> This patchset addresses numerous bugs in the BPF verifier's abstract
> interpretation logic and introduces a new validation debugger API to
> enable precise, robust testing of the verifier itself.
>
> While the existing DPDK eBPF verifier is capable of checking basic
> execution graph loops and dead code, the mathematical tracking of
> register bounds (both signed and unsigned) contained flaws resulting in
> false positives and false negatives, undefined behavior, and hardware
> exceptions such as SIGFPE during validation.
>
> To resolve these issues and ensure they do not regress, this patchset
> first introduces the "Validation Debugger API"
> (`rte_bpf_validate_debug_*`). This gdb-like interface allows setting
> breakpoints and catchpoints during the validation process to inspect the
> verifier's internal state.
>
> Using this new API, a comprehensive test harness
> (`app/test/test_bpf_validate.c`) was created to formally check the
> abstract domains of instructions across all their valid branches. The
> remainder of the patchset incrementally fixes the math and bounds logic
> for individual eBPF instructions, using the new tests to prove the
> correctness of the fixes.
>
> This debugger API also lays the foundation for an interactive eBPF
> validation debugger to be introduced in the future.
>
> Depends-on: series-38068 ("bpf: introduce extensible load API")
>
> Marat Khalili (25):
> bpf: format and dump jlt, jle, jslt, and jsle
> bpf: add format instruction function
> bpf/validate: break on error in evaluate
> bpf/validate: expand comments in evaluate cycle
> bpf/validate: introduce debugging interface
> bpf/validate: fix BPF_ADD of pointer to a scalar
> bpf/validate: fix BPF_LDX | EBPF_DW signed range
> test/bpf_validate: add setup and basic tests
> test/bpf_validate: add harness for pointer tests
> bpf/validate: fix EBPF_JSLT | BPF_X evaluation
> bpf/validate: fix BPF_NEG of INT64_MIN and 0
> bpf/validate: fix BPF_DIV and BPF_MOD signed part
> bpf/validate: fix BPF_MUL ranges minimum typo
> bpf/validate: fix BPF_MUL signed overflow UB
> bpf/validate: fix BPF_JGT/EBPF_JSGT no-jump max
> bpf/validate: fix BPF_JMP source range calculation
> bpf/validate: fix BPF_JMP empty range handling
> bpf/validate: fix BPF_AND min calculations
> bpf/validate: fix BPF_LSH shift-out-of-bounds UB
> bpf/validate: fix BPF_OR min calculations
> bpf/validate: fix BPF_SUB signed max zero case
> bpf/validate: fix BPF_XOR signed min calculation
> bpf/validate: prevent overflow when building graph
> doc: add release notes for BPF validation fixes
> doc: add BPF validate debug to programmer's guide
>
> app/test/meson.build | 1 +
> app/test/test_bpf.c | 99 ++
> app/test/test_bpf_validate.c | 2271 ++++++++++++++++++++++++
> doc/guides/prog_guide/bpf_lib.rst | 31 +
> doc/guides/rel_notes/release_26_07.rst | 16 +
> lib/bpf/bpf_dump.c | 292 +--
> lib/bpf/bpf_validate.c | 730 +++++++-
> lib/bpf/bpf_validate.h | 54 +
> lib/bpf/bpf_validate_debug.c | 663 +++++++
> lib/bpf/bpf_validate_debug.h | 86 +
> lib/bpf/bpf_value_set.c | 403 +++++
> lib/bpf/bpf_value_set.h | 126 ++
> lib/bpf/meson.build | 9 +-
> lib/bpf/rte_bpf.h | 55 +
> lib/bpf/rte_bpf_validate_debug.h | 377 ++++
> 15 files changed, 5016 insertions(+), 197 deletions(-)
> create mode 100644 app/test/test_bpf_validate.c
> create mode 100644 lib/bpf/bpf_validate.h
> create mode 100644 lib/bpf/bpf_validate_debug.c
> create mode 100644 lib/bpf/bpf_validate_debug.h
> create mode 100644 lib/bpf/bpf_value_set.c
> create mode 100644 lib/bpf/bpf_value_set.h
> create mode 100644 lib/bpf/rte_bpf_validate_debug.h
>
> --
I already reviewed these changes offline, as part of our
internal patch acceptance process.
Current version LGMT and addresses all comments I had.
Series-Acked-by: Konstantin Ananyev <[email protected]>
> 2.43.0
