Received: by 2002:a05:6358:e9c4:b0:b2:91dc:71ab with SMTP id hc4csp4908867rwb; Mon, 8 Aug 2022 08:56:47 -0700 (PDT) X-Google-Smtp-Source: AA6agR5KwdsTZwuYbuerfH7dUZnFUrG0+NqIiWm4biyQx6x5q7Zzr+sqINGWOLeo1StJsmoln9Q9 X-Received: by 2002:a63:4c05:0:b0:41d:12ad:e885 with SMTP id z5-20020a634c05000000b0041d12ade885mr11887957pga.130.1659974207720; Mon, 08 Aug 2022 08:56:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1659974207; cv=none; d=google.com; s=arc-20160816; b=ux4m8SRrYn8RrkvPVVfKxaiLAiao3WjoeHCCU7MccGTUe2IK1kgAHkNQVyPbH7d84e gxaBd1gqV9DCk/xDoPZjiLDUqmXTqis0JTNZ8PL7ZNU7mxwaxO+yuNBeJUWOinDCzkDP SOZ+YVKlMzlSf7zF7huh+w3NblgQZc4i2j29uERm9d+5mkQUjLTNr1s4YaP+6cxfoiXg L4ia4dkC+IJJYATHdZJE9mFwmScs1laN8e1pEfl15BoqO7029l98atBn9BG0SKgSsqH2 hCj1S1dpOlhsIin4nuSrQ94U5k0IW2VhgqpVzc9aeD+0mCUxR4/Ozh25xVlFNhJwnKzb RWwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=Z63MLTyQS+lVAjhSe2OoIrRd8h7oLoYttNP1um2XICg=; b=pHkiUu2GsARWcHc6XolBUEErswn5BOmT3o/ouPKsh49W5F5As+Bl5ya8NRUeLv56Pu p90JxQ4n5awW6/1xaISbO/4nr1nf/ZO/0jkxrIO4fr8KQLqwTG8Zoj+3/2X2elViX6B/ ZM7AOAdIYQJQR0uHLNo9EWvEAd3QdzGLnLxeDbRL5nTMjSJCmbFXKL8Iv9TK7pVXeW5q 6OfmZj+Deja86kvCzw+0Al7HdtzgtGciNAx7litYcULReTJEPq+iN0U24Lwyip4mcJRW Yr3dqQ60NiVRG3M9PPmMpVYDQlsbZ9LynP+WVFEOum31jXZyNmLek3Q4zbwOhfAhZRDy wZQw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y7-20020a056a00190700b0052e13337a6asi13147329pfi.161.2022.08.08.08.56.32; Mon, 08 Aug 2022 08:56:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235534AbiHHPnB (ORCPT + 99 others); Mon, 8 Aug 2022 11:43:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49464 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235852AbiHHPm7 (ORCPT ); Mon, 8 Aug 2022 11:42:59 -0400 Received: from www62.your-server.de (www62.your-server.de [213.133.104.62]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0010D1E8; Mon, 8 Aug 2022 08:42:57 -0700 (PDT) Received: from sslproxy05.your-server.de ([78.46.172.2]) by www62.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from ) id 1oL4u1-000GLV-Pr; Mon, 08 Aug 2022 17:42:49 +0200 Received: from [85.1.206.226] (helo=linux.home) by sslproxy05.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1oL4u1-000SiB-FQ; Mon, 08 Aug 2022 17:42:49 +0200 Subject: Re: Fwd: [PATCH bpf] bpf: Do more tight ALU bounds tracking To: Kuee k1r0a , haoluo@google.com Cc: Alexei Starovoitov , john.fastabend@gmail.com, Andrii Nakryiko , martin.lau@linux.dev, song@kernel.org, yhs@fb.com, kpsingh@kernel.org, sdf@google.com, jolsa@kernel.org, bpf@vger.kernel.org, linux-kernel@vger.kernel.org References: <20220729224254.1798-1-liulin063@gmail.com> From: Daniel Borkmann Message-ID: <9f954e67-67fc-e3b9-d810-22bfea95d2aa@iogearbox.net> Date: Mon, 8 Aug 2022 17:42:48 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Authenticated-Sender: daniel@iogearbox.net X-Virus-Scanned: Clear (ClamAV 0.103.6/26621/Mon Aug 8 09:52:38 2022) X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NICE_REPLY_A, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 8/8/22 5:14 PM, Kuee k1r0a wrote: > ---------- Forwarded message --------- > From: Kuee k1r0a > Date: Mon, Aug 8, 2022 at 11:11 PM > Subject: Re: [PATCH bpf] bpf: Do more tight ALU bounds tracking > To: Daniel Borkmann > > > On Mon, Aug 8, 2022 at 9:25 PM Daniel Borkmann wrote: >> >> On 7/30/22 12:48 AM, Hao Luo wrote: >>> On Fri, Jul 29, 2022 at 3:43 PM Youlin Li wrote: >>>> >>>> In adjust_scalar_min_max_vals(), let 32bit bounds learn from 64bit bounds >>>> to get more tight bounds tracking. Similar operation can be found in >>>> reg_set_min_max(). >>>> >>>> Also, we can now fold reg_bounds_sync() into zext_32_to_64(). >>>> >>>> Before: >>>> >>>> func#0 @0 >>>> 0: R1=ctx(off=0,imm=0) R10=fp0 >>>> 0: (b7) r0 = 0 ; R0_w=0 >>>> 1: (b7) r1 = 0 ; R1_w=0 >>>> 2: (87) r1 = -r1 ; R1_w=scalar() >>>> 3: (87) r1 = -r1 ; R1_w=scalar() >>>> 4: (c7) r1 s>>= 63 ; R1_w=scalar(smin=-1,smax=0) >>>> 5: (07) r1 += 2 ; R1_w=scalar(umin=1,umax=2,var_off=(0x0; 0xffffffff)) <--- [*] >>>> 6: (95) exit >>>> >>>> It can be seen that even if the 64bit bounds is clear here, the 32bit >>>> bounds is still in the state of 'UNKNOWN'. >>>> >>>> After: >>>> >>>> func#0 @0 >>>> 0: R1=ctx(off=0,imm=0) R10=fp0 >>>> 0: (b7) r0 = 0 ; R0_w=0 >>>> 1: (b7) r1 = 0 ; R1_w=0 >>>> 2: (87) r1 = -r1 ; R1_w=scalar() >>>> 3: (87) r1 = -r1 ; R1_w=scalar() >>>> 4: (c7) r1 s>>= 63 ; R1_w=scalar(smin=-1,smax=0) >>>> 5: (07) r1 += 2 ; R1_w=scalar(umin=1,umax=2,var_off=(0x0; 0x3)) <--- [*] >>>> 6: (95) exit >>>> >>>> Signed-off-by: Youlin Li >>> >>> Looks good to me. Thanks Youlin. >>> >>> Acked-by: Hao Luo >> >> Thanks Youlin! Looks like the patch breaks CI [0] e.g.: >> >> #142/p bounds check after truncation of non-boundary-crossing range FAIL >> Failed to load prog 'Permission denied'! >> invalid access to map value, value_size=8 off=16777215 size=1 >> R0 max value is outside of the allowed memory range >> verification time 296 usec >> stack depth 8 >> processed 15 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0 >> >> Please take a look. Also it would be great to add a test_verifier selftest to >> assert above case from commit log against future changes. >> >> Thanks, >> Daniel >> >> [0] https://github.com/kernel-patches/bpf/runs/7696324041?check_suite_focus=true > > This test case fails because the 32bit boundary information is lost > after the 11th instruction is executed: > Before: > 11: (07) r1 += 2147483647 ; > R1_w=scalar(umin=70866960383,umax=70866960638,var_off=(0x1000000000; > 0xffffffff),u32_min=2147483647,u32_max=-2147483394) > After: > 11: (07) r1 += 2147483647 ; > R1_w=scalar(umin=70866960383,umax=70866960638,var_off=(0x1000000000; > 0xffffffff)) > > This may be because, in previous versions of the code, when > __reg_combine_64_into_32() was called, the 32bit boundary was > completely deduced from the 64bit boundary, so there was a call to > __mark_reg32_unbounded() in __reg_combine_64_into_32(). > > But now, before adjust_scalar_min_max_vals() calls > __reg_combine_64_into_32() , the 32bit bounds are already calculated > to some extent, and __mark_reg32_unbounded() will eliminate these > information. > > Simply copying a code without __mark_reg32_unbounded() should work, > perhaps it would be more elegant to introduce a flag into > __reg_combine_64_into_32()? > > Sorry for not completing the tests because I did not 'make selftests' > successfully, and uploaded the code that caused the error. Under tools/testing/selftests/bpf/, you can run test_progs and test_verifier through the vmtest script, e.g. `./vmtest.sh -- ./test_progs` should ease running it. The whole `make selftests` is not necessary given here we care about BPF, CI is running these where 2 failed and need investigation: test_progs: PASS test_progs-no_alu32: FAIL (returned 1) test_maps: PASS test_verifier: FAIL (returned 1) Fwiw, for the test_verifier failure case at least, we should then adapt it in a separate commit with an analysis explaining why it is okay to alter the test; plus a 3rd commit adding new test cases as mentioned earlier. Thanks a lot, Kuee! Daniel