From: Martin KaFai Lau <kafai@fb.com>
To: <bpf@vger.kernel.org>
Cc: Alexei Starovoitov <ast@kernel.org>,
Andrii Nakryiko <andrii@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>, <kernel-team@fb.com>,
Yonghong Song <yhs@fb.com>
Subject: [PATCH v2 bpf-next 0/4] bpf: Support <8-byte scalar spill and refill
Date: Tue, 21 Sep 2021 17:49:28 -0700 [thread overview]
Message-ID: <20210922004928.622871-1-kafai@fb.com> (raw)
The verifier currently does not save the reg state when
spilling <8byte bounded scalar to the stack. The bpf program
will be incorrectly rejected when this scalar is refilled to
the reg and then used to offset into a packet header.
The later patch has a simplified bpf prog from a real use case
to demonstrate this case. The current work around is
to reparse the packet again such that this offset scalar
is close to where the packet data will be accessed to
avoid the spill. Thus, the header is parsed twice.
The llvm patch [1] will align the <8bytes spill to
the 8-byte stack address. This set is to make the necessary
changes in verifier to support <8byte scalar spill and refill.
[1] https://reviews.llvm.org/D109073
v2:
- Changed the xdpwall selftest in patch 3 to trigger a u32
spill at a non 8-byte aligned stack address. The v1 has
simplified the real example too much such that it only
triggers a u32 spill but does not spill at a non
8-byte aligned stack address.
- Changed README.rst in patch 3 to explain the llvm dependency
for the xdpwall test.
Martin KaFai Lau (4):
bpf: Check the other end of slot_type for STACK_SPILL
bpf: Support <8-byte scalar spill and refill
bpf: selftest: A bpf prog that has a 32bit scalar spill
bpf: selftest: Add verifier tests for <8-byte scalar spill and refill
kernel/bpf/verifier.c | 97 +++--
tools/testing/selftests/bpf/README.rst | 13 +
.../selftests/bpf/prog_tests/xdpwall.c | 15 +
tools/testing/selftests/bpf/progs/xdpwall.c | 365 ++++++++++++++++++
.../selftests/bpf/verifier/spill_fill.c | 161 ++++++++
5 files changed, 625 insertions(+), 26 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/xdpwall.c
create mode 100644 tools/testing/selftests/bpf/progs/xdpwall.c
--
2.30.2
next reply other threads:[~2021-09-22 0:49 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-22 0:49 Martin KaFai Lau [this message]
2021-09-22 0:49 ` [PATCH v2 bpf-next 1/4] bpf: Check the other end of slot_type for STACK_SPILL Martin KaFai Lau
2021-09-22 0:49 ` [PATCH v2 bpf-next 2/4] bpf: Support <8-byte scalar spill and refill Martin KaFai Lau
2021-09-22 0:49 ` [PATCH v2 bpf-next 3/4] bpf: selftest: A bpf prog that has a 32bit scalar spill Martin KaFai Lau
2021-09-22 0:49 ` [PATCH v2 bpf-next 4/4] bpf: selftest: Add verifier tests for <8-byte scalar spill and refill Martin KaFai Lau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210922004928.622871-1-kafai@fb.com \
--to=kafai@fb.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=kernel-team@fb.com \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox