From: Peilin Ye <yepeilin@google.com>
To: Eduard Zingerman <eddyz87@gmail.com>
Cc: bpf@vger.kernel.org, Alexei Starovoitov <ast@kernel.org>,
Song Liu <song@kernel.org>,
Yonghong Song <yonghong.song@linux.dev>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
Martin KaFai Lau <martin.lau@linux.dev>,
John Fastabend <john.fastabend@gmail.com>,
KP Singh <kpsingh@kernel.org>,
Stanislav Fomichev <sdf@fomichev.me>, Hao Luo <haoluo@google.com>,
Jiri Olsa <jolsa@kernel.org>,
"Paul E. McKenney" <paulmck@kernel.org>,
Puranjay Mohan <puranjay@kernel.org>,
Xu Kuohai <xukuohai@huaweicloud.com>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>, Quentin Monnet <qmo@kernel.org>,
Mykola Lysenko <mykolal@fb.com>, Shuah Khan <shuah@kernel.org>,
Josh Don <joshdon@google.com>, Barret Rhoden <brho@google.com>,
Neel Natu <neelnatu@google.com>,
Benjamin Segall <bsegall@google.com>,
David Vernet <dvernet@meta.com>,
Dave Marchevsky <davemarchevsky@meta.com>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH RFC bpf-next v1 2/4] bpf: Introduce load-acquire and store-release instructions
Date: Tue, 7 Jan 2025 01:08:57 +0000 [thread overview]
Message-ID: <Z3x-qSHxWTw5je1O@google.com> (raw)
In-Reply-To: <9941341e8bd78f3563e0027a59cac8966f1e3666.camel@gmail.com>
Hi Eduard,
Thanks for the review!
On Fri, Jan 03, 2025 at 04:12:08PM -0800, Eduard Zingerman wrote:
> On Sat, 2024-12-21 at 01:25 +0000, Peilin Ye wrote:
> > Introduce BPF instructions with load-acquire and store-release
> > semantics, as discussed in [1]. The following new flags are defined:
>
> The '[1]' link is missing.
Oops, thanks.
[1] https://lore.kernel.org/all/20240729183246.4110549-1-yepeilin@google.com/
> > --- a/kernel/bpf/disasm.c
> > +++ b/kernel/bpf/disasm.c
> > @@ -267,6 +267,20 @@ void print_bpf_insn(const struct bpf_insn_cbs *cbs,
> > BPF_SIZE(insn->code) == BPF_DW ? "64" : "",
> > bpf_ldst_string[BPF_SIZE(insn->code) >> 3],
> > insn->dst_reg, insn->off, insn->src_reg);
> > + } else if (BPF_MODE(insn->code) == BPF_ATOMIC &&
> > + insn->imm == BPF_LOAD_ACQ) {
> > + verbose(cbs->private_data, "(%02x) %s%d = load_acquire((%s *)(r%d %+d))\n",
> > + insn->code,
> > + BPF_SIZE(insn->code) == BPF_DW ? "r" : "w", insn->dst_reg,
>
> Nit: I think that 'BPF_DW ? "r" : "w"' part is not really necessary.
We already do that in other places in the file, so I wanted to keep it
consistent:
$ git grep "? 'w' : 'r'" kernel/bpf/disasm.c | wc -l
8
(Though I just realized that I could've used '%c' instead of '%s'.)
> > static int check_atomic(struct bpf_verifier_env *env, int insn_idx, struct bpf_insn *insn)
> > {
> > + const int bpf_size = BPF_SIZE(insn->code);
> > + bool write_only = false;
> > int load_reg;
> > int err;
> >
> > @@ -7564,17 +7566,21 @@ static int check_atomic(struct bpf_verifier_env *env, int insn_idx, struct bpf_i
> > case BPF_XOR | BPF_FETCH:
> > case BPF_XCHG:
> > case BPF_CMPXCHG:
> > + if (bpf_size != BPF_W && bpf_size != BPF_DW) {
> > + verbose(env, "invalid atomic operand size\n");
> > + return -EINVAL;
> > + }
> > + break;
> > + case BPF_LOAD_ACQ:
>
> Several notes here:
> - This skips the 'bpf_jit_supports_insn()' call at the end of the function.
> - Also 'check_load()' allows source register to be PTR_TO_CTX,
> but convert_ctx_access() is not adjusted to handle these atomic instructions.
> (Just in case: context access is special, context structures are not "real",
> e.g. during runtime real sk_buff is passed to the program, not __sk_buff,
> in convert_ctx_access() verifier adjusts offsets of load and store instructions
> to point to real fields, this is done per program type, e.g. see
> filter.c:bpf_convert_ctx_access);
I see, thanks for pointing these out! I'll add logic to handle
BPF_LOAD_ACQ in check_atomic() directly, instead of introducing
check_load(). I'll disallow using BPF_LOAD_ACQ with src_reg being
PTR_TO_CTX (just like all existing BPF_ATOMIC instructions), as we don't
think there'll be a use case for it.
> - backtrack_insn() needs special rules to handle BPF_LOAD_ACQ same way
> it handles loads.
Got it, I'll read backtrack_insn().
> > + return check_load(env, insn, "atomic");
> > + case BPF_STORE_REL:
> > + write_only = true;
> > break;
> > default:
> > verbose(env, "BPF_ATOMIC uses invalid atomic opcode %02x\n", insn->imm);
> > return -EINVAL;
> > }
> >
> > - if (BPF_SIZE(insn->code) != BPF_W && BPF_SIZE(insn->code) != BPF_DW) {
> > - verbose(env, "invalid atomic operand size\n");
> > - return -EINVAL;
> > - }
> > -
> > /* check src1 operand */
> > err = check_reg_arg(env, insn->src_reg, SRC_OP);
> > if (err)
>
> Note: this code fragment looks as follows:
>
> /* check src1 operand */
> err = check_reg_arg(env, insn->src_reg, SRC_OP);
> if (err)
> return err;
>
> /* check src2 operand */
> err = check_reg_arg(env, insn->dst_reg, SRC_OP);
> if (err)
> return err;
>
> And there is no need for 'check_reg_arg(env, insn->dst_reg, SRC_OP)'
> for BPF_STORE_REL.
Why is that? IIUC, 'check_reg_arg(..., SRC_OP)' checks if we can read
the register, instead of the memory? For example, doing
'check_reg_arg(env, insn->dst_reg, SRC_OP)' prevents BPF_STORE_REL from
using an uninitialized dst_reg.
We also do this check for BPF_ST in do_check():
} else if (class == BPF_ST) {
enum bpf_reg_type dst_reg_type;
<...>
/* check src operand */
err = check_reg_arg(env, insn->dst_reg, SRC_OP);
if (err)
return err;
Thanks,
Peilin Ye
next prev parent reply other threads:[~2025-01-07 1:09 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-21 1:22 [PATCH RFC bpf-next v1 0/4] Introduce load-acquire and store-release BPF instructions Peilin Ye
2024-12-21 1:24 ` [PATCH RFC bpf-next v1 1/4] bpf/verifier: Factor out check_load() Peilin Ye
2024-12-21 1:25 ` [PATCH RFC bpf-next v1 2/4] bpf: Introduce load-acquire and store-release instructions Peilin Ye
2024-12-24 10:07 ` Xu Kuohai
2024-12-26 23:07 ` Peilin Ye
2024-12-27 0:23 ` Peilin Ye
2024-12-27 9:20 ` Peilin Ye
2024-12-30 8:27 ` Xu Kuohai
2024-12-31 1:15 ` Peilin Ye
2025-01-04 0:12 ` Eduard Zingerman
2025-01-07 1:08 ` Peilin Ye [this message]
2025-01-07 1:20 ` Eduard Zingerman
2025-01-07 8:25 ` Peilin Ye
2024-12-21 1:25 ` [PATCH RFC bpf-next v1 3/4] selftests/bpf: Delete duplicate verifier/atomic_invalid tests Peilin Ye
2024-12-21 1:26 ` [PATCH RFC bpf-next v1 4/4] selftests/bpf: Add selftests for load-acquire and store-release instructions Peilin Ye
2024-12-23 20:18 ` Peilin Ye
2025-01-04 1:11 ` Eduard Zingerman
2025-01-07 1:12 ` Peilin Ye
2024-12-21 7:19 ` [PATCH RFC bpf-next v1 0/4] Introduce load-acquire and store-release BPF instructions Peilin Ye
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z3x-qSHxWTw5je1O@google.com \
--to=yepeilin@google.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=brho@google.com \
--cc=bsegall@google.com \
--cc=catalin.marinas@arm.com \
--cc=daniel@iogearbox.net \
--cc=davemarchevsky@meta.com \
--cc=dvernet@meta.com \
--cc=eddyz87@gmail.com \
--cc=haoluo@google.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=joshdon@google.com \
--cc=kpsingh@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=mykolal@fb.com \
--cc=neelnatu@google.com \
--cc=paulmck@kernel.org \
--cc=puranjay@kernel.org \
--cc=qmo@kernel.org \
--cc=sdf@fomichev.me \
--cc=shuah@kernel.org \
--cc=song@kernel.org \
--cc=will@kernel.org \
--cc=xukuohai@huaweicloud.com \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.