lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 8 Sep 2021 18:56:28 +0800 From: Tiezhu Yang <yangtiezhu@...ngson.cn> To: Daniel Borkmann <daniel@...earbox.net>, Shubham Bansal <illusionist.neo@...il.com>, Russell King <linux@...linux.org.uk>, Alexei Starovoitov <ast@...nel.org>, Andrii Nakryiko <andrii@...nel.org>, Martin KaFai Lau <kafai@...com>, Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>, John Fastabend <john.fastabend@...il.com>, KP Singh <kpsingh@...nel.org>, Zi Shen Lim <zlim.lnx@...il.com>, Catalin Marinas <catalin.marinas@....com>, Will Deacon <will@...nel.org>, Paul Burton <paulburton@...nel.org>, Thomas Bogendoerfer <tsbogend@...ha.franken.de>, naveen.n.rao@...ux.ibm.com, Michael Ellerman <mpe@...erman.id.au>, Benjamin Herrenschmidt <benh@...nel.crashing.org>, Paul Mackerras <paulus@...ba.org>, Luke Nelson <luke.r.nels@...il.com>, Xi Wang <xi.wang@...il.com>, Paul Walmsley <paul.walmsley@...ive.com>, Palmer Dabbelt <palmer@...belt.com>, Albert Ou <aou@...s.berkeley.edu>, bjorn@...nel.org, davem@...emloft.net Cc: netdev@...r.kernel.org, bpf@...r.kernel.org, Paul Chaignon <paul@...ium.io>, Johan Almbladh <johan.almbladh@...finetworks.com> Subject: Re: [RFC PATCH bpf-next] bpf: Make actual max tail call count as MAX_TAIL_CALL_CNT On 09/08/2021 04:47 PM, Daniel Borkmann wrote: > [ You have a huge Cc list, but forgot to add Paul and Johan who recently > looked into this. Added here. ] > > On 9/8/21 10:20 AM, Tiezhu Yang wrote: >> In the current code, the actual max tail call count is 33 which is >> greater >> than MAX_TAIL_CALL_CNT, this is not consistent with the intended meaning >> in the commit 04fd61ab36ec ("bpf: allow bpf programs to tail-call other >> bpf programs"): >> >> "The chain of tail calls can form unpredictable dynamic loops therefore >> tail_call_cnt is used to limit the number of calls and currently is set >> to 32." >> >> Additionally, after commit 874be05f525e ("bpf, tests: Add tail call test >> suite"), we can see there exists failed testcase. >> >> On all archs when CONFIG_BPF_JIT_ALWAYS_ON is not set: >> # echo 0 > /proc/sys/net/core/bpf_jit_enable >> # modprobe test_bpf >> # dmesg | grep -w FAIL >> Tail call error path, max count reached jited:0 ret 34 != 33 FAIL >> >> On some archs: >> # echo 1 > /proc/sys/net/core/bpf_jit_enable >> # modprobe test_bpf >> # dmesg | grep -w FAIL >> Tail call error path, max count reached jited:1 ret 34 != 33 FAIL >> >> with this patch, make the actual max tail call count as >> MAX_TAIL_CALL_CNT, >> at the same time, the above failed testcase can be fixed. >> >> Signed-off-by: Tiezhu Yang <yangtiezhu@...ngson.cn> >> --- >> >> Hi all, >> >> This is a RFC patch, if I am wrong or I missed something, >> please let me know, thank you! > > Yes, the original commit from 04fd61ab36ec ("bpf: allow bpf programs > to tail-call > other bpf programs") got the counting wrong, but please also check > f9dabe016b63 > ("bpf: Undo off-by-one in interpreter tail call count limit") where we > agreed to > align everything to 33 in order to avoid changing existing behavior, > and if we > intend to ever change the count, then only in terms of increasing but > not decreasing > since that ship has sailed. Thank you, understood. But I still think there is some confusion about the macro MAX_TAIL_CALL_CNT which is 32 and the actual value 33, I spent some time to understand it at the first glance. Is it impossible to keep the actual max tail call count consistent with the value 32 of MAX_TAIL_CALL_CNT now? At least, maybe we need to modify the testcase? > Tiezhu, do you still see any arch that is not on 33 > from your testing? If the testcase "Tail call error path, max count reached" in test_bpf is right, it seems that the tail call count limit is 32 on x86, because the testcase passed on x86 jited. > Last time Paul fixed the remaining ones in 96bc4432f5ad ("bpf, > riscv: Limit to 33 tail calls") and e49e6f6db04e ("bpf, mips: Limit to > 33 tail calls"). > > Thanks, > Daniel
Powered by blists - more mailing lists