Re: [PATCH bpf-next] docs/bpf: Document some special sdiv/smod operations

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Yonghong Song <yonghong.song@linux.dev>
To: Dave Thaler <dthaler1968@googlemail.com>,
	'Alexei Starovoitov' <alexei.starovoitov@gmail.com>,
	bpf@ietf.org
Cc: 'bpf' <bpf@vger.kernel.org>,
	'Alexei Starovoitov' <ast@kernel.org>,
	'Andrii Nakryiko' <andrii@kernel.org>,
	'Daniel Borkmann' <daniel@iogearbox.net>,
	'Martin KaFai Lau' <martin.lau@kernel.org>
Subject: Re: [PATCH bpf-next] docs/bpf: Document some special sdiv/smod operations
Date: Thu, 3 Oct 2024 22:28:29 -0700	[thread overview]
Message-ID: <cebd5c08-717f-4130-9f8c-1f5bd101d767@linux.dev> (raw)
In-Reply-To: <181301db143b$ba6fd9c0$2f4f8d40$@gmail.com>


On 10/1/24 12:54 PM, Dave Thaler wrote:
> Yonghong Song <yonghong.song@linux.dev> wrote:
>> On 9/30/24 6:50 PM, Alexei Starovoitov wrote:
>>> On Thu, Sep 26, 2024 at 8:39 PM Yonghong Song <yonghong.song@linux.dev>
>> wrote:
>>>> Patch [1] fixed possible kernel crash due to specific sdiv/smod
>>>> operations in bpf program. The following are related operations and
>>>> the expected results of those operations:
>>>>     - LLONG_MIN/-1 = LLONG_MIN
>>>>     - INT_MIN/-1 = INT_MIN
>>>>     - LLONG_MIN%-1 = 0
>>>>     - INT_MIN%-1 = 0
>>>>
>>>> Those operations are replaced with codes which won't cause kernel
>>>> crash. This patch documents what operations may cause exception and
>>>> what replacement operations are.
>>>>
>>>>     [1]
>>>> https://lore.kernel.org/all/20240913150326.1187788-1-yonghong.song@li
>>>> nux.dev/
>>>>
>>>> Signed-off-by: Yonghong Song <yonghong.song@linux.dev>
>>>> ---
>>>>    .../bpf/standardization/instruction-set.rst   | 25 +++++++++++++++----
>>>>    1 file changed, 20 insertions(+), 5 deletions(-)
>>>>
>>>> diff --git a/Documentation/bpf/standardization/instruction-set.rst
>>>> b/Documentation/bpf/standardization/instruction-set.rst
>>>> index ab820d565052..d150c1d7ad3b 100644
>>>> --- a/Documentation/bpf/standardization/instruction-set.rst
>>>> +++ b/Documentation/bpf/standardization/instruction-set.rst
>>>> @@ -347,11 +347,26 @@ register.
>>>>      =====  =====  =======
>>>> ==========================================================
>>>>
>>>>    Underflow and overflow are allowed during arithmetic operations,
>>>> meaning -the 64-bit or 32-bit value will wrap. If BPF program
>>>> execution would -result in division by zero, the destination register is instead set
>> to zero.
>>>> -If execution would result in modulo by zero, for ``ALU64`` the value of
>>>> -the destination register is unchanged whereas for ``ALU`` the upper
>>>> -32 bits of the destination register are zeroed.
>>>> +the 64-bit or 32-bit value will wrap. There are also a few
>>>> +arithmetic operations which may cause exception for certain
>>>> +architectures. Since crashing the kernel is not an option, those operations are
>> replaced with alternative operations.
>>>> +
>>>> +.. table:: Arithmetic operations with possible exceptions
>>>> +
>>>> +  =====  ==========  =============================
>> ==========================
>>>> +  name   class       original                       replacement
>>>> +  =====  ==========  =============================
>> ==========================
>>>> +  DIV    ALU64/ALU   dst /= 0                       dst = 0
>>>> +  SDIV   ALU64/ALU   dst s/= 0                      dst = 0
>>>> +  MOD    ALU64       dst %= 0                       dst = dst (no replacement)
>>>> +  MOD    ALU         dst %= 0                       dst = (u32)dst
>>>> +  SMOD   ALU64       dst s%= 0                      dst = dst (no replacement)
>>>> +  SMOD   ALU         dst s%= 0                      dst = (u32)dst
> All of the above are already covered in existing Table 5 and in my opinion
> don't need to be repeated.

This tries to separate cases between ALU and ALU64. But I agree that the table
5 should be good enough.

>
> That is, the "original" is not what Table 5 has, so just introduces confusion
> in the document in my opinion.
>
>>>> +  SDIV   ALU64       dst s/= -1 (dst = LLONG_MIN)   dst = LLONG_MIN
>>>> +  SDIV   ALU         dst s/= -1 (dst = INT_MIN)     dst = (u32)INT_MIN
>>>> +  SMOD   ALU64       dst s%= -1 (dst = LLONG_MIN)   dst = 0
>>>> +  SMOD   ALU         dst s%= -1 (dst = INT_MIN)     dst = 0
> The above four are the new ones and I'd prefer a solution that modifies
> existing table 5.  E.g. table 5 has now for SMOD:
>
> dst = (src != 0) ? (dst s% src) : dst
>
> and could have something like this:
>
> dst = (src == 0) ? dst : ((src == -1 && dst == INT_MIN) ? 0 : (dst s% src))

Thanks. This indeed simpler. I can do this.

WARNING: multiple messages have this Message-ID (diff)

From: Yonghong Song <yonghong.song@linux.dev>
To: Dave Thaler <dthaler1968@googlemail.com>,
	'Alexei Starovoitov' <alexei.starovoitov@gmail.com>,
	bpf@ietf.org
Cc: 'bpf' <bpf@vger.kernel.org>,
	'Alexei Starovoitov' <ast@kernel.org>,
	'Andrii Nakryiko' <andrii@kernel.org>,
	'Daniel Borkmann' <daniel@iogearbox.net>,
	'Martin KaFai Lau' <martin.lau@kernel.org>
Subject: [Bpf] Re: [PATCH bpf-next] docs/bpf: Document some special sdiv/smod operations
Date: Thu, 3 Oct 2024 22:28:29 -0700	[thread overview]
Message-ID: <cebd5c08-717f-4130-9f8c-1f5bd101d767@linux.dev> (raw)
Message-ID: <20241004052829.HWgO9sXtVWTTakz19KfBYXM6lb6BfXbVTxfJUpikEAM@z> (raw)
In-Reply-To: <181301db143b$ba6fd9c0$2f4f8d40$@gmail.com>


On 10/1/24 12:54 PM, Dave Thaler wrote:
> Yonghong Song <yonghong.song@linux.dev> wrote:
>> On 9/30/24 6:50 PM, Alexei Starovoitov wrote:
>>> On Thu, Sep 26, 2024 at 8:39 PM Yonghong Song <yonghong.song@linux.dev>
>> wrote:
>>>> Patch [1] fixed possible kernel crash due to specific sdiv/smod
>>>> operations in bpf program. The following are related operations and
>>>> the expected results of those operations:
>>>>     - LLONG_MIN/-1 = LLONG_MIN
>>>>     - INT_MIN/-1 = INT_MIN
>>>>     - LLONG_MIN%-1 = 0
>>>>     - INT_MIN%-1 = 0
>>>>
>>>> Those operations are replaced with codes which won't cause kernel
>>>> crash. This patch documents what operations may cause exception and
>>>> what replacement operations are.
>>>>
>>>>     [1]
>>>> https://lore.kernel.org/all/20240913150326.1187788-1-yonghong.song@li
>>>> nux.dev/
>>>>
>>>> Signed-off-by: Yonghong Song <yonghong.song@linux.dev>
>>>> ---
>>>>    .../bpf/standardization/instruction-set.rst   | 25 +++++++++++++++----
>>>>    1 file changed, 20 insertions(+), 5 deletions(-)
>>>>
>>>> diff --git a/Documentation/bpf/standardization/instruction-set.rst
>>>> b/Documentation/bpf/standardization/instruction-set.rst
>>>> index ab820d565052..d150c1d7ad3b 100644
>>>> --- a/Documentation/bpf/standardization/instruction-set.rst
>>>> +++ b/Documentation/bpf/standardization/instruction-set.rst
>>>> @@ -347,11 +347,26 @@ register.
>>>>      =====  =====  =======
>>>> ==========================================================
>>>>
>>>>    Underflow and overflow are allowed during arithmetic operations,
>>>> meaning -the 64-bit or 32-bit value will wrap. If BPF program
>>>> execution would -result in division by zero, the destination register is instead set
>> to zero.
>>>> -If execution would result in modulo by zero, for ``ALU64`` the value of
>>>> -the destination register is unchanged whereas for ``ALU`` the upper
>>>> -32 bits of the destination register are zeroed.
>>>> +the 64-bit or 32-bit value will wrap. There are also a few
>>>> +arithmetic operations which may cause exception for certain
>>>> +architectures. Since crashing the kernel is not an option, those operations are
>> replaced with alternative operations.
>>>> +
>>>> +.. table:: Arithmetic operations with possible exceptions
>>>> +
>>>> +  =====  ==========  =============================
>> ==========================
>>>> +  name   class       original                       replacement
>>>> +  =====  ==========  =============================
>> ==========================
>>>> +  DIV    ALU64/ALU   dst /= 0                       dst = 0
>>>> +  SDIV   ALU64/ALU   dst s/= 0                      dst = 0
>>>> +  MOD    ALU64       dst %= 0                       dst = dst (no replacement)
>>>> +  MOD    ALU         dst %= 0                       dst = (u32)dst
>>>> +  SMOD   ALU64       dst s%= 0                      dst = dst (no replacement)
>>>> +  SMOD   ALU         dst s%= 0                      dst = (u32)dst
> All of the above are already covered in existing Table 5 and in my opinion
> don't need to be repeated.

This tries to separate cases between ALU and ALU64. But I agree that the table
5 should be good enough.

>
> That is, the "original" is not what Table 5 has, so just introduces confusion
> in the document in my opinion.
>
>>>> +  SDIV   ALU64       dst s/= -1 (dst = LLONG_MIN)   dst = LLONG_MIN
>>>> +  SDIV   ALU         dst s/= -1 (dst = INT_MIN)     dst = (u32)INT_MIN
>>>> +  SMOD   ALU64       dst s%= -1 (dst = LLONG_MIN)   dst = 0
>>>> +  SMOD   ALU         dst s%= -1 (dst = INT_MIN)     dst = 0
> The above four are the new ones and I'd prefer a solution that modifies
> existing table 5.  E.g. table 5 has now for SMOD:
>
> dst = (src != 0) ? (dst s% src) : dst
>
> and could have something like this:
>
> dst = (src == 0) ? dst : ((src == -1 && dst == INT_MIN) ? 0 : (dst s% src))

Thanks. This indeed simpler. I can do this.

-- 
Bpf mailing list -- bpf@ietf.org
To unsubscribe send an email to bpf-leave@ietf.org

next prev parent reply	other threads:[~2024-10-04  5:28 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-09-27  3:39 [PATCH bpf-next] docs/bpf: Document some special sdiv/smod operations Yonghong Song
2024-10-01  1:50 ` Alexei Starovoitov
2024-10-01 15:48   ` Yonghong Song
2024-10-01 19:54     ` Dave Thaler
2024-10-01 19:54       ` [Bpf] " Dave Thaler
2024-10-02 20:13       ` Alexei Starovoitov
2024-10-02 20:13         ` [Bpf] " Alexei Starovoitov
2024-11-08  2:30         ` Dave Thaler
2024-11-08  2:30           ` [Bpf] " Dave Thaler
2024-11-08 18:38           ` Alexei Starovoitov
2024-11-08 18:38             ` [Bpf] " Alexei Starovoitov
2024-11-08 18:53             ` Dave Thaler
2024-11-08 18:53               ` [Bpf] " Dave Thaler
2024-11-08 19:00               ` Yonghong Song
2024-11-08 19:00                 ` [Bpf] " Yonghong Song
2024-11-08 20:34               ` Alexei Starovoitov
2024-11-08 20:34                 ` [Bpf] " Alexei Starovoitov
2024-10-04  5:28       ` Yonghong Song [this message]
2024-10-04  5:28         ` Yonghong Song

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cebd5c08-717f-4130-9f8c-1f5bd101d767@linux.dev \
    --to=yonghong.song@linux.dev \
    --cc=alexei.starovoitov@gmail.com \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@ietf.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=dthaler1968@googlemail.com \
    --cc=martin.lau@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.