Re: [PATCH bpf-next v2 3/5] selftests/bpf: XOR and OR range computation tests.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Cupertino Miranda <cupertino.miranda@oracle.com>
To: Eduard Zingerman <eddyz87@gmail.com>
Cc: bpf@vger.kernel.org, Yonghong Song <yonghong.song@linux.dev>,
	Alexei Starovoitov <alexei.starovoitov@gmail.com>,
	David Faust <david.faust@oracle.com>,
	"Elena Zannoni" <elena.zannoni@oracle.com>
Subject: Re: [PATCH bpf-next v2 3/5] selftests/bpf: XOR and OR range computation tests.
Date: Fri, 19 Apr 2024 10:41:37 +0100	[thread overview]
Message-ID: <875xwdk7u6.fsf@oracle.com> (raw)
In-Reply-To: <8a4deb9d5bbdce4699d8891f205b5894a2cbe59b.camel@gmail.com>


Eduard Zingerman writes:

> On Wed, 2024-04-17 at 13:23 +0100, Cupertino Miranda wrote:
>
> [...]
>
>> +SEC("socket")
>> +__description("bounds check for reg32 <= 1, 0 xor (0,1)")
>> +__success __failure_unpriv
>> +__msg_unpriv("R0 min value is outside of the allowed memory range")
>> +__retval(0)
>> +__naked void t_0_xor_01(void)
>> +{
>> +	asm volatile ("					\
>> +	call %[bpf_get_prandom_u32];                    \
>> +	r6 = r0;                                        \
>> +	r1 = 0;						\
>> +	*(u64*)(r10 - 8) = r1;				\
>> +	r2 = r10;					\
>> +	r2 += -8;					\
>> +	r1 = %[map_hash_8b] ll;				\
>> +	call %[bpf_map_lookup_elem];			\
>> +	if r0 != 0 goto l0_%=;				\
>> +	exit;						\
>> +l0_%=:	w1 = 0;						\
>> +	r6 >>= 63;					\
>> +	w1 ^= w6;					\
>> +	if w1 <= 1 goto l1_%=;				\
>> +	r0 = *(u64*)(r0 + 8);				\
>> +l1_%=:	r0 = 0;						\
>> +	exit;						\
>> +"	:
>> +	: __imm(bpf_map_lookup_elem),
>> +	  __imm_addr(map_hash_8b),
>> +	  __imm(bpf_get_prandom_u32)
>> +	: __clobber_all);
>> +}
>> +
>
> I think that this test case (and one below) should be simplified,
> e.g. as follows:
>
> SEC("socket")
> __success __log_level(2)
> __msg("5: (af) r0 ^= r6                      ; R0_w=scalar(smin=smin32=0,smax=umax=smax32=umax32=255,var_off=(0x0; 0xff))")
> __naked void non_const_xor_src_dst(void)
> {
> 	asm volatile ("					\
> 	call %[bpf_get_prandom_u32];                    \
> 	r6 = r0;					\
> 	call %[bpf_get_prandom_u32];                    \
> 	r6 &= 0xff;					\
> 	r0 &= 0x0f;					\
> 	r0 ^= r6;					\
> 	exit;						\
> "	:
> 	: __imm(bpf_map_lookup_elem),
> 	  __imm_addr(map_hash_8b),
> 	  __imm(bpf_get_prandom_u32)
> 	: __clobber_all);
> }
>
> Patch #2 allows verifier to compute dst range for xor operation with
> non-constant src and dst registers, which is exactly what checked when
> verifier log for instruction "r0 ^= r6" is verified.
> Manipulations with maps, unpriv behavior and retval are just a distraction.

Thanks for the suggestion.
I could not make it fail in the past without that control-flow in the
end of the test. I will try this.

next prev parent reply	other threads:[~2024-04-19  9:41 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-04-17 12:23 [PATCH bpf-next v2 0/5] bpf/verifier: range computation improvements Cupertino Miranda
2024-04-17 12:23 ` [PATCH bpf-next v2 1/5] bpf/verifier: refactor checks for range computation Cupertino Miranda
2024-04-18 22:37   ` Eduard Zingerman
2024-04-19  9:37     ` Cupertino Miranda
2024-04-19 17:38       ` Eduard Zingerman
2024-04-23 19:28         ` Eduard Zingerman
2024-04-23 19:36           ` Cupertino Miranda
2024-04-23 19:37             ` Eduard Zingerman
2024-04-17 12:23 ` [PATCH bpf-next v2 2/5] bpf/verifier: improve XOR and OR " Cupertino Miranda
2024-04-18 23:57   ` Eduard Zingerman
2024-04-17 12:23 ` [PATCH bpf-next v2 3/5] selftests/bpf: XOR and OR range computation tests Cupertino Miranda
2024-04-19  1:24   ` Eduard Zingerman
2024-04-19  9:41     ` Cupertino Miranda [this message]
2024-04-23 20:33   ` Yonghong Song
2024-04-17 12:23 ` [PATCH bpf-next v2 4/5] bpf/verifier: relax MUL range computation check Cupertino Miranda
2024-04-19  2:30   ` Eduard Zingerman
2024-04-19  9:47     ` Cupertino Miranda
2024-04-23 20:53       ` Yonghong Song
2024-04-24 14:59         ` Cupertino Miranda
2024-04-17 12:23 ` [PATCH bpf-next v2 5/5] selftests/bpf: MUL range computation tests Cupertino Miranda
2024-04-19  2:32   ` Eduard Zingerman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=875xwdk7u6.fsf@oracle.com \
    --to=cupertino.miranda@oracle.com \
    --cc=alexei.starovoitov@gmail.com \
    --cc=bpf@vger.kernel.org \
    --cc=david.faust@oracle.com \
    --cc=eddyz87@gmail.com \
    --cc=elena.zannoni@oracle.com \
    --cc=yonghong.song@linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.