On 04/07/17 20:22, Edward Cree wrote:
> I don't know why test_l4lb has to process _fewer_ insns with my patches;
> if anything I'm worrying that I may be incorrectly pruning branches.
> (I've spotted a possible bug in that I'm not looking at 'id' which,
&
On 04/07/17 23:28, Daniel Borkmann wrote:
> Have you tried with cilium's BPF code? The kernel selftests are quite small,
> so not really pushing processed insns too far. I can send you a BPF obj file
> if that's easier for testing.
Results from the next (in-progress) version of the patch series, wi
On 07/07/17 10:14, Daniel Borkmann wrote:
> But this means the bpf_lxc_* cases increase quite significantly,
> arguably one of them is pretty close already, but the other one not
> so much, meaning while 142k would shoot over the 128k target quite a
> bit, the 95k is quite close to the point that i
On 06/07/17 22:21, Nadav Amit wrote:
> I find it a bit surprising that such huge changes that can affect security
> and robustness are performed in one patch.
In the first version of the series, this was two patches, with "feed
pointer-to-unknown-scalar casts into scalar ALU path" split out from t
On 12/07/17 23:07, Nadav Amit wrote:
> Edward Cree wrote:
>> In this specific case, there was a bug before: if (say) src and dst were
>> both unknown bytes (so range 0 to 255), it would compute the new min and max
>> to be 0, so it would think the result is known to be
I managed to come up with a test for the swapped bounds in BPF_SUB, so here
it is along with a patch that fixes it, separated out from my 'rewrite
everything' series so it can go to -stable.
Edward Cree (2):
selftests/bpf: subtraction bounds test
bpf/verifier: fix min/max h
, 255] (and hence the right-shift will give a range of [0, 255]) and
the accesses will be rejected.
Signed-off-by: Edward Cree
---
tools/testing/selftests/bpf/test_verifier.c | 28
1 file changed, 28 insertions(+)
diff --git a/tools/testing/selftests/bpf/test_verif
We have to subtract the src max from the dst min, and vice-versa, since
(e.g.) the smallest result comes from the largest subtrahend.
Fixes: 484611357c19 ("bpf: allow access into map value arrays")
Signed-off-by: Edward Cree
---
kernel/bpf/verifier.c | 21 +++--
1 fi
On 04/12/17 17:03, Jann Horn wrote:
> As far as I can tell, commit b03c9f9fdc37 ("bpf/verifier: track signed
> and unsigned min/max values") introduced the following effectless bug
> in the BPF_RSH case of adjust_scalar_min_max_vals() (unless that's
> intentional):
>
> `dst_reg->smax_value` is only
On 15/09/17 17:02, Alexei Starovoitov wrote:
> On Thu, Sep 14, 2017 at 09:33:48AM -0600, Shuah Khan wrote:
>> Is bpf test intended to be run in kselftest run? The clang dependency might
>> not be met on majority of the systems. Is this a hard dependency??
> It is a hard dependency and clang should
On 18/08/17 04:21, Alexei Starovoitov wrote:
> On 8/15/17 12:34 PM, Edward Cree wrote:
>> State of a register doesn't matter if it wasn't read in reaching an exit;
>> a write screens off all reads downstream of it from all explored_states
>> upstream of it.
>&
On 19/08/17 00:37, Alexei Starovoitov wrote:
> that '14: safe' above is not correct.
>
> Disabling liveness as:
> @@ -3282,7 +3288,7 @@ static bool regsafe(struct bpf_reg_state *rold,
> struct bpf_reg_state *rcur,
> bool varlen_map_access, struct idpair *idma
On 18/08/17 15:16, Edward Cree wrote:
> On 18/08/17 04:21, Alexei Starovoitov wrote:
>> It seems you're trying to sort-of do per-fake-basic block liveness
>> analysis, but our state_list_marks are not correct if we go with
>> canonical basic block definition, since we mar
On 21/08/17 21:27, Daniel Borkmann wrote:
> On 08/21/2017 08:36 PM, Edward Cree wrote:
>> On 19/08/17 00:37, Alexei Starovoitov wrote:
> [...]
>> I'm tempted to just rip out env->varlen_map_value_access and always check
>> the whole thing, because honestly I do
ince it changes the contents and
semantics of a fairly central data structure, I'm not really sure how to go
about splitting it up further without producing broken intermediate states.
With the changes in patch 5/5, all tools/testing/selftests/bpf/test_verifier
tests pass.
Edward Cree (5):
Currently fails due to bug in verifier bounds handling.
Signed-off-by: Edward Cree
---
tools/testing/selftests/bpf/test_verifier.c | 26 ++
1 file changed, 26 insertions(+)
diff --git a/tools/testing/selftests/bpf/test_verifier.c
b/tools/testing/selftests/bpf
ly not necessary, it makes the code more
straightforward and symmetrical between signed and unsigned bounds.
Signed-off-by: Edward Cree
---
include/linux/bpf_verifier.h | 22 +-
kernel/bpf/verifier.c| 661 +--
2 files changed, 395 insertions(+), 288 del
Some of the verifier's error messages have changed, and some constructs
that previously couldn't be verified are now accepted.
Signed-off-by: Edward Cree
---
tools/testing/selftests/bpf/test_verifier.c | 226 ++--
1 file changed, 116 insertions(+), 110
Tracks value alignment by means of tracking known & unknown bits.
Tightens some min/max value checks and fixes a couple of bugs therein.
Signed-off-by: Edward Cree
---
include/linux/bpf.h | 34 +-
include/linux/bpf_verifier.h | 40 +-
include/linux/tnum.h | 58 ++
ke
If pointer leaks are allowed, and adjust_ptr_min_max_vals returns -EACCES,
treat the pointer as an unknown scalar and try again, because we might be
able to conclude something about the result (e.g. pointer & 0x40 is either
0 or 0x40).
Signed-off-by: Edward Cree
---
kernel/bpf/verifi
On 08/06/17 03:32, Alexei Starovoitov wrote:
> On Wed, Jun 07, 2017 at 03:58:31PM +0100, Edward Cree wrote:
>> +/* Arithmetic and logical ops */
>> +/* Shift a tnum left (by a fixed shift) */
>> +struct tnum tn_sl(struct tnum a, u8 shift);
>> +/* Shift a tnum right (by a
On 08/06/17 03:40, Alexei Starovoitov wrote:
> On Wed, Jun 07, 2017 at 03:59:25PM +0100, Edward Cree wrote:
>> Allows us to, sometimes, combine information from a signed check of one
>> bound and an unsigned check of the other.
>> We now track the full range of possibl
On 08/06/17 03:35, Alexei Starovoitov wrote:
> such large back and forth move doesn't help reviewing.
> may be just merge it into previous patch?
> Or keep that function in the right place in patch 2 already?
I think 'diff' got a bit confused, and maybe with different options I could
have got it t
On 08/06/17 03:43, Alexei Starovoitov wrote:
> On Wed, Jun 07, 2017 at 04:00:02PM +0100, Edward Cree wrote:
>> Some of the verifier's error messages have changed, and some constructs
>> that previously couldn't be verified are now accepted.
>>
>> Signed-
On 08/06/17 17:50, Alexei Starovoitov wrote:
> On Thu, Jun 08, 2017 at 04:25:39PM +0100, Edward Cree wrote:
>> On 08/06/17 03:35, Alexei Starovoitov wrote:
>>> such large back and forth move doesn't help reviewing.
>>> may be just merge it into previous patch?
On 08/06/17 19:41, Alexei Starovoitov wrote:
> On Thu, Jun 08, 2017 at 06:12:39PM +0100, Edward Cree wrote:
>> On 08/06/17 17:50, Alexei Starovoitov wrote:
>>> On Thu, Jun 08, 2017 at 04:25:39PM +0100, Edward Cree wrote:
>>>> On 08/06/17 03:35, Alexei Starovoitov wr
On 08/06/17 17:45, Alexei Starovoitov wrote:
> On Thu, Jun 08, 2017 at 03:53:36PM +0100, Edward Cree wrote:
>>>>
>>>> - } else if (reg->type == FRAME_PTR || reg->type == PTR_TO_STACK) {
>>>> + } else if (reg->type == PTR_TO_STACK) {
>>>
2: fixed nfp build, made test_align pass again and extended it with a few
new tests (though still need to add more).
Edward Cree (13):
bpf/verifier: rework value tracking
nfp: change bpf verifier hooks to match new verifier data structures
bpf/verifier: track signed and unsigned min/ma
ALUEs.
If pointer leaks are allowed, and adjust_ptr_min_max_vals returns -EACCES,
treat the pointer as an unknown scalar and try again, because we might be
able to conclude something about the result (e.g. pointer & 0x40 is either
0 or 0x40).
Signed-off-by: Edward Cree
---
include/linux/
Signed-off-by: Edward Cree
---
drivers/net/ethernet/netronome/nfp/bpf/verifier.c | 24 +--
kernel/bpf/tnum.c | 1 +
2 files changed, 15 insertions(+), 10 deletions(-)
diff --git a/drivers/net/ethernet/netronome/nfp/bpf/verifier.c
b/drivers
Signed-off-by: Edward Cree
---
kernel/bpf/verifier.c | 46 +++---
1 file changed, 27 insertions(+), 19 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index ca14f59..2924b01 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf
ly not necessary, it makes the code more
straightforward and symmetrical between signed and unsigned bounds.
Signed-off-by: Edward Cree
---
include/linux/bpf_verifier.h | 23 +-
include/linux/tnum.h | 2 +
kernel/bpf/tnum.c| 16 +
kernel/bpf/verifier.c
Some of the verifier's error messages have changed, and some constructs
that previously couldn't be verified are now accepted.
Signed-off-by: Edward Cree
---
tools/testing/selftests/bpf/test_verifier.c | 332 +---
1 file changed, 152 insertions(+), 180
.)
Signed-off-by: Edward Cree
---
tools/testing/selftests/bpf/test_align.c | 225 ++-
1 file changed, 132 insertions(+), 93 deletions(-)
diff --git a/tools/testing/selftests/bpf/test_align.c
b/tools/testing/selftests/bpf/test_align.c
index 2979369..62232e4d 100644
New test adds 14 to the unknown value before adding to the packet pointer,
meaning there's no 'fixed offset' field and instead we add into the
var_off, yielding a '4n+2' value.
Signed-off-by: Edward Cree
---
tools/testing/selftests/bpf/test_align.c | 67 ++
Tests non-add/sub operations (AND, LSH) on pointers decaying them to
unknown scalars.
Also tests that a pkt_ptr add which could potentially overflow is rejected
(find_good_pkt_pointers ignores it and doesn't give us any reg->range).
Signed-off-by: Edward Cree
---
tools/testing/selft
't give
us any reg->range).
Increase the shifts by one so that R2 is now mask 0x7fff instead of
mask 0x.
Signed-off-by: Edward Cree
---
tools/testing/selftests/bpf/test_verifier.c | 16
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/tool
Signed-off-by: Edward Cree
---
tools/testing/selftests/bpf/test_align.c | 104 +++
1 file changed, 104 insertions(+)
diff --git a/tools/testing/selftests/bpf/test_align.c
b/tools/testing/selftests/bpf/test_align.c
index b081683..8591c89 100644
--- a/tools/testing
Also bring the eBPF documentation up to date in other ways.
Signed-off-by: Edward Cree
---
Documentation/networking/filter.txt | 122 ++--
1 file changed, 104 insertions(+), 18 deletions(-)
diff --git a/Documentation/networking/filter.txt
b/Documentation
The more detailed value tracking can reduce the effectiveness of pruning
for some programs. So, to avoid rejecting previously valid programs, up
the limit to 128kinsns. Hopefully we will be able to bring this back
down later by improving pruning performance.
Signed-off-by: Edward Cree
Variable ctx accesses and stack accesses aren't allowed, because we can't
determine what type of value will be read.
Signed-off-by: Edward Cree
---
tools/testing/selftests/bpf/test_verifier.c | 41 +
1 file changed, 41 insertions(+)
diff --git a/too
On 07/08/17 00:35, Daniel Borkmann wrote:
> On 08/03/2017 06:11 PM, Edward Cree wrote:
>> Unifies adjusted and unadjusted register value types (e.g. FRAME_POINTER is
>> now just a PTR_TO_STACK with zero offset).
>> Tracks value alignment by means of tracking known & unkn
Upped the complexity limit to 128k insns.
v3: added a few more tests; removed RFC tags.
v2: fixed nfp build, made test_align pass again and extended it with a few
new tests (though still need to add more).
Edward Cree (12):
bpf/verifier: rework value tracking
bpf/verifier: track sign
ly not necessary, it makes the code more
straightforward and symmetrical between signed and unsigned bounds.
Signed-off-by: Edward Cree
---
include/linux/bpf_verifier.h | 23 +-
include/linux/tnum.h | 2 +
kernel/bpf/tnum.c| 16 +
kernel/bpf/verifier.c
changed to match the new
data structures.
Signed-off-by: Edward Cree
---
drivers/net/ethernet/netronome/nfp/bpf/verifier.c | 24 +-
include/linux/bpf.h | 34 +-
include/linux/bpf_verifier.h | 34 +-
include/linux/tnum.h
Signed-off-by: Edward Cree
---
kernel/bpf/verifier.c | 46 +++---
1 file changed, 27 insertions(+), 19 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 7557800..08a6fa0 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf
Some of the verifier's error messages have changed, and some constructs
that previously couldn't be verified are now accepted.
Signed-off-by: Edward Cree
---
tools/testing/selftests/bpf/test_verifier.c | 332 +---
1 file changed, 152 insertions(+), 180
.)
Signed-off-by: Edward Cree
---
tools/testing/selftests/bpf/test_align.c | 225 ++-
1 file changed, 132 insertions(+), 93 deletions(-)
diff --git a/tools/testing/selftests/bpf/test_align.c
b/tools/testing/selftests/bpf/test_align.c
index 2979369..62232e4d 100644
New test adds 14 to the unknown value before adding to the packet pointer,
meaning there's no 'fixed offset' field and instead we add into the
var_off, yielding a '4n+2' value.
Signed-off-by: Edward Cree
---
tools/testing/selftests/bpf/test_align.c | 67 ++
Tests non-add/sub operations (AND, LSH) on pointers decaying them to
unknown scalars.
Also tests that a pkt_ptr add which could potentially overflow is rejected
(find_good_pkt_pointers ignores it and doesn't give us any reg->range).
Signed-off-by: Edward Cree
---
tools/testing/selft
't give
us any reg->range).
Increase the shifts by one so that R2 is now mask 0x7fff instead of
mask 0x.
Signed-off-by: Edward Cree
---
tools/testing/selftests/bpf/test_verifier.c | 16
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/tool
Signed-off-by: Edward Cree
---
tools/testing/selftests/bpf/test_align.c | 104 +++
1 file changed, 104 insertions(+)
diff --git a/tools/testing/selftests/bpf/test_align.c
b/tools/testing/selftests/bpf/test_align.c
index b081683..8591c89 100644
--- a/tools/testing
Variable ctx accesses and stack accesses aren't allowed, because we can't
determine what type of value will be read.
Signed-off-by: Edward Cree
---
tools/testing/selftests/bpf/test_verifier.c | 41 +
1 file changed, 41 insertions(+)
diff --git a/too
Also bring the eBPF documentation up to date in other ways.
Signed-off-by: Edward Cree
---
Documentation/networking/filter.txt | 122 ++--
1 file changed, 104 insertions(+), 18 deletions(-)
diff --git a/Documentation/networking/filter.txt
b/Documentation
The more detailed value tracking can reduce the effectiveness of pruning
for some programs. So, to avoid rejecting previously valid programs, up
the limit to 128kinsns. Hopefully we will be able to bring this back
down later by improving pruning performance.
Signed-off-by: Edward Cree
257
bpf_netdev.o 62 31
bpf_overlay.o15 13
Signed-off-by: Edward Cree
---
include/linux/bpf_verifier.h | 11 ++-
kernel/bpf/verifier.c| 181 +--
2 files changed, 151 insertions(+), 41 deletions(-)
diff -
On 15/08/17 12:52, Daniel Borkmann wrote:
> On 08/14/2017 07:55 PM, Edward Cree wrote:
>> if (arg_type == ARG_ANYTHING) {
>> if (is_pointer_value(env, regno)) {
>> @@ -1639,10 +1675,13 @@ static int check_call(struct bpf_verifier_env *env,
>>
234
bpf_netdev.o 62 31
bpf_overlay.o15 13
Signed-off-by: Edward Cree
---
v2: update liveness in LD_ABS|IND, as pointed out by Daniel Borkmann. The
numbers are mostly unchanged; bpf_lxc_opt_-DUNKNOWN.o dropped about 300
insns and 20ms, while bpf_lxc_opt_-DDRO
On 15/08/17 17:33, Daniel Borkmann wrote:
> On 08/15/2017 03:53 PM, Edward Cree wrote:
>> State of a register doesn't matter if it wasn't read in reaching an exit;
>> a write screens off all reads downstream of it from all explored_states
>> upstream of it.
>&
234
bpf_netdev.o 62 31
bpf_overlay.o15 13
Signed-off-by: Edward Cree
---
v3: cleaner code around marking caller-saved regs, again spotted by Daniel
Borkmann. Should have no functional effect.
v2: update liveness in LD_ABS|IND, as pointed out by Daniel Bor
On 30/06/17 19:15, Alexei Starovoitov wrote:
> On 6/30/17 9:44 AM, Edward Cree wrote:
>> I haven't measured the test_progs ones, because I *still* haven't gotten
>> around to actually setting up a BPF toolchain (it doesn't help that I'm
>> building every
On 28/09/16 14:45, hejianet wrote:
>
>
> On 9/28/16 5:08 PM, David Miller wrote:
>> From: Jia He
>> Date: Wed, 28 Sep 2016 14:22:21 +0800
>>
>>> v5:
>>> - order local variables from longest to shortest line
>> I still see many cases where this problem still exists. Please
>> do not resubmit this
On 20/10/16 00:42, Nicolas Pitre wrote:
> diff --git a/Documentation/kbuild/kconfig-language.txt
> b/Documentation/kbuild/kconfig-language.txt
> index 069fcb3eef..c96127f648 100644
> --- a/Documentation/kbuild/kconfig-language.txt
> +++ b/Documentation/kbuild/kconfig-language.txt
> @@ -113,6 +113,
On 23/08/16 16:36, Eric Dumazet wrote:
> On Tue, 2016-08-23 at 08:05 -0700, Joe Perches wrote:
>
>> A compiler does not have a standards based requirement to
>> initialize arbitrary padding bytes.
>>
>> I believe gcc always does zero all padding anyway.
> Even if the current standards are lazy (are
On 12/11/2024 02:23, Daniel Xu wrote:
> Extend the rss_ctx test suite to test that an ntuple action that
> redirects to an RSS context contains that information in `ethtool -n`.
> Otherwise the output from ethtool is highly deceiving. This test helps
> ensure drivers are compliant with the API.
>
On 15/02/2025 04:11, Jakub Kicinski wrote:
> On Thu, 13 Feb 2025 12:00:25 +0100 Peter Seiderer wrote:
>> Use defines for the various dec/hex number parsing digits lengths
>> (hex32_arg/num_arg calls).
>
> I don't understand the value of this patch, TBH.
>
> Example:
>
> +#define HEX_2_DIGITS 2
>
101 - 166 of 166 matches
Mail list logo
