Re: [PATCH v6 bpf-next 2/4] bpf: Recognize that two registers are safe when their ranges match

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2024-03-05 at 19:19 -0800, Alexei Starovoitov wrote:
> From: Alexei Starovoitov <ast@xxxxxxxxxx>
> 
> When open code iterators, bpf_loop or may_goto are used the following two
> states are equivalent and safe to prune the search:
> 
> cur state: fp-8_w=scalar(id=3,smin=umin=smin32=umin32=2,smax=umax=smax32=umax32=11,var_off=(0x0; 0xf))
> old state: fp-8_rw=scalar(id=2,smin=umin=smin32=umin32=1,smax=umax=smax32=umax32=11,var_off=(0x0; 0xf))
> 
> In other words "exact" state match should ignore liveness and precision
> marks, since open coded iterator logic didn't complete their propagation,
> reg_old->type == NOT_INIT && reg_cur->type != NOT_INIT is also not safe to
> prune while looping, but range_within logic that applies to scalars,
> ptr_to_mem, map_value, pkt_ptr is safe to rely on.
> 
> Avoid doing such comparison when regular infinite loop detection logic is
> used, otherwise bounded loop logic will declare such "infinite loop" as
> false positive. Such example is in progs/verifier_loops1.c
> not_an_inifinite_loop().
> 
> Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxx>

Acked-by: Eduard Zingerman <eddyz87@xxxxxxxxx>





[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux