From patchwork Wed Mar 20 12:58:27 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paul Chaignon <paul.chaignon@orange.com>
X-Patchwork-Id: 1059168
X-Patchwork-Delegate: bpf@iogearbox.net
Return-Path: <bpf-owner@vger.kernel.org>
X-Original-To: incoming-bpf@patchwork.ozlabs.org
Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=bpf-owner@vger.kernel.org; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=none (p=none dis=none) header.from=orange.com
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 44PVN32Gycz9sPH
	for <incoming-bpf@patchwork.ozlabs.org>;
	Wed, 20 Mar 2019 23:58:27 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1726644AbfCTM60 (ORCPT
	<rfc822;incoming-bpf@patchwork.ozlabs.org>);
	Wed, 20 Mar 2019 08:58:26 -0400
Received: from mail-wr1-f65.google.com ([209.85.221.65]:43509 "EHLO
	mail-wr1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1725996AbfCTM60 (ORCPT <rfc822; bpf@vger.kernel.org>);
	Wed, 20 Mar 2019 08:58:26 -0400
Received: by mail-wr1-f65.google.com with SMTP id d17so2625401wre.10;
	Wed, 20 Mar 2019 05:58:25 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:date:from:to:cc:subject:message-id:references
	:mime-version:content-disposition:in-reply-to:user-agent;
	bh=UED6eKg2BsARb7l3cPMyfZMQtxwdMVAAMbeHPWe9wnw=;
	b=DxAP4DPF2mw7fHpt/M3OFk1a66mr8BCYYOkHUCvjwoSi3ctsxGECfQ79G5k9E0DhMm
	zVBXGgPcbL/sbHkzuJJiR6x+XSby1pRuxzSqLzx8FaJ21Ca0Pj1PDpEAK9JiRMsN5SjV
	tH2mVjkbpUn4asB0hucEn2c6TEqpUMt2xESdjSlCZU2o0olgeF3UoE2o0CzgkSXhRbcx
	2NKF6LM9JrmDIQsofLMXExCCaK/hugqeMASfN3KxEvmHxZKBKoVD4kZarbxkOCZdeGtQ
	Lhwad1MC+7lrQs5RUrUc1xKkTaaLgRRM95lsuTKAHr3qN6+kXZBmKIt0WKFBWwVcPe5I
	4x5g==
X-Gm-Message-State: APjAAAX4GRkYtjjhGfE/JMp3Zo+C+Y9mhGQfZdmhtNKK+RqbYpoY+hFj
	w9TNYzp26l40afM00BQpwPc=
X-Google-Smtp-Source: 
 APXvYqyx8njLy7Rk84DVtEt5gCmZa473N5Y7D+FFmvarocjHEJerNRPrF6oL/kOqmAhnpvFIGdMHQQ==
X-Received: by 2002:adf:edca:: with SMTP id
	v10mr2338175wro.157.1553086704802;
	Wed, 20 Mar 2019 05:58:24 -0700 (PDT)
Received: from Nover ([161.105.209.130]) by smtp.gmail.com with ESMTPSA id
	i11sm3090661wrp.40.2019.03.20.05.58.24
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Wed, 20 Mar 2019 05:58:24 -0700 (PDT)
Date: Wed, 20 Mar 2019 13:58:27 +0100
From: Paul Chaignon <paul.chaignon@orange.com>
To: Alexei Starovoitov <ast@kernel.org>,
	Daniel Borkmann <daniel@iogearbox.net>, netdev@vger.kernel.org,
	bpf@vger.kernel.org
Cc: xiao.han@orange.com, paul.chaignon@gmail.com,
	Martin KaFai Lau <kafai@fb.com>,
	Song Liu <songliubraving@fb.com>, Yonghong Song <yhs@fb.com>
Subject: [PATCH bpf-next 1/2] bpf: remove incorrect 'verifier bug' warning
Message-ID: 
 <cbdb78d8a0d9a652134824bc73f847acf2a70d9d.1553085539.git.paul.chaignon@orange.com>
References: <cover.1553085539.git.paul.chaignon@orange.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <cover.1553085539.git.paul.chaignon@orange.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
Sender: bpf-owner@vger.kernel.org
Precedence: bulk
List-Id: netdev.vger.kernel.org

The BPF verifier checks the maximum number of call stack frames twice,
first in the main CFG traversal (do_check) and then in a subsequent
traversal (check_max_stack_depth).  If the second check fails, it logs a
'verifier bug' warning and errors out, as the number of call stack frames
should have been verified already.

However, the second check may fail without indicating a verifier bug: if
the excessive function calls reside in dead code, the main CFG traversal
may not visit them; the subsequent traversal visits all instructions,
including dead code.

This case raises the question of how invalid dead code should be treated.
This patch implements the conservative option and rejects such code.

Signed-off-by: Paul Chaignon <paul.chaignon@orange.com>
Tested-by: Xiao Han <xiao.han@orange.com>
---
 kernel/bpf/verifier.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 86f9cd5d1c4e..6719bb9b332e 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -1888,8 +1888,9 @@ static int check_max_stack_depth(struct bpf_verifier_env *env)
 		}
 		frame++;
 		if (frame >= MAX_CALL_FRAMES) {
-			WARN_ONCE(1, "verifier bug. Call stack is too deep\n");
-			return -EFAULT;
+			verbose(env, "the call stack of %d frames is too deep !\n",
+				frame);
+			return -E2BIG;
 		}
 		goto process_func;
 	}

From patchwork Wed Mar 20 12:58:50 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paul Chaignon <paul.chaignon@orange.com>
X-Patchwork-Id: 1059170
X-Patchwork-Delegate: bpf@iogearbox.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=none (p=none dis=none) header.from=orange.com
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 44PVNX33Czz9sPL
	for <patchwork-incoming-netdev@ozlabs.org>;
	Wed, 20 Mar 2019 23:58:52 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1727612AbfCTM6v (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Wed, 20 Mar 2019 08:58:51 -0400
Received: from mail-wr1-f43.google.com ([209.85.221.43]:32987 "EHLO
	mail-wr1-f43.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1725996AbfCTM6t (ORCPT
	<rfc822;netdev@vger.kernel.org>); Wed, 20 Mar 2019 08:58:49 -0400
Received: by mail-wr1-f43.google.com with SMTP id q1so2685223wrp.0;
	Wed, 20 Mar 2019 05:58:48 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:date:from:to:cc:subject:message-id:references
	:mime-version:content-disposition:in-reply-to:user-agent;
	bh=79AkYrKvo1FceDNlSsZ2AQc2HPuh0PWsBDVU4GCKu4I=;
	b=P40I+1RFjPIGs/kLSOiTPDxZKnfeBOsrmC1Ln6iH1SxnXZ/CVyX3AX32uCxkJ3lq85
	0TAvWzbQuREgzSXNaWs0CaM0lwxUhydcAH3TKgz8MNxCG4fLK9OVopJBsRTDpnsX8JEz
	ZloJqfSk6fHtWk7MO41oxuVTammN2lcU4j4nDGXghUR2XF6OTzqukrVdIQFhbeOCXLtG
	RDoVERMjJbK4T09xxRr1qOK1zy1NcvSxUgwtWTpKIh9qBxe7Mge3Ct4d5aVke0f+3DCq
	zNqf7s308T1vpqERh6vth24uWjptQnCLF9QvhcrziWG/IfKYxaWERvJfZfnNcJLEiLwm
	y2Aw==
X-Gm-Message-State: APjAAAWHFRTpMA2cHFIZD8m/9QG/hk17GCMIZHBmPl49g5hDWh68blmA
	BB4sW2ULTI4g3ghRgjLgLPY=
X-Google-Smtp-Source: 
 APXvYqzlKqp6AV8/kI1bnV7bnGYJVrQ7ewRx44BKhn9rEuPL0DrWKb/cpK12CYQoqbhydJQZeyJVsw==
X-Received: by 2002:adf:f088:: with SMTP id
	n8mr20034620wro.112.1553086727817;
	Wed, 20 Mar 2019 05:58:47 -0700 (PDT)
Received: from Nover ([161.105.209.130]) by smtp.gmail.com with ESMTPSA id
	w12sm2621917wrt.97.2019.03.20.05.58.47
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Wed, 20 Mar 2019 05:58:47 -0700 (PDT)
Date: Wed, 20 Mar 2019 13:58:50 +0100
From: Paul Chaignon <paul.chaignon@orange.com>
To: Alexei Starovoitov <ast@kernel.org>,
	Daniel Borkmann <daniel@iogearbox.net>, netdev@vger.kernel.org,
	bpf@vger.kernel.org
Cc: xiao.han@orange.com, paul.chaignon@gmail.com,
	Martin KaFai Lau <kafai@fb.com>,
	Song Liu <songliubraving@fb.com>, Yonghong Song <yhs@fb.com>
Subject: [PATCH bpf-next 2/2] selftests/bpf: test case for invalid call stack
	in dead code
Message-ID: 
 <ea79f2c1e155346b1ff09b046de5c74b576aaa3a.1553085539.git.paul.chaignon@orange.com>
References: <cover.1553085539.git.paul.chaignon@orange.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <cover.1553085539.git.paul.chaignon@orange.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

This patch adds a test case with an excessive number of call stack frames
in dead code.

Signed-off-by: Paul Chaignon <paul.chaignon@orange.com>
Tested-by: Xiao Han <xiao.han@orange.com>
---
 tools/testing/selftests/bpf/verifier/calls.c | 38 ++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/tools/testing/selftests/bpf/verifier/calls.c b/tools/testing/selftests/bpf/verifier/calls.c
index 4004891afa9c..ff147fcda82b 100644
--- a/tools/testing/selftests/bpf/verifier/calls.c
+++ b/tools/testing/selftests/bpf/verifier/calls.c
@@ -907,6 +907,44 @@
 	.errstr = "call stack",
 	.result = REJECT,
 },
+{
+	"calls: stack depth check in dead code",
+	.insns = {
+	/* main */
+	BPF_MOV64_IMM(BPF_REG_1, 0),
+	BPF_RAW_INSN(BPF_JMP|BPF_CALL, 0, 1, 0, 1), /* call A */
+	BPF_EXIT_INSN(),
+	/* A */
+	BPF_JMP_IMM(BPF_JEQ, BPF_REG_1, 0, 1),
+	BPF_RAW_INSN(BPF_JMP|BPF_CALL, 0, 1, 0, 2), /* call B */
+	BPF_MOV64_IMM(BPF_REG_0, 0),
+	BPF_EXIT_INSN(),
+	/* B */
+	BPF_RAW_INSN(BPF_JMP|BPF_CALL, 0, 1, 0, 1), /* call C */
+	BPF_EXIT_INSN(),
+	/* C */
+	BPF_RAW_INSN(BPF_JMP|BPF_CALL, 0, 1, 0, 1), /* call D */
+	BPF_EXIT_INSN(),
+	/* D */
+	BPF_RAW_INSN(BPF_JMP|BPF_CALL, 0, 1, 0, 1), /* call E */
+	BPF_EXIT_INSN(),
+	/* E */
+	BPF_RAW_INSN(BPF_JMP|BPF_CALL, 0, 1, 0, 1), /* call F */
+	BPF_EXIT_INSN(),
+	/* F */
+	BPF_RAW_INSN(BPF_JMP|BPF_CALL, 0, 1, 0, 1), /* call G */
+	BPF_EXIT_INSN(),
+	/* G */
+	BPF_RAW_INSN(BPF_JMP|BPF_CALL, 0, 1, 0, 1), /* call H */
+	BPF_EXIT_INSN(),
+	/* H */
+	BPF_MOV64_IMM(BPF_REG_0, 0),
+	BPF_EXIT_INSN(),
+	},
+	.prog_type = BPF_PROG_TYPE_XDP,
+	.errstr = "call stack",
+	.result = REJECT,
+},
 {
 	"calls: spill into caller stack frame",
 	.insns = {