Andrea Parri ed67a5b99e riscv, bpf: Make BPF_CMPXCHG fully ordered ... [ Upstream commit e59db0623f ] According to the prototype formal BPF memory consistency model discussed e.g. in [1] and following the ordering properties of the C/in-kernel macro atomic_cmpxchg(), a BPF atomic operation with the BPF_CMPXCHG modifier is fully ordered. However, the current RISC-V JIT lowerings fail to meet such memory ordering property. This is illustrated by the following litmus test: BPF BPF__MP+success_cmpxchg+fence { 0:r1=x; 0:r3=y; 0:r5=1; 1:r2=y; 1:r4=f; 1:r7=x; } P0 | P1 ; *(u64 *)(r1 + 0) = 1 | r1 = *(u64 *)(r2 + 0) ; r2 = cmpxchg_64 (r3 + 0, r4, r5) | r3 = atomic_fetch_add((u64 *)(r4 + 0), r5) ; | r6 = *(u64 *)(r7 + 0) ; exists (1:r1=1 /\ 1:r6=0) whose "exists" clause is not satisfiable according to the BPF memory model. Using the current RISC-V JIT lowerings, the test can be mapped to the following RISC-V litmus test: RISCV RISCV__MP+success_cmpxchg+fence { 0:x1=x; 0:x3=y; 0:x5=1; 1:x2=y; 1:x4=f; 1:x7=x; } P0 | P1 ; sd x5, 0(x1) | ld x1, 0(x2) ; L00: | amoadd.d.aqrl x3, x5, 0(x4) ; lr.d x2, 0(x3) | ld x6, 0(x7) ; bne x2, x4, L01 | ; sc.d x6, x5, 0(x3) | ; bne x6, x4, L00 | ; fence rw, rw | ; L01: | ; exists (1:x1=1 /\ 1:x6=0) where the two stores in P0 can be reordered. Update the RISC-V JIT lowerings/implementation of BPF_CMPXCHG to emit an SC with RELEASE ("rl") annotation in order to meet the expected memory ordering guarantees. The resulting RISC-V JIT lowerings of BPF_CMPXCHG match the RISC-V lowerings of the C atomic_cmpxchg(). Other lowerings were fixed via 20a759df3b ("riscv, bpf: make some atomic operations fully ordered"). Fixes: dd642ccb45 ("riscv, bpf: Implement more atomic operations for RV64") Signed-off-by: Andrea Parri <parri.andrea@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Reviewed-by: Puranjay Mohan <puranjay@kernel.org> Acked-by: Björn Töpel <bjorn@kernel.org> Link: https://lpc.events/event/18/contributions/1949/attachments/1665/3441/bpfmemmodel.2024.09.19p.pdf [1] Link: https://lore.kernel.org/bpf/20241017143628.2673894-1-parri.andrea@gmail.com Signed-off-by: Sasha Levin <sashal@kernel.org>		2024-11-01 01:58:25 +01:00
..
boot	riscv: dts: starfive: add assigned-clock* to limit frquency	2024-09-18 19:24:10 +02:00
configs	Kbuild updates for v6.6	2023-09-05 11:01:47 -07:00
errata	riscv: errata: andes: Probe for IOCP only once in boot stage	2023-12-13 18:45:19 +01:00
include	RISC-V: Don't have MAX_PHYSMEM_BITS exceed phys_addr_t	2024-10-17 15:24:17 +02:00
kernel	riscv/kexec_file: Fix relocation type R_RISCV_ADD16 and R_RISCV_SUB16 unknown	2024-10-17 15:24:18 +02:00
kvm	RISC-V: KVM: Fix sbiret init before forwarding to userspace	2024-10-04 16:28:51 +02:00
lib	riscv: uaccess: Return the number of bytes effectively not copied	2023-08-16 07:30:06 -07:00
mm	membarrier: riscv: Add full memory barrier in switch_mm()	2024-09-12 11:11:45 +02:00
net	riscv, bpf: Make BPF_CMPXCHG fully ordered	2024-11-01 01:58:25 +01:00
purgatory	riscv/purgatory: Disable CFI	2023-08-23 14:16:40 -07:00
tools	riscv: Check relocations at compile time	2023-04-19 07:46:32 -07:00
Kbuild	kexec: rename ARCH_HAS_KEXEC_PURGATORY	2023-08-18 10:18:54 -07:00
Kconfig	riscv: Fix kernel stack size when KASAN is enabled	2024-10-10 11:57:53 +02:00
Kconfig.debug
Kconfig.errata	riscv: only select DMA_DIRECT_REMAP from RISCV_ISA_ZICBOM and ERRATA_THEAD_PBMT	2023-10-26 09:42:38 +02:00
Kconfig.socs	riscv: Kconfig: Add select ARM_AMBA to SOC_STARFIVE	2023-12-13 18:45:35 +01:00
Makefile	kbuild: unify vdso_install rules	2024-06-12 11:12:32 +02:00
Makefile.postlink	riscv: Use --emit-relocs in order to move .rela.dyn in init	2023-04-19 07:46:33 -07:00