From: Jiri Olsa <olsajiri@gmail.com>
To: Ilya Leoshkevich <iii@linux.ibm.com>
Cc: "Jiri Olsa" <olsajiri@gmail.com>,
"Alexei Starovoitov" <ast@kernel.org>,
"Daniel Borkmann" <daniel@iogearbox.net>,
"Andrii Nakryiko" <andrii@kernel.org>,
bpf@vger.kernel.org, "Martin KaFai Lau" <kafai@fb.com>,
"Song Liu" <songliubraving@fb.com>, "Yonghong Song" <yhs@fb.com>,
"John Fastabend" <john.fastabend@gmail.com>,
"KP Singh" <kpsingh@chromium.org>,
"Stanislav Fomichev" <sdf@google.com>,
"Hao Luo" <haoluo@google.com>, "Xu Kuohai" <xukuohai@huawei.com>,
"Will Deacon" <will@kernel.org>,
"Nathan Chancellor" <nathan@kernel.org>,
"Pu Lehui" <pulehui@huawei.com>, "Björn Töpel" <bjorn@kernel.org>,
"Lee Jones" <lee@kernel.org>
Subject: Re: [PATCHv2 bpf 0/2] bpf: Fix prog_array_map_poke_run map poke update
Date: Fri, 1 Dec 2023 14:13:22 +0100 [thread overview]
Message-ID: <ZWnb8ptRW1DW6JLp@krava> (raw)
In-Reply-To: <ZWc7OHnLux47RpOr@krava>
On Wed, Nov 29, 2023 at 02:23:04PM +0100, Jiri Olsa wrote:
> On Tue, Nov 28, 2023 at 11:44:33PM +0100, Ilya Leoshkevich wrote:
> > On Tue, 2023-11-28 at 10:28 +0100, Jiri Olsa wrote:
> > > hi,
> > > this patchset fixes the issue reported in [0].
> > >
> > > For the actual fix in patch 2 I'm changing bpf_arch_text_poke to
> > > allow to skip
> > > ip address check in patch 1. I considered adding separate function
> > > for that,
> > > but because each arch implementation is bit different, adding extra
> > > arg seemed
> > > like better option.
> > >
> > > v2 changes:
> > > - make it work for other archs
> > >
> > > thanks,
> > > jirka
> > >
> > >
> > > [0] https://syzkaller.appspot.com/bug?extid=97a4fe20470e9bc30810
> > > ---
> > > Jiri Olsa (2):
> > > bpf: Add checkip argument to bpf_arch_text_poke
> > > bpf, x64: Fix prog_array_map_poke_run map poke update
> > >
> > > arch/arm64/net/bpf_jit_comp.c | 3 ++-
> > > arch/riscv/net/bpf_jit_comp64.c | 5 +++--
> > > arch/s390/net/bpf_jit_comp.c | 3 ++-
> > > arch/x86/net/bpf_jit_comp.c | 24 +++++++++++++-----------
> > > include/linux/bpf.h | 2 +-
> > > kernel/bpf/arraymap.c | 31 +++++++++++--------------------
> > > kernel/bpf/core.c | 2 +-
> > > kernel/bpf/trampoline.c | 12 ++++++------
> > > 8 files changed, 39 insertions(+), 43 deletions(-)
> >
> > Would it be possible to add a minimized version of the reproducer as a
> > testcase?
>
> there's reproducer I used in here:
> https://syzkaller.appspot.com/text?tag=ReproC&x=1397180f680000
>
> I can try, but not sure I'll be able to come up with something that
> would fit as testcase.. I'll check
the test below reproduces it for me.. the only tricky part is that
I need to repeat the loop 10 times to trigger that on my setup..
which is not terrible, but not great for a test I think
jirka
---
diff --git a/tools/testing/selftests/bpf/prog_tests/tailcall_poke.c b/tools/testing/selftests/bpf/prog_tests/tailcall_poke.c
new file mode 100644
index 000000000000..c18751677811
--- /dev/null
+++ b/tools/testing/selftests/bpf/prog_tests/tailcall_poke.c
@@ -0,0 +1,77 @@
+// SPDX-License-Identifier: GPL-2.0
+#include <unistd.h>
+#include <test_progs.h>
+#include "tailcall_poke.skel.h"
+
+#define JMP_TABLE "/sys/fs/bpf/jmp_table"
+
+static int thread_exit;
+
+static void *update(void *arg)
+{
+ __u32 zero = 0, prog1_fd, prog2_fd, map_fd;
+ struct tailcall_poke *call = arg;
+
+ map_fd = bpf_map__fd(call->maps.jmp_table);
+ prog1_fd = bpf_program__fd(call->progs.call1);
+ prog2_fd = bpf_program__fd(call->progs.call2);
+
+ while (!thread_exit) {
+ bpf_map_update_elem(map_fd, &zero, &prog1_fd, BPF_ANY);
+ bpf_map_update_elem(map_fd, &zero, &prog2_fd, BPF_ANY);
+ }
+
+ return NULL;
+}
+
+void test_tailcall_poke(void)
+{
+ struct tailcall_poke *call, *test;
+ int err, cnt = 10;
+ pthread_t thread;
+
+ unlink(JMP_TABLE);
+
+ call = tailcall_poke__open_and_load();
+ if (!ASSERT_OK_PTR(call, "tailcall_poke__open"))
+ return;
+
+ err = bpf_map__pin(call->maps.jmp_table, JMP_TABLE);
+ if (!ASSERT_OK(err, "bpf_map__pin"))
+ goto out;
+
+ err = pthread_create(&thread, NULL, update, call);
+ if (!ASSERT_OK(err, "new toggler"))
+ goto out;
+
+ while (cnt--) {
+ test = tailcall_poke__open();
+ if (!ASSERT_OK_PTR(test, "tailcall_poke__open"))
+ break;
+
+ err = bpf_map__set_pin_path(test->maps.jmp_table, JMP_TABLE);
+ if (!ASSERT_OK(err, "bpf_map__pin")) {
+ tailcall_poke__destroy(test);
+ break;
+ }
+
+ bpf_program__set_autoload(test->progs.test, true);
+ bpf_program__set_autoload(test->progs.call1, false);
+ bpf_program__set_autoload(test->progs.call2, false);
+
+ err = tailcall_poke__load(test);
+ if (!ASSERT_OK(err, "tailcall_poke__load")) {
+ tailcall_poke__destroy(test);
+ break;
+ }
+
+ tailcall_poke__destroy(test);
+ }
+
+ thread_exit = 1;
+ ASSERT_OK(pthread_join(thread, NULL), "pthread_join");
+
+out:
+ bpf_map__unpin(call->maps.jmp_table, JMP_TABLE);
+ tailcall_poke__destroy(call);
+}
diff --git a/tools/testing/selftests/bpf/progs/tailcall_poke.c b/tools/testing/selftests/bpf/progs/tailcall_poke.c
new file mode 100644
index 000000000000..d4cf63c7db01
--- /dev/null
+++ b/tools/testing/selftests/bpf/progs/tailcall_poke.c
@@ -0,0 +1,32 @@
+// SPDX-License-Identifier: GPL-2.0
+#include <linux/bpf.h>
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_tracing.h>
+
+char _license[] SEC("license") = "GPL";
+
+struct {
+ __uint(type, BPF_MAP_TYPE_PROG_ARRAY);
+ __uint(max_entries, 1);
+ __uint(key_size, sizeof(__u32));
+ __uint(value_size, sizeof(__u32));
+} jmp_table SEC(".maps");
+
+SEC("?fentry/bpf_fentry_test1")
+int BPF_PROG(test, int a)
+{
+ bpf_tail_call_static(ctx, &jmp_table, 0);
+ return 0;
+}
+
+SEC("fentry/bpf_fentry_test1")
+int BPF_PROG(call1, int a)
+{
+ return 0;
+}
+
+SEC("fentry/bpf_fentry_test1")
+int BPF_PROG(call2, int a)
+{
+ return 0;
+}
next prev parent reply other threads:[~2023-12-01 13:13 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-28 9:28 [PATCHv2 bpf 0/2] bpf: Fix prog_array_map_poke_run map poke update Jiri Olsa
2023-11-28 9:28 ` [PATCHv2 bpf 1/2] bpf: Add checkip argument to bpf_arch_text_poke Jiri Olsa
2023-11-28 21:24 ` Stanislav Fomichev
2023-11-29 14:05 ` Jiri Olsa
2023-11-29 14:55 ` Jiri Olsa
2023-11-29 18:10 ` Stanislav Fomichev
2023-12-01 9:10 ` Jiri Olsa
2023-12-01 14:36 ` Ilya Leoshkevich
2023-12-03 20:50 ` Jiri Olsa
2023-11-28 9:28 ` [PATCHv2 bpf 2/2] bpf: Fix prog_array_map_poke_run map poke update Jiri Olsa
2023-11-28 22:44 ` [PATCHv2 bpf 0/2] " Ilya Leoshkevich
2023-11-29 13:23 ` Jiri Olsa
2023-12-01 13:13 ` Jiri Olsa [this message]
2023-12-01 14:31 ` Ilya Leoshkevich
2023-12-01 14:52 ` Jiri Olsa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZWnb8ptRW1DW6JLp@krava \
--to=olsajiri@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bjorn@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=haoluo@google.com \
--cc=iii@linux.ibm.com \
--cc=john.fastabend@gmail.com \
--cc=kafai@fb.com \
--cc=kpsingh@chromium.org \
--cc=lee@kernel.org \
--cc=nathan@kernel.org \
--cc=pulehui@huawei.com \
--cc=sdf@google.com \
--cc=songliubraving@fb.com \
--cc=will@kernel.org \
--cc=xukuohai@huawei.com \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.