linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH bpf] bpf, riscv: Fix tail call count off by one in RV32 BPF JIT
@ 2020-04-21  0:28 Luke Nelson
  2020-04-21  4:29 ` Xi Wang
  2020-04-23  5:29 ` Alexei Starovoitov
  0 siblings, 2 replies; 3+ messages in thread
From: Luke Nelson @ 2020-04-21  0:28 UTC (permalink / raw)
  To: bpf
  Cc: Luke Nelson, Xi Wang, Paul Walmsley, Palmer Dabbelt, Albert Ou,
	Alexei Starovoitov, Daniel Borkmann, Martin KaFai Lau, Song Liu,
	Yonghong Song, Andrii Nakryiko, John Fastabend, KP Singh,
	Björn Töpel, netdev, linux-riscv, linux-kernel

This patch fixes an off by one error in the RV32 JIT handling for BPF
tail call. Currently, the code decrements TCC before checking if it
is less than zero. This limits the maximum number of tail calls to 32
instead of 33 as in other JITs. The fix is to instead check the old
value of TCC before decrementing.

Fixes: 5f316b65e99f ("riscv, bpf: Add RV32G eBPF JIT")
Signed-off-by: Luke Nelson <luke.r.nels@gmail.com>
---
 arch/riscv/net/bpf_jit_comp32.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/arch/riscv/net/bpf_jit_comp32.c b/arch/riscv/net/bpf_jit_comp32.c
index 302934177760..11083d4d5f2d 100644
--- a/arch/riscv/net/bpf_jit_comp32.c
+++ b/arch/riscv/net/bpf_jit_comp32.c
@@ -770,12 +770,13 @@ static int emit_bpf_tail_call(int insn, struct rv_jit_context *ctx)
 	emit_bcc(BPF_JGE, lo(idx_reg), RV_REG_T1, off, ctx);
 
 	/*
-	 * if ((temp_tcc = tcc - 1) < 0)
+	 * temp_tcc = tcc - 1;
+	 * if (tcc < 0)
 	 *   goto out;
 	 */
 	emit(rv_addi(RV_REG_T1, RV_REG_TCC, -1), ctx);
 	off = (tc_ninsn - (ctx->ninsns - start_insn)) << 2;
-	emit_bcc(BPF_JSLT, RV_REG_T1, RV_REG_ZERO, off, ctx);
+	emit_bcc(BPF_JSLT, RV_REG_TCC, RV_REG_ZERO, off, ctx);
 
 	/*
 	 * prog = array->ptrs[index];
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH bpf] bpf, riscv: Fix tail call count off by one in RV32 BPF JIT
  2020-04-21  0:28 [PATCH bpf] bpf, riscv: Fix tail call count off by one in RV32 BPF JIT Luke Nelson
@ 2020-04-21  4:29 ` Xi Wang
  2020-04-23  5:29 ` Alexei Starovoitov
  1 sibling, 0 replies; 3+ messages in thread
From: Xi Wang @ 2020-04-21  4:29 UTC (permalink / raw)
  To: Luke Nelson
  Cc: bpf, Luke Nelson, Paul Walmsley, Palmer Dabbelt, Albert Ou,
	Alexei Starovoitov, Daniel Borkmann, Martin KaFai Lau, Song Liu,
	Yonghong Song, Andrii Nakryiko, John Fastabend, KP Singh,
	Björn Töpel, netdev, linux-riscv, linux-kernel

On Mon, Apr 20, 2020 at 5:28 PM Luke Nelson <lukenels@cs.washington.edu> wrote:
> This patch fixes an off by one error in the RV32 JIT handling for BPF
> tail call. Currently, the code decrements TCC before checking if it
> is less than zero. This limits the maximum number of tail calls to 32
> instead of 33 as in other JITs. The fix is to instead check the old
> value of TCC before decrementing.
>
> Fixes: 5f316b65e99f ("riscv, bpf: Add RV32G eBPF JIT")
> Signed-off-by: Luke Nelson <luke.r.nels@gmail.com>
> ---
>  arch/riscv/net/bpf_jit_comp32.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/arch/riscv/net/bpf_jit_comp32.c b/arch/riscv/net/bpf_jit_comp32.c
> index 302934177760..11083d4d5f2d 100644
> --- a/arch/riscv/net/bpf_jit_comp32.c
> +++ b/arch/riscv/net/bpf_jit_comp32.c
> @@ -770,12 +770,13 @@ static int emit_bpf_tail_call(int insn, struct rv_jit_context *ctx)
>         emit_bcc(BPF_JGE, lo(idx_reg), RV_REG_T1, off, ctx);
>
>         /*
> -        * if ((temp_tcc = tcc - 1) < 0)
> +        * temp_tcc = tcc - 1;
> +        * if (tcc < 0)
>          *   goto out;
>          */
>         emit(rv_addi(RV_REG_T1, RV_REG_TCC, -1), ctx);
>         off = (tc_ninsn - (ctx->ninsns - start_insn)) << 2;
> -       emit_bcc(BPF_JSLT, RV_REG_T1, RV_REG_ZERO, off, ctx);
> +       emit_bcc(BPF_JSLT, RV_REG_TCC, RV_REG_ZERO, off, ctx);

Nice catch!

Acked-by: Xi Wang <xi.wang@gmail.com>

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH bpf] bpf, riscv: Fix tail call count off by one in RV32 BPF JIT
  2020-04-21  0:28 [PATCH bpf] bpf, riscv: Fix tail call count off by one in RV32 BPF JIT Luke Nelson
  2020-04-21  4:29 ` Xi Wang
@ 2020-04-23  5:29 ` Alexei Starovoitov
  1 sibling, 0 replies; 3+ messages in thread
From: Alexei Starovoitov @ 2020-04-23  5:29 UTC (permalink / raw)
  To: Luke Nelson
  Cc: bpf, Luke Nelson, Xi Wang, Paul Walmsley, Palmer Dabbelt,
	Albert Ou, Alexei Starovoitov, Daniel Borkmann, Martin KaFai Lau,
	Song Liu, Yonghong Song, Andrii Nakryiko, John Fastabend,
	KP Singh, Björn Töpel, Network Development,
	linux-riscv, LKML

On Mon, Apr 20, 2020 at 5:28 PM Luke Nelson <lukenels@cs.washington.edu> wrote:
>
> This patch fixes an off by one error in the RV32 JIT handling for BPF
> tail call. Currently, the code decrements TCC before checking if it
> is less than zero. This limits the maximum number of tail calls to 32
> instead of 33 as in other JITs. The fix is to instead check the old
> value of TCC before decrementing.
>
> Fixes: 5f316b65e99f ("riscv, bpf: Add RV32G eBPF JIT")
> Signed-off-by: Luke Nelson <luke.r.nels@gmail.com>

Applied. Thanks

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-04-23  5:29 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-21  0:28 [PATCH bpf] bpf, riscv: Fix tail call count off by one in RV32 BPF JIT Luke Nelson
2020-04-21  4:29 ` Xi Wang
2020-04-23  5:29 ` Alexei Starovoitov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).