| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 May 2017 08:39:24 -0700
From: David Daney <ddaney@...iumnetworks.com>
To: Daniel Borkmann <daniel@...earbox.net>,
David Daney <david.daney@...ium.com>,
Alexei Starovoitov <ast@...nel.org>, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-mips@...ux-mips.org,
ralf@...ux-mips.org
Cc: Markos Chandras <markos.chandras@...tec.com>
Subject: Re: [PATCH 5/5] MIPS: Add support for eBPF JIT.
On 05/26/2017 08:14 AM, Daniel Borkmann wrote:
> On 05/26/2017 02:38 AM, David Daney wrote:
>> Since the eBPF machine has 64-bit registers, we only support this in
>> 64-bit kernels. As of the writing of this commit log test-bpf is
>> showing:
>>
>> test_bpf: Summary: 316 PASSED, 0 FAILED, [308/308 JIT'ed]
>>
>> All current test cases are successfully compiled.
>>
>> Signed-off-by: David Daney <david.daney@...ium.com>
>
> Awesome work!
>
> Did you also manage to run tools/testing/selftests/bpf/ fine with
> the JIT enabled?
I haven't done that yet, I will before the next revision.
>
> [...]
>> +struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog)
>> +{
>> + struct jit_ctx ctx;
>> + unsigned int alloc_size;
>> +
>> + /* Only 64-bit kernel supports eBPF */
>> + if (!IS_ENABLED(CONFIG_64BIT) || !bpf_jit_enable)
>
> Isn't this already reflected by the following?
>
> select HAVE_EBPF_JIT if (64BIT && !CPU_MICROMIPS)
Not exactly. The eBPF JIT is in the same file as the classic-BPF JIT,
so when HAVE_EBPF_JIT is false this will indeed never be called. But
the kernel would otherwise contain all the JIT code.
By putting in !IS_ENABLED(CONFIG_64BIT) we allow gcc to eliminate all
the dead code when compiling the JITs.
>
>> + return prog;
>> +
>> + memset(&ctx, 0, sizeof(ctx));
>> +
>> + ctx.offsets = kcalloc(prog->len + 1, sizeof(*ctx.offsets),
>> GFP_KERNEL);
>> + if (ctx.offsets == NULL)
>> + goto out;
>> +
>> + ctx.reg_val_types = kcalloc(prog->len + 1,
>> sizeof(*ctx.reg_val_types), GFP_KERNEL);
>> + if (ctx.reg_val_types == NULL)
>> + goto out;
>> +
>> + ctx.skf = prog;
>> +
>> + if (reg_val_propagate(&ctx))
>> + goto out;
>> +
>> + /* First pass discovers used resources */
>> + if (build_int_body(&ctx))
>> + goto out;
>> +
>> + /* Second pass generates offsets */
>> + ctx.idx = 0;
>> + if (gen_int_prologue(&ctx))
>> + goto out;
>> + if (build_int_body(&ctx))
>> + goto out;
>> + if (build_int_epilogue(&ctx))
>> + goto out;
>> +
>> + alloc_size = 4 * ctx.idx;
>> +
>> + ctx.target = module_alloc(alloc_size);
>
> You would need to use bpf_jit_binary_alloc() like all other
> eBPF JITs do, otherwise kallsyms of the JITed progs would
> break.
OK, I was just copying code from the classic-BPF JIT in the same file.
I will fix this.
>
>> + if (ctx.target == NULL)
>> + goto out;
>> +
>> + /* Clean it */
>> + memset(ctx.target, 0, alloc_size);
>> +
>> + /* Third pass generates the code */
>> + ctx.idx = 0;
>> + if (gen_int_prologue(&ctx))
>> + goto out;
>> + if (build_int_body(&ctx))
>> + goto out;
>> + if (build_int_epilogue(&ctx))
>> + goto out;
>> + /* Update the icache */
>> + flush_icache_range((ptr)ctx.target, (ptr)(ctx.target + ctx.idx));
>> +
>> + if (bpf_jit_enable > 1)
>> + /* Dump JIT code */
>> + bpf_jit_dump(prog->len, alloc_size, 2, ctx.target);
>> +
>> + prog->bpf_func = (void *)ctx.target;
>> + prog->jited = 1;
>> +
>> +out:
>> + kfree(ctx.offsets);
>> + kfree(ctx.reg_val_types);
>> +
>> + return prog;
>> +}
>
Powered by blists - more mailing lists