lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <MWHPR13MB0895B185BC36759121D6F26AFD130@MWHPR13MB0895.namprd13.prod.outlook.com>
Date:   Thu, 20 Feb 2020 17:41:51 +0000
From:   "Bird, Tim" <Tim.Bird@...y.com>
To:     Alexei Starovoitov <alexei.starovoitov@...il.com>
CC:     Jesper Dangaard Brouer <brouer@...hat.com>,
        shuah <shuah@...nel.org>,
        Daniel Díaz <daniel.diaz@...aro.org>,
        Andrii Nakryiko <andrii.nakryiko@...il.com>,
        Andrii Nakryiko <andriin@...com>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        BPF-dev-list <bpf@...r.kernel.org>,
        Daniel Borkmann <borkmann@...earbox.net>,
        David Miller <davem@...emloft.net>,
        LKML <linux-kernel@...r.kernel.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Anders Roxell <anders.roxell@...aro.org>,
        Toke Høiland-Jørgensen <toke@...hat.com>,
        "open list:KERNEL SELFTEST FRAMEWORK" 
        <linux-kselftest@...r.kernel.org>
Subject: RE: Kernel 5.5.4 build fail for BPF-selftests with latest LLVM

> -----Original Message-----
> From: Alexei Starovoitov <alexei.starovoitov@...il.com>
> 
> On Thu, Feb 20, 2020 at 05:02:25PM +0000, Bird, Tim wrote:
> >
> > > -----Original Message-----
> > > From:  Jesper Dangaard Brouer
> > >
> > > On Wed, 19 Feb 2020 17:47:23 -0700
> > > shuah <shuah@...nel.org> wrote:
> > >
> > > > On 2/19/20 5:27 PM, Alexei Starovoitov wrote:
> > > > > On Wed, Feb 19, 2020 at 03:59:41PM -0600, Daniel Díaz wrote:
> > > > >>>
> > > > >>> When I download a specific kernel release, how can I know what LLVM
> > > > >>> git-hash or version I need (to use BPF-selftests)?
> > > > >
> > > > > as discussed we're going to add documentation-like file that will
> > > > > list required commits in tools.
> > > > > This will be enforced for future llvm/pahole commits.
> > > > >
> > > > >>> Do you think it is reasonable to require end-users to compile their own
> > > > >>> bleeding edge version of LLVM, to use BPF-selftests?
> > > > >
> > > > > absolutely.
> >
> > Is it just the BPF-selftests that require the bleeding edge version of LLVM,
> > or do BPF features themselves need the latest LLVM.  If the latter, then this
> > is quite worrisome, and I fear the BPF developers are getting ahead of themselves.
> > We don't usually have a kernel dependency on the latest compiler version (some
> > recent security fixes are an anomaly).  In fact deprecating support for older compiler
> > versions has been quite slow and methodical over the years.
> >
> > It's quite dangerous to be baking stuff into the kernel that depends on features
> > from compilers that haven't even made it to release yet.
> >
> > I'm sorry, but I'm coming into the middle of this thread.  Can you please explain
> > what the features are in the latest LLVM that are required for BPF-selftests?
> 
> Above is correct. bpf kernel features do depend on the latest pahole and llvm
> features that did not make it into a release. That was the case for many years
> now and still the case. The first commit 8 years ago relied on something that
> can generate those instructions. For many years llvm was the only compiler that
> could generate them. Right now there is GCC backend as well. New features (like
> new instructions) depend on the compiler.
> 
> selftests/bpf are not testing kernel's bpf features. They are testing the whole
> bpf ecosystem. They test llvm, pahole, libbpf, bpftool, and kernel together.
> Hence it's a requirement to install the latest pahole and llvm.
> 
> When I'm talking about selftests/bpf I'm talking about all the tests in that
> directory combined. There are several unit tests scattered across repos. The
> unit tests for llvm bpf backend are inside llvm repo.
> selftests/bpf/test_verifier and test_maps are unit tests for the verifier and
> for maps. They are llvm independent. They test a combination of kernel and
> libbpf only. But majority of the selftests/bpf are done via test_progs which
> are the whole ecosystem tests.

Alexei,

Thank you very much for this explanation.  It is very helpful.  I apologize for my
ignorance of this, but can I ask a few questions just to check my understanding?
Please forgive me if I use the wrong terminology below.

So - do the BPF developers add new instructions to the virtual machine, that then
have to be added to both the compiler and the executor (VM implementation)?
It sounds like the compiler support and executor support is done in concert, and
that patches are at least accepted upstream (but possibly are not yet available in
a compiler release) for the compiler side.  What about the Linux kernel side?  Is the
support for a new instruction only in non-released kernels (say, in the BPF development
tree), or could it potentially be included in a released kernel, before the compiler
with matching support is released?  What would happen if a bug was found, and
compiler support for the instruction was delayed?  I suppose that this would only
mean that the executor supported an instruction that never appeared in a compiled
BPF program? Is that right?

Thanks,
 -- Tim

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ