| Message ID | 159603981285.4454.14040533307191666685.stgit@john-Precision-5820-Tower |
|---|---|
| State | Accepted |
| Delegated to: | BPF Maintainers |
| Headers | show |
| Series | Fix sock_ops field read splat | expand |
On Wed, Jul 29, 2020 at 9:24 AM John Fastabend <john.fastabend@gmail.com> wrote: > [...] > > Signed-off-by: John Fastabend <john.fastabend@gmail.com> Acked-by: Song Liu <songliubraving@fb.com> > --- > .../testing/selftests/bpf/progs/test_tcpbpf_kern.c | 13 +++++++++++++ > 1 file changed, 13 insertions(+) > > diff --git a/tools/testing/selftests/bpf/progs/test_tcpbpf_kern.c b/tools/testing/selftests/bpf/progs/test_tcpbpf_kern.c > index 1f1966e..f8b13682 100644 > --- a/tools/testing/selftests/bpf/progs/test_tcpbpf_kern.c > +++ b/tools/testing/selftests/bpf/progs/test_tcpbpf_kern.c > @@ -54,6 +54,7 @@ SEC("sockops") > int bpf_testcb(struct bpf_sock_ops *skops) > { > char header[sizeof(struct ipv6hdr) + sizeof(struct tcphdr)]; > + struct bpf_sock_ops *reuse = skops; > struct tcphdr *thdr; > int good_call_rv = 0; > int bad_call_rv = 0; > @@ -62,6 +63,18 @@ int bpf_testcb(struct bpf_sock_ops *skops) > int v = 0; > int op; > > + /* Test reading fields in bpf_sock_ops using single register */ > + asm volatile ( > + "%[reuse] = *(u32 *)(%[reuse] +96)" > + : [reuse] "+r"(reuse) > + :); > + > + asm volatile ( > + "%[op] = *(u32 *)(%[skops] +96)" > + : [op] "+r"(op) > + : [skops] "r"(skops) > + :); > + Shall we add a separate test for this? It does seem to fix in bpf_testcb(). > op = (int) skops->op; > > update_event_map(op); >
diff --git a/tools/testing/selftests/bpf/progs/test_tcpbpf_kern.c b/tools/testing/selftests/bpf/progs/test_tcpbpf_kern.c index 1f1966e..f8b13682 100644 --- a/tools/testing/selftests/bpf/progs/test_tcpbpf_kern.c +++ b/tools/testing/selftests/bpf/progs/test_tcpbpf_kern.c @@ -54,6 +54,7 @@ SEC("sockops") int bpf_testcb(struct bpf_sock_ops *skops) { char header[sizeof(struct ipv6hdr) + sizeof(struct tcphdr)]; + struct bpf_sock_ops *reuse = skops; struct tcphdr *thdr; int good_call_rv = 0; int bad_call_rv = 0; @@ -62,6 +63,18 @@ int bpf_testcb(struct bpf_sock_ops *skops) int v = 0; int op; + /* Test reading fields in bpf_sock_ops using single register */ + asm volatile ( + "%[reuse] = *(u32 *)(%[reuse] +96)" + : [reuse] "+r"(reuse) + :); + + asm volatile ( + "%[op] = *(u32 *)(%[skops] +96)" + : [op] "+r"(op) + : [skops] "r"(skops) + :); + op = (int) skops->op; update_event_map(op);
To verify fix ("bpf: sock_ops ctx access may stomp registers in corner case") we want to force compiler to generate the following code when accessing a field with BPF_TCP_SOCK_GET_COMMON, r1 = *(u32 *)(r1 + 96) // r1 is skops ptr Rather than depend on clang to do this we add the test with inline asm to the tcpbpf test. This saves us from having to create another runner and ensures that if we break this again test_tcpbpf will crash. With above code we get the xlated code, 11: (7b) *(u64 *)(r1 +32) = r9 12: (61) r9 = *(u32 *)(r1 +28) 13: (15) if r9 == 0x0 goto pc+4 14: (79) r9 = *(u64 *)(r1 +32) 15: (79) r1 = *(u64 *)(r1 +0) 16: (61) r1 = *(u32 *)(r1 +2348) 17: (05) goto pc+1 18: (79) r9 = *(u64 *)(r1 +32) We also add the normal case where src_reg != dst_reg so we can compare code generation easily from llvm-objdump and ensure that case continues to work correctly. The normal code is xlated to, 20: (b7) r1 = 0 21: (61) r1 = *(u32 *)(r3 +28) 22: (15) if r1 == 0x0 goto pc+2 23: (79) r1 = *(u64 *)(r3 +0) 24: (61) r1 = *(u32 *)(r1 +2348) Where the temp variable is not used. Signed-off-by: John Fastabend <john.fastabend@gmail.com> --- .../testing/selftests/bpf/progs/test_tcpbpf_kern.c | 13 +++++++++++++ 1 file changed, 13 insertions(+)