| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 10 Sep 2022 10:42:28 +0200
From: "Jose E. Marchesi" <jose.marchesi@...cle.com>
To: James Hilliard <james.hilliard1@...il.com>
Cc: Andrii Nakryiko <andrii.nakryiko@...il.com>,
"Jose E. Marchesi" <jemarch@....org>,
David Faust <david.faust@...cle.com>, bpf@...r.kernel.org,
Andrii Nakryiko <andrii@...nel.org>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Martin KaFai Lau <martin.lau@...ux.dev>,
Song Liu <song@...nel.org>, Yonghong Song <yhs@...com>,
John Fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...nel.org>,
Stanislav Fomichev <sdf@...gle.com>,
Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>,
Nathan Chancellor <nathan@...nel.org>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Tom Rix <trix@...hat.com>, linux-kernel@...r.kernel.org,
llvm@...ts.linux.dev, elena.zannoni@...cle.com
Subject: Re: [PATCH v2] libbpf: add GCC support for bpf_tail_call_static
> On Sat, Sep 10, 2022 at 12:53 AM Jose E. Marchesi
> <jose.marchesi@...cle.com> wrote:
>>
>>
>> > On Fri, Sep 9, 2022 at 12:56 PM Andrii Nakryiko
>> > <andrii.nakryiko@...il.com> wrote:
>> >>
>> >> On Fri, Sep 9, 2022 at 11:23 AM James Hilliard
>> >> <james.hilliard1@...il.com> wrote:
>> >> >
>> >> > On Fri, Sep 9, 2022 at 12:05 PM Andrii Nakryiko
>> >> > <andrii.nakryiko@...il.com> wrote:
>> >> > >
>> >> > > On Mon, Aug 29, 2022 at 2:05 PM James Hilliard
>> >> > > <james.hilliard1@...il.com> wrote:
>> >> > > >
>> >> > > > The bpf_tail_call_static function is currently not defined unless
>> >> > > > using clang >= 8.
>> >> > > >
>> >> > > > To support bpf_tail_call_static on GCC we can check if __clang__ is
>> >> > > > not defined to enable bpf_tail_call_static.
>> >> > > >
>> >> > > > We need to use GCC assembly syntax when the compiler does not define
>> >> > > > __clang__ as LLVM inline assembly is not fully compatible with GCC.
>> >> > > >
>> >> > > > Signed-off-by: James Hilliard <james.hilliard1@...il.com>
>> >> > > > ---
>> >> > > > Changes v1 -> v2:
>> >> > > > - drop __BPF__ check as GCC now defines __bpf__
>> >> > > > ---
>> >> > > > tools/lib/bpf/bpf_helpers.h | 19 +++++++++++++------
>> >> > > > 1 file changed, 13 insertions(+), 6 deletions(-)
>> >> > > >
>> >> > > > diff --git a/tools/lib/bpf/bpf_helpers.h b/tools/lib/bpf/bpf_helpers.h
>> >> > > > index 7349b16b8e2f..867b734839dd 100644
>> >> > > > --- a/tools/lib/bpf/bpf_helpers.h
>> >> > > > +++ b/tools/lib/bpf/bpf_helpers.h
>> >> > > > @@ -131,7 +131,7 @@
>> >> > > > /*
>> >> > > > * Helper function to perform a tail call with a constant/immediate map slot.
>> >> > > > */
>> >> > > > -#if __clang_major__ >= 8 && defined(__bpf__)
>> >> > > > +#if (!defined(__clang__) || __clang_major__ >= 8) && defined(__bpf__)
>> >> > > > static __always_inline void
>> >> > > > bpf_tail_call_static(void *ctx, const void *map, const __u32 slot)
>> >> > > > {
>> >> > > > @@ -139,8 +139,8 @@ bpf_tail_call_static(void *ctx, const void *map, const __u32 slot)
>> >> > > > __bpf_unreachable();
>> >> > > >
>> >> > > > /*
>> >> > > > - * Provide a hard guarantee that LLVM won't optimize setting r2 (map
>> >> > > > - * pointer) and r3 (constant map index) from _different paths_ ending
>> >> > > > + * Provide a hard guarantee that the compiler won't optimize setting r2
>> >> > > > + * (map pointer) and r3 (constant map index) from _different paths_ ending
>> >> > > > * up at the _same_ call insn as otherwise we won't be able to use the
>> >> > > > * jmpq/nopl retpoline-free patching by the x86-64 JIT in the kernel
>> >> > > > * given they mismatch. See also d2e4c1e6c294 ("bpf: Constant map key
>> >> > > > @@ -148,12 +148,19 @@ bpf_tail_call_static(void *ctx, const void *map, const __u32 slot)
>> >> > > > *
>> >> > > > * Note on clobber list: we need to stay in-line with BPF calling
>> >> > > > * convention, so even if we don't end up using r0, r4, r5, we need
>> >> > > > - * to mark them as clobber so that LLVM doesn't end up using them
>> >> > > > - * before / after the call.
>> >> > > > + * to mark them as clobber so that the compiler doesn't end up using
>> >> > > > + * them before / after the call.
>> >> > > > */
>> >> > > > - asm volatile("r1 = %[ctx]\n\t"
>> >> > > > + asm volatile(
>> >> > > > +#ifdef __clang__
>> >> > > > + "r1 = %[ctx]\n\t"
>> >> > > > "r2 = %[map]\n\t"
>> >> > > > "r3 = %[slot]\n\t"
>> >> > > > +#else
>> >> > > > + "mov %%r1,%[ctx]\n\t"
>> >> > > > + "mov %%r2,%[map]\n\t"
>> >> > > > + "mov %%r3,%[slot]\n\t"
>> >> > > > +#endif
>> >> > >
>> >> > > Hey James,
>> >> > >
>> >> > > I don't think it's a good idea to have a completely different BPF asm
>> >> > > syntax in GCC-BPF vs what Clang is supporting. Note that Clang syntax
>> >> > > is also what BPF users see in BPF verifier log and in llvm-objdump
>> >> > > output, so that's what BPF users are familiar with.
>> >> >
>> >> > Is the difference a BPF specific assembly format deviation or a generic
>> >> > deviation in assembler template syntax between GCC/llvm?
>> >> > https://gcc.gnu.org/onlinedocs/gcc/Extended-Asm.html#AssemblerTemplate
>> >> >
>> >>
>> >> Sorry, I don't understand the question. I'm talking about the above
>> >> snippet with "r1 = %[ctx]" vs "mov %%r1,%[ctx]". Seems like the rest
>> >> stayed the same. So this would be a "BPF specific assembly format"
>> >> case, right? I don't know what else could be different with GCC-BPF
>> >> assembly.
>> >
>> > I mean it's unclear if it's a generic assembly template format difference
>> > that applies to all targets or one that's BPF target specific.
>>
>> It is certainly BPF specific.
>>
>> I think that when I first wrote the BPF GNU toolchain port the assembly
>> format used by LLVM was different than it is now: I certainly didn't
>> invent the syntax the GNU assembler uses for BPF.
>>
>> It seems LLVM settled with that C-like syntax for assembly instead,
>> which is very unconventional.
>>
>> > Anyways for now I sent a new patch so that bpf_tail_call_static is defined
>> > on non-clang compilers so that it will work when GCC-BPF supports the
>> > existing asm format.
>> > https://lore.kernel.org/bpf/20220909224544.3702931-1-james.hilliard1@gmail.com/
>>
>> I don't think this patch makes much sense: these guards are designed to
>> avoid compilers that do not support the inline assembly (as presumably
>> happen with clang < 8) to choke on the header file. That's also the
>> case of GCC BPF at the moment.
>>
>> With this patch, people won't be currentty able to use bpf_helpers.h
>> with GCC BPF even if they don't use bpf_tail_call_static.
>
> That doesn't seem to be an issue here, from what I can tell it's not
> a failure in the compiler but a failure in the assembler, so having
> bpf_tail_call_static unguarded in GCC doesn't break anything
> that isn't already broken.
IMO it makes it worse, because:
1) With your patch the error message will happen at assembly time
(invalid syntax in the intermediate .s file mixed with valid syntax)
pointing to a location in a temporary .S file. With the guards, you
get an error at compile time instead, pointing to the undefined
function in the C source. IMO it is much easier to figure out what
is wrong in the second case than in the first.
2) If/when we support the C-like assembly syntax in GCC, you will want
to guard the function anyway with a GCC_MAJOR > 12 (or whatever) very
much like it is done with clang >= 8.
>> >> > >
>> >> > > This will cause constant and unavoidable maintenance burden both for
>> >> > > libraries like libbpf and end users and their BPF apps as well.
>> >> > >
>> >> > > Given you are trying to make GCC-BPF part of the BPF ecosystem, please
>> >> > > think about how to help the ecosystem, move it forward and unify it,
>> >> > > not how to branch out and have Clang vs GCC differences everywhere.
>> >> > > There is a lot of embedded BPF asm in production applications, having
>> >> > > to write something as trivial as `r1 = X` in GCC or Clang-specific
>> >> > > ways is a huge burden.
>> >> > >
>> >> > > As such, we've reverted your patch ([0]). Please add de facto BPF asm
>> >> > > syntax support to GCC-BPF and this change won't be necessary.
>> >> > >
>> >> > > [0]
>> >> > > https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=665f5d3577ef43e929d59cf39683037887c351bf
>> >> > >
>> >> > > > "call 12"
>> >> > > > :: [ctx]"r"(ctx), [map]"r"(map), [slot]"i"(slot)
>> >> > > > : "r0", "r1", "r2", "r3", "r4", "r5");
>> >> > > > --
>> >> > > > 2.34.1
>> >> > > >
Powered by blists - more mailing lists