* [PATCH net-next] test_bpf: add similarly conflicting jump test case only for classic
@ 2015-05-26 17:45 Daniel Borkmann
2015-05-26 18:33 ` Daniel Borkmann
0 siblings, 1 reply; 2+ messages in thread
From: Daniel Borkmann @ 2015-05-26 17:45 UTC (permalink / raw)
To: davem; +Cc: netdev, ast, Daniel Borkmann
While 3b52960266a3 ("test_bpf: add more eBPF jump torture cases")
added the int3 bug test case only for eBPF, which needs exactly 11
passes to converge, here's a version for classic BPF that would
need 70 passes on x86_64 to actually converge for being sucessfully
JITed. Effectively, all jumps are being optimized out resulting in
a JIT image of only 89 bytes (from originally 4096 BPF insns) only
returning K (if we would allow for it).
Might be useful for folks wanting to test out backporting the fix in
commit 3f7352bf21f8 ("x86: bpf_jit: fix compilation of large bpf
programs") who don't have eBPF. With the fix, it's delegated to the
interpreter, if the last pass still results in shrinking, in other
words this one here won't be JITed on x86_64.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
---
lib/test_bpf.c | 36 ++++++++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/lib/test_bpf.c b/lib/test_bpf.c
index c07b8e7..849a39f 100644
--- a/lib/test_bpf.c
+++ b/lib/test_bpf.c
@@ -314,6 +314,33 @@ static int bpf_fill_maxinsns10(struct bpf_test *self)
return 0;
}
+static int bpf_fill_maxinsns11(struct bpf_test *self)
+{
+ unsigned int len = BPF_MAXINSNS, plen, rlen;
+ struct sock_filter *insn;
+ int i, j;
+
+ insn = kmalloc_array(len, sizeof(*insn), GFP_KERNEL);
+ if (!insn)
+ return -ENOMEM;
+
+ plen = 68;
+ rlen = (len % plen) - 1;
+
+ for (i = 0; i + plen < len; i += plen)
+ for (j = 0; j < plen; j++)
+ insn[i + j] = __BPF_JUMP(BPF_JMP | BPF_JA, plen - 1 - j, 0, 0);
+ for (j = 0; j < rlen; j++)
+ insn[i + j] = __BPF_JUMP(BPF_JMP | BPF_JA, rlen - 1 - j, 0, 0);
+
+ insn[len - 1] = __BPF_STMT(BPF_RET | BPF_K, 0xababcbac);
+
+ self->u.ptr.insns = insn;
+ self->u.ptr.len = len;
+
+ return 0;
+}
+
static struct bpf_test tests[] = {
{
"TAX",
@@ -4335,6 +4362,15 @@ static struct bpf_test tests[] = {
{ { 0, 0xabababac } },
.fill_helper = bpf_fill_maxinsns10,
},
+ { /* Mainly checking JIT here. */
+ "BPF_MAXINSNS: Jump, gap, jump, ...",
+ { },
+ CLASSIC | FLAG_NO_DATA,
+ { },
+ { { 0, 0xababcbac } },
+ .fill_helper = bpf_fill_maxinsns11,
+ },
+
};
static struct net_device dev;
--
1.9.3
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH net-next] test_bpf: add similarly conflicting jump test case only for classic
2015-05-26 17:45 [PATCH net-next] test_bpf: add similarly conflicting jump test case only for classic Daniel Borkmann
@ 2015-05-26 18:33 ` Daniel Borkmann
0 siblings, 0 replies; 2+ messages in thread
From: Daniel Borkmann @ 2015-05-26 18:33 UTC (permalink / raw)
To: davem; +Cc: netdev, ast
On 05/26/2015 07:45 PM, Daniel Borkmann wrote:
> While 3b52960266a3 ("test_bpf: add more eBPF jump torture cases")
> added the int3 bug test case only for eBPF, which needs exactly 11
> passes to converge, here's a version for classic BPF that would
...
Noticed a newline accidentally slipped in, please ignore this patch,
will fix it.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-05-26 18:33 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-05-26 17:45 [PATCH net-next] test_bpf: add similarly conflicting jump test case only for classic Daniel Borkmann
2015-05-26 18:33 ` Daniel Borkmann
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).