From: Kui-Feng Lee <sinquersw@gmail.com>
To: Eduard Zingerman <eddyz87@gmail.com>,
Kui-Feng Lee <thinker.li@gmail.com>,
bpf@vger.kernel.org, ast@kernel.org, martin.lau@linux.dev,
song@kernel.org, kernel-team@meta.com, andrii@kernel.org
Cc: kuifeng@meta.com
Subject: Re: [PATCH bpf-next v5 7/9] selftests/bpf: Test kptr arrays and kptrs in nested struct fields.
Date: Fri, 10 May 2024 16:04:12 -0700 [thread overview]
Message-ID: <f2d480de-a598-4771-9c72-722dba941e83@gmail.com> (raw)
In-Reply-To: <e65e8c7d387312f4b13a1241376ad6b959f90bf7.camel@gmail.com>
On 5/10/24 15:57, Eduard Zingerman wrote:
> On Fri, 2024-05-10 at 15:53 -0700, Kui-Feng Lee wrote:
>
> [...]
>
>>>>>> Do you mean checking index in the way like the following code?
>>>>>>
>>>>>> if (array[0] != ref0 || array[1] != ref1 || array[2] != ref2 ....)
>>>>>> return err;
>>>>>
>>>>> Probably, but I'd need your help here.
>>>>> There goal is to verify that offsets of __kptr's in the 'info' array
>>>>> had been set correctly. Where is this information is used later on?
>>>>> E.g. I'd like to trigger some action that "touches" __kptr at index N
>>>>> and verify that all others had not been "touched".
>>>>> But this "touch" action has to use offset stored in the 'info'.
>>>>
>>>> They are used for verifying the offset of instructions.
>>>> Let's assume we have an array of size 10.
>>>> Then, we have 10 infos with 10 different offsets.
>>>> And, we have a program includes one instruction for each element, 10 in
>>>> total, to access the corresponding element.
>>>> Each instruction has an offset different from others, generated by the
>>>> compiler. That means the verifier will fail to find an info for some of
>>>> instructions if there is one or more info having wrong offset.
>>>
>>> That's a bit depressing, as there would be no way to check if e.g. all
>>> 10 refer to the same offset. Is it possible to trigger printing of the
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> How can that happen? Do you mean the compiler does it wrong?
>
> No, suppose that 'info.offset' is computed incorrectly because of some
> bug in arrays handling. E.g. all .off fields in the infos have the
> same value.
>
> What is the shape of the test that could catch such bug?
>
I am not sure if I read you question correctly.
For example, we have 3 correct info.
[info(offset=0x8), info(offset=0x10), info(offset=0x18)]
And We have program that includes 3 instructions to access the offset
0x8, 0x10, and 0x18. (let's assume these load instructions would be
checked against infos)
load r1, [0x8]
load r1, [0x10]
load r1, [0x18]
If everything works as expected, the verifier would accept the program.
Otherwise, like you said, all 3 info are pointing to the same offset.
[info(0offset=0x8), info(offset=0x8), info(offset=0x8)]
Then, the later two instructions should fail the check.
>>> 'info.offset' to verifier log? E.g. via some 'illegal' action.
>> Yes if necessary!
>
next prev parent reply other threads:[~2024-05-10 23:04 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-10 1:13 [PATCH bpf-next v5 0/9] Enable BPF programs to declare arrays of kptr, bpf_rb_root, and bpf_list_head Kui-Feng Lee
2024-05-10 1:13 ` [PATCH bpf-next v5 1/9] bpf: Remove unnecessary checks on the offset of btf_field Kui-Feng Lee
2024-05-10 1:13 ` [PATCH bpf-next v5 2/9] bpf: Remove unnecessary call to btf_field_type_size() Kui-Feng Lee
2024-05-10 1:13 ` [PATCH bpf-next v5 3/9] bpf: refactor btf_find_struct_field() and btf_find_datasec_var() Kui-Feng Lee
2024-05-10 1:13 ` [PATCH bpf-next v5 4/9] bpf: create repeated fields for arrays Kui-Feng Lee
2024-05-10 1:13 ` [PATCH bpf-next v5 5/9] bpf: look into the types of the fields of a struct type recursively Kui-Feng Lee
2024-05-10 1:13 ` [PATCH bpf-next v5 6/9] bpf: limit the number of levels of a nested struct type Kui-Feng Lee
2024-05-10 2:37 ` Eduard Zingerman
2024-05-10 1:13 ` [PATCH bpf-next v5 7/9] selftests/bpf: Test kptr arrays and kptrs in nested struct fields Kui-Feng Lee
2024-05-10 10:03 ` Eduard Zingerman
2024-05-10 21:59 ` Kui-Feng Lee
2024-05-10 22:08 ` Eduard Zingerman
2024-05-10 22:25 ` Kui-Feng Lee
2024-05-10 22:31 ` Eduard Zingerman
2024-05-10 22:53 ` Kui-Feng Lee
2024-05-10 22:57 ` Eduard Zingerman
2024-05-10 23:04 ` Kui-Feng Lee [this message]
2024-05-10 23:17 ` Eduard Zingerman
2024-05-10 23:29 ` Eduard Zingerman
2024-05-20 15:55 ` Kui-Feng Lee
2024-05-10 1:13 ` [PATCH bpf-next v5 8/9] selftests/bpf: Test global bpf_rb_root arrays and fields in nested struct types Kui-Feng Lee
2024-05-10 1:13 ` [PATCH bpf-next v5 9/9] selftests/bpf: Test global bpf_list_head arrays Kui-Feng Lee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f2d480de-a598-4771-9c72-722dba941e83@gmail.com \
--to=sinquersw@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=eddyz87@gmail.com \
--cc=kernel-team@meta.com \
--cc=kuifeng@meta.com \
--cc=martin.lau@linux.dev \
--cc=song@kernel.org \
--cc=thinker.li@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox