From: Yonghong Song <yhs@fb.com>
To: <bpf@vger.kernel.org>
Cc: Alexei Starovoitov <ast@kernel.org>,
Andrii Nakryiko <andrii@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Fangrui Song <maskray@google.com>, <kernel-team@fb.com>
Subject: [RFC PATCH bpf-next 02/13] bpf: Add verifier support for sign-extension load insns
Date: Wed, 28 Jun 2023 23:37:26 -0700 [thread overview]
Message-ID: <20230629063726.1649316-1-yhs@fb.com> (raw)
In-Reply-To: <20230629063715.1646832-1-yhs@fb.com>
Add sign-extension load support for map values. This is a minimum
change to make selftests passing.
Signed-off-by: Yonghong Song <yhs@fb.com>
---
kernel/bpf/verifier.c | 38 ++++++++++++++++++++++++++------------
1 file changed, 26 insertions(+), 12 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 212c367e2f46..6845504d42a5 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -6247,7 +6247,7 @@ static int check_stack_access_within_bounds(
*/
static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regno,
int off, int bpf_size, enum bpf_access_type t,
- int value_regno, bool strict_alignment_once)
+ int value_regno, bool strict_alignment_once, bool sign_ext_ld)
{
struct bpf_reg_state *regs = cur_regs(env);
struct bpf_reg_state *reg = regs + regno;
@@ -6316,6 +6316,19 @@ static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regn
__mark_reg_known(®s[value_regno], val);
} else {
mark_reg_unknown(env, regs, value_regno);
+
+ if (sign_ext_ld) {
+ if (size == 1) {
+ regs[value_regno].smax_value = (char)INT_MAX;
+ regs[value_regno].smin_value = (char)INT_MIN;
+ } else if (size == 2) {
+ regs[value_regno].smax_value = (short)INT_MAX;
+ regs[value_regno].smin_value = (short)INT_MIN;
+ } else if (size == 4) {
+ regs[value_regno].smax_value = INT_MAX;
+ regs[value_regno].smin_value = INT_MIN;
+ }
+ }
}
}
} else if (base_type(reg->type) == PTR_TO_MEM) {
@@ -6477,7 +6490,7 @@ static int check_mem_access(struct bpf_verifier_env *env, int insn_idx, u32 regn
}
if (!err && size < BPF_REG_SIZE && value_regno >= 0 && t == BPF_READ &&
- regs[value_regno].type == SCALAR_VALUE) {
+ regs[value_regno].type == SCALAR_VALUE && !sign_ext_ld) {
/* b/h/w load zero-extends, mark upper bits as known 0 */
coerce_reg_to_size(®s[value_regno], size);
}
@@ -6571,17 +6584,17 @@ static int check_atomic(struct bpf_verifier_env *env, int insn_idx, struct bpf_i
* case to simulate the register fill.
*/
err = check_mem_access(env, insn_idx, insn->dst_reg, insn->off,
- BPF_SIZE(insn->code), BPF_READ, -1, true);
+ BPF_SIZE(insn->code), BPF_READ, -1, true, false);
if (!err && load_reg >= 0)
err = check_mem_access(env, insn_idx, insn->dst_reg, insn->off,
BPF_SIZE(insn->code), BPF_READ, load_reg,
- true);
+ true, false);
if (err)
return err;
/* Check whether we can write into the same memory. */
err = check_mem_access(env, insn_idx, insn->dst_reg, insn->off,
- BPF_SIZE(insn->code), BPF_WRITE, -1, true);
+ BPF_SIZE(insn->code), BPF_WRITE, -1, true, false);
if (err)
return err;
@@ -6827,7 +6840,7 @@ static int check_helper_mem_access(struct bpf_verifier_env *env, int regno,
return zero_size_allowed ? 0 : -EACCES;
return check_mem_access(env, env->insn_idx, regno, offset, BPF_B,
- atype, -1, false);
+ atype, -1, false, false);
}
fallthrough;
@@ -7199,7 +7212,7 @@ static int process_dynptr_func(struct bpf_verifier_env *env, int regno, int insn
/* we write BPF_DW bits (8 bytes) at a time */
for (i = 0; i < BPF_DYNPTR_SIZE; i += 8) {
err = check_mem_access(env, insn_idx, regno,
- i, BPF_DW, BPF_WRITE, -1, false);
+ i, BPF_DW, BPF_WRITE, -1, false, false);
if (err)
return err;
}
@@ -7292,7 +7305,7 @@ static int process_iter_arg(struct bpf_verifier_env *env, int regno, int insn_id
for (i = 0; i < nr_slots * 8; i += BPF_REG_SIZE) {
err = check_mem_access(env, insn_idx, regno,
- i, BPF_DW, BPF_WRITE, -1, false);
+ i, BPF_DW, BPF_WRITE, -1, false, false);
if (err)
return err;
}
@@ -9422,7 +9435,7 @@ static int check_helper_call(struct bpf_verifier_env *env, struct bpf_insn *insn
*/
for (i = 0; i < meta.access_size; i++) {
err = check_mem_access(env, insn_idx, meta.regno, i, BPF_B,
- BPF_WRITE, -1, false);
+ BPF_WRITE, -1, false, false);
if (err)
return err;
}
@@ -16300,7 +16313,8 @@ static int do_check(struct bpf_verifier_env *env)
*/
err = check_mem_access(env, env->insn_idx, insn->src_reg,
insn->off, BPF_SIZE(insn->code),
- BPF_READ, insn->dst_reg, false);
+ BPF_READ, insn->dst_reg, false,
+ BPF_MODE(insn->code) == BPF_MEMS);
if (err)
return err;
@@ -16337,7 +16351,7 @@ static int do_check(struct bpf_verifier_env *env)
/* check that memory (dst_reg + off) is writeable */
err = check_mem_access(env, env->insn_idx, insn->dst_reg,
insn->off, BPF_SIZE(insn->code),
- BPF_WRITE, insn->src_reg, false);
+ BPF_WRITE, insn->src_reg, false, false);
if (err)
return err;
@@ -16362,7 +16376,7 @@ static int do_check(struct bpf_verifier_env *env)
/* check that memory (dst_reg + off) is writeable */
err = check_mem_access(env, env->insn_idx, insn->dst_reg,
insn->off, BPF_SIZE(insn->code),
- BPF_WRITE, -1, false);
+ BPF_WRITE, -1, false, false);
if (err)
return err;
--
2.34.1
next prev parent reply other threads:[~2023-06-29 6:37 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-29 6:37 [RFC PATCH bpf-next 00/13] bpf: Support new insns from cpu v4 Yonghong Song
2023-06-29 6:37 ` [RFC PATCH bpf-next 01/13] bpf: Support new sign-extension load insns Yonghong Song
2023-07-03 0:53 ` Alexei Starovoitov
2023-07-03 15:29 ` Yonghong Song
2023-06-29 6:37 ` Yonghong Song [this message]
2023-06-29 6:37 ` [RFC PATCH bpf-next 03/13] bpf: Support new sign-extension mov insns Yonghong Song
2023-06-29 6:37 ` [RFC PATCH bpf-next 04/13] bpf: Support new unconditional bswap instruction Yonghong Song
2023-06-29 6:37 ` [RFC PATCH bpf-next 05/13] bpf: Support new signed div/mod instructions Yonghong Song
2023-06-29 6:37 ` [RFC PATCH bpf-next 06/13] bpf: Support new 32bit offset jmp instruction Yonghong Song
2023-06-29 6:37 ` [RFC PATCH bpf-next 07/13] bpf: Add kernel/bpftool asm support for new instructions Yonghong Song
2023-06-29 6:38 ` [RFC PATCH bpf-next 08/13] selftests/bpf: Add unit tests for new sign-extension load insns Yonghong Song
2023-06-29 6:38 ` [RFC PATCH bpf-next 09/13] selftests/bpf: Add unit tests for new sign-extension mov insns Yonghong Song
2023-06-29 6:38 ` [RFC PATCH bpf-next 10/13] selftests/bpf: Add unit tests for new bswap insns Yonghong Song
2023-06-29 6:38 ` [RFC PATCH bpf-next 11/13] selftests/bpf: Add unit tests for new sdiv/smod insns Yonghong Song
2023-06-29 6:38 ` [RFC PATCH bpf-next 12/13] selftests/bpf: Add unit tests for new gotol insn Yonghong Song
2023-06-29 6:38 ` [RFC PATCH bpf-next 13/13] selftests/bpf: Add a cpuv4 test runner for cpu=v4 testing Yonghong Song
[not found] ` <PH7PR21MB38786422B9929D253E279810A325A@PH7PR21MB3878.namprd21.prod.outlook.com>
2023-06-29 14:17 ` [RFC PATCH bpf-next 00/13] bpf: Support new insns from cpu v4 Yonghong Song
2023-07-03 21:11 ` Daniel Xu
2023-07-03 23:36 ` Yonghong Song
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230629063726.1649316-1-yhs@fb.com \
--to=yhs@fb.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=kernel-team@fb.com \
--cc=maskray@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).