From nobody Sat Feb 7 11:31:57 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3DBA231A89 for ; Fri, 7 Feb 2025 02:05:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738893918; cv=none; b=YUzSrnvblXaSgoG1DIdGjp5TeWYt86nD7IlnnKW66cpBIdsBdr3EqAm6oS9lPG+c3EzBxmbS+0UszovvT8Nc4hoAaS/sGjA6oRFMGPDP+y+krCTzW5q1h/KrSabxCRDsefqphZMJ4S9qvR0dn13TGl/oK2eSX8/JfO8hVk0n/Zs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738893918; c=relaxed/simple; bh=TIfBRiH6F4YKJqYlgZA1bOplpqfPiE9Bs2JBr1LCue8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=kS7gx04gXuMBjvA7peAqXGqui0LzkINRz386l901GccFWkeZTvZe16fgNouLXoOT5U42DkBqvMYDaU6qNNhHdxcVHfAH2IQw9j2iiEwdRqnNaZA4NoIbviXcyzlW2L7PdXGmXOsruJGAraTIAWT95JEnJlVTZGsq44TcOlJymyk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--yepeilin.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=jCD9JC71; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--yepeilin.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="jCD9JC71" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2f9f2bf2aaeso3263745a91.1 for ; Thu, 06 Feb 2025 18:05:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1738893916; x=1739498716; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=eQntqM+rLZWQ3ApAwlHMCjvEA5GNUgj+7EI4yYRHGrA=; b=jCD9JC71bY3Ad5YCcq7cvV59RG+8xOaKuPXo8/ZEIvcWZa+dbxM6r3wWxpKLIpwEtU 9bHA5BLkJJvsw8NlRJGB/LDV0uHFkSl9RDVLVUCfVdLZa0/htzFyc3p/0OKwMfwwOZl5 KXFs/9iwsEG9fGSnGaO4DPJJSZ1NW7avsUAgHG/m22mrRDwvZsRjearzvWZy1NCCc6SI Nyx3jR/Hf5McGpGkkXmqijndJmLzv6cePly5rzMdnOWNAz7nm6dz6YstP5ePsRsDQoOf e3TNB+7uUs3bijloxOziOF+6t9Q7nTTqWSJQVITpm1NgKWq8X2XD/kyI90xvlrRb6dpl VLwA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738893916; x=1739498716; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=eQntqM+rLZWQ3ApAwlHMCjvEA5GNUgj+7EI4yYRHGrA=; b=HAKmywbdYKKLEWVj1x7jeTKI3Mcwwci5qIY8eozxYah48quWDM9munO3Ywcp80jVxK Jp5zP2a+/Yhcri0dWkTzKJhR4B7oJV25L+iMfj5eDVk4ePHQJi7uymoYTvQGNeNIG30U H9lXZ0qllldv/ix5YOiQ/sqCcPo9YT2p8yF4zQVEsED184bBuOnpYrrXlV3AmVo3bxNv 2QnmEeyFL8AZ4z1pBmWqpCpkiZplKBGulxhFnHLPJGGK5QVn7b1AXwfQ94mFoBe9cke0 IsRvw1RF3tY4HhBW+Oc7tDd3QmAjcSzgJmhqu9fSf5JiEyKSi1vqx1qPOgyfBDOD7xS/ hg+g== X-Forwarded-Encrypted: i=1; AJvYcCWablUDHVk/KGqptYb84rEPoH5+4p3AhsFKFePT5VdFQ+IKZyjjfSn5oCPfY2V3wMIDf3fJxk2+8rmmHsk=@vger.kernel.org X-Gm-Message-State: AOJu0YxlZL5+1/0lCrH3RBnfShhtHZJRspkScp73FksflkZ+CQNbuzzO X41lwPnjf10HVKzJmBjAzyWUu4mrQ9n4DN+vK8aXRpWNkxmmTZ7PvDGrI1Y5xbSwomalp+dz9B8 KSNhpkHGuqQ== X-Google-Smtp-Source: AGHT+IG8RnoKYzqmdlNq/GNWt0Bfp60toUuFc3O205+7HMgGDaEyEjHnEEWL3iMa82zSQ8qscCoeONeApNS1Lw== X-Received: from pjg15.prod.google.com ([2002:a17:90b:3f4f:b0:2fa:1fac:2695]) (user=yepeilin job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:4cd1:b0:2fa:157e:c78e with SMTP id 98e67ed59e1d1-2fa23f5ebb1mr2348726a91.7.1738893916574; Thu, 06 Feb 2025 18:05:16 -0800 (PST) Date: Fri, 7 Feb 2025 02:05:13 +0000 In-Reply-To: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: X-Mailer: git-send-email 2.48.1.502.g6dc24dfdaf-goog Message-ID: <56a8a44753b6e12abcb61163ba97159615ca8114.1738888641.git.yepeilin@google.com> Subject: [PATCH bpf-next v2 1/9] bpf/verifier: Factor out atomic_ptr_type_ok() From: Peilin Ye To: bpf@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Peilin Ye , bpf@ietf.org, Xu Kuohai , Eduard Zingerman , David Vernet , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Jonathan Corbet , "Paul E. McKenney" , Puranjay Mohan , Ilya Leoshkevich , Heiko Carstens , Vasily Gorbik , Catalin Marinas , Will Deacon , Quentin Monnet , Mykola Lysenko , Shuah Khan , Ihor Solodrai , Yingchi Long , Josh Don , Barret Rhoden , Neel Natu , Benjamin Segall , linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Factor out atomic_ptr_type_ok() as a helper function to be used later. Signed-off-by: Peilin Ye --- kernel/bpf/verifier.c | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 9971c03adfd5..0935b72fe716 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -6116,6 +6116,26 @@ static bool is_arena_reg(struct bpf_verifier_env *en= v, int regno) return reg->type =3D=3D PTR_TO_ARENA; } =20 +/* Return false if @regno contains a pointer whose type isn't supported for + * atomic instruction @insn. + */ +static bool atomic_ptr_type_ok(struct bpf_verifier_env *env, int regno, + struct bpf_insn *insn) +{ + if (is_ctx_reg(env, regno)) + return false; + if (is_pkt_reg(env, regno)) + return false; + if (is_flow_key_reg(env, regno)) + return false; + if (is_sk_reg(env, regno)) + return false; + if (is_arena_reg(env, regno)) + return bpf_jit_supports_insn(insn, true); + + return true; +} + static u32 *reg2btf_ids[__BPF_REG_TYPE_MAX] =3D { #ifdef CONFIG_NET [PTR_TO_SOCKET] =3D &btf_sock_ids[BTF_SOCK_TYPE_SOCK], @@ -7572,11 +7592,7 @@ static int check_atomic(struct bpf_verifier_env *env= , int insn_idx, struct bpf_i return -EACCES; } =20 - if (is_ctx_reg(env, insn->dst_reg) || - is_pkt_reg(env, insn->dst_reg) || - is_flow_key_reg(env, insn->dst_reg) || - is_sk_reg(env, insn->dst_reg) || - (is_arena_reg(env, insn->dst_reg) && !bpf_jit_supports_insn(insn, tru= e))) { + if (!atomic_ptr_type_ok(env, insn->dst_reg, insn)) { verbose(env, "BPF_ATOMIC stores into R%d %s is not allowed\n", insn->dst_reg, reg_type_str(env, reg_state(env, insn->dst_reg)->type)); --=20 2.48.1.502.g6dc24dfdaf-goog From nobody Sat Feb 7 11:31:57 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 381F42940B for ; Fri, 7 Feb 2025 02:05:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738893932; cv=none; b=gQmPfPZVLFUlrzemRk/OCEpHpZz5VImvcAcE/wHYCPiOOrDwnDd5XcSuAqYbjb/nnnWzLchxQwEShfk1gKE3rPjbeL6pLqiLPj1iBwA76uqY/mG6adrYaM9min0e1I9gQTHb6SDEDkWJqKXev9vok3ApVpB3POetiEZPvW/uYMk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738893932; c=relaxed/simple; bh=6gJQBoMJvd11kabG0mAvazNwvvNUp+qYDK9d+B95w4A=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=sJ8oFkP45KYdj6NeU72QIeyqEoiArHbIQyWCy5iMgBQeaTtfuyUDy6Exvs0lk12roYzMtiFTiSfEtvHTCM69DIprPpPwdeJd0AtGHYZai6kzvUPqT0YdaKYJh0z9Nl5vCcLE9r+iNdEMBBbHnOyAp5hPnyFDDe062VD+Zw3CiEs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--yepeilin.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=jnPPLqHO; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--yepeilin.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="jnPPLqHO" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2f9f2bf2aaeso3264142a91.1 for ; Thu, 06 Feb 2025 18:05:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1738893930; x=1739498730; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=rnyfeyX5KsaoejFCT4Pvz88fBme+Wvr3R6AqYNdoRSY=; b=jnPPLqHOLKGxsXCbQSKdHMada4V6RsENu4S9ge19PEmTp0HQZX1FL5QsZxJOcvvr+O 8TCZsCQJDyPBXXx9cRr6m4TKRbEAAW9oLiH3ciysEaLkwbmediXJxoygVhZYn76pMOm9 shq73/nEQRRdFtSKhgVb2BxrXnu1vxM2f5uC8IEgk8+QE/XcpdsO6+kQxtlId7r5blX4 2WMk219NdbDkNNB7f2O1TdjryEdRUczvnmG7qykg3jmpptdq50syZ11hyRRbJJq2Qsjv Q2MCqc2FLlypqiMAFNjJCS1ZXRBq4mqSxek94a7DL3yjFFfgjEsuQVY37xAsGqcv9Ae7 cEzQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738893930; x=1739498730; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=rnyfeyX5KsaoejFCT4Pvz88fBme+Wvr3R6AqYNdoRSY=; b=Y3Bo23Nic6BGmWdRS3bEQoGM5pp/NUAmn4ex6Ajqul+fSTQZUeJqePc8ZRgga+2HTR O0h9XzmB59XF3U5KepZG+bwtcxgpYc8jQ6/8wLRdlbBrUnh6jQtYQGDDap9FNyCo0cVj t0nNJP1BMUi9upLcpmzezft5L9n1IaBrXFY+xSPv2hB3RlDi6Xw9N059jnVy7btxwHzW xBLt9m97iR/UXcyAtU7X9RlPPHCTneK1q0KiBfayPPFw7+HLoyes40QHHasU15655tdE E2LqCtMRW4V1H5YkSi+phLzuKQX5WOLsueJNiMmWFVXmHcKiY7U5b6mHHHHS/oIGDbL3 vOsw== X-Forwarded-Encrypted: i=1; AJvYcCVXOJgs8rTYatviFZgEgauz/Scdxa3t+7hTJBHCBj382QXlH+ax5MGS5eD6LfhPYx4kqWqkQKi31dNK/lU=@vger.kernel.org X-Gm-Message-State: AOJu0YxDk8EQ8Qa+djUBEqad+4j+f3QkeDcjouhPLgUziFj92R0AVWuN BBMOXfhMsHn/SB0Lclackf5vT/6N6Ar/wedwsiu18Hj8IgY09xg2kyPAv8PULOos3Uux388U8dS EojwVDNeTvg== X-Google-Smtp-Source: AGHT+IF7v6kmdiGCxp2a0C++c/LlhPUZNvA/P6MK7nWPEghpqss2oNpv+9B3PTntoS5TGpQxBNw7FSCUTIfdEw== X-Received: from pjbsl12.prod.google.com ([2002:a17:90b:2e0c:b0:2e2:44f2:9175]) (user=yepeilin job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:4cd1:b0:2fa:157e:c78e with SMTP id 98e67ed59e1d1-2fa23f5ebb1mr2349911a91.7.1738893930308; Thu, 06 Feb 2025 18:05:30 -0800 (PST) Date: Fri, 7 Feb 2025 02:05:23 +0000 In-Reply-To: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: X-Mailer: git-send-email 2.48.1.502.g6dc24dfdaf-goog Message-ID: Subject: [PATCH bpf-next v2 2/9] bpf/verifier: Factor out check_atomic_rmw() From: Peilin Ye To: bpf@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Peilin Ye , bpf@ietf.org, Xu Kuohai , Eduard Zingerman , David Vernet , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Jonathan Corbet , "Paul E. McKenney" , Puranjay Mohan , Ilya Leoshkevich , Heiko Carstens , Vasily Gorbik , Catalin Marinas , Will Deacon , Quentin Monnet , Mykola Lysenko , Shuah Khan , Ihor Solodrai , Yingchi Long , Josh Don , Barret Rhoden , Neel Natu , Benjamin Segall , linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Currently, check_atomic() only handles atomic read-modify-write (RMW) instructions. Since we are planning to introduce other types of atomic instructions (i.e., atomic load/store), extract the existing RMW handling logic into its own function named check_atomic_rmw(). Remove the @insn_idx parameter as it is not really necessary. Use 'env->insn_idx' instead, as in other places in verifier.c. Signed-off-by: Peilin Ye --- kernel/bpf/verifier.c | 53 +++++++++++++++++++++++-------------------- 1 file changed, 29 insertions(+), 24 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 0935b72fe716..39eb990ec003 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -7536,28 +7536,12 @@ static int check_mem_access(struct bpf_verifier_env= *env, int insn_idx, u32 regn static int save_aux_ptr_type(struct bpf_verifier_env *env, enum bpf_reg_ty= pe type, bool allow_trust_mismatch); =20 -static int check_atomic(struct bpf_verifier_env *env, int insn_idx, struct= bpf_insn *insn) +static int check_atomic_rmw(struct bpf_verifier_env *env, + struct bpf_insn *insn) { int load_reg; int err; =20 - switch (insn->imm) { - case BPF_ADD: - case BPF_ADD | BPF_FETCH: - case BPF_AND: - case BPF_AND | BPF_FETCH: - case BPF_OR: - case BPF_OR | BPF_FETCH: - case BPF_XOR: - case BPF_XOR | BPF_FETCH: - case BPF_XCHG: - case BPF_CMPXCHG: - break; - default: - verbose(env, "BPF_ATOMIC uses invalid atomic opcode %02x\n", insn->imm); - return -EINVAL; - } - if (BPF_SIZE(insn->code) !=3D BPF_W && BPF_SIZE(insn->code) !=3D BPF_DW) { verbose(env, "invalid atomic operand size\n"); return -EINVAL; @@ -7619,12 +7603,12 @@ static int check_atomic(struct bpf_verifier_env *en= v, int insn_idx, struct bpf_i /* Check whether we can read the memory, with second call for fetch * case to simulate the register fill. */ - err =3D check_mem_access(env, insn_idx, insn->dst_reg, insn->off, + err =3D check_mem_access(env, env->insn_idx, insn->dst_reg, insn->off, BPF_SIZE(insn->code), BPF_READ, -1, true, false); if (!err && load_reg >=3D 0) - err =3D check_mem_access(env, insn_idx, insn->dst_reg, insn->off, - BPF_SIZE(insn->code), BPF_READ, load_reg, - true, false); + err =3D check_mem_access(env, env->insn_idx, insn->dst_reg, + insn->off, BPF_SIZE(insn->code), + BPF_READ, load_reg, true, false); if (err) return err; =20 @@ -7634,13 +7618,34 @@ static int check_atomic(struct bpf_verifier_env *en= v, int insn_idx, struct bpf_i return err; } /* Check whether we can write into the same memory. */ - err =3D check_mem_access(env, insn_idx, insn->dst_reg, insn->off, + err =3D check_mem_access(env, env->insn_idx, insn->dst_reg, insn->off, BPF_SIZE(insn->code), BPF_WRITE, -1, true, false); if (err) return err; return 0; } =20 +static int check_atomic(struct bpf_verifier_env *env, struct bpf_insn *ins= n) +{ + switch (insn->imm) { + case BPF_ADD: + case BPF_ADD | BPF_FETCH: + case BPF_AND: + case BPF_AND | BPF_FETCH: + case BPF_OR: + case BPF_OR | BPF_FETCH: + case BPF_XOR: + case BPF_XOR | BPF_FETCH: + case BPF_XCHG: + case BPF_CMPXCHG: + return check_atomic_rmw(env, insn); + default: + verbose(env, "BPF_ATOMIC uses invalid atomic opcode %02x\n", + insn->imm); + return -EINVAL; + } +} + /* When register 'regno' is used to read the stack (either directly or thr= ough * a helper function) make sure that it's within stack boundary and, depen= ding * on the access type and privileges, that all elements of the stack are @@ -19076,7 +19081,7 @@ static int do_check(struct bpf_verifier_env *env) enum bpf_reg_type dst_reg_type; =20 if (BPF_MODE(insn->code) =3D=3D BPF_ATOMIC) { - err =3D check_atomic(env, env->insn_idx, insn); + err =3D check_atomic(env, insn); if (err) return err; env->insn_idx++; --=20 2.48.1.502.g6dc24dfdaf-goog From nobody Sat Feb 7 11:31:57 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 84D652940B for ; Fri, 7 Feb 2025 02:05:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738893941; cv=none; b=IZCUquqAklrWtrfo6NAPOusO21DzHJNWo1vKJoctvF8aZ5Zm7GDsrXsODvLizDccuLMSBNFUtTIeHcukJh/lopD2S2QaKqFds5jXptZFr4KfNFi/hUBViUw84VUAgQEQUGLOjRtrF1jpG948asDSGLsnKQgLaIciUjlUB56iTrA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738893941; c=relaxed/simple; bh=Q2OkqnaEywltUrTvLR9BEhPUZfK5Xxof8YuvKLY13QU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=OCsosC9LnQTCN2Ftry/x2W9pJx398AmneDK7qZTqVc/ZW/9hUghpt1+xRjeOmtOHwAV2TkeTTJ0+sRi76fecpx47Y4qO531tWsX1OjIPkbRCyI9BlmAW5drkUzOROCEDxA00mEba8U/7z8xGjU9uaA7lA7eGVZ9Svxgs9gETzpw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--yepeilin.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=0F3zl6z7; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--yepeilin.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="0F3zl6z7" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2fa1e63a5ffso2427608a91.3 for ; Thu, 06 Feb 2025 18:05:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1738893939; x=1739498739; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=G0ksBymLsFxBv6dTHVXwRUMsPxued+iewutBsq02rrE=; b=0F3zl6z7IU/2gHkgczbWDC4O0lUQdtSX8LmnjIvSsPuLM+lgenSfRzqG5IubZFHFvj vryKzmdatssv9uKQoBPOOAsmHuy7fD3QYjZllwrgT7sc2EpHFvI8ZB37SNp26+roLzQQ JqLU832PLxNFQnc1n4epCQwbNU/3zzjUn97Scynro/NAmO+Pq9J+hdEM2ZISlqlU/C6d ivDk3nGqZceNc0nI4rcbOJyAy3itKisORrfLU3qM/WpfOpIE8zP7FCOpBdlhsVHeQKEc JSRQSZ4nmbWUNEHasmacdgM/UYAge9/ldrLkSUUG8bh45Yp4JPsa4oKhGdqdxgt2GPaT XPjw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738893939; x=1739498739; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=G0ksBymLsFxBv6dTHVXwRUMsPxued+iewutBsq02rrE=; b=Q7SkC0uar0GPfzkohw6ZovKK/WLDetwJS3uoa1AE6z08sbEzOE9tGiVmRYkKIK0iVT x91CfBWOV/IUWRwtXpn9zMhJ1yKR8n/XjrXKTpHDZGANuxVvE+QzsFnMfEwrq+VKNPjk pA3nznFSDzdXcU2KJo09KGRhzXqyye7XVsWlc0TXY68iL+7UBBlmG2ywWJ0UPtkjxtuR C9oWxkn5xoqJXZ65oD2eZGNFsG1ekKZ8pUawq17h+17z/FBpT3wC7bMSW+ihMXPIHIoy H/6IgZBc9xUGsbit7YiCYT85sTAAV1G+kx5ndzXmyl4w8LK+c86v60JKTjLF1r3ruG1r 64/g== X-Forwarded-Encrypted: i=1; AJvYcCXjm8WRphTZUf2/8MeCYdXKGNgvXcFpfG6/M1XDuoDb1y884bie1isiayFhIQB/kMpfFurvd3FmCz6tIfg=@vger.kernel.org X-Gm-Message-State: AOJu0YwkLKDHeEZ9/50gLI9Bzht+y0Bqr7jGqoIGv2tobzn7gVWpkbc0 xB83oAUewTt/9ihfKKmuzKSKG0DtHkhFWQIRqWM2Yx0D/C32oGRfqbImR9OUOXHnMgAaNc9ewbd piRyY1EGRAw== X-Google-Smtp-Source: AGHT+IEQXS8/Za22ftZ1p+Phe57YwI7GpMBkpoOV+QxJBEcmY8iFZ5iWxAf92Zvu9JrzhNYd5itkmkXtR2L03w== X-Received: from pfai16.prod.google.com ([2002:aa7:9090:0:b0:72b:ccb:c99b]) (user=yepeilin job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a00:882:b0:71e:6b8:2f4a with SMTP id d2e1a72fcca58-7305d47c9d1mr2600297b3a.12.1738893938799; Thu, 06 Feb 2025 18:05:38 -0800 (PST) Date: Fri, 7 Feb 2025 02:05:34 +0000 In-Reply-To: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: X-Mailer: git-send-email 2.48.1.502.g6dc24dfdaf-goog Message-ID: <363538659933fb2e289d937d81fc8eecb284ea7b.1738888641.git.yepeilin@google.com> Subject: [PATCH bpf-next v2 3/9] bpf/verifier: Factor out check_load_mem() and check_store_reg() From: Peilin Ye To: bpf@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Peilin Ye , bpf@ietf.org, Xu Kuohai , Eduard Zingerman , David Vernet , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Jonathan Corbet , "Paul E. McKenney" , Puranjay Mohan , Ilya Leoshkevich , Heiko Carstens , Vasily Gorbik , Catalin Marinas , Will Deacon , Quentin Monnet , Mykola Lysenko , Shuah Khan , Ihor Solodrai , Yingchi Long , Josh Don , Barret Rhoden , Neel Natu , Benjamin Segall , linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Extract BPF_LDX and most non-atomic BPF_STX instruction handling logic in do_check() into helper functions to be used later. While we are here, make that comment about "reserved fields" more specific. Suggested-by: Eduard Zingerman Signed-off-by: Peilin Ye Acked-by: Eduard Zingerman --- kernel/bpf/verifier.c | 110 +++++++++++++++++++++++++----------------- 1 file changed, 67 insertions(+), 43 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 39eb990ec003..82a5a4acf576 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -7536,6 +7536,67 @@ static int check_mem_access(struct bpf_verifier_env = *env, int insn_idx, u32 regn static int save_aux_ptr_type(struct bpf_verifier_env *env, enum bpf_reg_ty= pe type, bool allow_trust_mismatch); =20 +static int check_load_mem(struct bpf_verifier_env *env, struct bpf_insn *i= nsn, + bool strict_alignment_once, bool is_ldsx, + bool allow_trust_mismatch, const char *ctx) +{ + struct bpf_reg_state *regs =3D cur_regs(env); + enum bpf_reg_type src_reg_type; + int err; + + /* check src operand */ + err =3D check_reg_arg(env, insn->src_reg, SRC_OP); + if (err) + return err; + + /* check dst operand */ + err =3D check_reg_arg(env, insn->dst_reg, DST_OP_NO_MARK); + if (err) + return err; + + src_reg_type =3D regs[insn->src_reg].type; + + /* Check if (src_reg + off) is readable. The state of dst_reg will be + * updated by this call. + */ + err =3D check_mem_access(env, env->insn_idx, insn->src_reg, insn->off, + BPF_SIZE(insn->code), BPF_READ, insn->dst_reg, + strict_alignment_once, is_ldsx); + err =3D err ?: save_aux_ptr_type(env, src_reg_type, + allow_trust_mismatch); + err =3D err ?: reg_bounds_sanity_check(env, ®s[insn->dst_reg], ctx); + + return err; +} + +static int check_store_reg(struct bpf_verifier_env *env, struct bpf_insn *= insn, + bool strict_alignment_once) +{ + struct bpf_reg_state *regs =3D cur_regs(env); + enum bpf_reg_type dst_reg_type; + int err; + + /* check src1 operand */ + err =3D check_reg_arg(env, insn->src_reg, SRC_OP); + if (err) + return err; + + /* check src2 operand */ + err =3D check_reg_arg(env, insn->dst_reg, SRC_OP); + if (err) + return err; + + dst_reg_type =3D regs[insn->dst_reg].type; + + /* Check if (dst_reg + off) is writeable. */ + err =3D check_mem_access(env, env->insn_idx, insn->dst_reg, insn->off, + BPF_SIZE(insn->code), BPF_WRITE, insn->src_reg, + strict_alignment_once, false); + err =3D err ?: save_aux_ptr_type(env, dst_reg_type, false); + + return err; +} + static int check_atomic_rmw(struct bpf_verifier_env *env, struct bpf_insn *insn) { @@ -19051,35 +19112,16 @@ static int do_check(struct bpf_verifier_env *env) return err; =20 } else if (class =3D=3D BPF_LDX) { - enum bpf_reg_type src_reg_type; - - /* check for reserved fields is already done */ - - /* check src operand */ - err =3D check_reg_arg(env, insn->src_reg, SRC_OP); - if (err) - return err; + bool is_ldsx =3D BPF_MODE(insn->code) =3D=3D BPF_MEMSX; =20 - err =3D check_reg_arg(env, insn->dst_reg, DST_OP_NO_MARK); - if (err) - return err; - - src_reg_type =3D regs[insn->src_reg].type; - - /* check that memory (src_reg + off) is readable, - * the state of dst_reg will be updated by this func + /* Check for reserved fields is already done in + * resolve_pseudo_ldimm64(). */ - err =3D check_mem_access(env, env->insn_idx, insn->src_reg, - insn->off, BPF_SIZE(insn->code), - BPF_READ, insn->dst_reg, false, - BPF_MODE(insn->code) =3D=3D BPF_MEMSX); - err =3D err ?: save_aux_ptr_type(env, src_reg_type, true); - err =3D err ?: reg_bounds_sanity_check(env, ®s[insn->dst_reg], "ldx"= ); + err =3D check_load_mem(env, insn, false, is_ldsx, true, + "ldx"); if (err) return err; } else if (class =3D=3D BPF_STX) { - enum bpf_reg_type dst_reg_type; - if (BPF_MODE(insn->code) =3D=3D BPF_ATOMIC) { err =3D check_atomic(env, insn); if (err) @@ -19093,25 +19135,7 @@ static int do_check(struct bpf_verifier_env *env) return -EINVAL; } =20 - /* check src1 operand */ - err =3D check_reg_arg(env, insn->src_reg, SRC_OP); - if (err) - return err; - /* check src2 operand */ - err =3D check_reg_arg(env, insn->dst_reg, SRC_OP); - if (err) - return err; - - dst_reg_type =3D regs[insn->dst_reg].type; - - /* check that memory (dst_reg + off) is writeable */ - err =3D check_mem_access(env, env->insn_idx, insn->dst_reg, - insn->off, BPF_SIZE(insn->code), - BPF_WRITE, insn->src_reg, false, false); - if (err) - return err; - - err =3D save_aux_ptr_type(env, dst_reg_type, false); + err =3D check_store_reg(env, insn, false); if (err) return err; } else if (class =3D=3D BPF_ST) { --=20 2.48.1.502.g6dc24dfdaf-goog From nobody Sat Feb 7 11:31:57 2026 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 09804364D6 for ; Fri, 7 Feb 2025 02:05:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738893958; cv=none; b=HT8bEd2IcnK6Al402j6isGaBCit/s66kBmRbP1aVSE9VkmA0xMDGE1LotgEsp1wLFw1VIOxLG1KyilKN2YzNEVKRI8cfxPTep5Ld2slo/UHnlQHCu7fnR1C5Toq2D1uJJPb809F8C1s4WGViOry8w1HF/W1EoC8fFkGew2Bqb3Y= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738893958; c=relaxed/simple; bh=fPq9XWtsOtc69mPeFIsRa2N34NkEV9jtbVKr6QyBnbc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=KxVRXbIpl1mH11aT0tyQw9Zg+L3F9/q7XJaoXmCkG4Is80UjOFCMSvABeHtJvIuZBMEdrjTDNJJJ4eRwTldrKiM71u3H14u52nBoS3O0Yq5KD+ZlKVCQ7nek2vvQpUgJktEvXi/E8ugPqRdVJA/QDiDxqW6QNSgpR/Tdo2jHLR4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--yepeilin.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=UXALrdZZ; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--yepeilin.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="UXALrdZZ" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-21f1919a7beso32777395ad.2 for ; Thu, 06 Feb 2025 18:05:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1738893956; x=1739498756; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=ddcXobZXl7/L485JhUMDf0sDIc/e0wxrN1hs3/Yc8Ck=; b=UXALrdZZmMfaabZ+uoszA+BvPhGcY35/62nR5qqLmJaoBXuCUfV/bx46U7gQ4HVcJI 5maHLXCCq7R/gMgKVbGstXv7nzgEdonRrEedwseucmaj7D3Q5fVIa9Uy6icJEbF3NoTt xk6L0XiOWo+g/A+U6Q8Jp9+FUtoEV4SctzdglSD51gg/wyjTPAtqg83+Z8Uz4PsOxjAt zPTWP/5n0qNenmOKDvJyhCkgR5BWukpC5gi6ObXfD5VktJ0xD5smcl3LIzFIdYOZ9WQn Kh0w9C51h8qvrLDfA+fBENZKiJSjg9pyIAZR51EGeR+2jDToJjZHN87mKXdok0FAbvCw K3QQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738893956; x=1739498756; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ddcXobZXl7/L485JhUMDf0sDIc/e0wxrN1hs3/Yc8Ck=; b=v/pPhcQtmhouVmFLzqSTRLp2ELqehnHdvmNT8aTC8j6OaEkrRlShqAn1QoTPInb6XJ QPhxTxIMvN0pk5+WrlDQronOVrkJyM0To5Bpcedxvxu+OiwSqQSC22xhvgXGej9cZhx9 n8cUr0z7gFyli22QReml/KPup9uw2XbKMiuNWfDvoPA+4kCmOz41XfYX4aS7p6IULdRZ 7yanxAPAlqTqEA8qzlUMfxzpTyHKbHacVw5vDLpYYLRm7aBnNr5fc9Rw+CRlIZdZgDgX m7hhF4uhUGlmxPaW/fcDcRevV9/jH8u+4zidBcyYY5JLbrNmMVv/jp3RJQ1Nn3nsrvAN bx6w== X-Forwarded-Encrypted: i=1; AJvYcCUiuqW2KxiPey4N4ickxmc/VDw5iglyxWyuzDEzOUpxJqPPDbt98vPY+nHZ0KbqbyNJStm3C7MxFAxnqXI=@vger.kernel.org X-Gm-Message-State: AOJu0YzdsY67b59s4UacxtsWx+2mP0fmsn/82LEfAHQ1aaEQrOQptx9m Ba/EYG3Q4uNtnFzlWbMiB6Q/wM1RwgPiSLuq3fowcTBWoo0N/zqgtZmjmiOyy5PjtHnUatJsZ8c 7yyZeD8F6ag== X-Google-Smtp-Source: AGHT+IHaFr+HT1k7LbVBAkON0Sg6P00qfAjEH6NZPFl87AchQ8sNqQ5UN8DGIlVFWcsU20JIhNme+XM/inTD9A== X-Received: from plbkn6.prod.google.com ([2002:a17:903:786:b0:21f:544:758]) (user=yepeilin job=prod-delivery.src-stubby-dispatcher) by 2002:a17:903:244c:b0:215:401b:9535 with SMTP id d9443c01a7336-21f4e756726mr24529425ad.47.1738893956357; Thu, 06 Feb 2025 18:05:56 -0800 (PST) Date: Fri, 7 Feb 2025 02:05:44 +0000 In-Reply-To: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: X-Mailer: git-send-email 2.48.1.502.g6dc24dfdaf-goog Message-ID: Subject: [PATCH bpf-next v2 4/9] bpf: Introduce load-acquire and store-release instructions From: Peilin Ye To: bpf@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Peilin Ye , bpf@ietf.org, Xu Kuohai , Eduard Zingerman , David Vernet , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Jonathan Corbet , "Paul E. McKenney" , Puranjay Mohan , Ilya Leoshkevich , Heiko Carstens , Vasily Gorbik , Catalin Marinas , Will Deacon , Quentin Monnet , Mykola Lysenko , Shuah Khan , Ihor Solodrai , Yingchi Long , Josh Don , Barret Rhoden , Neel Natu , Benjamin Segall , linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Introduce BPF instructions with load-acquire and store-release semantics, as discussed in [1]. The following new flags are defined: BPF_ATOMIC_LOAD 0x10 BPF_ATOMIC_STORE 0x20 BPF_ATOMIC_TYPE(imm) ((imm) & 0xf0) BPF_RELAXED 0x0 BPF_ACQUIRE 0x1 BPF_RELEASE 0x2 BPF_ACQ_REL 0x3 BPF_SEQ_CST 0x4 BPF_LOAD_ACQ (BPF_ATOMIC_LOAD | BPF_ACQUIRE) BPF_STORE_REL (BPF_ATOMIC_STORE | BPF_RELEASE) A "load-acquire" is a BPF_STX | BPF_ATOMIC instruction with the 'imm' field set to BPF_LOAD_ACQ (0x11). Similarly, a "store-release" is a BPF_STX | BPF_ATOMIC instruction with the 'imm' field set to BPF_STORE_REL (0x22). Unlike existing atomic operations that only support BPF_W (32-bit) and BPF_DW (64-bit) size modifiers, load-acquires and store-releases also support BPF_B (8-bit) and BPF_H (16-bit). An 8- or 16-bit load-acquire zero-extends the value before writing it to a 32-bit register, just like ARM64 instruction LDARH and friends. As an example, consider the following 64-bit load-acquire BPF instruction: db 10 00 00 11 00 00 00 r0 =3D load_acquire((u64 *)(r1 + 0x0)) opcode (0xdb): BPF_ATOMIC | BPF_DW | BPF_STX imm (0x00000011): BPF_LOAD_ACQ Similarly, a 16-bit BPF store-release: cb 21 00 00 22 00 00 00 store_release((u16 *)(r1 + 0x0), w2) opcode (0xcb): BPF_ATOMIC | BPF_H | BPF_STX imm (0x00000022): BPF_STORE_REL In arch/{arm64,s390,x86}/net/bpf_jit_comp.c, have bpf_jit_supports_insn(..., /*in_arena=3D*/true) return false for the new instructions, until the corresponding JIT compiler supports them. [1] https://lore.kernel.org/all/20240729183246.4110549-1-yepeilin@google.co= m/ Acked-by: Eduard Zingerman Signed-off-by: Peilin Ye Acked-by: Ilya Leoshkevich --- arch/arm64/net/bpf_jit_comp.c | 4 +++ arch/s390/net/bpf_jit_comp.c | 14 +++++--- arch/x86/net/bpf_jit_comp.c | 4 +++ include/linux/bpf.h | 11 ++++++ include/linux/filter.h | 2 ++ include/uapi/linux/bpf.h | 13 +++++++ kernel/bpf/core.c | 63 ++++++++++++++++++++++++++++++---- kernel/bpf/disasm.c | 12 +++++++ kernel/bpf/verifier.c | 45 ++++++++++++++++++++++-- tools/include/uapi/linux/bpf.h | 13 +++++++ 10 files changed, 168 insertions(+), 13 deletions(-) diff --git a/arch/arm64/net/bpf_jit_comp.c b/arch/arm64/net/bpf_jit_comp.c index 8446848edddb..8c3b47d9e441 100644 --- a/arch/arm64/net/bpf_jit_comp.c +++ b/arch/arm64/net/bpf_jit_comp.c @@ -2667,8 +2667,12 @@ bool bpf_jit_supports_insn(struct bpf_insn *insn, bo= ol in_arena) if (!in_arena) return true; switch (insn->code) { + case BPF_STX | BPF_ATOMIC | BPF_B: + case BPF_STX | BPF_ATOMIC | BPF_H: case BPF_STX | BPF_ATOMIC | BPF_W: case BPF_STX | BPF_ATOMIC | BPF_DW: + if (bpf_atomic_is_load_store(insn)) + return false; if (!cpus_have_cap(ARM64_HAS_LSE_ATOMICS)) return false; } diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c index 9d440a0b729e..0776dfde2dba 100644 --- a/arch/s390/net/bpf_jit_comp.c +++ b/arch/s390/net/bpf_jit_comp.c @@ -2919,10 +2919,16 @@ bool bpf_jit_supports_arena(void) =20 bool bpf_jit_supports_insn(struct bpf_insn *insn, bool in_arena) { - /* - * Currently the verifier uses this function only to check which - * atomic stores to arena are supported, and they all are. - */ + if (!in_arena) + return true; + switch (insn->code) { + case BPF_STX | BPF_ATOMIC | BPF_B: + case BPF_STX | BPF_ATOMIC | BPF_H: + case BPF_STX | BPF_ATOMIC | BPF_W: + case BPF_STX | BPF_ATOMIC | BPF_DW: + if (bpf_atomic_is_load_store(insn)) + return false; + } return true; } =20 diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c index a43fc5af973d..f0c31c940fb8 100644 --- a/arch/x86/net/bpf_jit_comp.c +++ b/arch/x86/net/bpf_jit_comp.c @@ -3771,8 +3771,12 @@ bool bpf_jit_supports_insn(struct bpf_insn *insn, bo= ol in_arena) if (!in_arena) return true; switch (insn->code) { + case BPF_STX | BPF_ATOMIC | BPF_B: + case BPF_STX | BPF_ATOMIC | BPF_H: case BPF_STX | BPF_ATOMIC | BPF_W: case BPF_STX | BPF_ATOMIC | BPF_DW: + if (bpf_atomic_is_load_store(insn)) + return false; if (insn->imm =3D=3D (BPF_AND | BPF_FETCH) || insn->imm =3D=3D (BPF_OR | BPF_FETCH) || insn->imm =3D=3D (BPF_XOR | BPF_FETCH)) diff --git a/include/linux/bpf.h b/include/linux/bpf.h index f3f50e29d639..96c936fd125f 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -990,6 +990,17 @@ static inline bool bpf_pseudo_func(const struct bpf_in= sn *insn) return bpf_is_ldimm64(insn) && insn->src_reg =3D=3D BPF_PSEUDO_FUNC; } =20 +/* Given a BPF_ATOMIC instruction @atomic_insn, return true if it is an + * atomic load or store, and false if it is a read-modify-write instructio= n. + */ +static inline bool +bpf_atomic_is_load_store(const struct bpf_insn *atomic_insn) +{ + const s32 type =3D BPF_ATOMIC_TYPE(atomic_insn->imm); + + return type =3D=3D BPF_ATOMIC_LOAD || type =3D=3D BPF_ATOMIC_STORE; +} + struct bpf_prog_ops { int (*test_run)(struct bpf_prog *prog, const union bpf_attr *kattr, union bpf_attr __user *uattr); diff --git a/include/linux/filter.h b/include/linux/filter.h index a3ea46281595..e36812a5b01f 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h @@ -364,6 +364,8 @@ static inline bool insn_is_cast_user(const struct bpf_i= nsn *insn) * BPF_XOR | BPF_FETCH src_reg =3D atomic_fetch_xor(dst_reg + off16= , src_reg); * BPF_XCHG src_reg =3D atomic_xchg(dst_reg + off16, src= _reg) * BPF_CMPXCHG r0 =3D atomic_cmpxchg(dst_reg + off16, r0, s= rc_reg) + * BPF_LOAD_ACQ dst_reg =3D smp_load_acquire(src_reg + off16) + * BPF_STORE_REL smp_store_release(dst_reg + off16, src_reg) */ =20 #define BPF_ATOMIC_OP(SIZE, OP, DST, SRC, OFF) \ diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index fff6cdb8d11a..e78306e6e2be 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -51,6 +51,19 @@ #define BPF_XCHG (0xe0 | BPF_FETCH) /* atomic exchange */ #define BPF_CMPXCHG (0xf0 | BPF_FETCH) /* atomic compare-and-write */ =20 +#define BPF_ATOMIC_LOAD 0x10 +#define BPF_ATOMIC_STORE 0x20 +#define BPF_ATOMIC_TYPE(imm) ((imm) & 0xf0) + +#define BPF_RELAXED 0x00 +#define BPF_ACQUIRE 0x01 +#define BPF_RELEASE 0x02 +#define BPF_ACQ_REL 0x03 +#define BPF_SEQ_CST 0x04 + +#define BPF_LOAD_ACQ (BPF_ATOMIC_LOAD | BPF_ACQUIRE) /* load-acquire */ +#define BPF_STORE_REL (BPF_ATOMIC_STORE | BPF_RELEASE) /* store-release */ + enum bpf_cond_pseudo_jmp { BPF_MAY_GOTO =3D 0, }; diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c index da729cbbaeb9..3f3127479a93 100644 --- a/kernel/bpf/core.c +++ b/kernel/bpf/core.c @@ -1663,14 +1663,17 @@ EXPORT_SYMBOL_GPL(__bpf_call_base); INSN_3(JMP, JSET, K), \ INSN_2(JMP, JA), \ INSN_2(JMP32, JA), \ + /* Atomic operations. */ \ + INSN_3(STX, ATOMIC, B), \ + INSN_3(STX, ATOMIC, H), \ + INSN_3(STX, ATOMIC, W), \ + INSN_3(STX, ATOMIC, DW), \ /* Store instructions. */ \ /* Register based. */ \ INSN_3(STX, MEM, B), \ INSN_3(STX, MEM, H), \ INSN_3(STX, MEM, W), \ INSN_3(STX, MEM, DW), \ - INSN_3(STX, ATOMIC, W), \ - INSN_3(STX, ATOMIC, DW), \ /* Immediate based. */ \ INSN_3(ST, MEM, B), \ INSN_3(ST, MEM, H), \ @@ -2152,24 +2155,33 @@ static u64 ___bpf_prog_run(u64 *regs, const struct = bpf_insn *insn) if (BPF_SIZE(insn->code) =3D=3D BPF_W) \ atomic_##KOP((u32) SRC, (atomic_t *)(unsigned long) \ (DST + insn->off)); \ - else \ + else if (BPF_SIZE(insn->code) =3D=3D BPF_DW) \ atomic64_##KOP((u64) SRC, (atomic64_t *)(unsigned long) \ (DST + insn->off)); \ + else \ + goto default_label; \ break; \ case BOP | BPF_FETCH: \ if (BPF_SIZE(insn->code) =3D=3D BPF_W) \ SRC =3D (u32) atomic_fetch_##KOP( \ (u32) SRC, \ (atomic_t *)(unsigned long) (DST + insn->off)); \ - else \ + else if (BPF_SIZE(insn->code) =3D=3D BPF_DW) \ SRC =3D (u64) atomic64_fetch_##KOP( \ (u64) SRC, \ (atomic64_t *)(unsigned long) (DST + insn->off)); \ + else \ + goto default_label; \ break; =20 STX_ATOMIC_DW: STX_ATOMIC_W: + STX_ATOMIC_H: + STX_ATOMIC_B: switch (IMM) { + /* Atomic read-modify-write instructions support only W and DW + * size modifiers. + */ ATOMIC_ALU_OP(BPF_ADD, add) ATOMIC_ALU_OP(BPF_AND, and) ATOMIC_ALU_OP(BPF_OR, or) @@ -2181,20 +2193,59 @@ static u64 ___bpf_prog_run(u64 *regs, const struct = bpf_insn *insn) SRC =3D (u32) atomic_xchg( (atomic_t *)(unsigned long) (DST + insn->off), (u32) SRC); - else + else if (BPF_SIZE(insn->code) =3D=3D BPF_DW) SRC =3D (u64) atomic64_xchg( (atomic64_t *)(unsigned long) (DST + insn->off), (u64) SRC); + else + goto default_label; break; case BPF_CMPXCHG: if (BPF_SIZE(insn->code) =3D=3D BPF_W) BPF_R0 =3D (u32) atomic_cmpxchg( (atomic_t *)(unsigned long) (DST + insn->off), (u32) BPF_R0, (u32) SRC); - else + else if (BPF_SIZE(insn->code) =3D=3D BPF_DW) BPF_R0 =3D (u64) atomic64_cmpxchg( (atomic64_t *)(unsigned long) (DST + insn->off), (u64) BPF_R0, (u64) SRC); + else + goto default_label; + break; + /* Atomic load and store instructions support all size + * modifiers. + */ + case BPF_LOAD_ACQ: + switch (BPF_SIZE(insn->code)) { +#define LOAD_ACQUIRE(SIZEOP, SIZE) \ + case BPF_##SIZEOP: \ + DST =3D (SIZE)smp_load_acquire( \ + (SIZE *)(unsigned long)(SRC + insn->off)); \ + break; + LOAD_ACQUIRE(B, u8) + LOAD_ACQUIRE(H, u16) + LOAD_ACQUIRE(W, u32) + LOAD_ACQUIRE(DW, u64) +#undef LOAD_ACQUIRE + default: + goto default_label; + } + break; + case BPF_STORE_REL: + switch (BPF_SIZE(insn->code)) { +#define STORE_RELEASE(SIZEOP, SIZE) \ + case BPF_##SIZEOP: \ + smp_store_release( \ + (SIZE *)(unsigned long)(DST + insn->off), (SIZE)SRC); \ + break; + STORE_RELEASE(B, u8) + STORE_RELEASE(H, u16) + STORE_RELEASE(W, u32) + STORE_RELEASE(DW, u64) +#undef STORE_RELEASE + default: + goto default_label; + } break; =20 default: diff --git a/kernel/bpf/disasm.c b/kernel/bpf/disasm.c index 309c4aa1b026..974d172d6735 100644 --- a/kernel/bpf/disasm.c +++ b/kernel/bpf/disasm.c @@ -267,6 +267,18 @@ void print_bpf_insn(const struct bpf_insn_cbs *cbs, BPF_SIZE(insn->code) =3D=3D BPF_DW ? "64" : "", bpf_ldst_string[BPF_SIZE(insn->code) >> 3], insn->dst_reg, insn->off, insn->src_reg); + } else if (BPF_MODE(insn->code) =3D=3D BPF_ATOMIC && + insn->imm =3D=3D BPF_LOAD_ACQ) { + verbose(cbs->private_data, "(%02x) r%d =3D load_acquire((%s *)(r%d %+d)= )\n", + insn->code, insn->dst_reg, + bpf_ldst_string[BPF_SIZE(insn->code) >> 3], + insn->src_reg, insn->off); + } else if (BPF_MODE(insn->code) =3D=3D BPF_ATOMIC && + insn->imm =3D=3D BPF_STORE_REL) { + verbose(cbs->private_data, "(%02x) store_release((%s *)(r%d %+d), r%d)\= n", + insn->code, + bpf_ldst_string[BPF_SIZE(insn->code) >> 3], + insn->dst_reg, insn->off, insn->src_reg); } else { verbose(cbs->private_data, "BUG_%02x\n", insn->code); } diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 82a5a4acf576..7ebc224bf9cb 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -579,6 +579,13 @@ static bool is_cmpxchg_insn(const struct bpf_insn *ins= n) insn->imm =3D=3D BPF_CMPXCHG; } =20 +static bool is_atomic_load_insn(const struct bpf_insn *insn) +{ + return BPF_CLASS(insn->code) =3D=3D BPF_STX && + BPF_MODE(insn->code) =3D=3D BPF_ATOMIC && + BPF_ATOMIC_TYPE(insn->imm) =3D=3D BPF_ATOMIC_LOAD; +} + static int __get_spi(s32 off) { return (-off - 1) / BPF_REG_SIZE; @@ -3481,7 +3488,7 @@ static bool is_reg64(struct bpf_verifier_env *env, st= ruct bpf_insn *insn, } =20 if (class =3D=3D BPF_STX) { - /* BPF_STX (including atomic variants) has multiple source + /* BPF_STX (including atomic variants) has one or more source * operands, one of which is a ptr. Check whether the caller is * asking about it. */ @@ -4095,7 +4102,7 @@ static int backtrack_insn(struct bpf_verifier_env *en= v, int idx, int subseq_idx, * dreg still needs precision before this insn */ } - } else if (class =3D=3D BPF_LDX) { + } else if (class =3D=3D BPF_LDX || is_atomic_load_insn(insn)) { if (!bt_is_reg_set(bt, dreg)) return 0; bt_clear_reg(bt, dreg); @@ -7686,6 +7693,32 @@ static int check_atomic_rmw(struct bpf_verifier_env = *env, return 0; } =20 +static int check_atomic_load(struct bpf_verifier_env *env, + struct bpf_insn *insn) +{ + if (!atomic_ptr_type_ok(env, insn->src_reg, insn)) { + verbose(env, "BPF_ATOMIC loads from R%d %s is not allowed\n", + insn->src_reg, + reg_type_str(env, reg_state(env, insn->src_reg)->type)); + return -EACCES; + } + + return check_load_mem(env, insn, true, false, false, "atomic_load"); +} + +static int check_atomic_store(struct bpf_verifier_env *env, + struct bpf_insn *insn) +{ + if (!atomic_ptr_type_ok(env, insn->dst_reg, insn)) { + verbose(env, "BPF_ATOMIC stores into R%d %s is not allowed\n", + insn->dst_reg, + reg_type_str(env, reg_state(env, insn->dst_reg)->type)); + return -EACCES; + } + + return check_store_reg(env, insn, true); +} + static int check_atomic(struct bpf_verifier_env *env, struct bpf_insn *ins= n) { switch (insn->imm) { @@ -7700,6 +7733,10 @@ static int check_atomic(struct bpf_verifier_env *env= , struct bpf_insn *insn) case BPF_XCHG: case BPF_CMPXCHG: return check_atomic_rmw(env, insn); + case BPF_LOAD_ACQ: + return check_atomic_load(env, insn); + case BPF_STORE_REL: + return check_atomic_store(env, insn); default: verbose(env, "BPF_ATOMIC uses invalid atomic opcode %02x\n", insn->imm); @@ -20445,7 +20482,9 @@ static int convert_ctx_accesses(struct bpf_verifier= _env *env) insn->code =3D=3D (BPF_ST | BPF_MEM | BPF_W) || insn->code =3D=3D (BPF_ST | BPF_MEM | BPF_DW)) { type =3D BPF_WRITE; - } else if ((insn->code =3D=3D (BPF_STX | BPF_ATOMIC | BPF_W) || + } else if ((insn->code =3D=3D (BPF_STX | BPF_ATOMIC | BPF_B) || + insn->code =3D=3D (BPF_STX | BPF_ATOMIC | BPF_H) || + insn->code =3D=3D (BPF_STX | BPF_ATOMIC | BPF_W) || insn->code =3D=3D (BPF_STX | BPF_ATOMIC | BPF_DW)) && env->insn_aux_data[i + delta].ptr_type =3D=3D PTR_TO_ARENA) { insn->code =3D BPF_STX | BPF_PROBE_ATOMIC | BPF_SIZE(insn->code); diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h index 2acf9b336371..4a20a125eb46 100644 --- a/tools/include/uapi/linux/bpf.h +++ b/tools/include/uapi/linux/bpf.h @@ -51,6 +51,19 @@ #define BPF_XCHG (0xe0 | BPF_FETCH) /* atomic exchange */ #define BPF_CMPXCHG (0xf0 | BPF_FETCH) /* atomic compare-and-write */ =20 +#define BPF_ATOMIC_LOAD 0x10 +#define BPF_ATOMIC_STORE 0x20 +#define BPF_ATOMIC_TYPE(imm) ((imm) & 0xf0) + +#define BPF_RELAXED 0x00 +#define BPF_ACQUIRE 0x01 +#define BPF_RELEASE 0x02 +#define BPF_ACQ_REL 0x03 +#define BPF_SEQ_CST 0x04 + +#define BPF_LOAD_ACQ (BPF_ATOMIC_LOAD | BPF_ACQUIRE) /* load-acquire */ +#define BPF_STORE_REL (BPF_ATOMIC_STORE | BPF_RELEASE) /* store-release */ + enum bpf_cond_pseudo_jmp { BPF_MAY_GOTO =3D 0, }; --=20 2.48.1.502.g6dc24dfdaf-goog From nobody Sat Feb 7 11:31:57 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D053614830F for ; Fri, 7 Feb 2025 02:06:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738893969; cv=none; b=rE2lkSBJzTAv/Okr+5eJjs8y69nUgvBOVmepZcrIaKjEUcnAaBEUEVCGT+dAxXYHlHgRabut8D2ERm0pOw8OiHHB+DX9ldWIkgSaAy/CjVcsR8uSbnovFYwhn5VKNuWX/O0TTIhMMLJlkQyywRbVStHFvLv0S6jH0TavimljdBc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738893969; c=relaxed/simple; bh=E/TpMA247bMkzLdjcLrFOFBXXFCSKNXD47s95nK47Vs=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=neNfjLrOY/KUj9OA1DiITOFQCDewKbtheWiYMkdSzRJH7HxB1uIkke2+xrAV6jCd2zCAIu5H5t9Vn6D8SAhzn6Uajy1HgxDNFRmczVAAVpvCOxYqtbKF15upSmz3ilJmi+0/BVtch9bVHs7vKE5m4mGiFTeqTLJIK9DWuo/vLcg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--yepeilin.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=UXUnvLq6; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--yepeilin.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="UXUnvLq6" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2fa166cf693so3103550a91.1 for ; Thu, 06 Feb 2025 18:06:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1738893967; x=1739498767; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=yopLqhfx9FBzsjoQTq5VQnotD7AE589toKqt2dLQW/g=; b=UXUnvLq6tWkJmLQUeX7EbyTEIYhXmvz7FLItJRJExYkvD7xrzAdz+0P4RGGvOdRU2L LVlu0O/Jy2zhChNQ2+QdX65Lzg5fZ98Wn5AW8AO+tD0uVCWwxlcHG6fULpPXGjbdbMgk z3629GSiL3wey7GKeb4bpbjqM2dlsaVUG+BV5U9cJ6Lqw4fQmkHzBBIaEbjHaIAcAYyC oEohSuvFd2swVQhYyv2yziKt7PbamQBoVJGLYhXpyUsCAzJ0+nj7Ier3ovaS/KchzSJ+ yYCW9C1MU5e2xW16yNkeBgtlDxnoyBdBuDnfJbCEChMJ0q/Y9X8bZolzR35UadK2SQwA wx/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738893967; x=1739498767; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=yopLqhfx9FBzsjoQTq5VQnotD7AE589toKqt2dLQW/g=; b=uX8yGObKp3rTzWfBfzSYhTWKlRb3jyhGy1yXY9FPGMLDh8lcDE6PQOyIuP+65kaZVq QGs5A2T+sexvKvvNVBxKdxaV6b2dbTOfkIswo/1adBC+yG4Q6noqqNzFUy4hIZJMNINY UvQIvg1Tyupb0H0Hlg0TSZnj+2gGNr03a8up4gd8VEdS6oimNxYqurAO5hqc2xfSmkxK jDy/t3cl+z1JIo8OmIdHDtA29tFV6aZhnINTQkxjpmy6DYcxv1C9mEUsuG1KImZAnxul Okf3gBcTe/V8vZdCGnAi1rOILhCw1NXkmjxoJzTHe8MApirqzGA0uiiXRSyHRJ8OIW/A GFSw== X-Forwarded-Encrypted: i=1; AJvYcCUabVKS1iSxDR1uBDSbDN1FPP8kj1HjkE9Xkc7wXGsF1BymKs/SIFQJqk7Ehk6jY/PkwI9jDM1xKsX7uWs=@vger.kernel.org X-Gm-Message-State: AOJu0YztUydh5dUTIwZNzMN2Sa/0boALRzgcxAbHqsraHSvSZhv43Dg1 anJ90RpB+mShVYqbxoVRzOOpa1VxkrkgO2/uQh9WgidGW3G/2vr8j9+9TR8WjNAfajo1XT7948e wIhtrt59nlg== X-Google-Smtp-Source: AGHT+IFkXM4xOo99sOcxT31u2xnrLGGSfuSlHl8QgKpY5jPoM6In+piNqVi02IXVxH8TVZTEDBs9f2fc1XsrBg== X-Received: from pjbpt7.prod.google.com ([2002:a17:90b:3d07:b0:2fa:b84:b308]) (user=yepeilin job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:3dc3:b0:2ee:8ea0:6b9c with SMTP id 98e67ed59e1d1-2fa24064223mr2524108a91.12.1738893966755; Thu, 06 Feb 2025 18:06:06 -0800 (PST) Date: Fri, 7 Feb 2025 02:06:00 +0000 In-Reply-To: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: X-Mailer: git-send-email 2.48.1.502.g6dc24dfdaf-goog Message-ID: Subject: [PATCH bpf-next v2 5/9] arm64: insn: Add BIT(23) to {load,store}_ex's mask From: Peilin Ye To: bpf@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Peilin Ye , bpf@ietf.org, Xu Kuohai , Eduard Zingerman , David Vernet , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Jonathan Corbet , "Paul E. McKenney" , Puranjay Mohan , Ilya Leoshkevich , Heiko Carstens , Vasily Gorbik , Catalin Marinas , Will Deacon , Quentin Monnet , Mykola Lysenko , Shuah Khan , Ihor Solodrai , Yingchi Long , Josh Don , Barret Rhoden , Neel Natu , Benjamin Segall , linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" We are planning to add load-acquire (LDAR{,B,H}) and store-release (STLR{,B,H}) instructions to insn.{c,h}; add BIT(23) to mask of load_ex and store_ex to prevent aarch64_insn_is_{load,store}_ex() from returning false-positives for load-acquire and store-release instructions. Reference: Arm Architecture Reference Manual (ARM DDI 0487K.a, ID032224), * C6.2.228 LDXR * C6.2.165 LDAXR * C6.2.161 LDAR * C6.2.393 STXR * C6.2.360 STLXR * C6.2.353 STLR Signed-off-by: Peilin Ye --- arch/arm64/include/asm/insn.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm64/include/asm/insn.h b/arch/arm64/include/asm/insn.h index e390c432f546..2d8316b3abaf 100644 --- a/arch/arm64/include/asm/insn.h +++ b/arch/arm64/include/asm/insn.h @@ -351,8 +351,8 @@ __AARCH64_INSN_FUNCS(ldr_imm, 0x3FC00000, 0x39400000) __AARCH64_INSN_FUNCS(ldr_lit, 0xBF000000, 0x18000000) __AARCH64_INSN_FUNCS(ldrsw_lit, 0xFF000000, 0x98000000) __AARCH64_INSN_FUNCS(exclusive, 0x3F800000, 0x08000000) -__AARCH64_INSN_FUNCS(load_ex, 0x3F400000, 0x08400000) -__AARCH64_INSN_FUNCS(store_ex, 0x3F400000, 0x08000000) +__AARCH64_INSN_FUNCS(load_ex, 0x3FC00000, 0x08400000) +__AARCH64_INSN_FUNCS(store_ex, 0x3FC00000, 0x08000000) __AARCH64_INSN_FUNCS(mops, 0x3B200C00, 0x19000400) __AARCH64_INSN_FUNCS(stp, 0x7FC00000, 0x29000000) __AARCH64_INSN_FUNCS(ldp, 0x7FC00000, 0x29400000) --=20 2.48.1.502.g6dc24dfdaf-goog From nobody Sat Feb 7 11:31:57 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AF30E31A89 for ; Fri, 7 Feb 2025 02:06:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738893977; cv=none; b=tW4cLtlE+MmXFIVlz3PFxLSQxqunyvXVyPh3AbydxIOnCKRmn7WV7ClqjAeC1U7OYYdQ5Yk6hCDytJSVJX4elSMhTbkh5SFO/SkOScEUDhLng8DJ5NInzwE0kGkSVepEsLl56NbDNMDKFOA2Ho401s7+Oes/DL5/jarx773nLK0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738893977; c=relaxed/simple; bh=lOx0oxqsFi2jJOQkIsQuz42bLtGdgU6p3JqX0Ube2Es=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=G4zSGOCO565d16y5yI+drAz0Uw1MJ/gEXc92bXPqBkUalhjcUge8JPaHdRSDWO79hkEueaK5ym+oXALec2YTRSzVs1Eg7NaPKNZhPLtHcngq0k8S1wZGm3CpHFTuBOgowJXpdQ/Pv0/2CruJKH4aFDfDPKXr081Q+E6CFiLA5Vc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--yepeilin.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=jlFoIJie; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--yepeilin.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="jlFoIJie" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2f9f2bf2aaeso3265418a91.1 for ; Thu, 06 Feb 2025 18:06:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1738893975; x=1739498775; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=tZVryglY4SpsTL4//l81oNX0vaTjg5yUDPJMzMkBO6s=; b=jlFoIJieb5nKFPQkHEf/n40oIocBe5eIx3P4bVz/H7AXIxvL7034E+58Z2qG0kg5VG nEjFcWMWAum5sm8JnCbYBbzNRNj7b8ng9NBv/BhKKfsccNFDFlG/oywIBNb3sFNv6rB7 BpzmxIVSJQpCgcZa7NxItszxpS+2dHZP+zOtqzhB5DIBWu+paAb92Qg6AnSQi+6fIRbb 4jmFLqRboAT7fYoknoUpojvNwtJGOr2TDwJzJL1jpK5M8W0SBytZ4zEn51qZBrhzPEwS SiwsxAoO5zV8Nm5JLvDbPSGLBHIGedZuzzlq02338hmu0StBRkt/0I2eqAsfMbsyvp4y 4DZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738893975; x=1739498775; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=tZVryglY4SpsTL4//l81oNX0vaTjg5yUDPJMzMkBO6s=; b=RcHVTJhNPx3PR2P9/jg8LvPGQsQpmUoM4ORwiquX9prDIB8+5fMDrnUfdlnh+37O6f +jCYJxdPn0c2pUrq5s+NdbjT/t+HTqOPGJvP5s381+PN4C4U3pALYo0yhWboUQUqgegm YHBfk6h5w2ADLPIBUkUvBx8RNNNmwLeoOMSCxd8lHgbFqGKVh+1dwmnbpAz7XuGvC4Bi PrjBp2Tck7jL3/5y3y6uXUH9DuM9ApOuxKosfFHYzBE04GHAn/gHl/ukYt8nrE1CEZOX a13Gcxxho6QE9yq7UaE23uUZUeUa4aaYJ+t48hQpvkU1vBntodHZjn344bF4XBqYInhq eXsQ== X-Forwarded-Encrypted: i=1; AJvYcCWFEZSzPHhKqlSLtaybHH+5cU5/9qqFzVKP0lUSwhH8fZmBtJV7e0SavVJtTUjjrx1Njrw/45OxKnZgoF4=@vger.kernel.org X-Gm-Message-State: AOJu0YwhneAQ5e5Xxb3kJDWqPRaZ2VTrlO0u1MZIxT+85aY6BQD3JrML E7ik2HnlP1dCOc6h8kvewQTut4x0gyqcu1TxTCRkfGJ+aeKt6PKtlCA3qOlOS68FljkTEWxucig BLV1SXjDGCA== X-Google-Smtp-Source: AGHT+IGIQlJHYn4lDP+h2wWyOKBebCVWMqyOh64SVoatr4LfPmXKB3GVTfYlGBX4UVXE3HcAasyz3VEj0/8t8w== X-Received: from pjyf6.prod.google.com ([2002:a17:90a:ec86:b0:2fa:15aa:4d1e]) (user=yepeilin job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:184d:b0:2ee:d824:b559 with SMTP id 98e67ed59e1d1-2fa243f058cmr2144082a91.28.1738893974955; Thu, 06 Feb 2025 18:06:14 -0800 (PST) Date: Fri, 7 Feb 2025 02:06:10 +0000 In-Reply-To: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: X-Mailer: git-send-email 2.48.1.502.g6dc24dfdaf-goog Message-ID: <8d599a837068e7a526200bbe7c6355ad4c5fc028.1738888641.git.yepeilin@google.com> Subject: [PATCH bpf-next v2 6/9] arm64: insn: Add load-acquire and store-release instructions From: Peilin Ye To: bpf@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Peilin Ye , bpf@ietf.org, Xu Kuohai , Eduard Zingerman , David Vernet , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Jonathan Corbet , "Paul E. McKenney" , Puranjay Mohan , Ilya Leoshkevich , Heiko Carstens , Vasily Gorbik , Catalin Marinas , Will Deacon , Quentin Monnet , Mykola Lysenko , Shuah Khan , Ihor Solodrai , Yingchi Long , Josh Don , Barret Rhoden , Neel Natu , Benjamin Segall , linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add load-acquire ("load_acq", LDAR{,B,H}) and store-release ("store_rel", STLR{,B,H}) instructions. Breakdown of encoding: size L (Rs) o0 (Rt2) Rn Rt mask (0x3fdffc00): 00 111111 1 1 0 11111 1 11111 00000 00000 value, load_acq (0x08dffc00): 00 001000 1 1 0 11111 1 11111 00000 00000 value, store_rel (0x089ffc00): 00 001000 1 0 0 11111 1 11111 00000 00000 As suggested by Xu [1], include all Should-Be-One (SBO) bits ("Rs" and "Rt2" fields) in the "mask" and "value" numbers. It is worth noting that we are adding the "no offset" variant of STLR instead of the "pre-index" variant, which has a different encoding. Reference: Arm Architecture Reference Manual (ARM DDI 0487K.a, ID032224), * C6.2.161 LDAR * C6.2.353 STLR [1] https://lore.kernel.org/bpf/4e6641ce-3f1e-4251-8daf-4dd4b77d08c4@huawei= cloud.com/ Signed-off-by: Peilin Ye --- arch/arm64/include/asm/insn.h | 8 ++++++++ arch/arm64/lib/insn.c | 29 +++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+) diff --git a/arch/arm64/include/asm/insn.h b/arch/arm64/include/asm/insn.h index 2d8316b3abaf..39577f1d079a 100644 --- a/arch/arm64/include/asm/insn.h +++ b/arch/arm64/include/asm/insn.h @@ -188,8 +188,10 @@ enum aarch64_insn_ldst_type { AARCH64_INSN_LDST_STORE_PAIR_PRE_INDEX, AARCH64_INSN_LDST_LOAD_PAIR_POST_INDEX, AARCH64_INSN_LDST_STORE_PAIR_POST_INDEX, + AARCH64_INSN_LDST_LOAD_ACQ, AARCH64_INSN_LDST_LOAD_EX, AARCH64_INSN_LDST_LOAD_ACQ_EX, + AARCH64_INSN_LDST_STORE_REL, AARCH64_INSN_LDST_STORE_EX, AARCH64_INSN_LDST_STORE_REL_EX, AARCH64_INSN_LDST_SIGNED_LOAD_IMM_OFFSET, @@ -351,6 +353,8 @@ __AARCH64_INSN_FUNCS(ldr_imm, 0x3FC00000, 0x39400000) __AARCH64_INSN_FUNCS(ldr_lit, 0xBF000000, 0x18000000) __AARCH64_INSN_FUNCS(ldrsw_lit, 0xFF000000, 0x98000000) __AARCH64_INSN_FUNCS(exclusive, 0x3F800000, 0x08000000) +__AARCH64_INSN_FUNCS(load_acq, 0x3FDFFC00, 0x08DFFC00) +__AARCH64_INSN_FUNCS(store_rel, 0x3FDFFC00, 0x089FFC00) __AARCH64_INSN_FUNCS(load_ex, 0x3FC00000, 0x08400000) __AARCH64_INSN_FUNCS(store_ex, 0x3FC00000, 0x08000000) __AARCH64_INSN_FUNCS(mops, 0x3B200C00, 0x19000400) @@ -602,6 +606,10 @@ u32 aarch64_insn_gen_load_store_pair(enum aarch64_insn= _register reg1, int offset, enum aarch64_insn_variant variant, enum aarch64_insn_ldst_type type); +u32 aarch64_insn_gen_load_acq_store_rel(enum aarch64_insn_register reg, + enum aarch64_insn_register base, + enum aarch64_insn_size_type size, + enum aarch64_insn_ldst_type type); u32 aarch64_insn_gen_load_store_ex(enum aarch64_insn_register reg, enum aarch64_insn_register base, enum aarch64_insn_register state, diff --git a/arch/arm64/lib/insn.c b/arch/arm64/lib/insn.c index b008a9b46a7f..9bef696e2230 100644 --- a/arch/arm64/lib/insn.c +++ b/arch/arm64/lib/insn.c @@ -540,6 +540,35 @@ u32 aarch64_insn_gen_load_store_pair(enum aarch64_insn= _register reg1, offset >> shift); } =20 +u32 aarch64_insn_gen_load_acq_store_rel(enum aarch64_insn_register reg, + enum aarch64_insn_register base, + enum aarch64_insn_size_type size, + enum aarch64_insn_ldst_type type) +{ + u32 insn; + + switch (type) { + case AARCH64_INSN_LDST_LOAD_ACQ: + insn =3D aarch64_insn_get_load_acq_value(); + break; + case AARCH64_INSN_LDST_STORE_REL: + insn =3D aarch64_insn_get_store_rel_value(); + break; + default: + pr_err("%s: unknown load-acquire/store-release encoding %d\n", + __func__, type); + return AARCH64_BREAK_FAULT; + } + + insn =3D aarch64_insn_encode_ldst_size(size, insn); + + insn =3D aarch64_insn_encode_register(AARCH64_INSN_REGTYPE_RT, insn, + reg); + + return aarch64_insn_encode_register(AARCH64_INSN_REGTYPE_RN, insn, + base); +} + u32 aarch64_insn_gen_load_store_ex(enum aarch64_insn_register reg, enum aarch64_insn_register base, enum aarch64_insn_register state, --=20 2.48.1.502.g6dc24dfdaf-goog From nobody Sat Feb 7 11:31:57 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5C6DF537E9 for ; Fri, 7 Feb 2025 02:06:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738893988; cv=none; b=l3iOPAaWSWOayGip5PMMm+SOv7teaDXxsS95Day0238Yd1PaVkXDGRX/Oyd+b9kfSahh2t/9DTXza5bvyb75rsqE1dN0sEwbicSDORh9ywK0d9grRVQiK16H6ktQg6f5E3Ro8KP1IvhT9/yh1w5zZkPRlxJ6K+wozaSL6pKDqAE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738893988; c=relaxed/simple; bh=o+cMo6NZBu9P5vO9g1QzNKIoy5uAblRmQs2pktEwXww=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=FJGwh7heXVsiOA5tkABHO2BuZR4JmgQLH9Zqf7LC3UZevMb3nwkxLt6mtBhOE8WEi2QbEYrLhE1bxaitoB2I/xcStl0y83ZDVcSXkzUtg13Wg+EO7ADsJaO3woLsZWkGQhAroJEbiWhjPy1HEv/CXjQZMOQM1aQs6nAYsy+7mvk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--yepeilin.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=WysYzdqA; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--yepeilin.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="WysYzdqA" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2f9f42d98e3so3286764a91.0 for ; Thu, 06 Feb 2025 18:06:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1738893986; x=1739498786; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=3/uv2akh8MDqd9n19hYJv/xvE4Iur0KMmE3+KGKTk/Y=; b=WysYzdqAJZMfY79lhOhHfzXn2DXAJxascyYCOAjbAIaN7ROtVwB9gPdtxcu8IFbIyD RuETtGoG2BmM3FSRyrMUZGS5Rxc6vm2CtC+EHHK3McpJWoAWKrwMyB7+F00ilf0Qscw4 mhiE3+YMldZjIzaCMW+ovC88CL+PSgBbvOvMpZIFkeOeKm3Ecf8jTEYl1FEgC+6i/HYW GFBRDfLGmPwOYm0FbdL2lIbWBnksLSsC+Xu1kSurGlcJ0Ovph7QAbL8mxzFnCPZj7jhg fcnUNccaEk06110bzo2pv1/CJibo7c7lV+Ef/KgFohr0THtP8QKE+GsPqpLIHZr3Ve9f sCBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738893986; x=1739498786; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=3/uv2akh8MDqd9n19hYJv/xvE4Iur0KMmE3+KGKTk/Y=; b=ilVzm5ZqKddlndsHEmi/YWyXFhtCq9ufGQFkKIZPeyx9UHx/CD1Cr6jxpXvOux7YdO IAVdFq4ZhfMf2qqffLI3WdGBHHANSd67+FsRNkpFcJW+1IIOuspqX2NGTYchjXoiOB5I BOnoF9ZqK9HHdsy/0ofWh9vLGg9JJB008BJAyV5f4h5M335LNQ0XW1yLZIJH3hUC8Rj7 jw1LlNutDjmRL97CBryKO2vfKOX+dvhgExLnYS+mWr2HyGpCQMAS/VblS0gWFBWQL8zY CN8dgkF1ist0QuSIP5SbLxjQzKgF0V/EbanUl+9me4QDULhQE9yB0/Fs0fi7OFRPEJED LCfA== X-Forwarded-Encrypted: i=1; AJvYcCXQ8Tc9MBQneUFND5JjvT5MDxjF8+zxj+7T9fFr1RFytN/b6pi6ofb3s+Lbk4DDQySO+biVbPu4OlKSYm8=@vger.kernel.org X-Gm-Message-State: AOJu0Ywb8qW39kPkSZXkexz+DLFUiCaZmwSf5wvO+yFYNcSAB4923eVm jzP2VaITuqtifUZezfWIE5O2pEFGWuZMV7TBxWFyUFQA6s8nnqMmPQKlLI/HOnO6pBeDhxY3wAK BqN7Q/9iNXA== X-Google-Smtp-Source: AGHT+IHmd7jXzZpPbORG/2teAdCv8IQKKJx1keqS0VzPbP7gZVccyL5ZzCdiANnZVKcUIXtFTxwxZpQFooUwFw== X-Received: from pfvx11.prod.google.com ([2002:a05:6a00:270b:b0:725:dec7:dd47]) (user=yepeilin job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a00:230c:b0:725:e4b9:a600 with SMTP id d2e1a72fcca58-7305d4f0412mr2817045b3a.16.1738893986567; Thu, 06 Feb 2025 18:06:26 -0800 (PST) Date: Fri, 7 Feb 2025 02:06:19 +0000 In-Reply-To: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: X-Mailer: git-send-email 2.48.1.502.g6dc24dfdaf-goog Message-ID: <73f55267778db55ba9e854f0e3bef24c4bbba2fb.1738888641.git.yepeilin@google.com> Subject: [PATCH bpf-next v2 7/9] bpf, arm64: Support load-acquire and store-release instructions From: Peilin Ye To: bpf@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Peilin Ye , bpf@ietf.org, Xu Kuohai , Eduard Zingerman , David Vernet , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Jonathan Corbet , "Paul E. McKenney" , Puranjay Mohan , Ilya Leoshkevich , Heiko Carstens , Vasily Gorbik , Catalin Marinas , Will Deacon , Quentin Monnet , Mykola Lysenko , Shuah Khan , Ihor Solodrai , Yingchi Long , Josh Don , Barret Rhoden , Neel Natu , Benjamin Segall , linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Support BPF load-acquire (BPF_LOAD_ACQ) and store-release (BPF_STORE_REL) instructions in the arm64 JIT compiler. For example: db 10 00 00 11 00 00 00 r0 =3D load_acquire((u64 *)(r1 + 0x0)) 95 00 00 00 00 00 00 00 exit opcode (0xdb): BPF_ATOMIC | BPF_DW | BPF_STX imm (0x00000011): BPF_LOAD_ACQ The JIT compiler would emit an LDAR instruction for the above, e.g.: ldar x7, [x0] Similarly, consider the following 16-bit store-release: cb 21 00 00 22 00 00 00 store_release((u16 *)(r1 + 0x0), w2) 95 00 00 00 00 00 00 00 exit opcode (0xcb): BPF_ATOMIC | BPF_H | BPF_STX imm (0x00000022): BPF_ATOMIC_STORE | BPF_RELEASE An STLRH instruction would be emitted, e.g.: stlrh w1, [x0] For a complete mapping: load-acquire 8-bit LDARB (BPF_LOAD_ACQ) 16-bit LDARH 32-bit LDAR (32-bit) 64-bit LDAR (64-bit) store-release 8-bit STLRB (BPF_STORE_REL) 16-bit STLRH 32-bit STLR (32-bit) 64-bit STLR (64-bit) Arena accesses are supported. bpf_jit_supports_insn(..., /*in_arena=3D*/true) always returns true for BPF_LOAD_ACQ and BPF_STORE_REL instructions, as they don't depend on ARM64_HAS_LSE_ATOMICS. Signed-off-by: Peilin Ye --- arch/arm64/net/bpf_jit.h | 20 ++++++++ arch/arm64/net/bpf_jit_comp.c | 91 ++++++++++++++++++++++++++++++++--- 2 files changed, 105 insertions(+), 6 deletions(-) diff --git a/arch/arm64/net/bpf_jit.h b/arch/arm64/net/bpf_jit.h index b22ab2f97a30..a3b0e693a125 100644 --- a/arch/arm64/net/bpf_jit.h +++ b/arch/arm64/net/bpf_jit.h @@ -119,6 +119,26 @@ aarch64_insn_gen_load_store_ex(Rt, Rn, Rs, A64_SIZE(sf), \ AARCH64_INSN_LDST_STORE_REL_EX) =20 +/* Load-acquire & store-release */ +#define A64_LDAR(Rt, Rn, size) \ + aarch64_insn_gen_load_acq_store_rel(Rt, Rn, AARCH64_INSN_SIZE_##size, \ + AARCH64_INSN_LDST_LOAD_ACQ) +#define A64_STLR(Rt, Rn, size) \ + aarch64_insn_gen_load_acq_store_rel(Rt, Rn, AARCH64_INSN_SIZE_##size, \ + AARCH64_INSN_LDST_STORE_REL) + +/* Rt =3D [Rn] (load acquire) */ +#define A64_LDARB(Wt, Xn) A64_LDAR(Wt, Xn, 8) +#define A64_LDARH(Wt, Xn) A64_LDAR(Wt, Xn, 16) +#define A64_LDAR32(Wt, Xn) A64_LDAR(Wt, Xn, 32) +#define A64_LDAR64(Xt, Xn) A64_LDAR(Xt, Xn, 64) + +/* [Rn] =3D Rt (store release) */ +#define A64_STLRB(Wt, Xn) A64_STLR(Wt, Xn, 8) +#define A64_STLRH(Wt, Xn) A64_STLR(Wt, Xn, 16) +#define A64_STLR32(Wt, Xn) A64_STLR(Wt, Xn, 32) +#define A64_STLR64(Xt, Xn) A64_STLR(Xt, Xn, 64) + /* * LSE atomics * diff --git a/arch/arm64/net/bpf_jit_comp.c b/arch/arm64/net/bpf_jit_comp.c index 8c3b47d9e441..c439df0233d1 100644 --- a/arch/arm64/net/bpf_jit_comp.c +++ b/arch/arm64/net/bpf_jit_comp.c @@ -647,6 +647,82 @@ static int emit_bpf_tail_call(struct jit_ctx *ctx) return 0; } =20 +static int emit_atomic_load_store(const struct bpf_insn *insn, + struct jit_ctx *ctx) +{ + const s32 type =3D BPF_ATOMIC_TYPE(insn->imm); + const s16 off =3D insn->off; + const u8 code =3D insn->code; + const bool arena =3D BPF_MODE(code) =3D=3D BPF_PROBE_ATOMIC; + const u8 arena_vm_base =3D bpf2a64[ARENA_VM_START]; + const u8 dst =3D bpf2a64[insn->dst_reg]; + const u8 src =3D bpf2a64[insn->src_reg]; + const u8 tmp =3D bpf2a64[TMP_REG_1]; + u8 reg; + + switch (type) { + case BPF_ATOMIC_LOAD: + reg =3D src; + break; + case BPF_ATOMIC_STORE: + reg =3D dst; + break; + default: + pr_err_once("unknown atomic load/store op type %02x\n", type); + return -EINVAL; + } + + if (off) { + emit_a64_add_i(1, tmp, reg, tmp, off, ctx); + reg =3D tmp; + } + if (arena) { + emit(A64_ADD(1, tmp, reg, arena_vm_base), ctx); + reg =3D tmp; + } + + switch (insn->imm) { + case BPF_LOAD_ACQ: + switch (BPF_SIZE(code)) { + case BPF_B: + emit(A64_LDARB(dst, reg), ctx); + break; + case BPF_H: + emit(A64_LDARH(dst, reg), ctx); + break; + case BPF_W: + emit(A64_LDAR32(dst, reg), ctx); + break; + case BPF_DW: + emit(A64_LDAR64(dst, reg), ctx); + break; + } + break; + case BPF_STORE_REL: + switch (BPF_SIZE(code)) { + case BPF_B: + emit(A64_STLRB(src, reg), ctx); + break; + case BPF_H: + emit(A64_STLRH(src, reg), ctx); + break; + case BPF_W: + emit(A64_STLR32(src, reg), ctx); + break; + case BPF_DW: + emit(A64_STLR64(src, reg), ctx); + break; + } + break; + default: + pr_err_once("unknown atomic load/store op code %02x\n", + insn->imm); + return -EINVAL; + } + + return 0; +} + #ifdef CONFIG_ARM64_LSE_ATOMICS static int emit_lse_atomic(const struct bpf_insn *insn, struct jit_ctx *ct= x) { @@ -1641,11 +1717,17 @@ static int build_insn(const struct bpf_insn *insn, = struct jit_ctx *ctx, return ret; break; =20 + case BPF_STX | BPF_ATOMIC | BPF_B: + case BPF_STX | BPF_ATOMIC | BPF_H: case BPF_STX | BPF_ATOMIC | BPF_W: case BPF_STX | BPF_ATOMIC | BPF_DW: + case BPF_STX | BPF_PROBE_ATOMIC | BPF_B: + case BPF_STX | BPF_PROBE_ATOMIC | BPF_H: case BPF_STX | BPF_PROBE_ATOMIC | BPF_W: case BPF_STX | BPF_PROBE_ATOMIC | BPF_DW: - if (cpus_have_cap(ARM64_HAS_LSE_ATOMICS)) + if (bpf_atomic_is_load_store(insn)) + ret =3D emit_atomic_load_store(insn, ctx); + else if (cpus_have_cap(ARM64_HAS_LSE_ATOMICS)) ret =3D emit_lse_atomic(insn, ctx); else ret =3D emit_ll_sc_atomic(insn, ctx); @@ -2667,13 +2749,10 @@ bool bpf_jit_supports_insn(struct bpf_insn *insn, b= ool in_arena) if (!in_arena) return true; switch (insn->code) { - case BPF_STX | BPF_ATOMIC | BPF_B: - case BPF_STX | BPF_ATOMIC | BPF_H: case BPF_STX | BPF_ATOMIC | BPF_W: case BPF_STX | BPF_ATOMIC | BPF_DW: - if (bpf_atomic_is_load_store(insn)) - return false; - if (!cpus_have_cap(ARM64_HAS_LSE_ATOMICS)) + if (!bpf_atomic_is_load_store(insn) && + !cpus_have_cap(ARM64_HAS_LSE_ATOMICS)) return false; } return true; --=20 2.48.1.502.g6dc24dfdaf-goog From nobody Sat Feb 7 11:31:57 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D87BC16DEB3 for ; Fri, 7 Feb 2025 02:06:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738893997; cv=none; b=ZZtzF2E2eARy5AWBcEIm4HOHxUrxIxOYsKRCggRbejoHqNzVJf25pjq0LHWXIA70q9T57Z/5vUO2F+bc/II55NuuuTGKxxY2K66++gsnA4r8oYsWCsoUCDkGWe0pfqkK2MLThaCz46NMZ0LcllyJadhRwBba8Lv2pU39kNUlD3Y= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738893997; c=relaxed/simple; bh=N807FWy4y4m7R3ngzOBIaKrUsKfB9aiAAG/h8wiPWDs=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=XlQONhsopHTxiB1pEMEG1PgLC0Xxl0D5KGB5+ofnVE6RFAueMQjgXcScOa6clcpz1wc9bTof8hk0IR+/jVNNQYXle8Yg8kSKlYhfZK5rp+2gR4LC3VI83nRAnErYe14x4tgA6a7Vf/kOVgO4S4ChgGf2x5iAsHAYJD6fk6M31bI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--yepeilin.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=fgHlw/Cn; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--yepeilin.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="fgHlw/Cn" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2f9f90051a2so3189638a91.2 for ; Thu, 06 Feb 2025 18:06:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1738893993; x=1739498793; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=qDBuIJWrKAPdCSK+NN6+KD/nwtGtMidK+XAGCC08g9k=; b=fgHlw/CnQYQrMUYp3YpBDIiRzfxUkfI7eOguw/2Rfm9tRk8xcSKHODL3CyAcFGJL+x CIq/6xUjMbMSpRyPfi2ogIRi+rnGrs6RVGj70o+8dMWAIi5IGHVK3NEWIYd+W2cDhHOq 86/gcNVmYXXHvRv8QHKBEo3ly3qYCgSdDdTFn8i1xw4hu9MDeikyrI9zgtuhaBtHjzZw OGUZW4upknbWmmpAA9HMl3xeeQcXVO1TFM2txkW/ObEzwvA7bEny5l2IkxI+ancdZ8nt F3sFPnGxh3SgBBjzLyOGMmAESvzBwMww1kexEIu3auE6OoV70de/70GpBO1hgwRy6e0/ AI8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738893993; x=1739498793; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=qDBuIJWrKAPdCSK+NN6+KD/nwtGtMidK+XAGCC08g9k=; b=nOwwm8HE8UsZXmFeEsTDAAbzGARQVu15iFFeo/kUsJnsDCgLjkrkqwiiiGgNhfe4Z9 tNEHLv1Yt8KZjoMZvGbi+2FEl6qEtfh+t3VCw8k2KicKUgE/Pszj0saHhESBXb17NubK 4Ue+zuw8m4E2SW0w+xS1N06kywCM626SQCTwbgaEQYGnE+p9pgvG3IUrXMi4BB8ggl+I zAlsRNZ35W5BbOh3txBxFBV7Cr5wcZQpysUeO9/fgatOj97xYTrUMYLxCO1DSZltTyYE 4HrCu4dNNQ4toNMuQpMbj4/JviXkm6tIzSuZtV6QRPuJUufHiVhYoe6QidyhWjNklqXt gzXw== X-Forwarded-Encrypted: i=1; AJvYcCX+WXz3Jx1kiU4EXlZQBdVUAU1y7WZeCCGZXIvzVdTxMsTCkGT6MnnXgA9ljP0MS32xX2fqFtPpo5UdlG0=@vger.kernel.org X-Gm-Message-State: AOJu0Yxpagl9SIkQEdBOMtf74Jz3S1MNyyQNcrFMTcLdfZJpHuEE0UNX 7zF9fyGpHPhLME3284S2/Ik0OMj74gfAZ2i2XzZyO/Dq0EPL9IgNbVgBLYhGaKfzI8K4JkOjF0z VDvyWGgrZrQ== X-Google-Smtp-Source: AGHT+IG/qi8F1L5u/c6+Y7D+xHDSNV7nJ5W3zIK50GxT1EeANRxL5xpKqmsfwfsoi2gRh9jERt4m4Z+AGaRbdQ== X-Received: from pjyf5.prod.google.com ([2002:a17:90a:ec85:b0:2fa:1481:81f5]) (user=yepeilin job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:23c7:b0:2ee:5bc9:75c7 with SMTP id 98e67ed59e1d1-2fa23f4262bmr1864444a91.5.1738893993086; Thu, 06 Feb 2025 18:06:33 -0800 (PST) Date: Fri, 7 Feb 2025 02:06:29 +0000 In-Reply-To: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: X-Mailer: git-send-email 2.48.1.502.g6dc24dfdaf-goog Message-ID: <3ac854ac5cc62e78fadd2a7f1af9087ec3fc7a9c.1738888641.git.yepeilin@google.com> Subject: [PATCH bpf-next v2 8/9] selftests/bpf: Add selftests for load-acquire and store-release instructions From: Peilin Ye To: bpf@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Peilin Ye , bpf@ietf.org, Xu Kuohai , Eduard Zingerman , David Vernet , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Jonathan Corbet , "Paul E. McKenney" , Puranjay Mohan , Ilya Leoshkevich , Heiko Carstens , Vasily Gorbik , Catalin Marinas , Will Deacon , Quentin Monnet , Mykola Lysenko , Shuah Khan , Ihor Solodrai , Yingchi Long , Josh Don , Barret Rhoden , Neel Natu , Benjamin Segall , linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add several ./test_progs tests: - arena_atomics/load_acquire - arena_atomics/store_release - verifier_load_acquire/* - verifier_store_release/* - verifier_precision/bpf_load_acquire - verifier_precision/bpf_store_release The last two tests are added to check if backtrack_insn() handles the new instructions correctly. Additionally, the last test also makes sure that the verifier "remembers" the value (in src_reg) we store-release into e.g. a stack slot. For example, if we take a look at the test program: #0: r1 =3D 8; /* store_release((u64 *)(r10 - 8), r1); */ #1: .8byte %[store_release]; #2: r1 =3D *(u64 *)(r10 - 8); #3: r2 =3D r10; #4: r2 +=3D r1; #5: r0 =3D 0; #6: exit; At #1, if the verifier doesn't remember that we wrote 8 to the stack, then later at #4 we would be adding an unbounded scalar value to the stack pointer, which would cause the program to be rejected: VERIFIER LOG: =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D ... math between fp pointer and register with unbounded min value is not allo= wed All new tests depend on #ifdef ENABLE_ATOMICS_TESTS. Currently they only run for arm64. Signed-off-by: Peilin Ye Acked-by: Eduard Zingerman --- .../selftests/bpf/prog_tests/arena_atomics.c | 50 ++++ .../selftests/bpf/prog_tests/verifier.c | 4 + .../selftests/bpf/progs/arena_atomics.c | 88 ++++++ .../bpf/progs/verifier_load_acquire.c | 190 +++++++++++++ .../selftests/bpf/progs/verifier_precision.c | 47 ++++ .../bpf/progs/verifier_store_release.c | 262 ++++++++++++++++++ 6 files changed, 641 insertions(+) create mode 100644 tools/testing/selftests/bpf/progs/verifier_load_acquire= .c create mode 100644 tools/testing/selftests/bpf/progs/verifier_store_releas= e.c diff --git a/tools/testing/selftests/bpf/prog_tests/arena_atomics.c b/tools= /testing/selftests/bpf/prog_tests/arena_atomics.c index 26e7c06c6cb4..d714af9af50c 100644 --- a/tools/testing/selftests/bpf/prog_tests/arena_atomics.c +++ b/tools/testing/selftests/bpf/prog_tests/arena_atomics.c @@ -162,6 +162,52 @@ static void test_uaf(struct arena_atomics *skel) ASSERT_EQ(skel->arena->uaf_recovery_fails, 0, "uaf_recovery_fails"); } =20 +static void test_load_acquire(struct arena_atomics *skel) +{ + LIBBPF_OPTS(bpf_test_run_opts, topts); + int err, prog_fd; + + /* No need to attach it, just run it directly */ + prog_fd =3D bpf_program__fd(skel->progs.load_acquire); + err =3D bpf_prog_test_run_opts(prog_fd, &topts); + if (!ASSERT_OK(err, "test_run_opts err")) + return; + if (!ASSERT_OK(topts.retval, "test_run_opts retval")) + return; + + ASSERT_EQ(skel->arena->load_acquire8_result, 0x12, + "load_acquire8_result"); + ASSERT_EQ(skel->arena->load_acquire16_result, 0x1234, + "load_acquire16_result"); + ASSERT_EQ(skel->arena->load_acquire32_result, 0x12345678, + "load_acquire32_result"); + ASSERT_EQ(skel->arena->load_acquire64_result, 0x1234567890abcdef, + "load_acquire64_result"); +} + +static void test_store_release(struct arena_atomics *skel) +{ + LIBBPF_OPTS(bpf_test_run_opts, topts); + int err, prog_fd; + + /* No need to attach it, just run it directly */ + prog_fd =3D bpf_program__fd(skel->progs.store_release); + err =3D bpf_prog_test_run_opts(prog_fd, &topts); + if (!ASSERT_OK(err, "test_run_opts err")) + return; + if (!ASSERT_OK(topts.retval, "test_run_opts retval")) + return; + + ASSERT_EQ(skel->arena->store_release8_result, 0x12, + "store_release8_result"); + ASSERT_EQ(skel->arena->store_release16_result, 0x1234, + "store_release16_result"); + ASSERT_EQ(skel->arena->store_release32_result, 0x12345678, + "store_release32_result"); + ASSERT_EQ(skel->arena->store_release64_result, 0x1234567890abcdef, + "store_release64_result"); +} + void test_arena_atomics(void) { struct arena_atomics *skel; @@ -198,6 +244,10 @@ void test_arena_atomics(void) test_xchg(skel); if (test__start_subtest("uaf")) test_uaf(skel); + if (test__start_subtest("load_acquire")) + test_load_acquire(skel); + if (test__start_subtest("store_release")) + test_store_release(skel); =20 cleanup: arena_atomics__destroy(skel); diff --git a/tools/testing/selftests/bpf/prog_tests/verifier.c b/tools/test= ing/selftests/bpf/prog_tests/verifier.c index 8a0e1ff8a2dc..8bdad4167cf5 100644 --- a/tools/testing/selftests/bpf/prog_tests/verifier.c +++ b/tools/testing/selftests/bpf/prog_tests/verifier.c @@ -45,6 +45,7 @@ #include "verifier_ldsx.skel.h" #include "verifier_leak_ptr.skel.h" #include "verifier_linked_scalars.skel.h" +#include "verifier_load_acquire.skel.h" #include "verifier_loops1.skel.h" #include "verifier_lwt.skel.h" #include "verifier_map_in_map.skel.h" @@ -80,6 +81,7 @@ #include "verifier_spill_fill.skel.h" #include "verifier_spin_lock.skel.h" #include "verifier_stack_ptr.skel.h" +#include "verifier_store_release.skel.h" #include "verifier_subprog_precision.skel.h" #include "verifier_subreg.skel.h" #include "verifier_tailcall_jit.skel.h" @@ -173,6 +175,7 @@ void test_verifier_int_ptr(void) { RUN(ver= ifier_int_ptr); } void test_verifier_iterating_callbacks(void) { RUN(verifier_iterating_cal= lbacks); } void test_verifier_jeq_infer_not_null(void) { RUN(verifier_jeq_infer_not= _null); } void test_verifier_jit_convergence(void) { RUN(verifier_jit_convergen= ce); } +void test_verifier_load_acquire(void) { RUN(verifier_load_acquire); } void test_verifier_ld_ind(void) { RUN(verifier_ld_ind); } void test_verifier_ldsx(void) { RUN(verifier_ldsx); } void test_verifier_leak_ptr(void) { RUN(verifier_leak_ptr); } @@ -211,6 +214,7 @@ void test_verifier_sockmap_mutate(void) { RUN(ver= ifier_sockmap_mutate); } void test_verifier_spill_fill(void) { RUN(verifier_spill_fill); } void test_verifier_spin_lock(void) { RUN(verifier_spin_lock); } void test_verifier_stack_ptr(void) { RUN(verifier_stack_ptr); } +void test_verifier_store_release(void) { RUN(verifier_store_release)= ; } void test_verifier_subprog_precision(void) { RUN(verifier_subprog_preci= sion); } void test_verifier_subreg(void) { RUN(verifier_subreg); } void test_verifier_tailcall_jit(void) { RUN(verifier_tailcall_jit)= ; } diff --git a/tools/testing/selftests/bpf/progs/arena_atomics.c b/tools/test= ing/selftests/bpf/progs/arena_atomics.c index 40dd57fca5cc..62189b428fe3 100644 --- a/tools/testing/selftests/bpf/progs/arena_atomics.c +++ b/tools/testing/selftests/bpf/progs/arena_atomics.c @@ -6,6 +6,8 @@ #include #include #include "bpf_arena_common.h" +#include "../../../include/linux/filter.h" +#include "bpf_misc.h" =20 struct { __uint(type, BPF_MAP_TYPE_ARENA); @@ -274,4 +276,90 @@ int uaf(const void *ctx) return 0; } =20 +__u8 __arena_global load_acquire8_value =3D 0x12; +__u16 __arena_global load_acquire16_value =3D 0x1234; +__u32 __arena_global load_acquire32_value =3D 0x12345678; +__u64 __arena_global load_acquire64_value =3D 0x1234567890abcdef; + +__u8 __arena_global load_acquire8_result =3D 0x12; +__u16 __arena_global load_acquire16_result =3D 0x1234; +__u32 __arena_global load_acquire32_result =3D 0x12345678; +__u64 __arena_global load_acquire64_result =3D 0x1234567890abcdef; + +SEC("raw_tp/sys_enter") +int load_acquire(const void *ctx) +{ +#if defined(ENABLE_ATOMICS_TESTS) && defined(__TARGET_ARCH_arm64) + load_acquire8_result =3D 0; + load_acquire16_result =3D 0; + load_acquire32_result =3D 0; + load_acquire64_result =3D 0; + +#define LOAD_ACQUIRE_ARENA(SIZEOP, SIZE, SRC, DST) \ + { asm volatile ( \ + "r1 =3D %[" #SRC "] ll;" \ + "r1 =3D addr_space_cast(r1, 0x0, 0x1);" \ + ".8byte %[load_acquire_insn];" \ + "r3 =3D %[" #DST "] ll;" \ + "r3 =3D addr_space_cast(r3, 0x0, 0x1);" \ + "*(" #SIZE " *)(r3 + 0) =3D r2;" \ + : \ + : __imm_addr(SRC), \ + __imm_insn(load_acquire_insn, \ + BPF_ATOMIC_OP(BPF_##SIZEOP, BPF_LOAD_ACQ, \ + BPF_REG_2, BPF_REG_1, 0)), \ + __imm_addr(DST) \ + : __clobber_all); } \ + + LOAD_ACQUIRE_ARENA(B, u8, load_acquire8_value, load_acquire8_result) + LOAD_ACQUIRE_ARENA(H, u16, load_acquire16_value, + load_acquire16_result) + LOAD_ACQUIRE_ARENA(W, u32, load_acquire32_value, + load_acquire32_result) + LOAD_ACQUIRE_ARENA(DW, u64, load_acquire64_value, + load_acquire64_result) +#undef LOAD_ACQUIRE_ARENA +#endif + + return 0; +} + +__u8 __arena_global store_release8_result =3D 0x12; +__u16 __arena_global store_release16_result =3D 0x1234; +__u32 __arena_global store_release32_result =3D 0x12345678; +__u64 __arena_global store_release64_result =3D 0x1234567890abcdef; + +SEC("raw_tp/sys_enter") +int store_release(const void *ctx) +{ +#if defined(ENABLE_ATOMICS_TESTS) && defined(__TARGET_ARCH_arm64) + store_release8_result =3D 0; + store_release16_result =3D 0; + store_release32_result =3D 0; + store_release64_result =3D 0; + +#define STORE_RELEASE_ARENA(SIZEOP, DST, VAL) \ + { asm volatile ( \ + "r1 =3D " VAL ";" \ + "r2 =3D %[" #DST "] ll;" \ + "r2 =3D addr_space_cast(r2, 0x0, 0x1);" \ + ".8byte %[store_release_insn];" \ + : \ + : __imm_addr(DST), \ + __imm_insn(store_release_insn, \ + BPF_ATOMIC_OP(BPF_##SIZEOP, BPF_STORE_REL, \ + BPF_REG_2, BPF_REG_1, 0)) \ + : __clobber_all); } \ + + STORE_RELEASE_ARENA(B, store_release8_result, "0x12") + STORE_RELEASE_ARENA(H, store_release16_result, "0x1234") + STORE_RELEASE_ARENA(W, store_release32_result, "0x12345678") + STORE_RELEASE_ARENA(DW, store_release64_result, + "0x1234567890abcdef ll") +#undef STORE_RELEASE_ARENA +#endif + + return 0; +} + char _license[] SEC("license") =3D "GPL"; diff --git a/tools/testing/selftests/bpf/progs/verifier_load_acquire.c b/to= ols/testing/selftests/bpf/progs/verifier_load_acquire.c new file mode 100644 index 000000000000..6327638f031c --- /dev/null +++ b/tools/testing/selftests/bpf/progs/verifier_load_acquire.c @@ -0,0 +1,190 @@ +// SPDX-License-Identifier: GPL-2.0 + +#include +#include +#include "../../../include/linux/filter.h" +#include "bpf_misc.h" + +#if defined(ENABLE_ATOMICS_TESTS) && defined(__TARGET_ARCH_arm64) + +SEC("socket") +__description("load-acquire, 8-bit") +__success __success_unpriv __retval(0x12) +__naked void load_acquire_8(void) +{ + asm volatile ( + "*(u8 *)(r10 - 1) =3D 0x12;" + ".8byte %[load_acquire_insn];" // w0 =3D load_acquire((u8 *)(r10 - 1)); + "exit;" + : + : __imm_insn(load_acquire_insn, + BPF_ATOMIC_OP(BPF_B, BPF_LOAD_ACQ, BPF_REG_0, BPF_REG_10, -1)) + : __clobber_all); +} + +SEC("socket") +__description("load-acquire, 16-bit") +__success __success_unpriv __retval(0x1234) +__naked void load_acquire_16(void) +{ + asm volatile ( + "*(u16 *)(r10 - 2) =3D 0x1234;" + ".8byte %[load_acquire_insn];" // w0 =3D load_acquire((u16 *)(r10 - 2)); + "exit;" + : + : __imm_insn(load_acquire_insn, + BPF_ATOMIC_OP(BPF_H, BPF_LOAD_ACQ, BPF_REG_0, BPF_REG_10, -2)) + : __clobber_all); +} + +SEC("socket") +__description("load-acquire, 32-bit") +__success __success_unpriv __retval(0x12345678) +__naked void load_acquire_32(void) +{ + asm volatile ( + "*(u32 *)(r10 - 4) =3D 0x12345678;" + ".8byte %[load_acquire_insn];" // w0 =3D load_acquire((u32 *)(r10 - 4)); + "exit;" + : + : __imm_insn(load_acquire_insn, + BPF_ATOMIC_OP(BPF_W, BPF_LOAD_ACQ, BPF_REG_0, BPF_REG_10, -4)) + : __clobber_all); +} + +SEC("socket") +__description("load-acquire, 64-bit") +__success __success_unpriv __retval(0x1234567890abcdef) +__naked void load_acquire_64(void) +{ + asm volatile ( + "*(u64 *)(r10 - 8) =3D 0x1234567890abcdef;" + ".8byte %[load_acquire_insn];" // r0 =3D load_acquire((u64 *)(r10 - 8)); + "exit;" + : + : __imm_insn(load_acquire_insn, + BPF_ATOMIC_OP(BPF_DW, BPF_LOAD_ACQ, BPF_REG_0, BPF_REG_10, -8)) + : __clobber_all); +} + +SEC("socket") +__description("load-acquire with uninitialized src_reg") +__failure __failure_unpriv __msg("R2 !read_ok") +__naked void load_acquire_with_uninitialized_src_reg(void) +{ + asm volatile ( + ".8byte %[load_acquire_insn];" // r0 =3D load_acquire((u64 *)(r2 + 0)); + "exit;" + : + : __imm_insn(load_acquire_insn, + BPF_ATOMIC_OP(BPF_DW, BPF_LOAD_ACQ, BPF_REG_0, BPF_REG_2, 0)) + : __clobber_all); +} + +SEC("socket") +__description("load-acquire with non-pointer src_reg") +__failure __failure_unpriv __msg("R1 invalid mem access 'scalar'") +__naked void load_acquire_with_non_pointer_src_reg(void) +{ + asm volatile ( + "r1 =3D 0;" + ".8byte %[load_acquire_insn];" // r0 =3D load_acquire((u64 *)(r1 + 0)); + "exit;" + : + : __imm_insn(load_acquire_insn, + BPF_ATOMIC_OP(BPF_DW, BPF_LOAD_ACQ, BPF_REG_0, BPF_REG_1, 0)) + : __clobber_all); +} + +SEC("socket") +__description("misaligned load-acquire") +__failure __failure_unpriv __msg("misaligned stack access off") +__flag(BPF_F_ANY_ALIGNMENT) +__naked void load_acquire_misaligned(void) +{ + asm volatile ( + "*(u64 *)(r10 - 8) =3D 0;" + ".8byte %[load_acquire_insn];" // w0 =3D load_acquire((u32 *)(r10 - 5)); + "exit;" + : + : __imm_insn(load_acquire_insn, + BPF_ATOMIC_OP(BPF_W, BPF_LOAD_ACQ, BPF_REG_0, BPF_REG_10, -5)) + : __clobber_all); +} + +SEC("socket") +__description("load-acquire from ctx pointer") +__failure __failure_unpriv __msg("BPF_ATOMIC loads from R1 ctx is not allo= wed") +__naked void load_acquire_from_ctx_pointer(void) +{ + asm volatile ( + ".8byte %[load_acquire_insn];" // w0 =3D load_acquire((u8 *)(r1 + 0)); + "exit;" + : + : __imm_insn(load_acquire_insn, + BPF_ATOMIC_OP(BPF_B, BPF_LOAD_ACQ, BPF_REG_0, BPF_REG_1, 0)) + : __clobber_all); +} + +SEC("xdp") +__description("load-acquire from pkt pointer") +__failure __msg("BPF_ATOMIC loads from R2 pkt is not allowed") +__naked void load_acquire_from_pkt_pointer(void) +{ + asm volatile ( + "r2 =3D *(u32 *)(r1 + %[xdp_md_data]);" + ".8byte %[load_acquire_insn];" // w0 =3D load_acquire((u8 *)(r2 + 0)); + "exit;" + : + : __imm_const(xdp_md_data, offsetof(struct xdp_md, data)), + __imm_insn(load_acquire_insn, + BPF_ATOMIC_OP(BPF_B, BPF_LOAD_ACQ, BPF_REG_0, BPF_REG_2, 0)) + : __clobber_all); +} + +SEC("flow_dissector") +__description("load-acquire from flow_keys pointer") +__failure __msg("BPF_ATOMIC loads from R2 flow_keys is not allowed") +__naked void load_acquire_from_flow_keys_pointer(void) +{ + asm volatile ( + "r2 =3D *(u64 *)(r1 + %[__sk_buff_flow_keys]);" + ".8byte %[load_acquire_insn];" // w0 =3D load_acquire((u8 *)(r2 + 0)); + "exit;" + : + : __imm_const(__sk_buff_flow_keys, + offsetof(struct __sk_buff, flow_keys)), + __imm_insn(load_acquire_insn, + BPF_ATOMIC_OP(BPF_B, BPF_LOAD_ACQ, BPF_REG_0, BPF_REG_2, 0)) + : __clobber_all); +} + +SEC("sk_reuseport") +__description("load-acquire from sock pointer") +__failure __msg("BPF_ATOMIC loads from R2 sock is not allowed") +__naked void load_acquire_from_sock_pointer(void) +{ + asm volatile ( + "r2 =3D *(u64 *)(r1 + %[sk_reuseport_md_sk]);" + ".8byte %[load_acquire_insn];" // w0 =3D load_acquire((u8 *)(r2 + 0)); + "exit;" + : + : __imm_const(sk_reuseport_md_sk, offsetof(struct sk_reuseport_md, sk)), + __imm_insn(load_acquire_insn, + BPF_ATOMIC_OP(BPF_B, BPF_LOAD_ACQ, BPF_REG_0, BPF_REG_2, 0)) + : __clobber_all); +} + +#else + +SEC("socket") +__description("load-acquire is not supported by compiler or jit, use a dum= my test") +__success +int dummy_test(void) +{ + return 0; +} + +#endif + +char _license[] SEC("license") =3D "GPL"; diff --git a/tools/testing/selftests/bpf/progs/verifier_precision.c b/tools= /testing/selftests/bpf/progs/verifier_precision.c index 6b564d4c0986..3bc4f50015e6 100644 --- a/tools/testing/selftests/bpf/progs/verifier_precision.c +++ b/tools/testing/selftests/bpf/progs/verifier_precision.c @@ -2,6 +2,7 @@ /* Copyright (C) 2023 SUSE LLC */ #include #include +#include "../../../include/linux/filter.h" #include "bpf_misc.h" =20 SEC("?raw_tp") @@ -92,6 +93,52 @@ __naked int bpf_end_bswap(void) =20 #endif /* v4 instruction */ =20 +#if defined(ENABLE_ATOMICS_TESTS) && defined(__TARGET_ARCH_arm64) + +SEC("?raw_tp") +__success __log_level(2) +__msg("mark_precise: frame0: regs=3Dr1 stack=3D before 2: (bf) r2 =3D r10") +__msg("mark_precise: frame0: regs=3Dr1 stack=3D before 1: (db) r1 =3D load= _acquire((u64 *)(r10 -8))") +__msg("mark_precise: frame0: regs=3D stack=3D-8 before 0: (7a) *(u64 *)(r1= 0 -8) =3D 8") +__naked int bpf_load_acquire(void) +{ + asm volatile ( + "*(u64 *)(r10 - 8) =3D 8;" + ".8byte %[load_acquire_insn];" /* r1 =3D load_acquire((u64 *)(r10 - 8)); = */ + "r2 =3D r10;" + "r2 +=3D r1;" /* mark_precise */ + "r0 =3D 0;" + "exit;" + : + : __imm_insn(load_acquire_insn, + BPF_ATOMIC_OP(BPF_DW, BPF_LOAD_ACQ, BPF_REG_1, BPF_REG_10, -8)) + : __clobber_all); +} + +SEC("?raw_tp") +__success __log_level(2) +__msg("mark_precise: frame0: regs=3Dr1 stack=3D before 3: (bf) r2 =3D r10") +__msg("mark_precise: frame0: regs=3Dr1 stack=3D before 2: (79) r1 =3D *(u6= 4 *)(r10 -8)") +__msg("mark_precise: frame0: regs=3D stack=3D-8 before 1: (db) store_relea= se((u64 *)(r10 -8), r1)") +__msg("mark_precise: frame0: regs=3Dr1 stack=3D before 0: (b7) r1 =3D 8") +__naked int bpf_store_release(void) +{ + asm volatile ( + "r1 =3D 8;" + ".8byte %[store_release_insn];" /* store_release((u64 *)(r10 - 8), r1); */ + "r1 =3D *(u64 *)(r10 - 8);" + "r2 =3D r10;" + "r2 +=3D r1;" /* mark_precise */ + "r0 =3D 0;" + "exit;" + : + : __imm_insn(store_release_insn, + BPF_ATOMIC_OP(BPF_DW, BPF_STORE_REL, BPF_REG_10, BPF_REG_1, -8)) + : __clobber_all); +} + +#endif /* load-acquire, store-release */ + SEC("?raw_tp") __success __log_level(2) /* diff --git a/tools/testing/selftests/bpf/progs/verifier_store_release.c b/t= ools/testing/selftests/bpf/progs/verifier_store_release.c new file mode 100644 index 000000000000..f6e7cc6538c4 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/verifier_store_release.c @@ -0,0 +1,262 @@ +// SPDX-License-Identifier: GPL-2.0 + +#include +#include +#include "../../../include/linux/filter.h" +#include "bpf_misc.h" + +#if defined(ENABLE_ATOMICS_TESTS) && defined(__TARGET_ARCH_arm64) + +SEC("socket") +__description("store-release, 8-bit") +__success __success_unpriv __retval(0x12) +__naked void store_release_8(void) +{ + asm volatile ( + "w1 =3D 0x12;" + ".8byte %[store_release_insn];" // store_release((u8 *)(r10 - 1), w1); + "w0 =3D *(u8 *)(r10 - 1);" + "exit;" + : + : __imm_insn(store_release_insn, + BPF_ATOMIC_OP(BPF_B, BPF_STORE_REL, BPF_REG_10, BPF_REG_1, -1)) + : __clobber_all); +} + +SEC("socket") +__description("store-release, 16-bit") +__success __success_unpriv __retval(0x1234) +__naked void store_release_16(void) +{ + asm volatile ( + "w1 =3D 0x1234;" + ".8byte %[store_release_insn];" // store_release((u16 *)(r10 - 2), w1); + "w0 =3D *(u16 *)(r10 - 2);" + "exit;" + : + : __imm_insn(store_release_insn, + BPF_ATOMIC_OP(BPF_H, BPF_STORE_REL, BPF_REG_10, BPF_REG_1, -2)) + : __clobber_all); +} + +SEC("socket") +__description("store-release, 32-bit") +__success __success_unpriv __retval(0x12345678) +__naked void store_release_32(void) +{ + asm volatile ( + "w1 =3D 0x12345678;" + ".8byte %[store_release_insn];" // store_release((u32 *)(r10 - 4), w1); + "w0 =3D *(u32 *)(r10 - 4);" + "exit;" + : + : __imm_insn(store_release_insn, + BPF_ATOMIC_OP(BPF_W, BPF_STORE_REL, BPF_REG_10, BPF_REG_1, -4)) + : __clobber_all); +} + +SEC("socket") +__description("store-release, 64-bit") +__success __success_unpriv __retval(0x1234567890abcdef) +__naked void store_release_64(void) +{ + asm volatile ( + "r1 =3D 0x1234567890abcdef ll;" + ".8byte %[store_release_insn];" // store_release((u64 *)(r10 - 8), r1); + "r0 =3D *(u64 *)(r10 - 8);" + "exit;" + : + : __imm_insn(store_release_insn, + BPF_ATOMIC_OP(BPF_DW, BPF_STORE_REL, BPF_REG_10, BPF_REG_1, -8)) + : __clobber_all); +} + +SEC("socket") +__description("store-release with uninitialized src_reg") +__failure __failure_unpriv __msg("R2 !read_ok") +__naked void store_release_with_uninitialized_src_reg(void) +{ + asm volatile ( + ".8byte %[store_release_insn];" // store_release((u64 *)(r10 - 8), r2); + "exit;" + : + : __imm_insn(store_release_insn, + BPF_ATOMIC_OP(BPF_DW, BPF_STORE_REL, BPF_REG_10, BPF_REG_2, -8)) + : __clobber_all); +} + +SEC("socket") +__description("store-release with uninitialized dst_reg") +__failure __failure_unpriv __msg("R2 !read_ok") +__naked void store_release_with_uninitialized_dst_reg(void) +{ + asm volatile ( + "r1 =3D 0;" + ".8byte %[store_release_insn];" // store_release((u64 *)(r2 - 8), r1); + "exit;" + : + : __imm_insn(store_release_insn, + BPF_ATOMIC_OP(BPF_DW, BPF_STORE_REL, BPF_REG_2, BPF_REG_1, -8)) + : __clobber_all); +} + +SEC("socket") +__description("store-release with non-pointer dst_reg") +__failure __failure_unpriv __msg("R1 invalid mem access 'scalar'") +__naked void store_release_with_non_pointer_dst_reg(void) +{ + asm volatile ( + "r1 =3D 0;" + ".8byte %[store_release_insn];" // store_release((u64 *)(r1 + 0), r1); + "exit;" + : + : __imm_insn(store_release_insn, + BPF_ATOMIC_OP(BPF_DW, BPF_STORE_REL, BPF_REG_1, BPF_REG_1, 0)) + : __clobber_all); +} + +SEC("socket") +__description("misaligned store-release") +__failure __failure_unpriv __msg("misaligned stack access off") +__flag(BPF_F_ANY_ALIGNMENT) +__naked void store_release_misaligned(void) +{ + asm volatile ( + "w0 =3D 0;" + ".8byte %[store_release_insn];" // store_release((u32 *)(r10 - 5), w0); + "exit;" + : + : __imm_insn(store_release_insn, + BPF_ATOMIC_OP(BPF_W, BPF_STORE_REL, BPF_REG_10, BPF_REG_0, -5)) + : __clobber_all); +} + +SEC("socket") +__description("store-release to ctx pointer") +__failure __failure_unpriv __msg("BPF_ATOMIC stores into R1 ctx is not all= owed") +__naked void store_release_to_ctx_pointer(void) +{ + asm volatile ( + "w0 =3D 0;" + ".8byte %[store_release_insn];" // store_release((u8 *)(r1 + 0), w0); + "exit;" + : + : __imm_insn(store_release_insn, + BPF_ATOMIC_OP(BPF_B, BPF_STORE_REL, BPF_REG_1, BPF_REG_0, 0)) + : __clobber_all); +} + +SEC("xdp") +__description("store-release to pkt pointer") +__failure __msg("BPF_ATOMIC stores into R2 pkt is not allowed") +__naked void store_release_to_pkt_pointer(void) +{ + asm volatile ( + "w0 =3D 0;" + "r2 =3D *(u32 *)(r1 + %[xdp_md_data]);" + ".8byte %[store_release_insn];" // store_release((u8 *)(r2 + 0), w0); + "exit;" + : + : __imm_const(xdp_md_data, offsetof(struct xdp_md, data)), + __imm_insn(store_release_insn, + BPF_ATOMIC_OP(BPF_B, BPF_STORE_REL, BPF_REG_2, BPF_REG_0, 0)) + : __clobber_all); +} + +SEC("flow_dissector") +__description("store-release to flow_keys pointer") +__failure __msg("BPF_ATOMIC stores into R2 flow_keys is not allowed") +__naked void store_release_to_flow_keys_pointer(void) +{ + asm volatile ( + "w0 =3D 0;" + "r2 =3D *(u64 *)(r1 + %[__sk_buff_flow_keys]);" + ".8byte %[store_release_insn];" // store_release((u8 *)(r2 + 0), w0); + "exit;" + : + : __imm_const(__sk_buff_flow_keys, + offsetof(struct __sk_buff, flow_keys)), + __imm_insn(store_release_insn, + BPF_ATOMIC_OP(BPF_B, BPF_STORE_REL, BPF_REG_2, BPF_REG_0, 0)) + : __clobber_all); +} + +SEC("sk_reuseport") +__description("store-release to sock pointer") +__failure __msg("BPF_ATOMIC stores into R2 sock is not allowed") +__naked void store_release_to_sock_pointer(void) +{ + asm volatile ( + "w0 =3D 0;" + "r2 =3D *(u64 *)(r1 + %[sk_reuseport_md_sk]);" + ".8byte %[store_release_insn];" // store_release((u8 *)(r2 + 0), w0); + "exit;" + : + : __imm_const(sk_reuseport_md_sk, offsetof(struct sk_reuseport_md, sk)), + __imm_insn(store_release_insn, + BPF_ATOMIC_OP(BPF_B, BPF_STORE_REL, BPF_REG_2, BPF_REG_0, 0)) + : __clobber_all); +} + +SEC("socket") +__description("store-release, leak pointer to stack") +__success __success_unpriv __retval(0) +__naked void store_release_leak_pointer_to_stack(void) +{ + asm volatile ( + ".8byte %[store_release_insn];" // store_release((u64 *)(r10 - 8), r1); + "r0 =3D 0;" + "exit;" + : + : __imm_insn(store_release_insn, + BPF_ATOMIC_OP(BPF_DW, BPF_STORE_REL, BPF_REG_10, BPF_REG_1, -8)) + : __clobber_all); +} + +struct { + __uint(type, BPF_MAP_TYPE_HASH); + __uint(max_entries, 1); + __type(key, long long); + __type(value, long long); +} map_hash_8b SEC(".maps"); + +SEC("socket") +__description("store-release, leak pointer to map") +__success __retval(0) +__failure_unpriv __msg_unpriv("R6 leaks addr into map") +__naked void store_release_leak_pointer_to_map(void) +{ + asm volatile ( + "r6 =3D r1;" + "r1 =3D %[map_hash_8b] ll;" + "r2 =3D 0;" + "*(u64 *)(r10 - 8) =3D r2;" + "r2 =3D r10;" + "r2 +=3D -8;" + "call %[bpf_map_lookup_elem];" + "if r0 =3D=3D 0 goto l0_%=3D;" + ".8byte %[store_release_insn];" // store_release((u64 *)(r0 + 0), r6); +"l0_%=3D:" + "r0 =3D 0;" + "exit;" + : + : __imm_addr(map_hash_8b), + __imm(bpf_map_lookup_elem), + __imm_insn(store_release_insn, + BPF_ATOMIC_OP(BPF_DW, BPF_STORE_REL, BPF_REG_0, BPF_REG_6, 0)) + : __clobber_all); +} + +#else + +SEC("socket") +__description("store-release is not supported by compiler or jit, use a du= mmy test") +__success +int dummy_test(void) +{ + return 0; +} + +#endif + +char _license[] SEC("license") =3D "GPL"; --=20 2.48.1.502.g6dc24dfdaf-goog From nobody Sat Feb 7 11:31:57 2026 Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8D73B185B73 for ; Fri, 7 Feb 2025 02:06:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738894003; cv=none; b=B+VsiUTP6hmG5xSaS5tFCvmIAM7segn2wyWuU62PfKAk0v3QCdSqfTdLGVIzRin3hGQgyAqHITPkqK5WBhCZOjRFqOmBd1ZrkTZEhOFMLS8CB210dKP9c3dyAzgK4YcZsphGmALv7kBCE5+ng8PIv4CdyOUuhvl/Uz+1kTTdb6o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1738894003; c=relaxed/simple; bh=9TD85PMgpDU5D2oxZLnT8DCFz4XahRBdsQKIng9CEDo=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=f32o33h6n3cRc1kYWF3ZJ0IqG/B+Xo27O66yTCboG4p0qumXBGCvjo2B0ii1oHudioQIluKFRXWfLk9fjT99Rf1w+j0JrvczQDrYZ5cs8OreuIEMQEW/az/kZN6qBkXBxs8p7yXdK7uNI9fiGK4RNttVuyTLrI9Zaba3DqTe99I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--yepeilin.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=OBzGFbMN; arc=none smtp.client-ip=209.85.214.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--yepeilin.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="OBzGFbMN" Received: by mail-pl1-f201.google.com with SMTP id d9443c01a7336-21f5060ef10so14450515ad.2 for ; Thu, 06 Feb 2025 18:06:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1738894001; x=1739498801; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=2ep8DalcKj7dauwNLlP5ARZOtPwUTNVJ49jqJ539nuE=; b=OBzGFbMNev6db22Ug6L456fKfc1yLG3P+gqAgn8CV5iTHmJTPa1tTmDdSwYMnSsVun hnEPHNNIyTPpOLqSV7+VfgQWoptvufRmqgGBCPhRVhx4s21e31P1KL5g7C/TjFaos8DA tNrgb9GYPosETBd4T2APpFCoeZwa3B8palTtjZE9Q1l7cGlSldap/VbW8VIphXhUa+8J WUhWh68Zt9QpYrjsK90ep5KXkolMCOHVQ+oKDHHvEejvzUvN0mUj8paarhD4kGVwzK/4 fO+40eg+LFavvjznL/vcFy3DTEm8CS2DpMyb9C5H3FbflV1A0I8AVnakvjSMNyUuZllw jnGA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738894001; x=1739498801; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=2ep8DalcKj7dauwNLlP5ARZOtPwUTNVJ49jqJ539nuE=; b=sgHgcp5DeKQ3ykvDc4jB8iBV8JAI5GQ0bkTGF+HFkBNwwpR1de3Td26/NgcgmDqLrr i0E7SjKbjbLqDO2Fa02F1EFMphM4OYOJmqt3MZR68dUgFVRtKbb1191hEBDlmjIBeOfe pmUT9qJCfi5dUHzDwcyBZ97osAsW/PMqudvwZIAKpZDSsuYuWUtPzYSyn87A2QAagSSv HzG/hPy4Lak2A6gf8qsE7kgCe2aBRzsci8HHnh8s57+5H/vbC7ExFGN5nn+d7li7xnXQ 5PtYjIgeFjJvSvDigohZXqWstFpp4b9i2AbY4SlROdn274hCrPJ/fdOSTf9RaECiydd8 1ncQ== X-Forwarded-Encrypted: i=1; AJvYcCX7DJWp9UFRNFi525Is554cd3ZZcn2ezLq6Bfoxeo1izuY/TlGHaIWEr4peUjUD69dytmrYRieQbNIqN4k=@vger.kernel.org X-Gm-Message-State: AOJu0YwD8lhQ5Rc4gpBA4P3WLelTS5GN2iF6cX6u9aP9fgfvd1Njl3bw DruwNmjc0YPggVUc950s+51jIhdpShO2HaO7KwAVXagrIEwPqpuhLUWINTDliTu5aQe4XSabnsg Z2e1S0JgTnQ== X-Google-Smtp-Source: AGHT+IHO+QQmGU+1/m5wHtsMoItJdlgCTFiDvf89nZcXM296VZbNzIAooIz/Ko6Udd05tpk4RbaW4EcMXoxUsg== X-Received: from pfnv19.prod.google.com ([2002:aa7:8513:0:b0:730:5488:ee30]) (user=yepeilin job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:1394:b0:1e0:c77c:450d with SMTP id adf61e73a8af0-1ee03a242cemr2973087637.1.1738894000789; Thu, 06 Feb 2025 18:06:40 -0800 (PST) Date: Fri, 7 Feb 2025 02:06:36 +0000 In-Reply-To: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: X-Mailer: git-send-email 2.48.1.502.g6dc24dfdaf-goog Message-ID: Subject: [PATCH bpf-next v2 9/9] bpf, docs: Update instruction-set.rst for load-acquire and store-release instructions From: Peilin Ye To: bpf@vger.kernel.org, linux-arm-kernel@lists.infradead.org Cc: Peilin Ye , bpf@ietf.org, Xu Kuohai , Eduard Zingerman , David Vernet , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Jonathan Corbet , "Paul E. McKenney" , Puranjay Mohan , Ilya Leoshkevich , Heiko Carstens , Vasily Gorbik , Catalin Marinas , Will Deacon , Quentin Monnet , Mykola Lysenko , Shuah Khan , Ihor Solodrai , Yingchi Long , Josh Don , Barret Rhoden , Neel Natu , Benjamin Segall , linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Update documentation for the new load-acquire and store-release instructions. Rename existing atomic operations as "atomic read-modify-write (RMW) operations". Following RFC 9669, section 7.3. "Adding Instructions", create new conformance groups "atomic32v2" and "atomic64v2", where: * atomic32v2: includes all instructions in "atomic32", plus the new 8-bit, 16-bit and 32-bit atomic load-acquire and store-release instructions * atomic64v2: includes all instructions in "atomic64" and "atomic32v2", plus the new 64-bit atomic load-acquire and store-release instructions Cc: bpf@ietf.org Signed-off-by: Peilin Ye --- .../bpf/standardization/instruction-set.rst | 114 +++++++++++++++--- 1 file changed, 98 insertions(+), 16 deletions(-) diff --git a/Documentation/bpf/standardization/instruction-set.rst b/Docume= ntation/bpf/standardization/instruction-set.rst index ab820d565052..86917932e9ef 100644 --- a/Documentation/bpf/standardization/instruction-set.rst +++ b/Documentation/bpf/standardization/instruction-set.rst @@ -139,8 +139,14 @@ This document defines the following conformance groups: specification unless otherwise noted. * base64: includes base32, plus instructions explicitly noted as being in the base64 conformance group. -* atomic32: includes 32-bit atomic operation instructions (see `Atomic ope= rations`_). -* atomic64: includes atomic32, plus 64-bit atomic operation instructions. +* atomic32: includes 32-bit atomic read-modify-write instructions (see + `Atomic operations`_). +* atomic32v2: includes atomic32, plus 8-bit, 16-bit and 32-bit atomic + load-acquire and store-release instructions. +* atomic64: includes atomic32, plus 64-bit atomic read-modify-write + instructions. +* atomic64v2: unifies atomic32v2 and atomic64, plus 64-bit atomic load-acq= uire + and store-release instructions. * divmul32: includes 32-bit division, multiplication, and modulo instructi= ons. * divmul64: includes divmul32, plus 64-bit division, multiplication, and modulo instructions. @@ -653,20 +659,31 @@ Atomic operations are operations that operate on memo= ry and can not be interrupted or corrupted by other access to the same memory region by other BPF programs or means outside of this specification. =20 -All atomic operations supported by BPF are encoded as store operations -that use the ``ATOMIC`` mode modifier as follows: +All atomic operations supported by BPF are encoded as ``STX`` instructions +that use the ``ATOMIC`` mode modifier, with the 'imm' field encoding the +actual atomic operation. These operations are categorized based on the se= cond +lowest nibble (bits 4-7) of the 'imm' field: =20 -* ``{ATOMIC, W, STX}`` for 32-bit operations, which are +* ``ATOMIC_LOAD`` and ``ATOMIC_STORE`` indicate atomic load and store + operations, respectively (see `Atomic load and store operations`_). +* All other defined values indicate an atomic read-modify-write operation,= as + described in the following section. + +Atomic read-modify-write operations +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The atomic read-modify-write (RMW) operations are encoded as follows: + +* ``{ATOMIC, W, STX}`` for 32-bit RMW operations, which are part of the "atomic32" conformance group. -* ``{ATOMIC, DW, STX}`` for 64-bit operations, which are +* ``{ATOMIC, DW, STX}`` for 64-bit RMW operations, which are part of the "atomic64" conformance group. -* 8-bit and 16-bit wide atomic operations are not supported. +* 8-bit and 16-bit wide atomic RMW operations are not supported. =20 -The 'imm' field is used to encode the actual atomic operation. -Simple atomic operation use a subset of the values defined to encode -arithmetic operations in the 'imm' field to encode the atomic operation: +Simple atomic RMW operation use a subset of the values defined to encode +arithmetic operations in the 'imm' field to encode the atomic RMW operatio= n: =20 -.. table:: Simple atomic operations +.. table:: Simple atomic read-modify-write operations =20 =3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D imm value description @@ -686,10 +703,10 @@ arithmetic operations in the 'imm' field to encode th= e atomic operation: =20 *(u64 *)(dst + offset) +=3D src =20 -In addition to the simple atomic operations, there also is a modifier and -two complex atomic operations: +In addition to the simple atomic RMW operations, there also is a modifier = and +two complex atomic RMW operations: =20 -.. table:: Complex atomic operations +.. table:: Complex atomic read-modify-write operations =20 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D imm value description @@ -699,8 +716,8 @@ two complex atomic operations: CMPXCHG 0xf0 | FETCH atomic compare and exchange =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D =20 -The ``FETCH`` modifier is optional for simple atomic operations, and -always set for the complex atomic operations. If the ``FETCH`` flag +The ``FETCH`` modifier is optional for simple atomic RMW operations, and +always set for the complex atomic RMW operations. If the ``FETCH`` flag is set, then the operation also overwrites ``src`` with the value that was in memory before it was modified. =20 @@ -713,6 +730,71 @@ The ``CMPXCHG`` operation atomically compares the valu= e addressed by value that was at ``dst + offset`` before the operation is zero-extended and loaded back to ``R0``. =20 +Atomic load and store operations +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +To encode an atomic load or store operation, the lowest 8 bits of the 'imm' +field are divided as follows:: + + +-+-+-+-+-+-+-+-+ + | type | order | + +-+-+-+-+-+-+-+-+ + +**type** + The operation type is one of: + +.. table:: Atomic load and store operation types + + =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D =3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D + type value description + =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D =3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D + ATOMIC_LOAD 0x1 atomic load + ATOMIC_STORE 0x2 atomic store + =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D =3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D + +**order** + The memory order is one of: + +.. table:: Memory orders + + =3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + order value description + =3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + RELAXED 0x0 relaxed + ACQUIRE 0x1 acquire + RELEASE 0x2 release + ACQ_REL 0x3 acquire and release + SEQ_CST 0x4 sequentially consistent + =3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +Currently the following combinations of ``type`` and ``order`` are allowed: + +.. table:: Atomic load and store operations + + =3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + imm value description + =3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + LOAD_ACQ 0x11 atomic load-acquire + STORE_REL 0x22 atomic store-release + =3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +``{ATOMIC, , STX}`` with 'imm' =3D LOAD_ACQ means:: + + dst =3D load_acquire((unsigned size *)(src + offset)) + +``{ATOMIC, , STX}`` with 'imm' =3D STORE_REL means:: + + store_release((unsigned size *)(dst + offset), src) + +Where '' is one of: ``B``, ``H``, ``W``, or ``DW``, and 'unsigned si= ze' +is one of: u8, u16, u32, or u64. + +8-bit, 16-bit and 32-bit atomic load-acquire and store-release instructions +are part of the "atomic32v2" conformance group. + +64-bit atomic load-acquire and store-release instructions are part of the +"atomic64v2" conformance group. + 64-bit immediate instructions ----------------------------- =20 --=20 2.48.1.502.g6dc24dfdaf-goog