[bpf] bpf: Unbreak BPF_PROG_TYPE_KPROBE when kprobe is called via do_int3

Message ID	20210203070636.70926-1-alexei.starovoitov@gmail.com (mailing list archive)
State	Accepted
Commit	548f1191d86ccb9bde2a5305988877b7584c01eb
Delegated to:	BPF
Headers	show Return-Path: <bpf-owner@kernel.org> From: Alexei Starovoitov <alexei.starovoitov@gmail.com> To: davem@davemloft.net Cc: daniel@iogearbox.net, nborisov@suse.com, peterz@infradead.org, rostedt@goodmis.org, mhiramat@kernel.org, bpf@vger.kernel.org, kernel-team@fb.com Subject: [PATCH bpf] bpf: Unbreak BPF_PROG_TYPE_KPROBE when kprobe is called via do_int3 Date: Tue, 2 Feb 2021 23:06:36 -0800 Message-Id: <20210203070636.70926-1-alexei.starovoitov@gmail.com> Precedence: bulk
Series	[bpf] bpf: Unbreak BPF_PROG_TYPE_KPROBE when kprobe is called via do_int3 \| expand [bpf] bpf: Unbreak BPF_PROG_TYPE_KPROBE when kprobe is called via do_int3

Context	Check	Description
netdev/cover_letter	success	Link
netdev/fixes_present	success	Link
netdev/patch_count	success	Link
netdev/tree_selection	success	Clearly marked for bpf
netdev/subject_prefix	success	Link
netdev/cc_maintainers	warning	11 maintainers not CCed: netdev@vger.kernel.org songliubraving@fb.com andrii@kernel.org ast@kernel.org kpsingh@kernel.org mingo@redhat.com tglx@linutronix.de alexandre.chartre@oracle.com john.fastabend@gmail.com kafai@fb.com yhs@fb.com
netdev/source_inline	success	Was 0 now: 0
netdev/verify_signedoff	success	Link
netdev/module_param	success	Was 0 now: 0
netdev/build_32bit	success	Errors and warnings before: 33 this patch: 33
netdev/kdoc	success	Errors and warnings before: 0 this patch: 0
netdev/verify_fixes	success	Link
netdev/checkpatch	success	total: 0 errors, 0 warnings, 0 checks, 9 lines checked
netdev/build_allmodconfig_warn	success	Errors and warnings before: 33 this patch: 33
netdev/header_inline	success	Link
netdev/stable	success	Stable not CCed

Alexei Starovoitov Feb. 3, 2021, 7:06 a.m. UTC

From: Alexei Starovoitov <ast@kernel.org>

The commit 0d00449c7a28 ("x86: Replace ist_enter() with nmi_enter()")
converted do_int3 handler to be "NMI-like".
That made old if (in_nmi()) check abort execution of bpf programs
attached to kprobe when kprobe is firing via int3
(For example when kprobe is placed in the middle of the function).
Remove the check to restore user visible behavior.

Fixes: 0d00449c7a28 ("x86: Replace ist_enter() with nmi_enter()")
Reported-by: Nikolay Borisov <nborisov@suse.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
---
 kernel/trace/bpf_trace.c | 3 ---
 1 file changed, 3 deletions(-)

Nikolay Borisov Feb. 3, 2021, 7:09 a.m. UTC | #1

On 3.02.21 г. 9:06 ч., Alexei Starovoitov wrote:
> From: Alexei Starovoitov <ast@kernel.org>
> 
> The commit 0d00449c7a28 ("x86: Replace ist_enter() with nmi_enter()")
> converted do_int3 handler to be "NMI-like".
> That made old if (in_nmi()) check abort execution of bpf programs
> attached to kprobe when kprobe is firing via int3
> (For example when kprobe is placed in the middle of the function).
> Remove the check to restore user visible behavior.
> 
> Fixes: 0d00449c7a28 ("x86: Replace ist_enter() with nmi_enter()")
> Reported-by: Nikolay Borisov <nborisov@suse.com>
> Signed-off-by: Alexei Starovoitov <ast@kernel.org>

Tested-by: Nikolay Borisov <nborisov@suse.com>


So I take it you have verified the callpaths and deemed that it's safe
to remove this check?


> ---
>  kernel/trace/bpf_trace.c | 3 ---
>  1 file changed, 3 deletions(-)
> 
> diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
> index 6c0018abe68a..764400260eb6 100644
> --- a/kernel/trace/bpf_trace.c
> +++ b/kernel/trace/bpf_trace.c
> @@ -96,9 +96,6 @@ unsigned int trace_call_bpf(struct trace_event_call *call, void *ctx)
>  {
>  	unsigned int ret;
>  
> -	if (in_nmi()) /* not supported yet */
> -		return 1;
> -
>  	cant_sleep();
>  
>  	if (unlikely(__this_cpu_inc_return(bpf_prog_active) != 1)) {
>

Alexei Starovoitov Feb. 3, 2021, 7:11 a.m. UTC | #2

On Tue, Feb 2, 2021 at 11:09 PM Nikolay Borisov <nborisov@suse.com> wrote:
>
>
>
> On 3.02.21 г. 9:06 ч., Alexei Starovoitov wrote:
> > From: Alexei Starovoitov <ast@kernel.org>
> >
> > The commit 0d00449c7a28 ("x86: Replace ist_enter() with nmi_enter()")
> > converted do_int3 handler to be "NMI-like".
> > That made old if (in_nmi()) check abort execution of bpf programs
> > attached to kprobe when kprobe is firing via int3
> > (For example when kprobe is placed in the middle of the function).
> > Remove the check to restore user visible behavior.
> >
> > Fixes: 0d00449c7a28 ("x86: Replace ist_enter() with nmi_enter()")
> > Reported-by: Nikolay Borisov <nborisov@suse.com>
> > Signed-off-by: Alexei Starovoitov <ast@kernel.org>
>
> Tested-by: Nikolay Borisov <nborisov@suse.com>
>
>
> So I take it you have verified the callpaths and deemed that it's safe
> to remove this check?

I stared a lot into different places. It's not pretty. I will follow up with
tightening patches for bpf-next, but I couldn't come up with anything
better for bpf tree.

Masami Hiramatsu (Google) Feb. 3, 2021, 12:40 p.m. UTC | #3

On Tue,  2 Feb 2021 23:06:36 -0800
Alexei Starovoitov <alexei.starovoitov@gmail.com> wrote:

> From: Alexei Starovoitov <ast@kernel.org>
> 
> The commit 0d00449c7a28 ("x86: Replace ist_enter() with nmi_enter()")
> converted do_int3 handler to be "NMI-like".
> That made old if (in_nmi()) check abort execution of bpf programs
> attached to kprobe when kprobe is firing via int3
> (For example when kprobe is placed in the middle of the function).
> Remove the check to restore user visible behavior.
> 
> Fixes: 0d00449c7a28 ("x86: Replace ist_enter() with nmi_enter()")
> Reported-by: Nikolay Borisov <nborisov@suse.com>
> Signed-off-by: Alexei Starovoitov <ast@kernel.org>

Looks good to me :)

Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>

Thanks!

> ---
>  kernel/trace/bpf_trace.c | 3 ---
>  1 file changed, 3 deletions(-)
> 
> diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
> index 6c0018abe68a..764400260eb6 100644
> --- a/kernel/trace/bpf_trace.c
> +++ b/kernel/trace/bpf_trace.c
> @@ -96,9 +96,6 @@ unsigned int trace_call_bpf(struct trace_event_call *call, void *ctx)
>  {
>  	unsigned int ret;
>  
> -	if (in_nmi()) /* not supported yet */
> -		return 1;
> -
>  	cant_sleep();
>  
>  	if (unlikely(__this_cpu_inc_return(bpf_prog_active) != 1)) {
> -- 
> 2.24.1
>

patchwork-bot+netdevbpf@kernel.org Feb. 3, 2021, 8:40 p.m. UTC | #4

Hello:

This patch was applied to bpf/bpf.git (refs/heads/master):

On Tue,  2 Feb 2021 23:06:36 -0800 you wrote:
> From: Alexei Starovoitov <ast@kernel.org>
> 
> The commit 0d00449c7a28 ("x86: Replace ist_enter() with nmi_enter()")
> converted do_int3 handler to be "NMI-like".
> That made old if (in_nmi()) check abort execution of bpf programs
> attached to kprobe when kprobe is firing via int3
> (For example when kprobe is placed in the middle of the function).
> Remove the check to restore user visible behavior.
> 
> [...]

Here is the summary with links:
  - [bpf] bpf: Unbreak BPF_PROG_TYPE_KPROBE when kprobe is called via do_int3
    https://git.kernel.org/bpf/bpf/c/548f1191d86c

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

[bpf] bpf: Unbreak BPF_PROG_TYPE_KPROBE when kprobe is called via do_int3

Checks

Commit Message

Comments

Patch