Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Zero overhead PROBE_MEM #7227

Closed
wants to merge 2 commits into from
Closed

Zero overhead PROBE_MEM #7227

wants to merge 2 commits into from

Conversation

kernel-patches-daemon-bpf[bot]
Copy link

Pull request for series with
subject: Zero overhead PROBE_MEM
version: 2
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=863355

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: f6afdaf
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=863355
version: 2

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: bf977ee
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=863355
version: 2

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 1ae7a19
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=863355
version: 2

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 717d631
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=863355
version: 2

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 6ddf3a9
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=863355
version: 2

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: cc5083d
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=863355
version: 2

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 2807db7
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=863355
version: 2

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 2bb138c
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=863355
version: 2

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: cd387ce
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=863355
version: 2

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: a129787
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=863355
version: 2

@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 5b747c2
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=863355
version: 2

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the series/863355=>bpf-next branch from 40c802a to 494982d Compare July 1, 2024 15:11
@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 03922e9
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=863355
version: 2

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the series/863355=>bpf-next branch from 494982d to c31f447 Compare July 1, 2024 15:22
@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: e4a195e
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=863355
version: 2

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the series/863355=>bpf-next branch from c31f447 to 038c2de Compare July 2, 2024 13:17
@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 9474f72
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=863355
version: 2

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the series/863355=>bpf-next branch from 038c2de to 8e91eb9 Compare July 2, 2024 14:08
@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: da5f8fd
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=863355
version: 2

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the series/863355=>bpf-next branch from 8e91eb9 to c200008 Compare July 2, 2024 16:29
@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: 69716e4
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=863355
version: 2

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the series/863355=>bpf-next branch from c200008 to 22fba3c Compare July 2, 2024 16:38
kkdwivedi added 2 commits July 2, 2024 10:10
@kkdwivedi
x86: Perform BPF exception fixup in do_user_addr_fault
ab8d81e 
Currently, on x86, when SMAP is enabled, and a page fault occurs in
kernel mode for accessing a user address, the kernel will rightly panic
as no valid kernel code can cause such a page fault (unless buggy).
There is no valid correct kernel code that can generate such a fault,
therefore this behavior would be correct.

BPF programs that currently encounter user addresses when doing
PROBE_MEM loads (load instructions which are allowed to read any kernel
address, only available for root users) avoid a page fault by performing
bounds checking on the address.  This requires the JIT to emit a jump
over each PROBE_MEM load instruction to avoid hitting page faults.

We would prefer avoiding these jump instructions to improve performance
of programs which use PROBE_MEM loads pervasively. For correct behavior,
programs already rely on the kernel addresses being valid when they are
executing, but BPF's safety properties must still ensure kernel safety
in presence of invalid addresses. Therefore, for correct programs, the
bounds checking is an added cost meant to ensure kernel safety. If the
do_user_addr_fault handler could perform fixups for the BPF program in
such a case, the bounds checking could be eliminated, the load
instruction could be emitted directly without any checking.

Thus, in case SMAP is enabled (which would mean the kernel traps on
accessing a user address), and the instruction pointer belongs to a BPF
program, perform fixup for the access by searching exception tables.
All BPF programs already execute with SMAP protection. When SMAP is not
enabled, the BPF JIT will continue to emit bounds checking instructions.

Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
@kkdwivedi
bpf, x86: Skip bounds checking for PROBE_MEM with SMAP
f1a47ea 
The previous patch changed the do_user_addr_fault page fault handler to
invoke BPF's fixup routines (by searching exception tables and calling
ex_handler_bpf). This would only occur when SMAP is enabled, such that
any user address access from BPF programs running in kernel mode would
reach this path and invoke the fixup routines.

Relying on this behavior, disable any bounds checking instrumentation in
the BPF JIT for x86 when X86_FEATURE_SMAP is available. All BPF
programs execute with SMAP enabled, therefore when this feature is
available, we can assume that SMAP will be enabled during program
execution at runtime.

This optimizes PROBE_MEM loads down to a normal unchecked load
instruction. Any page faults for user or kernel addresses will be
handled using the fixup routines, and the generation exception table
entries for such load instructions.

All in all, this ensures that PROBE_MEM loads will now incur no runtime
overhead, and become practically free.

Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
@kernel-patches-daemon-bpf
Copy link
Author

Upstream branch: fd8db07
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=863355
version: 2

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot force-pushed the series/863355=>bpf-next branch from 22fba3c to f1a47ea Compare July 2, 2024 17:11
@kernel-patches-daemon-bpf
Copy link
Author

At least one diff in series https://patchwork.kernel.org/project/netdevbpf/list/?series=863355 irrelevant now for [Munch({'archived': False, 'project': 399, 'delegate': 121173})] search patterns

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot deleted the series/863355=>bpf-next branch July 5, 2024 17:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bpf-next new V2-ci-fail V2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@kkdwivedi