* [PATCH bpf] riscv, bpf: Fix possible infinite tailcall when CONFIG_CFI_CLANG is enabled
@ 2024-10-08 12:45 Pu Lehui
2024-10-09 8:33 ` Björn Töpel
2024-10-10 1:30 ` patchwork-bot+netdevbpf
0 siblings, 2 replies; 4+ messages in thread
From: Pu Lehui @ 2024-10-08 12:45 UTC (permalink / raw)
To: bpf, linux-riscv, netdev
Cc: Björn Töpel, Puranjay Mohan, Alexei Starovoitov,
Daniel Borkmann, Andrii Nakryiko, Martin KaFai Lau,
Eduard Zingerman, Song Liu, Yonghong Song, John Fastabend,
KP Singh, Stanislav Fomichev, Hao Luo, Jiri Olsa, Palmer Dabbelt,
Paul Walmsley, Albert Ou
From: Pu Lehui <pulehui@huawei.com>
When CONFIG_CFI_CLANG is enabled, the number of prologue instructions
skipped by tailcall needs to include the kcfi instruction, otherwise the
TCC will be initialized every tailcall is called, which may result in
infinite tailcalls.
Fixes: e63985ecd226 ("bpf, riscv64/cfi: Support kCFI + BPF on riscv64")
Signed-off-by: Pu Lehui <pulehui@huawei.com>
---
arch/riscv/net/bpf_jit_comp64.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/riscv/net/bpf_jit_comp64.c b/arch/riscv/net/bpf_jit_comp64.c
index 99f34409fb60..91bd5082c4d8 100644
--- a/arch/riscv/net/bpf_jit_comp64.c
+++ b/arch/riscv/net/bpf_jit_comp64.c
@@ -18,6 +18,7 @@
#define RV_MAX_REG_ARGS 8
#define RV_FENTRY_NINSNS 2
#define RV_FENTRY_NBYTES (RV_FENTRY_NINSNS * 4)
+#define RV_KCFI_NINSNS (IS_ENABLED(CONFIG_CFI_CLANG) ? 1 : 0)
/* imm that allows emit_imm to emit max count insns */
#define RV_MAX_COUNT_IMM 0x7FFF7FF7FF7FF7FF
@@ -271,7 +272,8 @@ static void __build_epilogue(bool is_tail_call, struct rv_jit_context *ctx)
if (!is_tail_call)
emit_addiw(RV_REG_A0, RV_REG_A5, 0, ctx);
emit_jalr(RV_REG_ZERO, is_tail_call ? RV_REG_T3 : RV_REG_RA,
- is_tail_call ? (RV_FENTRY_NINSNS + 1) * 4 : 0, /* skip reserved nops and TCC init */
+ /* kcfi, fentry and TCC init insns will be skipped on tailcall */
+ is_tail_call ? (RV_KCFI_NINSNS + RV_FENTRY_NINSNS + 1) * 4 : 0,
ctx);
}
--
2.34.1
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
^ permalink raw reply related [flat|nested] 4+ messages in thread* Re: [PATCH bpf] riscv, bpf: Fix possible infinite tailcall when CONFIG_CFI_CLANG is enabled
2024-10-08 12:45 [PATCH bpf] riscv, bpf: Fix possible infinite tailcall when CONFIG_CFI_CLANG is enabled Pu Lehui
@ 2024-10-09 8:33 ` Björn Töpel
2024-10-09 10:31 ` Pu Lehui
2024-10-10 1:30 ` patchwork-bot+netdevbpf
1 sibling, 1 reply; 4+ messages in thread
From: Björn Töpel @ 2024-10-09 8:33 UTC (permalink / raw)
To: Pu Lehui, bpf, linux-riscv, netdev
Cc: Puranjay Mohan, Alexei Starovoitov, Daniel Borkmann,
Andrii Nakryiko, Martin KaFai Lau, Eduard Zingerman, Song Liu,
Yonghong Song, John Fastabend, KP Singh, Stanislav Fomichev,
Hao Luo, Jiri Olsa, Palmer Dabbelt, Paul Walmsley, Albert Ou
Pu Lehui <pulehui@huaweicloud.com> writes:
> From: Pu Lehui <pulehui@huawei.com>
>
> When CONFIG_CFI_CLANG is enabled, the number of prologue instructions
> skipped by tailcall needs to include the kcfi instruction, otherwise the
> TCC will be initialized every tailcall is called, which may result in
> infinite tailcalls.
>
> Fixes: e63985ecd226 ("bpf, riscv64/cfi: Support kCFI + BPF on riscv64")
> Signed-off-by: Pu Lehui <pulehui@huawei.com>
Thanks! Did you test this with the selftest suite? Did the tailcall
tests catch it?
Note to self is that I should run kCFI enabled tests for RISC-V.
Acked-by: Björn Töpel <bjorn@kernel.org>
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [PATCH bpf] riscv, bpf: Fix possible infinite tailcall when CONFIG_CFI_CLANG is enabled
2024-10-09 8:33 ` Björn Töpel
@ 2024-10-09 10:31 ` Pu Lehui
0 siblings, 0 replies; 4+ messages in thread
From: Pu Lehui @ 2024-10-09 10:31 UTC (permalink / raw)
To: Björn Töpel, bpf, linux-riscv, netdev
Cc: Puranjay Mohan, Alexei Starovoitov, Daniel Borkmann,
Andrii Nakryiko, Martin KaFai Lau, Eduard Zingerman, Song Liu,
Yonghong Song, John Fastabend, KP Singh, Stanislav Fomichev,
Hao Luo, Jiri Olsa, Palmer Dabbelt, Paul Walmsley, Albert Ou
On 2024/10/9 16:33, Björn Töpel wrote:
> Pu Lehui <pulehui@huaweicloud.com> writes:
>
>> From: Pu Lehui <pulehui@huawei.com>
>>
>> When CONFIG_CFI_CLANG is enabled, the number of prologue instructions
>> skipped by tailcall needs to include the kcfi instruction, otherwise the
>> TCC will be initialized every tailcall is called, which may result in
>> infinite tailcalls.
>>
>> Fixes: e63985ecd226 ("bpf, riscv64/cfi: Support kCFI + BPF on riscv64")
>> Signed-off-by: Pu Lehui <pulehui@huawei.com>
>
> Thanks! Did you test this with the selftest suite? Did the tailcall
> tests catch it?
Oh, I discovered it through code review.
I just tried llvm compilation but it seems that my environment cannot
compile bpf selftests. I need to find why.
But after reading the tailcalls testcase, I found that the tailcall_3
subtest can cover this scenario as it will verify the TCC value.
>
> Note to self is that I should run kCFI enabled tests for RISC-V.
>
>
> Acked-by: Björn Töpel <bjorn@kernel.org>
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH bpf] riscv, bpf: Fix possible infinite tailcall when CONFIG_CFI_CLANG is enabled
2024-10-08 12:45 [PATCH bpf] riscv, bpf: Fix possible infinite tailcall when CONFIG_CFI_CLANG is enabled Pu Lehui
2024-10-09 8:33 ` Björn Töpel
@ 2024-10-10 1:30 ` patchwork-bot+netdevbpf
1 sibling, 0 replies; 4+ messages in thread
From: patchwork-bot+netdevbpf @ 2024-10-10 1:30 UTC (permalink / raw)
To: Pu Lehui
Cc: bpf, linux-riscv, netdev, bjorn, puranjay, ast, daniel, andrii,
martin.lau, eddyz87, song, yonghong.song, john.fastabend, kpsingh,
sdf, haoluo, jolsa, palmer, paul.walmsley, aou
Hello:
This patch was applied to bpf/bpf.git (master)
by Alexei Starovoitov <ast@kernel.org>:
On Tue, 8 Oct 2024 12:45:44 +0000 you wrote:
> From: Pu Lehui <pulehui@huawei.com>
>
> When CONFIG_CFI_CLANG is enabled, the number of prologue instructions
> skipped by tailcall needs to include the kcfi instruction, otherwise the
> TCC will be initialized every tailcall is called, which may result in
> infinite tailcalls.
>
> [...]
Here is the summary with links:
- [bpf] riscv, bpf: Fix possible infinite tailcall when CONFIG_CFI_CLANG is enabled
https://git.kernel.org/bpf/bpf/c/30a59cc79754
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-10-10 1:30 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-10-08 12:45 [PATCH bpf] riscv, bpf: Fix possible infinite tailcall when CONFIG_CFI_CLANG is enabled Pu Lehui
2024-10-09 8:33 ` Björn Töpel
2024-10-09 10:31 ` Pu Lehui
2024-10-10 1:30 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox