lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <9ad382ca-a254-f897-9ec6-c9b1920a6174@loongson.cn>
Date:   Tue, 14 Sep 2021 20:36:20 +0800
From:   Tiezhu Yang <yangtiezhu@...ngson.cn>
To:     Daniel Borkmann <daniel@...earbox.net>,
        Shubham Bansal <illusionist.neo@...il.com>,
        Russell King <linux@...linux.org.uk>,
        Alexei Starovoitov <ast@...nel.org>,
        Andrii Nakryiko <andrii@...nel.org>,
        Martin KaFai Lau <kafai@...com>,
        Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
        John Fastabend <john.fastabend@...il.com>,
        KP Singh <kpsingh@...nel.org>,
        Zi Shen Lim <zlim.lnx@...il.com>,
        Catalin Marinas <catalin.marinas@....com>,
        Will Deacon <will@...nel.org>,
        Paul Burton <paulburton@...nel.org>,
        Thomas Bogendoerfer <tsbogend@...ha.franken.de>,
        naveen.n.rao@...ux.ibm.com, Michael Ellerman <mpe@...erman.id.au>,
        Benjamin Herrenschmidt <benh@...nel.crashing.org>,
        Paul Mackerras <paulus@...ba.org>,
        Luke Nelson <luke.r.nels@...il.com>,
        Xi Wang <xi.wang@...il.com>,
        Paul Walmsley <paul.walmsley@...ive.com>,
        Palmer Dabbelt <palmer@...belt.com>,
        Albert Ou <aou@...s.berkeley.edu>, bjorn@...nel.org,
        davem@...emloft.net,
        Johan Almbladh <johan.almbladh@...finetworks.com>,
        Paul Chaignon <paul@...ium.io>
Cc:     netdev@...r.kernel.org, bpf@...r.kernel.org,
        linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
        linux-mips@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org,
        linux-riscv@...ts.infradead.org, sparclinux@...r.kernel.org
Subject: Re: [PATCH bpf-next v2] bpf: Change value of MAX_TAIL_CALL_CNT from
 32 to 33

On 09/14/2021 03:30 PM, Daniel Borkmann wrote:
> On 9/11/21 3:56 AM, Tiezhu Yang wrote:
>>
[...]
>> With this patch, it does not change the current limit 33, 
>> MAX_TAIL_CALL_CNT
>> can reflect the actual max tail call count, the tailcall selftests 
>> can work
>> well, and also the above failed testcase in test_bpf can be fixed for 
>> the
>> interpreter (all archs) and the JIT (all archs except for x86).
>>
>>   # uname -m
>>   x86_64
>>   # echo 1 > /proc/sys/net/core/bpf_jit_enable
>>   # modprobe test_bpf
>>   # dmesg | grep -w FAIL
>>   Tail call error path, max count reached jited:1 ret 33 != 34 FAIL
>
> Could you also state in here which archs you have tested with this 
> change? I
> presume /every/ arch which has a JIT?

OK, will do it in v3.
I have tested on x86 and mips.

>
>> Signed-off-by: Tiezhu Yang <yangtiezhu@...ngson.cn>
>> ---
>>
>> v2:
>>    -- fix the typos in the commit message and update the commit message.
>>    -- fix the failed tailcall selftests for x86 jit.
>>       I am not quite sure the change on x86 is proper, with this change,
>>       tailcall selftests passed, but tailcall limit test in test_bpf.ko
>>       failed, I do not know the reason now, I think this is another 
>> issue,
>>       maybe someone more versed in x86 jit could take a look.
>
> There should be a series from Johan coming today with regards to 
> test_bpf.ko
> that will fix the "tail call error path, max count reached" test which 
> had an
> assumption in that R0 would always be valid for the fall-through and 
> could be
> passed to the bpf_exit insn whereas it is not guaranteed and verifier, 
> for
> example, forbids a subsequent access to R0 w/o reinit. For your 
> testing, I
> would suggested to recheck once this series is out.

I will test the following patch on x86 and mips:

[PATCH bpf v4 13/14] bpf/tests: Fix error in tail call limit tests

[...]

>> diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
>> index 0fe6aac..74a9e61 100644
>> --- a/arch/x86/net/bpf_jit_comp.c
>> +++ b/arch/x86/net/bpf_jit_comp.c
>> @@ -402,7 +402,7 @@ static int get_pop_bytes(bool *callee_regs_used)
>>    * ... bpf_tail_call(void *ctx, struct bpf_array *array, u64 index) 
>> ...
>>    *   if (index >= array->map.max_entries)
>>    *     goto out;
>> - *   if (++tail_call_cnt > MAX_TAIL_CALL_CNT)
>> + *   if (tail_call_cnt++ == MAX_TAIL_CALL_CNT)
>
> Why such inconsistency to e.g. above with arm64 case but also compared to
> x86 32 bit which uses JAE? If so, we should cleanly follow the reference
> implementation (== interpreter) _everywhere_ and _not_ introduce 
> additional
> variants/implementations across JITs.

In order tokeep consistencyand make as few changes as possible,
<javascript:void(0);>I will modify the check condition as follows:

#define MAX_TAIL_CALL_CNT 33
(1) for x86, arm64, ... (0 ~ 32)
tcc = 0;
if (tcc == MAX_TAIL_CALL_CNT)
     goto out;
tcc++;

(2) for mips, riscv (33 ~ 1)
tcc = MAX_TAIL_CALL_CNT;
if (tcc == 0)
     goto out;
tcc--;

[...]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ