lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 02 Dec 2022 11:54:54 +0100 From: Björn Töpel <bjorn@...nel.org> To: Pu Lehui <pulehui@...weicloud.com>, bpf@...r.kernel.org, linux-riscv@...ts.infradead.org, linux-kernel@...r.kernel.org Cc: Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, Andrii Nakryiko <andrii@...nel.org>, Martin KaFai Lau <martin.lau@...ux.dev>, Song Liu <song@...nel.org>, Yonghong Song <yhs@...com>, John Fastabend <john.fastabend@...il.com>, KP Singh <kpsingh@...nel.org>, Stanislav Fomichev <sdf@...gle.com>, Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>, Paul Walmsley <paul.walmsley@...ive.com>, Palmer Dabbelt <palmer@...belt.com>, Albert Ou <aou@...s.berkeley.edu>, Pu Lehui <pulehui@...wei.com>, Pu Lehui <pulehui@...weicloud.com> Subject: Re: [PATCH bpf v2] riscv, bpf: Emit fixed-length instructions for BPF_PSEUDO_FUNC Pu Lehui <pulehui@...weicloud.com> writes: > From: Pu Lehui <pulehui@...wei.com> > > For BPF_PSEUDO_FUNC instruction, verifier will refill imm with > correct addresses of bpf_calls and then run last pass of JIT. > Since the emit_imm of RV64 is variable-length, which will emit > appropriate length instructions accorroding to the imm, it may > broke ctx->offset, and lead to unpredictable problem, such as > inaccurate jump. So let's fix it with fixed-length instructions. > > Fixes: 69c087ba6225 ("bpf: Add bpf_for_each_map_elem() helper") > Signed-off-by: Pu Lehui <pulehui@...wei.com> > Suggested-by: Björn Töpel <bjorn@...osinc.com> > --- > arch/riscv/net/bpf_jit_comp64.c | 20 +++++++++++++++++++- > 1 file changed, 19 insertions(+), 1 deletion(-) > > diff --git a/arch/riscv/net/bpf_jit_comp64.c b/arch/riscv/net/bpf_jit_comp64.c > index eb99df41fa33..9723f34f7a06 100644 > --- a/arch/riscv/net/bpf_jit_comp64.c > +++ b/arch/riscv/net/bpf_jit_comp64.c > @@ -139,6 +139,19 @@ static bool in_auipc_jalr_range(s64 val) > val < ((1L << 31) - (1L << 11)); > } > > +/* Emit fixed-length instructions for address */ > +static void emit_addr(u8 rd, u64 addr, struct rv_jit_context *ctx) > +{ > + u64 ip = (u64)(ctx->insns + ctx->ninsns); > + s64 off = addr - ip; > + s64 upper = (off + (1 << 11)) >> 12; > + s64 lower = ((off & 0xfff) << 52) >> 52; > + > + emit(rv_auipc(rd, upper), ctx); > + emit(rv_addi(rd, rd, lower), ctx); > +} Nice! Two instructions are better than 6! :-) One final thing. Please add a sanity check, that the range is correct, e.g.: if (!(addr && in_auipc_addi_range(off))) return -1; Have a look at emit_jump_and_link(). Thanks! Björn
Powered by blists - more mailing lists