Re: [PATCH bpf-next] bpf, selftests: Replicate tailcall limit test for indirect call case

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 9/10/21 2:19 AM, Daniel Borkmann wrote:
The tailcall_3 test program uses bpf_tail_call_static() where the JIT
would patch a direct jump. Add a new tailcall_6 test program replicating
exactly the same test just ensuring that bpf_tail_call() uses a map
index where the verifier cannot make assumptions this time.

In other words, this will now cover both on x86-64 JIT, meaning, JIT
images with emit_bpf_tail_call_direct() emission as well as JIT images
with emit_bpf_tail_call_indirect() emission.

   # echo 1 > /proc/sys/net/core/bpf_jit_enable
   # ./test_progs -t tailcalls
   #136/1 tailcalls/tailcall_1:OK
   #136/2 tailcalls/tailcall_2:OK
   #136/3 tailcalls/tailcall_3:OK
   #136/4 tailcalls/tailcall_4:OK
   #136/5 tailcalls/tailcall_5:OK
   #136/6 tailcalls/tailcall_6:OK
   #136/7 tailcalls/tailcall_bpf2bpf_1:OK
   #136/8 tailcalls/tailcall_bpf2bpf_2:OK
   #136/9 tailcalls/tailcall_bpf2bpf_3:OK
   #136/10 tailcalls/tailcall_bpf2bpf_4:OK
   #136/11 tailcalls/tailcall_bpf2bpf_5:OK
   #136 tailcalls:OK
   Summary: 1/11 PASSED, 0 SKIPPED, 0 FAILED

   # echo 0 > /proc/sys/net/core/bpf_jit_enable
   # ./test_progs -t tailcalls
   #136/1 tailcalls/tailcall_1:OK
   #136/2 tailcalls/tailcall_2:OK
   #136/3 tailcalls/tailcall_3:OK
   #136/4 tailcalls/tailcall_4:OK
   #136/5 tailcalls/tailcall_5:OK
   #136/6 tailcalls/tailcall_6:OK
   [...]

For interpreter, the tailcall_1-6 tests are passing as well. The later
tailcall_bpf2bpf_* are failing due lack of bpf2bpf + tailcall support
in interpreter, so this is expected.

Also, manual inspection shows that both loaded programs from tailcall_3
and tailcall_6 test case emit the expected opcodes:

* tailcall_3 disasm, emit_bpf_tail_call_direct():

   [...]
    b:   push   %rax
    c:   push   %rbx
    d:   push   %r13
    f:   mov    %rdi,%rbx
   12:   movabs $0xffff8d3f5afb0200,%r13
   1c:   mov    %rbx,%rdi
   1f:   mov    %r13,%rsi
   22:   xor    %edx,%edx                 _
   24:   mov    -0x4(%rbp),%eax          |  limit check
   2a:   cmp    $0x20,%eax               |
   2d:   ja     0x0000000000000046       |
   2f:   add    $0x1,%eax                |
   32:   mov    %eax,-0x4(%rbp)          |_
   38:   nopl   0x0(%rax,%rax,1)
   3d:   pop    %r13
   3f:   pop    %rbx
   40:   pop    %rax
   41:   jmpq   0xffffffffffffe377
   [...]

* tailcall_6 disasm, emit_bpf_tail_call_indirect():

   [...]
   47:   movabs $0xffff8d3f59143a00,%rsi
   51:   mov    %edx,%edx
   53:   cmp    %edx,0x24(%rsi)
   56:   jbe    0x0000000000000093        _
   58:   mov    -0x4(%rbp),%eax          |  limit check
   5e:   cmp    $0x20,%eax               |
   61:   ja     0x0000000000000093       |
   63:   add    $0x1,%eax                |
   66:   mov    %eax,-0x4(%rbp)          |_
   6c:   mov    0x110(%rsi,%rdx,8),%rcx
   74:   test   %rcx,%rcx
   77:   je     0x0000000000000093
   79:   pop    %rax
   7a:   mov    0x30(%rcx),%rcx
   7e:   add    $0xb,%rcx
   82:   callq  0x000000000000008e
   87:   pause
   89:   lfence
   8c:   jmp    0x0000000000000087
   8e:   mov    %rcx,(%rsp)
   92:   retq
   [...]

Signed-off-by: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
Cc: Johan Almbladh <johan.almbladh@xxxxxxxxxxxxxxxxx>
Cc: Paul Chaignon <paul@xxxxxxxxx>
Cc: Tiezhu Yang <yangtiezhu@xxxxxxxxxxx>
Link: https://lore.kernel.org/bpf/CAM1=_QRyRVCODcXo_Y6qOm1iT163HoiSj8U2pZ8Rj3hzMTT=HQ@xxxxxxxxxxxxxx

Acked-by: Yonghong Song <yhs@xxxxxx>



[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux