linux-sg2042/tools/testing/selftests
Jiong Wang e434b8cdf7 bpf: relax verifier restriction on BPF_MOV | BPF_ALU
Currently, the destination register is marked as unknown for 32-bit
sub-register move (BPF_MOV | BPF_ALU) whenever the source register type is
SCALAR_VALUE.

This is too conservative that some valid cases will be rejected.
Especially, this may turn a constant scalar value into unknown value that
could break some assumptions of verifier.

For example, test_l4lb_noinline.c has the following C code:

    struct real_definition *dst

1:  if (!get_packet_dst(&dst, &pckt, vip_info, is_ipv6))
2:    return TC_ACT_SHOT;
3:
4:  if (dst->flags & F_IPV6) {

get_packet_dst is responsible for initializing "dst" into valid pointer and
return true (1), otherwise return false (0). The compiled instruction
sequence using alu32 will be:

  412: (54) (u32) r7 &= (u32) 1
  413: (bc) (u32) r0 = (u32) r7
  414: (95) exit

insn 413, a BPF_MOV | BPF_ALU, however will turn r0 into unknown value even
r7 contains SCALAR_VALUE 1.

This causes trouble when verifier is walking the code path that hasn't
initialized "dst" inside get_packet_dst, for which case 0 is returned and
we would then expect verifier concluding line 1 in the above C code pass
the "if" check, therefore would skip fall through path starting at line 4.
Now, because r0 returned from callee has became unknown value, so verifier
won't skip analyzing path starting at line 4 and "dst->flags" requires
dereferencing the pointer "dst" which actually hasn't be initialized for
this path.

This patch relaxed the code marking sub-register move destination. For a
SCALAR_VALUE, it is safe to just copy the value from source then truncate
it into 32-bit.

A unit test also included to demonstrate this issue. This test will fail
before this patch.

This relaxation could let verifier skipping more paths for conditional
comparison against immediate. It also let verifier recording a more
accurate/strict value for one register at one state, if this state end up
with going through exit without rejection and it is used for state
comparison later, then it is possible an inaccurate/permissive value is
better. So the real impact on verifier processed insn number is complex.
But in all, without this fix, valid program could be rejected.

>From real benchmarking on kernel selftests and Cilium bpf tests, there is
no impact on processed instruction number when tests ares compiled with
default compilation options. There is slightly improvements when they are
compiled with -mattr=+alu32 after this patch.

Also, test_xdp_noinline/-mattr=+alu32 now passed verification. It is
rejected before this fix.

Insn processed before/after this patch:

                        default     -mattr=+alu32

Kernel selftest

===
test_xdp.o              371/371      369/369
test_l4lb.o             6345/6345    5623/5623
test_xdp_noinline.o     2971/2971    rejected/2727
test_tcp_estates.o      429/429      430/430

Cilium bpf
===
bpf_lb-DLB_L3.o:        2085/2085     1685/1687
bpf_lb-DLB_L4.o:        2287/2287     1986/1982
bpf_lb-DUNKNOWN.o:      690/690       622/622
bpf_lxc.o:              95033/95033   N/A
bpf_netdev.o:           7245/7245     N/A
bpf_overlay.o:          2898/2898     3085/2947

NOTE:
  - bpf_lxc.o and bpf_netdev.o compiled by -mattr=+alu32 are rejected by
    verifier due to another issue inside verifier on supporting alu32
    binary.
  - Each cilium bpf program could generate several processed insn number,
    above number is sum of them.

v1->v2:
 - Restrict the change on SCALAR_VALUE.
 - Update benchmark numbers on Cilium bpf tests.

Signed-off-by: Jiong Wang <jiong.wang@netronome.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2018-12-10 09:23:33 -08:00
..
android selftests: add headers_install to lib.mk 2018-09-05 08:12:09 -06:00
bpf bpf: relax verifier restriction on BPF_MOV | BPF_ALU 2018-12-10 09:23:33 -08:00
breakpoints selftests: breakpoints: return Kselftest Skip code for skipped tests 2018-05-30 15:21:52 -06:00
capabilities License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
cgroup Add tests for memory.oom.group 2018-09-07 16:36:01 -06:00
cpu-hotplug selftests: cpu-hotplug: return Kselftest Skip code for skipped tests 2018-05-30 15:21:52 -06:00
cpufreq selftests: cpufreq: return Kselftest Skip code for skipped tests 2018-05-30 15:21:52 -06:00
drivers selftests: mlxsw: Consider VxLAN learning enabled as valid 2018-11-21 17:10:31 -08:00
efivarfs selftests/efivarfs: add required kernel configs 2018-09-05 10:58:07 -06:00
exec selftests: exec: return Kselftest Skip code for skipped tests 2018-05-30 15:21:52 -06:00
filesystems selftests: filesystems: return Kselftest Skip code for skipped tests 2018-05-30 15:21:52 -06:00
firmware selftests: firmware: return Kselftest Skip code for skipped tests 2018-05-30 15:21:52 -06:00
ftrace Masami had a couple more fixes to the synthetic events. One was a proper 2018-10-30 09:47:28 -07:00
futex selftests: add headers_install to lib.mk 2018-09-05 08:12:09 -06:00
gpio selftests: gpio: Fix OUTPUT directory in Makefile 2018-10-24 14:49:37 -06:00
ia64 License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
intel_pstate selftests: intel_pstate: notification about privilege required to run intel_pstate testing script 2018-05-30 21:31:31 -06:00
ipc selftests: ipc: return Kselftest Skip code for skipped tests 2018-05-30 15:21:53 -06:00
kcmp License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
kmod selftests: kmod: return Kselftest Skip code for skipped tests 2018-05-30 15:21:53 -06:00
kvm linux-kselftest-4.20-rc1 2018-10-28 12:58:42 -07:00
lib selftests: lib: fix prime_numbers module search and skip logic 2018-05-30 21:32:55 -06:00
locking selftests: locking: return Kselftest Skip code for skipped tests 2018-05-30 15:29:06 -06:00
media_tests selftests: media_tests: return Kselftest Skip code for skipped tests 2018-05-30 15:29:06 -06:00
membarrier selftests: membarrier: return Kselftest Skip code for skipped tests 2018-05-30 15:29:06 -06:00
memfd selftests: memfd: split regular and hugetlbfs tests 2018-05-30 15:29:06 -06:00
memory-hotplug selftests: memory-hotplug: add required configs 2018-09-05 10:58:31 -06:00
mount selftests: mount: remove no longer needed config option 2018-08-09 11:26:07 -06:00
mqueue selftests: mqueue: return Kselftest Skip code for skipped tests 2018-05-30 15:29:06 -06:00
net selftests/net: add txring_overwrite 2018-11-24 18:22:21 -08:00
netfilter selftests: add script to stress-test nft packet path vs. control plane 2018-11-12 16:13:35 +01:00
networking/timestamping selftests: add headers_install to lib.mk 2018-09-05 08:12:09 -06:00
nsfs tools/testing: Fix trailing semicolon 2018-01-12 11:41:33 -07:00
ntb NTB: ntb_test: Update ntb_perf tests 2018-01-28 22:17:24 -05:00
powerpc selftests/powerpc: Adjust wild_bctr to build with old binutils 2018-11-15 23:05:17 +11:00
prctl License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
proc selftests: fix warning: "_GNU_SOURCE" redefined 2018-10-24 14:49:37 -06:00
pstore selftests: pstore: return Kselftest Skip code for skipped tests 2018-06-18 09:11:09 -06:00
ptp posix-timers: Prevent UB from shifting negative signed value 2018-01-04 14:57:10 +01:00
ptrace License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
rcutorture Merge branches 'doc.2018.08.30a', 'dynticks.2018.08.30b', 'srcu.2018.08.30b' and 'torture.2018.08.29a' into HEAD 2018-08-30 16:12:53 -07:00
rseq rseq/selftests: fix parametrized test with -fpie 2018-09-27 12:59:19 -06:00
rtc selftests: rtc: rework rtctest 2018-05-30 15:21:51 -06:00
seccomp seccomp: Add filter flag to opt-out of SSB mitigation 2018-05-05 00:51:44 +02:00
sigaltstack License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
size
sparc64 selftests: sparc64: Add missing SPDX License Identifiers 2018-06-18 09:29:20 -06:00
splice License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
static_keys selftests: static_keys: return Kselftest Skip code for skipped tests 2018-06-18 09:11:09 -06:00
sync selftests: sync: add config fragment for testing sync framework 2018-06-18 09:11:10 -06:00
sysctl selftests: sysctl: return Kselftest Skip code for skipped tests 2018-06-18 09:11:09 -06:00
tc-testing tc-testing: tdc.py: Guard against lack of returncode in executed command 2018-11-17 21:54:53 -08:00
timers selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock adjustments are in progress 2018-07-10 12:43:21 -07:00
uevent selftests: uevent filtering 2018-05-23 15:24:22 -04:00
user selftests: user: return Kselftest Skip code for skipped tests 2018-06-18 09:11:09 -06:00
vDSO selftests: vDSO - fix to return KSFT_SKIP when test couldn't be run 2018-07-11 10:14:26 -06:00
vm tools/testing/selftests/vm/map_fixed_noreplace.c: add test for MAP_FIXED_NOREPLACE 2018-10-26 16:38:15 -07:00
watchdog selftests: watchdog: Fix ioctl SET* error paths to take oneshot exit path 2018-10-24 14:49:36 -06:00
x86 x86/vdso: Fix vDSO syscall fallback asm constraint regression 2018-10-04 08:17:50 +02:00
zram selftests: zram: return Kselftest Skip code for skipped tests 2018-06-18 09:11:09 -06:00
.gitignore
Makefile selftests: add script to stress-test nft packet path vs. control plane 2018-11-12 16:13:35 +01:00
gen_kselftest_tar.sh selftests: gen_kselftest_tar.h: Add SPDX license identifier 2018-01-12 11:44:31 -07:00
kselftest.h selftests: kselftest: Remove outdated comment 2018-08-27 14:07:46 -06:00
kselftest_harness.h selftests/seccomp: Allow get_metadata to XFAIL 2018-03-21 10:42:46 -06:00
kselftest_install.sh selftests: kselftest_install.sh: Add SPDX license identifier 2018-01-12 11:45:05 -07:00
lib.mk selftests: add headers_install to lib.mk 2018-09-05 08:12:09 -06:00