Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1eb4169c authored by David S. Miller's avatar David S. Miller
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf 



Alexei Starovoitov says:

====================
pull-request: bpf 2019-06-15

The following pull-request contains BPF updates for your *net* tree.

The main changes are:

1) fix stack layout of JITed x64 bpf code, from Alexei.

2) fix out of bounds memory access in bpf_sk_storage, from Arthur.

3) fix lpm trie walk, from Jonathan.

4) fix nested bpf_perf_event_output, from Matt.

5) and several other fixes.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 5db2e7c7 9594dc3c

arch/powerpc/include/asm/ppc-opcode.h

+1 −0
Original line number Diff line number Diff line
@@ -338,6 +338,7 @@ 
#define PPC_INST_MADDLD			0x10000033

#define PPC_INST_DIVWU			0x7c000396

#define PPC_INST_DIVD			0x7c0003d2

#define PPC_INST_DIVDU			0x7c000392

#define PPC_INST_RLWINM			0x54000000

#define PPC_INST_RLWINM_DOT		0x54000001

#define PPC_INST_RLWIMI			0x50000000

arch/powerpc/net/bpf_jit.h

+1 −1
Original line number Diff line number Diff line
@@ -116,7 +116,7 @@ 
				     ___PPC_RA(a) | IMM_L(i))

#define PPC_DIVWU(d, a, b)	EMIT(PPC_INST_DIVWU | ___PPC_RT(d) |	      \

				     ___PPC_RA(a) | ___PPC_RB(b))

#define PPC_DIVD(d, a, b)	EMIT(PPC_INST_DIVD | ___PPC_RT(d) |	      \

#define PPC_DIVDU(d, a, b)	EMIT(PPC_INST_DIVDU | ___PPC_RT(d) |	      \

				     ___PPC_RA(a) | ___PPC_RB(b))

#define PPC_AND(d, a, b)	EMIT(PPC_INST_AND | ___PPC_RA(d) |	      \

				     ___PPC_RS(a) | ___PPC_RB(b))

arch/powerpc/net/bpf_jit_comp64.c

+4 −4
Original line number Diff line number Diff line
@@ -399,12 +399,12 @@ static int bpf_jit_build_body(struct bpf_prog *fp, u32 *image, 
		case BPF_ALU64 | BPF_DIV | BPF_X: /* dst /= src */

		case BPF_ALU64 | BPF_MOD | BPF_X: /* dst %= src */

			if (BPF_OP(code) == BPF_MOD) {

				PPC_DIVD(b2p[TMP_REG_1], dst_reg, src_reg);

				PPC_DIVDU(b2p[TMP_REG_1], dst_reg, src_reg);

				PPC_MULD(b2p[TMP_REG_1], src_reg,

						b2p[TMP_REG_1]);

				PPC_SUB(dst_reg, dst_reg, b2p[TMP_REG_1]);

			} else

				PPC_DIVD(dst_reg, dst_reg, src_reg);

				PPC_DIVDU(dst_reg, dst_reg, src_reg);

			break;

		case BPF_ALU | BPF_MOD | BPF_K: /* (u32) dst %= (u32) imm */

		case BPF_ALU | BPF_DIV | BPF_K: /* (u32) dst /= (u32) imm */
@@ -432,7 +432,7 @@ static int bpf_jit_build_body(struct bpf_prog *fp, u32 *image, 
				break;

			case BPF_ALU64:

				if (BPF_OP(code) == BPF_MOD) {

					PPC_DIVD(b2p[TMP_REG_2], dst_reg,

					PPC_DIVDU(b2p[TMP_REG_2], dst_reg,

							b2p[TMP_REG_1]);

					PPC_MULD(b2p[TMP_REG_1],

							b2p[TMP_REG_1],
@@ -440,7 +440,7 @@ static int bpf_jit_build_body(struct bpf_prog *fp, u32 *image, 
					PPC_SUB(dst_reg, dst_reg,

							b2p[TMP_REG_1]);

				} else

					PPC_DIVD(dst_reg, dst_reg,

					PPC_DIVDU(dst_reg, dst_reg,

							b2p[TMP_REG_1]);

				break;

			}

arch/x86/net/bpf_jit_comp.c

+21 −53
Original line number Diff line number Diff line
@@ -190,9 +190,7 @@ struct jit_context { 
#define BPF_MAX_INSN_SIZE	128

#define BPF_INSN_SAFETY		64



#define AUX_STACK_SPACE		40 /* Space for RBX, R13, R14, R15, tailcnt */



#define PROLOGUE_SIZE		37

#define PROLOGUE_SIZE		20



/*

 * Emit x86-64 prologue code for BPF program and check its size.
@@ -203,44 +201,19 @@ static void emit_prologue(u8 **pprog, u32 stack_depth, bool ebpf_from_cbpf) 
	u8 *prog = *pprog;

	int cnt = 0;



	/* push rbp */

	EMIT1(0x55);



	/* mov rbp,rsp */

	EMIT3(0x48, 0x89, 0xE5);



	/* sub rsp, rounded_stack_depth + AUX_STACK_SPACE */

	EMIT3_off32(0x48, 0x81, 0xEC,

		    round_up(stack_depth, 8) + AUX_STACK_SPACE);



	/* sub rbp, AUX_STACK_SPACE */

	EMIT4(0x48, 0x83, 0xED, AUX_STACK_SPACE);



	/* mov qword ptr [rbp+0],rbx */

	EMIT4(0x48, 0x89, 0x5D, 0);

	/* mov qword ptr [rbp+8],r13 */

	EMIT4(0x4C, 0x89, 0x6D, 8);

	/* mov qword ptr [rbp+16],r14 */

	EMIT4(0x4C, 0x89, 0x75, 16);

	/* mov qword ptr [rbp+24],r15 */

	EMIT4(0x4C, 0x89, 0x7D, 24);



	EMIT1(0x55);             /* push rbp */

	EMIT3(0x48, 0x89, 0xE5); /* mov rbp, rsp */

	/* sub rsp, rounded_stack_depth */

	EMIT3_off32(0x48, 0x81, 0xEC, round_up(stack_depth, 8));

	EMIT1(0x53);             /* push rbx */

	EMIT2(0x41, 0x55);       /* push r13 */

	EMIT2(0x41, 0x56);       /* push r14 */

	EMIT2(0x41, 0x57);       /* push r15 */

	if (!ebpf_from_cbpf) {

		/*

		 * Clear the tail call counter (tail_call_cnt): for eBPF tail

		 * calls we need to reset the counter to 0. It's done in two

		 * instructions, resetting RAX register to 0, and moving it

		 * to the counter location.

		 */



		/* xor eax, eax */

		EMIT2(0x31, 0xc0);

		/* mov qword ptr [rbp+32], rax */

		EMIT4(0x48, 0x89, 0x45, 32);



		/* zero init tail_call_cnt */

		EMIT2(0x6a, 0x00);

		BUILD_BUG_ON(cnt != PROLOGUE_SIZE);

	}



	*pprog = prog;

}
@@ -285,13 +258,13 @@ static void emit_bpf_tail_call(u8 **pprog) 
	 * if (tail_call_cnt > MAX_TAIL_CALL_CNT)

	 *	goto out;

	 */

	EMIT2_off32(0x8B, 0x85, 36);              /* mov eax, dword ptr [rbp + 36] */

	EMIT2_off32(0x8B, 0x85, -36 - MAX_BPF_STACK); /* mov eax, dword ptr [rbp - 548] */

	EMIT3(0x83, 0xF8, MAX_TAIL_CALL_CNT);     /* cmp eax, MAX_TAIL_CALL_CNT */

#define OFFSET2 (30 + RETPOLINE_RAX_BPF_JIT_SIZE)

	EMIT2(X86_JA, OFFSET2);                   /* ja out */

	label2 = cnt;

	EMIT3(0x83, 0xC0, 0x01);                  /* add eax, 1 */

	EMIT2_off32(0x89, 0x85, 36);              /* mov dword ptr [rbp + 36], eax */

	EMIT2_off32(0x89, 0x85, -36 - MAX_BPF_STACK); /* mov dword ptr [rbp -548], eax */



	/* prog = array->ptrs[index]; */

	EMIT4_off32(0x48, 0x8B, 0x84, 0xD6,       /* mov rax, [rsi + rdx * 8 + offsetof(...)] */
@@ -1040,17 +1013,12 @@ xadd: if (is_imm8(insn->off)) 
			seen_exit = true;

			/* Update cleanup_addr */

			ctx->cleanup_addr = proglen;

			/* mov rbx, qword ptr [rbp+0] */

			EMIT4(0x48, 0x8B, 0x5D, 0);

			/* mov r13, qword ptr [rbp+8] */

			EMIT4(0x4C, 0x8B, 0x6D, 8);

			/* mov r14, qword ptr [rbp+16] */

			EMIT4(0x4C, 0x8B, 0x75, 16);

			/* mov r15, qword ptr [rbp+24] */

			EMIT4(0x4C, 0x8B, 0x7D, 24);



			/* add rbp, AUX_STACK_SPACE */

			EMIT4(0x48, 0x83, 0xC5, AUX_STACK_SPACE);

			if (!bpf_prog_was_classic(bpf_prog))

				EMIT1(0x5B); /* get rid of tail_call_cnt */

			EMIT2(0x41, 0x5F);   /* pop r15 */

			EMIT2(0x41, 0x5E);   /* pop r14 */

			EMIT2(0x41, 0x5D);   /* pop r13 */

			EMIT1(0x5B);         /* pop rbx */

			EMIT1(0xC9);         /* leave */

			EMIT1(0xC3);         /* ret */

			break;

include/uapi/linux/bpf.h

+2 −2
Original line number Diff line number Diff line
@@ -3378,8 +3378,8 @@ struct bpf_raw_tracepoint_args { 
/* DIRECT:  Skip the FIB rules and go to FIB table associated with device

 * OUTPUT:  Do lookup from egress perspective; default is ingress

 */

#define BPF_FIB_LOOKUP_DIRECT  BIT(0)

#define BPF_FIB_LOOKUP_OUTPUT  BIT(1)

#define BPF_FIB_LOOKUP_DIRECT  (1U << 0)

#define BPF_FIB_LOOKUP_OUTPUT  (1U << 1)



enum {

	BPF_FIB_LKUP_RET_SUCCESS,      /* lookup successful */