Received: by 2002:a25:23cc:0:0:0:0:0 with SMTP id j195csp1095142ybj; Thu, 7 May 2020 14:50:39 -0700 (PDT) X-Google-Smtp-Source: APiQypLJpecS9e2mjXX75UhHsesxAhvX3EB7rHuDbFhAQuS6AyRnmcR99riUgcBAgSBZjMKObOL6 X-Received: by 2002:a50:f74c:: with SMTP id j12mr14781500edn.197.1588888239149; Thu, 07 May 2020 14:50:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588888239; cv=none; d=google.com; s=arc-20160816; b=wN5+vzLlRs2r+ouuD3W9k6HCWFuCfAKFOBb1yhD+cQwxrTRYBI+ufGVU0mKfiRyNpj qDyMz9kptJxcflWdippMIXk30tWJx7ZMVdqwsyL0wFraLAM5RiUGAf0SnPYvNPR/3lwY +9X8ZbLFU3Q/nd2GuWhDvxb55oVZva0GAQ38vkDUiJx5izmDPzHWh1JKSV0H4KQUX5aA BRRFyMidXy2dgeglwW9oWRmSriFEQWNbfdhQudK6fXHDdnWWPSjA8cRkkqoaDeSQ7Zd5 cV4AC3IQ+Es26Clw/GSNrsXuIdkPz9e5gFMRPUrjWoSh8EsmsbboxxTusGvuYAy4uqTn pPyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=3VucMel2VcMPBSW+yTXmQNjNtFkFkvQaIgxnkoAD4f8=; b=YlivPExpY7Qw8/DrpJFaK4OCqaYTftQHZJ7emcV42hn16XruQimJy3zN+DcEr11Qvj vwcjaoM0ob97IMfS1jVaif0psgRBBoML3UmWT4WhM74gWYLbkjBYSgbfFndHLV07PHMI bQFa/0GJh2i4T/8hCU1ymgfwQBK0CPhIchwJA/eHXIUih7NS8Cwd074ETku3whJw0gxQ xj495zncfvMi3hTulq1kwGOt5yIhg9bqZtRkBOrIjrSSFbmqFxwJSiz9rMU4XUd2grr7 xsLtjx+t+XFzTFsscVbmMRWGHsn3DMadeZsARLt7I7x9A4BeONQcQX7+fWNIxBzzbbTQ 7AQw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=XTFfyL0X; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dk10si4071545edb.3.2020.05.07.14.50.16; Thu, 07 May 2020 14:50:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=XTFfyL0X; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727917AbgEGVsV (ORCPT + 99 others); Thu, 7 May 2020 17:48:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33044 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726797AbgEGVsU (ORCPT ); Thu, 7 May 2020 17:48:20 -0400 Received: from mail-wm1-x342.google.com (mail-wm1-x342.google.com [IPv6:2a00:1450:4864:20::342]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 09E12C05BD43; Thu, 7 May 2020 14:48:20 -0700 (PDT) Received: by mail-wm1-x342.google.com with SMTP id z6so8565084wml.2; Thu, 07 May 2020 14:48:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3VucMel2VcMPBSW+yTXmQNjNtFkFkvQaIgxnkoAD4f8=; b=XTFfyL0XjPY7WSY1nM9GnAVxhp50hPvP6sxaihKi3WiXOAuDH3DX4mdLzFm4TnCmEU wNlVTgcnpgvZ9uMAvSogigH38BM16GIeef3g71BVQGlch6SiBNo9/Tl+EcV/Jchxbqt8 tYRdXaXzY0+ewSiDtKZpt0mbfGs37IJWEmcSutt4xCJ11cA0sXQMR6qqmqQUzhAcMd7M R0AUmbnjP/TbbJ6i4lmJElqstbx+E3124Vbo+GpGHh3RIq+UgjYxuXENF46mC0Hc43Vj eCR6GnZp5L6fu273XIOX68PBA4gnjAN/krX0Rjp6LEloMSuXuNM5cWpgUn45n6E6+yfw i7Fg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3VucMel2VcMPBSW+yTXmQNjNtFkFkvQaIgxnkoAD4f8=; b=jUhhZulnTVBtq1pADOsJq8HL6WMml5U/v0CL5S9NjuRmUwtmf2UmItH5LtWdFlQs97 D36DUg3a9xvQGEEfbHSdA91K9PRbTyCWWXBxhp1AthuC+1tCTp8qnQRC7UPZw2OOjkBq 8S/jDWmad3EDcSQEJv3XdToyE+jmP6u/JvtWIwqx7iLDH1ZcuQTpReA7Um52Sgoh/YX5 GONFR+CfjaBymbNpMxUBhDrkLO2lRO/DTreO7F4/sJIo35JN8gLporrhcycVppwzRzLH 9fkGxvSP5Qfy/KGnFe0/Y7YpP70KNxJJl++sng++g7yZBWnFdyyv7quadAtEaq6/vo/O RPZQ== X-Gm-Message-State: AGi0PubN8pnd7iu1gNgeVaKoVGLIE9IvC+xlnjvn3Ty/raZ1Hx4BhcYl 8QaB2cbX1ibfVqNNaMn2UjUQpZgTjUAE6vY/48iQhZ9s X-Received: by 2002:a05:600c:24cf:: with SMTP id 15mr12017512wmu.94.1588888098625; Thu, 07 May 2020 14:48:18 -0700 (PDT) MIME-Version: 1.0 References: <20200507010504.26352-1-luke.r.nels@gmail.com> <20200507010504.26352-2-luke.r.nels@gmail.com> <20200507082934.GA28215@willie-the-truck> <20200507101224.33a44d71@why> In-Reply-To: <20200507101224.33a44d71@why> From: Luke Nelson Date: Thu, 7 May 2020 14:48:07 -0700 Message-ID: Subject: Re: [RFC PATCH bpf-next 1/3] arm64: insn: Fix two bugs in encoding 32-bit logical immediates To: Marc Zyngier , Will Deacon Cc: Luke Nelson , bpf , Xi Wang , Catalin Marinas , Daniel Borkmann , Alexei Starovoitov , Zi Shen Lim , Martin KaFai Lau , Song Liu , Yonghong Song , Andrii Nakryiko , John Fastabend , KP Singh , Mark Rutland , Greg Kroah-Hartman , Thomas Gleixner , linux-arm-kernel@lists.infradead.org, open list , Networking , clang-built-linux@googlegroups.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi everyone, Thanks for the comments! Responses below: > It's a bit grotty spreading the checks out now. How about we tweak things > slightly along the lines of: > > > diff --git a/arch/arm64/kernel/insn.c b/arch/arm64/kernel/insn.c > index 4a9e773a177f..60ec788eaf33 100644 > --- a/arch/arm64/kernel/insn.c > +++ b/arch/arm64/kernel/insn.c > [...] Agreed; this new version looks much cleaner. I re-ran all the tests / verification and everything seems good. Would you like me to submit a v2 of this series with this new code? >> We tested the new code against llvm-mc with all 1,302 encodable 32-bit >> logical immediates and all 5,334 encodable 64-bit logical immediates. > > That, on its own, is awesome information. Do you have any pointer on > how to set this up? Sure! The process of running the tests is pretty involved, but I'll describe it below and give some links here. We found the bugs in insn.c while adding support for logical immediates to the BPF JIT and verifying the changes with our tool, Serval: https://github.com/uw-unsat/serval-bpf. The basic idea for how we tested / verified logical immediates is the following: First, we have a Python script [1] for generating every encodable logical immediate and the corresponding instruction fields that encode that immediate. The script validates the list by checking that llvm-mc decodes each instruction back to the expected immediate. Next, we use the list [2] from the first step to check a Racket translation [3] of the logical immediate encoding function in insn.c. We found the second mask bug by noticing that some (encodable) 32-bit immediates were being rejected by the encoding function. Last, we use the Racket translation of the encoding function to verify the correctness of the BPF JIT implementation [4], i.e., the JIT correctly compiles BPF_{AND,OR,XOR,JSET} BPF_K instructions to arm64 instructions with equivalent semantics. We found the first bug as the verifier complained that the function was producing invalid encodings for 32-bit -1 immediates, and we were able to reproduce a kernel crash using the BPF tests. We manually translated the C code to Racket because our verifier, Serval, currently only works on Racket code. Thanks again, - Luke [1]: https://github.com/uw-unsat/serval-bpf/blob/00838174659034e9527e67d9eccd2def2354cec6/racket/test/arm64/gen-logic-imm.py [2]: https://github.com/uw-unsat/serval-bpf/blob/00838174659034e9527e67d9eccd2def2354cec6/racket/test/arm64/logic-imm.rkt [3]: https://github.com/uw-unsat/serval-bpf/blob/00838174659034e9527e67d9eccd2def2354cec6/racket/arm64/insn.rkt#L66 [4]: https://github.com/uw-unsat/serval-bpf/blob/00838174659034e9527e67d9eccd2def2354cec6/racket/arm64/bpf_jit_comp.rkt