On 28/06/17 22:37, Alexei Starovoitov wrote:
> Increasing the limit is must have, since pruning suffered so much.
> Going from 53k to 76k is pretty substantial.
> What is the % increase for tests in selftests/ ?
When I tried to measure the test_verifier tests, they changed hardly at
all, only a
Fix out-of-date comment.
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
drivers/net/ethernet/sfc/mcdi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/sfc/mcdi.c b/drivers/net/ethernet/sfc/mcdi.c
index 00cd6a2..3df872f 100644
--- a/drive
From: Jon Cooper <jcoo...@solarflare.com>
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
drivers/net/ethernet/sfc/mcdi.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/sfc/mcdi.c b/drivers/net/ethernet/sfc/mcdi.c
index b942245..00
Giving the full MCDI event rather than just the code can aid in
debugging. While fixing this I noticed an outdated comment.
Edward Cree (1):
sfc: correct comment on efx_mcdi_process_event
Jon Cooper (1):
sfc: change Unknown MCDI event message to print full event.
drivers/net/ethernet/sfc
based on a patch by Josef Bacik
<jba...@fb.com>.
Build-tested only. Applies on top of patches 1-3.
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
include/linux/bpf_verifier.h | 5 +-
kernel/bpf/verifier.c| 179 ++-
2 files
8bf46d ("sfc: fix filter_id misinterpretation in edge case")
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
drivers/net/ethernet/sfc/ef10.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/sfc/ef10.c b/drivers/net/ethernet/sfc/ef10.c
r0 = 0
> 12: (95) exit
>
> Prevent this by checking xadd src reg for pointer types. Also
> add a couple of test cases related to this.
>
> Fixes: 1be7f75d1668 ("bpf: enable non-root eBPF programs")
> Fixes: 17a5267067f3 ("bpf: verifier (add verifier core)")
> Signed-off-by: Daniel Borkmann <dan...@iogearbox.net>
Acked-by: Edward Cree <ec...@solarflare.com>
On 30/06/17 19:15, Alexei Starovoitov wrote:
> On 6/30/17 9:44 AM, Edward Cree wrote:
>> I haven't measured the test_progs ones, because I *still* haven't gotten
>> around to actually setting up a BPF toolchain (it doesn't help that I'm
>> building everything on a test serv
On 04/07/17 20:22, Edward Cree wrote:
> I don't know why test_l4lb has to process _fewer_ insns with my patches;
> if anything I'm worrying that I may be incorrectly pruning branches.
> (I've spotted a possible bug in that I'm not looking at 'id' which,
> although it doesn't h
On 28/06/17 14:50, Daniel Borkmann wrote:
> Hi Edward,
>
> Did you also have a chance in the meantime to look at reducing complexity
> along with your unification? I did run the cilium test suite with your
> latest set from here and current # worst case processed insns that
> verifier has to go
On 28/06/17 16:15, Daniel Borkmann wrote:
> On 06/27/2017 02:56 PM, Edward Cree wrote:
>> Tracks value alignment by means of tracking known & unknown bits.
>> Tightens some min/max value checks and fixes a couple of bugs therein.
>
> You mean the one in relation to
On 08/08/17 20:50, Tom Herbert wrote:
> It's a tradeoff. The nice thing about using strings is that we don't
> need maintain a universal enum.
Hmm, that makes it sound as though you're intending for random out-of-tree
modules to add these things; since if they're in-tree it's easy for them
to
On 07/08/17 00:35, Daniel Borkmann wrote:
> On 08/03/2017 06:11 PM, Edward Cree wrote:
>> Unifies adjusted and unadjusted register value types (e.g. FRAME_POINTER is
>> now just a PTR_TO_STACK with zero offset).
>> Tracks value alignment by means of tracking known & unkn
RFC tags.
v2: fixed nfp build, made test_align pass again and extended it with a few
new tests (though still need to add more).
Edward Cree (12):
bpf/verifier: rework value tracking
bpf/verifier: track signed and unsigned min/max values
bpf/verifier: more concise register state l
obably not necessary, it makes the code more
straightforward and symmetrical between signed and unsigned bounds.
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
include/linux/bpf_verifier.h | 23 +-
include/linux/tnum.h | 2 +
kernel/bpf/tnum.c| 16 +
kernel/bpf/verifier.c
Some of the verifier's error messages have changed, and some constructs
that previously couldn't be verified are now accepted.
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
tools/testing/selftests/bpf/test_verifier.c | 332 +---
1 file changed, 152 inse
ed to match the new
data structures.
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
drivers/net/ethernet/netronome/nfp/bpf/verifier.c | 24 +-
include/linux/bpf.h | 34 +-
include/linux/bpf_verifier.h | 34 +-
inc
.)
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
tools/testing/selftests/bpf/test_align.c | 225 ++-
1 file changed, 132 insertions(+), 93 deletions(-)
diff --git a/tools/testing/selftests/bpf/test_align.c
b/tools/testing/selftests/bpf/test_align.c
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
kernel/bpf/verifier.c | 46 +++---
1 file changed, 27 insertions(+), 19 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 7557800..08a6fa0 100644
--- a/kernel/bpf/veri
New test adds 14 to the unknown value before adding to the packet pointer,
meaning there's no 'fixed offset' field and instead we add into the
var_off, yielding a '4n+2' value.
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
tools/testing/selftests/bpf/test_align.
Tests non-add/sub operations (AND, LSH) on pointers decaying them to
unknown scalars.
Also tests that a pkt_ptr add which could potentially overflow is rejected
(find_good_pkt_pointers ignores it and doesn't give us any reg->range).
Signed-off-by: Edward Cree <ec...@solarflare.com>
-
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
tools/testing/selftests/bpf/test_align.c | 104 +++
1 file changed, 104 insertions(+)
diff --git a/tools/testing/selftests/bpf/test_align.c
b/tools/testing/selftests/bpf/test_align.c
index b081683..8591c89
ve
us any reg->range).
Increase the shifts by one so that R2 is now mask 0x7fff instead of
mask 0x.
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
tools/testing/selftests/bpf/test_verifier.c | 16
1 file changed, 8 insertions(+), 8 deletions(-)
diff --
Also bring the eBPF documentation up to date in other ways.
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
Documentation/networking/filter.txt | 122 ++--
1 file changed, 104 insertions(+), 18 deletions(-)
diff --git a/Documentation/networking/filt
Variable ctx accesses and stack accesses aren't allowed, because we can't
determine what type of value will be read.
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
tools/testing/selftests/bpf/test_verifier.c | 41 +
1 file changed, 41 insertions(+)
diff
The more detailed value tracking can reduce the effectiveness of pruning
for some programs. So, to avoid rejecting previously valid programs, up
the limit to 128kinsns. Hopefully we will be able to bring this back
down later by improving pruning performance.
Signed-off-by: Edward Cree <
On 22/08/17 16:42, Alexei Starovoitov wrote:
> On 8/22/17 6:27 AM, Edward Cree wrote:
>> static bool do_propagate_liveness(const struct bpf_verifier_state *state,
>>struct bpf_verifier_state *parent)
>> {
>> @@ -3457,6 +3463,15 @@ static bool
On 22/08/17 16:24, Alexei Starovoitov wrote:
> On 8/22/17 6:27 AM, Edward Cree wrote:
>> The fact that writes occurred in reaching the continuation state does
>> not screen off its reads from us, because we're not really its parent.
>> So detect 'not really the parent' in
On 22/08/17 16:50, Edward Cree wrote:
> On 22/08/17 16:24, Alexei Starovoitov wrote:
>> Do you have a test case for this by any chance?
> I think something like
> if (cond)
> r0=0;
> if (cond)
> r0=0;
> return r0;
> might tickle the bug,
changes in that patch mean that its original behaviour (ignore
min/max values) cannot be restored.
Tests on a sample set of cilium programs show no change in count of
processed instructions.
Fixes: f1174f77b50c ("bpf/verifier: rework value tracking")
Signed-off-by: Edward Cree <ec...@s
eness for pruning")
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
kernel/bpf/verifier.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index e42c096..fdbaa60 100644
--- a/kernel/bpf/verifier.c
+++ b/kerne
larflare.com: added test-name and patch description]
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
tools/testing/selftests/bpf/test_verifier.c | 28
1 file changed, 28 insertions(+)
diff --git a/tools/testing/selftests/bpf/test_verifier.c
b/tools/tes
):
selftests/bpf: add a test for a pruning bug in the verifier
Edward Cree (4):
selftests/bpf: add a test for a bug in liveness-based pruning
bpf/verifier: when pruning a branch, ignore its write marks
bpf/verifier: remove varlen_map_value_access flag
bpf/verifier: document liveness
ff)) R10=fp0
4: (b7) r0 = 0
5: (95) exit
from 3 to 5: safe
from 1 to 3: safe
processed 8 insns, stack depth 0
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
tools/testing/selftests/bpf/test_verifier.c | 16
1 file changed, 16 insertions(+)
diff --git a/t
The liveness tracking algorithm is quite subtle; add comments to explain it.
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
include/linux/bpf_verifier.h | 13 +
kernel/bpf/verifier.c| 28 +++-
2 files changed, 40 insertions(+), 1 de
On 18/08/17 04:21, Alexei Starovoitov wrote:
> On 8/15/17 12:34 PM, Edward Cree wrote:
>> State of a register doesn't matter if it wasn't read in reaching an exit;
>> a write screens off all reads downstream of it from all explored_states
>> upstream of it.
>> This a
On 11/05/17 17:05, David Miller wrote:
> Add a new field, "prog_flags", and an initial flag value
> BPF_F_STRCIT_ALIGNMENT.
Should this be STRICT?
On 17/05/17 17:13, David Miller wrote:
> Both cases are common in real BPF programs. The offsets really are
> necessary. It's funny because initially I tried to implement this
> without the auxiliary offset and it simply doesn't work. :-)
>
> We always have to track when you've seen the offset
On 17/05/17 15:00, Edward Cree wrote:
> OTOH the 'track known 1s as well' might work in a nice generic way
> and cover all bases, I'll have to experiment a bit with that.
>
> -Ed
So I did some experiments (in Python, script follows) and found that
indeed this does appear to wo
On 16/05/17 23:53, Alexei Starovoitov wrote:
> following this line of thinking it feels that it should be possible
> to get rid of 'aux_off' and 'aux_off_align' and simplify the code.
> I mean we can always do
> dst_reg->min_align = min(dst_reg->min_align, src_reg->min_align);
>
> and don't use
00 ("Falcon") support into new
sfc-falcon driver")
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
drivers/net/ethernet/sfc/nic.h | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/sfc/nic.h b/drivers/net/ethernet/sfc/nic
On 15/05/17 17:04, David Miller wrote:
> If we use 1<<31, then sequences like:
>
> R1 = 0
> R1 <<= 2
>
> do silly things.
Hmm. It might be a bit late for this, but I wonder if, instead of handling
alignments as (1 << align), you could store them as -(1 << align), i.e.
leading 1s
fx_net_open()")
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
This should probably go to stable kernels as well.
drivers/net/ethernet/sfc/ef10_sriov.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/net/ethernet/sfc/ef10_sriov.c
b/drivers/net/ethernet/sfc/ef10
On 18/05/17 15:49, Edward Cree wrote:
> Here's one idea that seemed to work when I did a couple of experiments:
> let A = (a;am), B = (b;bm) where the m are the masks
> Σ = am + bm + a + b
> χ = Σ ^ (a + b) /* unknown carries */
> μ = χ | am | bm /* mask of result */
> then A +
On 18/05/17 01:16, David Miller wrote:
> So, in C, addition (a += b) is something like:
>
> struct bpf_reg_bits {
> u64 zero_bits;
> u64 one_bits;
> };
>
> static void add_update_bits(struct bpf_reg_bits *a, struct bpf_reg_bits *b)
> {
> u64 m_zeros, m_ones, m_all;
>
>
I'm still plugging away at this... it's going to be quite a big patch and
rewrite a lot of stuff (and I'm not sure I'll be able to break it into
smaller bisectable patches).
And of course I have more questions. In check_packet_ptr_add(), we
forbid adding a negative constant to a packet ptr.
On 23/05/17 22:27, Daniel Borkmann wrote:
> On 05/23/2017 09:45 PM, Alexei Starovoitov wrote:
>> On 5/23/17 7:41 AM, Edward Cree wrote:
>>> Hmm, that means that we can't do arithmetic on a
>>> PTR_TO_MAP_VALUE_OR_NULL, we have to convert it to a PTR_TO_MAP_VALUE
Another issue: it looks like the min/max_value handling for subtraction is
bogus. In adjust_reg_min_max_vals() we have
if (dst_reg->min_value != BPF_REGISTER_MIN_RANGE)
dst_reg->min_value -= min_val;
if (dst_reg->max_value != BPF_REGISTER_MAX_RANGE)
dst_reg->max_value -=
Implementations (still in Python for now) at
https://gist.github.com/ecree-solarflare/0665d5b46c2d8d08de2377fbd527de8d
(I left out division, because it's so weak.)
I still can't prove + and - are correct, but they've passed every test
case I've come up with so far. * seems pretty obviously
On 19/05/17 15:55, Alexei Starovoitov wrote:
> On 5/19/17 7:21 AM, Edward Cree wrote:
>> I'm currently translating the algos to C. But for the kernel patch,
>> I'll need to read & understand the existing verifier code, so it
>> might take a while :) (I don't suppose th
On 19/05/17 02:22, Alexei Starovoitov wrote:
> In your .py I'd only change __str__(self) to print them in mask,value
> as the order they're passed into constructor to make it easier to read.
Actually I was going to go the other way and change the ctor to take
value,mask. But I agree they're
Well, I've managed to get somewhat confused by reg->id.
In particular, I'm unsure which bpf_reg_types can have an id, and what
exactly it means. There seems to be some code that checks around map value
pointers, which seems strange as maps have fixed sizes (and the comments in
enum
On 18/05/17 03:48, Alexei Starovoitov wrote:
> Would it be easier to represent this logic via (mask_of_unknown, value)
> instead of (mask0, mask1) ?
Yes, I like this.
> As far as upper bits we can tweak the algorithm to eat into
> one or more bits of known bits due to carry.
> Like
> 00xx11 +
A couple of the tests in tools/testing/selftests/bpf/test_verifier.c seem to be
bogus: Test "multiple registers share map_lookup_elem bad reg type" is supposed
to
error with "R3 invalid mem access 'inv'", but from my reading of it, R3 gets
loaded with a map_value_or_null, that later gets
On 08/06/17 03:32, Alexei Starovoitov wrote:
> On Wed, Jun 07, 2017 at 03:58:31PM +0100, Edward Cree wrote:
>> +/* Arithmetic and logical ops */
>> +/* Shift a tnum left (by a fixed shift) */
>> +struct tnum tn_sl(struct tnum a, u8 shift);
>> +/* Shift a tnum right (by a
On 08/06/17 19:41, Alexei Starovoitov wrote:
> On Thu, Jun 08, 2017 at 06:12:39PM +0100, Edward Cree wrote:
>> On 08/06/17 17:50, Alexei Starovoitov wrote:
>>> On Thu, Jun 08, 2017 at 04:25:39PM +0100, Edward Cree wrote:
>>>> On 08/06/17 03:35, Alexei Starovoito
On 08/06/17 03:35, Alexei Starovoitov wrote:
> such large back and forth move doesn't help reviewing.
> may be just merge it into previous patch?
> Or keep that function in the right place in patch 2 already?
I think 'diff' got a bit confused, and maybe with different options I could
have got it
On 08/06/17 03:40, Alexei Starovoitov wrote:
> On Wed, Jun 07, 2017 at 03:59:25PM +0100, Edward Cree wrote:
>> Allows us to, sometimes, combine information from a signed check of one
>> bound and an unsigned check of the other.
>> We now track the full range of possibl
On 08/06/17 03:43, Alexei Starovoitov wrote:
> On Wed, Jun 07, 2017 at 04:00:02PM +0100, Edward Cree wrote:
>> Some of the verifier's error messages have changed, and some constructs
>> that previously couldn't be verified are now accepted.
>>
>> Signed-off-by: Edward
On 08/06/17 17:50, Alexei Starovoitov wrote:
> On Thu, Jun 08, 2017 at 04:25:39PM +0100, Edward Cree wrote:
>> On 08/06/17 03:35, Alexei Starovoitov wrote:
>>> such large back and forth move doesn't help reviewing.
>>> may be just merge it into previous patch
On 08/06/17 17:45, Alexei Starovoitov wrote:
> On Thu, Jun 08, 2017 at 03:53:36PM +0100, Edward Cree wrote:
>>>>
>>>> - } else if (reg->type == FRAME_PTR || reg->type == PTR_TO_STACK) {
>>>> + } else if (reg->type == PTR_TO_STACK) {
>>>
On 05/06/17 19:47, Josef Bacik wrote:
> On Mon, Jun 05, 2017 at 11:11:05AM -0700, Alexei Starovoitov wrote:
>> Do you have an asm test case that demonstrates that?
> From here we want to exploit the fact that false_reg->min_value is not
> necessarily correct, but in order to do that we need to get
ral data structure, I'm not really sure how to go
about splitting it up further without producing broken intermediate states.
With the changes in patch 5/5, all tools/testing/selftests/bpf/test_verifier
tests pass.
Edward Cree (5):
selftests/bpf: add test for mixed signed and unsigned bounds che
Currently fails due to bug in verifier bounds handling.
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
tools/testing/selftests/bpf/test_verifier.c | 26 ++
1 file changed, 26 insertions(+)
diff --git a/tools/testing/selftests/bpf/test_verifier.c
b/tools/t
obably not necessary, it makes the code more
straightforward and symmetrical between signed and unsigned bounds.
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
include/linux/bpf_verifier.h | 22 +-
kernel/bpf/verifier.c| 661 +--
2 files
Some of the verifier's error messages have changed, and some constructs
that previously couldn't be verified are now accepted.
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
tools/testing/selftests/bpf/test_verifier.c | 226 ++--
1 file changed, 116 inse
Tracks value alignment by means of tracking known & unknown bits.
Tightens some min/max value checks and fixes a couple of bugs therein.
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
include/linux/bpf.h | 34 +-
include/linux/bpf_verifier.h | 40 +-
include/li
If pointer leaks are allowed, and adjust_ptr_min_max_vals returns -EACCES,
treat the pointer as an unknown scalar and try again, because we might be
able to conclude something about the result (e.g. pointer & 0x40 is either
0 or 0x40).
Signed-off-by: Edward Cree <ec...@solarfl
ing/selftests/bpf/test_verifier
and tools/testing/selftests/bpf/test_align pass.
v2: fixed nfp build, made test_align pass again and extended it with a few
new tests (though still need to add more).
Edward Cree (10):
selftests/bpf: add test for mixed signed and unsigned bounds checks
"direct packet access: test2" was potentially reading four bytes from
pkt + 0x, which could take it past the verifier's limit, causing
the program to be rejected.
Increase the shifts by one so that R2 is now mask 0x7fff instead of
mask 0x.
Signed-off-by: Edwar
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
drivers/net/ethernet/netronome/nfp/bpf/verifier.c | 24 +--
kernel/bpf/tnum.c | 1 +
2 files changed, 15 insertions(+), 10 deletions(-)
diff --git a/drivers/net/ethernet/netronome/n
able to conclude something about the result (e.g. pointer & 0x40 is either
0 or 0x40).
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
include/linux/bpf.h | 34 +-
include/linux/bpf_verifier.h | 40 +-
include/linux/tnum.h | 79 ++
kernel/bpf/Makefile |
obably not necessary, it makes the code more
straightforward and symmetrical between signed and unsigned bounds.
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
include/linux/bpf_verifier.h | 22 +-
include/linux/tnum.h | 2 +
kernel/bpf/tnum.c| 16 +
kernel/bpf/verifier.c
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
kernel/bpf/verifier.c | 46 +++---
1 file changed, 27 insertions(+), 19 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 15433f6..cef882c 100644
--- a/kernel/bpf/veri
Tests non-add/sub operations (AND, LSH) on pointers decaying them to
unknown scalars.
Also tests that a pkt_ptr add which could potentially overflow is rejected
(find_good_pkt_pointers ignores it and doesn't give us any reg->range).
Signed-off-by: Edward Cree <ec...@solarflare.com>
-
Some of the verifier's error messages have changed, and some constructs
that previously couldn't be verified are now accepted.
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
tools/testing/selftests/bpf/test_verifier.c | 226 ++--
1 file changed, 116 inse
New test adds 14 to the unknown value before adding to the packet pointer,
meaning there's no 'fixed offset' field and instead we add into the
var_off, yielding a '4n+2' value.
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
tools/testing/selftests/bpf/test_align.
.)
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
tools/testing/selftests/bpf/test_align.c | 225 ++-
1 file changed, 132 insertions(+), 93 deletions(-)
diff --git a/tools/testing/selftests/bpf/test_align.c
b/tools/testing/selftests/bpf/test_align.c
Currently fails due to bug in verifier bounds handling.
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
tools/testing/selftests/bpf/test_verifier.c | 26 ++
1 file changed, 26 insertions(+)
diff --git a/tools/testing/selftests/bpf/test_verifier.c
b/tools/t
On 05/06/17 08:06, Y Song wrote:
> On Fri, Jun 2, 2017 at 7:42 AM, Edward Cree <ec...@solarflare.com> wrote:
>> Test "helper access to variable memory: stack, bitwise AND + JMP, correct
>> bounds" is listed as expected to pass, but it passes zero in the 'size'
bpf/test_align pass.
v3: added a few more tests; removed RFC tags.
v2: fixed nfp build, made test_align pass again and extended it with a few
new tests (though still need to add more).
Edward Cree (12):
selftests/bpf: add test for mixed signed and unsigned bounds checks
bpf/verifier: rew
.)
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
tools/testing/selftests/bpf/test_align.c | 225 ++-
1 file changed, 132 insertions(+), 93 deletions(-)
diff --git a/tools/testing/selftests/bpf/test_align.c
b/tools/testing/selftests/bpf/test_align.c
Some of the verifier's error messages have changed, and some constructs
that previously couldn't be verified are now accepted.
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
tools/testing/selftests/bpf/test_verifier.c | 226 ++--
1 file changed, 116 inse
"direct packet access: test2" was potentially reading four bytes from
pkt + 0x, which could take it past the verifier's limit, causing
the program to be rejected.
Increase the shifts by one so that R2 is now mask 0x7fff instead of
mask 0x.
Signed-off-by: Edwar
Variable ctx accesses and stack accesses aren't allowed, because we can't
determine what type of value will be read.
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
tools/testing/selftests/bpf/test_verifier.c | 41 +
1 file changed, 41 insertions(+)
diff
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
tools/testing/selftests/bpf/test_align.c | 104 +++
1 file changed, 104 insertions(+)
diff --git a/tools/testing/selftests/bpf/test_align.c
b/tools/testing/selftests/bpf/test_align.c
index dfd96c6..6bc2ceb
Tests non-add/sub operations (AND, LSH) on pointers decaying them to
unknown scalars.
Also tests that a pkt_ptr add which could potentially overflow is rejected
(find_good_pkt_pointers ignores it and doesn't give us any reg->range).
Signed-off-by: Edward Cree <ec...@solarflare.com>
-
Currently fails due to bug in verifier bounds handling.
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
tools/testing/selftests/bpf/test_verifier.c | 26 ++
1 file changed, 26 insertions(+)
diff --git a/tools/testing/selftests/bpf/test_verifier.c
b/tools/t
New test adds 14 to the unknown value before adding to the packet pointer,
meaning there's no 'fixed offset' field and instead we add into the
var_off, yielding a '4n+2' value.
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
tools/testing/selftests/bpf/test_align.
able to conclude something about the result (e.g. pointer & 0x40 is either
0 or 0x40).
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
include/linux/bpf.h | 34 +-
include/linux/bpf_verifier.h | 40 +-
include/linux/tnum.h | 79 ++
kernel/bpf/Makefile |
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
drivers/net/ethernet/netronome/nfp/bpf/verifier.c | 24 +--
kernel/bpf/tnum.c | 1 +
2 files changed, 15 insertions(+), 10 deletions(-)
diff --git a/drivers/net/ethernet/netronome/n
obably not necessary, it makes the code more
straightforward and symmetrical between signed and unsigned bounds.
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
include/linux/bpf_verifier.h | 22 +-
include/linux/tnum.h | 2 +
kernel/bpf/tnum.c| 16 +
kernel/bpf/verifier.c
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
kernel/bpf/verifier.c | 46 +++---
1 file changed, 27 insertions(+), 19 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index d45c1d1..3e1df75 100644
--- a/kernel/bpf/veri
Neither ___bpf_prog_run nor the JITs accept it.
Also adds a new test case.
Fixes: 17a5267067f3 ("bpf: verifier (add verifier core)")
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
kernel/bpf/verifier.c | 3 ++-
tools/testing/selftests/bpf/test
On 15/09/17 17:02, Alexei Starovoitov wrote:
> On Thu, Sep 14, 2017 at 09:33:48AM -0600, Shuah Khan wrote:
>> Is bpf test intended to be run in kselftest run? The clang dependency might
>> not be met on majority of the systems. Is this a hard dependency??
> It is a hard dependency and clang should
print_bpf_insn() was treating all BPF_ALU[64] the same, but BPF_END has a
different structure: it has a size in insn->imm (even if it's BPF_X) and
uses the BPF_SRC (X or K) to indicate which endianness to use. So it
needs different code to print it.
Signed-off-by: Edward Cree
On 21/09/17 16:52, Alexei Starovoitov wrote:
> On Thu, Sep 21, 2017 at 04:09:34PM +0100, Edward Cree wrote:
>> print_bpf_insn() was treating all BPF_ALU[64] the same, but BPF_END has a
>> different structure: it has a size in insn->imm (even if it's BPF_X) and
>>
("bpf: verifier (add verifier core)")
Signed-off-by: Edward Cree <ec...@solarflare.com>
---
kernel/bpf/verifier.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 477b693..799b245 100644
--- a/kernel/bpf/verifie
On 22/09/17 00:11, Y Song wrote:
> On Thu, Sep 21, 2017 at 12:58 PM, Edward Cree <ec...@solarflare.com> wrote:
>> On 21/09/17 20:44, Alexei Starovoitov wrote:
>>> On Thu, Sep 21, 2017 at 09:29:33PM +0200, Daniel Borkmann wrote:
>>>> More intuitive, but agre
On 22/09/17 16:16, Alexei Starovoitov wrote:
> looks like we're converging on
> "be16/be32/be64/le16/le32/le64 #register" for BPF_END.
> I guess it can live with that. I would prefer more C like syntax
> to match the rest, but llvm parsing point is a strong one.
Yep, agreed. I'll post a v2 once
301 - 400 of 688 matches
Mail list logo