Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp6457124rdb;
        Thu, 14 Dec 2023 21:21:09 -0800 (PST)
X-Google-Smtp-Source: AGHT+IG3/YJLL0pMXszEorkTqPI7N27dhu5ywvhinv37CimbTaMA0DzZJ/5As0tfbQRjTvi4avwL
X-Received: by 2002:a05:6e02:178a:b0:35d:6caf:78c4 with SMTP id y10-20020a056e02178a00b0035d6caf78c4mr15918926ilu.80.1702617669428;
        Thu, 14 Dec 2023 21:21:09 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1702617669; cv=none;
        d=google.com; s=arc-20160816;
        b=fLo6OPD0tRw5z43IU5hxvxqkMUqhrjza4MDHyPAlkAPfhyJKFuuQ0heUXJlzvjf4hg
         9+4EJuZp2Z70ozyDZ0m/W1J21GVU+VNkK895DoF26YVtTPWOGD3WO41oQ3yrjZa2XZn1
         QnaEsSs2kwfDIOFN9Om5tpAwE3xLRgkmIjo/Yro2/ro+dJ83eYQylCSc8tmYoXzR25IG
         vY/9Hqcy0XwzEY7SOnD1utaDD5VaHFPANw+Tal8H2w/gjBAyiFkm96b2ofN5SnKrSniK
         cIuu1LFNLDNzPdYiUlQ8Jvg/39rmWIhEqHcR0kNTlfQmgFWrb14oT1n6evr/mISNkebG
         HQuQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe
         :list-id:precedence:dkim-signature;
        bh=XUP5j6wCeeIzfoESCBV0oq3hZ+5SdsZawBwHzCrsEYM=;
        fh=RoKGpf7xKUiGhiLJAZVVeE4zNB6s3MzWi4nG5iZvJTM=;
        b=VcgfA90Ts6osPqY4ru+nROVY+D5AYP58eBRmfJi0PIONn/AUSgtu7gYIm00kj+zEjy
         SdF2g9XHiH80rRfShgPoPOtFTVbbgCWMRAGFFqF++YQnEsKIBBwk553Oqbkaw432bL7G
         MITxyp3HJv62V4+VwlCA106SkTHTWqQ3T3ux54W7FtZyVTEkbsCX1Rn65xlAaRAnz7Or
         elCUzWGIo5DOrns+GwJ3f9qshFEBZTNk3HkvYFrSiagaDutPELYMICFfByo9aho9HQYl
         4v5JlOb+CRrcr62YuRwbUdgFdsChnTSTyrMknDeBdau/YXrRUnnLo899cCc7x5jjypnu
         XfBQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=Cmh6wVUV;
       spf=pass (google.com: domain of linux-kernel+bounces-441-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-441-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel+bounces-441-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1])
        by mx.google.com with ESMTPS id f1-20020a6547c1000000b005bdbd1b52d4si11964619pgs.270.2023.12.14.21.21.09
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 14 Dec 2023 21:21:09 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-441-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=Cmh6wVUV;
       spf=pass (google.com: domain of linux-kernel+bounces-441-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-441-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id 1A9642842C9
	for <linux.lists.archive@gmail.com>; Fri, 15 Dec 2023 05:21:09 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id E6A7D6AA1;
	Fri, 15 Dec 2023 05:20:59 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Cmh6wVUV"
X-Original-To: linux-kernel@vger.kernel.org
Received: from mail-ed1-f47.google.com (mail-ed1-f47.google.com [209.85.208.47])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id A112E5692;
	Fri, 15 Dec 2023 05:20:57 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com
Received: by mail-ed1-f47.google.com with SMTP id 4fb4d7f45d1cf-55202565d48so216489a12.0;
        Thu, 14 Dec 2023 21:20:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1702617656; x=1703222456; darn=vger.kernel.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=XUP5j6wCeeIzfoESCBV0oq3hZ+5SdsZawBwHzCrsEYM=;
        b=Cmh6wVUVuYY+qDGogJGxZPALrxHrf0IVprXuwTRoG3IUJYtl+gA/xfvYaZFqom8tX/
         pt8AbNSlSxtJQdh9rqA6U04KvMRdWFJt6NM967UU280TXuJq1oSCQzY29aneQ6BXvOWA
         PjeBsBHy26MPmbfaUW5UOnSvIkhJ97pib6/yoajwZ7/sz1wVYGLHOdcPCFpUPfperb54
         UvwM90nt3wxbEgnifU9Yy8FjUObKLGY+Hxatl+Cl6FApRzks/YtN1q6fKIgtDZrozUNb
         p7DLMCqSCWZZhUy7c8H3Fz02Qj3VwdTbykx53p3rmzLb9A+QtsUCFCaJT38Fj2xTF4eP
         0OEw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1702617656; x=1703222456;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=XUP5j6wCeeIzfoESCBV0oq3hZ+5SdsZawBwHzCrsEYM=;
        b=EKIm6qK8cOdjsu3BWRAzEDg1uVtuE6ntht404WF61O5Uf4DldH30OmcYNXfmnL1guD
         h2AZpQywdPFDpnPTeAxmG/DVr4/F95Z5NT20NThUELkrWChM7Hy2vVNNjvLuZIm0hyDC
         uHgyCkdsxcM5bELAUiqNydOWtvlVRuYxW+bLB2kD/WvgsUuTynELT7et6w+SwXijZqAP
         tRxikqXROS1YNdhoenOc8KVkt1C2qEPjZ2mdpL2ekSOD23WsuMss7JHudSRPjaJh6GDi
         rjIUmbuvyUPWaZWFf6gAjdsCadYRxllcIYnB0cLxTh9d2wUpr2+ipAz9k3EX8C6QlLvW
         O66w==
X-Gm-Message-State: AOJu0YyKBg074S3qeOzacx9Bg/ono9RgEnNrQkd8kojYUJ4q9N7iN1OW
	wO5oYfwYnCcM8uvAWiSScIKeoNm7RGZRo+shuZe7Le5c
X-Received: by 2002:a50:a696:0:b0:552:9643:2951 with SMTP id
 e22-20020a50a696000000b0055296432951mr543307edc.72.1702617655608; Thu, 14 Dec
 2023 21:20:55 -0800 (PST)
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
References: <CACkBjsbj4y4EhqpV-ZVt645UtERJRTxfEab21jXD1ahPyzH4_g@mail.gmail.com>
 <CAEf4BzZ0xidVCqB47XnkXcNhkPWF6_nTV7yt+_Lf0kcFEut2Mg@mail.gmail.com>
 <CACkBjsaEQxCaZ0ERRnBXduBqdw3MXB5r7naJx_anqxi0Wa-M_Q@mail.gmail.com>
 <480a5cfefc23446f7c82c5b87eef6306364132b9.camel@gmail.com>
 <917DAD9F-8697-45B8-8890-D33393F6CDF1@gmail.com> <9dee19c7d39795242c15b2f7aa56fb4a6c3ebffa.camel@gmail.com>
 <73d021e3f77161668aae833e478b210ed5cd2f4d.camel@gmail.com>
 <CAEf4BzYuV3odyj8A77ZW8H9jyx_YLhAkSiM+1hkvtH=OYcHL3w@mail.gmail.com>
 <526d4ac8f6788d3323d29fdbad0e0e5d09a534db.camel@gmail.com>
 <2b49b96de9f8a1cd6d78cc5aebe7c35776cd2c19.camel@gmail.com>
 <CAADnVQ+RVT1pO1hTzMawdkfc9B0xAxas2XmSk6+_EiqX9Xy9Ug@mail.gmail.com> <66b2a6c45045c207d8452ad3b5786a9dc0082d79.camel@gmail.com>
In-Reply-To: <66b2a6c45045c207d8452ad3b5786a9dc0082d79.camel@gmail.com>
From: Andrii Nakryiko <andrii.nakryiko@gmail.com>
Date: Thu, 14 Dec 2023 21:20:43 -0800
Message-ID: <CAEf4BzaTTv7oP2vcfVYXjUnA958MqohkRDJ9J7qOCtGfpijROw@mail.gmail.com>
Subject: Re: [Bug Report] bpf: incorrectly pruning runtime execution path
To: Eduard Zingerman <eddyz87@gmail.com>
Cc: Alexei Starovoitov <alexei.starovoitov@gmail.com>, Hao Sun <sunhao.th@gmail.com>, 
	Alexei Starovoitov <ast@kernel.org>, Andrii Nakryiko <andrii@kernel.org>, 
	Daniel Borkmann <daniel@iogearbox.net>, bpf <bpf@vger.kernel.org>, 
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Thu, Dec 14, 2023 at 6:28=E2=80=AFPM Eduard Zingerman <eddyz87@gmail.com=
> wrote:
>
> On Thu, 2023-12-14 at 18:16 -0800, Alexei Starovoitov wrote:
> [...]
> > > E.g. for the test-case at hand:
> > >
> > >   0: (85) call bpf_get_prandom_u32#7    ; R0=3Dscalar()
> > >   1: (bf) r7 =3D r0                       ; R0=3Dscalar(id=3D1) R7_w=
=3Dscalar(id=3D1)
> > >   2: (bf) r8 =3D r0                       ; R0=3Dscalar(id=3D1) R8_w=
=3Dscalar(id=3D1)
> > >   3: (85) call bpf_get_prandom_u32#7    ; R0=3Dscalar()
> > >   --- checkpoint #1 r7.id =3D 1, r8.id =3D 1 ---
> > >   4: (25) if r0 > 0x1 goto pc+0         ; R0=3Dscalar(smin=3Dsmin32=
=3D0,smax=3Dumax=3Dsmax32=3Dumax32=3D1,...)
> > >   --- checkpoint #2 r7.id =3D 1, r8.id =3D 1 ---
> > >   5: (3d) if r8 >=3D r0 goto pc+3         ; R0=3D1 R8=3D0 | record r8=
.id=3D1 in jump history
> > >   6: (0f) r8 +=3D r8                      ; R8=3D0
> >
> > can we detect that any register link is broken and force checkpoint her=
e?
>
> Should be possible. I'll try this in the morning and check veristat resul=
ts.
>
> By the way, I added some stats collection for find_equal_scalars() and se=
e
> the following results when run on ./test_progs:
> - maximal number of registers with same id per call: 3
> - average number of registers with same id per call: 1.4


What if we keep 8 extra bytes in jump/instruction history and encode
up to 8 linked registers/slots:

1. 1 bit to mark whether it's a src_reg set, or dst_reg set
2. 1 bit to mark whether it's a stack slot or register
3. 6 bits (0..63 values) to record register or slot number

If we ever need more than 8 linked registers, we can just forcefully
some "links" by resetting some IDs?

BTW, is it only conditional jumps that need to record this linked
register sets? Did we previously discuss why we don't need this for
any other operation?