Received: by 10.223.176.5 with SMTP id f5csp3363505wra; Mon, 29 Jan 2018 12:11:51 -0800 (PST) X-Google-Smtp-Source: AH8x224LsN3pZqW+Xst1tk1cwJbyYIh8uDFcI3QV7/zg974oRNkzTLzI8I6tMqH/TJJ+lMLleFGK X-Received: by 10.98.211.21 with SMTP id q21mr27420569pfg.89.1517256711328; Mon, 29 Jan 2018 12:11:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517256711; cv=none; d=google.com; s=arc-20160816; b=yR9PtqLhbNI/bCNfy3GZ6wCcDVPmR2AjDI8xrHXT6TUo3s9hLMPW6TvVtDffe9jA3z 9cIlK/ozeF/4VcIR3e/4V/yyrY2yr0h20itxjVf5MiFNu8LmdM3XjClM4ElSqtcPX2Sx 4YpOlBrKMxZcHEEpPQVcNMQbXtNmSJCFfFdTag9UMQQmzHeaw2+h1AJJfh0vW7/fFObM cQ6b2LuDwL/FqLVFbHSjXlmqmSy++hMkXiTe40VuDMBf7VbsxHKP4gFixQepZVCt0uDI Ja5nYnSaGCRvezd9qSLd5fdRq9IBkaZV3btMOwXQuhOvyexNYk3oW33YVU6rnwY62kV2 yT+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=/6ksdEcS4dfmrfqfhkuaWDvSnB8mbiG2vLFEsY+CwNs=; b=kBfkPLFEI6zrEQ1xgOM67qLEmN5uYxbucJ9h5RwnJW3vwb3qOVj6UnnYm5BeXnshyP 8vY6+m41Xm6ispiED7rhpNQMbmsoV2IOXs/5aQGCb/ufilwLzB6BLjx4yFJQ/11Qeiyf GiCwLlsDGQhMEwEzoLhkmBPARyipGbL0XRe4bbFmML9QZKrhugjGGsRV9vfTr+twSfWz b/dQqf0/ZE08GSNTpqznk18V0TL8Krk9F7oWnAVqaFKkVIx5kaBBy3grvlMJzq+QUJGY +q7U6m2V7J31PH/w9zwUFVrLF1IWXiTA+tTj6KvSlTXVXtHRELn+3czox/eZ2i/+/VSv fkIw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w8-v6si10187935plk.597.2018.01.29.12.11.36; Mon, 29 Jan 2018 12:11:51 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753655AbeA2ULL (ORCPT + 99 others); Mon, 29 Jan 2018 15:11:11 -0500 Received: from mail.linuxfoundation.org ([140.211.169.12]:59358 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753337AbeA2ULI (ORCPT ); Mon, 29 Jan 2018 15:11:08 -0500 Received: from localhost (LFbn-1-12258-90.w90-92.abo.wanadoo.fr [90.92.71.90]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id BCD263047; Mon, 29 Jan 2018 13:11:13 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, "ast@kernel.org, stable@vger.kernel.org, Daniel Borkmann" , Alexei Starovoitov , Daniel Borkmann Subject: [PATCH 4.14 70/71] bpf, arm64: fix stack_depth tracking in combination with tail calls Date: Mon, 29 Jan 2018 13:57:38 +0100 Message-Id: <20180129123832.239908860@linuxfoundation.org> X-Mailer: git-send-email 2.16.1 In-Reply-To: <20180129123827.271171825@linuxfoundation.org> References: <20180129123827.271171825@linuxfoundation.org> User-Agent: quilt/0.65 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Daniel Borkmann [ upstream commit a2284d912bfc865cdca4c00488e08a3550f9a405 ] Using dynamic stack_depth tracking in arm64 JIT is currently broken in combination with tail calls. In prologue, we cache ctx->stack_size and adjust SP reg for setting up function call stack, and tearing it down again in epilogue. Problem is that when doing a tail call, the cached ctx->stack_size might not be the same. One way to fix the problem with minimal overhead is to re-adjust SP in emit_bpf_tail_call() and properly adjust it to the current program's ctx->stack_size. Tested on Cavium ThunderX ARMv8. Fixes: f1c9eed7f437 ("bpf, arm64: take advantage of stack_depth tracking") Signed-off-by: Daniel Borkmann Signed-off-by: Alexei Starovoitov Signed-off-by: Greg Kroah-Hartman --- arch/arm64/net/bpf_jit_comp.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) --- a/arch/arm64/net/bpf_jit_comp.c +++ b/arch/arm64/net/bpf_jit_comp.c @@ -148,7 +148,8 @@ static inline int epilogue_offset(const /* Stack must be multiples of 16B */ #define STACK_ALIGN(sz) (((sz) + 15) & ~15) -#define PROLOGUE_OFFSET 8 +/* Tail call offset to jump into */ +#define PROLOGUE_OFFSET 7 static int build_prologue(struct jit_ctx *ctx) { @@ -200,19 +201,19 @@ static int build_prologue(struct jit_ctx /* Initialize tail_call_cnt */ emit(A64_MOVZ(1, tcc, 0, 0), ctx); - /* 4 byte extra for skb_copy_bits buffer */ - ctx->stack_size = prog->aux->stack_depth + 4; - ctx->stack_size = STACK_ALIGN(ctx->stack_size); - - /* Set up function call stack */ - emit(A64_SUB_I(1, A64_SP, A64_SP, ctx->stack_size), ctx); - cur_offset = ctx->idx - idx0; if (cur_offset != PROLOGUE_OFFSET) { pr_err_once("PROLOGUE_OFFSET = %d, expected %d!\n", cur_offset, PROLOGUE_OFFSET); return -1; } + + /* 4 byte extra for skb_copy_bits buffer */ + ctx->stack_size = prog->aux->stack_depth + 4; + ctx->stack_size = STACK_ALIGN(ctx->stack_size); + + /* Set up function call stack */ + emit(A64_SUB_I(1, A64_SP, A64_SP, ctx->stack_size), ctx); return 0; } @@ -260,11 +261,12 @@ static int emit_bpf_tail_call(struct jit emit(A64_LDR64(prg, tmp, prg), ctx); emit(A64_CBZ(1, prg, jmp_offset), ctx); - /* goto *(prog->bpf_func + prologue_size); */ + /* goto *(prog->bpf_func + prologue_offset); */ off = offsetof(struct bpf_prog, bpf_func); emit_a64_mov_i64(tmp, off, ctx); emit(A64_LDR64(tmp, prg, tmp), ctx); emit(A64_ADD_I(1, tmp, tmp, sizeof(u32) * PROLOGUE_OFFSET), ctx); + emit(A64_ADD_I(1, A64_SP, A64_SP, ctx->stack_size), ctx); emit(A64_BR(tmp), ctx); /* out: */