| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a806d318-e51b-4e79-8d36-15d9a78af66b@huaweicloud.com>
Date: Mon, 15 Sep 2025 17:39:51 +0800
From: Pu Lehui <pulehui@...weicloud.com>
To: Chris Mason <clm@...a.com>
Cc: bpf@...r.kernel.org, linux-riscv@...ts.infradead.org,
linux-kernel@...r.kernel.org, Björn Töpel
<bjorn@...nel.org>, Puranjay Mohan <puranjay@...nel.org>,
Palmer Dabbelt <palmer@...belt.com>, Alexandre Ghiti <alex@...ti.fr>,
Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>, Martin KaFai Lau
<martin.lau@...ux.dev>, Eduard Zingerman <eddyz87@...il.com>,
Song Liu <song@...nel.org>, Yonghong Song <yonghong.song@...ux.dev>,
John Fastabend <john.fastabend@...il.com>, KP Singh <kpsingh@...nel.org>,
Stanislav Fomichev <sdf@...ichev.me>, Hao Luo <haoluo@...gle.com>,
Jiri Olsa <jolsa@...nel.org>, Pu Lehui <pulehui@...wei.com>
Subject: Re: [PATCH bpf-next 08/10] riscv, bpf: Add ex_insn_off and ex_jmp_off
for exception table handling
On 2025/9/13 23:51, Chris Mason wrote:
> On Sat, 19 Jul 2025 09:17:28 +0000 Pu Lehui <pulehui@...weicloud.com> wrote:
>
>> From: Pu Lehui <pulehui@...wei.com>
>>
>> Add ex_insn_off and ex_jmp_off fields to struct rv_jit_context so that
>> add_exception_handler() does not need to be immediately followed by the
>> instruction to add the exception table. ex_insn_off indicates the offset
>> of the instruction to add the exception table, and ex_jmp_off indicates
>> the offset to jump over the faulting instruction. This is to prepare for
>> adding the exception table to atomic instructions later, because some
>> atomic instructions need to perform zext or other operations.
>>
>
> Hi everyone,
>
> I've been working on some patch review automation, and I recently ran it on
> the bpf-next branch. I don't know the verifier well enough to decide if this
> is a false positive, but Alexei asked me to kick off discussion, so:
>
>> diff --git a/arch/riscv/net/bpf_jit_comp64.c b/arch/riscv/net/bpf_jit_comp64.c
>> index 8e813809d3054..56b592af53a64 100644
>> --- a/arch/riscv/net/bpf_jit_comp64.c
>> +++ b/arch/riscv/net/bpf_jit_comp64.c
>
> [ ... ]
>
>> -static int emit_stx(u8 rd, s16 off, u8 rs, u8 size, struct rv_jit_context *ctx)
>> +static void emit_stx(u8 rd, s16 off, u8 rs, u8 size, struct rv_jit_context *ctx)
>> {
>> - int insns_start;
>> -
>> if (is_12b_int(off)) {
>> - insns_start = ctx->ninsns;
>> + ctx->ex_insn_off = ctx->ninsns;
>> emit_stx_insn(rd, off, rs, size, ctx);
>> - return ctx->ninsns - insns_start;
>> + ctx->ex_jmp_off = ctx->ex_jmp_off;
Hi Chris,
I'm not sure if I have misunderstood your intention, maybe just for
talking about reviewing automation? But the code I checked in the
bpf-next branch is inconsistent with yours. The code here in bpf-next is:
`ctx->ex_jmp_off = ctx->ninsns;`
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/tree/arch/riscv/net/bpf_jit_comp64.c?h=next-20250912#n553
>
> Does this assignment leave ex_jmp_off uninitialized? Looking at emit_ldx()
> and emit_st(), this should probably be "ctx->ex_jmp_off = ctx->ninsns;" to
> match the pattern. Without proper initialization, add_exception_handler()
> might use stale offset values when creating exception table entries for
> the is_12b_int() code path in emit_stx().
>
>> + return;
>> }
>>
>> emit_imm(RV_REG_T1, off, ctx);
>> emit_add(RV_REG_T1, RV_REG_T1, rd, ctx);
>> - insns_start = ctx->ninsns;
>> + ctx->ex_insn_off = ctx->ninsns;
>> emit_stx_insn(RV_REG_T1, 0, rs, size, ctx);
>> - return ctx->ninsns - insns_start;
>> + ctx->ex_jmp_off = ctx->ninsns;
>> }
>
> -chris
Powered by blists - more mailing lists