GET

Patch Detail

get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/1.2/patches/833135/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 833135,
    "url": "http://patchwork.ozlabs.org/api/1.2/patches/833135/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/netdev/patch/60854045d7986fc5997d38a95fec6426f8f9fdd7.1509576758.git.daniel@iogearbox.net/",
    "project": {
        "id": 7,
        "url": "http://patchwork.ozlabs.org/api/1.2/projects/7/?format=api",
        "name": "Linux network development",
        "link_name": "netdev",
        "list_id": "netdev.vger.kernel.org",
        "list_email": "netdev@vger.kernel.org",
        "web_url": null,
        "scm_url": null,
        "webscm_url": null,
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<60854045d7986fc5997d38a95fec6426f8f9fdd7.1509576758.git.daniel@iogearbox.net>",
    "list_archive_url": null,
    "date": "2017-11-01T22:58:10",
    "name": "[net-next,2/3] bpf: also improve pattern matches for meta access",
    "commit_ref": null,
    "pull_url": null,
    "state": "accepted",
    "archived": true,
    "hash": "7164882e90648e6e0d112f4ca22604076a0a1746",
    "submitter": {
        "id": 65705,
        "url": "http://patchwork.ozlabs.org/api/1.2/people/65705/?format=api",
        "name": "Daniel Borkmann",
        "email": "daniel@iogearbox.net"
    },
    "delegate": {
        "id": 34,
        "url": "http://patchwork.ozlabs.org/api/1.2/users/34/?format=api",
        "username": "davem",
        "first_name": "David",
        "last_name": "Miller",
        "email": "davem@davemloft.net"
    },
    "mbox": "http://patchwork.ozlabs.org/project/netdev/patch/60854045d7986fc5997d38a95fec6426f8f9fdd7.1509576758.git.daniel@iogearbox.net/mbox/",
    "series": [
        {
            "id": 11406,
            "url": "http://patchwork.ozlabs.org/api/1.2/series/11406/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/netdev/list/?series=11406",
            "date": "2017-11-01T22:58:09",
            "name": "BPF range marking improvements for meta data",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/11406/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/833135/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/833135/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<netdev-owner@vger.kernel.org>",
        "X-Original-To": "patchwork-incoming@ozlabs.org",
        "Delivered-To": "patchwork-incoming@ozlabs.org",
        "Authentication-Results": "ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)",
        "Received": [
            "from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3yS3YH2txRz9t34\n\tfor <patchwork-incoming@ozlabs.org>;\n\tThu,  2 Nov 2017 09:58:43 +1100 (AEDT)",
            "(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S933601AbdKAW6m (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tWed, 1 Nov 2017 18:58:42 -0400",
            "from www62.your-server.de ([213.133.104.62]:55618 \"EHLO\n\twww62.your-server.de\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1754922AbdKAW61 (ORCPT\n\t<rfc822;netdev@vger.kernel.org>); Wed, 1 Nov 2017 18:58:27 -0400",
            "from [194.230.159.142] (helo=localhost)\n\tby www62.your-server.de with esmtpsa\n\t(TLSv1.2:DHE-RSA-AES128-GCM-SHA256:128) (Exim 4.85_2)\n\t(envelope-from <daniel@iogearbox.net>)\n\tid 1eA1xp-0005C3-TM; Wed, 01 Nov 2017 23:58:26 +0100"
        ],
        "From": "Daniel Borkmann <daniel@iogearbox.net>",
        "To": "davem@davemloft.net",
        "Cc": "alexei.starovoitov@gmail.com, john.r.fastabend@gmail.com,\n\tnetdev@vger.kernel.org, Daniel Borkmann <daniel@iogearbox.net>",
        "Subject": "[PATCH net-next 2/3] bpf: also improve pattern matches for meta\n\taccess",
        "Date": "Wed,  1 Nov 2017 23:58:10 +0100",
        "Message-Id": "<60854045d7986fc5997d38a95fec6426f8f9fdd7.1509576758.git.daniel@iogearbox.net>",
        "X-Mailer": "git-send-email 1.9.3",
        "In-Reply-To": [
            "<cover.1509576758.git.daniel@iogearbox.net>",
            "<cover.1509576758.git.daniel@iogearbox.net>"
        ],
        "References": [
            "<cover.1509576758.git.daniel@iogearbox.net>",
            "<cover.1509576758.git.daniel@iogearbox.net>"
        ],
        "X-Authenticated-Sender": "daniel@iogearbox.net",
        "X-Virus-Scanned": "Clear (ClamAV 0.99.2/24008/Wed Nov  1 21:07:58 2017)",
        "Sender": "netdev-owner@vger.kernel.org",
        "Precedence": "bulk",
        "List-ID": "<netdev.vger.kernel.org>",
        "X-Mailing-List": "netdev@vger.kernel.org"
    },
    "content": "Follow-up to 0fd4759c5515 (\"bpf: fix pattern matches for direct\npacket access\") to cover also the remaining data_meta/data matches\nin the verifier. The matches are also refactored a bit to simplify\nhandling of all the cases.\n\nSigned-off-by: Daniel Borkmann <daniel@iogearbox.net>\nAcked-by: Alexei Starovoitov <ast@kernel.org>\nAcked-by: John Fastabend <john.fastabend@gmail.com>\n---\n kernel/bpf/verifier.c | 165 +++++++++++++++++++++++++++++---------------------\n 1 file changed, 96 insertions(+), 69 deletions(-)",
    "diff": "diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c\nindex 2cc3e94..530b685 100644\n--- a/kernel/bpf/verifier.c\n+++ b/kernel/bpf/verifier.c\n@@ -2787,6 +2787,99 @@ static void mark_map_regs(struct bpf_verifier_state *state, u32 regno,\n \t}\n }\n \n+static bool try_match_pkt_pointers(const struct bpf_insn *insn,\n+\t\t\t\t   struct bpf_reg_state *dst_reg,\n+\t\t\t\t   struct bpf_reg_state *src_reg,\n+\t\t\t\t   struct bpf_verifier_state *this_branch,\n+\t\t\t\t   struct bpf_verifier_state *other_branch)\n+{\n+\tif (BPF_SRC(insn->code) != BPF_X)\n+\t\treturn false;\n+\n+\tswitch (BPF_OP(insn->code)) {\n+\tcase BPF_JGT:\n+\t\tif ((dst_reg->type == PTR_TO_PACKET &&\n+\t\t     src_reg->type == PTR_TO_PACKET_END) ||\n+\t\t    (dst_reg->type == PTR_TO_PACKET_META &&\n+\t\t     reg_is_init_pkt_pointer(src_reg, PTR_TO_PACKET))) {\n+\t\t\t/* pkt_data' > pkt_end, pkt_meta' > pkt_data */\n+\t\t\tfind_good_pkt_pointers(this_branch, dst_reg,\n+\t\t\t\t\t       dst_reg->type, false);\n+\t\t} else if ((dst_reg->type == PTR_TO_PACKET_END &&\n+\t\t\t    src_reg->type == PTR_TO_PACKET) ||\n+\t\t\t   (reg_is_init_pkt_pointer(dst_reg, PTR_TO_PACKET) &&\n+\t\t\t    src_reg->type == PTR_TO_PACKET_META)) {\n+\t\t\t/* pkt_end > pkt_data', pkt_data > pkt_meta' */\n+\t\t\tfind_good_pkt_pointers(other_branch, src_reg,\n+\t\t\t\t\t       src_reg->type, true);\n+\t\t} else {\n+\t\t\treturn false;\n+\t\t}\n+\t\tbreak;\n+\tcase BPF_JLT:\n+\t\tif ((dst_reg->type == PTR_TO_PACKET &&\n+\t\t     src_reg->type == PTR_TO_PACKET_END) ||\n+\t\t    (dst_reg->type == PTR_TO_PACKET_META &&\n+\t\t     reg_is_init_pkt_pointer(src_reg, PTR_TO_PACKET))) {\n+\t\t\t/* pkt_data' < pkt_end, pkt_meta' < pkt_data */\n+\t\t\tfind_good_pkt_pointers(other_branch, dst_reg,\n+\t\t\t\t\t       dst_reg->type, true);\n+\t\t} else if ((dst_reg->type == PTR_TO_PACKET_END &&\n+\t\t\t    src_reg->type == PTR_TO_PACKET) ||\n+\t\t\t   (reg_is_init_pkt_pointer(dst_reg, PTR_TO_PACKET) &&\n+\t\t\t    src_reg->type == PTR_TO_PACKET_META)) {\n+\t\t\t/* pkt_end < pkt_data', pkt_data > pkt_meta' */\n+\t\t\tfind_good_pkt_pointers(this_branch, src_reg,\n+\t\t\t\t\t       src_reg->type, false);\n+\t\t} else {\n+\t\t\treturn false;\n+\t\t}\n+\t\tbreak;\n+\tcase BPF_JGE:\n+\t\tif ((dst_reg->type == PTR_TO_PACKET &&\n+\t\t     src_reg->type == PTR_TO_PACKET_END) ||\n+\t\t    (dst_reg->type == PTR_TO_PACKET_META &&\n+\t\t     reg_is_init_pkt_pointer(src_reg, PTR_TO_PACKET))) {\n+\t\t\t/* pkt_data' >= pkt_end, pkt_meta' >= pkt_data */\n+\t\t\tfind_good_pkt_pointers(this_branch, dst_reg,\n+\t\t\t\t\t       dst_reg->type, true);\n+\t\t} else if ((dst_reg->type == PTR_TO_PACKET_END &&\n+\t\t\t    src_reg->type == PTR_TO_PACKET) ||\n+\t\t\t   (reg_is_init_pkt_pointer(dst_reg, PTR_TO_PACKET) &&\n+\t\t\t    src_reg->type == PTR_TO_PACKET_META)) {\n+\t\t\t/* pkt_end >= pkt_data', pkt_data >= pkt_meta' */\n+\t\t\tfind_good_pkt_pointers(other_branch, src_reg,\n+\t\t\t\t\t       src_reg->type, false);\n+\t\t} else {\n+\t\t\treturn false;\n+\t\t}\n+\t\tbreak;\n+\tcase BPF_JLE:\n+\t\tif ((dst_reg->type == PTR_TO_PACKET &&\n+\t\t     src_reg->type == PTR_TO_PACKET_END) ||\n+\t\t    (dst_reg->type == PTR_TO_PACKET_META &&\n+\t\t     reg_is_init_pkt_pointer(src_reg, PTR_TO_PACKET))) {\n+\t\t\t/* pkt_data' <= pkt_end, pkt_meta' <= pkt_data */\n+\t\t\tfind_good_pkt_pointers(other_branch, dst_reg,\n+\t\t\t\t\t       dst_reg->type, false);\n+\t\t} else if ((dst_reg->type == PTR_TO_PACKET_END &&\n+\t\t\t    src_reg->type == PTR_TO_PACKET) ||\n+\t\t\t   (reg_is_init_pkt_pointer(dst_reg, PTR_TO_PACKET) &&\n+\t\t\t    src_reg->type == PTR_TO_PACKET_META)) {\n+\t\t\t/* pkt_end <= pkt_data', pkt_data <= pkt_meta' */\n+\t\t\tfind_good_pkt_pointers(this_branch, src_reg,\n+\t\t\t\t\t       src_reg->type, true);\n+\t\t} else {\n+\t\t\treturn false;\n+\t\t}\n+\t\tbreak;\n+\tdefault:\n+\t\treturn false;\n+\t}\n+\n+\treturn true;\n+}\n+\n static int check_cond_jmp_op(struct bpf_verifier_env *env,\n \t\t\t     struct bpf_insn *insn, int *insn_idx)\n {\n@@ -2893,75 +2986,9 @@ static int check_cond_jmp_op(struct bpf_verifier_env *env,\n \t\t */\n \t\tmark_map_regs(this_branch, insn->dst_reg, opcode == BPF_JNE);\n \t\tmark_map_regs(other_branch, insn->dst_reg, opcode == BPF_JEQ);\n-\t} else if (BPF_SRC(insn->code) == BPF_X && opcode == BPF_JGT &&\n-\t\t   dst_reg->type == PTR_TO_PACKET &&\n-\t\t   regs[insn->src_reg].type == PTR_TO_PACKET_END) {\n-\t\t/* pkt_data' > pkt_end */\n-\t\tfind_good_pkt_pointers(this_branch, dst_reg,\n-\t\t\t\t       PTR_TO_PACKET, false);\n-\t} else if (BPF_SRC(insn->code) == BPF_X && opcode == BPF_JGT &&\n-\t\t   dst_reg->type == PTR_TO_PACKET_END &&\n-\t\t   regs[insn->src_reg].type == PTR_TO_PACKET) {\n-\t\t/* pkt_end > pkt_data' */\n-\t\tfind_good_pkt_pointers(other_branch, &regs[insn->src_reg],\n-\t\t\t\t       PTR_TO_PACKET, true);\n-\t} else if (BPF_SRC(insn->code) == BPF_X && opcode == BPF_JLT &&\n-\t\t   dst_reg->type == PTR_TO_PACKET &&\n-\t\t   regs[insn->src_reg].type == PTR_TO_PACKET_END) {\n-\t\t/* pkt_data' < pkt_end */\n-\t\tfind_good_pkt_pointers(other_branch, dst_reg, PTR_TO_PACKET,\n-\t\t\t\t       true);\n-\t} else if (BPF_SRC(insn->code) == BPF_X && opcode == BPF_JLT &&\n-\t\t   dst_reg->type == PTR_TO_PACKET_END &&\n-\t\t   regs[insn->src_reg].type == PTR_TO_PACKET) {\n-\t\t/* pkt_end < pkt_data' */\n-\t\tfind_good_pkt_pointers(this_branch, &regs[insn->src_reg],\n-\t\t\t\t       PTR_TO_PACKET, false);\n-\t} else if (BPF_SRC(insn->code) == BPF_X && opcode == BPF_JGE &&\n-\t\t   dst_reg->type == PTR_TO_PACKET &&\n-\t\t   regs[insn->src_reg].type == PTR_TO_PACKET_END) {\n-\t\t/* pkt_data' >= pkt_end */\n-\t\tfind_good_pkt_pointers(this_branch, dst_reg,\n-\t\t\t\t       PTR_TO_PACKET, true);\n-\t} else if (BPF_SRC(insn->code) == BPF_X && opcode == BPF_JGE &&\n-\t\t   dst_reg->type == PTR_TO_PACKET_END &&\n-\t\t   regs[insn->src_reg].type == PTR_TO_PACKET) {\n-\t\t/* pkt_end >= pkt_data' */\n-\t\tfind_good_pkt_pointers(other_branch, &regs[insn->src_reg],\n-\t\t\t\t       PTR_TO_PACKET, false);\n-\t} else if (BPF_SRC(insn->code) == BPF_X && opcode == BPF_JLE &&\n-\t\t   dst_reg->type == PTR_TO_PACKET &&\n-\t\t   regs[insn->src_reg].type == PTR_TO_PACKET_END) {\n-\t\t/* pkt_data' <= pkt_end */\n-\t\tfind_good_pkt_pointers(other_branch, dst_reg,\n-\t\t\t\t       PTR_TO_PACKET, false);\n-\t} else if (BPF_SRC(insn->code) == BPF_X && opcode == BPF_JLE &&\n-\t\t   dst_reg->type == PTR_TO_PACKET_END &&\n-\t\t   regs[insn->src_reg].type == PTR_TO_PACKET) {\n-\t\t/* pkt_end <= pkt_data' */\n-\t\tfind_good_pkt_pointers(this_branch, &regs[insn->src_reg],\n-\t\t\t\t       PTR_TO_PACKET, true);\n-\t} else if (BPF_SRC(insn->code) == BPF_X && opcode == BPF_JGT &&\n-\t\t   dst_reg->type == PTR_TO_PACKET_META &&\n-\t\t   reg_is_init_pkt_pointer(&regs[insn->src_reg], PTR_TO_PACKET)) {\n-\t\tfind_good_pkt_pointers(this_branch, dst_reg,\n-\t\t\t\t       PTR_TO_PACKET_META, false);\n-\t} else if (BPF_SRC(insn->code) == BPF_X && opcode == BPF_JLT &&\n-\t\t   dst_reg->type == PTR_TO_PACKET_META &&\n-\t\t   reg_is_init_pkt_pointer(&regs[insn->src_reg], PTR_TO_PACKET)) {\n-\t\tfind_good_pkt_pointers(other_branch, dst_reg,\n-\t\t\t\t       PTR_TO_PACKET_META, false);\n-\t} else if (BPF_SRC(insn->code) == BPF_X && opcode == BPF_JGE &&\n-\t\t   reg_is_init_pkt_pointer(dst_reg, PTR_TO_PACKET) &&\n-\t\t   regs[insn->src_reg].type == PTR_TO_PACKET_META) {\n-\t\tfind_good_pkt_pointers(other_branch, &regs[insn->src_reg],\n-\t\t\t\t       PTR_TO_PACKET_META, false);\n-\t} else if (BPF_SRC(insn->code) == BPF_X && opcode == BPF_JLE &&\n-\t\t   reg_is_init_pkt_pointer(dst_reg, PTR_TO_PACKET) &&\n-\t\t   regs[insn->src_reg].type == PTR_TO_PACKET_META) {\n-\t\tfind_good_pkt_pointers(this_branch, &regs[insn->src_reg],\n-\t\t\t\t       PTR_TO_PACKET_META, false);\n-\t} else if (is_pointer_value(env, insn->dst_reg)) {\n+\t} else if (!try_match_pkt_pointers(insn, dst_reg, &regs[insn->src_reg],\n+\t\t\t\t\t   this_branch, other_branch) &&\n+\t\t   is_pointer_value(env, insn->dst_reg)) {\n \t\tverbose(env, \"R%d pointer comparison prohibited\\n\",\n \t\t\tinsn->dst_reg);\n \t\treturn -EACCES;\n",
    "prefixes": [
        "net-next",
        "2/3"
    ]
}