From: Kumar Kartikeya Dwivedi <memxor@gmail.com>
To: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: "Andrii Nakryiko" <andrii.nakryiko@gmail.com>,
"Joanne Koong" <joannelkoong@gmail.com>,
bpf <bpf@vger.kernel.org>,
"Martin KaFai Lau" <martin.lau@kernel.org>,
"Andrii Nakryiko" <andrii@kernel.org>,
"Alexei Starovoitov" <ast@kernel.org>,
"Daniel Borkmann" <daniel@iogearbox.net>,
"Network Development" <netdev@vger.kernel.org>,
"Toke Høiland-Jørgensen" <toke@kernel.org>
Subject: Re: [PATCH v13 bpf-next 09/10] bpf: Add bpf_dynptr_slice and bpf_dynptr_slice_rdwr
Date: Fri, 10 Mar 2023 22:38:39 +0100 [thread overview]
Message-ID: <20230310213839.zsiz7sky7q3zmjcp@apollo> (raw)
In-Reply-To: <20230310211541.schh7iyrqgbgfaay@macbook-pro-6.dhcp.thefacebook.com>
On Fri, Mar 10, 2023 at 10:15:41PM CET, Alexei Starovoitov wrote:
> On Tue, Mar 07, 2023 at 04:01:28PM -0800, Andrii Nakryiko wrote:
> > > > >
> > > > > I agree this is simpler, but I'm not sure it will work properly. Verifier won't
> > > > > know when the lifetime of the buffer ends, so if we disallow spills until its
> > > > > written over it's going to be a pain for users.
> > > > >
> > > > > Something like:
> > > > >
> > > > > for (...) {
> > > > > char buf[64];
> > > > > bpf_dynptr_slice_rdwr(..., buf, 64);
> > > > > ...
> > > > > }
> > > > >
> > > > > .. and then compiler decides to spill something where buf was located on stack
> > > > > outside the for loop. The verifier can't know when buf goes out of scope to
> > > > > unpoison the slots.
> > > >
> > > > You're saying the "verifier doesn't know when buf ...".
> > > > The same applies to the compiler. It has no visibility
> > > > into what bpf_dynptr_slice_rdwr is doing.
> > >
> > > That is true, it can't assume anything about the side effects. But I am talking
> > > about the point in the program when the buffer object no longer lives. Use of
> > > the escaped pointer to such an object any longer is UB. The compiler is well
> > > within its rights to reuse its stack storage at that point, including for
> > > spilling registers. Which is why "outside the for loop" in my earlier reply.
> > >
> > > > So it never spills into a declared C array
> > > > as I tried to explain in the previous reply.
> > > > Spill/fill slots are always invisible to C.
> > > > (unless of course you do pointer arithmetic asm style)
> > >
> > > When the declared array's lifetime ends, it can.
> > > https://godbolt.org/z/Ez7v4xfnv
> > >
> > > The 2nd call to bar as part of unrolled loop happens with fp-8, then it calls
> > > baz, spills r0 to fp-8, and calls bar again with fp-8.
>
> Right. If user writes such program and does explicit store of spillable
> pointer into a stack.
> I was talking about compiler generated spill/fill and I still believe
> that compiler will not be reusing variable's stack memory for them.
>
But that example on godbolt is about the _compiler_ doing spill into a
variable's stack memory, once it is dead. There is no explicit store to spill
from the user happening there.
Maybe buffer in explicit program scope {} is not that common, but always_inline
functions will have a similar effect, since they introduce a scope out of which
poisoned buffer's storage can be reused.
> [...]
next prev parent reply other threads:[~2023-03-10 21:38 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-01 15:49 [PATCH v13 bpf-next 00/10] Add skb + xdp dynptrs Joanne Koong
2023-03-01 15:49 ` [PATCH v13 bpf-next 01/10] bpf: Support "sk_buff" and "xdp_buff" as valid kfunc arg types Joanne Koong
2023-03-01 15:49 ` [PATCH v13 bpf-next 02/10] bpf: Refactor process_dynptr_func Joanne Koong
2023-03-01 15:49 ` [PATCH v13 bpf-next 03/10] bpf: Allow initializing dynptrs in kfuncs Joanne Koong
2023-03-06 7:36 ` Kumar Kartikeya Dwivedi
2023-03-07 6:53 ` Joanne Koong
2023-03-07 23:53 ` Andrii Nakryiko
2023-03-01 15:49 ` [PATCH v13 bpf-next 04/10] bpf: Define no-ops for externally called bpf dynptr functions Joanne Koong
2023-03-01 15:49 ` [PATCH v13 bpf-next 05/10] bpf: Refactor verifier dynptr into get_dynptr_arg_reg Joanne Koong
2023-03-01 15:49 ` [PATCH v13 bpf-next 06/10] bpf: Add __uninit kfunc annotation Joanne Koong
2023-03-01 15:49 ` [PATCH v13 bpf-next 07/10] bpf: Add skb dynptrs Joanne Koong
2023-03-01 15:49 ` [PATCH v13 bpf-next 08/10] bpf: Add xdp dynptrs Joanne Koong
2023-03-01 15:49 ` [PATCH v13 bpf-next 09/10] bpf: Add bpf_dynptr_slice and bpf_dynptr_slice_rdwr Joanne Koong
2023-03-02 3:29 ` kernel test robot
2023-03-02 3:53 ` Joanne Koong
2023-03-06 7:10 ` Kumar Kartikeya Dwivedi
2023-03-07 2:23 ` Alexei Starovoitov
2023-03-07 10:22 ` Kumar Kartikeya Dwivedi
2023-03-07 15:45 ` Alexei Starovoitov
2023-03-07 17:35 ` Kumar Kartikeya Dwivedi
2023-03-08 0:01 ` Andrii Nakryiko
2023-03-10 21:15 ` Alexei Starovoitov
2023-03-10 21:29 ` Andrii Nakryiko
2023-03-10 21:54 ` Kumar Kartikeya Dwivedi
2023-03-10 21:54 ` Alexei Starovoitov
2023-03-13 6:31 ` Joanne Koong
2023-03-13 14:41 ` Kumar Kartikeya Dwivedi
2023-03-16 18:55 ` Andrii Nakryiko
2023-03-27 7:47 ` Joanne Koong
2023-03-28 21:42 ` Andrii Nakryiko
2023-04-09 0:22 ` Joanne Koong
2023-04-12 19:05 ` Andrii Nakryiko
2023-03-10 21:38 ` Kumar Kartikeya Dwivedi [this message]
2023-03-10 21:49 ` Alexei Starovoitov
2023-03-01 15:49 ` [PATCH v13 bpf-next 10/10] selftests/bpf: tests for using dynptrs to parse skb and xdp buffers Joanne Koong
2023-03-01 18:08 ` Alexei Starovoitov
2023-03-01 18:43 ` Andrii Nakryiko
2023-03-02 4:28 ` Joanne Koong
2023-03-08 1:55 ` Ilya Leoshkevich
2023-03-08 7:22 ` Joanne Koong
2023-03-08 14:24 ` Ilya Leoshkevich
2023-03-09 8:13 ` Joanne Koong
2023-03-10 3:40 ` Ilya Leoshkevich
2023-03-10 5:12 ` Stanislav Fomichev
2023-03-10 17:43 ` Alexei Starovoitov
2023-03-01 18:10 ` [PATCH v13 bpf-next 00/10] Add skb + xdp dynptrs patchwork-bot+netdevbpf
2023-03-08 8:16 ` Jakub Kicinski
2023-03-08 17:08 ` Andrii Nakryiko
2023-03-08 17:28 ` Jakub Kicinski
2023-03-08 19:02 ` Andrii Nakryiko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230310213839.zsiz7sky7q3zmjcp@apollo \
--to=memxor@gmail.com \
--cc=alexei.starovoitov@gmail.com \
--cc=andrii.nakryiko@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=joannelkoong@gmail.com \
--cc=martin.lau@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=toke@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).