Re: [iovisor-dev] [PATCH v5 net-next 00/12] bpf: rewrite value tracking in verifier

On 08/07/2017 04:21 PM, Edward Cree wrote: This series simplifies alignment tracking, generalises bounds tracking and fixes some bounds-tracking bugs in the BPF verifier. Pointer arithmetic on packet pointers, stack pointers, map value pointers and context pointers has been unified, and bo

[iovisor-dev] [PATCH v5 net-next 12/12] bpf/verifier: increase complexity limit to 128k

The more detailed value tracking can reduce the effectiveness of pruning for some programs. So, to avoid rejecting previously valid programs, up the limit to 128kinsns. Hopefully we will be able to bring this back down later by improving pruning performance. Signed-off-by: Edward Cree --- k

[iovisor-dev] [PATCH v5 net-next 09/12] selftests/bpf: add tests for subtraction & negative numbers

Signed-off-by: Edward Cree --- tools/testing/selftests/bpf/test_align.c | 104 +++ 1 file changed, 104 insertions(+) diff --git a/tools/testing/selftests/bpf/test_align.c b/tools/testing/selftests/bpf/test_align.c index b081683..8591c89 100644 --- a/tools/testing/sel

[iovisor-dev] [PATCH v5 net-next 11/12] Documentation: describe the new eBPF verifier value tracking behaviour

Also bring the eBPF documentation up to date in other ways. Signed-off-by: Edward Cree --- Documentation/networking/filter.txt | 122 ++-- 1 file changed, 104 insertions(+), 18 deletions(-) diff --git a/Documentation/networking/filter.txt b/Documentation/network

[iovisor-dev] [PATCH v5 net-next 10/12] selftests/bpf: variable offset negative tests

Variable ctx accesses and stack accesses aren't allowed, because we can't determine what type of value will be read. Signed-off-by: Edward Cree --- tools/testing/selftests/bpf/test_verifier.c | 41 + 1 file changed, 41 insertions(+) diff --git a/tools/testing/selfte

[iovisor-dev] [PATCH v5 net-next 08/12] selftests/bpf: don't try to access past MAX_PACKET_OFF in test_verifier

A number of selftests fell foul of the changed MAX_PACKET_OFF handling. For instance, "direct packet access: test2" was potentially reading four bytes from pkt + 0x, which could take it past the verifier's limit, causing the program to be rejected (checks against pkt_end didn't give us any r

[iovisor-dev] [PATCH v5 net-next 07/12] selftests/bpf: add test for bogus operations on pointers

Tests non-add/sub operations (AND, LSH) on pointers decaying them to unknown scalars. Also tests that a pkt_ptr add which could potentially overflow is rejected (find_good_pkt_pointers ignores it and doesn't give us any reg->range). Signed-off-by: Edward Cree --- tools/testing/selftests/bpf/te

[iovisor-dev] [PATCH v5 net-next 06/12] selftests/bpf: add a test to test_align

New test adds 14 to the unknown value before adding to the packet pointer, meaning there's no 'fixed offset' field and instead we add into the var_off, yielding a '4n+2' value. Signed-off-by: Edward Cree --- tools/testing/selftests/bpf/test_align.c | 67 1 file

[iovisor-dev] [PATCH v5 net-next 05/12] selftests/bpf: rewrite test_align

Expectations have changed, as has the format of the logged state. To make the tests easier to read, add a line-matching framework so that each match need only quote the register it cares about. (Multiple matches may refer to the same line, but matches must be listed in order of increasing line.

[iovisor-dev] [PATCH v5 net-next 04/12] selftests/bpf: change test_verifier expectations

Some of the verifier's error messages have changed, and some constructs that previously couldn't be verified are now accepted. Signed-off-by: Edward Cree --- tools/testing/selftests/bpf/test_verifier.c | 332 +--- 1 file changed, 152 insertions(+), 180 deletions(-) diff

[iovisor-dev] [PATCH v5 net-next 02/12] bpf/verifier: track signed and unsigned min/max values

Allows us to, sometimes, combine information from a signed check of one bound and an unsigned check of the other. We now track the full range of possible values, rather than restricting ourselves to [0, 1<<30) and considering anything beyond that as unknown. While this is probably not necessary

[iovisor-dev] [PATCH v5 net-next 03/12] bpf/verifier: more concise register state logs for constant var_off

Signed-off-by: Edward Cree --- kernel/bpf/verifier.c | 46 +++--- 1 file changed, 27 insertions(+), 19 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 7557800..08a6fa0 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifi

[iovisor-dev] [PATCH v5 net-next 01/12] bpf/verifier: rework value tracking

Unifies adjusted and unadjusted register value types (e.g. FRAME_POINTER is now just a PTR_TO_STACK with zero offset). Tracks value alignment by means of tracking known & unknown bits. This also replaces the 'reg->imm' (leading zero bits) calculations for (what were) UNKNOWN_VALUEs. If pointer

[iovisor-dev] [PATCH v5 net-next 00/12] bpf: rewrite value tracking in verifier

This series simplifies alignment tracking, generalises bounds tracking and fixes some bounds-tracking bugs in the BPF verifier. Pointer arithmetic on packet pointers, stack pointers, map value pointers and context pointers has been unified, and bounds on these pointers are only checked when the

Re: [iovisor-dev] [PATCH v4 net-next 01/13] bpf/verifier: rework value tracking

On 07/08/17 00:35, Daniel Borkmann wrote: > On 08/03/2017 06:11 PM, Edward Cree wrote: >> Unifies adjusted and unadjusted register value types (e.g. FRAME_POINTER is >> now just a PTR_TO_STACK with zero offset). >> Tracks value alignment by means of tracking known & unknown bits. This >> also