Received: by 2002:a05:7412:98c1:b0:fa:551:50a7 with SMTP id kc1csp1695479rdb; Mon, 8 Jan 2024 07:27:54 -0800 (PST) X-Google-Smtp-Source: AGHT+IEQwePzFF8IEN7EdvZQqe0vzZB6rDPp4vxef5BIJN2mB0x5TWwchPq/kUqeAqtoJPl/vwm0 X-Received: by 2002:a05:620a:1794:b0:783:29c3:7937 with SMTP id ay20-20020a05620a179400b0078329c37937mr445461qkb.39.1704727674192; Mon, 08 Jan 2024 07:27:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704727674; cv=none; d=google.com; s=arc-20160816; b=Sk8xfc4UKd5H4XAbec3lQjApPIP5RaFr4STRcMRzhOf075nlonGj0e+4Uv6NdarWLs Boi25jIRghSUjSlq4SyXdwybr+CiSG9aWdKBu8OHpEJRPFB1aRIflboSbePX5qOMqWwV RBT/pD4zaP0hTjW39mdpLgKDit4asIT87+0REhN4ywf4aMOOPjG/UGkX3kPyfUppQPD/ N57HANBO5rZBKLlmreOI37VG5QExOCE3WhTxHsZztyHHu4Yf6PpAVD0ewQXyHghkGiYK iSDlqo/Afrxsi0+kns1Q88Dr3g9SQGutlKEIxATVFPMJmqrqW05KA0vr4t/jOQhBNIuK rk3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:in-reply-to:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=Y4MEnlTx9Dk7KhHjiCM2gMag4basiFzoRieMIdpOKxE=; fh=+xQhqiRcjE+yhy/FCKmFduKiVu6m31F4xgQVSW37X0Q=; b=ItcUzywzkuzIVeG5IWYrikImKWaKbr3an2AGvkR/+V7+0peHtQ6gAJV4mJNdNy0mpI i/G/ujw2CRrHLlK5c5MuxDx+cNhgt2BP1IDvFEEEd8vQuM2txiCbjxRrpYdbqlYX0FQ3 LqdizaRvihbTxVQpEMd54lMMELZk8CDGI4/meV14FKT2IcAExLEHMp2dWADNHGC7LEqB 7Dwbvd7qFz7S1CiyRTVx/xE4Q5uP94cFSzlxnsKEaxqyBCknQU2JVkUgUNgt7Ws/ivKh a4u27Jm2GiENW5H9lPhNqmdnHOXV32ZHHh1IetyIB/1TgM5v0ryBln3CCh7dsmkOSWTZ eAGw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@iogearbox.net header.s=default2302 header.b=QrqLdDWG; spf=pass (google.com: domain of linux-kernel+bounces-19763-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-19763-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=iogearbox.net Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id q30-20020a05620a025e00b0078319edcf7bsi3771398qkn.399.2024.01.08.07.27.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Jan 2024 07:27:54 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-19763-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@iogearbox.net header.s=default2302 header.b=QrqLdDWG; spf=pass (google.com: domain of linux-kernel+bounces-19763-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-19763-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=iogearbox.net Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id EB0D31C21CD5 for ; Mon, 8 Jan 2024 15:27:53 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 346B15100B; Mon, 8 Jan 2024 15:27:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=iogearbox.net header.i=@iogearbox.net header.b="QrqLdDWG" X-Original-To: linux-kernel@vger.kernel.org Received: from www62.your-server.de (www62.your-server.de [213.133.104.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0361851009; Mon, 8 Jan 2024 15:27:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=iogearbox.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=iogearbox.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=iogearbox.net; s=default2302; h=Content-Transfer-Encoding:Content-Type: In-Reply-To:MIME-Version:Date:Message-ID:From:References:Cc:To:Subject:Sender :Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID; bh=Y4MEnlTx9Dk7KhHjiCM2gMag4basiFzoRieMIdpOKxE=; b=QrqLdDWG7Q7E0dzOlgVvxbxZb6 EHH3y3oiJ9YGZbk017Ub+4VYY3qnPP92CQP92OOfFiT5svecZh4lU3KG57vxRr4xhC4ol3k5jihI8 NDLcTvTY3UK11v402IoiDuZMAdFypmTnlDVQoNcQH0ybI12CI/IttdgEAFmaEXwdj30eQN28QGSNL +di5CFS58Ewu/T+/wU0tJHB1Ud6kXca5WO6LQq+W+zMxW8AU3VLqaPvCEmaO5ggUECMYaCSePzbbw VBOxApC6Ajku2JLLVhlVLA+aZaiMWCd1SB3G+K4fDPqixBOW5+4IRdVOSCs4FlWmhVXTY1WTg6gPW XjFsSz6g==; Received: from sslproxy06.your-server.de ([78.46.172.3]) by www62.your-server.de with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1rMrXD-000Bvb-4m; Mon, 08 Jan 2024 16:27:27 +0100 Received: from [85.1.206.226] (helo=linux.home) by sslproxy06.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1rMrXC-0004Js-4Y; Mon, 08 Jan 2024 16:27:26 +0100 Subject: Re: [PATCH bpf-next v2] bpf: Return -ENOTSUPP if calls are not allowed in non-JITed programs To: Jiri Olsa , Tiezhu Yang Cc: Alexei Starovoitov , Andrii Nakryiko , Eduard Zingerman , bpf@vger.kernel.org, linux-kernel@vger.kernel.org References: <20240104130817.1221-1-yangtiezhu@loongson.cn> From: Daniel Borkmann Message-ID: <306f4ceb-0d25-d0a3-fc70-1141b6db06c8@iogearbox.net> Date: Mon, 8 Jan 2024 16:27:20 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Authenticated-Sender: daniel@iogearbox.net X-Virus-Scanned: Clear (ClamAV 0.103.10/27148/Mon Jan 8 10:40:14 2024) On 1/8/24 11:05 AM, Jiri Olsa wrote: > On Thu, Jan 04, 2024 at 09:08:17PM +0800, Tiezhu Yang wrote: >> If CONFIG_BPF_JIT_ALWAYS_ON is not set and bpf_jit_enable is 0, there >> exist 6 failed tests. >> >> [root@linux bpf]# echo 0 > /proc/sys/net/core/bpf_jit_enable >> [root@linux bpf]# echo 0 > /proc/sys/kernel/unprivileged_bpf_disabled >> [root@linux bpf]# ./test_verifier | grep FAIL >> #106/p inline simple bpf_loop call FAIL >> #107/p don't inline bpf_loop call, flags non-zero FAIL >> #108/p don't inline bpf_loop call, callback non-constant FAIL >> #109/p bpf_loop_inline and a dead func FAIL >> #110/p bpf_loop_inline stack locations for loop vars FAIL >> #111/p inline bpf_loop call in a big program FAIL >> Summary: 768 PASSED, 15 SKIPPED, 6 FAILED >> >> The test log shows that callbacks are not allowed in non-JITed programs, >> interpreter doesn't support them yet, thus these tests should be skipped >> if jit is disabled, just return -ENOTSUPP instead of -EINVAL for pseudo >> calls in fixup_call_args(). >> >> With this patch: >> >> [root@linux bpf]# echo 0 > /proc/sys/net/core/bpf_jit_enable >> [root@linux bpf]# echo 0 > /proc/sys/kernel/unprivileged_bpf_disabled >> [root@linux bpf]# ./test_verifier | grep FAIL >> Summary: 768 PASSED, 21 SKIPPED, 0 FAILED >> >> Additionally, as Eduard suggested, return -ENOTSUPP instead of -EINVAL >> for the other three places where "non-JITed" is used in error messages >> to keep consistent. >> >> Signed-off-by: Tiezhu Yang >> --- >> >> v2: >> -- rebase on the latest bpf-next tree. >> -- return -ENOTSUPP instead of -EINVAL for the other three places >> where "non-JITed" is used in error messages to keep consistent. >> -- update the patch subject and commit message. >> >> kernel/bpf/verifier.c | 8 ++++---- >> 1 file changed, 4 insertions(+), 4 deletions(-) >> >> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c >> index d5f4ff1eb235..99558a5186b2 100644 >> --- a/kernel/bpf/verifier.c >> +++ b/kernel/bpf/verifier.c >> @@ -8908,7 +8908,7 @@ static int check_map_func_compatibility(struct bpf_verifier_env *env, >> goto error; >> if (env->subprog_cnt > 1 && !allow_tail_call_in_subprogs(env)) { >> verbose(env, "tail_calls are not allowed in non-JITed programs with bpf-to-bpf calls\n"); >> - return -EINVAL; >> + return -ENOTSUPP; > > FWIW I agree with John review earlier [1], also there's chance (however small) > we could mess up with some app already checking on that +1, the ship on this has sailed unfortunately. Tiezhu, it would be good if you could update the selftest handling instead. > jirka > > [1] https://lore.kernel.org/bpf/6594a4c15a677_11e86208cd@john.notmuch/