Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp6008394rdb; Thu, 14 Dec 2023 06:07:52 -0800 (PST) X-Google-Smtp-Source: AGHT+IEQbTq6w/3XmlMoarFGS2sKSx73EifSlR/63koJGsS9upMM94RvABf3rlB2ruo+WeigDiEz X-Received: by 2002:a05:6a20:8b03:b0:18f:97c:5ba0 with SMTP id l3-20020a056a208b0300b0018f097c5ba0mr3757061pzh.110.1702562871598; Thu, 14 Dec 2023 06:07:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702562871; cv=none; d=google.com; s=arc-20160816; b=0IxShp6spOgzeBafUKR7SJCXLvqk1UyLBtMpJX6TsEhruE9fPzgVAE/mS9ePQS/xmC YYk7aN7Lu+365wbWmTek4zSmRXBiXdSzIRe98mKBh8pQHXzJ/jABmOknra61mJG6Z4Ro /0PUXenxq1OII17Sw+uh0saeDz+/d23TXJF2Sgrn4tCcjGP9GWsTttA770Lr3aUx+eR3 iJXXW+zZ5urUSkN5u/E2SUTD/GIF6fDeKjorMIjxAMKtkyWjt15vKsdgL2ClGczUdc7p yilXsw2BzHodchw9U/1tiA3huMmotBSQb+L5TB+WAAnDD2o0NNxbiu2sOAvIRXIJOl80 JaXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=op8he/8Qs5NIMGtDMiZ0WWcmXVLEsh50AfCUSigfWXg=; fh=pe2tnkNsBNiuyDhE1Ih0993S0gZyH/YD2hDdwlUugd4=; b=rLY+edoXGXqw6NJ0RapOZE90N0j/KeX8ik8bJLegHkZ9yFYNVHVYgzqE+vQkbDgTfr jz7FR4MGJpuzYddMGhWRqWbiGZLUT5p808meCpOaCP80ePwlSFjDoZ/ItMqkMCYgxgSg g7GjoinwoehiWruIR0Ii81rzXk3kjhAMlWtCoAuJF6gov3+XEa2FEJEiyZgVGZhavEHg +fCrQfvw5QBJomQ72AG2c59u5IjigGw5cqgRIxUNEDCkFYdnmwMlMwrCC0Oiixr2babf jA5rHRzxvDk+c9GMe3p+8bBWr/bpfG0EK2tOEDyE8X+mGqAaW+7EV0Hfm6CnK+gsUvpP QbqA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=CoQiwjyv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id j7-20020a654287000000b005c69bfbde6dsi11546969pgp.202.2023.12.14.06.07.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Dec 2023 06:07:51 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=CoQiwjyv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 0D0AF80D31CD; Thu, 14 Dec 2023 06:07:50 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1573419AbjLNOHe (ORCPT + 99 others); Thu, 14 Dec 2023 09:07:34 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50278 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1573115AbjLNOHa (ORCPT ); Thu, 14 Dec 2023 09:07:30 -0500 Received: from mail-yb1-xb43.google.com (mail-yb1-xb43.google.com [IPv6:2607:f8b0:4864:20::b43]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2C50F9C; Thu, 14 Dec 2023 06:07:37 -0800 (PST) Received: by mail-yb1-xb43.google.com with SMTP id 3f1490d57ef6-dbc72b692adso4762363276.2; Thu, 14 Dec 2023 06:07:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1702562856; x=1703167656; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=op8he/8Qs5NIMGtDMiZ0WWcmXVLEsh50AfCUSigfWXg=; b=CoQiwjyvywkQC3zuNfaVrUfWEgjGpjapVM1r1c8SLOf0aSDH6cIcAvQg3u+aDpKhiE ckLYw8RK49mXldgbyShDuoIQ90aCHAxaa8BkJPXXllRBZn3pSQVa7lUx9dfrKwgoUnRT aIs9r3dlG7P0dQ9QhKCxaamu96pf+Lvb3zw3DM2GKJayoFA7KoEzpZ2oCzUcuvTA+/6H RCJ9fKzuTHFmMWc57b+9MWlN+9eWES7FFSQPrR7hFAqBAgGB0ISmwoQWjAJezKwfjnxJ Re4pVhyLvdR0AtfjgEryp+W16Z2nBjCJ2cld5g0f0C/jfpc346EPMRqCCGeIK88dg0dE 2Cfg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702562856; x=1703167656; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=op8he/8Qs5NIMGtDMiZ0WWcmXVLEsh50AfCUSigfWXg=; b=CmnXPgBvryJwH6ANRLVBkglT/cXcSnu9egS60iJvjafHZ7NBB9pawcs3hMdQsFHyq8 RdnnfcToOUAQ2b8FbLbyQcvfgt4hCLAgXXdabn2092n1GhkuhKgEWcVZsUTPzJKUSt16 RoKyizv8Fpmf+CPXcj+oVCfwJ8aSQ4ABm5jryIWBKZPkmgcDXs0lKxYY57VbLBTnbOt2 hHAd7+uf2pauSpU3Hn6wYszR1dWXL5JAipiS8rlSa1fr3XVVnCoIM92NHiwTdBbDN0Bh WdNYN/I0OjHwH3ZZJf5dl3QfAQbstOTIWRJMWFW2F7gE0d8sJUFo+W7BgyQAA1cy1NB1 t8hw== X-Gm-Message-State: AOJu0YxuL2D/r857wxAe+bfZxKXtgYAGxcrfrN1NGKzU9O9oZ567v5Mu dc5KqCL6FeW44TdMr6u+ROQTrIMKQkjxlVc+mcs= X-Received: by 2002:a25:c702:0:b0:db7:dacf:3fc2 with SMTP id w2-20020a25c702000000b00db7dacf3fc2mr6129292ybe.111.1702562856108; Thu, 14 Dec 2023 06:07:36 -0800 (PST) MIME-Version: 1.0 References: <20231214062434.3565630-1-menglong8.dong@gmail.com> <20231214062434.3565630-2-menglong8.dong@gmail.com> In-Reply-To: From: Menglong Dong Date: Thu, 14 Dec 2023 22:07:24 +0800 Message-ID: Subject: Re: [PATCH bpf-next v3 1/2] bpf: make the verifier tracks the "not equal" for regs To: Alexei Starovoitov Cc: Andrii Nakryiko , Eddy Z , Yonghong Song , Alexei Starovoitov , Daniel Borkmann , John Fastabend , Martin KaFai Lau , Song Liu , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , bpf , LKML Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 14 Dec 2023 06:07:50 -0800 (PST) Hello, On Thu, Dec 14, 2023 at 9:49=E2=80=AFPM Alexei Starovoitov wrote: > > On Wed, Dec 13, 2023 at 10:28=E2=80=AFPM Menglong Dong wrote: > > > > We can derive some new information for BPF_JNE in regs_refine_cond_op()= . > > Take following code for example: > > > > /* The type of "a" is u16 */ > > if (a > 0 && a < 100) { > > /* the range of the register for a is [0, 99], not [1, 99], > > * and will cause the following error: > > * > > * invalid zero-sized read > > * > > * as a can be 0. > > */ > > bpf_skb_store_bytes(skb, xx, xx, a, 0); > > } > > Please craft a selftest from above with inline asm > (C might not work as compiler might optimize it) Okay! Should I add this selftests to reg_bounds as a subtest, or add a "verifier_reg_edge.c" for verifier testing? > Also we call: > /* fallthrough (FALSE) branch */ > regs_refine_cond_op(false_reg1, false_reg2, > rev_opcode(opcode), is_jmp32); > /* jump (TRUE) branch */ > regs_refine_cond_op(true_reg1, true_reg2, opcode, is_jmp32); > > so despite BPF_JNE is not handled explicitly it still should have > caught above due to rev_opcode() ? Ennn.....I'm a little confused. In this case, the TRUE path is handled properly, as the opcode is BPF_JEQ; and the FALSE is not handled properly, as the opcode is rev_opcode(BPF_JEQ), which is BPF_JNE. And the bpf_skb_store_bytes() will be called in the FALSE path. The origin state of false_reg* should be the same as true_reg*.