* err: math between fp pointer and register with unbounded min value is not allowed
@ 2021-10-28 11:53 Shuyi Cheng
2021-10-28 14:56 ` Yonghong Song
0 siblings, 1 reply; 3+ messages in thread
From: Shuyi Cheng @ 2021-10-28 11:53 UTC (permalink / raw)
To: bpf, Andrii Nakryiko
Hi everyone, I encountered a very strange problem. If my bpf program is
as follows, it can run normally.
buff.in = sizeof(struct pid_info);
data = &buff.buff[buff.in];
set_pid_info((struct pid_info *)data);
buff.in = sizeof(struct pid_info);
data = &buff.buff[buff.in];
set_pid_info((struct pid_info *)data);
but if I add a plus sign, an error is reported. error message is 'math
between fp pointer and register with unbounded min value is not allowed'.
buff.in = sizeof(struct pid_info);
data = &buff.buff[buff.in];
set_pid_info((struct pid_info *)data);
buff.in += sizeof(struct pid_info);
data = &buff.buff[buff.in];
set_pid_info((struct pid_info *)data);
The error log printed by libbpf is as follows:
libbpf: -- BEGIN DUMP LOG ---
libbpf:
0: (79) r3 = *(u64 *)(r1 +112)
1: (b7) r2 = 0
2: (85) call pc+2
caller:
R10=fp0,call_-1
callee:
frame1: R1=ctx(id=0,off=0,imm=0) R2=inv0 R3=inv(id=0) R10=fp0,call_2
5: (bf) r7 = r3
6: (bf) r6 = r1
7: (7b) *(u64 *)(r10 -72) = r2
8: (b7) r8 = 0
9: (7b) *(u64 *)(r10 -96) = r8
10: (7b) *(u64 *)(r10 -104) = r8
11: (7b) *(u64 *)(r10 -112) = r8
12: (7b) *(u64 *)(r10 -120) = r8
13: (7b) *(u64 *)(r10 -128) = r8
14: (7b) *(u64 *)(r10 -136) = r8
15: (7b) *(u64 *)(r10 -144) = r8
16: (7b) *(u64 *)(r10 -152) = r8
17: (7b) *(u64 *)(r10 -160) = r8
18: (7b) *(u64 *)(r10 -168) = r8
19: (7b) *(u64 *)(r10 -176) = r8
20: (7b) *(u64 *)(r10 -184) = r8
21: (7b) *(u64 *)(r10 -192) = r8
22: (7b) *(u64 *)(r10 -200) = r8
23: (7b) *(u64 *)(r10 -208) = r8
24: (7b) *(u64 *)(r10 -216) = r8
25: (7b) *(u64 *)(r10 -224) = r8
26: (7b) *(u64 *)(r10 -232) = r8
27: (7b) *(u64 *)(r10 -240) = r8
28: (7b) *(u64 *)(r10 -248) = r8
29: (7b) *(u64 *)(r10 -256) = r8
30: (7b) *(u64 *)(r10 -264) = r8
31: (7b) *(u64 *)(r10 -272) = r8
32: (7b) *(u64 *)(r10 -280) = r8
33: (7b) *(u64 *)(r10 -288) = r8
34: (7b) *(u64 *)(r10 -296) = r8
35: (7b) *(u64 *)(r10 -304) = r8
36: (7b) *(u64 *)(r10 -312) = r8
37: (7b) *(u64 *)(r10 -320) = r8
38: (7b) *(u64 *)(r10 -328) = r8
39: (7b) *(u64 *)(r10 -336) = r8
40: (7b) *(u64 *)(r10 -344) = r8
41: (63) *(u32 *)(r10 -352) = r8
42: (7b) *(u64 *)(r10 -360) = r8
43: (7b) *(u64 *)(r10 -88) = r8
44: (7b) *(u64 *)(r10 -80) = r8
45: (63) *(u32 *)(r10 -368) = r8
46: (7b) *(u64 *)(r10 -376) = r8
47: (55) if r2 != 0x0 goto pc+7
48: (b7) r1 = 24
49: (bf) r3 = r7
50: (0f) r3 += r1
51: (bf) r1 = r10
52: (07) r1 += -72
53: (b7) r2 = 8
54: (85) call bpf_probe_read#4
55: (63) *(u32 *)(r10 -8) = r8
56: (7b) *(u64 *)(r10 -16) = r8
57: (7b) *(u64 *)(r10 -24) = r8
58: (63) *(u32 *)(r10 -32) = r8
59: (7b) *(u64 *)(r10 -40) = r8
60: (7b) *(u64 *)(r10 -48) = r8
61: (b7) r1 = 194
62: (bf) r3 = r7
63: (0f) r3 += r1
64: (bf) r1 = r10
65: (07) r1 += -62
66: (b7) r2 = 2
67: (85) call bpf_probe_read#4
68: (b7) r1 = 232
69: (bf) r3 = r7
70: (0f) r3 += r1
71: (bf) r1 = r10
72: (07) r1 += -56
73: (b7) r2 = 8
74: (85) call bpf_probe_read#4
75: (69) r1 = *(u16 *)(r10 -62)
76: (55) if r1 != 0xffff goto pc+40
frame1: R0=inv(id=0) R1=inv65535 R6=ctx(id=0,off=0,imm=0) R7=inv(id=0)
R8=inv0 R10=fp0,call_2 fp-16=0 fp-24=0 fp-40=0 fp-48=0 fp-80=0 fp-88=0
fp-96=0 fp-104=0 fp-112=0 fp-120=0 fp-128=0 fp-136=0 fp-144=0 fp-152=0
fp-160=0 fp-168=0 fp-176=0 fp-184=0 fp-192=0 fp-200=0 fp-208=0 fp-216=0
fp-224=0 fp-232=0 fp-240=0 fp-248=0 fp-256=0 fp-264=0 fp-272=0 fp-280=0
fp-288=0 fp-296=0 fp-304=0 fp-312=0 fp-320=0 fp-328=0 fp-336=0 fp-344=0
fp-360=0 fp-376=0
77: (b7) r1 = 196
78: (bf) r3 = r7
79: (0f) r3 += r1
80: (bf) r1 = r10
81: (07) r1 += -60
82: (b7) r2 = 2
83: (85) call bpf_probe_read#4
84: (69) r1 = *(u16 *)(r10 -60)
85: (55) if r1 != 0x0 goto pc+10
frame1: R0=inv(id=0) R1=inv0 R6=ctx(id=0,off=0,imm=0) R7=inv(id=0)
R8=inv0 R10=fp0,call_2 fp-16=0 fp-24=0 fp-40=0 fp-48=0 fp-80=0 fp-88=0
fp-96=0 fp-104=0 fp-112=0 fp-120=0 fp-128=0 fp-136=0 fp-144=0 fp-152=0
fp-160=0 fp-168=0 fp-176=0 fp-184=0 fp-192=0 fp-200=0 fp-208=0 fp-216=0
fp-224=0 fp-232=0 fp-240=0 fp-248=0 fp-256=0 fp-264=0 fp-272=0 fp-280=0
fp-288=0 fp-296=0 fp-304=0 fp-312=0 fp-320=0 fp-328=0 fp-336=0 fp-344=0
fp-360=0 fp-376=0
86: (b7) r1 = 198
87: (0f) r7 += r1
88: (bf) r1 = r10
89: (07) r1 += -58
90: (b7) r2 = 2
91: (bf) r3 = r7
92: (85) call bpf_probe_read#4
93: (69) r1 = *(u16 *)(r10 -58)
94: (07) r1 += 14
95: (6b) *(u16 *)(r10 -60) = r1
96: (57) r1 &= 65535
97: (79) r7 = *(u64 *)(r10 -56)
98: (0f) r7 += r1
99: (bf) r8 = r10
100: (07) r8 += -24
101: (bf) r1 = r8
102: (b7) r2 = 20
103: (bf) r3 = r7
104: (85) call bpf_probe_read#4
105: (b7) r1 = 0
106: (71) r5 = *(u8 *)(r8 +9)
107: (b7) r3 = 0
108: (b7) r4 = 0
109: (b7) r2 = 0
110: (55) if r5 != 0x6 goto pc+26
frame1: R0=inv(id=0) R1=inv0 R2=inv0 R3=inv0 R4=inv0 R5=inv6
R6=ctx(id=0,off=0,imm=0) R7=inv(id=0) R8=fp-24,call_2 R10=fp0,call_2
fp-40=0 fp-48=0 fp-80=0 fp-88=0 fp-96=0 fp-104=0 fp-112=0 fp-120=0
fp-128=0 fp-136=0 fp-144=0 fp-152=0 fp-160=0 fp-168=0 fp-176=0 fp-184=0
fp-192=0 fp-200=0 fp-208=0 fp-216=0 fp-224=0 fp-232=0 fp-240=0 fp-248=0
fp-256=0 fp-264=0 fp-272=0 fp-280=0 fp-288=0 fp-296=0 fp-304=0 fp-312=0
fp-320=0 fp-328=0 fp-336=0 fp-344=0 fp-360=0 fp-376=0
111: (bf) r1 = r10
112: (07) r1 += -24
113: (71) r1 = *(u8 *)(r1 +0)
114: (67) r1 <<= 2
115: (57) r1 &= 60
116: (05) goto pc+1
118: (0f) r7 += r1
119: (b7) r1 = 0
120: (b7) r3 = 0
121: (b7) r4 = 0
122: (b7) r2 = 0
123: (15) if r7 == 0x0 goto pc+13
frame1: R0=inv(id=0) R1=inv0 R2=inv0 R3=inv0 R4=inv0 R5=inv6
R6=ctx(id=0,off=0,imm=0) R7=inv(id=0) R8=fp-24,call_2 R10=fp0,call_2
fp-40=0 fp-48=0 fp-80=0 fp-88=0 fp-96=0 fp-104=0 fp-112=0 fp-120=0
fp-128=0 fp-136=0 fp-144=0 fp-152=0 fp-160=0 fp-168=0 fp-176=0 fp-184=0
fp-192=0 fp-200=0 fp-208=0 fp-216=0 fp-224=0 fp-232=0 fp-240=0 fp-248=0
fp-256=0 fp-264=0 fp-272=0 fp-280=0 fp-288=0 fp-296=0 fp-304=0 fp-312=0
fp-320=0 fp-328=0 fp-336=0 fp-344=0 fp-360=0 fp-376=0
124: (bf) r8 = r10
125: (07) r8 += -48
126: (bf) r1 = r8
127: (b7) r2 = 20
128: (bf) r3 = r7
129: (85) call bpf_probe_read#4
130: (bf) r1 = r10
131: (07) r1 += -24
132: (69) r2 = *(u16 *)(r8 +2)
133: (61) r3 = *(u32 *)(r1 +16)
134: (61) r1 = *(u32 *)(r1 +12)
135: (69) r4 = *(u16 *)(r8 +0)
136: (dc) r4 = be16 r4
137: (63) *(u32 *)(r10 -372) = r1
138: (63) *(u32 *)(r10 -376) = r3
139: (dc) r4 = be16 r4
140: (6b) *(u16 *)(r10 -366) = r4
141: (dc) r2 = be16 r2
142: (6b) *(u16 *)(r10 -368) = r2
143: (79) r7 = *(u64 *)(r10 -72)
144: (55) if r7 != 0x0 goto pc+15
frame1: R0=inv(id=0) R1=inv(id=0,umax_value=4294967295,var_off=(0x0;
0xffffffff)) R2=inv(id=0)
R3=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff))
R4=inv(id=0) R6=ctx(id=0,off=0,imm=0) R7=inv0 R8=fp-48,call_2
R10=fp0,call_2 fp-80=0 fp-88=0 fp-96=0 fp-104=0 fp-112=0 fp-120=0
fp-128=0 fp-136=0 fp-144=0 fp-152=0 fp-160=0 fp-168=0 fp-176=0 fp-184=0
fp-192=0 fp-200=0 fp-208=0 fp-216=0 fp-224=0 fp-232=0 fp-240=0 fp-248=0
fp-256=0 fp-264=0 fp-272=0 fp-280=0 fp-288=0 fp-296=0 fp-304=0 fp-312=0
fp-320=0 fp-328=0 fp-336=0 fp-344=0 fp-360=0
145: (bf) r2 = r10
146: (07) r2 += -376
147: (18) r1 = 0xffff97062f35e000
149: (85) call bpf_map_lookup_elem#1
150: (15) if r0 == 0x0 goto pc+131
frame1: R0=map_value(id=0,off=0,ks=12,vs=8,imm=0)
R6=ctx(id=0,off=0,imm=0) R7=inv0 R8=fp-48,call_2 R10=fp0,call_2 fp-80=0
fp-88=0 fp-96=0 fp-104=0 fp-112=0 fp-120=0 fp-128=0 fp-136=0 fp-144=0
fp-152=0 fp-160=0 fp-168=0 fp-176=0 fp-184=0 fp-192=0 fp-200=0 fp-208=0
fp-216=0 fp-224=0 fp-232=0 fp-240=0 fp-248=0 fp-256=0 fp-264=0 fp-272=0
fp-280=0 fp-288=0 fp-296=0 fp-304=0 fp-312=0 fp-320=0 fp-328=0 fp-336=0
fp-344=0 fp-360=0
151: (79) r1 = *(u64 *)(r0 +0)
frame1: R0=map_value(id=0,off=0,ks=12,vs=8,imm=0)
R6=ctx(id=0,off=0,imm=0) R7=inv0 R8=fp-48,call_2 R10=fp0,call_2 fp-80=0
fp-88=0 fp-96=0 fp-104=0 fp-112=0 fp-120=0 fp-128=0 fp-136=0 fp-144=0
fp-152=0 fp-160=0 fp-168=0 fp-176=0 fp-184=0 fp-192=0 fp-200=0 fp-208=0
fp-216=0 fp-224=0 fp-232=0 fp-240=0 fp-248=0 fp-256=0 fp-264=0 fp-272=0
fp-280=0 fp-288=0 fp-296=0 fp-304=0 fp-312=0 fp-320=0 fp-328=0 fp-336=0
fp-344=0 fp-360=0
152: (79) r7 = *(u64 *)(r10 -72)
153: (55) if r7 != 0x0 goto pc+58
frame1: R0=map_value(id=0,off=0,ks=12,vs=8,imm=0) R1=inv(id=0)
R6=ctx(id=0,off=0,imm=0) R7=inv0 R8=fp-48,call_2 R10=fp0,call_2 fp-80=0
fp-88=0 fp-96=0 fp-104=0 fp-112=0 fp-120=0 fp-128=0 fp-136=0 fp-144=0
fp-152=0 fp-160=0 fp-168=0 fp-176=0 fp-184=0 fp-192=0 fp-200=0 fp-208=0
fp-216=0 fp-224=0 fp-232=0 fp-240=0 fp-248=0 fp-256=0 fp-264=0 fp-272=0
fp-280=0 fp-288=0 fp-296=0 fp-304=0 fp-312=0 fp-320=0 fp-328=0 fp-336=0
fp-344=0 fp-360=0
154: (18) r2 = 0x123456776543210
156: (1d) if r1 == r2 goto pc+125
frame1: R0=map_value(id=0,off=0,ks=12,vs=8,imm=0) R1=inv(id=0)
R2=inv81985528891978256 R6=ctx(id=0,off=0,imm=0) R7=inv0 R8=fp-48,call_2
R10=fp0,call_2 fp-80=0 fp-88=0 fp-96=0 fp-104=0 fp-112=0 fp-120=0
fp-128=0 fp-136=0 fp-144=0 fp-152=0 fp-160=0 fp-168=0 fp-176=0 fp-184=0
fp-192=0 fp-200=0 fp-208=0 fp-216=0 fp-224=0 fp-232=0 fp-240=0 fp-248=0
fp-256=0 fp-264=0 fp-272=0 fp-280=0 fp-288=0 fp-296=0 fp-304=0 fp-312=0
fp-320=0 fp-328=0 fp-336=0 fp-344=0 fp-360=0
157: (7b) *(u64 *)(r10 -72) = r1
158: (bf) r7 = r1
159: (05) goto pc+62
222: (b7) r1 = 0
223: (bf) r3 = r7
224: (0f) r3 += r1
225: (bf) r1 = r10
226: (07) r1 += -356
227: (b7) r2 = 4
228: (85) call bpf_probe_read#4
229: (b7) r1 = 12
230: (bf) r3 = r7
231: (0f) r3 += r1
232: (bf) r1 = r10
233: (07) r1 += -350
234: (b7) r2 = 2
235: (85) call bpf_probe_read#4
236: (b7) r1 = 4
237: (bf) r3 = r7
238: (0f) r3 += r1
239: (bf) r1 = r10
240: (07) r1 += -360
241: (b7) r2 = 4
242: (85) call bpf_probe_read#4
243: (b7) r1 = 14
244: (0f) r7 += r1
245: (bf) r1 = r10
246: (07) r1 += -352
247: (b7) r2 = 2
248: (bf) r3 = r7
249: (85) call bpf_probe_read#4
250: (b7) r1 = 20
251: (7b) *(u64 *)(r10 -80) = r1
252: (85) call bpf_get_current_pid_tgid#14
253: (77) r0 >>= 32
254: (63) *(u32 *)(r10 -324) = r0
255: (bf) r1 = r10
256: (07) r1 += -320
257: (b7) r2 = 16
258: (85) call bpf_get_current_comm#16
259: (79) r1 = *(u64 *)(r10 -80)
260: (07) r1 += 20
261: (7b) *(u64 *)(r10 -80) = r1
262: (bf) r7 = r10
263: (07) r7 += -344
264: (0f) r7 += r1
math between fp pointer and register with unbounded min value is not allowed
Thank you very much!
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: err: math between fp pointer and register with unbounded min value is not allowed
2021-10-28 11:53 err: math between fp pointer and register with unbounded min value is not allowed Shuyi Cheng
@ 2021-10-28 14:56 ` Yonghong Song
2021-10-29 1:29 ` Shuyi Cheng
0 siblings, 1 reply; 3+ messages in thread
From: Yonghong Song @ 2021-10-28 14:56 UTC (permalink / raw)
To: Shuyi Cheng, bpf, Andrii Nakryiko
On 10/28/21 4:53 AM, Shuyi Cheng wrote:
> Hi everyone, I encountered a very strange problem. If my bpf program is
> as follows, it can run normally.
>
> buff.in = sizeof(struct pid_info);
> data = &buff.buff[buff.in];
> set_pid_info((struct pid_info *)data);
> buff.in = sizeof(struct pid_info);
> data = &buff.buff[buff.in];
> set_pid_info((struct pid_info *)data);
>
> but if I add a plus sign, an error is reported. error message is 'math
> between fp pointer and register with unbounded min value is not allowed'.
>
> buff.in = sizeof(struct pid_info);
> data = &buff.buff[buff.in];
> set_pid_info((struct pid_info *)data);
> buff.in += sizeof(struct pid_info);
> data = &buff.buff[buff.in];
> set_pid_info((struct pid_info *)data);
>
>
> The error log printed by libbpf is as follows:
>
> libbpf: -- BEGIN DUMP LOG ---
> libbpf:
> 0: (79) r3 = *(u64 *)(r1 +112)
> 1: (b7) r2 = 0
> 2: (85) call pc+2
> caller:
> R10=fp0,call_-1
> callee:
> frame1: R1=ctx(id=0,off=0,imm=0) R2=inv0 R3=inv(id=0) R10=fp0,call_2
> 5: (bf) r7 = r3
> 6: (bf) r6 = r1
> 7: (7b) *(u64 *)(r10 -72) = r2
> 8: (b7) r8 = 0
> 9: (7b) *(u64 *)(r10 -96) = r8
> 10: (7b) *(u64 *)(r10 -104) = r8
> 11: (7b) *(u64 *)(r10 -112) = r8
> 12: (7b) *(u64 *)(r10 -120) = r8
> 13: (7b) *(u64 *)(r10 -128) = r8
> 14: (7b) *(u64 *)(r10 -136) = r8
> 15: (7b) *(u64 *)(r10 -144) = r8
> 16: (7b) *(u64 *)(r10 -152) = r8
> 17: (7b) *(u64 *)(r10 -160) = r8
> 18: (7b) *(u64 *)(r10 -168) = r8
> 19: (7b) *(u64 *)(r10 -176) = r8
> 20: (7b) *(u64 *)(r10 -184) = r8
> 21: (7b) *(u64 *)(r10 -192) = r8
> 22: (7b) *(u64 *)(r10 -200) = r8
> 23: (7b) *(u64 *)(r10 -208) = r8
> 24: (7b) *(u64 *)(r10 -216) = r8
> 25: (7b) *(u64 *)(r10 -224) = r8
> 26: (7b) *(u64 *)(r10 -232) = r8
> 27: (7b) *(u64 *)(r10 -240) = r8
> 28: (7b) *(u64 *)(r10 -248) = r8
> 29: (7b) *(u64 *)(r10 -256) = r8
> 30: (7b) *(u64 *)(r10 -264) = r8
> 31: (7b) *(u64 *)(r10 -272) = r8
> 32: (7b) *(u64 *)(r10 -280) = r8
> 33: (7b) *(u64 *)(r10 -288) = r8
> 34: (7b) *(u64 *)(r10 -296) = r8
> 35: (7b) *(u64 *)(r10 -304) = r8
> 36: (7b) *(u64 *)(r10 -312) = r8
> 37: (7b) *(u64 *)(r10 -320) = r8
> 38: (7b) *(u64 *)(r10 -328) = r8
> 39: (7b) *(u64 *)(r10 -336) = r8
> 40: (7b) *(u64 *)(r10 -344) = r8
> 41: (63) *(u32 *)(r10 -352) = r8
> 42: (7b) *(u64 *)(r10 -360) = r8
> 43: (7b) *(u64 *)(r10 -88) = r8
> 44: (7b) *(u64 *)(r10 -80) = r8
> 45: (63) *(u32 *)(r10 -368) = r8
> 46: (7b) *(u64 *)(r10 -376) = r8
> 47: (55) if r2 != 0x0 goto pc+7
> 48: (b7) r1 = 24
> 49: (bf) r3 = r7
> 50: (0f) r3 += r1
> 51: (bf) r1 = r10
> 52: (07) r1 += -72
> 53: (b7) r2 = 8
> 54: (85) call bpf_probe_read#4
> 55: (63) *(u32 *)(r10 -8) = r8
> 56: (7b) *(u64 *)(r10 -16) = r8
> 57: (7b) *(u64 *)(r10 -24) = r8
> 58: (63) *(u32 *)(r10 -32) = r8
> 59: (7b) *(u64 *)(r10 -40) = r8
> 60: (7b) *(u64 *)(r10 -48) = r8
> 61: (b7) r1 = 194
> 62: (bf) r3 = r7
> 63: (0f) r3 += r1
> 64: (bf) r1 = r10
> 65: (07) r1 += -62
> 66: (b7) r2 = 2
> 67: (85) call bpf_probe_read#4
> 68: (b7) r1 = 232
> 69: (bf) r3 = r7
> 70: (0f) r3 += r1
> 71: (bf) r1 = r10
> 72: (07) r1 += -56
> 73: (b7) r2 = 8
> 74: (85) call bpf_probe_read#4
> 75: (69) r1 = *(u16 *)(r10 -62)
> 76: (55) if r1 != 0xffff goto pc+40
> frame1: R0=inv(id=0) R1=inv65535 R6=ctx(id=0,off=0,imm=0) R7=inv(id=0)
> R8=inv0 R10=fp0,call_2 fp-16=0 fp-24=0 fp-40=0 fp-48=0 fp-80=0 fp-88=0
> fp-96=0 fp-104=0 fp-112=0 fp-120=0 fp-128=0 fp-136=0 fp-144=0 fp-152=0
> fp-160=0 fp-168=0 fp-176=0 fp-184=0 fp-192=0 fp-200=0 fp-208=0 fp-216=0
> fp-224=0 fp-232=0 fp-240=0 fp-248=0 fp-256=0 fp-264=0 fp-272=0 fp-280=0
> fp-288=0 fp-296=0 fp-304=0 fp-312=0 fp-320=0 fp-328=0 fp-336=0 fp-344=0
> fp-360=0 fp-376=0
> 77: (b7) r1 = 196
> 78: (bf) r3 = r7
> 79: (0f) r3 += r1
> 80: (bf) r1 = r10
> 81: (07) r1 += -60
> 82: (b7) r2 = 2
> 83: (85) call bpf_probe_read#4
> 84: (69) r1 = *(u16 *)(r10 -60)
> 85: (55) if r1 != 0x0 goto pc+10
> frame1: R0=inv(id=0) R1=inv0 R6=ctx(id=0,off=0,imm=0) R7=inv(id=0)
> R8=inv0 R10=fp0,call_2 fp-16=0 fp-24=0 fp-40=0 fp-48=0 fp-80=0 fp-88=0
> fp-96=0 fp-104=0 fp-112=0 fp-120=0 fp-128=0 fp-136=0 fp-144=0 fp-152=0
> fp-160=0 fp-168=0 fp-176=0 fp-184=0 fp-192=0 fp-200=0 fp-208=0 fp-216=0
> fp-224=0 fp-232=0 fp-240=0 fp-248=0 fp-256=0 fp-264=0 fp-272=0 fp-280=0
> fp-288=0 fp-296=0 fp-304=0 fp-312=0 fp-320=0 fp-328=0 fp-336=0 fp-344=0
> fp-360=0 fp-376=0
> 86: (b7) r1 = 198
> 87: (0f) r7 += r1
> 88: (bf) r1 = r10
> 89: (07) r1 += -58
> 90: (b7) r2 = 2
> 91: (bf) r3 = r7
> 92: (85) call bpf_probe_read#4
> 93: (69) r1 = *(u16 *)(r10 -58)
> 94: (07) r1 += 14
> 95: (6b) *(u16 *)(r10 -60) = r1
> 96: (57) r1 &= 65535
> 97: (79) r7 = *(u64 *)(r10 -56)
> 98: (0f) r7 += r1
> 99: (bf) r8 = r10
> 100: (07) r8 += -24
> 101: (bf) r1 = r8
> 102: (b7) r2 = 20
> 103: (bf) r3 = r7
> 104: (85) call bpf_probe_read#4
> 105: (b7) r1 = 0
> 106: (71) r5 = *(u8 *)(r8 +9)
> 107: (b7) r3 = 0
> 108: (b7) r4 = 0
> 109: (b7) r2 = 0
> 110: (55) if r5 != 0x6 goto pc+26
> frame1: R0=inv(id=0) R1=inv0 R2=inv0 R3=inv0 R4=inv0 R5=inv6
> R6=ctx(id=0,off=0,imm=0) R7=inv(id=0) R8=fp-24,call_2 R10=fp0,call_2
> fp-40=0 fp-48=0 fp-80=0 fp-88=0 fp-96=0 fp-104=0 fp-112=0 fp-120=0
> fp-128=0 fp-136=0 fp-144=0 fp-152=0 fp-160=0 fp-168=0 fp-176=0 fp-184=0
> fp-192=0 fp-200=0 fp-208=0 fp-216=0 fp-224=0 fp-232=0 fp-240=0 fp-248=0
> fp-256=0 fp-264=0 fp-272=0 fp-280=0 fp-288=0 fp-296=0 fp-304=0 fp-312=0
> fp-320=0 fp-328=0 fp-336=0 fp-344=0 fp-360=0 fp-376=0
> 111: (bf) r1 = r10
> 112: (07) r1 += -24
> 113: (71) r1 = *(u8 *)(r1 +0)
> 114: (67) r1 <<= 2
> 115: (57) r1 &= 60
> 116: (05) goto pc+1
> 118: (0f) r7 += r1
> 119: (b7) r1 = 0
> 120: (b7) r3 = 0
> 121: (b7) r4 = 0
> 122: (b7) r2 = 0
> 123: (15) if r7 == 0x0 goto pc+13
> frame1: R0=inv(id=0) R1=inv0 R2=inv0 R3=inv0 R4=inv0 R5=inv6
> R6=ctx(id=0,off=0,imm=0) R7=inv(id=0) R8=fp-24,call_2 R10=fp0,call_2
> fp-40=0 fp-48=0 fp-80=0 fp-88=0 fp-96=0 fp-104=0 fp-112=0 fp-120=0
> fp-128=0 fp-136=0 fp-144=0 fp-152=0 fp-160=0 fp-168=0 fp-176=0 fp-184=0
> fp-192=0 fp-200=0 fp-208=0 fp-216=0 fp-224=0 fp-232=0 fp-240=0 fp-248=0
> fp-256=0 fp-264=0 fp-272=0 fp-280=0 fp-288=0 fp-296=0 fp-304=0 fp-312=0
> fp-320=0 fp-328=0 fp-336=0 fp-344=0 fp-360=0 fp-376=0
> 124: (bf) r8 = r10
> 125: (07) r8 += -48
> 126: (bf) r1 = r8
> 127: (b7) r2 = 20
> 128: (bf) r3 = r7
> 129: (85) call bpf_probe_read#4
> 130: (bf) r1 = r10
> 131: (07) r1 += -24
> 132: (69) r2 = *(u16 *)(r8 +2)
> 133: (61) r3 = *(u32 *)(r1 +16)
> 134: (61) r1 = *(u32 *)(r1 +12)
> 135: (69) r4 = *(u16 *)(r8 +0)
> 136: (dc) r4 = be16 r4
> 137: (63) *(u32 *)(r10 -372) = r1
> 138: (63) *(u32 *)(r10 -376) = r3
> 139: (dc) r4 = be16 r4
> 140: (6b) *(u16 *)(r10 -366) = r4
> 141: (dc) r2 = be16 r2
> 142: (6b) *(u16 *)(r10 -368) = r2
> 143: (79) r7 = *(u64 *)(r10 -72)
> 144: (55) if r7 != 0x0 goto pc+15
> frame1: R0=inv(id=0) R1=inv(id=0,umax_value=4294967295,var_off=(0x0;
> 0xffffffff)) R2=inv(id=0)
> R3=inv(id=0,umax_value=4294967295,var_off=(0x0; 0xffffffff))
> R4=inv(id=0) R6=ctx(id=0,off=0,imm=0) R7=inv0 R8=fp-48,call_2
> R10=fp0,call_2 fp-80=0 fp-88=0 fp-96=0 fp-104=0 fp-112=0 fp-120=0
> fp-128=0 fp-136=0 fp-144=0 fp-152=0 fp-160=0 fp-168=0 fp-176=0 fp-184=0
> fp-192=0 fp-200=0 fp-208=0 fp-216=0 fp-224=0 fp-232=0 fp-240=0 fp-248=0
> fp-256=0 fp-264=0 fp-272=0 fp-280=0 fp-288=0 fp-296=0 fp-304=0 fp-312=0
> fp-320=0 fp-328=0 fp-336=0 fp-344=0 fp-360=0
> 145: (bf) r2 = r10
> 146: (07) r2 += -376
> 147: (18) r1 = 0xffff97062f35e000
> 149: (85) call bpf_map_lookup_elem#1
> 150: (15) if r0 == 0x0 goto pc+131
> frame1: R0=map_value(id=0,off=0,ks=12,vs=8,imm=0)
> R6=ctx(id=0,off=0,imm=0) R7=inv0 R8=fp-48,call_2 R10=fp0,call_2 fp-80=0
> fp-88=0 fp-96=0 fp-104=0 fp-112=0 fp-120=0 fp-128=0 fp-136=0 fp-144=0
> fp-152=0 fp-160=0 fp-168=0 fp-176=0 fp-184=0 fp-192=0 fp-200=0 fp-208=0
> fp-216=0 fp-224=0 fp-232=0 fp-240=0 fp-248=0 fp-256=0 fp-264=0 fp-272=0
> fp-280=0 fp-288=0 fp-296=0 fp-304=0 fp-312=0 fp-320=0 fp-328=0 fp-336=0
> fp-344=0 fp-360=0
> 151: (79) r1 = *(u64 *)(r0 +0)
> frame1: R0=map_value(id=0,off=0,ks=12,vs=8,imm=0)
> R6=ctx(id=0,off=0,imm=0) R7=inv0 R8=fp-48,call_2 R10=fp0,call_2 fp-80=0
> fp-88=0 fp-96=0 fp-104=0 fp-112=0 fp-120=0 fp-128=0 fp-136=0 fp-144=0
> fp-152=0 fp-160=0 fp-168=0 fp-176=0 fp-184=0 fp-192=0 fp-200=0 fp-208=0
> fp-216=0 fp-224=0 fp-232=0 fp-240=0 fp-248=0 fp-256=0 fp-264=0 fp-272=0
> fp-280=0 fp-288=0 fp-296=0 fp-304=0 fp-312=0 fp-320=0 fp-328=0 fp-336=0
> fp-344=0 fp-360=0
> 152: (79) r7 = *(u64 *)(r10 -72)
> 153: (55) if r7 != 0x0 goto pc+58
> frame1: R0=map_value(id=0,off=0,ks=12,vs=8,imm=0) R1=inv(id=0)
> R6=ctx(id=0,off=0,imm=0) R7=inv0 R8=fp-48,call_2 R10=fp0,call_2 fp-80=0
> fp-88=0 fp-96=0 fp-104=0 fp-112=0 fp-120=0 fp-128=0 fp-136=0 fp-144=0
> fp-152=0 fp-160=0 fp-168=0 fp-176=0 fp-184=0 fp-192=0 fp-200=0 fp-208=0
> fp-216=0 fp-224=0 fp-232=0 fp-240=0 fp-248=0 fp-256=0 fp-264=0 fp-272=0
> fp-280=0 fp-288=0 fp-296=0 fp-304=0 fp-312=0 fp-320=0 fp-328=0 fp-336=0
> fp-344=0 fp-360=0
> 154: (18) r2 = 0x123456776543210
> 156: (1d) if r1 == r2 goto pc+125
> frame1: R0=map_value(id=0,off=0,ks=12,vs=8,imm=0) R1=inv(id=0)
> R2=inv81985528891978256 R6=ctx(id=0,off=0,imm=0) R7=inv0 R8=fp-48,call_2
> R10=fp0,call_2 fp-80=0 fp-88=0 fp-96=0 fp-104=0 fp-112=0 fp-120=0
> fp-128=0 fp-136=0 fp-144=0 fp-152=0 fp-160=0 fp-168=0 fp-176=0 fp-184=0
> fp-192=0 fp-200=0 fp-208=0 fp-216=0 fp-224=0 fp-232=0 fp-240=0 fp-248=0
> fp-256=0 fp-264=0 fp-272=0 fp-280=0 fp-288=0 fp-296=0 fp-304=0 fp-312=0
> fp-320=0 fp-328=0 fp-336=0 fp-344=0 fp-360=0
> 157: (7b) *(u64 *)(r10 -72) = r1
> 158: (bf) r7 = r1
> 159: (05) goto pc+62
> 222: (b7) r1 = 0
> 223: (bf) r3 = r7
> 224: (0f) r3 += r1
> 225: (bf) r1 = r10
> 226: (07) r1 += -356
> 227: (b7) r2 = 4
> 228: (85) call bpf_probe_read#4
> 229: (b7) r1 = 12
> 230: (bf) r3 = r7
> 231: (0f) r3 += r1
> 232: (bf) r1 = r10
> 233: (07) r1 += -350
> 234: (b7) r2 = 2
> 235: (85) call bpf_probe_read#4
> 236: (b7) r1 = 4
> 237: (bf) r3 = r7
> 238: (0f) r3 += r1
> 239: (bf) r1 = r10
> 240: (07) r1 += -360
> 241: (b7) r2 = 4
> 242: (85) call bpf_probe_read#4
> 243: (b7) r1 = 14
> 244: (0f) r7 += r1
> 245: (bf) r1 = r10
> 246: (07) r1 += -352
> 247: (b7) r2 = 2
> 248: (bf) r3 = r7
> 249: (85) call bpf_probe_read#4
> 250: (b7) r1 = 20
> 251: (7b) *(u64 *)(r10 -80) = r1
> 252: (85) call bpf_get_current_pid_tgid#14
> 253: (77) r0 >>= 32
> 254: (63) *(u32 *)(r10 -324) = r0
> 255: (bf) r1 = r10
> 256: (07) r1 += -320
> 257: (b7) r2 = 16
> 258: (85) call bpf_get_current_comm#16
> 259: (79) r1 = *(u64 *)(r10 -80)
> 260: (07) r1 += 20
> 261: (7b) *(u64 *)(r10 -80) = r1
> 262: (bf) r7 = r10
> 263: (07) r7 += -344
> 264: (0f) r7 += r1
> math between fp pointer and register with unbounded min value is not
> allowed
You probably used an old kernel.
The value "r1" is restored from stack location r10 - 80 which
stores a constant. The verifier needs to transfer the "const" state
from spill to register.
>
>
> Thank you very much!
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: err: math between fp pointer and register with unbounded min value is not allowed
2021-10-28 14:56 ` Yonghong Song
@ 2021-10-29 1:29 ` Shuyi Cheng
0 siblings, 0 replies; 3+ messages in thread
From: Shuyi Cheng @ 2021-10-29 1:29 UTC (permalink / raw)
To: Yonghong Song, bpf, Andrii Nakryiko; +Cc: Mao Wenan
On 10/28/21 10:56 PM, Yonghong Song wrote:
>
>> 251: (7b) *(u64 *)(r10 -80) = r1
>> 252: (85) call bpf_get_current_pid_tgid#14
>> 253: (77) r0 >>= 32
>> 254: (63) *(u32 *)(r10 -324) = r0
>> 255: (bf) r1 = r10
>> 256: (07) r1 += -320
>> 257: (b7) r2 = 16
>> 258: (85) call bpf_get_current_comm#16
>> 259: (79) r1 = *(u64 *)(r10 -80)
>> 260: (07) r1 += 20
>> 261: (7b) *(u64 *)(r10 -80) = r1
>> 262: (bf) r7 = r10
>> 263: (07) r7 += -344
>> 264: (0f) r7 += r1
>> math between fp pointer and register with unbounded min value is not
>> allowed
>
> You probably used an old kernel.
> The value "r1" is restored from stack location r10 - 80 which
> stores a constant. The verifier needs to transfer the "const" state
> from spill to register.
>
Thank you very much for your answers. The root cause is that when the
value is restored from the stack to the register, the verifier of the
old kernel loses its state. So, which patch of the higher version of the
kernel solves this problem?
Thank you very much!
>>
>>
>> Thank you very much!
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-10-29 1:29 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-28 11:53 err: math between fp pointer and register with unbounded min value is not allowed Shuyi Cheng
2021-10-28 14:56 ` Yonghong Song
2021-10-29 1:29 ` Shuyi Cheng
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.