On Thu, Nov 12, 2020 at 11:16:11AM -0800, John Fastabend wrote: > Alexei Starovoitov wrote: > > From: Alexei Starovoitov <ast@xxxxxxxxxx> > > > > This patch adds the verifier support to recognize inlined branch conditions. > > The LLVM knows that the branch evaluates to the same value, but the verifier > > couldn't track it. Hence causing valid programs to be rejected. > > The potential LLVM workaround: https://reviews.llvm.org/D87428 > > can have undesired side effects, since LLVM doesn't know that > > skb->data/data_end are being compared. LLVM has to introduce extra boolean > > variable and use inline_asm trick to force easier for the verifier assembly. > > > > Instead teach the verifier to recognize that > > r1 = skb->data; > > r1 += 10; > > r2 = skb->data_end; > > if (r1 > r2) { > > here r1 points beyond packet_end and > > subsequent > > if (r1 > r2) // always evaluates to "true". > > } > > > > Tested-by: Jiri Olsa <jolsa@xxxxxxxxxx> > > Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxx> > > --- > > include/linux/bpf_verifier.h | 2 +- > > kernel/bpf/verifier.c | 129 +++++++++++++++++++++++++++++------ > > 2 files changed, 108 insertions(+), 23 deletions(-) > > > > Thanks, we can remove another set of inline asm logic. Awesome! Please contribute your C examples to selftests when possible. > Acked-by: John Fastabend <john.fastabend@xxxxxxxxx> > > > if (pred >= 0) { > > @@ -7517,7 +7601,8 @@ static int check_cond_jmp_op(struct bpf_verifier_env *env, > > */ > > if (!__is_pointer_value(false, dst_reg)) > > err = mark_chain_precision(env, insn->dst_reg); > > - if (BPF_SRC(insn->code) == BPF_X && !err) > > + if (BPF_SRC(insn->code) == BPF_X && !err && > > + !__is_pointer_value(false, src_reg)) > > This could have been more specific with !type_is_pkt_pointer() correct? I > think its fine as is though. I actually meant to use __is_pointer_value() here for two reasons: 1. to match dst_reg check just few lines above. 2. mark_chain_precision() is for scalars only. If in the future is_*_branch_taken() will support other kinds of pointers the more precise !type_is_pkt_pointer() check would need to be modified. That would be unnecessary code churn. Thanks for the review!
