bpf.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: John Fastabend <john.fastabend@gmail.com>
To: john.fastabend@gmail.com, kafai@fb.com, daniel@iogearbox.net,
	ast@kernel.org
Cc: netdev@vger.kernel.org, bpf@vger.kernel.org
Subject: [bpf PATCH v2 3/5] bpf, selftests: Add tests for ctx access in sock_ops with single register
Date: Wed, 29 Jul 2020 09:23:32 -0700	[thread overview]
Message-ID: <159603981285.4454.14040533307191666685.stgit@john-Precision-5820-Tower> (raw)
In-Reply-To: <159603940602.4454.2991262810036844039.stgit@john-Precision-5820-Tower>

To verify fix ("bpf: sock_ops ctx access may stomp registers in corner case")
we want to force compiler to generate the following code when accessing a
field with BPF_TCP_SOCK_GET_COMMON,

     r1 = *(u32 *)(r1 + 96) // r1 is skops ptr

Rather than depend on clang to do this we add the test with inline asm to
the tcpbpf test. This saves us from having to create another runner and
ensures that if we break this again test_tcpbpf will crash.

With above code we get the xlated code,

  11: (7b) *(u64 *)(r1 +32) = r9
  12: (61) r9 = *(u32 *)(r1 +28)
  13: (15) if r9 == 0x0 goto pc+4
  14: (79) r9 = *(u64 *)(r1 +32)
  15: (79) r1 = *(u64 *)(r1 +0)
  16: (61) r1 = *(u32 *)(r1 +2348)
  17: (05) goto pc+1
  18: (79) r9 = *(u64 *)(r1 +32)

We also add the normal case where src_reg != dst_reg so we can compare
code generation easily from llvm-objdump and ensure that case continues
to work correctly. The normal code is xlated to,

  20: (b7) r1 = 0
  21: (61) r1 = *(u32 *)(r3 +28)
  22: (15) if r1 == 0x0 goto pc+2
  23: (79) r1 = *(u64 *)(r3 +0)
  24: (61) r1 = *(u32 *)(r1 +2348)

Where the temp variable is not used.

Signed-off-by: John Fastabend <john.fastabend@gmail.com>
---
 .../testing/selftests/bpf/progs/test_tcpbpf_kern.c |   13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/tools/testing/selftests/bpf/progs/test_tcpbpf_kern.c b/tools/testing/selftests/bpf/progs/test_tcpbpf_kern.c
index 1f1966e..f8b13682 100644
--- a/tools/testing/selftests/bpf/progs/test_tcpbpf_kern.c
+++ b/tools/testing/selftests/bpf/progs/test_tcpbpf_kern.c
@@ -54,6 +54,7 @@ SEC("sockops")
 int bpf_testcb(struct bpf_sock_ops *skops)
 {
 	char header[sizeof(struct ipv6hdr) + sizeof(struct tcphdr)];
+	struct bpf_sock_ops *reuse = skops;
 	struct tcphdr *thdr;
 	int good_call_rv = 0;
 	int bad_call_rv = 0;
@@ -62,6 +63,18 @@ int bpf_testcb(struct bpf_sock_ops *skops)
 	int v = 0;
 	int op;
 
+	/* Test reading fields in bpf_sock_ops using single register */
+	asm volatile (
+		"%[reuse] = *(u32 *)(%[reuse] +96)"
+		: [reuse] "+r"(reuse)
+		:);
+
+	asm volatile (
+		"%[op] = *(u32 *)(%[skops] +96)"
+		: [op] "+r"(op)
+		: [skops] "r"(skops)
+		:);
+
 	op = (int) skops->op;
 
 	update_event_map(op);


  parent reply	other threads:[~2020-07-29 16:23 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-29 16:22 [bpf PATCH v2 0/5] Fix sock_ops field read splat John Fastabend
2020-07-29 16:22 ` [bpf PATCH v2 1/5] bpf: sock_ops ctx access may stomp registers in corner case John Fastabend
2020-07-29 21:29   ` Song Liu
2020-07-31 12:25   ` Daniel Borkmann
2020-07-31 22:46     ` John Fastabend
2020-07-29 16:23 ` [bpf PATCH v2 2/5] bpf: sock_ops sk access may stomp registers when dst_reg = src_reg John Fastabend
2020-07-29 21:30   ` Song Liu
2020-07-29 16:23 ` John Fastabend [this message]
2020-07-29 21:35   ` [bpf PATCH v2 3/5] bpf, selftests: Add tests for ctx access in sock_ops with single register Song Liu
2020-07-29 16:23 ` [bpf PATCH v2 4/5] bpf, selftests: Add tests for sock_ops load with r9, r8.r7 registers John Fastabend
2020-07-29 21:36   ` Song Liu
2020-07-29 16:24 ` [bpf PATCH v2 5/5] bpf, selftests: Add tests to sock_ops for loading sk John Fastabend
2020-07-29 21:36   ` Song Liu
2020-07-29 21:57 ` [bpf PATCH v2 0/5] Fix sock_ops field read splat Martin KaFai Lau

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=159603981285.4454.14040533307191666685.stgit@john-Precision-5820-Tower \
    --to=john.fastabend@gmail.com \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=kafai@fb.com \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).