From: Yonghong Song <yonghong.song@linux.dev>
To: Jiri Olsa <olsajiri@gmail.com>
Cc: bpf@vger.kernel.org, Alexei Starovoitov <ast@kernel.org>,
Andrii Nakryiko <andrii@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
kernel-team@fb.com, Martin KaFai Lau <martin.lau@kernel.org>,
Tejun Heo <tj@kernel.org>
Subject: Re: [PATCH bpf-next v6 8/9] selftests/bpf: Add tracing prog private stack tests
Date: Mon, 21 Oct 2024 09:19:57 -0700 [thread overview]
Message-ID: <72039787-a0a6-470c-8610-a813f12d2223@linux.dev> (raw)
In-Reply-To: <ZxYvkmP39zbCUGwd@krava>
On 10/21/24 3:40 AM, Jiri Olsa wrote:
> On Sun, Oct 20, 2024 at 09:32:38PM -0700, Yonghong Song wrote:
>> On 10/20/24 2:59 PM, Jiri Olsa wrote:
>>> On Sun, Oct 20, 2024 at 12:14:31PM -0700, Yonghong Song wrote:
>>>
>>> SNIP
>>>
>>>> +__naked __noinline __used
>>>> +static unsigned long loop_callback(void)
>>>> +{
>>>> + asm volatile (
>>>> + "call %[bpf_get_prandom_u32];"
>>>> + "r1 = 42;"
>>>> + "*(u64 *)(r10 - 512) = r1;"
>>>> + "call cumulative_stack_depth_subprog;"
>>>> + "r0 = 0;"
>>>> + "exit;"
>>>> + :
>>>> + : __imm(bpf_get_prandom_u32)
>>>> + : __clobber_common);
>>>> +}
>>>> +
>>>> +SEC("raw_tp")
>>>> +__description("Private stack, callback")
>>>> +__success
>>>> +__arch_x86_64
>>>> +/* for func loop_callback */
>>>> +__jited("func #1")
>>>> +__jited(" endbr64")
>>> this should fail if CONFIG_X86_KERNEL_IBT is not enabled, right?
>>>
>>> hm, but I can see that also in other tests, so I guess it's fine,
>>> should we add it to config.x86_64 ?
>> The CI has CONFIG_X86_KERNEL_IBT as well.
>>
>> I checked x86 kconfig, I see
>>
>> config CC_HAS_IBT
>> # GCC >= 9 and binutils >= 2.29
>> # Retpoline check to work around https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93654
>> # Clang/LLVM >= 14
>> # https://github.com/llvm/llvm-project/commit/e0b89df2e0f0130881bf6c39bf31d7f6aac00e0f
>> # https://github.com/llvm/llvm-project/commit/dfcf69770bc522b9e411c66454934a37c1f35332
>> def_bool ((CC_IS_GCC && $(cc-option, -fcf-protection=branch -mindirect-branch-register)) || \
>> (CC_IS_CLANG && CLANG_VERSION >= 140000)) && \
>> $(as-instr,endbr64)
>>
>> config X86_KERNEL_IBT
>> prompt "Indirect Branch Tracking"
>> def_bool y
>> depends on X86_64 && CC_HAS_IBT && HAVE_OBJTOOL
>> # https://github.com/llvm/llvm-project/commit/9d7001eba9c4cb311e03cd8cdc231f9e579f2d0f
>> depends on !LD_IS_LLD || LLD_VERSION >= 140000
>> select OBJTOOL
>> select X86_CET
>> help
>> Build the kernel with support for Indirect Branch Tracking, a
>> hardware support course-grain forward-edge Control Flow Integrity
>> protection. It enforces that all indirect calls must land on
>> an ENDBR instruction, as such, the compiler will instrument the
>> code with them to make this happen.
>> In addition to building the kernel with IBT, seal all functions that
>> are not indirect call targets, avoiding them ever becoming one.
>> This requires LTO like objtool runs and will slow down the build. It
>> does significantly reduce the number of ENDBR instructions in the
>> kernel image.
>>
>> So CONFIG_X86_KERNEL_IBT will be enabled if clang >= version_14 or newer gcc.
> IIUC it's just dependency, no? doesn't mean it'll get enabled automatically
>
>> In my system, the gcc version is 13.1. So there is no need to explicitly add
>> CONFIG_X86_KERNEL_IBT to the selftests/bpf/config.x86_64 file.
> I had to enable it manualy for gcc 13.3.1
IIUC, the ci config is generated based on config + config.x86_64 + config.vm
in tools/testing/selftests/bpf directory.
In my case .config is generated from config + config.x86_64 + config.vm
With my local gcc 11.5, I did
make olddefconfig
and I see CONFIG_X86_KERNEL_IBT=y is set.
Maybe your base config is a little bit different from what ci used.
My local config is based on ci config + some more e.g. enabling KASAN etc.
Could you debug a little more on why CONFIG_X86_KERNEL_IBT not enabled
by default in your case? For
config X86_KERNEL_IBT
prompt "Indirect Branch Tracking"
def_bool y
depends on X86_64 && CC_HAS_IBT && HAVE_OBJTOOL
# https://github.com/llvm/llvm-project/commit/9d7001eba9c4cb311e03cd8cdc231f9e579f2d0f
depends on !LD_IS_LLD || LLD_VERSION >= 140000
select OBJTOOL
select X86_CET
default is 'y' so if all dependencies are met, CONFIG_X86_KERNEL_IBT
is supposed to be on by default.
>
> jirka
next prev parent reply other threads:[~2024-10-21 16:20 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-20 19:13 [PATCH bpf-next v6 0/9] bpf: Support private stack for bpf progs Yonghong Song
2024-10-20 19:13 ` [PATCH bpf-next v6 1/9] bpf: Allow each subprog having stack size of 512 bytes Yonghong Song
2024-10-22 1:18 ` Alexei Starovoitov
2024-10-22 3:21 ` Yonghong Song
2024-10-22 3:43 ` Alexei Starovoitov
2024-10-22 4:08 ` Yonghong Song
2024-10-22 20:13 ` Yonghong Song
2024-10-22 20:41 ` Alexei Starovoitov
2024-10-22 21:29 ` Kumar Kartikeya Dwivedi
2024-10-22 21:36 ` Kumar Kartikeya Dwivedi
2024-10-22 21:43 ` Yonghong Song
2024-10-22 21:57 ` Alexei Starovoitov
2024-10-22 22:41 ` Yonghong Song
2024-10-22 22:59 ` Alexei Starovoitov
2024-10-22 23:53 ` Yonghong Song
2024-10-20 19:13 ` [PATCH bpf-next v6 2/9] bpf: Rename bpf_struct_ops_arg_info to bpf_struct_ops_func_info Yonghong Song
2024-10-20 19:13 ` [PATCH bpf-next v6 3/9] bpf: Support private stack for struct ops programs Yonghong Song
2024-10-22 1:34 ` Alexei Starovoitov
2024-10-22 2:59 ` Yonghong Song
2024-10-22 17:26 ` Martin KaFai Lau
2024-10-22 20:19 ` Alexei Starovoitov
2024-10-23 21:00 ` Tejun Heo
2024-10-23 23:07 ` Alexei Starovoitov
2024-10-24 0:56 ` Tejun Heo
2024-10-20 19:14 ` [PATCH bpf-next v6 4/9] bpf: Mark each subprog with proper private stack modes Yonghong Song
2024-10-20 22:01 ` Jiri Olsa
2024-10-21 4:22 ` Yonghong Song
2024-10-20 19:14 ` [PATCH bpf-next v6 5/9] bpf, x86: Refactor func emit_prologue Yonghong Song
2024-10-20 19:14 ` [PATCH bpf-next v6 6/9] bpf, x86: Create a helper for certain "reg <op>= imm" operations Yonghong Song
2024-10-20 19:14 ` [PATCH bpf-next v6 7/9] bpf, x86: Add jit support for private stack Yonghong Song
2024-10-20 19:14 ` [PATCH bpf-next v6 8/9] selftests/bpf: Add tracing prog private stack tests Yonghong Song
2024-10-20 21:59 ` Jiri Olsa
2024-10-21 4:32 ` Yonghong Song
2024-10-21 10:40 ` Jiri Olsa
2024-10-21 16:19 ` Yonghong Song [this message]
2024-10-21 21:13 ` Jiri Olsa
2024-10-20 19:14 ` [PATCH bpf-next v6 9/9] selftests/bpf: Add struct_ops " Yonghong Song
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=72039787-a0a6-470c-8610-a813f12d2223@linux.dev \
--to=yonghong.song@linux.dev \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=kernel-team@fb.com \
--cc=martin.lau@kernel.org \
--cc=olsajiri@gmail.com \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox