[bpf-next,0/3] bpf: Pointers beyond packet end.

Message ID	20201021182015.39000-1-alexei.starovoitov@gmail.com
Headers	show Return-Path: <netdev-owner@vger.kernel.org> From: Alexei Starovoitov <alexei.starovoitov@gmail.com> To: davem@davemloft.net Cc: daniel@iogearbox.net, john.fastabend@gmail.com, jolsa@kernel.org, netdev@vger.kernel.org, bpf@vger.kernel.org, kernel-team@fb.com Subject: [PATCH bpf-next 0/3] bpf: Pointers beyond packet end. Date: Wed, 21 Oct 2020 11:20:12 -0700 Message-Id: <20201021182015.39000-1-alexei.starovoitov@gmail.com> Precedence: bulk
Series	bpf: Pointers beyond packet end. \| expand [bpf-next,0/3] bpf: Pointers beyond packet end. [bpf-next,1/3] bpf: Support for pointers beyond pkt_end. [bpf-next,2/3] selftests/bpf: Add skb_pkt_end test [bpf-next,3/3] selftests/bpf: Add asm tests for pkt vs pkt_end comparison.

Message ID

20201021182015.39000-1-alexei.starovoitov@gmail.com

Headers

From: Alexei Starovoitov <alexei.starovoitov@gmail.com>
To: davem@davemloft.net
Cc: daniel@iogearbox.net, john.fastabend@gmail.com, jolsa@kernel.org,
        netdev@vger.kernel.org, bpf@vger.kernel.org, kernel-team@fb.com
Subject: [PATCH bpf-next 0/3] bpf: Pointers beyond packet end.
Date: Wed, 21 Oct 2020 11:20:12 -0700
Message-Id: <20201021182015.39000-1-alexei.starovoitov@gmail.com>
Precedence: bulk

Series

bpf: Pointers beyond packet end. | expand

Message

Alexei Starovoitov Oct. 21, 2020, 6:20 p.m. UTC

From: Alexei Starovoitov <ast@kernel.org>

In some cases LLVM uses the knowledge that branch is taken to optimze the code
which causes the verifier to reject valid programs.
Teach the verifier to recognize that
r1 = skb->data;
r1 += 10;
r2 = skb->data_end;
if (r1 > r2) {
  here r1 points beyond packet_end and subsequent
  if (r1 > r2) // always evaluates to "true".
}

Alexei Starovoitov (3):
  bpf: Support for pointers beyond pkt_end.
  selftests/bpf: Add skb_pkt_end test
  selftests/bpf: Add asm tests for pkt vs pkt_end comparison.

 include/linux/bpf_verifier.h                  |   2 +-
 kernel/bpf/verifier.c                         | 131 +++++++++++++++---
 .../bpf/prog_tests/test_skb_pkt_end.c         |  41 ++++++
 .../testing/selftests/bpf/progs/skb_pkt_end.c |  54 ++++++++
 .../testing/selftests/bpf/verifier/ctx_skb.c  |  42 ++++++
 5 files changed, 247 insertions(+), 23 deletions(-)
 create mode 100644 tools/testing/selftests/bpf/prog_tests/test_skb_pkt_end.c
 create mode 100644 tools/testing/selftests/bpf/progs/skb_pkt_end.c

Comments

Jiri Olsa Oct. 22, 2020, 9:47 a.m. UTC | #1

On Wed, Oct 21, 2020 at 11:20:12AM -0700, Alexei Starovoitov wrote:
> From: Alexei Starovoitov <ast@kernel.org>
> 
> In some cases LLVM uses the knowledge that branch is taken to optimze the code
> which causes the verifier to reject valid programs.
> Teach the verifier to recognize that
> r1 = skb->data;
> r1 += 10;
> r2 = skb->data_end;
> if (r1 > r2) {
>   here r1 points beyond packet_end and subsequent
>   if (r1 > r2) // always evaluates to "true".
> }
> 
> Alexei Starovoitov (3):
>   bpf: Support for pointers beyond pkt_end.
>   selftests/bpf: Add skb_pkt_end test
>   selftests/bpf: Add asm tests for pkt vs pkt_end comparison.

Tested-by: Jiri Olsa <jolsa@redhat.com>

thanks,
jirka

> 
>  include/linux/bpf_verifier.h                  |   2 +-
>  kernel/bpf/verifier.c                         | 131 +++++++++++++++---
>  .../bpf/prog_tests/test_skb_pkt_end.c         |  41 ++++++
>  .../testing/selftests/bpf/progs/skb_pkt_end.c |  54 ++++++++
>  .../testing/selftests/bpf/verifier/ctx_skb.c  |  42 ++++++
>  5 files changed, 247 insertions(+), 23 deletions(-)
>  create mode 100644 tools/testing/selftests/bpf/prog_tests/test_skb_pkt_end.c
>  create mode 100644 tools/testing/selftests/bpf/progs/skb_pkt_end.c
> 
> -- 
> 2.23.0
>