Received: by 2002:ac0:aed5:0:0:0:0:0 with SMTP id t21csp816432imb; Fri, 1 Mar 2019 15:07:42 -0800 (PST) X-Google-Smtp-Source: APXvYqwBcMWz7B3XUsxWNKjbQ4rHxv08OCZxHBbTZQi6Gg6bpQ86JO4RyHa6mAxQkYtdFOC0AICN X-Received: by 2002:a17:902:650b:: with SMTP id b11mr8117638plk.293.1551481662578; Fri, 01 Mar 2019 15:07:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551481662; cv=none; d=google.com; s=arc-20160816; b=YuF4WbYzjpQ3pApI+Kr4ZWVinHPDCz8BPF2ETEJpbnUHrpcH9cxlnlP3WDRyCi69oP TyCMPlpxw+sXsF4w4mVV2wp5mk4SRoiqj4ta4Z4Tbk4JTfDzTqmSVbbxOmqKQwxAZS3z aY4llGT2XWFZJTSAAY4PkNr78OYLOaLw4ig3jAIOVu9Vw+OWUXdvjdp0gvDe2uO2YG2n PxDQoQiogbNLr6xdl6yEkOrfdhfQ94UEGUaR8Cmv6n2Ea5SvnIdTIz2U7HVyT7hFJT5x xXn90Y2Ve0wp3lulhAm9QcTgm9jnI+9roVg9mVIrZUZRlFu7u6LGEjuI+lz+MWJ6Ikk9 WXMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=Xs1CFTTL0fh3ssgLeqN8WvpQOcJBD0H37BdtWKuNFfo=; b=Fou1bD8ohc0sXChHzzpzSsVWm+ehZfJOFhCDxqKJIHwbKOCkspmUZebresY3Ddt3PO G6fXhXCtbLicT4vq9Fmo394oDvMq3IU6pdOlMXPHqZgw5F9ReUdMgnhxFhBrHl6xpp++ w4BdeMJ/R5fPkbUv/Hqo+F4kg1U86whSFElqKj+7IWjtqm5Yitic947xbqFAoQMBOhFK aQtPHB/4HIFR65d1FR3fYxH6iEkvwr+NWch7Xby/hMIxga6I+R3kf0I9LOc17nbaOwfq 2pJa2G9BHeEvu1L5pMqwVxAhD2Kr57lx75TURwcI8Qgjx60YSBKYzFaATV4K/fu7IbH1 m1pA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a1si17841632pld.152.2019.03.01.15.07.27; Fri, 01 Mar 2019 15:07:42 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726922AbfCAXHE (ORCPT + 99 others); Fri, 1 Mar 2019 18:07:04 -0500 Received: from www62.your-server.de ([213.133.104.62]:60398 "EHLO www62.your-server.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725982AbfCAXHE (ORCPT ); Fri, 1 Mar 2019 18:07:04 -0500 Received: from [78.46.172.2] (helo=sslproxy05.your-server.de) by www62.your-server.de with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89_1) (envelope-from ) id 1gzrF7-000444-CH; Sat, 02 Mar 2019 00:07:01 +0100 Received: from [178.197.248.21] (helo=linux.home) by sslproxy05.your-server.de with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1gzrF7-000Cyr-4L; Sat, 02 Mar 2019 00:07:01 +0100 Subject: Re: [PATCH] MIPS: eBPF: Fix icache flush end address To: Paul Burton , "linux-mips@vger.kernel.org" , "bpf@vger.kernel.org" , "netdev@vger.kernel.org" Cc: "linux-kernel@vger.kernel.org" , Paul Burton , Alexei Starovoitov , Martin KaFai Lau , Song Liu , Yonghong Song , "stable@vger.kernel.org" References: <20190301225743.8632-1-paul.burton@mips.com> From: Daniel Borkmann Message-ID: <6319f997-bc83-5515-4b3b-a87f57c65db3@iogearbox.net> Date: Sat, 2 Mar 2019 00:07:00 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <20190301225743.8632-1-paul.burton@mips.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Authenticated-Sender: daniel@iogearbox.net X-Virus-Scanned: Clear (ClamAV 0.100.2/25374/Thu Feb 28 11:38:05 2019) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 03/01/2019 11:58 PM, Paul Burton wrote: > The MIPS eBPF JIT calls flush_icache_range() in order to ensure the > icache observes the code that we just wrote. Unfortunately it gets the > end address calculation wrong due to some bad pointer arithmetic. > > The struct jit_ctx target field is of type pointer to u32, and as such > adding one to it will increment the address being pointed to by 4 bytes. > Therefore in order to find the address of the end of the code we simply > need to add the number of 4 byte instructions emitted, but we mistakenly > add the number of instructions multiplied by 4. This results in the call > to flush_icache_range() operating on a memory region 4x larger than > intended, which is always wasteful and can cause crashes if we overrun > into an unmapped page. > > Fix this by correcting the pointer arithmetic to remove the bogus > multiplication, and use braces to remove the need for a set of brackets > whilst also making it obvious that the target field is a pointer. > > Signed-off-by: Paul Burton > Fixes: b6bd53f9c4e8 ("MIPS: Add missing file for eBPF JIT.") > Cc: Alexei Starovoitov > Cc: Daniel Borkmann > Cc: Martin KaFai Lau > Cc: Song Liu > Cc: Yonghong Song > Cc: netdev@vger.kernel.org > Cc: bpf@vger.kernel.org > Cc: linux-mips@vger.kernel.org > Cc: stable@vger.kernel.org # v4.13+ Good catch, applied to bpf, thanks!