bpf - add a bunch of static asserts on size/alignment of struct field types

It really turns out that till now we've just been lucky to not have ever used a 64-bit type. See also discussion on: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69560 (and other places on the internet) Bug: 190519702 Test: atest, TreeHugger Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: Ibe74a6f97bdbba490a7848060d07dc3efcee0e68
author: Maciej Żenczykowski <maze@google.com> 2021-07-05 13:51:15 -0700
committer: Maciej Żenczykowski <maze@google.com> 2021-07-05 16:56:22 -0700
commit: df91d2b5b265849eb59fea3721a0d68f4f77edfe (patch)
tree: 3d66d4077a986a69e771583d8656485b5931b1ce /progs
parent: 0bf9219e072401d13b71db519dc7d29455215586 (diff)
download: bpf-df91d2b5b265849eb59fea3721a0d68f4f77edfe.tar.gz
1 files changed, 76 insertions, 11 deletions
diff --git a/progs/include/bpf_map_def.h b/progs/include/bpf_map_def.h
index 0034a35..f51b1c4 100644
--- a/progs/include/bpf_map_def.h
+++ b/progs/include/bpf_map_def.h
@@ -42,16 +42,74 @@
  *                                                                            *
  ******************************************************************************/
 
-// We currently default to v0.1 format
-#ifndef BPFLOADER_VERSION
-#define BPFLOADER_VERSION 1u
-#endif
-
 // These are the values used if these fields are missing
 #define DEFAULT_BPFLOADER_MIN_VER 0u        // v0.0 (this is inclusive ie. >= v0.0)
 #define DEFAULT_BPFLOADER_MAX_VER 0x10000u  // v1.0 (this is exclusive ie. < v1.0)
-#define DEFAULT_SIZEOF_BPF_MAP_DEF 32       // v0.0 struct: enum + alignment padding + 7 uint
-#define DEFAULT_SIZEOF_BPF_PROG_DEF 20      // v0.0 struct: 4 uint + bool + alignment padding
+#define DEFAULT_SIZEOF_BPF_MAP_DEF 32       // v0.0 struct: enum (uint sized) + 7 uint
+#define DEFAULT_SIZEOF_BPF_PROG_DEF 20      // v0.0 struct: 4 uint + bool + 3 byte alignment pad
+
+/*
+ * The bpf_{map,prog}_def structures are compiled for different architectures.
+ * Once by the BPF compiler for the BPF architecture, and once by a C++
+ * compiler for the native Android architecture for the bpfloader.
+ *
+ * For things to work, their layout must be the same between the two.
+ * The BPF architecture is platform independent ('64-bit LSB bpf').
+ * So this effectively means these structures must be the same layout
+ * on 5 architectures, all of them little endian:
+ *   64-bit BPF, x86_64, arm  and  32-bit x86 and arm
+ *
+ * As such for any types we use inside of these structs we must make sure that
+ * the size and alignment are the same, so the same amount of padding is used.
+ *
+ * Currently we only use: bool, enum bpf_map_type and unsigned int.
+ * Additionally we use char for padding.
+ *
+ * !!! WARNING: HERE BE DRAGONS !!!
+ *
+ * Be particularly careful with 64-bit integers.
+ * You will need to manually override their alignment to 8 bytes.
+ *
+ * To quote some parts of https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69560
+ *
+ * Some types have weaker alignment requirements when they are structure members.
+ *
+ * unsigned long long on x86 is such a type.
+ *
+ * C distinguishes C11 _Alignof (the minimum alignment the type is guaranteed
+ * to have in all contexts, so 4, see min_align_of_type) from GNU C __alignof
+ * (the normal alignment of the type, so 8).
+ *
+ * alignof / _Alignof == minimum alignment required by target ABI
+ * __alignof / __alignof__ == preferred alignment
+ *
+ * When in a struct, apparently the minimum alignment is used.
+ */
+
+_Static_assert(sizeof(bool) == 1, "sizeof bool != 1");
+_Static_assert(__alignof__(bool) == 1, "__alignof__ bool != 1");
+_Static_assert(_Alignof(bool) == 1, "_Alignof bool != 1");
+
+_Static_assert(sizeof(char) == 1, "sizeof char != 1");
+_Static_assert(__alignof__(char) == 1, "__alignof__ char != 1");
+_Static_assert(_Alignof(char) == 1, "_Alignof char != 1");
+
+// This basically verifies that an enum is 'just' a 32-bit int
+_Static_assert(sizeof(enum bpf_map_type) == 4, "sizeof enum bpf_map_type != 4");
+_Static_assert(__alignof__(enum bpf_map_type) == 4, "__alignof__ enum bpf_map_type != 4");
+_Static_assert(_Alignof(enum bpf_map_type) == 4, "_Alignof enum bpf_map_type != 4");
+
+// Linux kernel requires sizeof(int) == 4, sizeof(void*) == sizeof(long), sizeof(long long) == 8
+_Static_assert(sizeof(unsigned int) == 4, "sizeof unsigned int != 4");
+_Static_assert(__alignof__(unsigned int) == 4, "__alignof__ unsigned int != 4");
+_Static_assert(_Alignof(unsigned int) == 4, "_Alignof unsigned int != 4");
+
+// We don't currently use any 64-bit types in these structs, so this is purely to document issue.
+// Here sizeof & __alignof__ are consistent, but _Alignof is not: compile for 'aosp_cf_x86_phone'
+_Static_assert(sizeof(unsigned long long) == 8, "sizeof unsigned long long != 8");
+_Static_assert(__alignof__(unsigned long long) == 8, "__alignof__ unsigned long long != 8");
+// BPF wants 8, but 32-bit x86 wants 4
+//_Static_assert(_Alignof(unsigned long long) == 8, "_Alignof unsigned long long != 8");
 
 /*
  * Map structure to be used by Android eBPF C programs. The Android eBPF loader
@@ -80,13 +138,16 @@ struct bpf_map_def {
     unsigned int gid;   // gid_t
     unsigned int mode;  // mode_t
 
-#if BPFLOADER_VERSION >= 1u
     // The following fields were added in version 0.1
     unsigned int bpfloader_min_ver;  // if missing, defaults to 0, ie. v0.0
     unsigned int bpfloader_max_ver;  // if missing, defaults to 0x10000, ie. v1.0
-#endif
 };
 
+// This needs to be updated whenever the above structure definition is expanded.
+_Static_assert(sizeof(struct bpf_map_def) == 40, "sizeof struct bpf_map_def != 40");
+_Static_assert(__alignof__(struct bpf_map_def) == 4, "__alignof__ struct bpf_map_def != 4");
+_Static_assert(_Alignof(struct bpf_map_def) == 4, "_Alignof struct bpf_map_def != 4");
+
 struct bpf_prog_def {
     unsigned int uid;
     unsigned int gid;
@@ -96,10 +157,14 @@ struct bpf_prog_def {
     unsigned int max_kver;
 
     bool optional;  // program section (ie. function) may fail to load, continue onto next func.
+    char pad0[3];
 
-#if BPFLOADER_VERSION >= 1u
     // The following fields were added in version 0.1
     unsigned int bpfloader_min_ver;  // if missing, defaults to 0, ie. v0.0
     unsigned int bpfloader_max_ver;  // if missing, defaults to 0x10000, ie. v1.0
-#endif
 };
+
+// This needs to be updated whenever the above structure definition is expanded.
+_Static_assert(sizeof(struct bpf_prog_def) == 28, "sizeof struct bpf_prog_def != 28");
+_Static_assert(__alignof__(struct bpf_prog_def) == 4, "__alignof__ struct bpf_prog_def != 4");
+_Static_assert(_Alignof(struct bpf_prog_def) == 4, "_Alignof struct bpf_prog_def != 4");
author	Maciej Żenczykowski <maze@google.com>	2021-07-05 13:51:15 -0700
committer	Maciej Żenczykowski <maze@google.com>	2021-07-05 16:56:22 -0700
commit	df91d2b5b265849eb59fea3721a0d68f4f77edfe (patch)
tree	3d66d4077a986a69e771583d8656485b5931b1ce /progs
parent	0bf9219e072401d13b71db519dc7d29455215586 (diff)
download	bpf-df91d2b5b265849eb59fea3721a0d68f4f77edfe.tar.gz