Commit e88e7781 authored by Nikita Panov's avatar Nikita Panov Committed by Denis Darvish
Browse files

mm: set memory permissions for BPF handlers replicas 

kunpeng inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/IBOJU2



-------------------------------------------------

Acked-by: default avatarArtem Kuzin <artem.kuzin@huawei.com>
Acked-by: default avatarAlexander Grubnikov <alexander.grubnikov@huawei.com>
Acked-by: default avatarIlya Hanov <ilya.hanov@huawei-partners.com>
Acked-by: default avatarDenis Darvish <darvish.denis@huawei.com>
Signed-off-by: default avatarNikita Panov <panov.nikita@huawei.com>
parent e08758f5

kernel/bpf/bpf_struct_ops.c

+4 −4
Original line number Diff line number Diff line
@@ -515,7 +515,7 @@ static long bpf_struct_ops_map_update_elem(struct bpf_map *map, void *key, 
			if (err)

				goto reset_unlock;

		}

		set_memory_rox((long)st_map->image, 1);

		numa_set_memory_rox((long)st_map->image, 1);

		/* Let bpf_link handle registration & unregistration.

		 *

		 * Pair with smp_load_acquire() during lookup_elem().
@@ -524,7 +524,7 @@ static long bpf_struct_ops_map_update_elem(struct bpf_map *map, void *key, 
		goto unlock;

	}



	set_memory_rox((long)st_map->image, 1);

	numa_set_memory_rox((long)st_map->image, 1);

	err = st_ops->reg(kdata);

	if (likely(!err)) {

		/* This refcnt increment on the map here after
@@ -547,8 +547,8 @@ static long bpf_struct_ops_map_update_elem(struct bpf_map *map, void *key, 
	 * there was a race in registering the struct_ops (under the same name) to

	 * a sub-system through different struct_ops's maps.

	 */

	set_memory_nx((long)st_map->image, 1);

	set_memory_rw((long)st_map->image, 1);

	numa_set_memory_nx((long)st_map->image, 1);

	numa_set_memory_rw((long)st_map->image, 1);



reset_unlock:

	bpf_struct_ops_map_put_progs(st_map);

kernel/bpf/core.c

+2 −2
Original line number Diff line number Diff line
@@ -893,7 +893,7 @@ static struct bpf_prog_pack *alloc_new_pack(bpf_jit_fill_hole_t bpf_fill_ill_ins 
	list_add_tail(&pack->list, &pack_list);



	set_vm_flush_reset_perms(pack->ptr);

	set_memory_rox((unsigned long)pack->ptr, BPF_PROG_PACK_SIZE / PAGE_SIZE);

	numa_set_memory_rox((unsigned long)pack->ptr, BPF_PROG_PACK_SIZE / PAGE_SIZE);

	return pack;

}
@@ -911,7 +911,7 @@ void *bpf_prog_pack_alloc(u32 size, bpf_jit_fill_hole_t bpf_fill_ill_insns) 
		if (ptr) {

			bpf_fill_ill_insns(ptr, size);

			set_vm_flush_reset_perms(ptr);

			set_memory_rox((unsigned long)ptr, size / PAGE_SIZE);

			numa_set_memory_rox((unsigned long)ptr, size / PAGE_SIZE);

		}

		goto out;

	}

kernel/bpf/trampoline.c

+3 −3
Original line number Diff line number Diff line
@@ -444,7 +444,7 @@ static int bpf_trampoline_update(struct bpf_trampoline *tr, bool lock_direct_mut 
	if (err < 0)

		goto out_free;



	set_memory_rox((long)im->image, 1);

	numa_set_memory_rox((long)im->image, 1);



	WARN_ON(tr->cur_image && total == 0);

	if (tr->cur_image)
@@ -465,8 +465,8 @@ static int bpf_trampoline_update(struct bpf_trampoline *tr, bool lock_direct_mut 
		tr->fops->trampoline = 0;



		/* reset im->image memory attr for arch_prepare_bpf_trampoline */

		set_memory_nx((long)im->image, 1);

		set_memory_rw((long)im->image, 1);

		numa_set_memory_nx((long)im->image, 1);

		numa_set_memory_rw((long)im->image, 1);

		goto again;

	}

#endif

net/bpf/bpf_dummy_struct_ops.c

+1 −1
Original line number Diff line number Diff line
@@ -124,7 +124,7 @@ int bpf_struct_ops_test_run(struct bpf_prog *prog, const union bpf_attr *kattr, 
	if (err < 0)

		goto out;



	set_memory_rox((long)image, 1);

	numa_set_memory_rox((long)image, 1);

	prog_ret = dummy_ops_call_op(image, args);



	err = dummy_ops_copy_args(args);