> On 27 Mar 2019, at 14:53, Simon <cont...@simonbernard.eu> wrote:
>
> Hi Jiong,
> I didn't succeed to generate .i file using bcc, but since severals days I
> try to rewrite my code without bcc. (directly with bpf C api / clang /
> iproute2)
>
> I didn't finished yet, but I have a reduced version compared to the one I
> written for bcc and I face the same issue, so this time I can get .i file
> easily.
>
> So the .i file is as attachment.
> The corresponding code is available here :
> https://github.com/sbernard31/udploadbalancer/blob/44fe1ea549a55ab23c7d1b70e9651df6f61fb865/ulb.c
Hi Simon,
Thanks for the .i, I prototyped some byteswap code-gen change, but
seems doesn’t help your issue which could narrow down to the following
general code pattern:
unsigned char cal(unsigned int a, unsigned char *b)
{
if (a < 8 || a > 512)
return 0;
return b[a];
}
LLVM is doing some optimisation, instead of generating two separate comparison,
a < 8 and a > 512, it is combining them because a negative value when casted
into unsigned must be bigger than 504, so above code turned into
unsigned char cal(unsigned int a, unsigned char *b)
{
unsigned tmp = a - 8;
if (tmp > 504)
return 0;
return b[a];
}
The consequence of such optimisation is new variable “tmp” is used for
comparison
And verifier now know “tmp”'s value range instead of the original “a” which is
used
later adding to a packet pointer. A unknown value range of “a” then caused the
verifier rejection.
So, I suspect any code using above c code pattern will likely be rejected.
1. combinable comparisons
2. the variable involved in the comparison used later in places requiring
value range
Regards,
Jiong
>
> The error is still math between pkt pointer and register with unbounded
> min value is not allowed
>
> The verifier output is pretty much the same :
>
> 27: (71) r4 = *(u8 *)(r1 +23)
> 28: (b7) r0 = 2
> 29: (55) if r4 != 0x11 goto pc+15
> R0=inv2 R1=pkt(id=0,off=0,r=34,imm=0) R2=pkt_end(id=0,off=0,imm=0)
> R3=pkt(id=0,off=34,r=34,imm=0) R4=inv17 R5=inv5 R10=fp0,call_-1
> 30: (07) r3 += 8
> 31: (b7) r0 = 1
> 32: (2d) if r3 > r2 goto pc+12
> R0=inv1 R1=pkt(id=0,off=0,r=42,imm=0) R2=pkt_end(id=0,off=0,imm=0)
> R3=pkt(id=0,off=42,r=42,imm=0) R4=inv17 R5=inv5 R10=fp0,call_-1
> 33: (69) r3 = *(u16 *)(r1 +38)
> 34: (dc) r3 = be16 r3
> 35: (bf) r4 = r3
> 36: (07) r4 += -8
> 37: (57) r4 &= 65535
> 38: (b7) r0 = 1
> 39: (25) if r4 > 0x1f8 goto pc+5
> R0=inv1 R1=pkt(id=0,off=0,r=42,imm=0) R2=pkt_end(id=0,off=0,imm=0)
> R3=inv(id=0) R4=inv(id=0,umax_value=504,var_off=(0x0; 0x1ff)) R5=inv5
> R10=fp0,call_-1
> 40: (0f) r1 += r3
> math between pkt pointer and register with unbounded min value is not allowed
>
> I'm pretty sure the bcc version I used before linked statically clang/llvm
> v7.0.
> Here I use a v6.0.
>
> The funny part ... This modification about just adding some logs/printk
> makes this error disappear :
> https://github.com/sbernard31/udploadbalancer/commit/0145538c7b35e2a6bb92225f69a45f4bee120a6d
>
> All of those erifier errors make me a bit crazy (╥_╥)
>
> HTH
>
> Simon
>
>
> <ulb.i>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#1629): https://lists.iovisor.org/g/iovisor-dev/message/1629
Mute This Topic: https://lists.iovisor.org/mt/30285987/21656
Mute #verifier: https://lists.iovisor.org/mk?hashtag=verifier&subid=2590197
Group Owner: iovisor-dev+ow...@lists.iovisor.org
Unsubscribe: https://lists.iovisor.org/g/iovisor-dev/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
