From: Daniel Borkmann <daniel@iogearbox.net>
To: ast@fb.com
Cc: holzheu@linux.vnet.ibm.com, naveen.n.rao@linux.vnet.ibm.com,
davem@davemloft.net, netdev@vger.kernel.org,
Daniel Borkmann <daniel@iogearbox.net>
Subject: [PATCH bpf 4/5] bpf, sparc: fix usage of wrong reg for load_skb_regs after call
Date: Thu, 14 Dec 2017 21:07:26 +0100 [thread overview]
Message-ID: <20171214200727.22230-5-daniel@iogearbox.net> (raw)
In-Reply-To: <20171214200727.22230-1-daniel@iogearbox.net>
When LD_ABS/IND is used in the program, and we have a BPF helper
call that changes packet data (bpf_helper_changes_pkt_data() returns
true), then in case of sparc JIT, we try to reload cached skb data
from bpf2sparc[BPF_REG_6]. However, there is no such guarantee or
assumption that skb sits in R6 at this point, all helpers changing
skb data only have a guarantee that skb sits in R1. Therefore,
store BPF R1 in L7 temporarily and after procedure call use L7 to
reload cached skb data. skb sitting in R6 is only true at the time
when LD_ABS/IND is executed.
Fixes: 7a12b5031c6b ("sparc64: Add eBPF JIT.")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
---
arch/sparc/net/bpf_jit_comp_64.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/arch/sparc/net/bpf_jit_comp_64.c b/arch/sparc/net/bpf_jit_comp_64.c
index 5765e7e..ff5f9cb 100644
--- a/arch/sparc/net/bpf_jit_comp_64.c
+++ b/arch/sparc/net/bpf_jit_comp_64.c
@@ -1245,14 +1245,16 @@ static int build_insn(const struct bpf_insn *insn, struct jit_ctx *ctx)
u8 *func = ((u8 *)__bpf_call_base) + imm;
ctx->saw_call = true;
+ if (ctx->saw_ld_abs_ind && bpf_helper_changes_pkt_data(func))
+ emit_reg_move(bpf2sparc[BPF_REG_1], L7, ctx);
emit_call((u32 *)func, ctx);
emit_nop(ctx);
emit_reg_move(O0, bpf2sparc[BPF_REG_0], ctx);
- if (bpf_helper_changes_pkt_data(func) && ctx->saw_ld_abs_ind)
- load_skb_regs(ctx, bpf2sparc[BPF_REG_6]);
+ if (ctx->saw_ld_abs_ind && bpf_helper_changes_pkt_data(func))
+ load_skb_regs(ctx, L7);
break;
}
--
2.9.5
next prev parent reply other threads:[~2017-12-14 20:07 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-14 20:07 [PATCH bpf 0/5] Couple of BPF JIT fixes Daniel Borkmann
2017-12-14 20:07 ` [PATCH bpf 1/5] bpf, s390x: do not reload skb pointers in non-skb context Daniel Borkmann
2018-01-09 14:20 ` Michael Holzheu
2017-12-14 20:07 ` [PATCH bpf 2/5] bpf, ppc64: " Daniel Borkmann
2017-12-14 20:07 ` [PATCH bpf 3/5] bpf: guarantee r1 to be ctx in case of bpf_helper_changes_pkt_data Daniel Borkmann
2017-12-14 20:07 ` Daniel Borkmann [this message]
2017-12-14 20:07 ` [PATCH bpf 5/5] bpf: add test case for ld_abs and helper changing pkt data Daniel Borkmann
2017-12-15 17:28 ` [PATCH bpf 0/5] Couple of BPF JIT fixes Alexei Starovoitov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171214200727.22230-5-daniel@iogearbox.net \
--to=daniel@iogearbox.net \
--cc=ast@fb.com \
--cc=davem@davemloft.net \
--cc=holzheu@linux.vnet.ibm.com \
--cc=naveen.n.rao@linux.vnet.ibm.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).