From: Greg Kroah-Hartman Date: Tue, 25 Jan 2022 11:04:16 +0000 (+0100) Subject: drop arm64-bpf-remove-128mb-limit-for-bpf-jit-programs.patch from everywhere X-Git-Tag: v4.4.300~6 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=014a5e9cc48ad065db71fda0e5f29b9bdaaeef72;p=thirdparty%2Fkernel%2Fstable-queue.git drop arm64-bpf-remove-128mb-limit-for-bpf-jit-programs.patch from everywhere --- diff --git a/queue-5.10/arm64-bpf-remove-128mb-limit-for-bpf-jit-programs.patch b/queue-5.10/arm64-bpf-remove-128mb-limit-for-bpf-jit-programs.patch deleted file mode 100644 index 061f4abfd2a..00000000000 --- a/queue-5.10/arm64-bpf-remove-128mb-limit-for-bpf-jit-programs.patch +++ /dev/null @@ -1,115 +0,0 @@ -From b89ddf4cca43f1269093942cf5c4e457fd45c335 Mon Sep 17 00:00:00 2001 -From: Russell King -Date: Fri, 5 Nov 2021 16:50:45 +0000 -Subject: arm64/bpf: Remove 128MB limit for BPF JIT programs - -From: Russell King - -commit b89ddf4cca43f1269093942cf5c4e457fd45c335 upstream. - -Commit 91fc957c9b1d ("arm64/bpf: don't allocate BPF JIT programs in module -memory") restricts BPF JIT program allocation to a 128MB region to ensure -BPF programs are still in branching range of each other. However this -restriction should not apply to the aarch64 JIT, since BPF_JMP | BPF_CALL -are implemented as a 64-bit move into a register and then a BLR instruction - -which has the effect of being able to call anything without proximity -limitation. - -The practical reason to relax this restriction on JIT memory is that 128MB of -JIT memory can be quickly exhausted, especially where PAGE_SIZE is 64KB - one -page is needed per program. In cases where seccomp filters are applied to -multiple VMs on VM launch - such filters are classic BPF but converted to -BPF - this can severely limit the number of VMs that can be launched. In a -world where we support BPF JIT always on, turning off the JIT isn't always an -option either. - -Fixes: 91fc957c9b1d ("arm64/bpf: don't allocate BPF JIT programs in module memory") -Suggested-by: Ard Biesheuvel -Signed-off-by: Russell King -Signed-off-by: Daniel Borkmann -Tested-by: Alan Maguire -Link: https://lore.kernel.org/bpf/1636131046-5982-2-git-send-email-alan.maguire@oracle.com -Signed-off-by: Greg Kroah-Hartman ---- - arch/arm64/include/asm/extable.h | 9 --------- - arch/arm64/include/asm/memory.h | 5 +---- - arch/arm64/kernel/traps.c | 2 +- - arch/arm64/mm/ptdump.c | 2 -- - arch/arm64/net/bpf_jit_comp.c | 7 ++----- - 5 files changed, 4 insertions(+), 21 deletions(-) - ---- a/arch/arm64/include/asm/extable.h -+++ b/arch/arm64/include/asm/extable.h -@@ -22,15 +22,6 @@ struct exception_table_entry - - #define ARCH_HAS_RELATIVE_EXTABLE - --static inline bool in_bpf_jit(struct pt_regs *regs) --{ -- if (!IS_ENABLED(CONFIG_BPF_JIT)) -- return false; -- -- return regs->pc >= BPF_JIT_REGION_START && -- regs->pc < BPF_JIT_REGION_END; --} -- - #ifdef CONFIG_BPF_JIT - int arm64_bpf_fixup_exception(const struct exception_table_entry *ex, - struct pt_regs *regs); ---- a/arch/arm64/include/asm/memory.h -+++ b/arch/arm64/include/asm/memory.h -@@ -44,11 +44,8 @@ - #define _PAGE_OFFSET(va) (-(UL(1) << (va))) - #define PAGE_OFFSET (_PAGE_OFFSET(VA_BITS)) - #define KIMAGE_VADDR (MODULES_END) --#define BPF_JIT_REGION_START (KASAN_SHADOW_END) --#define BPF_JIT_REGION_SIZE (SZ_128M) --#define BPF_JIT_REGION_END (BPF_JIT_REGION_START + BPF_JIT_REGION_SIZE) - #define MODULES_END (MODULES_VADDR + MODULES_VSIZE) --#define MODULES_VADDR (BPF_JIT_REGION_END) -+#define MODULES_VADDR (_PAGE_END(VA_BITS_MIN)) - #define MODULES_VSIZE (SZ_128M) - #define VMEMMAP_START (-VMEMMAP_SIZE - SZ_2M) - #define VMEMMAP_END (VMEMMAP_START + VMEMMAP_SIZE) ---- a/arch/arm64/kernel/traps.c -+++ b/arch/arm64/kernel/traps.c -@@ -923,7 +923,7 @@ static struct break_hook bug_break_hook - static int reserved_fault_handler(struct pt_regs *regs, unsigned int esr) - { - pr_err("%s generated an invalid instruction at %pS!\n", -- in_bpf_jit(regs) ? "BPF JIT" : "Kernel text patching", -+ "Kernel text patching", - (void *)instruction_pointer(regs)); - - /* We cannot handle this */ ---- a/arch/arm64/mm/ptdump.c -+++ b/arch/arm64/mm/ptdump.c -@@ -41,8 +41,6 @@ static struct addr_marker address_marker - { 0 /* KASAN_SHADOW_START */, "Kasan shadow start" }, - { KASAN_SHADOW_END, "Kasan shadow end" }, - #endif -- { BPF_JIT_REGION_START, "BPF start" }, -- { BPF_JIT_REGION_END, "BPF end" }, - { MODULES_VADDR, "Modules start" }, - { MODULES_END, "Modules end" }, - { VMALLOC_START, "vmalloc() area" }, ---- a/arch/arm64/net/bpf_jit_comp.c -+++ b/arch/arm64/net/bpf_jit_comp.c -@@ -1136,15 +1136,12 @@ out: - - u64 bpf_jit_alloc_exec_limit(void) - { -- return BPF_JIT_REGION_SIZE; -+ return VMALLOC_END - VMALLOC_START; - } - - void *bpf_jit_alloc_exec(unsigned long size) - { -- return __vmalloc_node_range(size, PAGE_SIZE, BPF_JIT_REGION_START, -- BPF_JIT_REGION_END, GFP_KERNEL, -- PAGE_KERNEL, 0, NUMA_NO_NODE, -- __builtin_return_address(0)); -+ return vmalloc(size); - } - - void bpf_jit_free_exec(void *addr) diff --git a/queue-5.10/series b/queue-5.10/series index 02aff53c264..934b20e1fc2 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -500,7 +500,6 @@ revert-net-mlx5-add-retry-mechanism-to-the-command-entry-index-allocation.patch powerpc-cell-fix-clang-wimplicit-fallthrough-warning.patch powerpc-fsl-dts-enable-wa-for-erratum-a-009885-on-fman3l-mdio-buses.patch block-fix-fsync-always-failed-if-once-failed.patch -arm64-bpf-remove-128mb-limit-for-bpf-jit-programs.patch bpftool-remove-inclusion-of-utilities.mak-from-makefiles.patch xdp-check-prog-type-before-updating-bpf-link.patch perf-evsel-override-attr-sample_period-for-non-libpfm4-events.patch diff --git a/queue-5.15/arm64-bpf-remove-128mb-limit-for-bpf-jit-programs.patch b/queue-5.15/arm64-bpf-remove-128mb-limit-for-bpf-jit-programs.patch deleted file mode 100644 index c0734cf151a..00000000000 --- a/queue-5.15/arm64-bpf-remove-128mb-limit-for-bpf-jit-programs.patch +++ /dev/null @@ -1,115 +0,0 @@ -From b89ddf4cca43f1269093942cf5c4e457fd45c335 Mon Sep 17 00:00:00 2001 -From: Russell King -Date: Fri, 5 Nov 2021 16:50:45 +0000 -Subject: arm64/bpf: Remove 128MB limit for BPF JIT programs - -From: Russell King - -commit b89ddf4cca43f1269093942cf5c4e457fd45c335 upstream. - -Commit 91fc957c9b1d ("arm64/bpf: don't allocate BPF JIT programs in module -memory") restricts BPF JIT program allocation to a 128MB region to ensure -BPF programs are still in branching range of each other. However this -restriction should not apply to the aarch64 JIT, since BPF_JMP | BPF_CALL -are implemented as a 64-bit move into a register and then a BLR instruction - -which has the effect of being able to call anything without proximity -limitation. - -The practical reason to relax this restriction on JIT memory is that 128MB of -JIT memory can be quickly exhausted, especially where PAGE_SIZE is 64KB - one -page is needed per program. In cases where seccomp filters are applied to -multiple VMs on VM launch - such filters are classic BPF but converted to -BPF - this can severely limit the number of VMs that can be launched. In a -world where we support BPF JIT always on, turning off the JIT isn't always an -option either. - -Fixes: 91fc957c9b1d ("arm64/bpf: don't allocate BPF JIT programs in module memory") -Suggested-by: Ard Biesheuvel -Signed-off-by: Russell King -Signed-off-by: Daniel Borkmann -Tested-by: Alan Maguire -Link: https://lore.kernel.org/bpf/1636131046-5982-2-git-send-email-alan.maguire@oracle.com -Signed-off-by: Greg Kroah-Hartman ---- - arch/arm64/include/asm/extable.h | 9 --------- - arch/arm64/include/asm/memory.h | 5 +---- - arch/arm64/kernel/traps.c | 2 +- - arch/arm64/mm/ptdump.c | 2 -- - arch/arm64/net/bpf_jit_comp.c | 7 ++----- - 5 files changed, 4 insertions(+), 21 deletions(-) - ---- a/arch/arm64/include/asm/extable.h -+++ b/arch/arm64/include/asm/extable.h -@@ -22,15 +22,6 @@ struct exception_table_entry - - #define ARCH_HAS_RELATIVE_EXTABLE - --static inline bool in_bpf_jit(struct pt_regs *regs) --{ -- if (!IS_ENABLED(CONFIG_BPF_JIT)) -- return false; -- -- return regs->pc >= BPF_JIT_REGION_START && -- regs->pc < BPF_JIT_REGION_END; --} -- - #ifdef CONFIG_BPF_JIT - int arm64_bpf_fixup_exception(const struct exception_table_entry *ex, - struct pt_regs *regs); ---- a/arch/arm64/include/asm/memory.h -+++ b/arch/arm64/include/asm/memory.h -@@ -44,11 +44,8 @@ - #define _PAGE_OFFSET(va) (-(UL(1) << (va))) - #define PAGE_OFFSET (_PAGE_OFFSET(VA_BITS)) - #define KIMAGE_VADDR (MODULES_END) --#define BPF_JIT_REGION_START (_PAGE_END(VA_BITS_MIN)) --#define BPF_JIT_REGION_SIZE (SZ_128M) --#define BPF_JIT_REGION_END (BPF_JIT_REGION_START + BPF_JIT_REGION_SIZE) - #define MODULES_END (MODULES_VADDR + MODULES_VSIZE) --#define MODULES_VADDR (BPF_JIT_REGION_END) -+#define MODULES_VADDR (_PAGE_END(VA_BITS_MIN)) - #define MODULES_VSIZE (SZ_128M) - #define VMEMMAP_START (-(UL(1) << (VA_BITS - VMEMMAP_SHIFT))) - #define VMEMMAP_END (VMEMMAP_START + VMEMMAP_SIZE) ---- a/arch/arm64/kernel/traps.c -+++ b/arch/arm64/kernel/traps.c -@@ -988,7 +988,7 @@ static struct break_hook bug_break_hook - static int reserved_fault_handler(struct pt_regs *regs, unsigned int esr) - { - pr_err("%s generated an invalid instruction at %pS!\n", -- in_bpf_jit(regs) ? "BPF JIT" : "Kernel text patching", -+ "Kernel text patching", - (void *)instruction_pointer(regs)); - - /* We cannot handle this */ ---- a/arch/arm64/mm/ptdump.c -+++ b/arch/arm64/mm/ptdump.c -@@ -41,8 +41,6 @@ static struct addr_marker address_marker - { 0 /* KASAN_SHADOW_START */, "Kasan shadow start" }, - { KASAN_SHADOW_END, "Kasan shadow end" }, - #endif -- { BPF_JIT_REGION_START, "BPF start" }, -- { BPF_JIT_REGION_END, "BPF end" }, - { MODULES_VADDR, "Modules start" }, - { MODULES_END, "Modules end" }, - { VMALLOC_START, "vmalloc() area" }, ---- a/arch/arm64/net/bpf_jit_comp.c -+++ b/arch/arm64/net/bpf_jit_comp.c -@@ -1138,15 +1138,12 @@ out: - - u64 bpf_jit_alloc_exec_limit(void) - { -- return BPF_JIT_REGION_SIZE; -+ return VMALLOC_END - VMALLOC_START; - } - - void *bpf_jit_alloc_exec(unsigned long size) - { -- return __vmalloc_node_range(size, PAGE_SIZE, BPF_JIT_REGION_START, -- BPF_JIT_REGION_END, GFP_KERNEL, -- PAGE_KERNEL, 0, NUMA_NO_NODE, -- __builtin_return_address(0)); -+ return vmalloc(size); - } - - void bpf_jit_free_exec(void *addr) diff --git a/queue-5.15/series b/queue-5.15/series index 3c1e44a6b30..91628a12bfc 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -755,7 +755,6 @@ block-fix-fsync-always-failed-if-once-failed.patch drm-vc4-crtc-drop-feed_txp-from-state.patch drm-vc4-fix-non-blocking-commit-getting-stuck-forever.patch drm-vc4-crtc-copy-assigned-channel-to-the-crtc.patch -arm64-bpf-remove-128mb-limit-for-bpf-jit-programs.patch bpftool-remove-inclusion-of-utilities.mak-from-makefiles.patch bpftool-fix-indent-in-option-lists-in-the-documentation.patch xdp-check-prog-type-before-updating-bpf-link.patch diff --git a/queue-5.16/arm64-bpf-remove-128mb-limit-for-bpf-jit-programs.patch b/queue-5.16/arm64-bpf-remove-128mb-limit-for-bpf-jit-programs.patch deleted file mode 100644 index d54478c44ed..00000000000 --- a/queue-5.16/arm64-bpf-remove-128mb-limit-for-bpf-jit-programs.patch +++ /dev/null @@ -1,115 +0,0 @@ -From b89ddf4cca43f1269093942cf5c4e457fd45c335 Mon Sep 17 00:00:00 2001 -From: Russell King -Date: Fri, 5 Nov 2021 16:50:45 +0000 -Subject: arm64/bpf: Remove 128MB limit for BPF JIT programs - -From: Russell King - -commit b89ddf4cca43f1269093942cf5c4e457fd45c335 upstream. - -Commit 91fc957c9b1d ("arm64/bpf: don't allocate BPF JIT programs in module -memory") restricts BPF JIT program allocation to a 128MB region to ensure -BPF programs are still in branching range of each other. However this -restriction should not apply to the aarch64 JIT, since BPF_JMP | BPF_CALL -are implemented as a 64-bit move into a register and then a BLR instruction - -which has the effect of being able to call anything without proximity -limitation. - -The practical reason to relax this restriction on JIT memory is that 128MB of -JIT memory can be quickly exhausted, especially where PAGE_SIZE is 64KB - one -page is needed per program. In cases where seccomp filters are applied to -multiple VMs on VM launch - such filters are classic BPF but converted to -BPF - this can severely limit the number of VMs that can be launched. In a -world where we support BPF JIT always on, turning off the JIT isn't always an -option either. - -Fixes: 91fc957c9b1d ("arm64/bpf: don't allocate BPF JIT programs in module memory") -Suggested-by: Ard Biesheuvel -Signed-off-by: Russell King -Signed-off-by: Daniel Borkmann -Tested-by: Alan Maguire -Link: https://lore.kernel.org/bpf/1636131046-5982-2-git-send-email-alan.maguire@oracle.com -Signed-off-by: Greg Kroah-Hartman ---- - arch/arm64/include/asm/extable.h | 9 --------- - arch/arm64/include/asm/memory.h | 5 +---- - arch/arm64/kernel/traps.c | 2 +- - arch/arm64/mm/ptdump.c | 2 -- - arch/arm64/net/bpf_jit_comp.c | 7 ++----- - 5 files changed, 4 insertions(+), 21 deletions(-) - ---- a/arch/arm64/include/asm/extable.h -+++ b/arch/arm64/include/asm/extable.h -@@ -33,15 +33,6 @@ do { \ - (b)->data = (tmp).data; \ - } while (0) - --static inline bool in_bpf_jit(struct pt_regs *regs) --{ -- if (!IS_ENABLED(CONFIG_BPF_JIT)) -- return false; -- -- return regs->pc >= BPF_JIT_REGION_START && -- regs->pc < BPF_JIT_REGION_END; --} -- - #ifdef CONFIG_BPF_JIT - bool ex_handler_bpf(const struct exception_table_entry *ex, - struct pt_regs *regs); ---- a/arch/arm64/include/asm/memory.h -+++ b/arch/arm64/include/asm/memory.h -@@ -44,11 +44,8 @@ - #define _PAGE_OFFSET(va) (-(UL(1) << (va))) - #define PAGE_OFFSET (_PAGE_OFFSET(VA_BITS)) - #define KIMAGE_VADDR (MODULES_END) --#define BPF_JIT_REGION_START (_PAGE_END(VA_BITS_MIN)) --#define BPF_JIT_REGION_SIZE (SZ_128M) --#define BPF_JIT_REGION_END (BPF_JIT_REGION_START + BPF_JIT_REGION_SIZE) - #define MODULES_END (MODULES_VADDR + MODULES_VSIZE) --#define MODULES_VADDR (BPF_JIT_REGION_END) -+#define MODULES_VADDR (_PAGE_END(VA_BITS_MIN)) - #define MODULES_VSIZE (SZ_128M) - #define VMEMMAP_START (-(UL(1) << (VA_BITS - VMEMMAP_SHIFT))) - #define VMEMMAP_END (VMEMMAP_START + VMEMMAP_SIZE) ---- a/arch/arm64/kernel/traps.c -+++ b/arch/arm64/kernel/traps.c -@@ -994,7 +994,7 @@ static struct break_hook bug_break_hook - static int reserved_fault_handler(struct pt_regs *regs, unsigned int esr) - { - pr_err("%s generated an invalid instruction at %pS!\n", -- in_bpf_jit(regs) ? "BPF JIT" : "Kernel text patching", -+ "Kernel text patching", - (void *)instruction_pointer(regs)); - - /* We cannot handle this */ ---- a/arch/arm64/mm/ptdump.c -+++ b/arch/arm64/mm/ptdump.c -@@ -41,8 +41,6 @@ static struct addr_marker address_marker - { 0 /* KASAN_SHADOW_START */, "Kasan shadow start" }, - { KASAN_SHADOW_END, "Kasan shadow end" }, - #endif -- { BPF_JIT_REGION_START, "BPF start" }, -- { BPF_JIT_REGION_END, "BPF end" }, - { MODULES_VADDR, "Modules start" }, - { MODULES_END, "Modules end" }, - { VMALLOC_START, "vmalloc() area" }, ---- a/arch/arm64/net/bpf_jit_comp.c -+++ b/arch/arm64/net/bpf_jit_comp.c -@@ -1145,15 +1145,12 @@ out: - - u64 bpf_jit_alloc_exec_limit(void) - { -- return BPF_JIT_REGION_SIZE; -+ return VMALLOC_END - VMALLOC_START; - } - - void *bpf_jit_alloc_exec(unsigned long size) - { -- return __vmalloc_node_range(size, PAGE_SIZE, BPF_JIT_REGION_START, -- BPF_JIT_REGION_END, GFP_KERNEL, -- PAGE_KERNEL, 0, NUMA_NO_NODE, -- __builtin_return_address(0)); -+ return vmalloc(size); - } - - void bpf_jit_free_exec(void *addr) diff --git a/queue-5.16/series b/queue-5.16/series index 98ca9ea2f38..ecb43f109db 100644 --- a/queue-5.16/series +++ b/queue-5.16/series @@ -930,7 +930,6 @@ drm-vc4-crtc-drop-feed_txp-from-state.patch drm-vc4-fix-non-blocking-commit-getting-stuck-forever.patch drm-vc4-crtc-copy-assigned-channel-to-the-crtc.patch libbpf-remove-deprecation-attribute-from-struct-bpf_prog_prep_result.patch -arm64-bpf-remove-128mb-limit-for-bpf-jit-programs.patch bpftool-remove-inclusion-of-utilities.mak-from-makefiles.patch bpftool-fix-indent-in-option-lists-in-the-documentation.patch xdp-check-prog-type-before-updating-bpf-link.patch