| Message ID | 971980449d680e6b26e273130d74546c5148893c.1447446440.git.daniel@iogearbox.net |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
On Sat, Nov 14, 2015 at 01:26:53AM +0100, Daniel Borkmann wrote: > During review I noticed that the icache range we're flushing should > start at header already and not at ctx.image. > > Reason is that after 55309dd3d4cd ("net: bpf: arm: address randomize > and write protect JIT code"), we also want to make sure to flush the > random-sized trap in front of the start of the actual program (analogous > to x86). No operational differences from user side. > > Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> > Tested-by: Nicolas Schichan <nschichan@freebox.fr> > Cc: Alexei Starovoitov <ast@kernel.org> > --- > ( As arm32 fixes usually go via Dave's tree, targeting -net. ) > > arch/arm/net/bpf_jit_32.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c > index 2f4b14c..591f9db 100644 > --- a/arch/arm/net/bpf_jit_32.c > +++ b/arch/arm/net/bpf_jit_32.c > @@ -1061,7 +1061,7 @@ void bpf_jit_compile(struct bpf_prog *fp) > } > build_epilogue(&ctx); > > - flush_icache_range((u32)ctx.target, (u32)(ctx.target + ctx.idx)); > + flush_icache_range((u32)header, (u32)(ctx.target + ctx.idx)); As with the arm64 patch, doesn't this prevent us from flushing the end of the image? ctx.idx doesn't seem to take into account the header size. Mark. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Mon, Nov 16, 2015 at 11:40:55AM +0000, Mark Rutland wrote: > On Sat, Nov 14, 2015 at 01:26:53AM +0100, Daniel Borkmann wrote: > > During review I noticed that the icache range we're flushing should > > start at header already and not at ctx.image. > > > > Reason is that after 55309dd3d4cd ("net: bpf: arm: address randomize > > and write protect JIT code"), we also want to make sure to flush the > > random-sized trap in front of the start of the actual program (analogous > > to x86). No operational differences from user side. > > > > Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> > > Tested-by: Nicolas Schichan <nschichan@freebox.fr> > > Cc: Alexei Starovoitov <ast@kernel.org> > > --- > > ( As arm32 fixes usually go via Dave's tree, targeting -net. ) > > > > arch/arm/net/bpf_jit_32.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c > > index 2f4b14c..591f9db 100644 > > --- a/arch/arm/net/bpf_jit_32.c > > +++ b/arch/arm/net/bpf_jit_32.c > > @@ -1061,7 +1061,7 @@ void bpf_jit_compile(struct bpf_prog *fp) > > } > > build_epilogue(&ctx); > > > > - flush_icache_range((u32)ctx.target, (u32)(ctx.target + ctx.idx)); > > + flush_icache_range((u32)header, (u32)(ctx.target + ctx.idx)); > > As with the arm64 patch, doesn't this prevent us from flushing the end > of the image? ctx.idx doesn't seem to take into account the header size. I'd misread the patch; it is fine. Sorry for the noise. Mark. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Daniel Borkmann <daniel@iogearbox.net> Date: Sat, 14 Nov 2015 01:26:53 +0100 > During review I noticed that the icache range we're flushing should > start at header already and not at ctx.image. > > Reason is that after 55309dd3d4cd ("net: bpf: arm: address randomize > and write protect JIT code"), we also want to make sure to flush the > random-sized trap in front of the start of the actual program (analogous > to x86). No operational differences from user side. > > Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> > Tested-by: Nicolas Schichan <nschichan@freebox.fr> > Cc: Alexei Starovoitov <ast@kernel.org> Applied. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c index 2f4b14c..591f9db 100644 --- a/arch/arm/net/bpf_jit_32.c +++ b/arch/arm/net/bpf_jit_32.c @@ -1061,7 +1061,7 @@ void bpf_jit_compile(struct bpf_prog *fp) } build_epilogue(&ctx); - flush_icache_range((u32)ctx.target, (u32)(ctx.target + ctx.idx)); + flush_icache_range((u32)header, (u32)(ctx.target + ctx.idx)); #if __LINUX_ARM_ARCH__ < 7 if (ctx.imm_count)
During review I noticed that the icache range we're flushing should start at header already and not at ctx.image. Reason is that after 55309dd3d4cd ("net: bpf: arm: address randomize and write protect JIT code"), we also want to make sure to flush the random-sized trap in front of the start of the actual program (analogous to x86). No operational differences from user side. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Tested-by: Nicolas Schichan <nschichan@freebox.fr> Cc: Alexei Starovoitov <ast@kernel.org> --- ( As arm32 fixes usually go via Dave's tree, targeting -net. ) arch/arm/net/bpf_jit_32.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)