diff mbox series

[bpf] tools: bpftool: JIT limited misreported as negative value on aarch64

Message ID 20230512113134.58996-1-alan.maguire@oracle.com (mailing list archive)
State Accepted
Commit 04cb8453a91c7c22f60ddadb6cef0d19abb33bb5
Delegated to: BPF
Headers show
Series [bpf] tools: bpftool: JIT limited misreported as negative value on aarch64 | expand

Checks

Context Check Description
netdev/series_format success Single patches do not need cover letters
netdev/tree_selection success Clearly marked for bpf
netdev/fixes_present success Fixes tag present in non-next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 8 this patch: 8
netdev/cc_maintainers success CCed 14 of 14 maintainers
netdev/build_clang success Errors and warnings before: 8 this patch: 8
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 8 this patch: 8
netdev/checkpatch warning WARNING: line length of 114 exceeds 80 columns WARNING: line length of 89 exceeds 80 columns WARNING: line length of 91 exceeds 80 columns
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
bpf/vmtest-bpf-VM_Test-11 success Logs for test_maps on x86_64 with gcc
bpf/vmtest-bpf-VM_Test-12 success Logs for test_maps on x86_64 with llvm-16
bpf/vmtest-bpf-VM_Test-21 success Logs for test_progs_no_alu32 on x86_64 with gcc
bpf/vmtest-bpf-VM_Test-22 success Logs for test_progs_no_alu32 on x86_64 with llvm-16
bpf/vmtest-bpf-VM_Test-23 success Logs for test_progs_no_alu32_parallel on aarch64 with gcc
bpf/vmtest-bpf-VM_Test-24 success Logs for test_progs_no_alu32_parallel on aarch64 with llvm-17
bpf/vmtest-bpf-VM_Test-25 success Logs for test_progs_no_alu32_parallel on x86_64 with gcc
bpf/vmtest-bpf-VM_Test-26 success Logs for test_progs_no_alu32_parallel on x86_64 with llvm-16
bpf/vmtest-bpf-VM_Test-27 success Logs for test_progs_parallel on aarch64 with gcc
bpf/vmtest-bpf-VM_Test-28 success Logs for test_progs_parallel on aarch64 with llvm-17
bpf/vmtest-bpf-VM_Test-29 success Logs for test_progs_parallel on x86_64 with gcc
bpf/vmtest-bpf-VM_Test-30 success Logs for test_progs_parallel on x86_64 with llvm-16
bpf/vmtest-bpf-VM_Test-31 success Logs for test_verifier on aarch64 with gcc
bpf/vmtest-bpf-VM_Test-32 success Logs for test_verifier on aarch64 with llvm-17
bpf/vmtest-bpf-VM_Test-33 success Logs for test_verifier on s390x with gcc
bpf/vmtest-bpf-VM_Test-34 success Logs for test_verifier on x86_64 with gcc
bpf/vmtest-bpf-VM_Test-35 success Logs for test_verifier on x86_64 with llvm-16
bpf/vmtest-bpf-VM_Test-36 success Logs for veristat
bpf/vmtest-bpf-VM_Test-13 fail Logs for test_progs on aarch64 with gcc
bpf/vmtest-bpf-VM_Test-14 success Logs for test_progs on aarch64 with llvm-17
bpf/vmtest-bpf-VM_Test-16 success Logs for test_progs on x86_64 with gcc
bpf/vmtest-bpf-VM_Test-17 success Logs for test_progs on x86_64 with llvm-16
bpf/vmtest-bpf-VM_Test-18 success Logs for test_progs_no_alu32 on aarch64 with gcc
bpf/vmtest-bpf-VM_Test-19 success Logs for test_progs_no_alu32 on aarch64 with llvm-17
bpf/vmtest-bpf-VM_Test-15 success Logs for test_progs on s390x with gcc
bpf/vmtest-bpf-VM_Test-20 success Logs for test_progs_no_alu32 on s390x with gcc
bpf/vmtest-bpf-PR fail PR summary
bpf/vmtest-bpf-VM_Test-10 success Logs for test_maps on s390x with gcc
bpf/vmtest-bpf-VM_Test-1 success Logs for ${{ matrix.test }} on ${{ matrix.arch }} with ${{ matrix.toolchain_full }}
bpf/vmtest-bpf-VM_Test-2 success Logs for ShellCheck
bpf/vmtest-bpf-VM_Test-3 fail Logs for build for aarch64 with gcc
bpf/vmtest-bpf-VM_Test-4 fail Logs for build for aarch64 with llvm-17
bpf/vmtest-bpf-VM_Test-5 fail Logs for build for s390x with gcc
bpf/vmtest-bpf-VM_Test-6 fail Logs for build for x86_64 with gcc
bpf/vmtest-bpf-VM_Test-7 fail Logs for build for x86_64 with llvm-16
bpf/vmtest-bpf-VM_Test-8 success Logs for set-matrix
bpf/vmtest-bpf-VM_Test-9 success Logs for veristat

Commit Message

Alan Maguire May 12, 2023, 11:31 a.m. UTC 
On aarch64, "bpftool feature" reports an incorrect BPF JIT limit:

$ sudo /sbin/bpftool feature
Scanning system configuration...
bpf() syscall restricted to privileged users
JIT compiler is enabled
JIT compiler hardening is disabled
JIT compiler kallsyms exports are enabled for root
skipping kernel config, can't open file: No such file or directory
Global memory limit for JIT compiler for unprivileged users is -201326592 bytes

This is because /proc/sys/net/core/bpf_jit_limit reports

$ sudo cat /proc/sys/net/core/bpf_jit_limit
68169519595520

...and an int is assumed in read_procfs().  Change read_procfs()
to return a long to avoid negative value reporting.

Fixes: 7a4522bbef0c ("tools: bpftool: add probes for /proc/ eBPF parameters")
Reported-by: Nicky Veitch <nicky.veitch@oracle.com>
Signed-off-by: Alan Maguire <alan.maguire@oracle.com>
---
 tools/bpf/bpftool/feature.c | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

Comments

Jiri Olsa May 12, 2023, 11:58 a.m. UTC | #1 
On Fri, May 12, 2023 at 12:31:34PM +0100, Alan Maguire wrote:
> On aarch64, "bpftool feature" reports an incorrect BPF JIT limit:
> 
> $ sudo /sbin/bpftool feature
> Scanning system configuration...
> bpf() syscall restricted to privileged users
> JIT compiler is enabled
> JIT compiler hardening is disabled
> JIT compiler kallsyms exports are enabled for root
> skipping kernel config, can't open file: No such file or directory
> Global memory limit for JIT compiler for unprivileged users is -201326592 bytes
> 
> This is because /proc/sys/net/core/bpf_jit_limit reports
> 
> $ sudo cat /proc/sys/net/core/bpf_jit_limit
> 68169519595520
> 
> ...and an int is assumed in read_procfs().  Change read_procfs()
> to return a long to avoid negative value reporting.
> 
> Fixes: 7a4522bbef0c ("tools: bpftool: add probes for /proc/ eBPF parameters")
> Reported-by: Nicky Veitch <nicky.veitch@oracle.com>
> Signed-off-by: Alan Maguire <alan.maguire@oracle.com>

Acked-by: Jiri Olsa <jolsa@kernel.org>

jirka

> ---
>  tools/bpf/bpftool/feature.c | 24 ++++++++++++------------
>  1 file changed, 12 insertions(+), 12 deletions(-)
> 
> diff --git a/tools/bpf/bpftool/feature.c b/tools/bpf/bpftool/feature.c
> index da16e6a27ccc..0675d6a46413 100644
> --- a/tools/bpf/bpftool/feature.c
> +++ b/tools/bpf/bpftool/feature.c
> @@ -167,12 +167,12 @@ static int get_vendor_id(int ifindex)
>  	return strtol(buf, NULL, 0);
>  }
>  
> -static int read_procfs(const char *path)
> +static long read_procfs(const char *path)
>  {
>  	char *endptr, *line = NULL;
>  	size_t len = 0;
>  	FILE *fd;
> -	int res;
> +	long res;
>  
>  	fd = fopen(path, "r");
>  	if (!fd)
> @@ -194,7 +194,7 @@ static int read_procfs(const char *path)
>  
>  static void probe_unprivileged_disabled(void)
>  {
> -	int res;
> +	long res;
>  
>  	/* No support for C-style ouptut */
>  
> @@ -216,14 +216,14 @@ static void probe_unprivileged_disabled(void)
>  			printf("Unable to retrieve required privileges for bpf() syscall\n");
>  			break;
>  		default:
> -			printf("bpf() syscall restriction has unknown value %d\n", res);
> +			printf("bpf() syscall restriction has unknown value %ld\n", res);
>  		}
>  	}
>  }
>  
>  static void probe_jit_enable(void)
>  {
> -	int res;
> +	long res;
>  
>  	/* No support for C-style ouptut */
>  
> @@ -245,7 +245,7 @@ static void probe_jit_enable(void)
>  			printf("Unable to retrieve JIT-compiler status\n");
>  			break;
>  		default:
> -			printf("JIT-compiler status has unknown value %d\n",
> +			printf("JIT-compiler status has unknown value %ld\n",
>  			       res);
>  		}
>  	}
> @@ -253,7 +253,7 @@ static void probe_jit_enable(void)
>  
>  static void probe_jit_harden(void)
>  {
> -	int res;
> +	long res;
>  
>  	/* No support for C-style ouptut */
>  
> @@ -275,7 +275,7 @@ static void probe_jit_harden(void)
>  			printf("Unable to retrieve JIT hardening status\n");
>  			break;
>  		default:
> -			printf("JIT hardening status has unknown value %d\n",
> +			printf("JIT hardening status has unknown value %ld\n",
>  			       res);
>  		}
>  	}
> @@ -283,7 +283,7 @@ static void probe_jit_harden(void)
>  
>  static void probe_jit_kallsyms(void)
>  {
> -	int res;
> +	long res;
>  
>  	/* No support for C-style ouptut */
>  
> @@ -302,14 +302,14 @@ static void probe_jit_kallsyms(void)
>  			printf("Unable to retrieve JIT kallsyms export status\n");
>  			break;
>  		default:
> -			printf("JIT kallsyms exports status has unknown value %d\n", res);
> +			printf("JIT kallsyms exports status has unknown value %ld\n", res);
>  		}
>  	}
>  }
>  
>  static void probe_jit_limit(void)
>  {
> -	int res;
> +	long res;
>  
>  	/* No support for C-style ouptut */
>  
> @@ -322,7 +322,7 @@ static void probe_jit_limit(void)
>  			printf("Unable to retrieve global memory limit for JIT compiler for unprivileged users\n");
>  			break;
>  		default:
> -			printf("Global memory limit for JIT compiler for unprivileged users is %d bytes\n", res);
> +			printf("Global memory limit for JIT compiler for unprivileged users is %ld bytes\n", res);
>  		}
>  	}
>  }
> -- 
> 2.31.1
>
Quentin Monnet May 12, 2023, 12:09 p.m. UTC | #2 
2023-05-12 13:58 UTC+0200 ~ Jiri Olsa <olsajiri@gmail.com>
> On Fri, May 12, 2023 at 12:31:34PM +0100, Alan Maguire wrote:
>> On aarch64, "bpftool feature" reports an incorrect BPF JIT limit:
>>
>> $ sudo /sbin/bpftool feature
>> Scanning system configuration...
>> bpf() syscall restricted to privileged users
>> JIT compiler is enabled
>> JIT compiler hardening is disabled
>> JIT compiler kallsyms exports are enabled for root
>> skipping kernel config, can't open file: No such file or directory
>> Global memory limit for JIT compiler for unprivileged users is -201326592 bytes
>>
>> This is because /proc/sys/net/core/bpf_jit_limit reports
>>
>> $ sudo cat /proc/sys/net/core/bpf_jit_limit
>> 68169519595520
>>
>> ...and an int is assumed in read_procfs().  Change read_procfs()
>> to return a long to avoid negative value reporting.
>>
>> Fixes: 7a4522bbef0c ("tools: bpftool: add probes for /proc/ eBPF parameters")
>> Reported-by: Nicky Veitch <nicky.veitch@oracle.com>
>> Signed-off-by: Alan Maguire <alan.maguire@oracle.com>
> 
> Acked-by: Jiri Olsa <jolsa@kernel.org>
> 
> jirka

Acked-by: Quentin Monnet <quentin@isovalent.com>

Thanks!
patchwork-bot+netdevbpf@kernel.org May 15, 2023, 7:20 p.m. UTC | #3 
Hello:

This patch was applied to bpf/bpf-next.git (master)
by Daniel Borkmann <daniel@iogearbox.net>:

On Fri, 12 May 2023 12:31:34 +0100 you wrote:
> On aarch64, "bpftool feature" reports an incorrect BPF JIT limit:
> 
> $ sudo /sbin/bpftool feature
> Scanning system configuration...
> bpf() syscall restricted to privileged users
> JIT compiler is enabled
> JIT compiler hardening is disabled
> JIT compiler kallsyms exports are enabled for root
> skipping kernel config, can't open file: No such file or directory
> Global memory limit for JIT compiler for unprivileged users is -201326592 bytes
> 
> [...]

Here is the summary with links:
  - [bpf] tools: bpftool: JIT limited misreported as negative value on aarch64
    https://git.kernel.org/bpf/bpf-next/c/04cb8453a91c

You are awesome, thank you!
diff mbox series

Patch

diff --git a/tools/bpf/bpftool/feature.c b/tools/bpf/bpftool/feature.c
index da16e6a27ccc..0675d6a46413 100644
--- a/tools/bpf/bpftool/feature.c
+++ b/tools/bpf/bpftool/feature.c
@@ -167,12 +167,12 @@  static int get_vendor_id(int ifindex)
 	return strtol(buf, NULL, 0);
 }
 
-static int read_procfs(const char *path)
+static long read_procfs(const char *path)
 {
 	char *endptr, *line = NULL;
 	size_t len = 0;
 	FILE *fd;
-	int res;
+	long res;
 
 	fd = fopen(path, "r");
 	if (!fd)
@@ -194,7 +194,7 @@  static int read_procfs(const char *path)
 
 static void probe_unprivileged_disabled(void)
 {
-	int res;
+	long res;
 
 	/* No support for C-style ouptut */
 
@@ -216,14 +216,14 @@  static void probe_unprivileged_disabled(void)
 			printf("Unable to retrieve required privileges for bpf() syscall\n");
 			break;
 		default:
-			printf("bpf() syscall restriction has unknown value %d\n", res);
+			printf("bpf() syscall restriction has unknown value %ld\n", res);
 		}
 	}
 }
 
 static void probe_jit_enable(void)
 {
-	int res;
+	long res;
 
 	/* No support for C-style ouptut */
 
@@ -245,7 +245,7 @@  static void probe_jit_enable(void)
 			printf("Unable to retrieve JIT-compiler status\n");
 			break;
 		default:
-			printf("JIT-compiler status has unknown value %d\n",
+			printf("JIT-compiler status has unknown value %ld\n",
 			       res);
 		}
 	}
@@ -253,7 +253,7 @@  static void probe_jit_enable(void)
 
 static void probe_jit_harden(void)
 {
-	int res;
+	long res;
 
 	/* No support for C-style ouptut */
 
@@ -275,7 +275,7 @@  static void probe_jit_harden(void)
 			printf("Unable to retrieve JIT hardening status\n");
 			break;
 		default:
-			printf("JIT hardening status has unknown value %d\n",
+			printf("JIT hardening status has unknown value %ld\n",
 			       res);
 		}
 	}
@@ -283,7 +283,7 @@  static void probe_jit_harden(void)
 
 static void probe_jit_kallsyms(void)
 {
-	int res;
+	long res;
 
 	/* No support for C-style ouptut */
 
@@ -302,14 +302,14 @@  static void probe_jit_kallsyms(void)
 			printf("Unable to retrieve JIT kallsyms export status\n");
 			break;
 		default:
-			printf("JIT kallsyms exports status has unknown value %d\n", res);
+			printf("JIT kallsyms exports status has unknown value %ld\n", res);
 		}
 	}
 }
 
 static void probe_jit_limit(void)
 {
-	int res;
+	long res;
 
 	/* No support for C-style ouptut */
 
@@ -322,7 +322,7 @@  static void probe_jit_limit(void)
 			printf("Unable to retrieve global memory limit for JIT compiler for unprivileged users\n");
 			break;
 		default:
-			printf("Global memory limit for JIT compiler for unprivileged users is %d bytes\n", res);
+			printf("Global memory limit for JIT compiler for unprivileged users is %ld bytes\n", res);
 		}
 	}
 }