Re: [PATCH bpf-next] bpf, selftests: Replicate tailcall limit test for indirect call case

BPF List
 help / color / mirror / Atom feed

From: Yonghong Song <yhs@fb.com>
To: Daniel Borkmann <daniel@iogearbox.net>, <bpf@vger.kernel.org>
Cc: <alexei.starovoitov@gmail.com>, <andrii@kernel.org>,
	Johan Almbladh <johan.almbladh@anyfinetworks.com>,
	Paul Chaignon <paul@cilium.io>,
	Tiezhu Yang <yangtiezhu@loongson.cn>
Subject: Re: [PATCH bpf-next] bpf, selftests: Replicate tailcall limit test for indirect call case
Date: Fri, 10 Sep 2021 10:19:31 -0700	[thread overview]
Message-ID: <85502a8b-49c0-80a9-9e68-1102b2e32ea4@fb.com> (raw)
In-Reply-To: <20210910091900.16119-1-daniel@iogearbox.net>



On 9/10/21 2:19 AM, Daniel Borkmann wrote:
> The tailcall_3 test program uses bpf_tail_call_static() where the JIT
> would patch a direct jump. Add a new tailcall_6 test program replicating
> exactly the same test just ensuring that bpf_tail_call() uses a map
> index where the verifier cannot make assumptions this time.
> 
> In other words, this will now cover both on x86-64 JIT, meaning, JIT
> images with emit_bpf_tail_call_direct() emission as well as JIT images
> with emit_bpf_tail_call_indirect() emission.
> 
>    # echo 1 > /proc/sys/net/core/bpf_jit_enable
>    # ./test_progs -t tailcalls
>    #136/1 tailcalls/tailcall_1:OK
>    #136/2 tailcalls/tailcall_2:OK
>    #136/3 tailcalls/tailcall_3:OK
>    #136/4 tailcalls/tailcall_4:OK
>    #136/5 tailcalls/tailcall_5:OK
>    #136/6 tailcalls/tailcall_6:OK
>    #136/7 tailcalls/tailcall_bpf2bpf_1:OK
>    #136/8 tailcalls/tailcall_bpf2bpf_2:OK
>    #136/9 tailcalls/tailcall_bpf2bpf_3:OK
>    #136/10 tailcalls/tailcall_bpf2bpf_4:OK
>    #136/11 tailcalls/tailcall_bpf2bpf_5:OK
>    #136 tailcalls:OK
>    Summary: 1/11 PASSED, 0 SKIPPED, 0 FAILED
> 
>    # echo 0 > /proc/sys/net/core/bpf_jit_enable
>    # ./test_progs -t tailcalls
>    #136/1 tailcalls/tailcall_1:OK
>    #136/2 tailcalls/tailcall_2:OK
>    #136/3 tailcalls/tailcall_3:OK
>    #136/4 tailcalls/tailcall_4:OK
>    #136/5 tailcalls/tailcall_5:OK
>    #136/6 tailcalls/tailcall_6:OK
>    [...]
> 
> For interpreter, the tailcall_1-6 tests are passing as well. The later
> tailcall_bpf2bpf_* are failing due lack of bpf2bpf + tailcall support
> in interpreter, so this is expected.
> 
> Also, manual inspection shows that both loaded programs from tailcall_3
> and tailcall_6 test case emit the expected opcodes:
> 
> * tailcall_3 disasm, emit_bpf_tail_call_direct():
> 
>    [...]
>     b:   push   %rax
>     c:   push   %rbx
>     d:   push   %r13
>     f:   mov    %rdi,%rbx
>    12:   movabs $0xffff8d3f5afb0200,%r13
>    1c:   mov    %rbx,%rdi
>    1f:   mov    %r13,%rsi
>    22:   xor    %edx,%edx                 _
>    24:   mov    -0x4(%rbp),%eax          |  limit check
>    2a:   cmp    $0x20,%eax               |
>    2d:   ja     0x0000000000000046       |
>    2f:   add    $0x1,%eax                |
>    32:   mov    %eax,-0x4(%rbp)          |_
>    38:   nopl   0x0(%rax,%rax,1)
>    3d:   pop    %r13
>    3f:   pop    %rbx
>    40:   pop    %rax
>    41:   jmpq   0xffffffffffffe377
>    [...]
> 
> * tailcall_6 disasm, emit_bpf_tail_call_indirect():
> 
>    [...]
>    47:   movabs $0xffff8d3f59143a00,%rsi
>    51:   mov    %edx,%edx
>    53:   cmp    %edx,0x24(%rsi)
>    56:   jbe    0x0000000000000093        _
>    58:   mov    -0x4(%rbp),%eax          |  limit check
>    5e:   cmp    $0x20,%eax               |
>    61:   ja     0x0000000000000093       |
>    63:   add    $0x1,%eax                |
>    66:   mov    %eax,-0x4(%rbp)          |_
>    6c:   mov    0x110(%rsi,%rdx,8),%rcx
>    74:   test   %rcx,%rcx
>    77:   je     0x0000000000000093
>    79:   pop    %rax
>    7a:   mov    0x30(%rcx),%rcx
>    7e:   add    $0xb,%rcx
>    82:   callq  0x000000000000008e
>    87:   pause
>    89:   lfence
>    8c:   jmp    0x0000000000000087
>    8e:   mov    %rcx,(%rsp)
>    92:   retq
>    [...]
> 
> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
> Cc: Johan Almbladh <johan.almbladh@anyfinetworks.com>
> Cc: Paul Chaignon <paul@cilium.io>
> Cc: Tiezhu Yang <yangtiezhu@loongson.cn>
> Link: https://lore.kernel.org/bpf/CAM1=_QRyRVCODcXo_Y6qOm1iT163HoiSj8U2pZ8Rj3hzMTT=HQ@mail.gmail.com

Acked-by: Yonghong Song <yhs@fb.com>

next prev parent reply	other threads:[~2021-09-10 17:20 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-09-10  9:19 [PATCH bpf-next] bpf, selftests: Replicate tailcall limit test for indirect call case Daniel Borkmann
2021-09-10 17:19 ` Yonghong Song [this message]
2021-09-10 17:50 ` Johan Almbladh
2021-09-11  2:16 ` Tiezhu Yang
2021-09-11  9:14 ` Paul Chaignon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=85502a8b-49c0-80a9-9e68-1102b2e32ea4@fb.com \
    --to=yhs@fb.com \
    --cc=alexei.starovoitov@gmail.com \
    --cc=andrii@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=johan.almbladh@anyfinetworks.com \
    --cc=paul@cilium.io \
    --cc=yangtiezhu@loongson.cn \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox