| Message ID | 20230214232030.1502829-1-eddyz87@gmail.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | Improvements for BPF_ST tracking by verifier | expand |
Hello: This series was applied to bpf/bpf-next.git (master) by Alexei Starovoitov <ast@kernel.org>: On Wed, 15 Feb 2023 01:20:26 +0200 you wrote: > This patch-set is a part of preparation work for -mcpu=v4 option for > BPF C compiler (discussed in [1]). Among other things -mcpu=v4 should > enable generation of BPF_ST instruction by the compiler. > > - Patches #1,2 adjust verifier to track values of constants written to > stack using BPF_ST. Currently these are tracked imprecisely, unlike > the writes using BPF_STX, e.g.: > > [...] Here is the summary with links: - [bpf-next,v2,1/4] bpf: track immediate values written to stack by BPF_ST instruction https://git.kernel.org/bpf/bpf-next/c/ecdf985d7615 - [bpf-next,v2,2/4] selftests/bpf: check if verifier tracks constants spilled by BPF_ST_MEM https://git.kernel.org/bpf/bpf-next/c/1a24af65bb5f - [bpf-next,v2,3/4] bpf: BPF_ST with variable offset should preserve STACK_ZERO marks https://git.kernel.org/bpf/bpf-next/c/31ff2135121c - [bpf-next,v2,4/4] selftests/bpf: check if BPF_ST with variable offset preserves STACK_ZERO https://git.kernel.org/bpf/bpf-next/c/2a33c5a25ef4 You are awesome, thank you!
This patch-set is a part of preparation work for -mcpu=v4 option for BPF C compiler (discussed in [1]). Among other things -mcpu=v4 should enable generation of BPF_ST instruction by the compiler. - Patches #1,2 adjust verifier to track values of constants written to stack using BPF_ST. Currently these are tracked imprecisely, unlike the writes using BPF_STX, e.g.: fp[-8] = 42; currently verifier assumes that fp[-8]=mmmmmmmm after such instruction, where m stands for "misc", just a note that something is written at fp[-8]. r1 = 42; verifier tracks r1=42 after this instruction. fp[-8] = r1; verifier tracks fp[-8]=42 after this instruction. This patch makes both cases equivalent. - Patches #3,4 adjust verifier.c:check_stack_write_fixed_off() to preserve STACK_ZERO marks when BPF_ST writes zero. Currently these are replaced by STACK_MISC, unlike zero writes using BPF_STX, e.g.: ... stack range [X,Y] is marked as STACK_ZERO ... r0 = ... variable offset pointer to stack with range [X,Y] ... fp[r0] = 0; currently verifier marks range [X,Y] as STACK_MISC for such instructions. r1 = 0; fp[r0] = r1; verifier keeps STACK_ZERO marks for range [X,Y]. This patch makes both cases equivalent. Motivating example for patch #1 could be found at [3]. Previous version of the patch-set is here [2], the changes are: - Explicit initialization of fake register parent link is removed from verifier.c:check_stack_write_fixed_off() as parent links are now correctly handled by verifier.c:save_register_state(). - Original patch #1 is split in patches #1 & #3. - Missing test case added for patch #3 verifier.c:check_stack_write_fixed_off() adjustment. - Test cases are updated to use .prog_type = BPF_PROG_TYPE_SK_LOOKUP, which requires return value to be in the range [0,1] (original test cases assumed that such range is always required, which is not true). - Original patch #3 with changes allowing BPF_ST writes to context is withheld for now, w/o compiler support for BPF_ST it requires some creative testing. - Original patch #5 is removed from the patch-set. This patch contained adjustments to expected verifier error messages in some tests, necessary when C compiler generates BPF_ST instruction instead of BPF_STX (changes to expected instruction indices). These changes are not necessary yet. [1] https://lore.kernel.org/bpf/01515302-c37d-2ee5-c950-2f556a4caad0@meta.com/ [2] https://lore.kernel.org/bpf/20221231163122.1360813-1-eddyz87@gmail.com/ [3] https://lore.kernel.org/bpf/f1e4282bf00aa21a72fc5906f8c3be1ae6c94a5e.camel@gmail.com/ Eduard Zingerman (4): bpf: track immediate values written to stack by BPF_ST instruction selftests/bpf: check if verifier tracks constants spilled by BPF_ST_MEM bpf: BPF_ST with variable offset should preserve STACK_ZERO marks selftests/bpf: check if BPF_ST with variable offset preserves STACK_ZERO kernel/bpf/verifier.c | 22 +++- .../bpf/verifier/bounds_mix_sign_unsign.c | 110 ++++++++++-------- .../selftests/bpf/verifier/bpf_st_mem.c | 67 +++++++++++ 3 files changed, 150 insertions(+), 49 deletions(-) create mode 100644 tools/testing/selftests/bpf/verifier/bpf_st_mem.c