[PATCH] bpf, powerpc: fix jit for seccomp_data access

[PATCH] bpf, powerpc: fix jit for seccomp_data access

[Mark Lord]

I am using SECCOMP to filter syscalls on a ppc32 platform,
and noticed that the JIT compiler was failing on the BPF
even though the interpreter was working fine.

The issue was that the compiler was missing one of the instructions
used by SECCOMP, so here is a patch to enable JIT for that instruction.

Signed-Off-By:  Mark Lord <mlord@pobox.com>

--- old/arch/powerpc/net/bpf_jit_comp.c 2018-02-16 14:07:01.000000000 -0500
+++ linux/arch/powerpc/net/bpf_jit_comp.c       2018-02-20 14:41:20.805227494 -0500
@@ -329,6 +329,9 @@ static int bpf_jit_build_body(struct bpf
                        BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, len) != 4);
                        PPC_LWZ_OFFS(r_A, r_skb, offsetof(struct sk_buff, len));
                        break;
+               case BPF_LDX | BPF_W | BPF_ABS: /* A = *((u32 *)(seccomp_data + K)); */
+                       PPC_LWZ_OFFS(r_A, r_skb, K);
+                       break;
                case BPF_LDX | BPF_W | BPF_LEN: /* X = skb->len; */
                        PPC_LWZ_OFFS(r_X, r_skb, offsetof(struct sk_buff, len));
                        break;
-- 
Mark Lord
Real-Time Remedies Inc.
mlord@pobox.com

Re: [PATCH] bpf, powerpc: fix jit for seccomp_data access

[Michael Ellerman]

Mark Lord <mlord@pobox.com> writes:

> I am using SECCOMP to filter syscalls on a ppc32 platform,
> and noticed that the JIT compiler was failing on the BPF
> even though the interpreter was working fine.
>
> The issue was that the compiler was missing one of the instructions
> used by SECCOMP, so here is a patch to enable JIT for that instruction.
>
> Signed-Off-By:  Mark Lord <mlord@pobox.com>

Thanks.

What is the failure mode without this patch? I assume when you have the
JIT enabled the seccomp filter fails to load entirely? Or do we have
logic to fall back to the interpreter?

Either way we should probably back port to stable. I assume this has
been broken since we originally added 32-bit support, so:

Fixes: eb84bab0fb38 ("ppc: Kconfig: Enable BPF JIT on ppc32")
Cc: stable@vger.kernel.org # v4.1+

cheers


> --- old/arch/powerpc/net/bpf_jit_comp.c 2018-02-16 14:07:01.000000000 -0500
> +++ linux/arch/powerpc/net/bpf_jit_comp.c       2018-02-20 14:41:20.805227494 -0500
> @@ -329,6 +329,9 @@ static int bpf_jit_build_body(struct bpf
>                         BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, len) != 4);
>                         PPC_LWZ_OFFS(r_A, r_skb, offsetof(struct sk_buff, len));
>                         break;
> +               case BPF_LDX | BPF_W | BPF_ABS: /* A = *((u32 *)(seccomp_data + K)); */
> +                       PPC_LWZ_OFFS(r_A, r_skb, K);
> +                       break;
>                 case BPF_LDX | BPF_W | BPF_LEN: /* X = skb->len; */
>                         PPC_LWZ_OFFS(r_X, r_skb, offsetof(struct sk_buff, len));
>                         break;
> -- 
> Mark Lord
> Real-Time Remedies Inc.
> mlord@pobox.com

Re: [PATCH] bpf, powerpc: fix jit for seccomp_data access

[Daniel Borkmann]

On 02/21/2018 01:33 AM, Michael Ellerman wrote:
> Mark Lord <mlord@pobox.com> writes:
> 
>> I am using SECCOMP to filter syscalls on a ppc32 platform,
>> and noticed that the JIT compiler was failing on the BPF
>> even though the interpreter was working fine.
>>
>> The issue was that the compiler was missing one of the instructions
>> used by SECCOMP, so here is a patch to enable JIT for that instruction.
>>
>> Signed-Off-By:  Mark Lord <mlord@pobox.com>
> 
> Thanks.
> 
> What is the failure mode without this patch? I assume when you have the
> JIT enabled the seccomp filter fails to load entirely? Or do we have
> logic to fall back to the interpreter?

The logic for all JITs is that once a BPF insn cannot be JITed then it falls
back to BPF interpreter. Here, since ppc32 is cBPF the path is: cBPF insn ->
cBPF JIT -> fail -> migrate cBPF to eBPF -> run in eBPF interpreter. In the
case where interpreter is compiled out (CONFIG_BPF_JIT_ALWAYS_ON), then the
filter is rejected.

> Either way we should probably back port to stable. I assume this has
> been broken since we originally added 32-bit support, so:

Note that arm32 before it was converted to be an eBPF JIT (eBPF JITs do handle
seccomp BPF in any case) was the only cBPF JIT that had it 'JIT-able', so
currently, other cBPF ones like sparc32 or mips32 don't translate it either.
Meaning, it would be nice to have as feature; I wouldn't necessarily frame
it as a bug though (or at least a stable-urgent one, imho, but I leave that
to you, of course).

> Fixes: eb84bab0fb38 ("ppc: Kconfig: Enable BPF JIT on ppc32")
> Cc: stable@vger.kernel.org # v4.1+
> 
> cheers
> 
> 
>> --- old/arch/powerpc/net/bpf_jit_comp.c 2018-02-16 14:07:01.000000000 -0500
>> +++ linux/arch/powerpc/net/bpf_jit_comp.c       2018-02-20 14:41:20.805227494 -0500
>> @@ -329,6 +329,9 @@ static int bpf_jit_build_body(struct bpf
>>                         BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, len) != 4);
>>                         PPC_LWZ_OFFS(r_A, r_skb, offsetof(struct sk_buff, len));
>>                         break;
>> +               case BPF_LDX | BPF_W | BPF_ABS: /* A = *((u32 *)(seccomp_data + K)); */
>> +                       PPC_LWZ_OFFS(r_A, r_skb, K);
>> +                       break;
>>                 case BPF_LDX | BPF_W | BPF_LEN: /* X = skb->len; */
>>                         PPC_LWZ_OFFS(r_X, r_skb, offsetof(struct sk_buff, len));
>>                         break;
>> -- 
>> Mark Lord
>> Real-Time Remedies Inc.
>> mlord@pobox.com

Re: [PATCH] bpf, powerpc: fix jit for seccomp_data access

[Naveen N. Rao]

Mark Lord wrote:
> I am using SECCOMP to filter syscalls on a ppc32 platform,
> and noticed that the JIT compiler was failing on the BPF
> even though the interpreter was working fine.
>=20
> The issue was that the compiler was missing one of the instructions
> used by SECCOMP, so here is a patch to enable JIT for that instruction.
>=20
> Signed-Off-By:  Mark Lord <mlord@pobox.com>
>=20
> --- old/arch/powerpc/net/bpf_jit_comp.c 2018-02-16 14:07:01.000000000 -05=
00
> +++ linux/arch/powerpc/net/bpf_jit_comp.c       2018-02-20 14:41:20.80522=
7494 -0500
> @@ -329,6 +329,9 @@ static int bpf_jit_build_body(struct bpf
>                         BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, len) !=
=3D 4);
>                         PPC_LWZ_OFFS(r_A, r_skb, offsetof(struct sk_buff,=
 len));
>                         break;
> +               case BPF_LDX | BPF_W | BPF_ABS: /* A =3D *((u32 *)(seccom=
p_data + K)); */
> +                       PPC_LWZ_OFFS(r_A, r_skb, K);
> +                       break;

Looks good to me, but I am not able to apply this patch. There seems to=20
be whitespace damage. Please resend the patch considering the steps=20
here:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Doc=
umentation/process/email-clients.rst

Thanks,
Naveen

=

Re: [PATCH] bpf, powerpc: fix jit for seccomp_data access

[Mark Lord]

[-- Attachment #1: Type: text/plain, Size: 1396 bytes --]

On 18-02-21 03:35 AM, Naveen N. Rao wrote:
> Mark Lord wrote:
>> I am using SECCOMP to filter syscalls on a ppc32 platform,
>> and noticed that the JIT compiler was failing on the BPF
>> even though the interpreter was working fine.
>>
>> The issue was that the compiler was missing one of the instructions
>> used by SECCOMP, so here is a patch to enable JIT for that instruction.
>>
>> Signed-Off-By:  Mark Lord <mlord@pobox.com>
>>
>> --- old/arch/powerpc/net/bpf_jit_comp.c 2018-02-16 14:07:01.000000000 -0500
>> +++ linux/arch/powerpc/net/bpf_jit_comp.c       2018-02-20 14:41:20.805227494 -0500
>> @@ -329,6 +329,9 @@ static int bpf_jit_build_body(struct bpf
>>                         BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, len) != 4);
>>                         PPC_LWZ_OFFS(r_A, r_skb, offsetof(struct sk_buff, len));
>>                         break;
>> +               case BPF_LDX | BPF_W | BPF_ABS: /* A = *((u32 *)(seccomp_data + K)); */
>> +                       PPC_LWZ_OFFS(r_A, r_skb, K);
>> +                       break;
> 
> Looks good to me, but I am not able to apply this patch. There seems to be whitespace damage.

Here (attached) is a clean copy.

-- 
Mark Lord
Real-Time Remedies Inc.
mlord@pobox.com

[-- Attachment #2: ppc-jit.patch --]
[-- Type: text/x-patch, Size: 591 bytes --]

--- old/arch/powerpc/net/bpf_jit_comp.c	2018-02-16 14:07:01.000000000 -0500
+++ linux/arch/powerpc/net/bpf_jit_comp.c	2018-02-20 14:41:20.805227494 -0500
@@ -329,6 +329,9 @@ static int bpf_jit_build_body(struct bpf
 			BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, len) != 4);
 			PPC_LWZ_OFFS(r_A, r_skb, offsetof(struct sk_buff, len));
 			break;
+		case BPF_LDX | BPF_W | BPF_ABS: /* A = *((u32 *)(seccomp_data + K)); */
+			PPC_LWZ_OFFS(r_A, r_skb, K);
+			break;
 		case BPF_LDX | BPF_W | BPF_LEN: /* X = skb->len; */
 			PPC_LWZ_OFFS(r_X, r_skb, offsetof(struct sk_buff, len));
 			break;

Re: [PATCH] bpf, powerpc: fix jit for seccomp_data access

[Mark Lord]

[-- Attachment #1: Type: text/plain, Size: 1441 bytes --]

On 18-02-21 07:52 AM, Mark Lord wrote:
> On 18-02-21 03:35 AM, Naveen N. Rao wrote:
..
>> Looks good to me, but I am not able to apply this patch. There seems to be whitespace damage.
> 
> Here (attached) is a clean copy.

Again, this time with the commit message included!

I am using SECCOMP to filter syscalls on a ppc32 platform,
and noticed that the JIT compiler was failing on the BPF
even though the interpreter was working fine.

The issue was that the compiler was missing one of the instructions
used by SECCOMP, so here is a patch to enable JIT for that instruction.

Signed-Off-By:  Mark Lord <mlord@pobox.com>

--- old/arch/powerpc/net/bpf_jit_comp.c 2018-02-16 14:07:01.000000000 -0500
+++ linux/arch/powerpc/net/bpf_jit_comp.c       2018-02-20 14:41:20.805227494 -0500
@@ -329,6 +329,9 @@ static int bpf_jit_build_body(struct bpf
                        BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, len) != 4);
                        PPC_LWZ_OFFS(r_A, r_skb, offsetof(struct sk_buff, len));
                        break;
+               case BPF_LDX | BPF_W | BPF_ABS: /* A = *((u32 *)(seccomp_data + K)); */
+                       PPC_LWZ_OFFS(r_A, r_skb, K);
+                       break;
                case BPF_LDX | BPF_W | BPF_LEN: /* X = skb->len; */
                        PPC_LWZ_OFFS(r_X, r_skb, offsetof(struct sk_buff, len));
                        break;
-- 
Mark Lord
Real-Time Remedies Inc.
mlord@pobox.com

[-- Attachment #2: ppc-jit.patch --]
[-- Type: text/x-patch, Size: 940 bytes --]

I am using SECCOMP to filter syscalls on a ppc32 platform,
and noticed that the JIT compiler was failing on the BPF
even though the interpreter was working fine.

The issue was that the compiler was missing one of the instructions
used by SECCOMP, so here is a patch to enable JIT for that instruction.

Signed-Off-By:  Mark Lord <mlord@pobox.com>

--- old/arch/powerpc/net/bpf_jit_comp.c	2018-02-16 14:07:01.000000000 -0500
+++ linux/arch/powerpc/net/bpf_jit_comp.c	2018-02-20 14:41:20.805227494 -0500
@@ -329,6 +329,9 @@ static int bpf_jit_build_body(struct bpf
 			BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, len) != 4);
 			PPC_LWZ_OFFS(r_A, r_skb, offsetof(struct sk_buff, len));
 			break;
+		case BPF_LDX | BPF_W | BPF_ABS: /* A = *((u32 *)(seccomp_data + K)); */
+			PPC_LWZ_OFFS(r_A, r_skb, K);
+			break;
 		case BPF_LDX | BPF_W | BPF_LEN: /* X = skb->len; */
 			PPC_LWZ_OFFS(r_X, r_skb, offsetof(struct sk_buff, len));
 			break;

Re: [PATCH] bpf, powerpc: fix jit for seccomp_data access

[Naveen N. Rao]

Mark Lord wrote:
> On 18-02-21 07:52 AM, Mark Lord wrote:
>> On 18-02-21 03:35 AM, Naveen N. Rao wrote:
> ..
>>> Looks good to me, but I am not able to apply this patch. There seems to=
 be whitespace damage.
>>=20
>> Here (attached) is a clean copy.
>=20
> Again, this time with the commit message included!

Thanks. However...
I am able to apply this using 'patch', but not with 'git am' since the=20
headers are missing. FWIW, the usual workflow is to make the changes and=20
commit it into your repository using 'git commit' and then use 'git=20
format-patch' to generate a patch file that you can then post.

I'll defer to Michael on whether he is ok to process this as it is.

>=20
> I am using SECCOMP to filter syscalls on a ppc32 platform,
> and noticed that the JIT compiler was failing on the BPF
> even though the interpreter was working fine.
>=20
> The issue was that the compiler was missing one of the instructions
> used by SECCOMP, so here is a patch to enable JIT for that instruction.
>=20
> Signed-Off-By:  Mark Lord <mlord@pobox.com>

Minot nit: The correct (TM) tag to use is:
Signed-off-by:
(note the case)

>=20
> --- old/arch/powerpc/net/bpf_jit_comp.c 2018-02-16 14:07:01.000000000 -05=
00
> +++ linux/arch/powerpc/net/bpf_jit_comp.c       2018-02-20 14:41:20.80522=
7494 -0500
> @@ -329,6 +329,9 @@ static int bpf_jit_build_body(struct bpf
>                         BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, len) !=
=3D 4);
>                         PPC_LWZ_OFFS(r_A, r_skb, offsetof(struct sk_buff,=
 len));
>                         break;
> +               case BPF_LDX | BPF_W | BPF_ABS: /* A =3D *((u32 *)(seccom=
p_data + K)); */
> +                       PPC_LWZ_OFFS(r_A, r_skb, K);
> +                       break;
>                 case BPF_LDX | BPF_W | BPF_LEN: /* X =3D skb->len; */
>                         PPC_LWZ_OFFS(r_X, r_skb, offsetof(struct sk_buff,=
 len));
>                         break;

Apart from those aspects, for this patch:
Acked-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>


- Naveen

=

Re: [PATCH] bpf, powerpc: fix jit for seccomp_data access

[Michael Ellerman]

Daniel Borkmann <daniel@iogearbox.net> writes:

> On 02/21/2018 01:33 AM, Michael Ellerman wrote:
>> Mark Lord <mlord@pobox.com> writes:
>> 
>>> I am using SECCOMP to filter syscalls on a ppc32 platform,
>>> and noticed that the JIT compiler was failing on the BPF
>>> even though the interpreter was working fine.
>>>
>>> The issue was that the compiler was missing one of the instructions
>>> used by SECCOMP, so here is a patch to enable JIT for that instruction.
>>>
>>> Signed-Off-By:  Mark Lord <mlord@pobox.com>
>> 
>> Thanks.
>> 
>> What is the failure mode without this patch? I assume when you have the
>> JIT enabled the seccomp filter fails to load entirely? Or do we have
>> logic to fall back to the interpreter?
>
> The logic for all JITs is that once a BPF insn cannot be JITed then it falls
> back to BPF interpreter. Here, since ppc32 is cBPF the path is: cBPF insn ->
> cBPF JIT -> fail -> migrate cBPF to eBPF -> run in eBPF interpreter. In the
> case where interpreter is compiled out (CONFIG_BPF_JIT_ALWAYS_ON), then the
> filter is rejected.

OK thanks.

>> Either way we should probably back port to stable. I assume this has
>> been broken since we originally added 32-bit support, so:
>
> Note that arm32 before it was converted to be an eBPF JIT (eBPF JITs do handle
> seccomp BPF in any case) was the only cBPF JIT that had it 'JIT-able', so
> currently, other cBPF ones like sparc32 or mips32 don't translate it either.
> Meaning, it would be nice to have as feature; I wouldn't necessarily frame
> it as a bug though (or at least a stable-urgent one, imho, but I leave that
> to you, of course).

OK, I'll just add the Fixes tag for our reference and we can always back
port it to stable later if we want to.

cheers

Re: [PATCH] bpf, powerpc: fix jit for seccomp_data access

[Michael Ellerman]

"Naveen N. Rao" <naveen.n.rao@linux.vnet.ibm.com> writes:

> Mark Lord wrote:
>> On 18-02-21 07:52 AM, Mark Lord wrote:
>>> On 18-02-21 03:35 AM, Naveen N. Rao wrote:
>> ..
>>>> Looks good to me, but I am not able to apply this patch. There seems to be whitespace damage.
>>> 
>>> Here (attached) is a clean copy.
>> 
>> Again, this time with the commit message included!
>
> Thanks. However...
> I am able to apply this using 'patch', but not with 'git am' since the 
> headers are missing. FWIW, the usual workflow is to make the changes and 
> commit it into your repository using 'git commit' and then use 'git 
> format-patch' to generate a patch file that you can then post.
>
> I'll defer to Michael on whether he is ok to process this as it is.

The main thing is that it's caught by patchwork[1], otherwise I tend to
miss it. In this case the initial patch was caught by patchwork, so
that's fine.

I fixed up the white space and other issues before applying.

In general I'm happy to do that for new/infrequent committers, not so
much for people who send lots of patches and/or are paid to do so :)

cheers

1: http://patchwork.ozlabs.org/patch/875890/

Re: bpf, powerpc: fix jit for seccomp_data access

[Michael Ellerman]

On Tue, 2018-02-20 at 19:49:20 UTC, Mark Lord wrote:
> I am using SECCOMP to filter syscalls on a ppc32 platform,
> and noticed that the JIT compiler was failing on the BPF
> even though the interpreter was working fine.
> 
> The issue was that the compiler was missing one of the instructions
> used by SECCOMP, so here is a patch to enable JIT for that instruction.
> 
> Signed-Off-By:  Mark Lord <mlord@pobox.com>
> 
> --- old/arch/powerpc/net/bpf_jit_comp.c 2018-02-16 14:07:01.000000000 -0500
> +++ linux/arch/powerpc/net/bpf_jit_comp.c       2018-02-20 14:41:20.805227494 -0500
> @@ -329,6 +329,9 @@ static int bpf_jit_build_body(struct bpf
>                         BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, len) != 4);
>                         PPC_LWZ_OFFS(r_A, r_skb, offsetof(struct sk_buff, len));
>                         break;
> +               case BPF_LDX | BPF_W | BPF_ABS: /* A = *((u32 *)(seccomp_data + K)); */
> +                       PPC_LWZ_OFFS(r_A, r_skb, K);
> +                       break;
>                 case BPF_LDX | BPF_W | BPF_LEN: /* X = skb->len; */
>                         PPC_LWZ_OFFS(r_X, r_skb, offsetof(struct sk_buff, len));
>                         break;

Applied to powerpc fixes, thanks.

https://git.kernel.org/powerpc/c/083b20907185b076f21c265b30fe5b

cheers