Received: by 2002:a05:6358:e9c4:b0:b2:91dc:71ab with SMTP id hc4csp4752452rwb; Mon, 8 Aug 2022 06:33:36 -0700 (PDT) X-Google-Smtp-Source: AA6agR7Gst9ggewaX8mrgQt9dQ2qXrV1PiCc1w91YzE0Vy/YfJQ1mk0pJA3T9FS56g/ZWY16cOle X-Received: by 2002:a63:5b22:0:b0:41a:a605:f59a with SMTP id p34-20020a635b22000000b0041aa605f59amr16013679pgb.595.1659965616717; Mon, 08 Aug 2022 06:33:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1659965616; cv=none; d=google.com; s=arc-20160816; b=mTrqdtw2HfRp/tsXJOyPN9bwXVVwb7n9NAbJRrETVh5AUpnFuMvkEOhOkGJeA9Jvfm rZwGvzG9QZkqJH3laodgq1sG+hf7MuG5QnWCu6YUnd+T+vXdHs83HUF0IKIHgVXKC4w+ 7avK1ORjHcSBl0jE6o53VmZT5OqKZUo3JmujhHC8WkfZT1BdYfC6oyLm24UGBWCDp+8k UifqnRCPKhIt3FV9m4xDt+Ib0NdhShJogVm0Z8p13TXwKAF3yL7S1ZnMyNEDI6JeSrOQ oYCa8Ct1/84hUsJcMZsutfURA9FIKnqhVJ1KPNBBX9tRlU03dwc9AyVFn2tsfYJGHWGk nZTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=sLeHLk8RoyB0TvzpxC597yDEvmfAXJDvFzLPt6umzpo=; b=ToHNVuUJ7KHTpuItxSV/URhQih/Hgk5/2+F8IydB7c4Qku2Lb4J4k7LnTyPUWvu215 mYkvuUXxCzvJaIE2zqrnwpZBB8pZkW5Kn9JCFxGd/e1auDRa+a/OhvVgtADjJARRZ5qU yUZIQKJFL5qGMkiQrSYDX+lbe/xiJtl9kL/ZzwfCPbkAJMYthPEyibDhGbWKLxLSI6QI w7iIwV+tBYki0ELzmhpvRRYfvXLGiobGv0zdstHMePEdlolJ2hSMDBr/KtCUSsUgVlle z9su2ODv7NLD8SNOuIoYtjpTBOUnvdtOFC9DXB7sg7kuHJ1J5vFQO88dnG1/xERoW1xX rHyw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g2-20020a6544c2000000b0041bd0985ea9si10236052pgs.671.2022.08.08.06.33.20; Mon, 08 Aug 2022 06:33:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242930AbiHHNZv (ORCPT + 99 others); Mon, 8 Aug 2022 09:25:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37180 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243333AbiHHNZp (ORCPT ); Mon, 8 Aug 2022 09:25:45 -0400 Received: from www62.your-server.de (www62.your-server.de [213.133.104.62]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 29FE56362; Mon, 8 Aug 2022 06:25:44 -0700 (PDT) Received: from sslproxy03.your-server.de ([88.198.220.132]) by www62.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from ) id 1oL2lD-00007g-Cf; Mon, 08 Aug 2022 15:25:35 +0200 Received: from [85.1.206.226] (helo=linux.home) by sslproxy03.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1oL2lD-0008MS-0L; Mon, 08 Aug 2022 15:25:35 +0200 Subject: Re: [PATCH bpf] bpf: Do more tight ALU bounds tracking To: Hao Luo , Youlin Li Cc: ast@kernel.org, john.fastabend@gmail.com, andrii@kernel.org, martin.lau@linux.dev, song@kernel.org, yhs@fb.com, kpsingh@kernel.org, sdf@google.com, jolsa@kernel.org, bpf@vger.kernel.org, linux-kernel@vger.kernel.org References: <20220729224254.1798-1-liulin063@gmail.com> From: Daniel Borkmann Message-ID: Date: Mon, 8 Aug 2022 15:25:34 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Authenticated-Sender: daniel@iogearbox.net X-Virus-Scanned: Clear (ClamAV 0.103.6/26621/Mon Aug 8 09:52:38 2022) X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NICE_REPLY_A, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 7/30/22 12:48 AM, Hao Luo wrote: > On Fri, Jul 29, 2022 at 3:43 PM Youlin Li wrote: >> >> In adjust_scalar_min_max_vals(), let 32bit bounds learn from 64bit bounds >> to get more tight bounds tracking. Similar operation can be found in >> reg_set_min_max(). >> >> Also, we can now fold reg_bounds_sync() into zext_32_to_64(). >> >> Before: >> >> func#0 @0 >> 0: R1=ctx(off=0,imm=0) R10=fp0 >> 0: (b7) r0 = 0 ; R0_w=0 >> 1: (b7) r1 = 0 ; R1_w=0 >> 2: (87) r1 = -r1 ; R1_w=scalar() >> 3: (87) r1 = -r1 ; R1_w=scalar() >> 4: (c7) r1 s>>= 63 ; R1_w=scalar(smin=-1,smax=0) >> 5: (07) r1 += 2 ; R1_w=scalar(umin=1,umax=2,var_off=(0x0; 0xffffffff)) <--- [*] >> 6: (95) exit >> >> It can be seen that even if the 64bit bounds is clear here, the 32bit >> bounds is still in the state of 'UNKNOWN'. >> >> After: >> >> func#0 @0 >> 0: R1=ctx(off=0,imm=0) R10=fp0 >> 0: (b7) r0 = 0 ; R0_w=0 >> 1: (b7) r1 = 0 ; R1_w=0 >> 2: (87) r1 = -r1 ; R1_w=scalar() >> 3: (87) r1 = -r1 ; R1_w=scalar() >> 4: (c7) r1 s>>= 63 ; R1_w=scalar(smin=-1,smax=0) >> 5: (07) r1 += 2 ; R1_w=scalar(umin=1,umax=2,var_off=(0x0; 0x3)) <--- [*] >> 6: (95) exit >> >> Signed-off-by: Youlin Li > > Looks good to me. Thanks Youlin. > > Acked-by: Hao Luo Thanks Youlin! Looks like the patch breaks CI [0] e.g.: #142/p bounds check after truncation of non-boundary-crossing range FAIL Failed to load prog 'Permission denied'! invalid access to map value, value_size=8 off=16777215 size=1 R0 max value is outside of the allowed memory range verification time 296 usec stack depth 8 processed 15 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0 Please take a look. Also it would be great to add a test_verifier selftest to assert above case from commit log against future changes. Thanks, Daniel [0] https://github.com/kernel-patches/bpf/runs/7696324041?check_suite_focus=true