Received: by 2002:a05:6a10:9e8c:0:0:0:0 with SMTP id y12csp715683pxx; Thu, 29 Oct 2020 12:39:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyNw135n5YfnKZZCeh5YlMBd5gZDzgKg2LnosjpO2+JHLh/zc1aaEp4GksGfu7cb0oBddiE X-Received: by 2002:a50:cbc9:: with SMTP id l9mr5609034edi.310.1604000393643; Thu, 29 Oct 2020 12:39:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1604000393; cv=none; d=google.com; s=arc-20160816; b=NWmZbKijeASyLiPESnHArRihyofoPX7WAC1sxXoNFl+G7nf8kWjrhmXTziiosQdfzU HDCnfvEt1ijb+9qCKuxZX6sJPFF1lsuwK55fEzWSnurbhe2fFLDmOyHZzwy4QUmZFQwz 77tbrFkvL1b39SHLs9tnXizWPTjZL94XWzvPTSWgTZY8FVZpjMTXXUozjjyVIrZ66Plj G29v7w4Dbx6f13IQmTCee/pEhWZkfVERj7KcFUuF1s2voELE0u9nV3FCcm1rUYG3vJiC jio3tBeW/sERo43Jpd9NU7KQg1DlAcu5zr2Fh8XWf9TzFThPyrYxal0X+3edXgZ3glOs x/ng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=ycvfKMJ76qGv5R2aegMpcihPW70X6nt59v8Mw9I2ugw=; b=kZOCHDPegGxS75v0zSiwkeMRI1m4YToxsyRu23QxlPSBSN8oJ3PEszp8Kbs5ZNcy1h 6LUwJESTmW5om7hwbVpxj2ONNFWuNx97GJ1DFFuPfQAfNbpRO5xEcC7XynACEfFvjG0C XNQXN6PIn9C0MCrlXIOySSaNarpU6BU8/PikNXZqnhri72kqHvevK+ly3zcWtnckRFoy GVDvbmWVyiDLhhoAudbkoAGYA6eYJBnfIoXsgcTfesXa7kxoZrxvm/7d+/menWn+i58o NxT1/7LnLsSU2IHAf6hr5Sb7qwAvFO1MAdQ8bAnB0OtAfvyUjtNjQXynYQMPV9a46VYk 30Aw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=izTyanEo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id qx9si2394281ejb.327.2020.10.29.12.39.29; Thu, 29 Oct 2020 12:39:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=izTyanEo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726127AbgJ2Thh (ORCPT + 99 others); Thu, 29 Oct 2020 15:37:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57080 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725902AbgJ2The (ORCPT ); Thu, 29 Oct 2020 15:37:34 -0400 Received: from mail-wm1-x343.google.com (mail-wm1-x343.google.com [IPv6:2a00:1450:4864:20::343]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DFEC4C0613D2 for ; Thu, 29 Oct 2020 12:37:33 -0700 (PDT) Received: by mail-wm1-x343.google.com with SMTP id w23so903813wmi.4 for ; Thu, 29 Oct 2020 12:37:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ycvfKMJ76qGv5R2aegMpcihPW70X6nt59v8Mw9I2ugw=; b=izTyanEop1UPDUUQ5udPdWIFWKImCXKqGh4jRR9NHkUR7PJacQNPUnl107nqevZDDf 2ls5/MMnk0Cs59BTsoHhZgvmrt+5lvXOEh+0Z05+kpxfOO2IlaY+ZcjHt0JUr3S7Tb7C ZY/iiHgbbpAHv1LHoDTG1m/cM4A9ebvnpfS9xQ8Mm8NyQqJG9F8u2WZwjpKR5YmzSIz2 z0HaHtRxECijdT8h4xCRvj02t+j3uDLKnAp0uORBAw9n96mXNst5yyc+KqNcx1YCPXNc S751K42TeaDjXArM7ON+oRlPltHjzv6KuSJPaaEfpTQ/UomfhENUe5VSR5dgOUJBCOcJ CtIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ycvfKMJ76qGv5R2aegMpcihPW70X6nt59v8Mw9I2ugw=; b=YOpGhPD/VScuFCf8aFvCeq+CgTcX2oZ/ocFxkVK4E0LWITiSViDaOT7ZCtpVo1CLdt TivMF+b2ctaCldgwmGwaUT2H4V/cx24iM8Mg9sYNI5kifdcTEV75wz5RFU6rCyv2NSWP Szgs8VtE55++nDQ13ze25dXh40H5OFmSYugryJhQPwug0bSKtORxt2DQoyvGg+knH1cg EOqpTlDvzkieKjyKEjYKugqD169a7RKhbzK81b3a6gLAR/Y7DFiPRj8StZCmUwhJZbkL udlr7Tm6KSCQFeYAdV+7VftfTAuPTJGYw2dVQAtAWpjlH75hu/IRcI2q4HQi27OjIpsn wxrg== X-Gm-Message-State: AOAM531aKkaMw95Idn3mIoBqsauLx+Nv/3SBKywcmlI3lzgrC5ED7eor DB4GTDs7m/H4gkJuS6TbuawpisEfFrujtkJqWvhCoA== X-Received: by 2002:a1c:9cd8:: with SMTP id f207mr816563wme.76.1604000252387; Thu, 29 Oct 2020 12:37:32 -0700 (PDT) MIME-Version: 1.0 References: <20201029160938.154084-1-irogers@google.com> <497F86C5-BD00-4C38-BD87-C6EFB92D1088@fb.com> In-Reply-To: <497F86C5-BD00-4C38-BD87-C6EFB92D1088@fb.com> From: Ian Rogers Date: Thu, 29 Oct 2020 12:37:20 -0700 Message-ID: Subject: Re: [PATCH] libbpf hashmap: Fix undefined behavior in hash_bits To: Song Liu Cc: Alexei Starovoitov , Daniel Borkmann , Martin Lau , Yonghong Song , Andrii Nakryiko , John Fastabend , KP Singh , "netdev@vger.kernel.org" , "bpf@vger.kernel.org" , "linux-kernel@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Oct 29, 2020 at 10:45 AM Song Liu wrote: > > > On Oct 29, 2020, at 9:09 AM, Ian Rogers wrote: > > > > If bits is 0, the case when the map is empty, then the >> is the size of > > the register which is undefined behavior - on x86 it is the same as a > > shift by 0. Fix by handling the 0 case explicitly when running with > > address sanitizer. > > > > A variant of this patch was posted previously as: > > https://lore.kernel.org/lkml/20200508063954.256593-1-irogers@google.com/ > > > > Signed-off-by: Ian Rogers > > --- > > tools/lib/bpf/hashmap.h | 14 ++++++++++++++ > > 1 file changed, 14 insertions(+) > > > > diff --git a/tools/lib/bpf/hashmap.h b/tools/lib/bpf/hashmap.h > > index d9b385fe808c..27d0556527d3 100644 > > --- a/tools/lib/bpf/hashmap.h > > +++ b/tools/lib/bpf/hashmap.h > > @@ -12,9 +12,23 @@ > > #include > > #include > > > > +#ifdef __has_feature > > +#define HAVE_FEATURE(f) __has_feature(f) > > +#else > > +#define HAVE_FEATURE(f) 0 > > +#endif > > + > > static inline size_t hash_bits(size_t h, int bits) > > { > > /* shuffle bits and return requested number of upper bits */ > > +#if defined(ADDRESS_SANITIZER) || HAVE_FEATURE(address_sanitizer) > > I am not very familiar with these features. Is address sanitizer same > as undefined behavior sanitizer (mentioned in previous version)? My preference would be to special case bits == 0 without the feature guards as per the original change, this is the most correct. There is some feature support for detecting ubsan: https://github.com/google/sanitizers/issues/765 In my case I see this with address sanitizer and older versions of clang don't expose ubsan as a feature. > > + /* > > + * If the requested bits == 0 avoid undefined behavior from a > > + * greater-than bit width shift right (aka invalid-shift-exponent). > > + */ > > + if (bits == 0) > > + return -1; > > Shall we return 0 or -1 (0xffffffff) here? The value isn't used and so doesn't matter. -1 seemed less likely to silently succeed. > Also, we have HASHMAP_MIN_CAP_BITS == 2. Shall we just make sure we > never feed bits == 0 into hash_bits()? I think that'd be a different change. I'd be happy to see it. Thanks, Ian > Thanks, > Song > > > > +#endif > > #if (__SIZEOF_SIZE_T__ == __SIZEOF_LONG_LONG__) > > /* LP64 case */ > > return (h * 11400714819323198485llu) >> (__SIZEOF_LONG_LONG__ * 8 - bits); > > -- > > 2.29.1.341.ge80a0c044ae-goog > > >