[PATCH 4.4 03/15] bpf, s390: fix jit branch offset related to ldimm64

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Daniel Borkmann <daniel@iogearbox.net>,
	Michael Holzheu <holzheu@linux.vnet.ibm.com>,
	"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.4 03/15] bpf, s390: fix jit branch offset related to ldimm64
Date: Fri, 11 Aug 2017 15:02:17 -0700	[thread overview]
Message-ID: <20170811220219.582089840@linuxfoundation.org> (raw)
In-Reply-To: <20170811220219.438083791@linuxfoundation.org>

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Daniel Borkmann <daniel@iogearbox.net>


[ Upstream commit b0a0c2566f28e71e5e32121992ac8060cec75510 ]

While testing some other work that required JIT modifications, I
run into test_bpf causing a hang when JIT enabled on s390. The
problematic test case was the one from ddc665a4bb4b (bpf, arm64:
fix jit branch offset related to ldimm64), and turns out that we
do have a similar issue on s390 as well. In bpf_jit_prog() we
update next instruction address after returning from bpf_jit_insn()
with an insn_count. bpf_jit_insn() returns either -1 in case of
error (e.g. unsupported insn), 1 or 2. The latter is only the
case for ldimm64 due to spanning 2 insns, however, next address
is only set to i + 1 not taking actual insn_count into account,
thus fix is to use insn_count instead of 1. bpf_jit_enable in
mode 2 provides also disasm on s390:

Before fix:

  000003ff800349b6: a7f40003   brc     15,3ff800349bc                 ; target
  000003ff800349ba: 0000               unknown
  000003ff800349bc: e3b0f0700024       stg     %r11,112(%r15)
  000003ff800349c2: e3e0f0880024       stg     %r14,136(%r15)
  000003ff800349c8: 0db0               basr    %r11,%r0
  000003ff800349ca: c0ef00000000       llilf   %r14,0
  000003ff800349d0: e320b0360004       lg      %r2,54(%r11)
  000003ff800349d6: e330b03e0004       lg      %r3,62(%r11)
  000003ff800349dc: ec23ffeda065       clgrj   %r2,%r3,10,3ff800349b6 ; jmp
  000003ff800349e2: e3e0b0460004       lg      %r14,70(%r11)
  000003ff800349e8: e3e0b04e0004       lg      %r14,78(%r11)
  000003ff800349ee: b904002e   lgr     %r2,%r14
  000003ff800349f2: e3b0f0700004       lg      %r11,112(%r15)
  000003ff800349f8: e3e0f0880004       lg      %r14,136(%r15)
  000003ff800349fe: 07fe               bcr     15,%r14

After fix:

  000003ff80ef3db4: a7f40003   brc     15,3ff80ef3dba
  000003ff80ef3db8: 0000               unknown
  000003ff80ef3dba: e3b0f0700024       stg     %r11,112(%r15)
  000003ff80ef3dc0: e3e0f0880024       stg     %r14,136(%r15)
  000003ff80ef3dc6: 0db0               basr    %r11,%r0
  000003ff80ef3dc8: c0ef00000000       llilf   %r14,0
  000003ff80ef3dce: e320b0360004       lg      %r2,54(%r11)
  000003ff80ef3dd4: e330b03e0004       lg      %r3,62(%r11)
  000003ff80ef3dda: ec230006a065       clgrj   %r2,%r3,10,3ff80ef3de6 ; jmp
  000003ff80ef3de0: e3e0b0460004       lg      %r14,70(%r11)
  000003ff80ef3de6: e3e0b04e0004       lg      %r14,78(%r11)          ; target
  000003ff80ef3dec: b904002e   lgr     %r2,%r14
  000003ff80ef3df0: e3b0f0700004       lg      %r11,112(%r15)
  000003ff80ef3df6: e3e0f0880004       lg      %r14,136(%r15)
  000003ff80ef3dfc: 07fe               bcr     15,%r14

test_bpf.ko suite runs fine after the fix.

Fixes: 054623105728 ("s390/bpf: Add s390x eBPF JIT compiler backend")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Tested-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/s390/net/bpf_jit_comp.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/arch/s390/net/bpf_jit_comp.c
+++ b/arch/s390/net/bpf_jit_comp.c
@@ -1250,7 +1250,8 @@ static int bpf_jit_prog(struct bpf_jit *
 		insn_count = bpf_jit_insn(jit, fp, i);
 		if (insn_count < 0)
 			return -1;
-		jit->addrs[i + 1] = jit->prg; /* Next instruction address */
+		/* Next instruction address */
+		jit->addrs[i + insn_count] = jit->prg;
 	}
 	bpf_jit_epilogue(jit);

next prev parent reply	other threads:[~2017-08-11 22:08 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-08-11 22:02 [PATCH 4.4 00/15] 4.4.82-stable review Greg Kroah-Hartman
2017-08-11 22:02 ` [PATCH 4.4 01/15] tcp: avoid setting cwnd to invalid ssthresh after cwnd reduction states Greg Kroah-Hartman
2017-08-11 22:02 ` [PATCH 4.4 02/15] net: fix keepalive code vs TCP_FASTOPEN_CONNECT Greg Kroah-Hartman
2017-08-18 11:57   ` Eddie Chapman
2017-08-11 22:02 ` Greg Kroah-Hartman [this message]
2017-08-11 22:02 ` [PATCH 4.4 04/15] net: sched: set xt_tgchk_param par.nft_compat as 0 in ipt_init_target Greg Kroah-Hartman
2017-08-11 22:02 ` [PATCH 4.4 05/15] tcp: fastopen: tcp_connect() must refresh the route Greg Kroah-Hartman
2017-08-11 22:02 ` [PATCH 4.4 06/15] net: avoid skb_warn_bad_offload false positives on UFO Greg Kroah-Hartman
2017-08-11 22:02 ` [PATCH 4.4 07/15] packet: fix tp_reserve race in packet_set_ring Greg Kroah-Hartman
2017-08-11 22:02 ` [PATCH 4.4 08/15] revert "net: account for current skb length when deciding about UFO" Greg Kroah-Hartman
2017-08-11 22:02 ` [PATCH 4.4 09/15] revert "ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output" Greg Kroah-Hartman
2017-08-11 22:02 ` [PATCH 4.4 10/15] udp: consistently apply ufo or fragmentation Greg Kroah-Hartman
2017-08-11 22:02 ` [PATCH 4.4 11/15] sparc64: Prevent perf from running during super critical sections Greg Kroah-Hartman
2017-08-11 22:02 ` [PATCH 4.4 12/15] KVM: arm/arm64: Handle hva aging while destroying the vm Greg Kroah-Hartman
2017-08-11 22:02 ` [PATCH 4.4 13/15] mm/mempool: avoid KASAN marking mempool poison checks as use-after-free Greg Kroah-Hartman
2017-08-11 22:02 ` [PATCH 4.4 14/15] ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output Greg Kroah-Hartman
2017-08-12  1:57 ` [PATCH 4.4 00/15] 4.4.82-stable review Shuah Khan
2017-08-12 12:24 ` Guenter Roeck

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170811220219.582089840@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=daniel@iogearbox.net \
    --cc=davem@davemloft.net \
    --cc=holzheu@linux.vnet.ibm.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.