• Daniel Borkmann's avatar
    bpf: enable BPF_J{LT, LE, SLT, SLE} opcodes in verifier · b4e432f1
    Daniel Borkmann authored
    Enable the newly added jump opcodes, main parts are in two
    different areas, namely direct packet access and dynamic map
    value access. For the direct packet access, we now allow for
    the following two new patterns to match in order to trigger
    markings with find_good_pkt_pointers():
    
    Variant 1 (access ok when taking the branch):
    
      0: (61) r2 = *(u32 *)(r1 +76)
      1: (61) r3 = *(u32 *)(r1 +80)
      2: (bf) r0 = r2
      3: (07) r0 += 8
      4: (ad) if r0 < r3 goto pc+2
      R0=pkt(id=0,off=8,r=0) R1=ctx R2=pkt(id=0,off=0,r=0)
      R3=pkt_end R10=fp
      5: (b7) r0 = 0
      6: (95) exit
    
      from 4 to 7: R0=pkt(id=0,off=8,r=8) R1=ctx
                   R2=pkt(id=0,off=0,r=8) R3=pkt_end R10=fp
      7: (71) r0 = *(u8 *)(r2 +0)
      8: (05) goto pc-4
      5: (b7) r0 = 0
      6: (95) exit
      processed 11 insns, stack depth 0
    
    Variant 2 (access ok on fall-through):
    
      0: (61) r2 = *(u32 *)(r1 +76)
      1: (61) r3 = *(u32 *)(r1 +80)
      2: (bf) r0 = r2
      3: (07) r0 += 8
      4: (bd) if r3 <= r0 goto pc+1
      R0=pkt(id=0,off=8,r=8) R1=ctx R2=pkt(id=0,off=0,r=8)
      R3=pkt_end R10=fp
      5: (71) r0 = *(u8 *)(r2 +0)
      6: (b7) r0 = 1
      7: (95) exit
    
      from 4 to 6: R0=pkt(id=0,off=8,r=0) R1=ctx
                   R2=pkt(id=0,off=0,r=0) R3=pkt_end R10=fp
      6: (b7) r0 = 1
      7: (95) exit
      processed 10 insns, stack depth 0
    
    The above two basically just swap the branches where we need
    to handle an exception and allow packet access compared to the
    two already existing variants for find_good_pkt_pointers().
    
    For the dynamic map value access, we add the new instructions
    to reg_set_min_max() and reg_set_min_max_inv() in order to
    learn bounds. Verifier test cases for both are added in a
    follow-up patch.
    Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
    Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
    Acked-by: default avatarJohn Fastabend <john.fastabend@gmail.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    b4e432f1
verifier.c 124 KB