diff mbox series

[bpf-next] docs/bpf: Document some special sdiv/smod operations

Message ID 20240927033904.2702474-1-yonghong.song@linux.dev (mailing list archive)
State Changes Requested
Delegated to: BPF
Headers show
Series [bpf-next] docs/bpf: Document some special sdiv/smod operations | expand

Checks

Context Check Description
bpf/vmtest-bpf-next-PR success PR summary
netdev/series_format success Single patches do not need cover letters
netdev/tree_selection success Clearly marked for bpf-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 9 this patch: 9
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers warning 13 maintainers not CCed: sdf@fomichev.me eddyz87@gmail.com haoluo@google.com jolsa@kernel.org corbet@lwn.net void@manifault.com dthaler1968@googlemail.com song@kernel.org bpf@ietf.org linux-doc@vger.kernel.org kpsingh@kernel.org martin.lau@linux.dev john.fastabend@gmail.com
netdev/build_clang success Errors and warnings before: 7 this patch: 7
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 7 this patch: 7
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 31 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
bpf/vmtest-bpf-next-VM_Test-0 success Logs for Lint
bpf/vmtest-bpf-next-VM_Test-1 success Logs for ShellCheck
bpf/vmtest-bpf-next-VM_Test-2 success Logs for Unittests
bpf/vmtest-bpf-next-VM_Test-5 success Logs for aarch64-gcc / build-release
bpf/vmtest-bpf-next-VM_Test-3 success Logs for Validate matrix.py
bpf/vmtest-bpf-next-VM_Test-4 success Logs for aarch64-gcc / build / build for aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-10 success Logs for aarch64-gcc / veristat
bpf/vmtest-bpf-next-VM_Test-12 success Logs for s390x-gcc / build-release
bpf/vmtest-bpf-next-VM_Test-6 success Logs for aarch64-gcc / test (test_maps, false, 360) / test_maps on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-9 success Logs for aarch64-gcc / test (test_verifier, false, 360) / test_verifier on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-7 success Logs for aarch64-gcc / test (test_progs, false, 360) / test_progs on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-8 success Logs for aarch64-gcc / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-11 success Logs for s390x-gcc / build / build for s390x with gcc
bpf/vmtest-bpf-next-VM_Test-16 success Logs for s390x-gcc / veristat
bpf/vmtest-bpf-next-VM_Test-18 success Logs for x86_64-gcc / build / build for x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-17 success Logs for set-matrix
bpf/vmtest-bpf-next-VM_Test-19 success Logs for x86_64-gcc / build-release
bpf/vmtest-bpf-next-VM_Test-27 success Logs for x86_64-llvm-17 / build / build for x86_64 with llvm-17
bpf/vmtest-bpf-next-VM_Test-28 success Logs for x86_64-llvm-17 / build-release / build for x86_64 with llvm-17-O2
bpf/vmtest-bpf-next-VM_Test-33 success Logs for x86_64-llvm-17 / veristat
bpf/vmtest-bpf-next-VM_Test-15 success Logs for s390x-gcc / test (test_verifier, false, 360) / test_verifier on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-13 success Logs for s390x-gcc / test (test_progs, false, 360) / test_progs on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-14 success Logs for s390x-gcc / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-35 success Logs for x86_64-llvm-18 / build-release / build for x86_64 with llvm-18-O2
bpf/vmtest-bpf-next-VM_Test-34 success Logs for x86_64-llvm-18 / build / build for x86_64 with llvm-18
bpf/vmtest-bpf-next-VM_Test-41 success Logs for x86_64-llvm-18 / veristat
bpf/vmtest-bpf-next-VM_Test-20 success Logs for x86_64-gcc / test (test_maps, false, 360) / test_maps on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-23 success Logs for x86_64-gcc / test (test_progs_no_alu32_parallel, true, 30) / test_progs_no_alu32_parallel on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-21 success Logs for x86_64-gcc / test (test_progs, false, 360) / test_progs on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-26 success Logs for x86_64-gcc / veristat / veristat on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-25 success Logs for x86_64-gcc / test (test_verifier, false, 360) / test_verifier on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-22 success Logs for x86_64-gcc / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-24 success Logs for x86_64-gcc / test (test_progs_parallel, true, 30) / test_progs_parallel on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-29 success Logs for x86_64-llvm-17 / test (test_maps, false, 360) / test_maps on x86_64 with llvm-17
bpf/vmtest-bpf-next-VM_Test-30 success Logs for x86_64-llvm-17 / test (test_progs, false, 360) / test_progs on x86_64 with llvm-17
bpf/vmtest-bpf-next-VM_Test-31 success Logs for x86_64-llvm-17 / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on x86_64 with llvm-17
bpf/vmtest-bpf-next-VM_Test-32 success Logs for x86_64-llvm-17 / test (test_verifier, false, 360) / test_verifier on x86_64 with llvm-17
bpf/vmtest-bpf-next-VM_Test-38 success Logs for x86_64-llvm-18 / test (test_progs_cpuv4, false, 360) / test_progs_cpuv4 on x86_64 with llvm-18
bpf/vmtest-bpf-next-VM_Test-36 success Logs for x86_64-llvm-18 / test (test_maps, false, 360) / test_maps on x86_64 with llvm-18
bpf/vmtest-bpf-next-VM_Test-40 success Logs for x86_64-llvm-18 / test (test_verifier, false, 360) / test_verifier on x86_64 with llvm-18
bpf/vmtest-bpf-next-VM_Test-37 success Logs for x86_64-llvm-18 / test (test_progs, false, 360) / test_progs on x86_64 with llvm-18
bpf/vmtest-bpf-next-VM_Test-39 success Logs for x86_64-llvm-18 / test (test_progs_no_alu32, false, 360) / test_progs_no_alu32 on x86_64 with llvm-18

Commit Message

Yonghong Song Sept. 27, 2024, 3:39 a.m. UTC 
Patch [1] fixed possible kernel crash due to specific sdiv/smod operations
in bpf program. The following are related operations and the expected results
of those operations:
  - LLONG_MIN/-1 = LLONG_MIN
  - INT_MIN/-1 = INT_MIN
  - LLONG_MIN%-1 = 0
  - INT_MIN%-1 = 0

Those operations are replaced with codes which won't cause
kernel crash. This patch documents what operations may cause exception and
what replacement operations are.

  [1] https://lore.kernel.org/all/20240913150326.1187788-1-yonghong.song@linux.dev/

Signed-off-by: Yonghong Song <yonghong.song@linux.dev>
---
 .../bpf/standardization/instruction-set.rst   | 25 +++++++++++++++----
 1 file changed, 20 insertions(+), 5 deletions(-)

Comments

Alexei Starovoitov Oct. 1, 2024, 1:50 a.m. UTC | #1 
On Thu, Sep 26, 2024 at 8:39 PM Yonghong Song <yonghong.song@linux.dev> wrote:
>
> Patch [1] fixed possible kernel crash due to specific sdiv/smod operations
> in bpf program. The following are related operations and the expected results
> of those operations:
>   - LLONG_MIN/-1 = LLONG_MIN
>   - INT_MIN/-1 = INT_MIN
>   - LLONG_MIN%-1 = 0
>   - INT_MIN%-1 = 0
>
> Those operations are replaced with codes which won't cause
> kernel crash. This patch documents what operations may cause exception and
> what replacement operations are.
>
>   [1] https://lore.kernel.org/all/20240913150326.1187788-1-yonghong.song@linux.dev/
>
> Signed-off-by: Yonghong Song <yonghong.song@linux.dev>
> ---
>  .../bpf/standardization/instruction-set.rst   | 25 +++++++++++++++----
>  1 file changed, 20 insertions(+), 5 deletions(-)
>
> diff --git a/Documentation/bpf/standardization/instruction-set.rst b/Documentation/bpf/standardization/instruction-set.rst
> index ab820d565052..d150c1d7ad3b 100644
> --- a/Documentation/bpf/standardization/instruction-set.rst
> +++ b/Documentation/bpf/standardization/instruction-set.rst
> @@ -347,11 +347,26 @@ register.
>    =====  =====  =======  ==========================================================
>
>  Underflow and overflow are allowed during arithmetic operations, meaning
> -the 64-bit or 32-bit value will wrap. If BPF program execution would
> -result in division by zero, the destination register is instead set to zero.
> -If execution would result in modulo by zero, for ``ALU64`` the value of
> -the destination register is unchanged whereas for ``ALU`` the upper
> -32 bits of the destination register are zeroed.
> +the 64-bit or 32-bit value will wrap. There are also a few arithmetic operations
> +which may cause exception for certain architectures. Since crashing the kernel
> +is not an option, those operations are replaced with alternative operations.
> +
> +.. table:: Arithmetic operations with possible exceptions
> +
> +  =====  ==========  =============================  ==========================
> +  name   class       original                       replacement
> +  =====  ==========  =============================  ==========================
> +  DIV    ALU64/ALU   dst /= 0                       dst = 0
> +  SDIV   ALU64/ALU   dst s/= 0                      dst = 0
> +  MOD    ALU64       dst %= 0                       dst = dst (no replacement)
> +  MOD    ALU         dst %= 0                       dst = (u32)dst
> +  SMOD   ALU64       dst s%= 0                      dst = dst (no replacement)
> +  SMOD   ALU         dst s%= 0                      dst = (u32)dst
> +  SDIV   ALU64       dst s/= -1 (dst = LLONG_MIN)   dst = LLONG_MIN
> +  SDIV   ALU         dst s/= -1 (dst = INT_MIN)     dst = (u32)INT_MIN
> +  SMOD   ALU64       dst s%= -1 (dst = LLONG_MIN)   dst = 0
> +  SMOD   ALU         dst s%= -1 (dst = INT_MIN)     dst = 0

This is a great addition to the doc, but this file is currently
being used as a base for IETF standard which is in its final "edit" stage
which may require few patches,
so we cannot land any changes to instruction-set.rst
not related to standardization until RFC number is issued and
it becomes immutable. After that the same instruction-set.rst
file can be reused for future revisions on the standard.
Hopefully the draft will clear the final hurdle in a couple weeks.
Until then:
pw-bot: cr
Yonghong Song Oct. 1, 2024, 3:48 p.m. UTC | #2 
On 9/30/24 6:50 PM, Alexei Starovoitov wrote:
> On Thu, Sep 26, 2024 at 8:39 PM Yonghong Song <yonghong.song@linux.dev> wrote:
>> Patch [1] fixed possible kernel crash due to specific sdiv/smod operations
>> in bpf program. The following are related operations and the expected results
>> of those operations:
>>    - LLONG_MIN/-1 = LLONG_MIN
>>    - INT_MIN/-1 = INT_MIN
>>    - LLONG_MIN%-1 = 0
>>    - INT_MIN%-1 = 0
>>
>> Those operations are replaced with codes which won't cause
>> kernel crash. This patch documents what operations may cause exception and
>> what replacement operations are.
>>
>>    [1] https://lore.kernel.org/all/20240913150326.1187788-1-yonghong.song@linux.dev/
>>
>> Signed-off-by: Yonghong Song <yonghong.song@linux.dev>
>> ---
>>   .../bpf/standardization/instruction-set.rst   | 25 +++++++++++++++----
>>   1 file changed, 20 insertions(+), 5 deletions(-)
>>
>> diff --git a/Documentation/bpf/standardization/instruction-set.rst b/Documentation/bpf/standardization/instruction-set.rst
>> index ab820d565052..d150c1d7ad3b 100644
>> --- a/Documentation/bpf/standardization/instruction-set.rst
>> +++ b/Documentation/bpf/standardization/instruction-set.rst
>> @@ -347,11 +347,26 @@ register.
>>     =====  =====  =======  ==========================================================
>>
>>   Underflow and overflow are allowed during arithmetic operations, meaning
>> -the 64-bit or 32-bit value will wrap. If BPF program execution would
>> -result in division by zero, the destination register is instead set to zero.
>> -If execution would result in modulo by zero, for ``ALU64`` the value of
>> -the destination register is unchanged whereas for ``ALU`` the upper
>> -32 bits of the destination register are zeroed.
>> +the 64-bit or 32-bit value will wrap. There are also a few arithmetic operations
>> +which may cause exception for certain architectures. Since crashing the kernel
>> +is not an option, those operations are replaced with alternative operations.
>> +
>> +.. table:: Arithmetic operations with possible exceptions
>> +
>> +  =====  ==========  =============================  ==========================
>> +  name   class       original                       replacement
>> +  =====  ==========  =============================  ==========================
>> +  DIV    ALU64/ALU   dst /= 0                       dst = 0
>> +  SDIV   ALU64/ALU   dst s/= 0                      dst = 0
>> +  MOD    ALU64       dst %= 0                       dst = dst (no replacement)
>> +  MOD    ALU         dst %= 0                       dst = (u32)dst
>> +  SMOD   ALU64       dst s%= 0                      dst = dst (no replacement)
>> +  SMOD   ALU         dst s%= 0                      dst = (u32)dst
>> +  SDIV   ALU64       dst s/= -1 (dst = LLONG_MIN)   dst = LLONG_MIN
>> +  SDIV   ALU         dst s/= -1 (dst = INT_MIN)     dst = (u32)INT_MIN
>> +  SMOD   ALU64       dst s%= -1 (dst = LLONG_MIN)   dst = 0
>> +  SMOD   ALU         dst s%= -1 (dst = INT_MIN)     dst = 0
> This is a great addition to the doc, but this file is currently
> being used as a base for IETF standard which is in its final "edit" stage
> which may require few patches,
> so we cannot land any changes to instruction-set.rst
> not related to standardization until RFC number is issued and
> it becomes immutable. After that the same instruction-set.rst
> file can be reused for future revisions on the standard.
> Hopefully the draft will clear the final hurdle in a couple weeks.
> Until then:
> pw-bot: cr

Sure. No problem. Will resubmit once the RFC number is issued.
Dave Thaler Oct. 1, 2024, 7:54 p.m. UTC | #3 
Yonghong Song <yonghong.song@linux.dev> wrote: 
> On 9/30/24 6:50 PM, Alexei Starovoitov wrote:
> > On Thu, Sep 26, 2024 at 8:39 PM Yonghong Song <yonghong.song@linux.dev>
> wrote:
> >> Patch [1] fixed possible kernel crash due to specific sdiv/smod
> >> operations in bpf program. The following are related operations and
> >> the expected results of those operations:
> >>    - LLONG_MIN/-1 = LLONG_MIN
> >>    - INT_MIN/-1 = INT_MIN
> >>    - LLONG_MIN%-1 = 0
> >>    - INT_MIN%-1 = 0
> >>
> >> Those operations are replaced with codes which won't cause kernel
> >> crash. This patch documents what operations may cause exception and
> >> what replacement operations are.
> >>
> >>    [1]
> >> https://lore.kernel.org/all/20240913150326.1187788-1-yonghong.song@li
> >> nux.dev/
> >>
> >> Signed-off-by: Yonghong Song <yonghong.song@linux.dev>
> >> ---
> >>   .../bpf/standardization/instruction-set.rst   | 25 +++++++++++++++----
> >>   1 file changed, 20 insertions(+), 5 deletions(-)
> >>
> >> diff --git a/Documentation/bpf/standardization/instruction-set.rst
> >> b/Documentation/bpf/standardization/instruction-set.rst
> >> index ab820d565052..d150c1d7ad3b 100644
> >> --- a/Documentation/bpf/standardization/instruction-set.rst
> >> +++ b/Documentation/bpf/standardization/instruction-set.rst
> >> @@ -347,11 +347,26 @@ register.
> >>     =====  =====  =======
> >> ==========================================================
> >>
> >>   Underflow and overflow are allowed during arithmetic operations,
> >> meaning -the 64-bit or 32-bit value will wrap. If BPF program
> >> execution would -result in division by zero, the destination register is instead set
> to zero.
> >> -If execution would result in modulo by zero, for ``ALU64`` the value of
> >> -the destination register is unchanged whereas for ``ALU`` the upper
> >> -32 bits of the destination register are zeroed.
> >> +the 64-bit or 32-bit value will wrap. There are also a few
> >> +arithmetic operations which may cause exception for certain
> >> +architectures. Since crashing the kernel is not an option, those operations are
> replaced with alternative operations.
> >> +
> >> +.. table:: Arithmetic operations with possible exceptions
> >> +
> >> +  =====  ==========  =============================
> ==========================
> >> +  name   class       original                       replacement
> >> +  =====  ==========  =============================
> ==========================
> >> +  DIV    ALU64/ALU   dst /= 0                       dst = 0
> >> +  SDIV   ALU64/ALU   dst s/= 0                      dst = 0
> >> +  MOD    ALU64       dst %= 0                       dst = dst (no replacement)
> >> +  MOD    ALU         dst %= 0                       dst = (u32)dst
> >> +  SMOD   ALU64       dst s%= 0                      dst = dst (no replacement)
> >> +  SMOD   ALU         dst s%= 0                      dst = (u32)dst

All of the above are already covered in existing Table 5 and in my opinion
don't need to be repeated.

That is, the "original" is not what Table 5 has, so just introduces confusion
in the document in my opinion.

> >> +  SDIV   ALU64       dst s/= -1 (dst = LLONG_MIN)   dst = LLONG_MIN
> >> +  SDIV   ALU         dst s/= -1 (dst = INT_MIN)     dst = (u32)INT_MIN
> >> +  SMOD   ALU64       dst s%= -1 (dst = LLONG_MIN)   dst = 0
> >> +  SMOD   ALU         dst s%= -1 (dst = INT_MIN)     dst = 0

The above four are the new ones and I'd prefer a solution that modifies
existing table 5.  E.g. table 5 has now for SMOD:

dst = (src != 0) ? (dst s% src) : dst

and could have something like this:

dst = (src == 0) ? dst : ((src == -1 && dst == INT_MIN) ? 0 : (dst s% src))

> > This is a great addition to the doc, but this file is currently being
> > used as a base for IETF standard which is in its final "edit" stage
> > which may require few patches, so we cannot land any changes to
> > instruction-set.rst not related to standardization until RFC number is
> > issued and it becomes immutable. After that the same
> > instruction-set.rst file can be reused for future revisions on the
> > standard.
> > Hopefully the draft will clear the final hurdle in a couple weeks.
> > Until then:
> > pw-bot: cr
> 
> Sure. No problem. Will resubmit once the RFC number is issued.

I'm adding bpf@ietf.org to the To line since all changes in the standardization
directory should include that mailing list.

The WG should discuss whether any changes should be done via a new RFC
that obsoletes the first one, or as RFCs that Update and just describe deltas
(additions, etc.).

There are precedents both ways and I don't have a strong preference, but I
have a weak preference for delta-based ones since they're shorter and are
less likely to re-open discussion on previously resolved issues, thus often
saving the WG time.

Also FYI to Linux kernel folks:
With WG and AD approval, it's also possible (but not ideal) to take changes
at AUTH48.  That'd be up to the chairs and AD to decide though, and normally
that's just for purely editorial clarifications, e.g., to confusion called out by the
RFC editor pass.

Dave
Alexei Starovoitov Oct. 2, 2024, 8:13 p.m. UTC | #4 
On Tue, Oct 1, 2024 at 12:54 PM Dave Thaler <dthaler1968@googlemail.com> wrote:
>
> Yonghong Song <yonghong.song@linux.dev> wrote:
> > On 9/30/24 6:50 PM, Alexei Starovoitov wrote:
> > > On Thu, Sep 26, 2024 at 8:39 PM Yonghong Song <yonghong.song@linux.dev>
> > wrote:
> > >> Patch [1] fixed possible kernel crash due to specific sdiv/smod
> > >> operations in bpf program. The following are related operations and
> > >> the expected results of those operations:
> > >>    - LLONG_MIN/-1 = LLONG_MIN
> > >>    - INT_MIN/-1 = INT_MIN
> > >>    - LLONG_MIN%-1 = 0
> > >>    - INT_MIN%-1 = 0
> > >>
> > >> Those operations are replaced with codes which won't cause kernel
> > >> crash. This patch documents what operations may cause exception and
> > >> what replacement operations are.
> > >>
> > >>    [1]
> > >> https://lore.kernel.org/all/20240913150326.1187788-1-yonghong.song@li
> > >> nux.dev/
> > >>
> > >> Signed-off-by: Yonghong Song <yonghong.song@linux.dev>
> > >> ---
> > >>   .../bpf/standardization/instruction-set.rst   | 25 +++++++++++++++----
> > >>   1 file changed, 20 insertions(+), 5 deletions(-)
> > >>
> > >> diff --git a/Documentation/bpf/standardization/instruction-set.rst
> > >> b/Documentation/bpf/standardization/instruction-set.rst
> > >> index ab820d565052..d150c1d7ad3b 100644
> > >> --- a/Documentation/bpf/standardization/instruction-set.rst
> > >> +++ b/Documentation/bpf/standardization/instruction-set.rst
> > >> @@ -347,11 +347,26 @@ register.
> > >>     =====  =====  =======
> > >> ==========================================================
> > >>
> > >>   Underflow and overflow are allowed during arithmetic operations,
> > >> meaning -the 64-bit or 32-bit value will wrap. If BPF program
> > >> execution would -result in division by zero, the destination register is instead set
> > to zero.
> > >> -If execution would result in modulo by zero, for ``ALU64`` the value of
> > >> -the destination register is unchanged whereas for ``ALU`` the upper
> > >> -32 bits of the destination register are zeroed.
> > >> +the 64-bit or 32-bit value will wrap. There are also a few
> > >> +arithmetic operations which may cause exception for certain
> > >> +architectures. Since crashing the kernel is not an option, those operations are
> > replaced with alternative operations.
> > >> +
> > >> +.. table:: Arithmetic operations with possible exceptions
> > >> +
> > >> +  =====  ==========  =============================
> > ==========================
> > >> +  name   class       original                       replacement
> > >> +  =====  ==========  =============================
> > ==========================
> > >> +  DIV    ALU64/ALU   dst /= 0                       dst = 0
> > >> +  SDIV   ALU64/ALU   dst s/= 0                      dst = 0
> > >> +  MOD    ALU64       dst %= 0                       dst = dst (no replacement)
> > >> +  MOD    ALU         dst %= 0                       dst = (u32)dst
> > >> +  SMOD   ALU64       dst s%= 0                      dst = dst (no replacement)
> > >> +  SMOD   ALU         dst s%= 0                      dst = (u32)dst
>
> All of the above are already covered in existing Table 5 and in my opinion
> don't need to be repeated.
>
> That is, the "original" is not what Table 5 has, so just introduces confusion
> in the document in my opinion.
>
> > >> +  SDIV   ALU64       dst s/= -1 (dst = LLONG_MIN)   dst = LLONG_MIN
> > >> +  SDIV   ALU         dst s/= -1 (dst = INT_MIN)     dst = (u32)INT_MIN
> > >> +  SMOD   ALU64       dst s%= -1 (dst = LLONG_MIN)   dst = 0
> > >> +  SMOD   ALU         dst s%= -1 (dst = INT_MIN)     dst = 0
>
> The above four are the new ones and I'd prefer a solution that modifies
> existing table 5.  E.g. table 5 has now for SMOD:
>
> dst = (src != 0) ? (dst s% src) : dst
>
> and could have something like this:
>
> dst = (src == 0) ? dst : ((src == -1 && dst == INT_MIN) ? 0 : (dst s% src))
>
> > > This is a great addition to the doc, but this file is currently being
> > > used as a base for IETF standard which is in its final "edit" stage
> > > which may require few patches, so we cannot land any changes to
> > > instruction-set.rst not related to standardization until RFC number is
> > > issued and it becomes immutable. After that the same
> > > instruction-set.rst file can be reused for future revisions on the
> > > standard.
> > > Hopefully the draft will clear the final hurdle in a couple weeks.
> > > Until then:
> > > pw-bot: cr
> >
> > Sure. No problem. Will resubmit once the RFC number is issued.
>
> I'm adding bpf@ietf.org to the To line since all changes in the standardization
> directory should include that mailing list.
>
> The WG should discuss whether any changes should be done via a new RFC
> that obsoletes the first one, or as RFCs that Update and just describe deltas
> (additions, etc.).
>
> There are precedents both ways and I don't have a strong preference, but I
> have a weak preference for delta-based ones since they're shorter and are
> less likely to re-open discussion on previously resolved issues, thus often
> saving the WG time.

Delta-based additions make sense to me.

>
> Also FYI to Linux kernel folks:
> With WG and AD approval, it's also possible (but not ideal) to take changes
> at AUTH48.  That'd be up to the chairs and AD to decide though, and normally
> that's just for purely editorial clarifications, e.g., to confusion called out by the
> RFC editor pass.

Also agree. We should keep AUTH going its course as-is.
All ISA additions can be in the future delta RFC.

As far as file logistics... my preference is to keep
Documentation/bpf/standardization/instruction-set.rst
up to date.
Right now it's effectively frozen while awaiting changes (if any)
necessary for AUTH. After official RFC is issued
we can start landing patches into instruction-set.rst and
git diff 04efaebd72d1..whatever_future_sha instruction-set.rst
will automatically generate the future delta RFC.
Once RFC number is issued we can add a git tag for the particular
sha that was the base for RFC as a documentation step and to
simplify future 'git diff'.
Yonghong Song Oct. 4, 2024, 5:28 a.m. UTC | #5 
On 10/1/24 12:54 PM, Dave Thaler wrote:
> Yonghong Song <yonghong.song@linux.dev> wrote:
>> On 9/30/24 6:50 PM, Alexei Starovoitov wrote:
>>> On Thu, Sep 26, 2024 at 8:39 PM Yonghong Song <yonghong.song@linux.dev>
>> wrote:
>>>> Patch [1] fixed possible kernel crash due to specific sdiv/smod
>>>> operations in bpf program. The following are related operations and
>>>> the expected results of those operations:
>>>>     - LLONG_MIN/-1 = LLONG_MIN
>>>>     - INT_MIN/-1 = INT_MIN
>>>>     - LLONG_MIN%-1 = 0
>>>>     - INT_MIN%-1 = 0
>>>>
>>>> Those operations are replaced with codes which won't cause kernel
>>>> crash. This patch documents what operations may cause exception and
>>>> what replacement operations are.
>>>>
>>>>     [1]
>>>> https://lore.kernel.org/all/20240913150326.1187788-1-yonghong.song@li
>>>> nux.dev/
>>>>
>>>> Signed-off-by: Yonghong Song <yonghong.song@linux.dev>
>>>> ---
>>>>    .../bpf/standardization/instruction-set.rst   | 25 +++++++++++++++----
>>>>    1 file changed, 20 insertions(+), 5 deletions(-)
>>>>
>>>> diff --git a/Documentation/bpf/standardization/instruction-set.rst
>>>> b/Documentation/bpf/standardization/instruction-set.rst
>>>> index ab820d565052..d150c1d7ad3b 100644
>>>> --- a/Documentation/bpf/standardization/instruction-set.rst
>>>> +++ b/Documentation/bpf/standardization/instruction-set.rst
>>>> @@ -347,11 +347,26 @@ register.
>>>>      =====  =====  =======
>>>> ==========================================================
>>>>
>>>>    Underflow and overflow are allowed during arithmetic operations,
>>>> meaning -the 64-bit or 32-bit value will wrap. If BPF program
>>>> execution would -result in division by zero, the destination register is instead set
>> to zero.
>>>> -If execution would result in modulo by zero, for ``ALU64`` the value of
>>>> -the destination register is unchanged whereas for ``ALU`` the upper
>>>> -32 bits of the destination register are zeroed.
>>>> +the 64-bit or 32-bit value will wrap. There are also a few
>>>> +arithmetic operations which may cause exception for certain
>>>> +architectures. Since crashing the kernel is not an option, those operations are
>> replaced with alternative operations.
>>>> +
>>>> +.. table:: Arithmetic operations with possible exceptions
>>>> +
>>>> +  =====  ==========  =============================
>> ==========================
>>>> +  name   class       original                       replacement
>>>> +  =====  ==========  =============================
>> ==========================
>>>> +  DIV    ALU64/ALU   dst /= 0                       dst = 0
>>>> +  SDIV   ALU64/ALU   dst s/= 0                      dst = 0
>>>> +  MOD    ALU64       dst %= 0                       dst = dst (no replacement)
>>>> +  MOD    ALU         dst %= 0                       dst = (u32)dst
>>>> +  SMOD   ALU64       dst s%= 0                      dst = dst (no replacement)
>>>> +  SMOD   ALU         dst s%= 0                      dst = (u32)dst
> All of the above are already covered in existing Table 5 and in my opinion
> don't need to be repeated.

This tries to separate cases between ALU and ALU64. But I agree that the table
5 should be good enough.

>
> That is, the "original" is not what Table 5 has, so just introduces confusion
> in the document in my opinion.
>
>>>> +  SDIV   ALU64       dst s/= -1 (dst = LLONG_MIN)   dst = LLONG_MIN
>>>> +  SDIV   ALU         dst s/= -1 (dst = INT_MIN)     dst = (u32)INT_MIN
>>>> +  SMOD   ALU64       dst s%= -1 (dst = LLONG_MIN)   dst = 0
>>>> +  SMOD   ALU         dst s%= -1 (dst = INT_MIN)     dst = 0
> The above four are the new ones and I'd prefer a solution that modifies
> existing table 5.  E.g. table 5 has now for SMOD:
>
> dst = (src != 0) ? (dst s% src) : dst
>
> and could have something like this:
>
> dst = (src == 0) ? dst : ((src == -1 && dst == INT_MIN) ? 0 : (dst s% src))

Thanks. This indeed simpler. I can do this.
Dave Thaler Nov. 8, 2024, 2:30 a.m. UTC | #6 
Alexei Starovoitov <alexei.starovoitov@gmail.com> wrote:
> On Tue, Oct 1, 2024 at 12:54 PM Dave Thaler <dthaler1968@googlemail.com>
> wrote:
[...]
> > I'm adding bpf@ietf.org to the To line since all changes in the
> > standardization directory should include that mailing list.
> >
> > The WG should discuss whether any changes should be done via a new RFC
> > that obsoletes the first one, or as RFCs that Update and just describe
> > deltas (additions, etc.).
> >
> > There are precedents both ways and I don't have a strong preference,
> > but I have a weak preference for delta-based ones since they're
> > shorter and are less likely to re-open discussion on previously
> > resolved issues, thus often saving the WG time.
> 
> Delta-based additions make sense to me.
> 
> > Also FYI to Linux kernel folks:
> > With WG and AD approval, it's also possible (but not ideal) to take
> > changes at AUTH48.  That'd be up to the chairs and AD to decide
> > though, and normally that's just for purely editorial clarifications,
> > e.g., to confusion called out by the RFC editor pass.
> 
> Also agree. We should keep AUTH going its course as-is.
> All ISA additions can be in the future delta RFC.
> 
> As far as file logistics... my preference is to keep
> Documentation/bpf/standardization/instruction-set.rst
> up to date.
> Right now it's effectively frozen while awaiting changes (if any) necessary for AUTH.
> After official RFC is issued we can start landing patches into instruction-set.rst and
> git diff 04efaebd72d1..whatever_future_sha instruction-set.rst will automatically
> generate the future delta RFC.
> Once RFC number is issued we can add a git tag for the particular sha that was the
> base for RFC as a documentation step and to simplify future 'git diff'.

My concern is that index.rst says:
> This directory contains documents that are being iterated on as part of the BPF
> standardization effort with the IETF. See the `IETF BPF Working Group`_ page
> for the working group charter, documents, and more.

So having a document that is NOT part of the IETF BPF Working Group would seem
out of place and, in my view, better located up a level (outside standardization).

Here’s some examples of delta-based RFCs which explain the gap and provide
the addition or clarification, and formally Update (not replace/obsolete) the original
RFC:
* https://www.rfc-editor.org/rfc/rfc6585.html: Additional HTTP Status Codes
* https://www.rfc-editor.org/rfc/rfc6840.html: Clarifications and Implementation Notes
   for DNS Security (DNSSEC)
* https://www.rfc-editor.org/rfc/rfc9295.html: Clarifications for Ed25519, Ed448,
   X25519, and X448 Algorithm Identifiers
* https://www.rfc-editor.org/rfc/rfc5756.html: Updates for RSAES-OAEP and 
   RSASSA-PSS Algorithm Parameters

Having a full document too is valuable but unless the IETF BPF WG
decides to take on a -bis document, I'd suggest keeping it out of the "standardization"
(say up 1 level) to avoid confusion, and just have one or more delta-based rst files
in the standardization directory.

Dave
Alexei Starovoitov Nov. 8, 2024, 6:38 p.m. UTC | #7 
On Thu, Nov 7, 2024 at 6:30 PM Dave Thaler <dthaler1968@googlemail.com> wrote:
>
>
> Alexei Starovoitov <alexei.starovoitov@gmail.com> wrote:
> > On Tue, Oct 1, 2024 at 12:54 PM Dave Thaler <dthaler1968@googlemail.com>
> > wrote:
> [...]
> > > I'm adding bpf@ietf.org to the To line since all changes in the
> > > standardization directory should include that mailing list.
> > >
> > > The WG should discuss whether any changes should be done via a new RFC
> > > that obsoletes the first one, or as RFCs that Update and just describe
> > > deltas (additions, etc.).
> > >
> > > There are precedents both ways and I don't have a strong preference,
> > > but I have a weak preference for delta-based ones since they're
> > > shorter and are less likely to re-open discussion on previously
> > > resolved issues, thus often saving the WG time.
> >
> > Delta-based additions make sense to me.
> >
> > > Also FYI to Linux kernel folks:
> > > With WG and AD approval, it's also possible (but not ideal) to take
> > > changes at AUTH48.  That'd be up to the chairs and AD to decide
> > > though, and normally that's just for purely editorial clarifications,
> > > e.g., to confusion called out by the RFC editor pass.
> >
> > Also agree. We should keep AUTH going its course as-is.
> > All ISA additions can be in the future delta RFC.
> >
> > As far as file logistics... my preference is to keep
> > Documentation/bpf/standardization/instruction-set.rst
> > up to date.
> > Right now it's effectively frozen while awaiting changes (if any) necessary for AUTH.
> > After official RFC is issued we can start landing patches into instruction-set.rst and
> > git diff 04efaebd72d1..whatever_future_sha instruction-set.rst will automatically
> > generate the future delta RFC.
> > Once RFC number is issued we can add a git tag for the particular sha that was the
> > base for RFC as a documentation step and to simplify future 'git diff'.
>
> My concern is that index.rst says:
> > This directory contains documents that are being iterated on as part of the BPF
> > standardization effort with the IETF. See the `IETF BPF Working Group`_ page
> > for the working group charter, documents, and more.
>
> So having a document that is NOT part of the IETF BPF Working Group would seem
> out of place and, in my view, better located up a level (outside standardization).

It's a part of bpf wg. It's not a new document.

> Here’s some examples of delta-based RFCs which explain the gap and provide
> the addition or clarification, and formally Update (not replace/obsolete) the original
> RFC:
> * https://www.rfc-editor.org/rfc/rfc6585.html: Additional HTTP Status Codes
> * https://www.rfc-editor.org/rfc/rfc6840.html: Clarifications and Implementation Notes
>    for DNS Security (DNSSEC)
> * https://www.rfc-editor.org/rfc/rfc9295.html: Clarifications for Ed25519, Ed448,
>    X25519, and X448 Algorithm Identifiers
> * https://www.rfc-editor.org/rfc/rfc5756.html: Updates for RSAES-OAEP and
>    RSASSA-PSS Algorithm Parameters
>
> Having a full document too is valuable but unless the IETF BPF WG
> decides to take on a -bis document, I'd suggest keeping it out of the "standardization"
> (say up 1 level) to avoid confusion, and just have one or more delta-based rst files
> in the standardization directory.

This patch is effectively a fix to the standard.
It's a standard git development process when fixes are applied
to the existing document.
Forking the whole doc into a different file just to apply fixes
makes no sense to me.

The formal delta-s for IETF can be created out of git.
We only need to tag the current version and then
git diff rfc9669_tag..HEAD
will give us that delta.
That will satisfy IETF process and won't mess up normal git style
kernel development.

btw do we still need to do any minor edit/fixes to instruction-set.rst
before tagging it as RFC9669 ?
Dave Thaler Nov. 8, 2024, 6:53 p.m. UTC | #8 
> -----Original Message-----
> From: Alexei Starovoitov <alexei.starovoitov@gmail.com>
> Sent: Friday, November 8, 2024 10:38 AM
> To: Dave Thaler <dthaler1968@googlemail.com>
> Cc: Yonghong Song <yonghong.song@linux.dev>; bpf@ietf.org; bpf
> <bpf@vger.kernel.org>; Alexei Starovoitov <ast@kernel.org>; Andrii Nakryiko
> <andrii@kernel.org>; Daniel Borkmann <daniel@iogearbox.net>; Martin KaFai Lau
> <martin.lau@kernel.org>
> Subject: Re: [PATCH bpf-next] docs/bpf: Document some special sdiv/smod
> operations
> 
> On Thu, Nov 7, 2024 at 6:30 PM Dave Thaler <dthaler1968@googlemail.com>
> wrote:
> >
> >
> > Alexei Starovoitov <alexei.starovoitov@gmail.com> wrote:
> > > On Tue, Oct 1, 2024 at 12:54 PM Dave Thaler
> > > <dthaler1968@googlemail.com>
> > > wrote:
> > [...]
> > > > I'm adding bpf@ietf.org to the To line since all changes in the
> > > > standardization directory should include that mailing list.
> > > >
> > > > The WG should discuss whether any changes should be done via a new
> > > > RFC that obsoletes the first one, or as RFCs that Update and just
> > > > describe deltas (additions, etc.).
> > > >
> > > > There are precedents both ways and I don't have a strong
> > > > preference, but I have a weak preference for delta-based ones
> > > > since they're shorter and are less likely to re-open discussion on
> > > > previously resolved issues, thus often saving the WG time.
> > >
> > > Delta-based additions make sense to me.
> > >
> > > > Also FYI to Linux kernel folks:
> > > > With WG and AD approval, it's also possible (but not ideal) to
> > > > take changes at AUTH48.  That'd be up to the chairs and AD to
> > > > decide though, and normally that's just for purely editorial
> > > > clarifications, e.g., to confusion called out by the RFC editor pass.
> > >
> > > Also agree. We should keep AUTH going its course as-is.
> > > All ISA additions can be in the future delta RFC.
> > >
> > > As far as file logistics... my preference is to keep
> > > Documentation/bpf/standardization/instruction-set.rst
> > > up to date.
> > > Right now it's effectively frozen while awaiting changes (if any) necessary for
> AUTH.
> > > After official RFC is issued we can start landing patches into
> > > instruction-set.rst and git diff 04efaebd72d1..whatever_future_sha
> > > instruction-set.rst will automatically generate the future delta RFC.
> > > Once RFC number is issued we can add a git tag for the particular
> > > sha that was the base for RFC as a documentation step and to simplify future 'git
> diff'.
> >
> > My concern is that index.rst says:
> > > This directory contains documents that are being iterated on as part
> > > of the BPF standardization effort with the IETF. See the `IETF BPF
> > > Working Group`_ page for the working group charter, documents, and more.
> >
> > So having a document that is NOT part of the IETF BPF Working Group
> > would seem out of place and, in my view, better located up a level (outside
> standardization).
> 
> It's a part of bpf wg. It's not a new document.

RFC 9669 is immutable.  Any additions require a new document, in
IETF terminology, since would result in a new RFC number.

> > Here’s some examples of delta-based RFCs which explain the gap and
> > provide the addition or clarification, and formally Update (not
> > replace/obsolete) the original
> > RFC:
> > * https://www.rfc-editor.org/rfc/rfc6585.html: Additional HTTP Status
> > Codes
> > * https://www.rfc-editor.org/rfc/rfc6840.html: Clarifications and Implementation
> Notes
> >    for DNS Security (DNSSEC)
> > * https://www.rfc-editor.org/rfc/rfc9295.html: Clarifications for Ed25519, Ed448,
> >    X25519, and X448 Algorithm Identifiers
> > * https://www.rfc-editor.org/rfc/rfc5756.html: Updates for RSAES-OAEP and
> >    RSASSA-PSS Algorithm Parameters
> >
> > Having a full document too is valuable but unless the IETF BPF WG
> > decides to take on a -bis document, I'd suggest keeping it out of the
> "standardization"
> > (say up 1 level) to avoid confusion, and just have one or more
> > delta-based rst files in the standardization directory.
> 
> This patch is effectively a fix to the standard.

Two of the examples I provided above fit into that category.
Two are examples of adding new codepoints.

> It's a standard git development process when fixes are applied to the existing
> document.
> Forking the whole doc into a different file just to apply fixes makes no sense to me.

Welcome to the IETF and immutable RFCs
Yonghong Song Nov. 8, 2024, 7 p.m. UTC | #9 
On 11/8/24 10:53 AM, Dave Thaler wrote:
>> -----Original Message-----
>> From: Alexei Starovoitov <alexei.starovoitov@gmail.com>
>> Sent: Friday, November 8, 2024 10:38 AM
>> To: Dave Thaler <dthaler1968@googlemail.com>
>> Cc: Yonghong Song <yonghong.song@linux.dev>; bpf@ietf.org; bpf
>> <bpf@vger.kernel.org>; Alexei Starovoitov <ast@kernel.org>; Andrii Nakryiko
>> <andrii@kernel.org>; Daniel Borkmann <daniel@iogearbox.net>; Martin KaFai Lau
>> <martin.lau@kernel.org>
>> Subject: Re: [PATCH bpf-next] docs/bpf: Document some special sdiv/smod
>> operations
>>
>> On Thu, Nov 7, 2024 at 6:30 PM Dave Thaler <dthaler1968@googlemail.com>
>> wrote:
>>>
>>> Alexei Starovoitov <alexei.starovoitov@gmail.com> wrote:
>>>> On Tue, Oct 1, 2024 at 12:54 PM Dave Thaler
>>>> <dthaler1968@googlemail.com>
>>>> wrote:
>>> [...]
>>>>> I'm adding bpf@ietf.org to the To line since all changes in the
>>>>> standardization directory should include that mailing list.
>>>>>
>>>>> The WG should discuss whether any changes should be done via a new
>>>>> RFC that obsoletes the first one, or as RFCs that Update and just
>>>>> describe deltas (additions, etc.).
>>>>>
>>>>> There are precedents both ways and I don't have a strong
>>>>> preference, but I have a weak preference for delta-based ones
>>>>> since they're shorter and are less likely to re-open discussion on
>>>>> previously resolved issues, thus often saving the WG time.
>>>> Delta-based additions make sense to me.
>>>>
>>>>> Also FYI to Linux kernel folks:
>>>>> With WG and AD approval, it's also possible (but not ideal) to
>>>>> take changes at AUTH48.  That'd be up to the chairs and AD to
>>>>> decide though, and normally that's just for purely editorial
>>>>> clarifications, e.g., to confusion called out by the RFC editor pass.
>>>> Also agree. We should keep AUTH going its course as-is.
>>>> All ISA additions can be in the future delta RFC.
>>>>
>>>> As far as file logistics... my preference is to keep
>>>> Documentation/bpf/standardization/instruction-set.rst
>>>> up to date.
>>>> Right now it's effectively frozen while awaiting changes (if any) necessary for
>> AUTH.
>>>> After official RFC is issued we can start landing patches into
>>>> instruction-set.rst and git diff 04efaebd72d1..whatever_future_sha
>>>> instruction-set.rst will automatically generate the future delta RFC.
>>>> Once RFC number is issued we can add a git tag for the particular
>>>> sha that was the base for RFC as a documentation step and to simplify future 'git
>> diff'.
>>> My concern is that index.rst says:
>>>> This directory contains documents that are being iterated on as part
>>>> of the BPF standardization effort with the IETF. See the `IETF BPF
>>>> Working Group`_ page for the working group charter, documents, and more.
>>> So having a document that is NOT part of the IETF BPF Working Group
>>> would seem out of place and, in my view, better located up a level (outside
>> standardization).
>>
>> It's a part of bpf wg. It's not a new document.
> RFC 9669 is immutable.  Any additions require a new document, in
> IETF terminology, since would result in a new RFC number.
>
>>> Here’s some examples of delta-based RFCs which explain the gap and
>>> provide the addition or clarification, and formally Update (not
>>> replace/obsolete) the original
>>> RFC:
>>> * https://www.rfc-editor.org/rfc/rfc6585.html: Additional HTTP Status
>>> Codes
>>> * https://www.rfc-editor.org/rfc/rfc6840.html: Clarifications and Implementation
>> Notes
>>>     for DNS Security (DNSSEC)
>>> * https://www.rfc-editor.org/rfc/rfc9295.html: Clarifications for Ed25519, Ed448,
>>>     X25519, and X448 Algorithm Identifiers
>>> * https://www.rfc-editor.org/rfc/rfc5756.html: Updates for RSAES-OAEP and
>>>     RSASSA-PSS Algorithm Parameters
>>>
>>> Having a full document too is valuable but unless the IETF BPF WG
>>> decides to take on a -bis document, I'd suggest keeping it out of the
>> "standardization"
>>> (say up 1 level) to avoid confusion, and just have one or more
>>> delta-based rst files in the standardization directory.
>> This patch is effectively a fix to the standard.
> Two of the examples I provided above fit into that category.
> Two are examples of adding new codepoints.
>
>> It's a standard git development process when fixes are applied to the existing
>> document.
>> Forking the whole doc into a different file just to apply fixes makes no sense to me.
> Welcome to the IETF and immutable RFCs
Alexei Starovoitov Nov. 8, 2024, 8:34 p.m. UTC | #10 
On Fri, Nov 8, 2024 at 10:53 AM Dave Thaler <dthaler1968@googlemail.com> wrote:
>
> > >
> > > My concern is that index.rst says:
> > > > This directory contains documents that are being iterated on as part
> > > > of the BPF standardization effort with the IETF. See the `IETF BPF
> > > > Working Group`_ page for the working group charter, documents, and more.
> > >
> > > So having a document that is NOT part of the IETF BPF Working Group
> > > would seem out of place and, in my view, better located up a level (outside
> > standardization).
> >
> > It's a part of bpf wg. It's not a new document.
>
> RFC 9669 is immutable.  Any additions require a new document, in
> IETF terminology, since would result in a new RFC number.

Sure. It's an IETF process. Not arguing about that.

> > > Here’s some examples of delta-based RFCs which explain the gap and
> > > provide the addition or clarification, and formally Update (not
> > > replace/obsolete) the original
> > > RFC:
> > > * https://www.rfc-editor.org/rfc/rfc6585.html: Additional HTTP Status
> > > Codes
> > > * https://www.rfc-editor.org/rfc/rfc6840.html: Clarifications and Implementation
> > Notes
> > >    for DNS Security (DNSSEC)
> > > * https://www.rfc-editor.org/rfc/rfc9295.html: Clarifications for Ed25519, Ed448,
> > >    X25519, and X448 Algorithm Identifiers
> > > * https://www.rfc-editor.org/rfc/rfc5756.html: Updates for RSAES-OAEP and
> > >    RSASSA-PSS Algorithm Parameters
> > >
> > > Having a full document too is valuable but unless the IETF BPF WG
> > > decides to take on a -bis document, I'd suggest keeping it out of the
> > "standardization"
> > > (say up 1 level) to avoid confusion, and just have one or more
> > > delta-based rst files in the standardization directory.
> >
> > This patch is effectively a fix to the standard.
>
> Two of the examples I provided above fit into that category.
> Two are examples of adding new codepoints.
>
> > It's a standard git development process when fixes are applied to the existing
> > document.
> > Forking the whole doc into a different file just to apply fixes makes no sense to me.
>
> Welcome to the IETF and immutable RFCs
diff mbox series

Patch

diff --git a/Documentation/bpf/standardization/instruction-set.rst b/Documentation/bpf/standardization/instruction-set.rst
index ab820d565052..d150c1d7ad3b 100644
--- a/Documentation/bpf/standardization/instruction-set.rst
+++ b/Documentation/bpf/standardization/instruction-set.rst
@@ -347,11 +347,26 @@  register.
   =====  =====  =======  ==========================================================
 
 Underflow and overflow are allowed during arithmetic operations, meaning
-the 64-bit or 32-bit value will wrap. If BPF program execution would
-result in division by zero, the destination register is instead set to zero.
-If execution would result in modulo by zero, for ``ALU64`` the value of
-the destination register is unchanged whereas for ``ALU`` the upper
-32 bits of the destination register are zeroed.
+the 64-bit or 32-bit value will wrap. There are also a few arithmetic operations
+which may cause exception for certain architectures. Since crashing the kernel
+is not an option, those operations are replaced with alternative operations.
+
+.. table:: Arithmetic operations with possible exceptions
+
+  =====  ==========  =============================  ==========================
+  name   class       original                       replacement
+  =====  ==========  =============================  ==========================
+  DIV    ALU64/ALU   dst /= 0                       dst = 0
+  SDIV   ALU64/ALU   dst s/= 0                      dst = 0
+  MOD    ALU64       dst %= 0                       dst = dst (no replacement)
+  MOD    ALU         dst %= 0                       dst = (u32)dst
+  SMOD   ALU64       dst s%= 0                      dst = dst (no replacement)
+  SMOD   ALU         dst s%= 0                      dst = (u32)dst
+  SDIV   ALU64       dst s/= -1 (dst = LLONG_MIN)   dst = LLONG_MIN
+  SDIV   ALU         dst s/= -1 (dst = INT_MIN)     dst = (u32)INT_MIN
+  SMOD   ALU64       dst s%= -1 (dst = LLONG_MIN)   dst = 0
+  SMOD   ALU         dst s%= -1 (dst = INT_MIN)     dst = 0
+  =====  ==========  =============================  ===========================
 
 ``{ADD, X, ALU}``, where 'code' = ``ADD``, 'source' = ``X``, and 'class' = ``ALU``, means::