[bpf-next,0/3] bpf: Pointers beyond packet end.

Message ID	20201021182015.39000-1-alexei.starovoitov@gmail.com
Headers	show Return-Path: <SRS0=BRpD=D4=vger.kernel.org=netdev-owner@kernel.org> From: Alexei Starovoitov <alexei.starovoitov@gmail.com> To: davem@davemloft.net Cc: daniel@iogearbox.net, john.fastabend@gmail.com, jolsa@kernel.org, netdev@vger.kernel.org, bpf@vger.kernel.org, kernel-team@fb.com Subject: [PATCH bpf-next 0/3] bpf: Pointers beyond packet end. Date: Wed, 21 Oct 2020 11:20:12 -0700 Message-Id: <20201021182015.39000-1-alexei.starovoitov@gmail.com> Precedence: bulk
Series	bpf: Pointers beyond packet end. \| expand [bpf-next,0/3] bpf: Pointers beyond packet end. [bpf-next,1/3] bpf: Support for pointers beyond pkt_end. [bpf-next,2/3] selftests/bpf: Add skb_pkt_end test [bpf-next,3/3] selftests/bpf: Add asm tests for pkt vs pkt_end comparison.

Message ID

20201021182015.39000-1-alexei.starovoitov@gmail.com

Headers

From: Alexei Starovoitov <alexei.starovoitov@gmail.com>
To: davem@davemloft.net
Cc: daniel@iogearbox.net, john.fastabend@gmail.com, jolsa@kernel.org,
	netdev@vger.kernel.org, bpf@vger.kernel.org, kernel-team@fb.com
Subject: [PATCH bpf-next 0/3] bpf: Pointers beyond packet end.
Date: Wed, 21 Oct 2020 11:20:12 -0700
Message-Id: <20201021182015.39000-1-alexei.starovoitov@gmail.com>
Precedence: bulk

Series

bpf: Pointers beyond packet end. | expand

Message

Alexei Starovoitov Oct. 21, 2020, 6:20 p.m. UTC

From: Alexei Starovoitov <ast@kernel.org>

In some cases LLVM uses the knowledge that branch is taken to optimze the code
which causes the verifier to reject valid programs.
Teach the verifier to recognize that
r1 = skb->data;
r1 += 10;
r2 = skb->data_end;
if (r1 > r2) {
  here r1 points beyond packet_end and subsequent
  if (r1 > r2) // always evaluates to "true".
}

Alexei Starovoitov (3):
  bpf: Support for pointers beyond pkt_end.
  selftests/bpf: Add skb_pkt_end test
  selftests/bpf: Add asm tests for pkt vs pkt_end comparison.

 include/linux/bpf_verifier.h                  |   2 +-
 kernel/bpf/verifier.c                         | 131 +++++++++++++++---
 .../bpf/prog_tests/test_skb_pkt_end.c         |  41 ++++++
 .../testing/selftests/bpf/progs/skb_pkt_end.c |  54 ++++++++
 .../testing/selftests/bpf/verifier/ctx_skb.c  |  42 ++++++
 5 files changed, 247 insertions(+), 23 deletions(-)
 create mode 100644 tools/testing/selftests/bpf/prog_tests/test_skb_pkt_end.c
 create mode 100644 tools/testing/selftests/bpf/progs/skb_pkt_end.c

Comments

Jiri Olsa Oct. 22, 2020, 9:47 a.m. UTC | #1

On Wed, Oct 21, 2020 at 11:20:12AM -0700, Alexei Starovoitov wrote:
> From: Alexei Starovoitov <ast@kernel.org>

> 

> In some cases LLVM uses the knowledge that branch is taken to optimze the code

> which causes the verifier to reject valid programs.

> Teach the verifier to recognize that

> r1 = skb->data;

> r1 += 10;

> r2 = skb->data_end;

> if (r1 > r2) {

>   here r1 points beyond packet_end and subsequent

>   if (r1 > r2) // always evaluates to "true".

> }

> 

> Alexei Starovoitov (3):

>   bpf: Support for pointers beyond pkt_end.

>   selftests/bpf: Add skb_pkt_end test

>   selftests/bpf: Add asm tests for pkt vs pkt_end comparison.


Tested-by: Jiri Olsa <jolsa@redhat.com>


thanks,
jirka

> 

>  include/linux/bpf_verifier.h                  |   2 +-

>  kernel/bpf/verifier.c                         | 131 +++++++++++++++---

>  .../bpf/prog_tests/test_skb_pkt_end.c         |  41 ++++++

>  .../testing/selftests/bpf/progs/skb_pkt_end.c |  54 ++++++++

>  .../testing/selftests/bpf/verifier/ctx_skb.c  |  42 ++++++

>  5 files changed, 247 insertions(+), 23 deletions(-)

>  create mode 100644 tools/testing/selftests/bpf/prog_tests/test_skb_pkt_end.c

>  create mode 100644 tools/testing/selftests/bpf/progs/skb_pkt_end.c

> 

> -- 

> 2.23.0

>