Received: by 2002:a05:6a10:a841:0:0:0:0 with SMTP id d1csp493952pxy; Thu, 22 Apr 2021 06:58:02 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwMEdJkbVdmJp8yUfOc7v1x3kFAzDVLJbIxsAgSlprFc8EV7bMsRQC/T2qysoQicNffNgOm X-Received: by 2002:aa7:c913:: with SMTP id b19mr4052628edt.170.1619099882262; Thu, 22 Apr 2021 06:58:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619099882; cv=none; d=google.com; s=arc-20160816; b=Z92f1NdorAWsT6Q/gjoWV9REe27qcMkOQ8oBkaz2JOgQLidP7V4CUDdyzrdJGKe3/6 HtkjoPdc6ul4Ly+8xqXTKiLi4mzm4QAP+QK8gpS3lmz8Gq77wCQDzlIGkA7JwOlOX5Fj iacyuiiQIWRWyYaLotHQkTKHyL6GPE1JMjE+ZglRWpr/LolQEsDnhZgf4J0ejc9KsNzw SWzZxFODh0r9Uaj/sQ9gmNpqcmDRDrutwtO/MwybskhYXwVI0qmalmtacekMkrzcNuIG MOdtgc3upz53LpLl9Yg087lyRkxLaQbagNuoRSa/mMdjZ6m3wkuXH+uZnQ+dm/rNIvNv cSbg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=stwSr3IA5sn78Uz4bhEUBctzdSAEhhRuapERpH3b3WA=; b=Qh009blgLwC86MiUsT5KhL8ip1jz32UgkxcOSxND+gRL4FboK7i+UwBXl2RhNa4DSd 86B8DR9GD4TN+YDs5D/G1B+sg8Zo3wPXHKRKeNhboImmh3wAWHhmLBOPqLJF+an1emf/ uYDM34U1X1Y8mbwy5AWnLJDzUwzLftajvumkrDPLX0pld2HAWwf7OL8e5RD+pviNvM2p UGq80MuxhzJhIbgdQ+3d7emFIsFR7J3hZuD3CSn4yg0gBVVP0c3jPNS1jF7PhpbahqJ3 By5nWK4+tzVH3bzVfWfTVNMtT0D2zHDugzzcxbno3ax4zCqJhSXe8RSbk1Qg6fJGX1qM FwuA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=keiowMGE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c16si2535058edw.520.2021.04.22.06.57.37; Thu, 22 Apr 2021 06:58:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=keiowMGE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236226AbhDVN4K (ORCPT + 99 others); Thu, 22 Apr 2021 09:56:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57388 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236092AbhDVN4J (ORCPT ); Thu, 22 Apr 2021 09:56:09 -0400 Received: from mail-io1-xd31.google.com (mail-io1-xd31.google.com [IPv6:2607:f8b0:4864:20::d31]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BBD77C06174A for ; Thu, 22 Apr 2021 06:55:34 -0700 (PDT) Received: by mail-io1-xd31.google.com with SMTP id v123so38720297ioe.10 for ; Thu, 22 Apr 2021 06:55:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=stwSr3IA5sn78Uz4bhEUBctzdSAEhhRuapERpH3b3WA=; b=keiowMGE3Mt1a+OsE9i6JvGrQXxYq0Z/fYxoVkGxNSeNQ4Dp3qV8/n/lf7Bb5w1GvQ iSi/eJCXAVhBzvnOLBaCwaSyTlcZeWB4YMKf9zfOT/zEeeUN3PzL2Xk1QkwdPqp5koxl dEp7aI8vkXMlCmT4gya82+VcIjzPWG4GLQgYXPXUcbk0FDx2rEFpfhWWR6n5SMLiRdSh b+IO+vcDloWHxeIVEosUJR3V5kqu1YuASCBipYhAz7LcaPgg73o7dnhOJ0rjihZ4LJSA q+WJC5cH8RB1Q2l0CZffqkkDJzFnrCRlYK3c0WtUxjDJoLE9MV8vx0U61nMRoEE7yjaz cXJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=stwSr3IA5sn78Uz4bhEUBctzdSAEhhRuapERpH3b3WA=; b=L8ekofczurDwlIKkVENOAziJkkJxkqM1coY9W8O5tpYVvC1aiZ8oaCcZId57kGIQMu YItjyl8OS1A1z1gcHJ4+FIxbEwTgoB63GjzfxJW19uOXrGMbzmWyrmOyaOH+8qX5pIhw fLgu722npd/xz8PVf4AjwD9Uuzzv9pz+n3yId7XPcqZvGK1fxhfxjXmKd3kZ+nFNQ40j DQJQSbPLgatSj4nYp4+bfWpWdMrh08az7ZOQFdx2q5o0sWZ0wPpk8IAIaA/z3DCrSrDi oZ1zGK/eoBWNKTIC/jvG9i7yzgFbwUET2cSfTYcYdUKuZLEKlDbynePoQrDndu4SMuD+ GBhg== X-Gm-Message-State: AOAM532WqFqo3BBLB0ASQIZgUg1YlVJ8hiyzXVU3driKtD2rw48D18CI yQdpeLJ+QAdeqK6hqLCtvVRdakE8SwAx4cvroBUl4Q== X-Received: by 2002:a02:3f08:: with SMTP id d8mr3232523jaa.141.1619099733903; Thu, 22 Apr 2021 06:55:33 -0700 (PDT) MIME-Version: 1.0 References: <20210421122348.547922-1-jackmanb@google.com> <94c4f7b0-c64e-e580-7d9b-a0a65e2fe33d@fb.com> <3933ce3c-6161-2309-88bb-72707997ed76@fb.com> In-Reply-To: <3933ce3c-6161-2309-88bb-72707997ed76@fb.com> From: Brendan Jackman Date: Thu, 22 Apr 2021 15:55:22 +0200 Message-ID: Subject: Re: Help with verifier failure To: Yonghong Song Cc: bpf , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , LKML Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 21 Apr 2021 at 18:59, Yonghong Song wrote: > On 4/21/21 8:06 AM, Yonghong Song wrote: > > On 4/21/21 5:23 AM, Brendan Jackman wrote: > > Thanks, Brendan. Looks at least the verifier failure is triggered > > by recent clang changes. I will take a look whether we could > > improve verifier for such a case and whether we could improve > > clang to avoid generate such codes the verifier doesn't like. > > Will get back to you once I had concrete analysis. > > > >> > >> This seems like it must be a common pitfall, any idea what we can do > >> to fix it > >> and avoid it in future? Am I misunderstanding the issue? > > First, for the example code you provided, I checked with llvm11, llvm12 > and latest trunk llvm (llvm13-dev) and they all generated similar codes, > which may trigger verifier failure. Somehow you original code could be > different may only show up with a recent llvm, I guess. > > Checking llvm IR, the divergence between "w2 = w8" and "if r8 < 0x1000" > appears in insn scheduling phase related handling PHIs. Need to further > check whether it is possible to prevent the compiler from generating > such codes. > > The latest kernel already had the ability to track register equivalence. > However, the tracking is conservative for 32bit mov like "w2 = w8" as > you described in the above. if we have code like "r2 = r8; if r8 < > 0x1000 ...", we will be all good. > > The following hack fixed the issue, > > diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c > index 58730872f7e5..54f418fd6a4a 100644 > --- a/kernel/bpf/verifier.c > +++ b/kernel/bpf/verifier.c > @@ -7728,12 +7728,20 @@ static int check_alu_op(struct bpf_verifier_env > *env, struct bpf_insn *insn) > insn->src_reg); > return -EACCES; > } else if (src_reg->type == SCALAR_VALUE) { > + /* If src_reg is in 32bit range, > there is > + * no need to reset the ID. > + */ > + bool is_32bit_src = > src_reg->umax_value <= 0x7fffffff; > + > + if (is_32bit_src && !src_reg->id) > + src_reg->id = ++env->id_gen; > *dst_reg = *src_reg; > /* Make sure ID is cleared > otherwise > * dst_reg min/max could be > incorrectly > * propagated into src_reg by > find_equal_scalars() > */ > - dst_reg->id = 0; > + if (!is_32bit_src) > + dst_reg->id = 0; > dst_reg->live |= REG_LIVE_WRITTEN; > dst_reg->subreg_def = > env->insn_idx + 1; > } else { > > Basically, for a 32bit mov insn like "w2 = w8", if we can ensure > that "w8" is 32bit and has no possibility that upper 32bit is set > for r8, we can declare them equivalent. This fixed your issue. > > Will try to submit a formal patch later. Ah.. I did not realise this equivalence tracking with reg.id was there for scalar values! I also didn't take any notice of the use of 32-bit operations in the assembly, thanks for pointing that out. Yes it sounds like this is certainly worth fixing in the kernel - even if Clang stops generating the code today it will probably start doing so again in the future. I can also help with the verifier work if needed.