5.2 upstream commit 716850ab104d ("MIPS: eBPF: Initial eBPF support for MIPS32
architecture.") introduced eBPF JIT support for MIPS32 and removed the cBPF JIT
interface. However, it was subsequently reverted by the following commits,
bringing back the old cBPF JIT implementation:
f8fffebdea75 ("MIPS: BPF: Disable MIPS32 eBPF JIT")
36366e367ee9 ("MIPS: BPF: Restore MIPS32 cBPF JIT")
From 36366e367ee9 ("MIPS: BPF: Restore MIPS32 cBPF JIT") commit message:
"""
...
Until these problems are resolved, revert the removal of the cBPF JIT
performed by commit 716850ab104d ("MIPS: eBPF: Initial eBPF support for
MIPS32 architecture."). Together with commit f8fffebdea75 ("MIPS: BPF:
Disable MIPS32 eBPF JIT") this restores MIPS32 BPF JIT behavior back to
the same state it was prior to the introduction of the broken eBPF JIT
support.
"""
In 5.4, only f8fffebdea75 ("MIPS: BPF: Disable MIPS32 eBPF JIT") was
backported. This patchseries re-enables cBPF JIT support by backporting the
second part of 16850ab104d ("MIPS: eBPF: Initial eBPF support for MIPS32
architecture.") revert and also fixes CVE-2021-38300. Both patches are clean
cherry-picks.
The testcase specified in 37cb28ec7d3a ("bpf, mips: Validate conditional
branch offsets") commit message now passes in qemu:
Before:
-------
root@qemumips:~# echo 1 > /proc/sys/net/core/bpf_jit_enable
root@qemumips:~# modprobe test_bpf test_name="BPF_MAXINSNS: exec all MSH"
[ 58.577385] test_bpf: #296 BPF_MAXINSNS: exec all MSH
[ 58.579267] ------------[ cut here ]------------
[ 58.603827] WARNING: CPU: 0 PID: 166 at arch/mips/mm/uasm-mips.c:210 build_insn+0x4e8/0x520
[ 58.605354] Micro-assembler field overflow
[ 58.606585] Modules linked in: test_bpf(+) i2c_piix4 sch_fq_codel openvswitch nsh nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4
[ 58.608979] CPU: 0 PID: 166 Comm: modprobe Not tainted 5.4.151-yocto-standard+ #3
[ 58.610838] Stack : 00000000 00000000 0000010e 1000a400 80f90000 00000045 0000010f 801978cc
[ 58.612647] 80c40000 0000000b 00000000 00000000 80e051d8 1000a400 8d119950 ffffffff
[ 58.615304] 00000000 00000000 81030000 0000010f 00000000 00000000 00000000 0000ffff
[ 58.617685] 00000000 00000000 00000001 0000010f 00000000 80e60000 00000000 80000000
[ 58.618968] 8d119a8c 00000000 80130000 c0064000 00000000 807742f4 00000001 003871d7
[ 58.620309] ...
[ 58.621313] Call Trace:
[ 58.622310] [<8010e748>] show_stack+0xb4/0x17c
[ 58.623612] [<80b90cbc>] dump_stack+0xa0/0xcc
[ 58.624755] [<80134a90>] __warn+0xcc/0x11c
[ 58.626008] [<80b85ec0>] warn_slowpath_fmt+0x8c/0xb8
[ 58.629175] [<80121a18>] build_insn+0x4e8/0x520
[ 58.630225] [<80121ba4>] uasm_i_bne+0x1c/0x28
[ 58.687860] [<8012d3a4>] build_body+0x6b8/0x2f38
[ 58.740612] [<8012fd38>] bpf_jit_compile+0x114/0x1e4
[ 58.793484] [<809cb584>] bpf_prepare_filter+0x2b0/0x464
[ 58.843345] [<809cb7b8>] bpf_prog_create+0x80/0xc0
[ 58.894788] [<c00572d8>] test_bpf_init+0x2d8/0xcf8 [test_bpf]
[ 58.946096] [<80100e50>] do_one_initcall+0x54/0x2c4
[ 58.992934] [<801d9850>] do_init_module+0x64/0x240
[ 59.042867] [<801dbc84>] load_module+0x2180/0x27fc
[ 59.093033] [<801dc568>] sys_finit_module+0xe8/0x100
[ 59.142974] [<80117304>] syscall_common+0x34/0x58
[ 59.823417] ---[ end trace af3af640ae837a28 ]---
After:
------
root@qemumips:~# echo 1 > /proc/sys/net/core/bpf_jit_enable
root@qemumips:~# modprobe test_bpf test_name="BPF_MAXINSNS: exec all MSH"
[ 215.882154] test_bpf: #296 BPF_MAXINSNS: exec all MSH jited:0 667558 PASS
[ 216.618220] test_bpf: Summary: 1 PASSED, 0 FAILED, [0/1 JIT'ed]
Paul Burton (1):
MIPS: BPF: Restore MIPS32 cBPF JIT
Piotr Krysiuk (1):
bpf, mips: Validate conditional branch offsets
arch/mips/Kconfig | 1 +
arch/mips/net/Makefile | 1 +
arch/mips/net/bpf_jit.c | 1299 +++++++++++++++++++++++++++++++++++
arch/mips/net/bpf_jit_asm.S | 285 ++++++++
4 files changed, 1586 insertions(+)
create mode 100644 arch/mips/net/bpf_jit.c
create mode 100644 arch/mips/net/bpf_jit_asm.S
--
2.25.1
