Re: [PATCH v2 2/4] LoongArch: bpf: Advertise JIT support for kptr xchg inline

BPF List
 help / color / mirror / Atom feed

From: sashiko-bot@kernel.org
To: "Chenguang Zhao" <zhaochenguang@kylinos.cn>
Cc: bpf@vger.kernel.org
Subject: Re: [PATCH v2 2/4] LoongArch: bpf: Advertise JIT support for kptr xchg inline
Date: Wed, 03 Jun 2026 10:27:19 +0000	[thread overview]
Message-ID: <20260603102720.20CEA1F00893@smtp.kernel.org> (raw)
In-Reply-To: <20260603100438.2177817-3-zhaochenguang@kylinos.cn>

Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:

Pre-existing issues:
- [High] LoongArch BPF JIT lacks required memory barriers for value-returning atomic instructions (`BPF_CMPXCHG` and `BPF_FETCH` variants), violating the Linux Kernel Memory Model.
--

commit ae71c5cdb14e5f9c74cac323c884423ce8768951
Author: Chenguang Zhao <zhaochenguang@kylinos.cn>

LoongArch: bpf: Advertise JIT support for kptr xchg inline

The BPF verifier can lower bpf_kptr_xchg() to BPF_XCHG when the JIT
advertises ptr xchg support. With ordered amswap_db.* emission from the
previous patch, declare that LoongArch bpf JIT supports this inlining.

> diff --git a/arch/loongarch/net/bpf_jit.c b/arch/loongarch/net/bpf_jit.c
> index f071d913e0545..4f3aa53eda205 100644
> --- a/arch/loongarch/net/bpf_jit.c
> +++ b/arch/loongarch/net/bpf_jit.c
> @@ -2362,6 +2362,11 @@ bool bpf_jit_supports_fsession(void)
>  	return true;
>  }
>  
> +bool bpf_jit_supports_ptr_xchg(void)
> +{
> +	return true;
> +}
> +

[Severity: High]
This is a pre-existing issue, but while the previous patch updated BPF_XCHG
to emit fully ordered amswap_db.* instructions, do the other value-returning
BPF atomics (BPF_CMPXCHG and BPF_FETCH variants) also need to be updated to
ensure sequential consistency?

According to the Linux Kernel Memory Model, value-returning atomic RMW
instructions must be fully ordered. In emit_atomic_rmw(), BPF_ADD | BPF_FETCH
and similar fetch variants emit weakly ordered instructions:

arch/loongarch/net/bpf_jit.c:emit_atomic_rmw() {
    /* src = atomic_fetch_<op>(dst + off, src) */
    case BPF_ADD | BPF_FETCH:
    ...
    emit_insn(ctx, amaddd, src, t1, t3);
    ...
}

Should these be using the fully ordered _db variants (e.g., amadd_db.d) or
be wrapped with dbar 0?

Similarly, BPF_CMPXCHG emits an ll/sc loop without memory barriers before
or after the loop:

arch/loongarch/net/bpf_jit.c:emit_atomic_rmw() {
    /* r0 = atomic_cmpxchg(dst + off, r0, src); */
    case BPF_CMPXCHG:
        move_reg(ctx, t2, r0);
        if (isdw) {
            emit_insn(ctx, lld, r0, t1, 0);
            emit_insn(ctx, bne, t2, r0, 4);
            move_reg(ctx, t3, src);
            emit_insn(ctx, scd, t3, t1, 0);
            emit_insn(ctx, beq, t3, LOONGARCH_GPR_ZERO, -4);
        } ...
}

Could this leave BPF programs vulnerable to memory reordering bugs on
LoongArch if dbar 0 is not emitted?

>  /* Indicate the JIT backend supports mixing bpf2bpf and tailcalls. */
>  bool bpf_jit_supports_subprog_tailcalls(void)

-- 
Sashiko AI review · https://sashiko.dev/#/patchset/20260603100438.2177817-1-zhaochenguang@kylinos.cn?part=2

next prev parent reply	other threads:[~2026-06-03 10:27 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-06-03 10:04 [PATCH v2 0/4] LoongArch bpf kptr xchg inline support Chenguang Zhao
2026-06-03 10:04 ` [PATCH v2 1/4] LoongArch: bpf: Use amswap_db for BPF atomic xchg Chenguang Zhao
2026-06-03 10:16   ` sashiko-bot
2026-06-03 10:59   ` bot+bpf-ci
2026-06-03 10:04 ` [PATCH v2 2/4] LoongArch: bpf: Advertise JIT support for kptr xchg inline Chenguang Zhao
2026-06-03 10:27   ` sashiko-bot [this message]
2026-06-03 10:41   ` bot+bpf-ci
2026-06-03 10:04 ` [PATCH v2 3/4] selftests/bpf: Enable kptr_xchg_inline test on LoongArch Chenguang Zhao
2026-06-03 10:04 ` [PATCH v2 4/4] selftests/bpf: Add kptr-xchg benchmark Chenguang Zhao
2026-06-03 10:40   ` sashiko-bot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260603102720.20CEA1F00893@smtp.kernel.org \
    --to=sashiko-bot@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=sashiko-reviews@lists.linux.dev \
    --cc=zhaochenguang@kylinos.cn \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox