From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jakub Kicinski Subject: Re: [PATCH bpf-next] bpf/verifier: enable ctx + const + 0. Date: Wed, 2 May 2018 13:51:36 -0700 Message-ID: <20180502135136.3377a848@cakuba.netronome.com> References: <1525108505-21175-1-git-send-email-u9012063@gmail.com> <20180501231652.ec563qza4c2nayhx@ast-mbp> <20180502045206.6aqm4koawyisgkxr@ast-mbp> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: Daniel Borkmann , Alexei Starovoitov , Linux Kernel Network Developers , Yonghong Song , Yifeng Sun To: William Tu Return-path: Received: from mail-qk0-f173.google.com ([209.85.220.173]:38634 "EHLO mail-qk0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750939AbeEBUvk (ORCPT ); Wed, 2 May 2018 16:51:40 -0400 Received: by mail-qk0-f173.google.com with SMTP id b39so12347427qkb.5 for ; Wed, 02 May 2018 13:51:39 -0700 (PDT) In-Reply-To: Sender: netdev-owner@vger.kernel.org List-ID: On Wed, 2 May 2018 10:54:56 -0700, William Tu wrote: > On Wed, May 2, 2018 at 1:29 AM, Daniel Borkmann wrote: > > On 05/02/2018 06:52 AM, Alexei Starovoitov wrote: > >> On Tue, May 01, 2018 at 09:35:29PM -0700, William Tu wrote: > >> Please test it with real program and you'll see crashes and garbage returned. > > > > +1, *convert_ctx_access() use bpf_insn's off to determine what to rewrite, > > so this is definitely buggy, and wasn't properly tested as it should have > > been. The test case is also way too simple, just the LDX and then doing a > > return 0 will get you past verifier, but won't give you anything in terms > > of runtime testing that test_verifier is doing. A single test case for a > > non trivial verifier change like this is also _completely insufficient_, > > this really needs to test all sort of weird corner cases (involving out of > > bounds accesses, overflows, etc). > > Thanks, now I understand. > It's much more complicated than I thought. FWIW NFP JIT would also have to be updated, similarly to *convert_ctx_access() in mem_ldx_skb()/mem_ldx_xdp() we are currently looking at insn.off. In case you find a way to solve this.. :)