diff mbox series

[bpf-next,03/13] libbpf: prevent UBSan from complaining about integer overflow

Message ID 20211124002325.1737739-4-andrii@kernel.org (mailing list archive)
State Changes Requested
Delegated to: BPF
Headers show
Series Fix sanitizer-reported libbpf and selftest issues | expand

Checks

Context Check Description
netdev/tree_selection success Clearly marked for bpf-next
netdev/fixes_present success Fixes tag not required for -next series
netdev/subject_prefix success Link
netdev/cover_letter success Series has a cover letter
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 0 this patch: 0
netdev/cc_maintainers warning 6 maintainers not CCed: netdev@vger.kernel.org kafai@fb.com songliubraving@fb.com john.fastabend@gmail.com kpsingh@kernel.org yhs@fb.com
netdev/build_clang success Errors and warnings before: 0 this patch: 0
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 0 this patch: 0
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 7 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
bpf/vmtest-bpf-next success VM_Test
bpf/vmtest-bpf-next-PR success PR summary

Commit Message

Andrii Nakryiko Nov. 24, 2021, 12:23 a.m. UTC 
Integer overflow is intentional, silence the sanitizer. It works
completely reliably on sane compilers and architectures.

Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
---
 tools/lib/bpf/btf.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Daniel Borkmann Nov. 25, 2021, 10:21 p.m. UTC | #1 
On 11/24/21 1:23 AM, Andrii Nakryiko wrote:
> Integer overflow is intentional, silence the sanitizer. It works
> completely reliably on sane compilers and architectures.
> 
> Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
> ---
>   tools/lib/bpf/btf.c | 1 +
>   1 file changed, 1 insertion(+)
> 
> diff --git a/tools/lib/bpf/btf.c b/tools/lib/bpf/btf.c
> index 8024fe355ca8..be1dafd56a13 100644
> --- a/tools/lib/bpf/btf.c
> +++ b/tools/lib/bpf/btf.c
> @@ -3127,6 +3127,7 @@ struct btf_dedup {
>   	struct strset *strs_set;
>   };
>   
> +__attribute__((no_sanitize("signed-integer-overflow")))
>   static long hash_combine(long h, long value)
>   {
>   	return h * 31 + value;
> 

Sgtm, I guess my only question, was there a reason for not using e.g. __u64 in
the first place? Meaning, __u64 hash_combine(__u64 h, __u64 value) plus the
call-sites where you have h variable re-feeding into hash_combine().
Daniel Borkmann Nov. 25, 2021, 11:19 p.m. UTC | #2 
On 11/25/21 11:21 PM, Daniel Borkmann wrote:
> On 11/24/21 1:23 AM, Andrii Nakryiko wrote:
>> Integer overflow is intentional, silence the sanitizer. It works
>> completely reliably on sane compilers and architectures.
>>
>> Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
>> ---
>>   tools/lib/bpf/btf.c | 1 +
>>   1 file changed, 1 insertion(+)
>>
>> diff --git a/tools/lib/bpf/btf.c b/tools/lib/bpf/btf.c
>> index 8024fe355ca8..be1dafd56a13 100644
>> --- a/tools/lib/bpf/btf.c
>> +++ b/tools/lib/bpf/btf.c
>> @@ -3127,6 +3127,7 @@ struct btf_dedup {
>>       struct strset *strs_set;
>>   };
>> +__attribute__((no_sanitize("signed-integer-overflow")))
>>   static long hash_combine(long h, long value)
>>   {
>>       return h * 31 + value;
>>
> 
> Sgtm, I guess my only question, was there a reason for not using e.g. __u64 in
> the first place? Meaning, __u64 hash_combine(__u64 h, __u64 value) plus the
> call-sites where you have h variable re-feeding into hash_combine().

Given the remainder of the series is all straight forward, I took that in already,
but would still be nice if we can silence the sanitizer complaint w/o such attribute
workaround.

Thanks,
Daniel
Andrii Nakryiko Nov. 26, 2021, 1:23 a.m. UTC | #3 
On Thu, Nov 25, 2021 at 3:19 PM Daniel Borkmann <daniel@iogearbox.net> wrote:
>
> On 11/25/21 11:21 PM, Daniel Borkmann wrote:
> > On 11/24/21 1:23 AM, Andrii Nakryiko wrote:
> >> Integer overflow is intentional, silence the sanitizer. It works
> >> completely reliably on sane compilers and architectures.
> >>
> >> Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
> >> ---
> >>   tools/lib/bpf/btf.c | 1 +
> >>   1 file changed, 1 insertion(+)
> >>
> >> diff --git a/tools/lib/bpf/btf.c b/tools/lib/bpf/btf.c
> >> index 8024fe355ca8..be1dafd56a13 100644
> >> --- a/tools/lib/bpf/btf.c
> >> +++ b/tools/lib/bpf/btf.c
> >> @@ -3127,6 +3127,7 @@ struct btf_dedup {
> >>       struct strset *strs_set;
> >>   };
> >> +__attribute__((no_sanitize("signed-integer-overflow")))
> >>   static long hash_combine(long h, long value)
> >>   {
> >>       return h * 31 + value;
> >>
> >
> > Sgtm, I guess my only question, was there a reason for not using e.g. __u64 in
> > the first place? Meaning, __u64 hash_combine(__u64 h, __u64 value) plus the
> > call-sites where you have h variable re-feeding into hash_combine().
>
> Given the remainder of the series is all straight forward, I took that in already,
> but would still be nice if we can silence the sanitizer complaint w/o such attribute
> workaround.

You are right, I'll follow up with u64 conversion and will drop the attribute.

>
> Thanks,
> Daniel
diff mbox series

Patch

diff --git a/tools/lib/bpf/btf.c b/tools/lib/bpf/btf.c
index 8024fe355ca8..be1dafd56a13 100644
--- a/tools/lib/bpf/btf.c
+++ b/tools/lib/bpf/btf.c
@@ -3127,6 +3127,7 @@  struct btf_dedup {
 	struct strset *strs_set;
 };
 
+__attribute__((no_sanitize("signed-integer-overflow")))
 static long hash_combine(long h, long value)
 {
 	return h * 31 + value;