Alexei Starovoitov wrote: > On Thu, Nov 12, 2020 at 11:16:11AM -0800, John Fastabend wrote: > > Alexei Starovoitov wrote: > > > From: Alexei Starovoitov <ast@xxxxxxxxxx> > > > > > > This patch adds the verifier support to recognize inlined branch conditions. > > > The LLVM knows that the branch evaluates to the same value, but the verifier > > > couldn't track it. Hence causing valid programs to be rejected. > > > The potential LLVM workaround: https://reviews.llvm.org/D87428 > > > can have undesired side effects, since LLVM doesn't know that > > > skb->data/data_end are being compared. LLVM has to introduce extra boolean > > > variable and use inline_asm trick to force easier for the verifier assembly. > > > > > > Instead teach the verifier to recognize that > > > r1 = skb->data; > > > r1 += 10; > > > r2 = skb->data_end; > > > if (r1 > r2) { > > > here r1 points beyond packet_end and > > > subsequent > > > if (r1 > r2) // always evaluates to "true". > > > } > > > > > > Tested-by: Jiri Olsa <jolsa@xxxxxxxxxx> > > > Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxx> > > > --- > > > include/linux/bpf_verifier.h | 2 +- > > > kernel/bpf/verifier.c | 129 +++++++++++++++++++++++++++++------ > > > 2 files changed, 108 insertions(+), 23 deletions(-) > > > > > > > Thanks, we can remove another set of inline asm logic. > > Awesome! Please contribute your C examples to selftests when possible. Sure will do, its just some mundane header parsing iirc. > > > Acked-by: John Fastabend <john.fastabend@xxxxxxxxx> > > > > > if (pred >= 0) { > > > @@ -7517,7 +7601,8 @@ static int check_cond_jmp_op(struct bpf_verifier_env *env, > > > */ > > > if (!__is_pointer_value(false, dst_reg)) > > > err = mark_chain_precision(env, insn->dst_reg); > > > - if (BPF_SRC(insn->code) == BPF_X && !err) > > > + if (BPF_SRC(insn->code) == BPF_X && !err && > > > + !__is_pointer_value(false, src_reg)) > > > > This could have been more specific with !type_is_pkt_pointer() correct? I > > think its fine as is though. > > I actually meant to use __is_pointer_value() here for two reasons: > 1. to match dst_reg check just few lines above. Agree. > 2. mark_chain_precision() is for scalars only. If in the future > is_*_branch_taken() will support other kinds of pointers the more > precise !type_is_pkt_pointer() check would need to be modified. > That would be unnecessary code churn. Agree.
