lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190508175111.hcbufw22mbksbpca@ast-mbp>
Date:   Wed, 8 May 2019 10:51:13 -0700
From:   Alexei Starovoitov <alexei.starovoitov@...il.com>
To:     Jiong Wang <jiong.wang@...ronome.com>
Cc:     daniel@...earbox.net, bpf@...r.kernel.org, netdev@...r.kernel.org,
        oss-drivers@...ronome.com
Subject: Re: [PATCH v6 bpf-next 01/17] bpf: verifier: offer more accurate
 helper function arg and return type

On Wed, May 08, 2019 at 03:45:12PM +0100, Jiong Wang wrote:
> 
> I might be misunderstanding your points, please just shout if I am wrong.
> 
> Suppose the following BPF code:
> 
>   unsigned helper(unsigned long long, unsigned long long);
>   unsigned long long test(unsigned *a, unsigned int c)
>   {
>     unsigned int b = *a;
>     c += 10;
>     return helper(b, c);
>   }
> 
> We get the following instruction sequence by latest llvm
> (-O2 -mattr=+alu32 -mcpu=v3)
> 
>   test:
>     1: w1 = *(u32 *)(r1 + 0)
>     2: w2 += 10
>     3: call helper
>     4: exit
> 
> Argument Types
> ===
> Now instruction 1 and 2 are sub-register defines, and instruction 3, the
> call, use them implicitly.
> 
> Without the introduction of the new ARG_CONST_SIZE32 and
> ARG_CONST_SIZE32_OR_ZERO, we don't know what should be done with w1 and
> w2, zero-extend them should be fine for all cases, but could resulting in a
> few unnecessary zero-extension inserted.

I don't think we're on the same page.
The argument type is _const_.
In the example above they are not _const_.

> 
> And that why I introduce these new argument types, without them, there
> could be more than 10% extra zext inserted on benchmarks like bpf_lxc.

10% extra ? so be it.
We're talking past each other here.
I agree with your optimization goal, but I think you're missing
the safety concerns I'm trying to explain.

> 
> But for helper functions, they are done by native code which may not follow
> this convention. For example, on arm32, calling helper functions are just
> jump to and execute native code. And if the helper returns u32, it just set
> r0, no clearing of r1 which is the high 32-bit in the register pair
> modeling eBPF R0.

it's arm32 bug then. All helpers _must_ return 64-bit back to bpf prog
and _must_ accept 64-bit from bpf prog.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ