| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87h6f1w66k.fsf@mail.lhotse>
Date: Tue, 14 May 2024 11:09:07 +1000
From: Michael Ellerman <mpe@...erman.id.au>
To: Puranjay Mohan <puranjay@...nel.org>, Naveen N Rao <naveen@...nel.org>
Cc: Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann
<daniel@...earbox.net>, Andrii Nakryiko <andrii@...nel.org>, Martin KaFai
Lau <martin.lau@...ux.dev>, Eduard Zingerman <eddyz87@...il.com>, Song Liu
<song@...nel.org>, Yonghong Song <yonghong.song@...ux.dev>, John Fastabend
<john.fastabend@...il.com>, KP Singh <kpsingh@...nel.org>, Stanislav
Fomichev <sdf@...gle.com>, Hao Luo <haoluo@...gle.com>, Jiri Olsa
<jolsa@...nel.org>, Nicholas Piggin <npiggin@...il.com>, Christophe Leroy
<christophe.leroy@...roup.eu>, "Aneesh Kumar K.V"
<aneesh.kumar@...nel.org>, Hari Bathini <hbathini@...ux.ibm.com>,
bpf@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org,
linux-kernel@...r.kernel.org, paulmck@...nel.org
Subject: Re: [PATCH bpf v3] powerpc/bpf: enforce full ordering for ATOMIC
operations with BPF_FETCH
Puranjay Mohan <puranjay@...nel.org> writes:
> Naveen N Rao <naveen@...nel.org> writes:
>> On Mon, May 13, 2024 at 10:02:48AM GMT, Puranjay Mohan wrote:
>>> The Linux Kernel Memory Model [1][2] requires RMW operations that have a
>>> return value to be fully ordered.
>>>
>>> BPF atomic operations with BPF_FETCH (including BPF_XCHG and
>>> BPF_CMPXCHG) return a value back so they need to be JITed to fully
>>> ordered operations. POWERPC currently emits relaxed operations for
>>> these.
>>>
>>> We can show this by running the following litmus-test:
>>>
>>> PPC SB+atomic_add+fetch
>>>
>>> {
>>> 0:r0=x; (* dst reg assuming offset is 0 *)
>>> 0:r1=2; (* src reg *)
>>> 0:r2=1;
>>> 0:r4=y; (* P0 writes to this, P1 reads this *)
>>> 0:r5=z; (* P1 writes to this, P0 reads this *)
>>> 0:r6=0;
>>>
>>> 1:r2=1;
>>> 1:r4=y;
>>> 1:r5=z;
>>> }
>>>
>>> P0 | P1 ;
>>> stw r2, 0(r4) | stw r2,0(r5) ;
>>> | ;
>>> loop:lwarx r3, r6, r0 | ;
>>> mr r8, r3 | ;
>>> add r3, r3, r1 | sync ;
>>> stwcx. r3, r6, r0 | ;
>>> bne loop | ;
>>> mr r1, r8 | ;
>>> | ;
>>> lwa r7, 0(r5) | lwa r7,0(r4) ;
>>>
>>> ~exists(0:r7=0 /\ 1:r7=0)
>>>
>>> Witnesses
>>> Positive: 9 Negative: 3
>>> Condition ~exists (0:r7=0 /\ 1:r7=0)
>>> Observation SB+atomic_add+fetch Sometimes 3 9
>>>
>>> This test shows that the older store in P0 is reordered with a newer
>>> load to a different address. Although there is a RMW operation with
>>> fetch between them. Adding a sync before and after RMW fixes the issue:
>>>
>>> Witnesses
>>> Positive: 9 Negative: 0
>>> Condition ~exists (0:r7=0 /\ 1:r7=0)
>>> Observation SB+atomic_add+fetch Never 0 9
>>>
>>> [1] https://www.kernel.org/doc/Documentation/memory-barriers.txt
>>> [2] https://www.kernel.org/doc/Documentation/atomic_t.txt
>>>
>>> Fixes: 65112709115f ("powerpc/bpf/64: add support for BPF_ATOMIC bitwise operations")
>>
>> As I noted in v2, I think that is the wrong commit. This fixes the below
>
> Sorry for missing this. Would this need another version or your message
> below will make it work with the stable process?
No need for another version. b4 should pick up those tags, or if not
I'll add them by hand.
cheers
Powered by blists - more mailing lists