From: Daniel Borkmann <daniel@iogearbox.net>
To: William Tu <u9012063@gmail.com>,
Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: Linux Kernel Network Developers <netdev@vger.kernel.org>,
Mihai Budiu <mbudiu@vmware.com>
Subject: Re: [PATCH v2 net-next] bpf: enable verifier to add 0 to packet ptr
Date: Fri, 03 Feb 2017 23:29:19 +0100 [thread overview]
Message-ID: <5895043F.8080007@iogearbox.net> (raw)
In-Reply-To: <CALDO+SYvAVbXCmMRca0jq7XxMYvQ0VJ0joNGpPLWRTEg=H4a6Q@mail.gmail.com>
On 02/03/2017 10:10 PM, William Tu wrote:
> Hi Alexei,
>
> why it is bogus? on my system, it fails without the patch applied.
>
> --William
>
> On Fri, Feb 3, 2017 at 12:55 PM, Alexei Starovoitov
> <alexei.starovoitov@gmail.com> wrote:
>> On Fri, Feb 03, 2017 at 09:22:45AM -0800, William Tu wrote:
>>> The patch fixes the case when adding a zero value to the packet
>>> pointer. The verifer reports the following error:
>>> [...]
>>> R0=imm0,min_value=0,max_value=0
>>> R1=pkt(id=0,off=0,r=4)
>>> R2=pkt_end R3=fp-12
>>> R4=imm4,min_value=4,max_value=4
>>> R5=pkt(id=0,off=4,r=4)
>>> 269: (bf) r2 = r0 // r2 becomes imm0
>>> 270: (77) r2 >>= 3
>>> 271: (bf) r4 = r1 // r4 becomes pkt ptr
>>> 272: (0f) r4 += r2 // r4 += 0
>>> addition of negative constant to packet pointer is not allowed
>>>
>>> Signed-off-by: William Tu <u9012063@gmail.com>
>>> Signed-off-by: Mihai Budiu <mbudiu@vmware.com>
[...]
>>> {
>>> + "direct packet access: test14 (pkt_ptr += 0, good access)",
>>> + .insns = {
>>> + BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
>>> + offsetof(struct __sk_buff, data)),
>>> + BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
>>> + offsetof(struct __sk_buff, data_end)),
>>> + BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
>>> + BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 0),
>>
>> wait. the test is bogus.
>> please write the proper test for the feature
>> and check that it fails before the patch and passes afterwards.
But still same code path that is executed in verifier as BPF_K and
CONST_IMM tracked reg both share the same path under add_imm label
in check_packet_ptr_add(), no? So it becomes r2=pkt(id=0,off=0,r=0);
r0 = r2; r0 += 0 here in this test. Probably okay as well, though
there could be risk that in future both don't share the same path
for some reason. I guess you were referring to either adding tests
for BPF_K /and/ CONST_IMM reg or just the latter, right?
next prev parent reply other threads:[~2017-02-03 22:29 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-03 17:22 [PATCH v2 net-next] bpf: enable verifier to add 0 to packet ptr William Tu
2017-02-03 20:39 ` Daniel Borkmann
2017-02-03 20:55 ` Alexei Starovoitov
2017-02-03 21:10 ` William Tu
2017-02-03 22:29 ` Daniel Borkmann [this message]
2017-02-03 22:53 ` Alexei Starovoitov
2017-02-03 23:28 ` William Tu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5895043F.8080007@iogearbox.net \
--to=daniel@iogearbox.net \
--cc=alexei.starovoitov@gmail.com \
--cc=mbudiu@vmware.com \
--cc=netdev@vger.kernel.org \
--cc=u9012063@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.