On Wed, Dec 05, 2018 at 03:32:50PM +0000, Jiong Wang wrote:
> On 05/12/2018 14:52, Edward Cree wrote:
> > On 05/12/18 09:46, Jiong Wang wrote:
> > > There is NO processed instruction number regression, either with or
> > > without
> > > -mattr=+alu32.
> > <snip>
> > > Cilium bpf
> > > ===
> > > bpf_lb-DLB_L3.o 2110/2110 1730/1733
> > That looks like a regression of 3 insns in the 32-bit case.
> > May be worth investigating why.
>
> Will look into this.
>
> >
> > > + dst_reg = insn->dst_reg;
> > > + regs[dst_reg] = regs[src_reg];
> > > + if (BPF_CLASS(insn->code) == BPF_ALU) {
> > > + /* Update type and range info. */
> > > + regs[dst_reg].type = SCALAR_VALUE;
> > > + coerce_reg_to_size(®s[dst_reg], 4);
> > Won't this break when handed a pointer (as root, so allowed to leak
> > it)? E.g. (pointer + x) gets turned into scalar x, rather than
> > unknown scalar in range [0, 0xffffffff].
>
> Initially I was gating this to scalar_value only, later was thinking it
> could be extended to ptr case if ptr leak is allowed.
>
> But, your comment remind me min/max value doesn't mean real min/max value
> for ptr types value, it means the offset only if I am understanding the
> issue correctly. So, it will break pointer case.
correct. In case of is_pointer_value() && root -> mark_reg_unknown() has to be
called
The explanation of additional 3 steps from another email makes sense to me.
Can you take a look why it helps default (llvm alu64) case too ?
bpf_overlay.o 3096/2898
Thanks
