Patch "LoongArch: BPF: Sign-extend return values" has been added to the 6.1-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    LoongArch: BPF: Sign-extend return values

to the 6.1-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     loongarch-bpf-sign-extend-return-values.patch
and it can be found in the queue-6.1 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit b247ccce3f8d6ebffe6b7c666c888f1e7636f10c
Author: Tiezhu Yang <yangtiezhu@xxxxxxxxxxx>
Date:   Fri Nov 22 15:47:48 2024 +0800

    LoongArch: BPF: Sign-extend return values
    
    [ Upstream commit 73c359d1d356cf10236ccd358bd55edab33e9424 ]
    
    (1) Description of Problem:
    
    When testing BPF JIT with the latest compiler toolchains on LoongArch,
    there exist some strange failed test cases, dmesg shows something like
    this:
    
      # dmesg -t | grep FAIL | head -1
      ... ret -3 != -3 (0xfffffffd != 0xfffffffd)FAIL ...
    
    (2) Steps to Reproduce:
    
      # echo 1 > /proc/sys/net/core/bpf_jit_enable
      # modprobe test_bpf
    
    (3) Additional Info:
    
    There are no failed test cases compiled with the lower version of GCC
    such as 13.3.0, while the problems only appear with higher version of
    GCC such as 14.2.0.
    
    This is because the problems were hidden by the lower version of GCC due
    to redundant sign extension instructions generated by compiler, but with
    optimization of higher version of GCC, the sign extension instructions
    have been removed.
    
    (4) Root Cause Analysis:
    
    The LoongArch architecture does not expose sub-registers, and hold all
    32-bit values in a sign-extended format. While BPF, on the other hand,
    exposes sub-registers, and use zero-extension (similar to arm64/x86).
    
    This has led to some subtle bugs, where a BPF JITted program has not
    sign-extended the a0 register (return value in LoongArch land), passed
    the return value up the kernel, for example:
    
      | int from_bpf(void);
      |
      | long foo(void)
      | {
      |    return from_bpf();
      | }
    
    Here, a0 would be 0xffffffff instead of the expected 0xffffffffffffffff.
    
    Internally, the LoongArch JIT uses a5 as a dedicated register for BPF
    return values. That is to say, the LoongArch BPF uses a5 for BPF return
    values, which are zero-extended, whereas the LoongArch ABI uses a0 which
    is sign-extended.
    
    (5) Final Solution:
    
    Keep a5 zero-extended, but explicitly sign-extend a0 (which is used
    outside BPF land). Because libbpf currently defines the return value
    of an ebpf program as a 32-bit unsigned integer, just use addi.w to
    extend bit 31 into bits 63 through 32 of a5 to a0. This is similar to
    commit 2f1b0d3d7331 ("riscv, bpf: Sign-extend return values").
    
    Fixes: 5dc615520c4d ("LoongArch: Add BPF JIT support")
    Acked-by: John Fastabend <john.fastabend@xxxxxxxxx>
    Signed-off-by: Tiezhu Yang <yangtiezhu@xxxxxxxxxxx>
    Signed-off-by: Huacai Chen <chenhuacai@xxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/arch/loongarch/net/bpf_jit.c b/arch/loongarch/net/bpf_jit.c
index 4e86441e63196..2567916370b4e 100644
--- a/arch/loongarch/net/bpf_jit.c
+++ b/arch/loongarch/net/bpf_jit.c
@@ -179,7 +179,7 @@ static void __build_epilogue(struct jit_ctx *ctx, bool is_tail_call)
 
 	if (!is_tail_call) {
 		/* Set return value */
-		move_reg(ctx, LOONGARCH_GPR_A0, regmap[BPF_REG_0]);
+		emit_insn(ctx, addiw, LOONGARCH_GPR_A0, regmap[BPF_REG_0], 0);
 		/* Return to the caller */
 		emit_insn(ctx, jirl, LOONGARCH_GPR_RA, LOONGARCH_GPR_ZERO, 0);
 	} else {




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux