leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ced185824c
linux/arch/x86
History
Johan Almbladh ced185824c bpf, x86: Fix bpf mapping of atomic fetch implementation 
Fix the case where the dst register maps to %rax as otherwise this produces
an incorrect mapping with the implementation in 981f94c3e9 ("bpf: Add
bitwise atomic instructions") as %rax is clobbered given it's part of the
cmpxchg as operand.

The issue is similar to b29dd96b90 ("bpf, x86: Fix BPF_FETCH atomic and/or/
xor with r0 as src") just that the case of dst register was missed.

Before, dst=r0 (%rax) src=r2 (%rsi):

  [...]
  c5:   mov    %rax,%r10
  c8:   mov    0x0(%rax),%rax       <---+ (broken)
  cc:   mov    %rax,%r11                |
  cf:   and    %rsi,%r11                |
  d2:   lock cmpxchg %r11,0x0(%rax) <---+
  d8:   jne    0x00000000000000c8       |
  da:   mov    %rax,%rsi                |
  dd:   mov    %r10,%rax                |
  [...]                                 |
                                        |
After, dst=r0 (%rax) src=r2 (%rsi):     |
                                        |
  [...]                                 |
  da:	mov    %rax,%r10                |
  dd:	mov    0x0(%r10),%rax       <---+ (fixed)
  e1:	mov    %rax,%r11                |
  e4:	and    %rsi,%r11                |
  e7:	lock cmpxchg %r11,0x0(%r10) <---+
  ed:	jne    0x00000000000000dd
  ef:	mov    %rax,%rsi
  f2:	mov    %r10,%rax
  [...]

The remaining combinations were fine as-is though:

After, dst=r9 (%r15) src=r0 (%rax):

  [...]
  dc:	mov    %rax,%r10
  df:	mov    0x0(%r15),%rax
  e3:	mov    %rax,%r11
  e6:	and    %r10,%r11
  e9:	lock cmpxchg %r11,0x0(%r15)
  ef:	jne    0x00000000000000df      _
  f1:	mov    %rax,%r10                | (unneeded, but
  f4:	mov    %r10,%rax               _|  not a problem)
  [...]

After, dst=r9 (%r15) src=r4 (%rcx):

  [...]
  de:	mov    %rax,%r10
  e1:	mov    0x0(%r15),%rax
  e5:	mov    %rax,%r11
  e8:	and    %rcx,%r11
  eb:	lock cmpxchg %r11,0x0(%r15)
  f1:	jne    0x00000000000000e1
  f3:	mov    %rax,%rcx
  f6:	mov    %r10,%rax
  [...]

The case of dst == src register is rejected by the verifier and
therefore not supported, but x86 JIT also handles this case just
fine.

After, dst=r0 (%rax) src=r0 (%rax):

  [...]
  eb:	mov    %rax,%r10
  ee:	mov    0x0(%r10),%rax
  f2:	mov    %rax,%r11
  f5:	and    %r10,%r11
  f8:	lock cmpxchg %r11,0x0(%r10)
  fe:	jne    0x00000000000000ee
 100:	mov    %rax,%r10
 103:	mov    %r10,%rax
  [...]

Fixes: 981f94c3e9 ("bpf: Add bitwise atomic instructions")
Reported-by: Johan Almbladh <johan.almbladh@anyfinetworks.com>
Signed-off-by: Johan Almbladh <johan.almbladh@anyfinetworks.com>
Co-developed-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Brendan Jackman <jackmanb@google.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
2021-09-28 12:10:29 +02:00
..
boot Kbuild updates for v5.15 2021-09-03 15:33:47 -07:00
configs module: remove EXPORT_UNUSED_SYMBOL* 2021-02-08 12:28:07 +01:00
crypto crypto: aesni - xts_crypt() return if walk.nbytes is 0 2021-08-27 16:30:19 +08:00
entry Kbuild updates for v5.15 2021-09-03 15:33:47 -07:00
events perf/x86/amd/ibs: Add bitfield definitions in new <asm/amd-ibs.h> header 2021-08-26 09:14:36 +02:00
hyperv x86/hyperv: fix root partition faults when writing to VP assist page MSR 2021-08-04 11:56:53 +00:00
ia32 binfmt: remove in-tree usage of MAP_DENYWRITE 2021-09-03 18:42:01 +02:00
include ARM: 2021-09-07 13:40:51 -07:00
kernel ARM: 2021-09-07 13:40:51 -07:00
kvm ARM: 2021-09-07 13:40:51 -07:00
lib x86: Add support for 0x22/0x23 port I/O configuration space 2021-08-10 23:31:43 +02:00
math-emu x86/math-emu: Rename frstor() 2021-06-23 18:16:33 +02:00
mm Merge branch 'akpm' (patches from Andrew) 2021-09-03 10:08:28 -07:00
net bpf, x86: Fix bpf mapping of atomic fetch implementation 2021-09-28 12:10:29 +02:00
pci x86: Avoid magic number with ELCR register accesses 2021-08-10 23:31:43 +02:00
platform EFI changes: two driver API cleanups, and a log message tweak. 2021-06-28 11:34:16 -07:00
power x86/power: Fix kernel-doc warnings in cpu.c 2021-08-12 10:15:40 +02:00
purgatory kernel.h: split out panic and oops helpers 2021-07-01 11:06:04 -07:00
ras
realmode memblock: make memblock_find_in_range method private 2021-09-03 09:58:17 -07:00
tools - Remove cc-option checks which are old and already supported by the 2021-08-30 13:27:16 -07:00
um x86/uml/syscalls: Remove array index from syscall initializers 2021-05-25 16:59:23 +02:00
video
xen xen: remove stray preempt_disable() from PV AP startup code 2021-09-01 10:39:27 +02:00
.gitignore
Kbuild
Kconfig Tracing updates for 5.15: 2021-09-05 11:50:41 -07:00
Kconfig.assembler
Kconfig.cpu
Kconfig.debug tracing: Refactor TRACE_IRQFLAGS_SUPPORT in Kconfig 2021-08-16 11:37:21 -04:00
Makefile Kbuild updates for v5.15 2021-09-03 15:33:47 -07:00
Makefile_32.cpu x86: remove cc-option-yn test for -mtune= 2021-09-03 08:17:20 +09:00
Makefile.um um: allow not setting extra rpaths in the linux binary 2021-06-17 21:54:15 +02:00