Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp55978ybb; Tue, 7 Apr 2020 16:45:16 -0700 (PDT) X-Google-Smtp-Source: APiQypJwsl/8f4EX2tt5oSGYjrKkJyeVQmFdjHthNdxH+EaXDnyb2skLVkN2t0CHVi4CL3ssWHh9 X-Received: by 2002:a05:6830:1f39:: with SMTP id e25mr3746042oth.135.1586303116296; Tue, 07 Apr 2020 16:45:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1586303116; cv=none; d=google.com; s=arc-20160816; b=PzzCIRrJbUOcjITxRq2WEMKseqIdG8nVvProgqzpUwXqvQTa6O/GSMsSC9U+nsdY+6 Ii2ZvV6Awj6L3DY6kvYZYclsF1GQPBpH5oIbXAMq8WMpQ6nbswK7PqhyCxC2xWI5EkbX JC57DAZ1r/A8o6D6t1fpWuyamqeJxejqEs30EvT1WdI1RqCdthHKPwki2QFqZmwXPMXg rzD+GLx7jMcAHSJUVjhJJXgKMrnAMNKAn62FOBu44xOA7jDBR8Qqsujt71SrpRSWIZ80 LcqcJCkgFULeXWk/0y4D5drhgxPDoVdoOmXsj0ht7CloHKQnJGH0zvvzW2/+QqtkFwA0 JNzg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=51wbKckNVQ5mEMdTELUApNVgbj0gJ24bIKsNeBkoENs=; b=L1Y9J2pQjaQ8vu3E58ZKD71d202mZYyMQxRaFVm2k/irCcBt3/ao1cruQ2TmBsHKSD KMDzVH9iJukleDrvxfNcLwXvIN0np8ki52P6rDUtPE0AfvJugGxbtp3l01iJwLtFlEr5 6ZGwPORQ9Rq30ea2bSdfpcmjaP3AN5S840Xl0r0ymIBZhvVYYc83969KzKONw46QnCq1 P2tffIfUzlBPu+UJcGDeJKSt5u7hTwWRE2d+EPF76ZF3pQ+5MPbFGIibr9SpEiz2UyDZ OuK7OTvQ+npWBAsGkubYo96kCRHJGG7gccIh1ZJZ7y/8TLM52eoU8fr+9ej5NIlo7Zhh dfjw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r82si1296804oia.155.2020.04.07.16.44.53; Tue, 07 Apr 2020 16:45:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726444AbgDGXoN (ORCPT + 99 others); Tue, 7 Apr 2020 19:44:13 -0400 Received: from www62.your-server.de ([213.133.104.62]:57580 "EHLO www62.your-server.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726386AbgDGXoN (ORCPT ); Tue, 7 Apr 2020 19:44:13 -0400 Received: from sslproxy06.your-server.de ([78.46.172.3]) by www62.your-server.de with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89_1) (envelope-from ) id 1jLxt0-0001PO-3o; Wed, 08 Apr 2020 01:44:06 +0200 Received: from [178.195.186.98] (helo=pc-9.home) by sslproxy06.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jLxsz-0008rw-Hi; Wed, 08 Apr 2020 01:44:05 +0200 Subject: Re: [PATCH bpf] riscv, bpf: Fix offset range checking for auipc+jalr on RV64 To: Luke Nelson , bpf@vger.kernel.org Cc: Xi Wang , Luke Nelson , =?UTF-8?B?QmrDtnJuIFTDtnBlbA==?= , Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexei Starovoitov , Martin KaFai Lau , Song Liu , Yonghong Song , Andrii Nakryiko , John Fastabend , KP Singh , netdev@vger.kernel.org, linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org References: <20200406221604.18547-1-luke.r.nels@gmail.com> From: Daniel Borkmann Message-ID: Date: Wed, 8 Apr 2020 01:44:04 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2 MIME-Version: 1.0 In-Reply-To: <20200406221604.18547-1-luke.r.nels@gmail.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Authenticated-Sender: daniel@iogearbox.net X-Virus-Scanned: Clear (ClamAV 0.102.2/25775/Tue Apr 7 14:53:51 2020) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 4/7/20 12:16 AM, Luke Nelson wrote: > The existing code in emit_call on RV64 checks that the PC-relative offset > to the function fits in 32 bits before calling emit_jump_and_link to emit > an auipc+jalr pair. However, this check is incorrect because offsets in > the range [2^31 - 2^11, 2^31 - 1] cannot be encoded using auipc+jalr on > RV64 (see discussion [1]). The RISC-V spec has recently been updated > to reflect this fact [2, 3]. > > This patch fixes the problem by moving the check on the offset into > emit_jump_and_link and modifying it to the correct range of encodable > offsets, which is [-2^31 - 2^11, 2^31 - 2^11). This also enforces the > check on the offset to other uses of emit_jump_and_link (e.g., BPF_JA) > as well. > > Currently, this bug is unlikely to be triggered, because the memory > region from which JITed images are allocated is close enough to kernel > text for the offsets to not become too large; and because the bounds on > BPF program size are small enough. This patch prevents this problem from > becoming an issue if either of these change. > > [1]: https://groups.google.com/a/groups.riscv.org/forum/#!topic/isa-dev/bwWFhBnnZFQ > [2]: https://github.com/riscv/riscv-isa-manual/commit/b1e42e09ac55116dbf9de5e4fb326a5a90e4a993 > [3]: https://github.com/riscv/riscv-isa-manual/commit/4c1b2066ebd2965a422e41eb262d0a208a7fea07 > > Signed-off-by: Luke Nelson Applied, thanks!