[v3,bpf-next,0/7] BPF register bounds logic and testing improvements

Message ID	20231019235305.656855-1-andrii@kernel.org (mailing list archive)
Headers	show Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C153C19440 for <bpf@vger.kernel.org>; Thu, 19 Oct 2023 23:53:16 +0000 (UTC) From: Andrii Nakryiko <andrii@kernel.org> To: <bpf@vger.kernel.org>, <ast@kernel.org>, <daniel@iogearbox.net>, <martin.lau@kernel.org> CC: <andrii@kernel.org>, <kernel-team@meta.com> Subject: [PATCH v3 bpf-next 0/7] BPF register bounds logic and testing improvements Date: Thu, 19 Oct 2023 16:52:58 -0700 Message-ID: <20231019235305.656855-1-andrii@kernel.org> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain
Series	BPF register bounds logic and testing improvements \| expand [v3,bpf-next,0/7] BPF register bounds logic and testing improvements [v3,bpf-next,1/7] bpf: improve JEQ/JNE branch taken logic [v3,bpf-next,2/7] bpf: derive smin/smax from umin/max bounds [v3,bpf-next,3/7] bpf: enhance subregister bounds deduction logic [v3,bpf-next,4/7] bpf: improve deduction of 64-bit bounds from 32-bit bounds [v3,bpf-next,5/7] bpf: try harder to deduce register bounds from different numeric domains [v3,bpf-next,6/7] bpf: drop knowledge-losing __reg_combine_{32,64}_into_{64,32} logic [v3,bpf-next,7/7] selftests/bpf: BPF register range bounds tester

Message ID

20231019235305.656855-1-andrii@kernel.org (mailing list archive)

Headers

From: Andrii Nakryiko <andrii@kernel.org>
To: <bpf@vger.kernel.org>, <ast@kernel.org>, <daniel@iogearbox.net>,
        <martin.lau@kernel.org>
CC: <andrii@kernel.org>, <kernel-team@meta.com>
Subject: [PATCH v3 bpf-next 0/7] BPF register bounds logic and testing
 improvements
Date: Thu, 19 Oct 2023 16:52:58 -0700
Message-ID: <20231019235305.656855-1-andrii@kernel.org>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain

Series

BPF register bounds logic and testing improvements | expand

Message

Andrii Nakryiko Oct. 19, 2023, 11:52 p.m. UTC

This patch set adds a big set of manual and auto-generated test cases
validating BPF verifier's register bounds tracking and deduction logic. See
details in the last patch.

To make this approach work, BPF verifier's logic needed a bunch of
improvements to handle some cases that previously were not covered. This had
no implications as to correctness of verifier logic, but it was incomplete
enough to cause significant disagreements with alternative implementation of
register bounds logic that tests in this patch set implement. So we need BPF
verifier logic improvements to make all the tests pass.

This is a first part of work with the end goal intended to extend register
bounds logic to cover range vs range comparisons, which will be submitted
later assuming changes in this patch set land.

See individual patches for details.

v2->v3:
  - fix a subtle little-endianness assumption inside parge_reg_state() (CI);
v1->v2:
  - fix compilation when building selftests with llvm-16 toolchain (CI).

Andrii Nakryiko (7):
  bpf: improve JEQ/JNE branch taken logic
  bpf: derive smin/smax from umin/max bounds
  bpf: enhance subregister bounds deduction logic
  bpf: improve deduction of 64-bit bounds from 32-bit bounds
  bpf: try harder to deduce register bounds from different numeric
    domains
  bpf: drop knowledge-losing __reg_combine_{32,64}_into_{64,32} logic
  selftests/bpf: BPF register range bounds tester

 kernel/bpf/verifier.c                         |  175 +-
 .../selftests/bpf/prog_tests/reg_bounds.c     | 1667 +++++++++++++++++
 2 files changed, 1790 insertions(+), 52 deletions(-)
 create mode 100644 tools/testing/selftests/bpf/prog_tests/reg_bounds.c