On Fri, Oct 20, 2023 at 9:14 PM John Fastabend <john.fastabend@xxxxxxxxx> wrote:
>
> Andrii Nakryiko wrote:
> > This patch set adds a big set of manual and auto-generated test cases
> > validating BPF verifier's register bounds tracking and deduction logic. See
> > details in the last patch.
> >
> > To make this approach work, BPF verifier's logic needed a bunch of
> > improvements to handle some cases that previously were not covered. This had
> > no implications as to correctness of verifier logic, but it was incomplete
> > enough to cause significant disagreements with alternative implementation of
> > register bounds logic that tests in this patch set implement. So we need BPF
> > verifier logic improvements to make all the tests pass.
> >
> > This is a first part of work with the end goal intended to extend register
> > bounds logic to cover range vs range comparisons, which will be submitted
> > later assuming changes in this patch set land.
> >
> > See individual patches for details.
>
> Nice, I'm about half way through this I'll continue on Monday. The two rounds
> of convergence was interesting I didn't expect that. Looks good to me though
> so far.
>
Great, thanks for reviewing! I found an incompleteness in BPF_JEQ and
BPF_JNE handling in reg_bounds selftests, but it is not exposed on
range vs const comparisons (I found it only when I started testing
range vs range). So I might update this revision with slight changes
on selftest side, but kernel side so far looks good and I don't plan
any adjustments in this patch set.
I do have further generalization coming up that supports range vs
range comparisons and is_branch_taken() logic, so keep in mind that
this is just a first part :)
> Thanks for doing this I've wanted this cleaned up for awhile!
No problems, this was fun, and once range vs range logic lands I'll
have peace of mind :)
>
> >
> > v1->v2:
> > - fix compilation when building selftests with llvm-16 toolchain (CI).
> >
> > Andrii Nakryiko (7):
> > bpf: improve JEQ/JNE branch taken logic
> > bpf: derive smin/smax from umin/max bounds
> > bpf: enhance subregister bounds deduction logic
> > bpf: improve deduction of 64-bit bounds from 32-bit bounds
> > bpf: try harder to deduce register bounds from different numeric
> > domains
> > bpf: drop knowledge-losing __reg_combine_{32,64}_into_{64,32} logic
> > selftests/bpf: BPF register range bounds tester
> >
> > kernel/bpf/verifier.c | 175 +-
> > .../selftests/bpf/prog_tests/reg_bounds.c | 1668 +++++++++++++++++
> > 2 files changed, 1791 insertions(+), 52 deletions(-)
> > create mode 100644 tools/testing/selftests/bpf/prog_tests/reg_bounds.c
> >
> > --
> > 2.34.1
> >
> >
>
>
