From patchwork Thu Nov 2 05:39:02 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Shung-Hsi Yu X-Patchwork-Id: 13443415 Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C1DE34C8B for ; Thu, 2 Nov 2023 05:39:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=suse.com header.i=@suse.com header.b="HxYYUV+y" Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on2082.outbound.protection.outlook.com [40.107.13.82]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C1C34127 for ; Wed, 1 Nov 2023 22:39:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hrdyQJ5MrciY4lRwKOwAxP+pYcsUGmevYJ5WKsogiFGZrbQGQsIbitkwjiWRDW7tr+a5vPEHTtGX8zX0OJwrOKbX/C4gNTS8mc9hBZokwg40WXA/ll9SLDq6jzXtpTN4O+WQSv279v0ZB5LfjwguSR8+CkVtR10mSY5SwKn5FUmGn2VROoQHx97zXzaX8la5OgVGvDk6dfn9VjuXBkr1ufXcGiPt4FBqam7fG2tTN/FVF7TuXWkfG1fgosmJ1bs3pacC9XnLNFGhcLTAykaOCEV1bljeoreS0ZpCL2oZ0eNY0xPSNb7vmITKgBbuODdc7gIPe9RMIu7fhBGEfW9q6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vRb7fT1/ix2yCD4SfbZbhdgZZiL/GzZYdmEX3jUyLU8=; b=HruA9eGfyU81/o5bu2Kbsw1dpUatsUaZCDDRjcAZNFDBukA0lR53+9x+xmhXF7sRM0nT/pQf2hhTwcp+OpxVy3suB6O7bv3ifbe8ubWQZo7zUIJ8eFgZYBM/USy9i5UL4kvJLmSILNVicxkHxPvV7ZP0NOZo4P1A4fHXirrhs1pLD7BGhAJGJm5mK1XUgO2kNA71M8wD2SWHELsalO3XJKbhFAOqYJU8FZGb7ThEi7MmxTHALiSOesRNIbyVFi0OqcQGi2q58a3bGTHa3FgDlhHlTU4iuWCwQ41twzk0bqvJ+q8qZGEM4kzoGGC7E9vusVpjEsUzt96Q1chaz1AigA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vRb7fT1/ix2yCD4SfbZbhdgZZiL/GzZYdmEX3jUyLU8=; b=HxYYUV+y6Q/h1njB2aOuf5WlYQ76ovWIohVhIaQdV5OLgWyjsBjRkMLqLoVAYK5wqWO5Tx35w3EO9YvAxxlEHHCFyOo7zhHujYxTz7qaJz3BAubRiHFPTAfA8kbOK0XRTvHHzqsVK1mQg9B+W3nDJfcKjwXjwiozLMxMZQsjqZSNNoMfAkRFbetW/d+D/xzBcy4hy0u5tEMZB7gr7a03oCRtXNU5oXcwa9KLJH200ywXVHunDYvUmYVMqKPOvcxl9C1OvmSTRhtqSFtAEzh8n8yE6vR+lQftSQ+LnTjcAPyCJdllxHwy/HAoXJhudcprwyDtXsUkBQgwBHtxjV4y6A== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Received: from AS8PR04MB9510.eurprd04.prod.outlook.com (2603:10a6:20b:44a::11) by AS8PR04MB7687.eurprd04.prod.outlook.com (2603:10a6:20b:291::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.19; Thu, 2 Nov 2023 05:39:39 +0000 Received: from AS8PR04MB9510.eurprd04.prod.outlook.com ([fe80::9f3e:3b47:5ccd:c47c]) by AS8PR04MB9510.eurprd04.prod.outlook.com ([fe80::9f3e:3b47:5ccd:c47c%6]) with mapi id 15.20.6954.019; Thu, 2 Nov 2023 05:39:39 +0000 From: Shung-Hsi Yu To: bpf@vger.kernel.org Cc: Shung-Hsi Yu , Daniel Borkmann , Alexei Starovoitov , =?utf-8?q?Toke_H=C3=B8iland-J=C3=B8rgensen?= , John Fastabend , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Eduard Zingerman Subject: [PATCH bpf v1 0/2] bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END Date: Thu, 2 Nov 2023 13:39:02 +0800 Message-ID: <20231102053913.12004-1-shung-hsi.yu@suse.com> X-Mailer: git-send-email 2.42.0 X-ClientProxiedBy: TYWPR01CA0051.jpnprd01.prod.outlook.com (2603:1096:400:17f::7) To AS8PR04MB9510.eurprd04.prod.outlook.com (2603:10a6:20b:44a::11) Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR04MB9510:EE_|AS8PR04MB7687:EE_ X-MS-Office365-Filtering-Correlation-Id: e32162b5-b439-4dfd-be71-08dbdb661ac6 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: fDTZY1Lq5+ZgZsjDdcpIUGUcXhc4Vah/iqRZNR1MDL3QybCdEz8Zxd9b+5wTB96LIrMpio1U9vvHPY9lOyUHltBAI0n2O7I4zIqYAX5lTbQ8+r0iToY1hWuQBWxQ3e2Sn7hbqD3NrStiZDB03/pTywqfU7EHX6DfPVnpb8m9T3Kc1l/uvNmZw1NkE1joLTxRHCwTpmSnXleTALYuDTv19xLsQ/cLaxc7TPcpgKaXYYe7Cn6+j0x2DFwVAkfjMsCyjidTMwcefLnzC+APZVwNE/jJqABuxlxSZ4hTSCftKfRr5dMGEy/9euAADEOmo+HazYS3nIpnNZODR2SnBBbtRNhC7vTnizcfM2tDCax1LVe+VH+HEqLqgAN6iDLDu6MDizrEFgH/kel2qJfObXT5SDEomy8wsHw+2zi2d1Y7ItPETz3STu84vu2ZQdAQaLqmB8crL2ne5b1VOqVm8gmctfewRjDi2KJK/PjUcoVZvNl3XvKrOQ87XHh9Bn1flVJ6X22nJgP8FSFWJuJmBpdAyBBzDRN5dmRaAoecx5+6a74NL4VXVZdt3SnXJja5nYUXIKqd+Eo4uRhJ0ao/nCHLIA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR04MB9510.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(136003)(396003)(366004)(346002)(39860400002)(376002)(230922051799003)(186009)(64100799003)(451199024)(1800799009)(7416002)(41300700001)(54906003)(316002)(6916009)(66476007)(66946007)(2906002)(8676002)(6486002)(8936002)(5660300002)(4326008)(478600001)(966005)(38100700002)(6506007)(2616005)(6512007)(36756003)(83380400001)(66556008)(1076003)(6666004)(66574015)(86362001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?LKfbwVkhMMbbLAuKswyv/XNydJKr?= =?utf-8?q?s3PSHrkXulAsYbEl4x+mR8a5LlQ6oEHVckiH8JE8vioexS3Ohf6zK4B4vvezauvHI?= =?utf-8?q?pLN8x/Wm2iVfIStuA+ngizLCcXy0bITQ+pgJ4RgP9VICXIxUnT4wADytHr//zXOKT?= =?utf-8?q?gLDxwJqI+ai+iJTOm/EOEqIzoZD9z5Z3kOdnRiAOh+kFz2Sqj56o/DiRJ7RNQJmb9?= =?utf-8?q?IaLHDzzxP8qGBiUSpdyrNOa2Tmeh/2PbYUgSeKJftFu7+fqCAsMxqMvSDS/LHK53m?= =?utf-8?q?kjUK7FtdapflZY8iw8qiuDIedKIQrOyGZnJ51PgjeNd5S3usrm2MyzYDRqnuKtkzP?= =?utf-8?q?90Guyyj40whp9eCnfQp04Fta1DVgURCJ9jsVxwb9tdwvI1L1y39zQv+74lDyRZ4UO?= =?utf-8?q?iiiSrRL6vc4oGGc7ajKzd2aUYUgKyCVj6GDSDsZ+cCPi4TDPbUmy8jMw+BI7YLSpQ?= =?utf-8?q?uEUkMKp+38ubA8lCwcTnyWOjpphU+vgI1hmDxKsAw6Czf5WzLaBOhd+Gxl5VMxaQo?= =?utf-8?q?clnXVQRsR+g6hDMQo86orYuVUdfpnYZlfip6KhYFkoeeZ8ylN0XvyytPp0SgDFzIP?= =?utf-8?q?K2lLHHhyNoxPOfLVpN7bb1J+Vwx2HKMFID0/TWiTUMYHd3QmRrL74NjBbRHlibGxT?= =?utf-8?q?xmVUH2b1SfmgWfLvk8vGMxY7BHKJUHoBNRpugsLVko4yUmh5pgP2qpvbrjYDUz9pa?= =?utf-8?q?pI8MkG1kC9aSsfDjp5JsejSSDm1EIpLaooEVyO68P6t4H5I/NnmywqAUeSD5rntMu?= =?utf-8?q?jcW/GpgOvbLoVI13UAZiSqXwkRus+a7390CvFz/HPnlKbcGR7+2IohY5Ld8qrc0l1?= =?utf-8?q?Tpy1DalLZFYL2GC7iNGpHX+VPvtpsW8s7I7eDNtDzsTUaCHCPcw81HC+49w9yHSYz?= =?utf-8?q?5fNWRSg8GEncpQDVXP2D2BrmnvQNFLHakCh2JF2Q+wxG5pil/c4oOg5/GEVN2Zwks?= =?utf-8?q?XjPAaGT/tXjrLNYAm+pqY0TEbbWEPO6IU+pzKpwK8HgDgQZeH3lx1oCerSqDEwjvn?= =?utf-8?q?RAz1bg1gGYuC1U05DvlCJdZOALQ698YkBgaYEUK9E35T4VPDS3s2dW/bfLN71Yl6f?= =?utf-8?q?D2tuVYcfcM29hYhVl845XtpyvIywArUQoWl+C9KDASnUfvReSfxBSyT7koi7wrTVP?= =?utf-8?q?JR+H91udQqRMa1TGCanow8RA3qEDwtiJ1GKv7Erh3QplWqjyVOlAYzhTeYwonw1Un?= =?utf-8?q?Z92eTAEUcEa60E/1FoRcCRDAaqETqDiXU0PC6H5ZYgXeqKTodjNtx4PMwnN2kx6JR?= =?utf-8?q?yofqAzSvqgtHqiQfKIsTfI7K07HyMxC3/Lk5RXHHtnyiBe82uQDPt4cT9HSDT4DnJ?= =?utf-8?q?lavagm8YrN1d9M69D5BAJHpMVu2FnLabAAWDMTwFamXJg22XaKE08wDboUOBJwCAe?= =?utf-8?q?s9LI9apZlnODLmGQRjgiS2SHYJi10Q5yGL6j80jUAruTiDA5TqnByxX3ocI8psdML?= =?utf-8?q?xLP3kZoQqks+p+ipFXTNbqSRfvq+AM+CTO/MSDXEzNyh6wI/NdII8JIUvsq4a5IoK?= =?utf-8?q?geKuvT1odx6RnGj0YM8wc4KxObVaAIVJ09L900u7VYrPP54HJq7jrBQQO/gbTZLku?= =?utf-8?q?P1V3iMmLz8KqfeXplyfCZVyoviWiTkDlA=3D=3D?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: e32162b5-b439-4dfd-be71-08dbdb661ac6 X-MS-Exchange-CrossTenant-AuthSource: AS8PR04MB9510.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Nov 2023 05:39:38.8756 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: +SG4GmuZDRmv6f3G+kc2V1Jjuc8b/R5RuCJ6d72iSVBwb1d3JggChtx6nL8jr0xHH3mW+4uy7O+JwspXJvmwfA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR04MB7687 X-Patchwork-Delegate: bpf@iogearbox.net Changes since v1: - add test for negation and bswap (Alexei, Eduard) - add test for BPF_TO_LE as well to cover all types of BPF_END opcode - remove vals map and trigger backtracking with jump instead, based of Eduard's code - v1 at https://lore.kernel.org/bpf/20231030132145.20867-1-shung-hsi.yu@suse.com This patchset fixes and adds selftest for the issue reported by Mohamed Mahmoud and Toke Høiland-Jørgensen where the kernel can run into a verifier bug during backtracking of BPF_ALU | BPF_TO_BE | BPF_END instruction[0]. As seen in the verifier log below, r0 was incorrectly marked as precise even tough its value was not being used. Patch 1 fixes the issue based on Andrii's analysis, and patch 2 adds a selftest for such case using inline assembly. Please see individual patch for detail. ... mark_precise: frame2: regs=r2 stack= before 1891: (77) r2 >>= 56 mark_precise: frame2: regs=r2 stack= before 1890: (dc) r2 = be64 r2 mark_precise: frame2: regs=r0,r2 stack= before 1889: (73) *(u8 *)(r1 +47) = r3 ... mark_precise: frame2: regs=r0 stack= before 212: (85) call pc+1617 BUG regs 1 processed 5112 insns (limit 1000000) max_states_per_insn 4 total_states 92 peak_states 90 mark_read 20 0: https://lore.kernel.org/r/87jzrrwptf.fsf@toke.dk Shung-Hsi Yu (2): bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END selftests/bpf: precision tracking test for BPF_NEG and BPF_END kernel/bpf/verifier.c | 7 +- .../selftests/bpf/prog_tests/verifier.c | 2 + .../selftests/bpf/progs/verifier_precision.c | 93 +++++++++++++++++++ 3 files changed, 101 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/bpf/progs/verifier_precision.c base-commit: c17cda15cc86e65e9725641daddcd7a63cc9ad01