From: David Miller <davem@davemloft.net>
To: ast@fb.com
Cc: daniel@iogearbox.net, netdev@vger.kernel.org
Subject: bpf pointer alignment validation
Date: Fri, 05 May 2017 16:20:44 -0400 (EDT) [thread overview]
Message-ID: <20170505.162044.2097924822206705957.davem@davemloft.net> (raw)
Alexei and Daniel, I just wanted to let you guys know that I'm working
on an alignment tracker in the BPF verifier.
After trying several approaches I think what is going to work is to
maintain state like this:
1) For non-pointer registers, we record what we can prove is the
minimum alignment of the value held in the register.
So for example:
r5 <<= 2
would result in a min_align value of '4'.
These alignment values assist us when check_packet_ptr_add() has to
transition a pointer register and allocate an ID to it.
2) Packet pointer registers have a base alignment (which is something
relative to NET_IP_ALIGN).
Then there is something called an auxiliary offset alignment.
Any time we add some non-constant value to a pointer, we apply the
value's min alignment to the pointer register's auxiliary offset
alignment.
Then check_pkt_ptr_alignment has it's logic adjusted such that it
takes all of this new information into account.
First, it makes the existing test:
if ((NET_IP_ALIGN + reg->off + off) % size != 0) {
except that NET_IP_ALIGN is replaced with the packet pointer base
alignment (which we'll set in the context load helpers, thus putting
the NET_IP_ALIGN detail back into the networking code).
So that turns into something like:
if ((reg->ptr_base_align + reg->off + off) % size != 0) {
Next, if an ID has been assigned, we have to also check the auxiliary
alignment:
if (reg->id && (reg->aux_off_align % size) != 0) {
Otherwise, we can prove that the size access will work.
I think in order for this to work properly, we also have to stop
"forgetting" the reg->off value when we assign an ID to a pointer
register. However, the reg->range we still have to always kill in
this situation.
Anyways, I'll play with this design and see what happens... Feedback
is of course welcome.
next reply other threads:[~2017-05-05 20:20 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-05 20:20 David Miller [this message]
2017-05-06 2:47 ` bpf pointer alignment validation David Miller
2017-05-08 10:49 ` Daniel Borkmann
2017-05-08 15:04 ` David Miller
2017-05-09 18:32 ` David Miller
2017-05-10 5:57 ` Alexei Starovoitov
2017-05-10 11:12 ` David Laight
2017-05-10 15:33 ` David Miller
2017-05-10 15:51 ` Daniel Borkmann
2017-05-10 15:57 ` David Miller
2017-05-10 16:15 ` Alexei Starovoitov
2017-05-10 16:21 ` Daniel Borkmann
2017-05-10 16:45 ` David Miller
2017-05-08 17:30 ` Alexei Starovoitov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170505.162044.2097924822206705957.davem@davemloft.net \
--to=davem@davemloft.net \
--cc=ast@fb.com \
--cc=daniel@iogearbox.net \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).