Re: [RFC PATCH net-next 2/5] bpf/verifier: rework value tracking

2017-06-09 Thread Daniel Borkmann
On 06/08/2017 06:45 PM, Alexei Starovoitov wrote: [...] I think Daniel will be happy to test your next rev of the patches. I'll test them as well. At least 'insn_processed' from C code in tools/testing/selftests/bpf/ is a good estimate of how these changes affect pruning. Without having looked

Re: [RFC PATCH net-next 2/5] bpf/verifier: rework value tracking

2017-06-08 Thread Alexei Starovoitov
On Thu, Jun 08, 2017 at 08:38:29PM +0100, Edward Cree wrote: > On 08/06/17 17:45, Alexei Starovoitov wrote: > > On Thu, Jun 08, 2017 at 03:53:36PM +0100, Edward Cree wrote: > > -} else if (reg->type == FRAME_PTR || reg->type == PTR_TO_STACK) > { > +} else if

Re: [RFC PATCH net-next 2/5] bpf/verifier: rework value tracking

2017-06-08 Thread Edward Cree
On 08/06/17 17:45, Alexei Starovoitov wrote: > On Thu, Jun 08, 2017 at 03:53:36PM +0100, Edward Cree wrote: - } else if (reg->type == FRAME_PTR || reg->type == PTR_TO_STACK) { + } else if (reg->type == PTR_TO_STACK) { + /* stack accesses must be at a fixed offset,

Re: [RFC PATCH net-next 2/5] bpf/verifier: rework value tracking

2017-06-08 Thread Alexei Starovoitov
On Thu, Jun 08, 2017 at 03:53:36PM +0100, Edward Cree wrote: > >> > >> - } else if (reg->type == FRAME_PTR || reg->type == PTR_TO_STACK) { > >> + } else if (reg->type == PTR_TO_STACK) { > >> + /* stack accesses must be at a fixed offset, so that we can > >> + * determine

Re: [RFC PATCH net-next 2/5] bpf/verifier: rework value tracking

2017-06-08 Thread Edward Cree
On 08/06/17 03:32, Alexei Starovoitov wrote: > On Wed, Jun 07, 2017 at 03:58:31PM +0100, Edward Cree wrote: >> +/* Arithmetic and logical ops */ >> +/* Shift a tnum left (by a fixed shift) */ >> +struct tnum tn_sl(struct tnum a, u8 shift); >> +/* Shift a tnum right (by a fixed shift) */ >> +struct

Re: [RFC PATCH net-next 2/5] bpf/verifier: rework value tracking

2017-06-07 Thread Alexei Starovoitov
On Wed, Jun 07, 2017 at 03:58:31PM +0100, Edward Cree wrote: > Tracks value alignment by means of tracking known & unknown bits. > Tightens some min/max value checks and fixes a couple of bugs therein. > > Signed-off-by: Edward Cree > --- > include/linux/bpf.h |

[RFC PATCH net-next 2/5] bpf/verifier: rework value tracking

2017-06-07 Thread Edward Cree
Tracks value alignment by means of tracking known & unknown bits. Tightens some min/max value checks and fixes a couple of bugs therein. Signed-off-by: Edward Cree --- include/linux/bpf.h | 34 +- include/linux/bpf_verifier.h | 40 +- include/linux/tnum.h