Received: by 2002:ab2:788f:0:b0:1ee:8f2e:70ae with SMTP id b15csp6242lqi; Wed, 6 Mar 2024 08:34:32 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWgbnbfVqkLCiN+ii+3VIhWm+3tNK+LcVbY0iC2tHXk56itOMhgAQkcYxqmaFZvuvPvEGzYTt/7oCDfLl/sWTWfn6xlI3k1+5Lrw2baKw== X-Google-Smtp-Source: AGHT+IHFfOspxHQe5ZSwtUAy+LdFY7CERDPks6wqg8ysyZY4Aka1LETQjF+OGG2SidsQUuyNuH6A X-Received: by 2002:a05:6830:22f0:b0:6e4:8a2b:40e8 with SMTP id t16-20020a05683022f000b006e48a2b40e8mr5074982otc.32.1709742872434; Wed, 06 Mar 2024 08:34:32 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1709742872; cv=pass; d=google.com; s=arc-20160816; b=MiAuwTIp0eaW7ccxOGNEjWAT6tHnZrl3D0sRdcYLj6L9nmWeVw/P4fy26Jlf6D6UPp f21WDgoGPbadZPLQQkkM/WtM4wyranYUdGkIRVWGrpNJC2WmfEyxx1nPPArq/IP++Mfu PrLmOVCWerhrKMqH7XknrAlzISt0LCl4y+wtPxAAsxAURW3DYB559BTJE84egQwUbA1r +5mxdRmFQtQCHjl3Bq1nCZ/+Hpd7kBY0MzJf91lmLiweMTMPzyoq4+8H2yeFTTqsM1De eL+v5SHfmrVelPFsSVeFol1kYwgbvY2+F8m6k3yfkyuKI8G1QuhOs9ci6a0ye/HLF6FZ TM/A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:message-id:date:references :in-reply-to:subject:cc:to:from:dkim-signature; bh=TaEhq031QqCGQmhR4ll4QLirGu50xayjYtjL9NER4SU=; fh=+8rM+M7F/Al4QRRaWtrHp5G2vmnGjWpnIooL3JA0JJQ=; b=l4QhKpRJFpRGl+FP2inGnHn6Vn8rlRDGGt1BwS37EePhrLPvlfwJxdH+CF2zGZbbQP 4gtMFdDqUcjtoY7nOMU35n6jOyLY/TIZeXzU7MrHkldcH2cZYRslTa/UMNY5MvB5vt8w N7k4glq57GnRpExNkhg3Deac+hyjnHO+3HxGLOj98FhKONp7SNYLVFN/RpMS0QdPLENn VGatzcabxS6fx+i1NVyw/Lh+fqTT3+ixGyrsNPjidOKdc8IMkpnSFMX+rgcE3TBgQ3F0 YKZ2EXqis6xa1G11fIVNI/5I4KU7G7J/V8vtdWX7VRwZMUEtfPo9S53FVPR59QUhEPNv ReVA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=jPPGaky2; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-94274-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-94274-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id x13-20020a656aad000000b005cf60fc5fc9si11977247pgu.274.2024.03.06.08.34.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Mar 2024 08:34:32 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-94274-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=jPPGaky2; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-94274-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-94274-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 1AB9B288D10 for ; Wed, 6 Mar 2024 16:34:32 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 312B6137931; Wed, 6 Mar 2024 16:34:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="jPPGaky2" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 275408004B; Wed, 6 Mar 2024 16:34:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709742843; cv=none; b=i00xuSpJN5dPxhgCYNle8CO1Sly1Wr95pQi8cm7EdeTds7uP3azVk3nC6e+XXylBMfQaKiAATgitP68M0+Ykra0uEuY3Skq/0W27HoP8iVvV1mLr36FvjSX/1y2xnH630/hp4d5PxrN9sND3HLGFTfSug4EYXmqhbf835XFJjiw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1709742843; c=relaxed/simple; bh=lSioC8nIHSt521EN7dyaNqxSNUctylrm/ln7Fi3z/dw=; h=From:To:Cc:Subject:In-Reply-To:References:Date:Message-ID: MIME-Version:Content-Type; b=aoHqT1Lzg36w2UjButJq2OwFW5g7OMsCNc5QnbDE0gGGeD3iCYJzrg5DDrWoC0ltzwQTTHkROnDKuVJ3LtEDWvCKM0HOjEcuEQWptJMvZqEunfD8uBJ272/Dw5sMahuJ0jBxpHLbwUuL6Q6rCHLmktC/MJ9RxVlM0pnvDywY31g= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=jPPGaky2; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 23677C433F1; Wed, 6 Mar 2024 16:34:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1709742842; bh=lSioC8nIHSt521EN7dyaNqxSNUctylrm/ln7Fi3z/dw=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=jPPGaky2aij64SZE9iNaowJTd1tSwOuXvZNEmkKfdU7JEc0HQqyKDvmASpZYQG438 jyc4fkdggmiMALjplZcW5QOPkoVIisLb7idkYi+pittzum5w7VFSsMb/ANlYyDCmM7 qy417fLIJiwGZf8Zj0erri78oWnD50GI9gOHjw1VKTJGqcCXkYgTxrk3M1EMhfcFU5 8JoysPFsxSgJTqays8IfLr0CSTuqwQz7BDBPbwuIngbTBmvc3KrOziD4Jq7uWjoKVL JrzlqFWLSRIfFa3bxjb8yLSjz9DaJ0eAz4GqOqlPCPoD/D+mYMLKfNMia1TFLsFijB SFS90uX4yZBpg== From: =?utf-8?B?QmrDtnJuIFTDtnBlbA==?= To: Puranjay Mohan , Paul Walmsley , Palmer Dabbelt , Albert Ou , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Luke Nelson , Xi Wang , Sami Tolvanen , Peter Zijlstra , Kees Cook , linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Cc: puranjay12@gmail.com Subject: Re: [PATCH bpf-next 0/1] Support kCFI + BPF on riscv64 In-Reply-To: <20240303170207.82201-1-puranjay12@gmail.com> References: <20240303170207.82201-1-puranjay12@gmail.com> Date: Wed, 06 Mar 2024 17:33:59 +0100 Message-ID: <87jzmfb9qg.fsf@all.your.base.are.belong.to.us> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Puranjay Mohan writes: > With CONFIG_CFI_CLANG, the compiler injects a type preamble immediately > before each function and a check to validate the target function type > before indirect calls: > > ; type preamble > .word > function: > ... > ; indirect call check > lw t1, -4(a0) > lui t2, > addiw t2, t2, > beq t1, t2, .Ltmp0 > ebreak > .Ltmp0: > jarl a0 > > BPF JIT currently doesn't emit this preamble before BPF programs and when > the calling fuction tries to load the type id from the preamble, it finds > an invalid value there. > > This will cause CFI failures like in the following bpf selftest: > > root@rv-selftester:~/bpf# ./test_progs -a "rbtree_success" > > CFI failure at bpf_rbtree_add_impl+0x148/0x350 (target: bpf_prog_fb8b097= ab47d164a_less+0x0/0x42; expected type: 0x00000000) > WARNING: CPU: 1 PID: 278 at bpf_rbtree_add_impl+0x148/0x350 > Modules linked in: bpf_testmod(OE) drm fuse dm_mod backlight i2c_core co= nfigfs drm_panel_orientation_quirks ip_tables x_tables > CPU: 1 PID: 278 Comm: test_progs Tainted: P OE 6.8.0-rc1 = #1 > Hardware name: riscv-virtio,qemu (DT) > epc : bpf_rbtree_add_impl+0x148/0x350 > ra : bpf_prog_27b36e47d273751e_rbtree_first_and_remove+0x1aa/0x35e > epc : ffffffff805acc0c ra : ffffffff780077fa sp : ff2000000110b9d0 > gp : ffffffff868d6218 tp : ff60000085772a40 t0 : ffffffff86849660 > t1 : 0000000000000000 t2 : ffffffff9e4709a9 s0 : ff2000000110ba50 > s1 : ff60000089c14958 a0 : ff60000089c14758 a1 : ff60000089c14958 > a2 : 0000000000000000 a3 : 0000000000000000 a4 : 0000000000000000 > a5 : 0000000000000000 a6 : ff6000008aba4b30 a7 : ffffffff86849640 > s2 : ff6000008aba4b30 s3 : ff60000089c14758 s4 : ffffffff780079f0 > s5 : 0000000000000000 s6 : ffffffff84c01080 s7 : ff6000008aba4b30 > s8 : 0000000000000000 s9 : 0000000000000000 s10: 0000000000000001 > s11: 0000000000000000 t3 : ffffffff868499e0 t4 : ffffffff868499c0 > t5 : ffffffff86849840 t6 : ffffffff86849860 > status: 0000000200000100 badaddr: 0000000000000000 cause: 00000000000000= 03 > [] bpf_rbtree_add_impl+0x148/0x350 > [] bpf_prog_27b36e47d273751e_rbtree_first_and_remove+0= x1aa/0x35e > [] bpf_test_run+0x2a4/0xa3c > [] bpf_prog_test_run_skb+0x47a/0xe52 > [] bpf_prog_test_run+0x170/0x548 > [] __sys_bpf+0x2d2/0x378 > [] __riscv_sys_bpf+0x5c/0x120 > [] syscall_handler+0x62/0xe4 > [] do_trap_ecall_u+0xc6/0x27c > [] ret_from_exception+0x0/0x64 > ---[ end trace 0000000000000000 ]--- > > The calling function tries to load the type id hash from target_func - 4. > If this memory address is not mapped then it can cause a page fault and > crash the kernel. > > This behaviour can be seen by running the 'dummy_st_ops' selftest: > > root@rv-selftester:~/bpf# ./test_progs -a dummy_st_ops > > Unable to handle kernel paging request at virtual address ffffffff78204f= fc > Oops [#1] > Modules linked in: bpf_testmod(OE) drm fuse backlight i2c_core drm_panel= _orientation_quirks dm_mod configfs ip_tables x_tables [last unloaded: bpf_= testmod(OE)] > CPU: 3 PID: 356 Comm: test_progs Tainted: P OE 6.8.0-rc1 = #1 > Hardware name: riscv-virtio,qemu (DT) > epc : bpf_struct_ops_test_run+0x28c/0x5fc > ra : bpf_struct_ops_test_run+0x26c/0x5fc > epc : ffffffff82958010 ra : ffffffff82957ff0 sp : ff200000007abc80 > gp : ffffffff868d6218 tp : ff6000008d87b840 t0 : 000000000000000f > t1 : 0000000000000000 t2 : 000000002005793e s0 : ff200000007abcf0 > s1 : ff6000008a90fee0 a0 : 0000000000000000 a1 : 0000000000000000 > a2 : 0000000000000000 a3 : 0000000000000000 a4 : 0000000000000000 > a5 : ffffffff868dba26 a6 : 0000000000000001 a7 : 0000000052464e43 > s2 : 00007ffffc0a95f0 s3 : ff6000008a90fe80 s4 : ff60000084c24c00 > s5 : ffffffff78205000 s6 : ff60000088750648 s7 : ff20000000035008 > s8 : fffffffffffffff4 s9 : ffffffff86200610 s10: 0000000000000000 > s11: 0000000000000000 t3 : ffffffff8483dc30 t4 : ffffffff8483dc10 > t5 : ffffffff8483dbf0 t6 : ffffffff8483dbd0 > status: 0000000200000120 badaddr: ffffffff78204ffc cause: 00000000000000= 0d > [] bpf_struct_ops_test_run+0x28c/0x5fc > [] bpf_prog_test_run+0x170/0x548 > [] __sys_bpf+0x2d2/0x378 > [] __riscv_sys_bpf+0x5c/0x120 > [] syscall_handler+0x62/0xe4 > [] do_trap_ecall_u+0xc6/0x27c > [] ret_from_exception+0x0/0x64 > Code: b603 0109 b683 0189 b703 0209 8493 0609 157d 8d65 (a303) ffca > ---[ end trace 0000000000000000 ]--- > Kernel panic - not syncing: Fatal exception > SMP: stopping secondary CPUs > > This patch improves the BPF JIT for the riscv64 architecture to emit kCFI > type id before BPF programs and struct ops trampolines. > > After applying this patch, the above two selftests pass without any issue= s. > > root@rv-selftester:~/bpf# ./test_progs -a "rbtree_success,dummy_st_ops" > #70/1 dummy_st_ops/dummy_st_ops_attach:OK > #70/2 dummy_st_ops/dummy_init_ret_value:OK > #70/3 dummy_st_ops/dummy_init_ptr_arg:OK > #70/4 dummy_st_ops/dummy_multiple_args:OK > #70/5 dummy_st_ops/dummy_sleepable:OK > #70/6 dummy_st_ops/test_unsupported_field_sleepable:OK > #70 dummy_st_ops:OK > #189/1 rbtree_success/rbtree_add_nodes:OK > #189/2 rbtree_success/rbtree_add_and_remove:OK > #189/3 rbtree_success/rbtree_first_and_remove:OK > #189/4 rbtree_success/rbtree_api_release_aliasing:OK > #189 rbtree_success:OK > Summary: 2/10 PASSED, 0 SKIPPED, 0 FAILED > > root@rv-selftester:~/bpf# zcat /proc/config.gz | grep CONFIG_CFI_CLANG > CONFIG_CFI_CLANG=3Dy Apologies for the slow review. Nice work! Acked-by: Bj=C3=B6rn T=C3=B6pel