[iovisor-dev] minutes: IO Visor TSC/Dev Meeting
Hi All, Thank you for joining the call today. Here are my notes from the discussion. Thanks, Brenden === Discussion === Brenden: * Plan to tag release to coincide with kernel 5.0 Brendan: * Speaking this weekend at SCaLE in Los Angeles Yonghong: * LLVM work * compile once - run anywhere WIP * support for static variables Daniel: * Global data support work in kernel continues * Ability to lock maps as read-only * bugfixes after merge window Alexei: * Some thoughts on future work of BPF * especially with introduction of BTF * overall needs concerted effort to improve debuggability * BTF for programs itself with source/type/layout information * structures for maps and global data * suggest to always require type information (already turned on by default in bcc and supported by llvm) * Some extra hoops to jump through for driver embedded BPF * to be enabled with a sysctl * kernel support is ready * some long tail of support - e.g. systemd has raw assembly BPF * kconfig option - eventual deprecation * if kernel is default strict, llvm should automatically emit BTF as well * memcg accounting patch status? * Daniel - still being worked on * proposal to enable the same accounting for verifier memory * helps to enable verifier multithreading Jakub: * question regarding global data atomicity * Daniel - requires read once / write once instructions to work properly * some todo work on documentation, interpreter + jit implementations * depends on architecture (machine word size guarantees only) Jesper: * which llvm release supports BTF * landed in December - will be in 8.0, better in 9.0 * working on tutorial for xdp at netdev * https://www.netdevconf.org/0x13/session.html?tutorial-XDP-hands-on * soliciting feedback * https://github.com/xdp-project/xdp-tutorial/ Saeed: * request to devote some time in the next meeting to iron out some XDP issues * please send an agend in reply to the reminder email before next call * prepare discussion over email in between time === Attendees === Alexei Starovoitov Marco Leogrande Mauricio Vasquez Paul Chaignon Brenden Blanco Jiong Wang Yonghong Song Daniel Borkmann Jesper Brouer Quentin Monnet Dan Siemon Jakub Kicinski Saeed John Yutaro -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1598): https://lists.iovisor.org/g/iovisor-dev/message/1598 Mute This Topic: https://lists.iovisor.org/mt/30289974/21656 Group Owner: iovisor-dev+ow...@lists.iovisor.org Unsubscribe: https://lists.iovisor.org/g/iovisor-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[iovisor-dev] math between pkt pointer and register with unbounded min value is not allowed #verifier
I'm playing with bcc to prototype an UDP load balancer. I'm facing an issue that I didn't succeed to understand... In my code I tried to validate my UDP packet using code like this : struct udphdr *udp; udp = iph + 1; if (udp + 1 > data_end) return XDP_DROP; __u16 udp_len = bpf_ntohs(udp->len); //__u16 udp_len = 8; if (udp_len < 8) return XDP_DROP; if (udp_len > 512) // TODO use a more approriate max value return XDP_DROP; if ((void *) udp + udp_len > data_end) return XDP_DROP; And the verifier does not like it .. 28: (71) r2 = *(u8 *)(r7 +23) 29: (b7) r0 = 2 30: (55) if r2 != 0x11 goto pc+334 R0=inv2 R1=pkt_end(id=0,off=0,imm=0) R2=inv17 R3=inv5 R6=ctx(id=0,off=0,imm=0) R7=pkt(id=0,off=0,r=34,imm=0) R8=pkt(id=0,off=34,r=34,imm=0) R9=pkt(id=0,off=14,r=34,imm=0) R10=fp0,call_-1 31: (bf) r2 = r8 32: (07) r2 += 8 33: (b7) r0 = 1 34: (2d) if r2 > r1 goto pc+330 R0=inv1 R1=pkt_end(id=0,off=0,imm=0) R2=pkt(id=0,off=42,r=42,imm=0) R3=inv5 R6=ctx(id=0,off=0,imm=0) R7=pkt(id=0,off=0,r=42,imm=0) R8=pkt(id=0,off=34,r=42,imm=0) R9=pkt(id=0,off=14,r=42,imm=0) R10=fp0,call_-1 35: (69) r3 = *(u16 *)(r7 +38) 36: (dc) r3 = be16 r3 37: (bf) r2 = r3 38: (07) r2 += -8 39: (57) r2 &= 65535 40: (b7) r0 = 1 41: (25) if r2 > 0x1f8 goto pc+323 R0=inv1 R1=pkt_end(id=0,off=0,imm=0) R2=inv(id=0,umax_value=504,var_off=(0x0; 0x1ff)) R3=inv(id=0) R6=ctx(id=0,off=0,imm=0) R7=pkt(id=0,off=0,r=42,imm=0) R8=pkt(id=0,off=34,r=42,imm=0) R9=pkt(id=0,off=14,r=42,imm=0) R10=fp0,call_-1 42: (bf) r2 = r7 43: (0f) r2 += r3 math between pkt pointer and register with unbounded min value is not allowed I'm pretty sure the issue is about udp_len , that's why I tried to validate its value before to use it ... but without success... When I set udp_len to 8 (just for testing) this seems to works. Any idea about that ? Full code is available here : https://gist.github.com/sbernard31/d4fee7518a1ff130452211c0d355b3f7 (I'm using python-bpfcc 0.8.0-4 from debian sid with a 4.19.12 kernel) (I don't know if this is the right place for this kind of question, ) -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1597): https://lists.iovisor.org/g/iovisor-dev/message/1597 Mute This Topic: https://lists.iovisor.org/mt/30285987/21656 Mute #verifier: https://lists.iovisor.org/mk?hashtag=verifier&subid=2590197 Group Owner: iovisor-dev+ow...@lists.iovisor.org Unsubscribe: https://lists.iovisor.org/g/iovisor-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
