[PATCH bpf 0/2] riscv, bpf: Properly sign-extend return values
From: Björn Töpel
Date: Wed Oct 04 2023 - 08:07:22 EST
From: Björn Töpel <bjorn@xxxxxxxxxxxx>
The RISC-V architecture does not expose sub-registers, and hold all
32-bit values in a sign-extended format [1] [2]:
| The compiler and calling convention maintain an invariant that all
| 32-bit values are held in a sign-extended format in 64-bit
| registers. Even 32-bit unsigned integers extend bit 31 into bits
| 63 through 32. Consequently, conversion between unsigned and
| signed 32-bit integers is a no-op, as is conversion from a signed
| 32-bit integer to a signed 64-bit integer.
While BPF, on the other hand, exposes sub-registers, and use
zero-extension (similar to arm64/x86).
This has led to some subtle bugs, where a BPF JITted program has not
sign-extended the a0 register (return value in RISC-V land), passed
the return value up the kernel, e.g.:
| int from_bpf(void);
|
| long foo(void)
| {
| return from_bpf();
| }
This series fixes this issue by keeping a pair of return value
registers; a0 (RISC-V ABI, sign-extended), a5 (BPF, zero-extended).
The following test_progs now pass, which were previously broken:
| 13 bpf_cookie
| 19 bpf_mod_race
| 68 deny_namespace
| 119 libbpf_get_fd_by_id_opts
| 135 lookup_key
| 137 lsm_cgroup
| 284 test_lsm
Björn
Björn Töpel (2):
riscv, bpf: Sign-extend return values
riscv, bpf: Track both a0 (RISC-V ABI) and a5 (BPF) return values
arch/riscv/net/bpf_jit_comp64.c | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
base-commit: 9077fc228f09c9f975c498c55f5d2e882cd0da59
--
2.39.2