but Alexei has graciously offered to look into those.
>
> (Alexei, I have presumed your SoB on the very last patch, please update
> as you see fit)
>
> Changes since v2 are numerous but include:
>  - cfi_get_offset() -- as a means to communicate the offset (ast)
>  - 5 new patches fixing various BPF internals to be CFI clean

Looks great to me. Pushed to bpf-next.

There is a failure on s390 that I temporarily denylisted
with an extra patch.
And sent a proposed fix:
https://lore.kernel.org/bpf/20231216004549.78355-1-alexei.starovoitov@gmail.com/

Ilya,
please take a look.

> Note: it *might* be possible to merge the
> bpf_bpf_tcp_ca.c:unsupported_ops[] thing into the CFI stubs, as is
> get_info will have a NULL stub, unlike the others.

That's a good idea. Will clean up unsupported_ops.
Either myself or Martin will follow up.