[PATCH] bpf: Remove tracing program restriction on map types

[Devaansh Kumar]

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
linux-5.15.y

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 7049a85a78ab..77a75ccaae5e 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -11700,35 +11700,6 @@ static int
check_map_prog_compatibility(struct bpf_verifier_env *env,

{
enum bpf_prog_type prog_type = resolve_prog_type(prog);
- /*
- * Validate that trace type programs use preallocated hash maps.
- *
- * For programs attached to PERF events this is mandatory as the
- * perf NMI can hit any arbitrary code sequence.
- *
- * All other trace types using preallocated hash maps are unsafe as
- * well because tracepoint or kprobes can be inside locked regions
- * of the memory allocator or at a place where a recursion into the
- * memory allocator would see inconsistent state.
- *
- * On RT enabled kernels run-time allocation of all trace type
- * programs is strictly prohibited due to lock type constraints. On
- * !RT kernels it is allowed for backwards compatibility reasons for
- * now, but warnings are emitted so developers are made aware of
- * the unsafety and can fix their programs before this is enforced.
- */
- if (is_tracing_prog_type(prog_type) && !is_preallocated_map(map)) {
- if (prog_type == BPF_PROG_TYPE_PERF_EVENT) {
- verbose(env, "perf_event programs can only use
preallocated hash map\n");
- return -EINVAL;
- }
- if (IS_ENABLED(CONFIG_PREEMPT_RT)) {
- verbose(env, "trace type programs can only use
preallocated hash map\n");
- return -EINVAL;
- }
- WARN_ONCE(1, "trace type BPF program uses run-time
allocation\n");
- verbose(env, "trace type programs with run-time
allocated hash maps are unsafe. Switch to preallocated hash maps.\n");
- }

if (map_value_has_spin_lock(map)) {
if (prog_type == BPF_PROG_TYPE_SOCKET_FILTER) {
--
2.49.0

Thanks
Devaansh Kumar

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

failed to apply patch:
checking file kernel/bpf/verifier.c
patch: **** unexpected end of file in patch



Tested on:

commit: f7347f40 Linux 5.15.180
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=bcb6af887426ce59
dashboard link: https://syzkaller.appspot.com/bug?extid=3d7af5d2cc62b29ab2ed
compiler:
patch: https://syzkaller.appspot.com/x/patch.diff?x=108cea3f980000

[Devaansh Kumar]

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

failed to apply patch:
checking file kernel/bpf/verifier.c
patch: **** unexpected end of file in patch



Tested on:

commit: f7347f40 Linux 5.15.180
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=bcb6af887426ce59
dashboard link: https://syzkaller.appspot.com/bug?extid=3d7af5d2cc62b29ab2ed
compiler:

patch: https://syzkaller.appspot.com/x/patch.diff?x=128f20cc580000

[Devaansh Kumar]

[syzbot]

Hello,

syzbot tried to test the proposed patch but the build/boot failed:

failed to apply patch:
checking file kernel/bpf/verifier.c
patch: **** unexpected end of file in patch



Tested on:

commit: f7347f40 Linux 5.15.180
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git linux-5.15.y
kernel config: https://syzkaller.appspot.com/x/.config?x=bcb6af887426ce59
dashboard link: https://syzkaller.appspot.com/bug?extid=3d7af5d2cc62b29ab2ed
compiler:

patch: https://syzkaller.appspot.com/x/patch.diff?x=17cba0cc580000

[Devaansh Kumar]

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git linux-5.15.y

====================================================

[syzbot]

patch: https://syzkaller.appspot.com/x/patch.diff?x=16bccfe4580000

[Devaansh Kumar]

[ Upstream commit 96da3f7d489d11b43e7c1af90d876b9a2492cca8 ]

The hash map is now fully converted to bpf_mem_alloc. Its implementation is not
allocating synchronously and not calling call_rcu() directly. It's now safe to
use non-preallocated hash maps in all types of tracing programs including
BPF_PROG_TYPE_PERF_EVENT that runs out of NMI context.

#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git linux-5.15.y

---
kernel/bpf/verifier.c | 29 -----------------------------
1 file changed, 29 deletions(-)

[syzbot]

Hello,

syzbot has tested the proposed patch and the reproducer did not trigger any issue:

Reported-by: syzbot+3d7af5...@syzkaller.appspotmail.com
Tested-by: syzbot+3d7af5...@syzkaller.appspotmail.com

Tested on:

commit: f7347f40 Linux 5.15.180
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git linux-5.15.y

console output: https://syzkaller.appspot.com/x/log.txt?x=11c7cfe4580000
kernel config: https://syzkaller.appspot.com/x/.config?x=a2f42e34471bc17b
dashboard link: https://syzkaller.appspot.com/bug?extid=3d7af5d2cc62b29ab2ed
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=1526f0cc580000

Note: testing is done by a robot and is best-effort only.