From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id D0D8E45656; Fri, 19 Jul 2024 19:13:27 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9AB1B40EF1; Fri, 19 Jul 2024 19:13:27 +0200 (CEST) Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com [209.85.210.179]) by mails.dpdk.org (Postfix) with ESMTP id 5051540EF1 for ; Fri, 19 Jul 2024 19:13:26 +0200 (CEST) Received: by mail-pf1-f179.google.com with SMTP id d2e1a72fcca58-70b3c0a00f2so787729b3a.3 for ; Fri, 19 Jul 2024 10:13:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20230601.gappssmtp.com; s=20230601; t=1721409205; x=1722014005; darn=dpdk.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=v/yzLv4KYpC/A1M3FDQ5LAUy+Tkd57M9Ss/gnKmcYoA=; b=pqx+lLoM62RxjYEm80QAoX/vgxZD31aRJs5zFbwOPwp5pf1aak5lYyGvWjLRhMeyRg +xrdMiYr8jvwEoT2eNvk9HFhm0b7QsXBTbCrEzmso27DSrAN3IkSmF3PWx1U6SiInLCv bZUd3VGtSur0gAIFkmkzNFcoXWxctymeBlv7nVNRxm6accUuahssoyTEDAyHNVajaiJK /Cy8ugEE4gYoM0uJ9SWxHl8qCnff0JvfISPP0IzjzOzq1952lKoqjOhJ5OgfpSj05r5W vlsA+xhdAHRJnz1tUREY6pSUiOndg0Mr+iRv7QqLppFjn038pHPzze8nzVIhoK3hfB4h THhA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721409205; x=1722014005; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=v/yzLv4KYpC/A1M3FDQ5LAUy+Tkd57M9Ss/gnKmcYoA=; b=F9PuOrKKgASgiDivmrpoU+atU14kWVe21J/KHQOlN+Hjc72eKnjZG7WfjLfNZruRke cIdBTP7+gHqCSbSRZ1HgrtohRSRZEEX/SKlVJh/TAJhiGqX2BcnS/73arIv+c9DE+K20 nRGbyrCYaJZHgD7MoWCJrsz8agPEmSs/q1yXa0ol3Q756JoqqJWHhAhpVrkQCeMZ9gDm CbuvHuMvqWeUcSgqqhfsr1snU3ep3SeNQ7LAXdlIjr4ISfERbBhjo0yV9qrMf27uG0xY 0sryzCg8Flyy3CR0WRe/OBHQjbRVzSSusgLEU5X/af26N45lD/Ee2+A0mQruGkSOmhE2 SqUg== X-Forwarded-Encrypted: i=1; AJvYcCXD4a/pW+aCIPR/8kBArYkMio7pnJSbuuBHYZsaJzj6FwqHySwYAFfin8x1k2q8CHfH7GaWtEX0gT3ro84= X-Gm-Message-State: AOJu0YztWQbKi+DpYHBKrADsvXUK7PuwA8UWDP1csr0RBeVm04grvC9x f400MmeLFlHLRIDdex+G6W2tdN9hIlVLp+AleG8Yp8sMTWjjcMiZ0ibZpL4uUyA= X-Google-Smtp-Source: AGHT+IEC9JAOMhuR8KkP4clYD5y6FNSj7ODLXar22tvldSa8k5DXvvRD3FLS6qLC20jSavNatX9Www== X-Received: by 2002:a05:6a00:218f:b0:70b:10fe:10a9 with SMTP id d2e1a72fcca58-70d0864acf1mr759558b3a.29.1721409205335; Fri, 19 Jul 2024 10:13:25 -0700 (PDT) Received: from hermes.local (204-195-96-226.wavecable.com. [204.195.96.226]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-70cff491057sm1421008b3a.8.2024.07.19.10.13.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 19 Jul 2024 10:13:25 -0700 (PDT) Date: Fri, 19 Jul 2024 10:13:23 -0700 From: Stephen Hemminger To: Konstantin Ananyev Cc: Konstantin Ananyev , "dev@dpdk.org" Subject: Re: BPF standardization Message-ID: <20240719101323.5e880752@hermes.local> In-Reply-To: <956072b13b7b45fe8ce676989580f3e0@huawei.com> References: <20240530162326.02218863@hermes.local> <956072b13b7b45fe8ce676989580f3e0@huawei.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org On Fri, 19 Jul 2024 09:12:58 +0000 Konstantin Ananyev wrote: > bpf_convert_filter() uses standard approach with XOR-ing itself: > xor r0, r0, r0 > to reset some register values. > Unfortunately linux verifier seems way too strict here and > doesn't allow access to register with undefined value. > It generates error log like that for this op: > Failed to verify program: Permission denied (13) > LOG: func#0 @0 > 0: R1=ctx(id=0,off=0,imm=0) R10=fp0 > 0: (af) r0 ^= r0 > R0 !read_ok > processed 1 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0 > > To overcome that, simply replace XOR with itself to explicit > mov32 r0, #0x0 > > Signed-off-by: Konstantin Ananyev > --- > lib/bpf/bpf_convert.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/lib/bpf/bpf_convert.c b/lib/bpf/bpf_convert.c > index d7ff2b4325..eceaa19c76 100644 > --- a/lib/bpf/bpf_convert.c > +++ b/lib/bpf/bpf_convert.c > @@ -267,8 +267,11 @@ static int bpf_convert_filter(const struct bpf_insn *prog, size_t len, > /* Classic BPF expects A and X to be reset first. These need > * to be guaranteed to be the first two instructions. > */ > - *new_insn++ = EBPF_ALU64_REG(BPF_XOR, BPF_REG_A, BPF_REG_A); > - *new_insn++ = EBPF_ALU64_REG(BPF_XOR, BPF_REG_X, BPF_REG_X); > + //*new_insn++ = EBPF_ALU64_REG(BPF_XOR, BPF_REG_A, BPF_REG_A); > + //*new_insn++ = EBPF_ALU64_REG(BPF_XOR, BPF_REG_X, BPF_REG_X); > + > + *new_insn++ = BPF_MOV32_IMM(BPF_REG_A, 0); > + *new_insn++ = BPF_MOV32_IMM(BPF_REG_X, 0); > > /* All programs must keep CTX in callee saved BPF_REG_CTX. > * In eBPF case it's done by the compiler, here we need to This was taken from how kernel converts cBPF and the prologue it generates. Surprising that verifier gags? see net/core/filter.c /* Classic BPF related prologue emission. */ if (new_prog) { /* Classic BPF expects A and X to be reset first. These need * to be guaranteed to be the first two instructions. */ *new_insn++ = BPF_ALU32_REG(BPF_XOR, BPF_REG_A, BPF_REG_A); *new_insn++ = BPF_ALU32_REG(BPF_XOR, BPF_REG_X, BPF_REG_X); /* All programs must keep CTX in callee saved BPF_REG_CTX. * In eBPF case it's done by the compiler, here we need to * do this ourself. Initial CTX is present in BPF_REG_ARG1. */ *new_insn++ = BPF_MOV64_REG(BPF_REG_CTX, BPF_REG_ARG1); if (*seen_ld_abs) { /* For packet access in classic BPF, cache skb->data * in callee-saved BPF R8 and skb->len - skb->data_len * (headlen) in BPF R9. Since classic BPF is read-only * on CTX, we only need to cache it once. */ *new_insn++ = BPF_LDX_MEM(BPF_FIELD_SIZEOF(struct sk_buff, data), BPF_REG_D, BPF_REG_CTX, offsetof(struct sk_buff, data)); *new_insn++ = BPF_LDX_MEM(BPF_W, BPF_REG_H, BPF_REG_CTX, offsetof(struct sk_buff, len)); *new_insn++ = BPF_LDX_MEM(BPF_W, BPF_REG_TMP, BPF_REG_CTX, offsetof(struct sk_buff, data_len)); *new_insn++ = BPF_ALU32_REG(BPF_SUB, BPF_REG_H, BPF_REG_TMP); }