bpf: Allow 'may_goto 0' instruction #8366
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![kernel-patches-daemon-bpf[bot]](https://avatars.githubusercontent.com/u/70728002?s=60&v=4){kind=small}
|
Upstream branch: 87c5441 |
kernel-patches-daemon-bpf
bot
force-pushed
the
bpf-next_base
branch
from
66183ca to
2327693
Compare
|
Upstream branch: 87c5441 |
kernel-patches-daemon-bpf
bot
force-pushed
the
series/925938=>bpf-next
branch
from
f597225 to
b8734e5
Compare
kernel-patches-daemon-bpf
bot
force-pushed
the
bpf-next_base
branch
from
2327693 to
e4fef02
Compare
|
Upstream branch: 87c5441 |
kernel-patches-daemon-bpf
bot
force-pushed
the
series/925938=>bpf-next
branch
from
b8734e5 to
be823b0
Compare
|
Upstream branch: 87c5441 |
kernel-patches-daemon-bpf
bot
force-pushed
the
series/925938=>bpf-next
branch
from
be823b0 to
cde57d2
Compare
|
Upstream branch: 87c5441 |
kernel-patches-daemon-bpf
bot
force-pushed
the
series/925938=>bpf-next
branch
from
cde57d2 to
b8ce65e
Compare
kernel-patches-daemon-bpf
bot
force-pushed
the
bpf-next_base
branch
from
e4fef02 to
70e4b2e
Compare
|
Upstream branch: a8d1c48 |
kernel-patches-daemon-bpf
bot
force-pushed
the
series/925938=>bpf-next
branch
from
b8ce65e to
2c25403
Compare
kernel-patches-daemon-bpf
bot
force-pushed
the
bpf-next_base
branch
from
70e4b2e to
a20eb62
Compare
|
Upstream branch: 556a399 |
kernel-patches-daemon-bpf
bot
force-pushed
the
series/925938=>bpf-next
branch
from
2c25403 to
653347c
Compare
kernel-patches-daemon-bpf
bot
force-pushed
the
bpf-next_base
branch
from
a20eb62 to
1332909
Compare
|
Upstream branch: 556a399 |
kernel-patches-daemon-bpf
bot
force-pushed
the
series/925938=>bpf-next
branch
from
653347c to
e67d25c
Compare
|
At least one diff in series https://patchwork.kernel.org/project/netdevbpf/list/?series=925938 expired. Closing PR. |
|
Upstream branch: 01f3ce5 |
kernel-patches-daemon-bpf
bot
added
new
V2
and removed
changes-requested
V1
V1-ci-pass
labels
kernel-patches-daemon-bpf
bot
force-pushed
the
series/925938=>bpf-next
branch
from
e67d25c to
a9ebb3b
Compare
added 3 commits
January 20, 2025 07:24
Commit 011832b ("bpf: Introduce may_goto instruction") added support for may_goto insn. The 'may_goto 0' insn is disallowed since the insn is equivalent to a nop as both branch will go to the next insn. But it is possible that compiler transformation may generate 'may_goto 0' insn. Emil Tsalapatis from Meta reported such a case which caused verification failure. For example, for the following code, int i, tmp[3]; for (i = 0; i < 3 && can_loop; i++) tmp[i] = 0; ... clang 20 may generate code like may_goto 2; may_goto 1; may_goto 0; r1 = 0; /* tmp[0] = 0; */ r2 = 0; /* tmp[1] = 0; */ r3 = 0; /* tmp[2] = 0; */ Let us permit 'may_goto 0' insn to avoid verification failure for codes like the above. Reported-by: Emil Tsalapatis <[email protected]> Acked-by: Eduard Zingerman <[email protected]> Signed-off-by: Yonghong Song <[email protected]> Acked-by: Daniel Borkmann <[email protected]>
Since 'may_goto 0' insns are actually no-op, let us remove them. Otherwise, verifier will generate code like /* r10 - 8 stores the implicit loop count */ r11 = *(u64 *)(r10 -8) if r11 == 0x0 goto pc+2 r11 -= 1 *(u64 *)(r10 -8) = r11 which is the pure overhead. The following code patterns (from the previous commit) are also handled: may_goto 2 may_goto 1 may_goto 0 With this commit, the above three 'may_goto' insns are all eliminated. Signed-off-by: Yonghong Song <[email protected]>
Add both asm-based and C-based tests which have 'may_goto 0' insns.
For the following code in C-based test,
int i, tmp[3];
for (i = 0; i < 3 && can_loop; i++)
tmp[i] = 0;
The clang compiler (clang 19 and 20) generates
may_goto 2
may_goto 1
may_goto 0
r1 = 0
r2 = 0
r3 = 0
The above asm codes are due to llvm pass SROAPass. This ensures the
successful verification since tmp[0-2] are initialized. Otherwise,
the code without SROAPass like
may_goto 5
r1 = 0
may_goto 3
r2 = 0
may_goto 1
r3 = 0
will have verification failure.
Although from the source code C-based test should have verification
failure, clang compiler optimization generates code with successful
verification. If gcc generates different asm codes than clang, the
following code can be used for gcc:
int i, tmp[3];
for (i = 0; i < 3; i++)
tmp[i] = 0;
Acked-by: Eduard Zingerman <[email protected]>
Signed-off-by: Yonghong Song <[email protected]>
|
Upstream branch: 01f3ce5 |
kernel-patches-daemon-bpf
bot
force-pushed
the
series/925938=>bpf-next
branch
from
a9ebb3b to
aa16779
Compare
|
At least one diff in series https://patchwork.kernel.org/project/netdevbpf/list/?series=926682 expired. Closing PR. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull request for series with
subject: bpf: Allow 'may_goto 0' instruction
version: 1
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=925938