Received: by 2002:ab2:6203:0:b0:1f5:f2ab:c469 with SMTP id o3csp837832lqt; Fri, 19 Apr 2024 11:52:47 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCV7e+ck8mHYusaAJe2ZS5jBkRIlG8leudNidF7h2PvAjgPmApNIgYnD88b2BoXusC6TlWBDtrkq8pF7BNrwsZkEw9X/k2D12yXFKd0zmA== X-Google-Smtp-Source: AGHT+IEBjAVn4jtUtx3sFZikw6GmCMRYuhPQTHIrQdHuX9cWP3yugjwZY460/gKlLSrXrdJLZXCs X-Received: by 2002:a05:6402:2789:b0:571:d648:ec18 with SMTP id b9-20020a056402278900b00571d648ec18mr1793355ede.29.1713552766747; Fri, 19 Apr 2024 11:52:46 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713552766; cv=pass; d=google.com; s=arc-20160816; b=cGcMivBTbkWciu1VO2pZfBcZYNGYLCjo4SrdXWsW/ZQk0bdxsPr39srPJo8ajWxCzI 8np8E7Uavimydbp2BhLRtamhlrASXMvpYJP9SgHo5/2xVr2rmrXBQTacgF1faw2eK2o1 9GHEKWi871lYXPQlsvIDPFAvDQYz3XDGLyIdObGSASoNWvbJkc6d+Q/5gHQ4K5YbPUpH vEYQ7ZohE+6Ytq/6jjE4HjtQ5r6hBuM19C2xA7FoYHLPnT4f+tmzlUcy4EwgFQCBAVQN 2jcepmBbCj6sDZNkyJOgpZJZHdX4L5WCdTFIzKT0j78mycNXDYuYf+yOptDQdC2/YlwI djYw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=mime-version:list-unsubscribe:list-subscribe:list-id:precedence :message-id:date:references:in-reply-to:subject:cc:to:from :dkim-signature; bh=Si8LT6fdmBHyplBnXHKI0UL1y1At0X6uBdJWInNMFSA=; fh=dOGvO6sW1DFulAw6YxXlpI8jHad+mWo7St7I7i6Wh1w=; b=UyTRCeFK+8UgK9/NdjkXfc/PgZZ+acOxvhtYAYoBvlf8UIFmZenp+zZJJ9XEBA+6AO iilFc/1qRx6doZOblR0UFEmqBkItmbYIYVpSS/5h8J0khR3bwJ7SM4bjlrQDqOhE2cOO SLW3L1eDEnuWegvrQZ0noQ6sf+buR5sJaT2N+Nls2dic8hMi3cXxw5cHPxAo/MUWh0pd p1+y8qX3oJB8vTUhQ6ScNo4L3ym/H/QbbP9oJszMpJkBx1IMlWdYdILcuhlK6IsZY4ST SAxraAJ1cWGq/v5+Gds4I7XMqq8ZjUoB2jNF4hCzvoTchqp+MymMvDaZQ6+dvYiUJWeQ 8CEw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=akeL0E3X; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-151886-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-151886-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id dh4-20020a0564021d2400b0056e85fbf638si2488690edb.437.2024.04.19.11.52.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Apr 2024 11:52:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-151886-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=akeL0E3X; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-151886-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-151886-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id BB7C81F21848 for ; Fri, 19 Apr 2024 18:52:44 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id C853813118B; Fri, 19 Apr 2024 18:52:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="akeL0E3X" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DFB5B22071; Fri, 19 Apr 2024 18:52:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713552756; cv=none; b=ID8eiULdu1zgAW1tudj2YOgTfuTLI7GiGTJpccsW2fevaZWecxKgPzGNwwXstsla+L02QuhET5CC9yFXsUXeDM+Huj6EqZ7MpKT02+1jfoOvARNp7c9+ePeEXUmY6pdGGx8K548JrZJsmrLC9LnZ2YiyORSG8aDoBsRdQyqUIoI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713552756; c=relaxed/simple; bh=rdVZSny6BIgCS3vGo8EaqhW6D/kyD4McSwc8Nifxnd0=; h=From:To:Cc:Subject:In-Reply-To:References:Date:Message-ID: MIME-Version:Content-Type; b=nOVnwnsmiySHnFiR9xG5vxUKwuwmMwEpY8Y0xD6jxZfCa1hjC8RbMBzWyWnS0H2QL/afeTJn4IelO/hC2Uv/OfJ8xVJij6WexUZDSBEuGesUVIP8PgklsXnirdLF4/IV/itYm5zI4KzNXfUfFMtYGpDtGUcBcZAh74H9bxjl0yA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=akeL0E3X; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 13B00C072AA; Fri, 19 Apr 2024 18:52:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1713552755; bh=rdVZSny6BIgCS3vGo8EaqhW6D/kyD4McSwc8Nifxnd0=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=akeL0E3X9MKdKb+NkeF9gFpoDwSm//+rx16chpD3E/IS0lg7e/DFyQwF7g3koWXgY ea5+YLs3SiTjgyBkLUsAV4PD92t7ITrGIrCkF1KX5rp0pQnpMqpDVjb95RRQOha0DN Kds9i+BNWrkRJ7gkLxnq19/EhsP6uiTjBDpGijaZ2ZL3LADYooJIq8bkwDD3RfE75m wHmksuPbEMqD1egfznJJ2vicDv7B+B6sDxH3+F2EjPG3UA3qmbModEKHqNblCnXf5F /0CfdCM3DIar2gHArNU0zkKg5KAh0/ld6pmX1SsGiKXjuh3M5npmuoLmeBUOufu64l DHjKDFXW+FUZw== From: Puranjay Mohan To: "Russell King (Oracle)" Cc: Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , bpf@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH bpf] arm32, bpf: Fix sign-extension mov instruction In-Reply-To: References: <20240409095038.26356-1-puranjay@kernel.org> Date: Fri, 19 Apr 2024 18:52:31 +0000 Message-ID: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain "Russell King (Oracle)" writes: > On Tue, Apr 09, 2024 at 09:50:38AM +0000, Puranjay Mohan wrote: >> The current implementation of the mov instruction with sign extension >> clobbers the source register because it sign extends the source and then >> moves it to the destination. >> >> Fix this by moving the src to a temporary register before doing the sign >> extension only if src is not an emulated register (on the scratch stack). >> >> Also fix the emit_a32_movsx_r64() to put the register back on scratch >> stack if that register is emulated on stack. > > It would be good to include in the commit message an example or two of > the resulting assembly code so that it's clear what the expected > generation is. Instead, I'm going to have to work it out myself, but > I'm quite sure this is information you already have. > >> Fixes: fc832653fa0d ("arm32, bpf: add support for sign-extension mov instruction") >> Reported-by: syzbot+186522670e6722692d86@syzkaller.appspotmail.com >> Closes: https://lore.kernel.org/all/000000000000e9a8d80615163f2a@google.com/ >> Signed-off-by: Puranjay Mohan >> --- >> arch/arm/net/bpf_jit_32.c | 11 +++++++++-- >> 1 file changed, 9 insertions(+), 2 deletions(-) >> >> diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c >> index 1d672457d02f..8fde6ab66cb4 100644 >> --- a/arch/arm/net/bpf_jit_32.c >> +++ b/arch/arm/net/bpf_jit_32.c >> @@ -878,6 +878,13 @@ static inline void emit_a32_mov_r(const s8 dst, const s8 src, const u8 off, >> >> rt = arm_bpf_get_reg32(src, tmp[0], ctx); >> if (off && off != 32) { >> + /* If rt is not a stacked register, move it to tmp, so it doesn't get clobbered by >> + * the shift operations. >> + */ >> + if (rt == src) { >> + emit(ARM_MOV_R(tmp[0], rt), ctx); >> + rt = tmp[0]; >> + } > > This change is adding inefficiency, don't we want to have the JIT > creating as efficient code as possible within the bounds of > reasonableness? > >> emit(ARM_LSL_I(rt, rt, 32 - off), ctx); >> emit(ARM_ASR_I(rt, rt, 32 - off), ctx); > > LSL and ASR can very easily take a different source register to the > destination register. All this needs to be is: > > emit(ARM_LSL_I(tmp[0], rt, 32 - off), ctx); > emit(ARM_ASR_I(tmp[0], tmp[0], 32 - off), ctx); > rt = tmp[0]; > > This will generate: > > lsl tmp[0], src, #32-off > asr tmp[0], tmp[0], #32-off > > and then the store to the output register will occur. > > What about the high-32 bits of the register pair - should that be > taking any value? > >> } > > I notice in passing that the comments are out of sync with the > code - please update the comments along with code changes. > >> @@ -919,15 +926,15 @@ static inline void emit_a32_movsx_r64(const bool is64, const u8 off, const s8 ds >> const s8 *tmp = bpf2a32[TMP_REG_1]; >> const s8 *rt; >> >> - rt = arm_bpf_get_reg64(dst, tmp, ctx); >> - >> emit_a32_mov_r(dst_lo, src_lo, off, ctx); >> if (!is64) { >> if (!ctx->prog->aux->verifier_zext) >> /* Zero out high 4 bytes */ >> emit_a32_mov_i(dst_hi, 0, ctx); >> } else { >> + rt = arm_bpf_get_reg64(dst, tmp, ctx); >> emit(ARM_ASR_I(rt[0], rt[1], 31), ctx); >> + arm_bpf_put_reg64(dst, rt, ctx); >> } >> } > > Why oh why oh why are we emitting code to read the source register > (which may be a load), then write it to the destination (which may > be a store) to only then immediately reload from the destination > to then do the sign extension? This is madness. > > Please... apply some thought to the code generation from the JIT... > or I will remove you from being a maintainer of this code. I spent > time crafting some parts of the JIT to generate efficient code and > I'm seeing that a lot of that work is now being thrown away by > someone who seemingly doesn't care about generating "good" code. > Sorry for this, I also like to make sure the JITs are as efficient as possible. I was too focused on fixing this as fast as possible and didn't pay attention that day. I have reimplemented the whole thing again to make sure all bugs are fixed. The commit message has the generated assembly for all cases: https://lore.kernel.org/all/20240419182832.27707-1-puranjay@kernel.org/ Thanks, Puranjay