From patchwork Wed Aug 23 14:10:03 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Edward Cree <ecree@solarflare.com>
X-Patchwork-Id: 805017
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 3xcq7t4F5lz9s06
	for <patchwork-incoming@ozlabs.org>;
	Thu, 24 Aug 2017 00:10:18 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754109AbdHWOKQ (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Wed, 23 Aug 2017 10:10:16 -0400
Received: from dispatch1-us1.ppe-hosted.com ([67.231.154.164]:43837 "EHLO
	dispatch1-us1.ppe-hosted.com" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S1754001AbdHWOKP (ORCPT
	<rfc822;netdev@vger.kernel.org>); Wed, 23 Aug 2017 10:10:15 -0400
Received: from pure.maildistiller.com (unknown [10.110.50.29])
	by dispatch1-us1.ppe-hosted.com (Proofpoint Essentials ESMTP Server)
	with ESMTP id 1CAD3600FA; Wed, 23 Aug 2017 14:10:15 +0000 (UTC)
X-Virus-Scanned: Proofpoint Essentials engine
Received: from mx2-us1.ppe-hosted.com (unknown [10.110.49.251])
	by pure.maildistiller.com (Proofpoint Essentials ESMTP Server) with
	ESMTPS id 966C580054; Wed, 23 Aug 2017 14:10:14 +0000 (UTC)
Received: from webmail.solarflare.com (uk.solarflare.com [193.34.186.16])
	(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx2-us1.ppe-hosted.com (Proofpoint Essentials ESMTP Server) with
	ESMTPS id 496AC8007C; Wed, 23 Aug 2017 14:10:14 +0000 (UTC)
Received: from ec-desktop.uk.solarflarecom.com (10.17.20.45) by
	ukex01.SolarFlarecom.com (10.17.10.4) with Microsoft SMTP Server
	(TLS) id 15.0.1044.25; Wed, 23 Aug 2017 15:10:07 +0100
From: Edward Cree <ecree@solarflare.com>
Subject: [PATCH v2 net-next 2/5] bpf/verifier: when pruning a branch, ignore
	its write marks
To: <davem@davemloft.net>, Alexei Starovoitov <alexei.starovoitov@gmail.com>,
	Alexei Starovoitov <ast@fb.com>, Daniel Borkmann <daniel@iogearbox.net>
References: <f9208b68-466e-c6cb-4d0c-c567e40bdc15@solarflare.com>
CC: <netdev@vger.kernel.org>, iovisor-dev <iovisor-dev@lists.iovisor.org>
Message-ID: <ec2ee579-8391-c023-348a-770faa6bc5c7@solarflare.com>
Date: Wed, 23 Aug 2017 15:10:03 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
	Thunderbird/45.1.0
MIME-Version: 1.0
In-Reply-To: <f9208b68-466e-c6cb-4d0c-c567e40bdc15@solarflare.com>
X-Originating-IP: [10.17.20.45]
X-ClientProxiedBy: ocex03.SolarFlarecom.com (10.20.40.36) To
	ukex01.SolarFlarecom.com (10.17.10.4)
X-TM-AS-Product-Ver: SMEX-11.0.0.1191-8.100.1062-23276.003
X-TM-AS-Result: No--3.911800-0.000000-31
X-TM-AS-User-Approved-Sender: Yes
X-TM-AS-User-Blocked-Sender: No
X-MDID: 1503497415-JTb2VbQEt4Ky
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

The fact that writes occurred in reaching the continuation state does
 not screen off its reads from us, because we're not really its parent.
So detect 'not really the parent' in do_propagate_liveness, and ignore
 write marks in that case.

Fixes: dc503a8ad984 ("bpf/verifier: track liveness for pruning")
Signed-off-by: Edward Cree <ecree@solarflare.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
---
 kernel/bpf/verifier.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index e42c096..fdbaa60 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -3436,6 +3436,7 @@ static bool states_equal(struct bpf_verifier_env *env,
 static bool do_propagate_liveness(const struct bpf_verifier_state *state,
 				  struct bpf_verifier_state *parent)
 {
+	bool writes = parent == state->parent; /* Observe write marks */
 	bool touched = false; /* any changes made? */
 	int i;
 
@@ -3447,7 +3448,9 @@ static bool do_propagate_liveness(const struct bpf_verifier_state *state,
 	for (i = 0; i < BPF_REG_FP; i++) {
 		if (parent->regs[i].live & REG_LIVE_READ)
 			continue;
-		if (state->regs[i].live == REG_LIVE_READ) {
+		if (writes && (state->regs[i].live & REG_LIVE_WRITTEN))
+			continue;
+		if (state->regs[i].live & REG_LIVE_READ) {
 			parent->regs[i].live |= REG_LIVE_READ;
 			touched = true;
 		}
@@ -3460,7 +3463,9 @@ static bool do_propagate_liveness(const struct bpf_verifier_state *state,
 			continue;
 		if (parent->spilled_regs[i].live & REG_LIVE_READ)
 			continue;
-		if (state->spilled_regs[i].live == REG_LIVE_READ) {
+		if (writes && (state->spilled_regs[i].live & REG_LIVE_WRITTEN))
+			continue;
+		if (state->spilled_regs[i].live & REG_LIVE_READ) {
 			parent->spilled_regs[i].live |= REG_LIVE_READ;
 			touched = true;
 		}