From patchwork Thu Oct 12 17:34:07 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Kicinski X-Patchwork-Id: 825001 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=netronome-com.20150623.gappssmtp.com header.i=@netronome-com.20150623.gappssmtp.com header.b="JxM2EJWZ"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3yCdKx4963z9t2r for ; Fri, 13 Oct 2017 04:35:49 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752606AbdJLRfr (ORCPT ); Thu, 12 Oct 2017 13:35:47 -0400 Received: from mail-pf0-f179.google.com ([209.85.192.179]:54261 "EHLO mail-pf0-f179.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752673AbdJLReu (ORCPT ); Thu, 12 Oct 2017 13:34:50 -0400 Received: by mail-pf0-f179.google.com with SMTP id t188so3330122pfd.10 for ; Thu, 12 Oct 2017 10:34:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netronome-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Izo9NGwB8TsgBYKJrfaBFGU+EMCSWeLUolN4lyRctsY=; b=JxM2EJWZrXoBKmFiPqdVJ6GEirXdLnt7c1vLPLWBJAy1qfTxKUcvkI3vEtVa4yv2Go IPJF/rkUo10zcSCPiugjSNOpzPqt3KnKRKXqfIXuxVxcMCtVbPnFku/FRKHtLbGLAc7+ 0EYoSYSMerBUItlrY75AOUAay1nzvtAan5bh05MOVLdb6YBLv1BN/eRUp3eRbPDpgOw7 VIyxvD64lpCxARLOQHK0lk8xg6JIxs2ZJlPotU2mJ5rVxywH+pmut5hqLjs1w/90/gqk nbf27NCk8LpcaF44qEtrAOGGI15GcDdA5P8pQ4bOvpdAR3/+pFEfhOYYu7jYHftmlUp0 DzdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Izo9NGwB8TsgBYKJrfaBFGU+EMCSWeLUolN4lyRctsY=; b=ae2Fl8fDKmdNnB1DY2Iwx1hW8yPdqZeFZO+ZDoS5Y2xTfNy53S38ayzb1cz9XmuGf4 S0dgpst5HvwwWs1lEUQjUENw5z1mJZ4WHUJ5ZeJltefcpbhdfU9pmmfAI/68jLGYpNZy te0vUAR4DlHNYQMT/pcSoZevW+AyZwXOVjIkX16zBUzdK1isXTiQ6UcqmSy0/nb42NZn K9Gg4NCdVZWSau4Cj9i32DIz507/MZdjpPIWWyy1K+7kqrejyQxOhe8rNeMrw01Jp5lc G39S54cUJgspx+cupDbLt3DFGntdpzgUk0XIouIgx7Jif5NxumyS/c42AsjKI7FpAme+ uD6A== X-Gm-Message-State: AMCzsaXeJXKbpGfrAQoA4bw/AvkloaxXLArx4uTOnv4oksy/96AcU8n3 CmGIRoJBQeDdIaqLo0bStHJaPLUc X-Google-Smtp-Source: AOwi7QAo2f3GJHLh3uAAz/F0FXlJ/As0bF0ZafT3zxtpMkJcwU4JGhzeuyYHVi66zGuf+HA7cgnpIw== X-Received: by 10.99.160.25 with SMTP id r25mr824760pge.254.1507829689347; Thu, 12 Oct 2017 10:34:49 -0700 (PDT) Received: from jkicinski-Precision-T1700.netronome.com ([75.53.12.129]) by smtp.gmail.com with ESMTPSA id q8sm25037929pfk.100.2017.10.12.10.34.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 12 Oct 2017 10:34:48 -0700 (PDT) From: Jakub Kicinski To: netdev@vger.kernel.org Cc: oss-drivers@netronome.com, Jakub Kicinski , alexei.starovoitov@gmail.com, daniel@iogearbox.net Subject: [PATCH net-next 01/12] bpf: verifier: set reg_type on context accesses in second pass Date: Thu, 12 Oct 2017 10:34:07 -0700 Message-Id: <20171012173418.4029-2-jakub.kicinski@netronome.com> X-Mailer: git-send-email 2.14.1 In-Reply-To: <20171012173418.4029-1-jakub.kicinski@netronome.com> References: <20171012173418.4029-1-jakub.kicinski@netronome.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Use a simplified is_valid_access() callback when verifier is used for program analysis by non-host JITs. This allows us to teach the verifier about packet start and packet end offsets for direct packet access. We can extend the callback as needed but for most packet processing needs there isn't much more the offloads may require. Signed-off-by: Jakub Kicinski Reviewed-by: Simon Horman --- CC: alexei.starovoitov@gmail.com CC: daniel@iogearbox.net kernel/bpf/verifier.c | 43 +++++++++++++++++++++++++++++++++++++------ 1 file changed, 37 insertions(+), 6 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 2cdbcc4f8f6b..9755279d94cb 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -813,6 +813,36 @@ static int check_packet_access(struct bpf_verifier_env *env, u32 regno, int off, return err; } +static bool analyzer_is_valid_access(struct bpf_verifier_env *env, int off, + struct bpf_insn_access_aux *info) +{ + switch (env->prog->type) { + case BPF_PROG_TYPE_XDP: + switch (off) { + case offsetof(struct xdp_buff, data): + info->reg_type = PTR_TO_PACKET; + return true; + case offsetof(struct xdp_buff, data_end): + info->reg_type = PTR_TO_PACKET_END; + return true; + } + return false; + case BPF_PROG_TYPE_SCHED_CLS: + switch (off) { + case offsetof(struct sk_buff, data): + info->reg_type = PTR_TO_PACKET; + return true; + case offsetof(struct sk_buff, cb) + + offsetof(struct bpf_skb_data_end, data_end): + info->reg_type = PTR_TO_PACKET_END; + return true; + } + return false; + default: + return false; + } +} + /* check access to 'struct bpf_context' fields. Supports fixed offsets only */ static int check_ctx_access(struct bpf_verifier_env *env, int insn_idx, int off, int size, enum bpf_access_type t, enum bpf_reg_type *reg_type) @@ -821,12 +851,13 @@ static int check_ctx_access(struct bpf_verifier_env *env, int insn_idx, int off, .reg_type = *reg_type, }; - /* for analyzer ctx accesses are already validated and converted */ - if (env->analyzer_ops) - return 0; - - if (env->prog->aux->ops->is_valid_access && - env->prog->aux->ops->is_valid_access(off, size, t, &info)) { + if (env->analyzer_ops) { + if (analyzer_is_valid_access(env, off, &info)) { + *reg_type = info.reg_type; + return 0; + } + } else if (env->prog->aux->ops->is_valid_access && + env->prog->aux->ops->is_valid_access(off, size, t, &info)) { /* A non zero info.ctx_field_size indicates that this field is a * candidate for later verifier transformation to load the whole * field and then apply a mask when accessed with a narrower