On 2/16/23 7:36 PM, Eduard Zingerman wrote:
This patch-set modifies BPF verifier to accept programs that read from uninitialized stack locations, but only if executed in privileged mode. This provides significant verification performance gains: 30% to 70% less processed states for big number of test programs. The reason for performance gains comes from treating STACK_MISC and STACK_INVALID as compatible, when cached state is compared to current state in verifier.c:stacksafe(). The change should not affect safety, because any value read from STACK_MISC location has full binary range (e.g. 0x00-0xff for byte-sized reads). Details and measurements are provided in the description for the patch #1. The change was suggested by Andrii Nakryiko, the initial patch was created by Alexei Starovoitov. The discussion could be found at [1]. [1] https://lore.kernel.org/bpf/CAADnVQKs2i1iuZ5SUGuJtxWVfGYR9kDgYKhq3rNV+kBLQCu7rA@xxxxxxxxxxxxxx/
Ptal, looks like BPF CI is complaining: https://github.com/kernel-patches/bpf/actions/runs/4205832876/jobs/7298488977 [...] GEN-SKEL [test_progs] bpf_mod_race.skel.h GEN-SKEL [test_progs] trace_dummy_st_ops.skel.h libbpf: sec 'socket': corrupted program 'read_uninit_stack_fixed_off', offset 0, size 0 Error: failed to open BPF object file: Invalid argument GEN-SKEL [test_progs] test_raw_tp_test_run.skel.h make: *** [Makefile:578: /tmp/work/bpf/bpf/tools/testing/selftests/bpf/uninit_stack.skel.h] Error 234 make: *** Deleting file '/tmp/work/bpf/bpf/tools/testing/selftests/bpf/uninit_stack.skel.h' make: *** Waiting for unfinished jobs.... make: Leaving directory '/tmp/work/bpf/bpf/tools/testing/selftests/bpf' Error: Process completed with exit code 2.
