Eric Lee / smarc-fsl-linux-kernel

04 Nov, 2018

1 commit

  • 7d768c84e   test_bpf: Fix testing with CONFIG_BPF_JIT_ALWAYS_ON=y on other arches ... Browse Code »

    [ Upstream commit 52fda36d63bfc8c8e8ae5eda8eb5ac6f52cd67ed ]

    Function bpf_fill_maxinsns11 is designed to not be able to be JITed on
    x86_64. So, it fails when CONFIG_BPF_JIT_ALWAYS_ON=y, and
    commit 09584b406742 ("bpf: fix selftests/bpf test_kmod.sh failure when
    CONFIG_BPF_JIT_ALWAYS_ON=y") makes sure that failure is detected on that
    case.

    However, it does not fail on other architectures, which have a different
    JIT compiler design. So, test_bpf has started to fail to load on those.

    After this fix, test_bpf loads fine on both x86_64 and ppc64el.

    Fixes: 09584b406742 ("bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y")
    Signed-off-by: Thadeu Lima de Souza Cascardo
    Reviewed-by: Yonghong Song
    Signed-off-by: Daniel Borkmann
    Signed-off-by: Sasha Levin

    Thadeu Lima de Souza Cascardo
     

26 Apr, 2018

1 commit

  • 3e01c16d8   bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y ... Browse Code »

    [ Upstream commit 09584b406742413ac4c8d7e030374d4daa045b69 ]

    With CONFIG_BPF_JIT_ALWAYS_ON is defined in the config file,
    tools/testing/selftests/bpf/test_kmod.sh failed like below:
    [root@localhost bpf]# ./test_kmod.sh
    sysctl: setting key "net.core.bpf_jit_enable": Invalid argument
    [ JIT enabled:0 hardened:0 ]
    [ 132.175681] test_bpf: #297 BPF_MAXINSNS: Jump, gap, jump, ... FAIL to prog_create err=-524 len=4096
    [ 132.458834] test_bpf: Summary: 348 PASSED, 1 FAILED, [340/340 JIT'ed]
    [ JIT enabled:1 hardened:0 ]
    [ 133.456025] test_bpf: #297 BPF_MAXINSNS: Jump, gap, jump, ... FAIL to prog_create err=-524 len=4096
    [ 133.730935] test_bpf: Summary: 348 PASSED, 1 FAILED, [340/340 JIT'ed]
    [ JIT enabled:1 hardened:1 ]
    [ 134.769730] test_bpf: #297 BPF_MAXINSNS: Jump, gap, jump, ... FAIL to prog_create err=-524 len=4096
    [ 135.050864] test_bpf: Summary: 348 PASSED, 1 FAILED, [340/340 JIT'ed]
    [ JIT enabled:1 hardened:2 ]
    [ 136.442882] test_bpf: #297 BPF_MAXINSNS: Jump, gap, jump, ... FAIL to prog_create err=-524 len=4096
    [ 136.821810] test_bpf: Summary: 348 PASSED, 1 FAILED, [340/340 JIT'ed]
    [root@localhost bpf]#

    The test_kmod.sh load/remove test_bpf.ko multiple times with different
    settings for sysctl net.core.bpf_jit_{enable,harden}. The failed test #297
    of test_bpf.ko is designed such that JIT always fails.

    Commit 290af86629b2 (bpf: introduce BPF_JIT_ALWAYS_ON config)
    introduced the following tightening logic:
    ...
    if (!bpf_prog_is_dev_bound(fp->aux)) {
    fp = bpf_int_jit_compile(fp);
    #ifdef CONFIG_BPF_JIT_ALWAYS_ON
    if (!fp->jited) {
    *err = -ENOTSUPP;
    return fp;
    }
    #endif
    ...
    With this logic, Test #297 always gets return value -ENOTSUPP
    when CONFIG_BPF_JIT_ALWAYS_ON is defined, causing the test failure.

    This patch fixed the failure by marking Test #297 as expected failure
    when CONFIG_BPF_JIT_ALWAYS_ON is defined.

    Fixes: 290af86629b2 (bpf: introduce BPF_JIT_ALWAYS_ON config)
    Signed-off-by: Yonghong Song
    Signed-off-by: Daniel Borkmann
    Signed-off-by: Sasha Levin
    Signed-off-by: Greg Kroah-Hartman

    Yonghong Song
     

31 Jan, 2018

1 commit

  • 6fde36d5c   bpf: introduce BPF_JIT_ALWAYS_ON config ... Browse Code »

    [ upstream commit 290af86629b25ffd1ed6232c4e9107da031705cb ]

    The BPF interpreter has been used as part of the spectre 2 attack CVE-2017-5715.

    A quote from goolge project zero blog:
    "At this point, it would normally be necessary to locate gadgets in
    the host kernel code that can be used to actually leak data by reading
    from an attacker-controlled location, shifting and masking the result
    appropriately and then using the result of that as offset to an
    attacker-controlled address for a load. But piecing gadgets together
    and figuring out which ones work in a speculation context seems annoying.
    So instead, we decided to use the eBPF interpreter, which is built into
    the host kernel - while there is no legitimate way to invoke it from inside
    a VM, the presence of the code in the host kernel's text section is sufficient
    to make it usable for the attack, just like with ordinary ROP gadgets."

    To make attacker job harder introduce BPF_JIT_ALWAYS_ON config
    option that removes interpreter from the kernel in favor of JIT-only mode.
    So far eBPF JIT is supported by:
    x64, arm64, arm32, sparc64, s390, powerpc64, mips64

    The start of JITed program is randomized and code page is marked as read-only.
    In addition "constant blinding" can be turned on with net.core.bpf_jit_harden

    v2->v3:
    - move __bpf_prog_ret0 under ifdef (Daniel)

    v1->v2:
    - fix init order, test_bpf and cBPF (Daniel's feedback)
    - fix offloaded bpf (Jakub's feedback)
    - add 'return 0' dummy in case something can invoke prog->bpf_func
    - retarget bpf tree. For bpf-next the patch would need one extra hunk.
    It will be sent when the trees are merged back to net-next

    Considered doing:
    int bpf_jit_enable __read_mostly = BPF_EBPF_JIT_DEFAULT;
    but it seems better to land the patch as-is and in bpf-next remove
    bpf_jit_enable global variable from all JITs, consolidate in one place
    and remove this jit_init() function.

    Signed-off-by: Alexei Starovoitov
    Signed-off-by: Daniel Borkmann
    Signed-off-by: Greg Kroah-Hartman

    Alexei Starovoitov
     

10 Aug, 2017

1 commit

  • 92b31a9af   bpf: add BPF_J{LT,LE,SLT,SLE} instructions ... Browse Code »

    Currently, eBPF only understands BPF_JGT (>), BPF_JGE (>=),
    BPF_JSGT (s>), BPF_JSGE (s>=) instructions, this means that
    particularly *JLT/*JLE counterparts involving immediates need
    to be rewritten from e.g. X < [IMM] by swapping arguments into
    [IMM] > X, meaning the immediate first is required to be loaded
    into a register Y := [IMM], such that then we can compare with
    Y > X. Note that the destination operand is always required to
    be a register.

    This has the downside of having unnecessarily increased register
    pressure, meaning complex program would need to spill other
    registers temporarily to stack in order to obtain an unused
    register for the [IMM]. Loading to registers will thus also
    affect state pruning since we need to account for that register
    use and potentially those registers that had to be spilled/filled
    again. As a consequence slightly more stack space might have
    been used due to spilling, and BPF programs are a bit longer
    due to extra code involving the register load and potentially
    required spill/fills.

    Thus, add BPF_JLT (
    Acked-by: Alexei Starovoitov
    Signed-off-by: David S. Miller

    Daniel Borkmann
     

21 Jun, 2017

1 commit

  • de77b966c   net: introduce __skb_put_[zero, data, u8] ... Browse Code »

    follow Johannes Berg, semantic patch file as below,
    @@
    identifier p, p2;
    expression len;
    expression skb;
    type t, t2;
    @@
    (
    -p = __skb_put(skb, len);
    +p = __skb_put_zero(skb, len);
    |
    -p = (t)__skb_put(skb, len);
    +p = __skb_put_zero(skb, len);
    )
    ... when != p
    (
    p2 = (t2)p;
    -memset(p2, 0, len);
    |
    -memset(p, 0, len);
    )

    @@
    identifier p;
    expression len;
    expression skb;
    type t;
    @@
    (
    -t p = __skb_put(skb, len);
    +t p = __skb_put_zero(skb, len);
    )
    ... when != p
    (
    -memset(p, 0, len);
    )

    @@
    type t, t2;
    identifier p, p2;
    expression skb;
    @@
    t *p;
    ...
    (
    -p = __skb_put(skb, sizeof(t));
    +p = __skb_put_zero(skb, sizeof(t));
    |
    -p = (t *)__skb_put(skb, sizeof(t));
    +p = __skb_put_zero(skb, sizeof(t));
    )
    ... when != p
    (
    p2 = (t2)p;
    -memset(p2, 0, sizeof(*p));
    |
    -memset(p, 0, sizeof(*p));
    )

    @@
    expression skb, len;
    @@
    -memset(__skb_put(skb, len), 0, len);
    +__skb_put_zero(skb, len);

    @@
    expression skb, len, data;
    @@
    -memcpy(__skb_put(skb, len), data, len);
    +__skb_put_data(skb, data, len);

    @@
    expression SKB, C, S;
    typedef u8;
    identifier fn = {__skb_put};
    fresh identifier fn2 = fn ## "_u8";
    @@
    - *(u8 *)fn(SKB, S) = C;
    + fn2(SKB, C);

    Signed-off-by: yuan linyu
    Signed-off-by: David S. Miller

    yuan linyu
     

15 Jun, 2017

1 commit

  • b7127cfea   test_bpf: Add test to make conditional jump cross a large number of insns. ... Browse Code »

    On MIPS, conditional branches can only span 32k instructions. To
    exceed this limit in the JIT with the BPF maximum of 4k insns, we need
    to choose eBPF insns that expand to more than 8 machine instructions.
    Use BPF_LD_ABS as it is quite complex. This forces the JIT to invert
    the sense of the branch to branch around a long jump to the end.

    This (somewhat) verifies that the branch inversion logic and target
    address calculation of the long jumps are done correctly.

    Signed-off-by: David Daney
    Acked-by: Daniel Borkmann
    Signed-off-by: David S. Miller

    David Daney
     

01 Jun, 2017

1 commit

26 May, 2017

1 commit

03 May, 2017

3 commits

  • 86f8e247b   test_bpf: Use ULL suffix for 64-bit constants ... Browse Code »

    On 32-bit:

    lib/test_bpf.c:4772: warning: integer constant is too large for ‘unsigned long’ type
    lib/test_bpf.c:4772: warning: integer constant is too large for ‘unsigned long’ type
    lib/test_bpf.c:4773: warning: integer constant is too large for ‘unsigned long’ type
    lib/test_bpf.c:4773: warning: integer constant is too large for ‘unsigned long’ type
    lib/test_bpf.c:4787: warning: integer constant is too large for ‘unsigned long’ type
    lib/test_bpf.c:4787: warning: integer constant is too large for ‘unsigned long’ type
    lib/test_bpf.c:4801: warning: integer constant is too large for ‘unsigned long’ type
    lib/test_bpf.c:4801: warning: integer constant is too large for ‘unsigned long’ type
    lib/test_bpf.c:4802: warning: integer constant is too large for ‘unsigned long’ type
    lib/test_bpf.c:4802: warning: integer constant is too large for ‘unsigned long’ type

    On 32-bit systems, "long" is only 32-bit.
    Replace the "UL" suffix by "ULL" to fix this.

    Fixes: 85f68fe898320575 ("bpf, arm64: implement jiting of BPF_XADD")
    Signed-off-by: Geert Uytterhoeven
    Acked-by: Daniel Borkmann
    Signed-off-by: David S. Miller

    Geert Uytterhoeven
     
  • ddc665a4b   bpf, arm64: fix jit branch offset related to ldimm64 ... Browse Code »

    When the instruction right before the branch destination is
    a 64 bit load immediate, we currently calculate the wrong
    jump offset in the ctx->offset[] array as we only account
    one instruction slot for the 64 bit load immediate although
    it uses two BPF instructions. Fix it up by setting the offset
    into the right slot after we incremented the index.

    Before (ldimm64 test 1):

    [...]
    00000020: 52800007 mov w7, #0x0 // #0
    00000024: d2800060 mov x0, #0x3 // #3
    00000028: d2800041 mov x1, #0x2 // #2
    0000002c: eb01001f cmp x0, x1
    00000030: 54ffff82 b.cs 0x00000020
    00000034: d29fffe7 mov x7, #0xffff // #65535
    00000038: f2bfffe7 movk x7, #0xffff, lsl #16
    0000003c: f2dfffe7 movk x7, #0xffff, lsl #32
    00000040: f2ffffe7 movk x7, #0xffff, lsl #48
    00000044: d29dddc7 mov x7, #0xeeee // #61166
    00000048: f2bdddc7 movk x7, #0xeeee, lsl #16
    0000004c: f2ddddc7 movk x7, #0xeeee, lsl #32
    00000050: f2fdddc7 movk x7, #0xeeee, lsl #48
    [...]

    After (ldimm64 test 1):

    [...]
    00000020: 52800007 mov w7, #0x0 // #0
    00000024: d2800060 mov x0, #0x3 // #3
    00000028: d2800041 mov x1, #0x2 // #2
    0000002c: eb01001f cmp x0, x1
    00000030: 540000a2 b.cs 0x00000044
    00000034: d29fffe7 mov x7, #0xffff // #65535
    00000038: f2bfffe7 movk x7, #0xffff, lsl #16
    0000003c: f2dfffe7 movk x7, #0xffff, lsl #32
    00000040: f2ffffe7 movk x7, #0xffff, lsl #48
    00000044: d29dddc7 mov x7, #0xeeee // #61166
    00000048: f2bdddc7 movk x7, #0xeeee, lsl #16
    0000004c: f2ddddc7 movk x7, #0xeeee, lsl #32
    00000050: f2fdddc7 movk x7, #0xeeee, lsl #48
    [...]

    Also, add a couple of test cases to make sure JITs pass
    this test. Tested on Cavium ThunderX ARMv8. The added
    test cases all pass after the fix.

    Fixes: 8eee539ddea0 ("arm64: bpf: fix out-of-bounds read in bpf2a64_offset()")
    Reported-by: David S. Miller
    Signed-off-by: Daniel Borkmann
    Acked-by: Alexei Starovoitov
    Cc: Xi Wang
    Signed-off-by: David S. Miller

    Daniel Borkmann
     
  • 85f68fe89   bpf, arm64: implement jiting of BPF_XADD ... Browse Code »

    This work adds BPF_XADD for BPF_W/BPF_DW to the arm64 JIT and therefore
    completes JITing of all BPF instructions, meaning we can thus also remove
    the 'notyet' label and do not need to fall back to the interpreter when
    BPF_XADD is used in a program!

    This now also brings arm64 JIT in line with x86_64, s390x, ppc64, sparc64,
    where all current eBPF features are supported.

    BPF_W example from test_bpf:

    .u.insns_int = {
    BPF_ALU32_IMM(BPF_MOV, R0, 0x12),
    BPF_ST_MEM(BPF_W, R10, -40, 0x10),
    BPF_STX_XADD(BPF_W, R10, R0, -40),
    BPF_LDX_MEM(BPF_W, R0, R10, -40),
    BPF_EXIT_INSN(),
    },

    [...]
    00000020: 52800247 mov w7, #0x12 // #18
    00000024: 928004eb mov x11, #0xffffffffffffffd8 // #-40
    00000028: d280020a mov x10, #0x10 // #16
    0000002c: b82b6b2a str w10, [x25,x11]
    // start of xadd mapping:
    00000030: 928004ea mov x10, #0xffffffffffffffd8 // #-40
    00000034: 8b19014a add x10, x10, x25
    00000038: f9800151 prfm pstl1strm, [x10]
    0000003c: 885f7d4b ldxr w11, [x10]
    00000040: 0b07016b add w11, w11, w7
    00000044: 880b7d4b stxr w11, w11, [x10]
    00000048: 35ffffab cbnz w11, 0x0000003c
    // end of xadd mapping:
    [...]

    BPF_DW example from test_bpf:

    .u.insns_int = {
    BPF_ALU32_IMM(BPF_MOV, R0, 0x12),
    BPF_ST_MEM(BPF_DW, R10, -40, 0x10),
    BPF_STX_XADD(BPF_DW, R10, R0, -40),
    BPF_LDX_MEM(BPF_DW, R0, R10, -40),
    BPF_EXIT_INSN(),
    },

    [...]
    00000020: 52800247 mov w7, #0x12 // #18
    00000024: 928004eb mov x11, #0xffffffffffffffd8 // #-40
    00000028: d280020a mov x10, #0x10 // #16
    0000002c: f82b6b2a str x10, [x25,x11]
    // start of xadd mapping:
    00000030: 928004ea mov x10, #0xffffffffffffffd8 // #-40
    00000034: 8b19014a add x10, x10, x25
    00000038: f9800151 prfm pstl1strm, [x10]
    0000003c: c85f7d4b ldxr x11, [x10]
    00000040: 8b07016b add x11, x11, x7
    00000044: c80b7d4b stxr w11, x11, [x10]
    00000048: 35ffffab cbnz w11, 0x0000003c
    // end of xadd mapping:
    [...]

    Tested on Cavium ThunderX ARMv8, test suite results after the patch:

    No JIT: [ 3751.855362] test_bpf: Summary: 311 PASSED, 0 FAILED, [0/303 JIT'ed]
    With JIT: [ 3573.759527] test_bpf: Summary: 311 PASSED, 0 FAILED, [303/303 JIT'ed]

    Signed-off-by: Daniel Borkmann
    Acked-by: Alexei Starovoitov
    Signed-off-by: David S. Miller

    Daniel Borkmann
     

21 Oct, 2016

1 commit

  • 0d906b1e8   bpf, test: fix ld_abs + vlan push/pop stress test ... Browse Code »

    After commit 636c2628086e ("net: skbuff: Remove errornous length
    validation in skb_vlan_pop()") mentioned test case stopped working,
    throwing a -12 (ENOMEM) return code. The issue however is not due to
    636c2628086e, but rather due to a buggy test case that got uncovered
    from the change in behaviour in 636c2628086e.

    The data_size of that test case for the skb was set to 1. In the
    bpf_fill_ld_abs_vlan_push_pop() handler bpf insns are generated that
    loop with: reading skb data, pushing 68 tags, reading skb data,
    popping 68 tags, reading skb data, etc, in order to force a skb
    expansion and thus trigger that JITs recache skb->data. Problem is
    that initial data_size is too small.

    While before 636c2628086e, the test silently bailed out due to the
    skb->len < VLAN_ETH_HLEN check with returning 0, and now throwing an
    error from failing skb_ensure_writable(). Set at least minimum of
    ETH_HLEN as an initial length so that on first push of data, equivalent
    pop will succeed.

    Fixes: 4d9c5c53ac99 ("test_bpf: add bpf_skb_vlan_push/pop() tests")
    Signed-off-by: Daniel Borkmann
    Acked-by: Alexei Starovoitov
    Signed-off-by: David S. Miller

    Daniel Borkmann
     

16 Sep, 2016

1 commit

  • 5c0ca3f56   test_bpf: fix the dummy skb after dissector changes ... Browse Code »

    Commit d5709f7ab776 ("flow_dissector: For stripped vlan, get vlan
    info from skb->vlan_tci") made flow dissector look at vlan_proto
    when vlan is present. Since test_bpf sets skb->vlan_tci to ~0
    (including VLAN_TAG_PRESENT) we have to populate skb->vlan_proto.

    Fixes false negative on test #24:
    test_bpf: #24 LD_PAYLOAD_OFF jited:0 175 ret 0 != 42 FAIL (1 times)

    Signed-off-by: Jakub Kicinski
    Reviewed-by: Dinan Gunawardena
    Acked-by: Daniel Borkmann
    Acked-by: Alexei Starovoitov
    Signed-off-by: David S. Miller

    Jakub Kicinski
     

17 May, 2016

1 commit

  • d1c55ab5e   bpf: prepare bpf_int_jit_compile/bpf_prog_select_runtime apis ... Browse Code »

    Since the blinding is strictly only called from inside eBPF JITs,
    we need to change signatures for bpf_int_jit_compile() and
    bpf_prog_select_runtime() first in order to prepare that the
    eBPF program we're dealing with can change underneath. Hence,
    for call sites, we need to return the latest prog. No functional
    change in this patch.

    Signed-off-by: Daniel Borkmann
    Acked-by: Alexei Starovoitov
    Signed-off-by: David S. Miller

    Daniel Borkmann
     

07 Apr, 2016

4 commits

  • 9c94f6c8e   lib/test_bpf: Add additional BPF_ADD tests ... Browse Code »

    Some of these tests proved useful with the powerpc eBPF JIT port due to
    sign-extended 16-bit immediate loads. Though some of these aspects get
    covered in other tests, it is better to have explicit tests so as to
    quickly tag the precise problem.

    Cc: Alexei Starovoitov
    Cc: Daniel Borkmann
    Cc: "David S. Miller"
    Cc: Ananth N Mavinakayanahalli
    Cc: Michael Ellerman
    Cc: Paul Mackerras
    Signed-off-by: Naveen N. Rao
    Acked-by: Alexei Starovoitov
    Acked-by: Daniel Borkmann
    Signed-off-by: David S. Miller

    Naveen N. Rao
     
  • b64b50eac   lib/test_bpf: Add test to check for result of 32-bit add that overflows ... Browse Code »

    BPF_ALU32 and BPF_ALU64 tests for adding two 32-bit values that results in
    32-bit overflow.

    Cc: Alexei Starovoitov
    Cc: Daniel Borkmann
    Cc: "David S. Miller"
    Cc: Ananth N Mavinakayanahalli
    Cc: Michael Ellerman
    Cc: Paul Mackerras
    Signed-off-by: Naveen N. Rao
    Acked-by: Alexei Starovoitov
    Acked-by: Daniel Borkmann
    Signed-off-by: David S. Miller

    Naveen N. Rao
     
  • c7395d6bd   lib/test_bpf: Add tests for unsigned BPF_JGT ... Browse Code »

    Unsigned Jump-if-Greater-Than.

    Cc: Alexei Starovoitov
    Cc: Daniel Borkmann
    Cc: "David S. Miller"
    Cc: Ananth N Mavinakayanahalli
    Cc: Michael Ellerman
    Cc: Paul Mackerras
    Signed-off-by: Naveen N. Rao
    Acked-by: Alexei Starovoitov
    Acked-by: Daniel Borkmann
    Signed-off-by: David S. Miller

    Naveen N. Rao
     
  • 9f134c34f   lib/test_bpf: Fix JMP_JSET tests ... Browse Code »

    JMP_JSET tests incorrectly used BPF_JNE. Fix the same.

    Cc: Alexei Starovoitov
    Cc: Daniel Borkmann
    Cc: "David S. Miller"
    Cc: Ananth N Mavinakayanahalli
    Cc: Michael Ellerman
    Cc: Paul Mackerras
    Signed-off-by: Naveen N. Rao
    Acked-by: Alexei Starovoitov
    Acked-by: Daniel Borkmann
    Signed-off-by: David S. Miller

    Naveen N. Rao
     

19 Dec, 2015

1 commit

  • 9dd2af834   bpf, test: add couple of test cases ... Browse Code »

    Add couple of test cases for interpreter but also JITs, f.e. to test that
    when imm32 moves are being done, upper 32bits of the regs are being zero
    extended.

    Without JIT:

    [...]
    [ 1114.129301] test_bpf: #43 MOV REG64 jited:0 128 PASS
    [ 1114.130626] test_bpf: #44 MOV REG32 jited:0 139 PASS
    [ 1114.132055] test_bpf: #45 LD IMM64 jited:0 124 PASS
    [...]

    With JIT (generated code can as usual be nicely verified with the help of
    bpf_jit_disasm tool):

    [...]
    [ 1062.726782] test_bpf: #43 MOV REG64 jited:1 6 PASS
    [ 1062.726890] test_bpf: #44 MOV REG32 jited:1 6 PASS
    [ 1062.726993] test_bpf: #45 LD IMM64 jited:1 6 PASS
    [...]

    Signed-off-by: Daniel Borkmann
    Acked-by: Alexei Starovoitov
    Signed-off-by: David S. Miller

    Daniel Borkmann
     

05 Nov, 2015

1 commit

  • d4e4bc161   bpf: add mod default A and X test cases ... Browse Code »

    When running "mod X" operation, if X is 0 the filter has to be halt.
    Add new test cases to cover A = A mod X if X is 0, and A = A mod 1.

    CC: Xi Wang
    CC: Zi Shen Lim
    Signed-off-by: Yang Shi
    Acked-by: Daniel Borkmann
    Acked-by: Alexei Starovoitov
    Acked-by: Zi Shen Lim
    Acked-by: Xi Wang
    Signed-off-by: David S. Miller

    Yang Shi
     

07 Aug, 2015

6 commits

31 Jul, 2015

1 commit

  • 4962fa10f   test_bpf: assign type to native eBPF test cases ... Browse Code »

    As JITs start to perform optimizations whether to clear A and X on eBPF
    programs in the prologue, we should actually assign a program type to the
    native eBPF test cases. It doesn't really matter which program type, as
    these instructions don't go through the verifier, but it needs to be a
    type != BPF_PROG_TYPE_UNSPEC. This reflects eBPF programs loaded via bpf(2)
    system call (!= type unspec) vs. classic BPF to eBPF migrations (== type
    unspec).

    Signed-off-by: Daniel Borkmann
    Cc: Michael Holzheu
    Acked-by: Alexei Starovoitov
    Signed-off-by: David S. Miller

    Daniel Borkmann
     

21 Jul, 2015

1 commit

  • 4d9c5c53a   test_bpf: add bpf_skb_vlan_push/pop() tests ... Browse Code »

    improve accuracy of timing in test_bpf and add two stress tests:
    - {skb->data[0], get_smp_processor_id} repeated 2k times
    - {skb->data[0], vlan_push} x 68 followed by {skb->data[0], vlan_pop} x 68

    1st test is useful to test performance of JIT implementation of BPF_LD_ABS
    together with BPF_CALL instructions.
    2nd test is stressing skb_vlan_push/pop logic together with skb->data access
    via BPF_LD_ABS insn which checks that re-caching of skb->data is done correctly.

    In order to call bpf_skb_vlan_push() from test_bpf.ko have to add
    three export_symbol_gpl.

    Signed-off-by: Alexei Starovoitov
    Signed-off-by: David S. Miller

    Alexei Starovoitov
     

09 Jul, 2015

1 commit

  • ba29becd7   test_bpf: extend tests for 32-bit endianness conversion ... Browse Code »

    Currently "ALU_END_FROM_BE 32" and "ALU_END_FROM_LE 32" do not test if
    the upper bits of the result are zeros (the arm64 JIT had such bugs).
    Extend the two tests to catch this.

    Acked-by: Daniel Borkmann
    Acked-by: Alexei Starovoitov
    Signed-off-by: Xi Wang
    Signed-off-by: David S. Miller

    Xi Wang
     

28 May, 2015

1 commit

  • bde28bc6a   test_bpf: add similarly conflicting jump test case only for classic ... Browse Code »

    While 3b52960266a3 ("test_bpf: add more eBPF jump torture cases")
    added the int3 bug test case only for eBPF, which needs exactly 11
    passes to converge, here's a version for classic BPF with 11 passes,
    and one that would need 70 passes on x86_64 to actually converge for
    being successfully JITed. Effectively, all jumps are being optimized
    out resulting in a JIT image of just 89 bytes (from originally max
    BPF insns), only returning K.

    Might be useful as a receipe for folks wanting to craft a test case
    when backporting the fix in commit 3f7352bf21f8 ("x86: bpf_jit: fix
    compilation of large bpf programs") while not having eBPF. The 2nd
    one is delegated to the interpreter as the last pass still results
    in shrinking, in other words, this one won't be JITed on x86_64.

    Signed-off-by: Daniel Borkmann
    Acked-by: Alexei Starovoitov
    Signed-off-by: David S. Miller

    Daniel Borkmann
     

25 May, 2015

1 commit

  • 3b5296026   test_bpf: add more eBPF jump torture cases ... Browse Code »

    Add two more eBPF test cases for JITs, i.e. the second one revealed a
    bug in the x86_64 JIT compiler, where only an int3 filled image from
    the allocator was emitted and later wrongly set by the compiler as the
    bpf_func program code since optimization pass boundary was surpassed
    w/o actually emitting opcodes.

    Interpreter:

    [ 45.782892] test_bpf: #242 BPF_MAXINSNS: Very long jump backwards jited:0 11 PASS
    [ 45.783062] test_bpf: #243 BPF_MAXINSNS: Edge hopping nuthouse jited:0 14705 PASS

    After x86_64 JIT (fixed):

    [ 80.495638] test_bpf: #242 BPF_MAXINSNS: Very long jump backwards jited:1 6 PASS
    [ 80.495957] test_bpf: #243 BPF_MAXINSNS: Edge hopping nuthouse jited:1 17157 PASS

    Reference: http://thread.gmane.org/gmane.linux.network/364729
    Signed-off-by: Daniel Borkmann
    Acked-by: Alexei Starovoitov
    Signed-off-by: David S. Miller

    Daniel Borkmann
     

23 May, 2015

1 commit

  • fe5938449   test_bpf: Add backward jump test case ... Browse Code »

    Currently the testsuite does not have a test case with a backward jump.
    The s390x JIT (kernel 4.0) had a bug in that area.
    So add one new test case for this now.

    Signed-off-by: Michael Holzheu
    Signed-off-by: Alexei Starovoitov
    Acked-by: Daniel Borkmann
    Signed-off-by: David S. Miller

    Michael Holzheu
     

15 May, 2015

2 commits

  • 56cbaa45d   test_bpf: fix sparse warnings ... Browse Code »

    Fix several sparse warnings like:
    lib/test_bpf.c:1824:25: sparse: constant 4294967295 is so big it is long
    lib/test_bpf.c:1878:25: sparse: constant 0x0000ffffffff0000 is so big it is long

    Fixes: cffc642d93f9 ("test_bpf: add 173 new testcases for eBPF")
    Reported-by: Fengguang Wu
    Signed-off-by: Michael Holzheu
    Signed-off-by: Alexei Starovoitov
    Acked-by: Daniel Borkmann
    Signed-off-by: David S. Miller

    Michael Holzheu
     
  • a4afd37b2   test_bpf: add tests related to BPF_MAXINSNS ... Browse Code »

    Couple of torture test cases related to the bug fixed in 0b59d8806a31
    ("ARM: net: delegate filter to kernel interpreter when imm_offset()
    return value can't fit into 12bits.").

    I've added a helper to allocate and fill the insn space. Output on
    x86_64 from my laptop:

    test_bpf: #233 BPF_MAXINSNS: Maximum possible literals jited:0 7 PASS
    test_bpf: #234 BPF_MAXINSNS: Single literal jited:0 8 PASS
    test_bpf: #235 BPF_MAXINSNS: Run/add until end jited:0 11553 PASS
    test_bpf: #236 BPF_MAXINSNS: Too many instructions PASS
    test_bpf: #237 BPF_MAXINSNS: Very long jump jited:0 9 PASS
    test_bpf: #238 BPF_MAXINSNS: Ctx heavy transformations jited:0 20329 20398 PASS
    test_bpf: #239 BPF_MAXINSNS: Call heavy transformations jited:0 32178 32475 PASS
    test_bpf: #240 BPF_MAXINSNS: Jump heavy test jited:0 10518 PASS

    test_bpf: #233 BPF_MAXINSNS: Maximum possible literals jited:1 4 PASS
    test_bpf: #234 BPF_MAXINSNS: Single literal jited:1 4 PASS
    test_bpf: #235 BPF_MAXINSNS: Run/add until end jited:1 1625 PASS
    test_bpf: #236 BPF_MAXINSNS: Too many instructions PASS
    test_bpf: #237 BPF_MAXINSNS: Very long jump jited:1 8 PASS
    test_bpf: #238 BPF_MAXINSNS: Ctx heavy transformations jited:1 3301 3174 PASS
    test_bpf: #239 BPF_MAXINSNS: Call heavy transformations jited:1 24107 23491 PASS
    test_bpf: #240 BPF_MAXINSNS: Jump heavy test jited:1 8651 PASS

    Signed-off-by: Daniel Borkmann
    Cc: Alexei Starovoitov
    Cc: Nicolas Schichan
    Acked-by: Alexei Starovoitov
    Signed-off-by: David S. Miller

    Daniel Borkmann
     

13 May, 2015

1 commit

11 May, 2015

1 commit

  • 986ccfdbd   test: bpf: extend "load 64-bit immediate" testcase ... Browse Code »

    Extend the testcase to catch a signedness bug in the arm64 JIT:

    test_bpf: #58 load 64-bit immediate jited:1 ret -1 != 1 FAIL (1 times)

    This is useful to ensure other JITs won't have a similar bug.

    Link: https://lkml.org/lkml/2015/5/8/458
    Cc: Alexei Starovoitov
    Cc: Will Deacon
    Signed-off-by: Xi Wang
    Acked-by: Alexei Starovoitov
    Acked-by: Daniel Borkmann
    Signed-off-by: David S. Miller

    Xi Wang
     

01 May, 2015

1 commit

  • 327941f8d   test_bpf: indicate whether bpf prog got jited in test suite ... Browse Code »

    I think this is useful to verify whether a filter could be JITed or
    not in case of bpf_prog_enable >= 1, which otherwise the test suite
    doesn't tell besides taking a good peek at the performance numbers.

    Nicolas Schichan reported a bug in the ARM JIT compiler that rejected
    and waved the filter to the interpreter although it shouldn't have.
    Nevertheless, the test passes as expected, but such information is
    not visible.

    It's i.e. useful for the remaining classic JITs, but also for
    implementing remaining opcodes that are not yet present in eBPF JITs
    (e.g. ARM64 waves some of them to the interpreter). This minor patch
    allows to grep through dmesg to find those accordingly, but also
    provides a total summary, i.e.: [/53 JIT'ed]

    # echo 1 > /proc/sys/net/core/bpf_jit_enable
    # insmod lib/test_bpf.ko
    # dmesg | grep "jited:0"

    dmesg example on the ARM issue with JIT rejection:

    [...]
    [ 67.925387] test_bpf: #2 ADD_SUB_MUL_K jited:1 24 PASS
    [ 67.930889] test_bpf: #3 DIV_MOD_KX jited:0 794 PASS
    [ 67.943940] test_bpf: #4 AND_OR_LSH_K jited:1 20 20 PASS
    [...]

    Signed-off-by: Daniel Borkmann
    Cc: Nicolas Schichan
    Cc: Alexei Starovoitov
    Acked-by: Alexei Starovoitov
    Signed-off-by: David S. Miller

    Daniel Borkmann
     

09 Dec, 2014

1 commit

31 Oct, 2014

1 commit

  • e21ab36a8   test: bpf: add a testcase reduced from nmap ... Browse Code »

    nmap generates classic BPF programs to filter ARP packets with given target MAC
    which triggered a bug in eBPF x64 JIT. The bug was fixed in
    commit e0ee9c12157d ("x86: bpf_jit: fix two bugs in eBPF JIT compiler")
    This patch is adding a testcase in eBPF instructions (those that
    were generated by classic->eBPF converter) to be processed by JIT.
    The test is primarily targeting JIT compiler.

    Signed-off-by: Alexei Starovoitov
    Signed-off-by: David S. Miller

    Alexei Starovoitov
     

23 Sep, 2014

1 commit

  • 25ee7327d   net: bpf: fix compiler warnings in test_bpf ... Browse Code »

    old gcc 4.2 used by avr32 architecture produces warnings:

    lib/test_bpf.c:1741: warning: integer constant is too large for 'long' type
    lib/test_bpf.c:1741: warning: integer constant is too large for 'long' type
    lib/test_bpf.c: In function '__run_one':
    lib/test_bpf.c:1897: warning: 'ret' may be used uninitialized in this function

    silence these warnings.

    Fixes: 02ab695bb37e ("net: filter: add "load 64-bit immediate" eBPF instruction")
    Reported-by: Fengguang Wu
    Signed-off-by: Alexei Starovoitov
    Acked-by: Daniel Borkmann
    Signed-off-by: David S. Miller

    Alexei Starovoitov