Patch "bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC" has been added to the 5.15-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Fri, 8 Jul 2022 16:51:28 -0400

This is a note to let you know that I've just added the patch titled

    bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     bpf-arm64-use-emit_addr_mov_i64-for-bpf_pseudo_func.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 4f904a19f459c59d7ad52227a79580cd18b5552d
Author: Hou Tao <houtao1@xxxxxxxxxx>
Date:   Fri Dec 31 23:10:18 2021 +0800

    bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC
    
    [ Upstream commit e4a41c2c1fa916547e63440c73a51a5eb06247af ]
    
    The following error is reported when running "./test_progs -t for_each"
    under arm64:
    
      bpf_jit: multi-func JIT bug 58 != 56
      [...]
      JIT doesn't support bpf-to-bpf calls
    
    The root cause is the size of BPF_PSEUDO_FUNC instruction increases
    from 2 to 3 after the address of called bpf-function is settled and
    there are two bpf-to-bpf calls in test_pkt_access. The generated
    instructions are shown below:
    
      0x48:  21 00 C0 D2    movz x1, #0x1, lsl #32
      0x4c:  21 00 80 F2    movk x1, #0x1
    
      0x48:  E1 3F C0 92    movn x1, #0x1ff, lsl #32
      0x4c:  41 FE A2 F2    movk x1, #0x17f2, lsl #16
      0x50:  81 70 9F F2    movk x1, #0xfb84
    
    Fixing it by using emit_addr_mov_i64() for BPF_PSEUDO_FUNC, so
    the size of jited image will not change.
    
    Fixes: 69c087ba6225 ("bpf: Add bpf_for_each_map_elem() helper")
    Signed-off-by: Hou Tao <houtao1@xxxxxxxxxx>
    Signed-off-by: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
    Link: https://lore.kernel.org/bpf/20211231151018.3781550-1-houtao1@xxxxxxxxxx
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/arch/arm64/net/bpf_jit_comp.c b/arch/arm64/net/bpf_jit_comp.c
index 95439bbe5df8..4895b4d7e150 100644
--- a/arch/arm64/net/bpf_jit_comp.c
+++ b/arch/arm64/net/bpf_jit_comp.c
@@ -788,7 +788,10 @@ static int build_insn(const struct bpf_insn *insn, struct jit_ctx *ctx,
 		u64 imm64;
 
 		imm64 = (u64)insn1.imm << 32 | (u32)imm;
-		emit_a64_mov_i64(dst, imm64, ctx);
+		if (bpf_pseudo_func(insn))
+			emit_addr_mov_i64(dst, imm64, ctx);
+		else
+			emit_a64_mov_i64(dst, imm64, ctx);
 
 		return 1;
 	}






