From: Paul Chaignon <paul.chaignon@gmail.com>
To: Eduard Zingerman <eddyz87@gmail.com>
Cc: Shung-Hsi Yu <shung-hsi.yu@suse.com>,
Helen Koike <koike@igalia.com>,
harishankar.vishwanathan@gmail.com, andrii@kernel.org,
yonghong.song@linux.dev, ast@kernel.org, bpf@vger.kernel.org,
linux-kernel@vger.kernel.org, kernel-dev@igalia.com
Subject: Re: [PATCH 1/2] bpf: deduce_bounds_64_from_32 tightening with circular range logic
Date: Thu, 16 Apr 2026 15:45:52 +0200 [thread overview]
Message-ID: <aeDoEOQKNthSpj2R@mail.gmail.com> (raw)
In-Reply-To: <ffb759d53577d1fe05b31373cd0a5bdd6661f547.camel@gmail.com>
On Thu, Apr 16, 2026 at 12:43:44AM -0700, Eduard Zingerman wrote:
> On Thu, 2026-04-16 at 11:52 +0800, Shung-Hsi Yu wrote:
> > On Wed, Apr 15, 2026 at 12:12:45AM -0700, Eduard Zingerman wrote:
> > > On Fri, 2026-04-10 at 09:40 -0300, Helen Koike wrote:
> > > > Unify handling of signed and unsigned using circular range logic.
> > [...]
> > > Hi Helen, Harishankar, Shung-Hsi, Paul,
> > >
> > > I think this algorithm is correct and covers all cases discussed earlier.
> > > I also prepared simple correctness check using cbmc in [1].
> >
> > Given the "Fix invariant violations and improve branch detection" is
> > merged and the original Syzkaller reproducer no longer triggers an issue,
> > teaching the verfier how to do better bound deduction (i.e., precision
> > improvement) seems less appealing than before, unless:
>
> There is only so much information that can be gained from 32->64
> tightening. I think this patch-set makes such tightening as precise as
> it can be. Which is a nice property, hence I'd like to proceed merging
> it.
I've sent a patch [1] that might be addressing the same gaps in
deduce_bounds_64_from_32() (outside of the s32 case maybe?). At least,
the selftests introduced here pass with that patch as well. It doesn't
require cnums and looks a bit easier to follow IMO.
I wrote it while trying to fix the reg_bounds selftests and only noticed
yesterday that it might be overlapping with this. cnums probably have
other benefits, but maybe they're not needed to address the issues
identified here?
1: https://lore.kernel.org/bpf/b2a0346a5b0818008503b721c62621918d84ad0a.1776344897.git.paul.chaignon@gmail.com/
>
> > 1. LLVM produced program show similar pattern and was rejected by the
> > verifier, which will be fixed by this patchset
> > 2. We're proceeding with cnum RFC as a whole, and this marks the first
> > step (I am assuming this is the case?)
>
> This is likely, I'm about to share the RFC.
>
> > My understanding is that we just need the verifier to be smart enough
> > to accept safe LLVM-generated program, where as Syzkaller-generated one
> > is not as much of a concern if it does not causes any issue. cnum
> > improvement make sense because it simplifies the code, and could
> > potentially be the last time we have to touch 32->64 deduction (famous
> > last word).
> >
> > Shung-Hsi
> >
> > [...]
next prev parent reply other threads:[~2026-04-16 13:45 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-10 12:40 [PATCH 1/2] bpf: deduce_bounds_64_from_32 tightening with circular range logic Helen Koike
2026-04-10 12:40 ` [PATCH 2/2] selftests/bpf: new cases handled by 32->64 range refinements Helen Koike
2026-04-14 8:26 ` [PATCH 1/2] bpf: deduce_bounds_64_from_32 tightening with circular range logic Shung-Hsi Yu
2026-04-14 16:25 ` Helen Koike
2026-04-14 18:32 ` Eduard Zingerman
2026-04-15 7:12 ` Eduard Zingerman
2026-04-15 16:19 ` Harishankar Vishwanathan
2026-04-15 18:12 ` Eduard Zingerman
2026-04-16 3:52 ` Shung-Hsi Yu
2026-04-16 7:43 ` Eduard Zingerman
2026-04-16 13:45 ` Paul Chaignon [this message]
2026-04-15 18:12 ` Eduard Zingerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aeDoEOQKNthSpj2R@mail.gmail.com \
--to=paul.chaignon@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=eddyz87@gmail.com \
--cc=harishankar.vishwanathan@gmail.com \
--cc=kernel-dev@igalia.com \
--cc=koike@igalia.com \
--cc=linux-kernel@vger.kernel.org \
--cc=shung-hsi.yu@suse.com \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.