+++ /dev/null
-From b89ddf4cca43f1269093942cf5c4e457fd45c335 Mon Sep 17 00:00:00 2001
-From: Russell King <russell.king@oracle.com>
-Date: Fri, 5 Nov 2021 16:50:45 +0000
-Subject: arm64/bpf: Remove 128MB limit for BPF JIT programs
-
-From: Russell King <russell.king@oracle.com>
-
-commit b89ddf4cca43f1269093942cf5c4e457fd45c335 upstream.
-
-Commit 91fc957c9b1d ("arm64/bpf: don't allocate BPF JIT programs in module
-memory") restricts BPF JIT program allocation to a 128MB region to ensure
-BPF programs are still in branching range of each other. However this
-restriction should not apply to the aarch64 JIT, since BPF_JMP | BPF_CALL
-are implemented as a 64-bit move into a register and then a BLR instruction -
-which has the effect of being able to call anything without proximity
-limitation.
-
-The practical reason to relax this restriction on JIT memory is that 128MB of
-JIT memory can be quickly exhausted, especially where PAGE_SIZE is 64KB - one
-page is needed per program. In cases where seccomp filters are applied to
-multiple VMs on VM launch - such filters are classic BPF but converted to
-BPF - this can severely limit the number of VMs that can be launched. In a
-world where we support BPF JIT always on, turning off the JIT isn't always an
-option either.
-
-Fixes: 91fc957c9b1d ("arm64/bpf: don't allocate BPF JIT programs in module memory")
-Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
-Signed-off-by: Russell King <russell.king@oracle.com>
-Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
-Tested-by: Alan Maguire <alan.maguire@oracle.com>
-Link: https://lore.kernel.org/bpf/1636131046-5982-2-git-send-email-alan.maguire@oracle.com
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- arch/arm64/include/asm/extable.h | 9 ---------
- arch/arm64/include/asm/memory.h | 5 +----
- arch/arm64/kernel/traps.c | 2 +-
- arch/arm64/mm/ptdump.c | 2 --
- arch/arm64/net/bpf_jit_comp.c | 7 ++-----
- 5 files changed, 4 insertions(+), 21 deletions(-)
-
---- a/arch/arm64/include/asm/extable.h
-+++ b/arch/arm64/include/asm/extable.h
-@@ -22,15 +22,6 @@ struct exception_table_entry
-
- #define ARCH_HAS_RELATIVE_EXTABLE
-
--static inline bool in_bpf_jit(struct pt_regs *regs)
--{
-- if (!IS_ENABLED(CONFIG_BPF_JIT))
-- return false;
--
-- return regs->pc >= BPF_JIT_REGION_START &&
-- regs->pc < BPF_JIT_REGION_END;
--}
--
- #ifdef CONFIG_BPF_JIT
- int arm64_bpf_fixup_exception(const struct exception_table_entry *ex,
- struct pt_regs *regs);
---- a/arch/arm64/include/asm/memory.h
-+++ b/arch/arm64/include/asm/memory.h
-@@ -44,11 +44,8 @@
- #define _PAGE_OFFSET(va) (-(UL(1) << (va)))
- #define PAGE_OFFSET (_PAGE_OFFSET(VA_BITS))
- #define KIMAGE_VADDR (MODULES_END)
--#define BPF_JIT_REGION_START (KASAN_SHADOW_END)
--#define BPF_JIT_REGION_SIZE (SZ_128M)
--#define BPF_JIT_REGION_END (BPF_JIT_REGION_START + BPF_JIT_REGION_SIZE)
- #define MODULES_END (MODULES_VADDR + MODULES_VSIZE)
--#define MODULES_VADDR (BPF_JIT_REGION_END)
-+#define MODULES_VADDR (_PAGE_END(VA_BITS_MIN))
- #define MODULES_VSIZE (SZ_128M)
- #define VMEMMAP_START (-VMEMMAP_SIZE - SZ_2M)
- #define VMEMMAP_END (VMEMMAP_START + VMEMMAP_SIZE)
---- a/arch/arm64/kernel/traps.c
-+++ b/arch/arm64/kernel/traps.c
-@@ -923,7 +923,7 @@ static struct break_hook bug_break_hook
- static int reserved_fault_handler(struct pt_regs *regs, unsigned int esr)
- {
- pr_err("%s generated an invalid instruction at %pS!\n",
-- in_bpf_jit(regs) ? "BPF JIT" : "Kernel text patching",
-+ "Kernel text patching",
- (void *)instruction_pointer(regs));
-
- /* We cannot handle this */
---- a/arch/arm64/mm/ptdump.c
-+++ b/arch/arm64/mm/ptdump.c
-@@ -41,8 +41,6 @@ static struct addr_marker address_marker
- { 0 /* KASAN_SHADOW_START */, "Kasan shadow start" },
- { KASAN_SHADOW_END, "Kasan shadow end" },
- #endif
-- { BPF_JIT_REGION_START, "BPF start" },
-- { BPF_JIT_REGION_END, "BPF end" },
- { MODULES_VADDR, "Modules start" },
- { MODULES_END, "Modules end" },
- { VMALLOC_START, "vmalloc() area" },
---- a/arch/arm64/net/bpf_jit_comp.c
-+++ b/arch/arm64/net/bpf_jit_comp.c
-@@ -1136,15 +1136,12 @@ out:
-
- u64 bpf_jit_alloc_exec_limit(void)
- {
-- return BPF_JIT_REGION_SIZE;
-+ return VMALLOC_END - VMALLOC_START;
- }
-
- void *bpf_jit_alloc_exec(unsigned long size)
- {
-- return __vmalloc_node_range(size, PAGE_SIZE, BPF_JIT_REGION_START,
-- BPF_JIT_REGION_END, GFP_KERNEL,
-- PAGE_KERNEL, 0, NUMA_NO_NODE,
-- __builtin_return_address(0));
-+ return vmalloc(size);
- }
-
- void bpf_jit_free_exec(void *addr)
powerpc-cell-fix-clang-wimplicit-fallthrough-warning.patch
powerpc-fsl-dts-enable-wa-for-erratum-a-009885-on-fman3l-mdio-buses.patch
block-fix-fsync-always-failed-if-once-failed.patch
-arm64-bpf-remove-128mb-limit-for-bpf-jit-programs.patch
bpftool-remove-inclusion-of-utilities.mak-from-makefiles.patch
xdp-check-prog-type-before-updating-bpf-link.patch
perf-evsel-override-attr-sample_period-for-non-libpfm4-events.patch
+++ /dev/null
-From b89ddf4cca43f1269093942cf5c4e457fd45c335 Mon Sep 17 00:00:00 2001
-From: Russell King <russell.king@oracle.com>
-Date: Fri, 5 Nov 2021 16:50:45 +0000
-Subject: arm64/bpf: Remove 128MB limit for BPF JIT programs
-
-From: Russell King <russell.king@oracle.com>
-
-commit b89ddf4cca43f1269093942cf5c4e457fd45c335 upstream.
-
-Commit 91fc957c9b1d ("arm64/bpf: don't allocate BPF JIT programs in module
-memory") restricts BPF JIT program allocation to a 128MB region to ensure
-BPF programs are still in branching range of each other. However this
-restriction should not apply to the aarch64 JIT, since BPF_JMP | BPF_CALL
-are implemented as a 64-bit move into a register and then a BLR instruction -
-which has the effect of being able to call anything without proximity
-limitation.
-
-The practical reason to relax this restriction on JIT memory is that 128MB of
-JIT memory can be quickly exhausted, especially where PAGE_SIZE is 64KB - one
-page is needed per program. In cases where seccomp filters are applied to
-multiple VMs on VM launch - such filters are classic BPF but converted to
-BPF - this can severely limit the number of VMs that can be launched. In a
-world where we support BPF JIT always on, turning off the JIT isn't always an
-option either.
-
-Fixes: 91fc957c9b1d ("arm64/bpf: don't allocate BPF JIT programs in module memory")
-Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
-Signed-off-by: Russell King <russell.king@oracle.com>
-Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
-Tested-by: Alan Maguire <alan.maguire@oracle.com>
-Link: https://lore.kernel.org/bpf/1636131046-5982-2-git-send-email-alan.maguire@oracle.com
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- arch/arm64/include/asm/extable.h | 9 ---------
- arch/arm64/include/asm/memory.h | 5 +----
- arch/arm64/kernel/traps.c | 2 +-
- arch/arm64/mm/ptdump.c | 2 --
- arch/arm64/net/bpf_jit_comp.c | 7 ++-----
- 5 files changed, 4 insertions(+), 21 deletions(-)
-
---- a/arch/arm64/include/asm/extable.h
-+++ b/arch/arm64/include/asm/extable.h
-@@ -22,15 +22,6 @@ struct exception_table_entry
-
- #define ARCH_HAS_RELATIVE_EXTABLE
-
--static inline bool in_bpf_jit(struct pt_regs *regs)
--{
-- if (!IS_ENABLED(CONFIG_BPF_JIT))
-- return false;
--
-- return regs->pc >= BPF_JIT_REGION_START &&
-- regs->pc < BPF_JIT_REGION_END;
--}
--
- #ifdef CONFIG_BPF_JIT
- int arm64_bpf_fixup_exception(const struct exception_table_entry *ex,
- struct pt_regs *regs);
---- a/arch/arm64/include/asm/memory.h
-+++ b/arch/arm64/include/asm/memory.h
-@@ -44,11 +44,8 @@
- #define _PAGE_OFFSET(va) (-(UL(1) << (va)))
- #define PAGE_OFFSET (_PAGE_OFFSET(VA_BITS))
- #define KIMAGE_VADDR (MODULES_END)
--#define BPF_JIT_REGION_START (_PAGE_END(VA_BITS_MIN))
--#define BPF_JIT_REGION_SIZE (SZ_128M)
--#define BPF_JIT_REGION_END (BPF_JIT_REGION_START + BPF_JIT_REGION_SIZE)
- #define MODULES_END (MODULES_VADDR + MODULES_VSIZE)
--#define MODULES_VADDR (BPF_JIT_REGION_END)
-+#define MODULES_VADDR (_PAGE_END(VA_BITS_MIN))
- #define MODULES_VSIZE (SZ_128M)
- #define VMEMMAP_START (-(UL(1) << (VA_BITS - VMEMMAP_SHIFT)))
- #define VMEMMAP_END (VMEMMAP_START + VMEMMAP_SIZE)
---- a/arch/arm64/kernel/traps.c
-+++ b/arch/arm64/kernel/traps.c
-@@ -988,7 +988,7 @@ static struct break_hook bug_break_hook
- static int reserved_fault_handler(struct pt_regs *regs, unsigned int esr)
- {
- pr_err("%s generated an invalid instruction at %pS!\n",
-- in_bpf_jit(regs) ? "BPF JIT" : "Kernel text patching",
-+ "Kernel text patching",
- (void *)instruction_pointer(regs));
-
- /* We cannot handle this */
---- a/arch/arm64/mm/ptdump.c
-+++ b/arch/arm64/mm/ptdump.c
-@@ -41,8 +41,6 @@ static struct addr_marker address_marker
- { 0 /* KASAN_SHADOW_START */, "Kasan shadow start" },
- { KASAN_SHADOW_END, "Kasan shadow end" },
- #endif
-- { BPF_JIT_REGION_START, "BPF start" },
-- { BPF_JIT_REGION_END, "BPF end" },
- { MODULES_VADDR, "Modules start" },
- { MODULES_END, "Modules end" },
- { VMALLOC_START, "vmalloc() area" },
---- a/arch/arm64/net/bpf_jit_comp.c
-+++ b/arch/arm64/net/bpf_jit_comp.c
-@@ -1138,15 +1138,12 @@ out:
-
- u64 bpf_jit_alloc_exec_limit(void)
- {
-- return BPF_JIT_REGION_SIZE;
-+ return VMALLOC_END - VMALLOC_START;
- }
-
- void *bpf_jit_alloc_exec(unsigned long size)
- {
-- return __vmalloc_node_range(size, PAGE_SIZE, BPF_JIT_REGION_START,
-- BPF_JIT_REGION_END, GFP_KERNEL,
-- PAGE_KERNEL, 0, NUMA_NO_NODE,
-- __builtin_return_address(0));
-+ return vmalloc(size);
- }
-
- void bpf_jit_free_exec(void *addr)
drm-vc4-crtc-drop-feed_txp-from-state.patch
drm-vc4-fix-non-blocking-commit-getting-stuck-forever.patch
drm-vc4-crtc-copy-assigned-channel-to-the-crtc.patch
-arm64-bpf-remove-128mb-limit-for-bpf-jit-programs.patch
bpftool-remove-inclusion-of-utilities.mak-from-makefiles.patch
bpftool-fix-indent-in-option-lists-in-the-documentation.patch
xdp-check-prog-type-before-updating-bpf-link.patch
+++ /dev/null
-From b89ddf4cca43f1269093942cf5c4e457fd45c335 Mon Sep 17 00:00:00 2001
-From: Russell King <russell.king@oracle.com>
-Date: Fri, 5 Nov 2021 16:50:45 +0000
-Subject: arm64/bpf: Remove 128MB limit for BPF JIT programs
-
-From: Russell King <russell.king@oracle.com>
-
-commit b89ddf4cca43f1269093942cf5c4e457fd45c335 upstream.
-
-Commit 91fc957c9b1d ("arm64/bpf: don't allocate BPF JIT programs in module
-memory") restricts BPF JIT program allocation to a 128MB region to ensure
-BPF programs are still in branching range of each other. However this
-restriction should not apply to the aarch64 JIT, since BPF_JMP | BPF_CALL
-are implemented as a 64-bit move into a register and then a BLR instruction -
-which has the effect of being able to call anything without proximity
-limitation.
-
-The practical reason to relax this restriction on JIT memory is that 128MB of
-JIT memory can be quickly exhausted, especially where PAGE_SIZE is 64KB - one
-page is needed per program. In cases where seccomp filters are applied to
-multiple VMs on VM launch - such filters are classic BPF but converted to
-BPF - this can severely limit the number of VMs that can be launched. In a
-world where we support BPF JIT always on, turning off the JIT isn't always an
-option either.
-
-Fixes: 91fc957c9b1d ("arm64/bpf: don't allocate BPF JIT programs in module memory")
-Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
-Signed-off-by: Russell King <russell.king@oracle.com>
-Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
-Tested-by: Alan Maguire <alan.maguire@oracle.com>
-Link: https://lore.kernel.org/bpf/1636131046-5982-2-git-send-email-alan.maguire@oracle.com
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- arch/arm64/include/asm/extable.h | 9 ---------
- arch/arm64/include/asm/memory.h | 5 +----
- arch/arm64/kernel/traps.c | 2 +-
- arch/arm64/mm/ptdump.c | 2 --
- arch/arm64/net/bpf_jit_comp.c | 7 ++-----
- 5 files changed, 4 insertions(+), 21 deletions(-)
-
---- a/arch/arm64/include/asm/extable.h
-+++ b/arch/arm64/include/asm/extable.h
-@@ -33,15 +33,6 @@ do { \
- (b)->data = (tmp).data; \
- } while (0)
-
--static inline bool in_bpf_jit(struct pt_regs *regs)
--{
-- if (!IS_ENABLED(CONFIG_BPF_JIT))
-- return false;
--
-- return regs->pc >= BPF_JIT_REGION_START &&
-- regs->pc < BPF_JIT_REGION_END;
--}
--
- #ifdef CONFIG_BPF_JIT
- bool ex_handler_bpf(const struct exception_table_entry *ex,
- struct pt_regs *regs);
---- a/arch/arm64/include/asm/memory.h
-+++ b/arch/arm64/include/asm/memory.h
-@@ -44,11 +44,8 @@
- #define _PAGE_OFFSET(va) (-(UL(1) << (va)))
- #define PAGE_OFFSET (_PAGE_OFFSET(VA_BITS))
- #define KIMAGE_VADDR (MODULES_END)
--#define BPF_JIT_REGION_START (_PAGE_END(VA_BITS_MIN))
--#define BPF_JIT_REGION_SIZE (SZ_128M)
--#define BPF_JIT_REGION_END (BPF_JIT_REGION_START + BPF_JIT_REGION_SIZE)
- #define MODULES_END (MODULES_VADDR + MODULES_VSIZE)
--#define MODULES_VADDR (BPF_JIT_REGION_END)
-+#define MODULES_VADDR (_PAGE_END(VA_BITS_MIN))
- #define MODULES_VSIZE (SZ_128M)
- #define VMEMMAP_START (-(UL(1) << (VA_BITS - VMEMMAP_SHIFT)))
- #define VMEMMAP_END (VMEMMAP_START + VMEMMAP_SIZE)
---- a/arch/arm64/kernel/traps.c
-+++ b/arch/arm64/kernel/traps.c
-@@ -994,7 +994,7 @@ static struct break_hook bug_break_hook
- static int reserved_fault_handler(struct pt_regs *regs, unsigned int esr)
- {
- pr_err("%s generated an invalid instruction at %pS!\n",
-- in_bpf_jit(regs) ? "BPF JIT" : "Kernel text patching",
-+ "Kernel text patching",
- (void *)instruction_pointer(regs));
-
- /* We cannot handle this */
---- a/arch/arm64/mm/ptdump.c
-+++ b/arch/arm64/mm/ptdump.c
-@@ -41,8 +41,6 @@ static struct addr_marker address_marker
- { 0 /* KASAN_SHADOW_START */, "Kasan shadow start" },
- { KASAN_SHADOW_END, "Kasan shadow end" },
- #endif
-- { BPF_JIT_REGION_START, "BPF start" },
-- { BPF_JIT_REGION_END, "BPF end" },
- { MODULES_VADDR, "Modules start" },
- { MODULES_END, "Modules end" },
- { VMALLOC_START, "vmalloc() area" },
---- a/arch/arm64/net/bpf_jit_comp.c
-+++ b/arch/arm64/net/bpf_jit_comp.c
-@@ -1145,15 +1145,12 @@ out:
-
- u64 bpf_jit_alloc_exec_limit(void)
- {
-- return BPF_JIT_REGION_SIZE;
-+ return VMALLOC_END - VMALLOC_START;
- }
-
- void *bpf_jit_alloc_exec(unsigned long size)
- {
-- return __vmalloc_node_range(size, PAGE_SIZE, BPF_JIT_REGION_START,
-- BPF_JIT_REGION_END, GFP_KERNEL,
-- PAGE_KERNEL, 0, NUMA_NO_NODE,
-- __builtin_return_address(0));
-+ return vmalloc(size);
- }
-
- void bpf_jit_free_exec(void *addr)
drm-vc4-fix-non-blocking-commit-getting-stuck-forever.patch
drm-vc4-crtc-copy-assigned-channel-to-the-crtc.patch
libbpf-remove-deprecation-attribute-from-struct-bpf_prog_prep_result.patch
-arm64-bpf-remove-128mb-limit-for-bpf-jit-programs.patch
bpftool-remove-inclusion-of-utilities.mak-from-makefiles.patch
bpftool-fix-indent-in-option-lists-in-the-documentation.patch
xdp-check-prog-type-before-updating-bpf-link.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
