Refactor verifier prune and jump point handling #4135
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Upstream branch: 78b037b |
kernel-patches-bot
force-pushed
the
bpf-next_base
branch
from
ab07846
to
f1ad6bd
Compare
|
Upstream branch: bc067ca |
kernel-patches-bot
force-pushed
the
series/701084=>bpf-next
branch
from
ce76d4b
to
20ff674
Compare
kernel-patches-bot
force-pushed
the
bpf-next_base
branch
from
f1ad6bd
to
810ca15
Compare
|
Upstream branch: bc067ca |
kernel-patches-bot
force-pushed
the
series/701084=>bpf-next
branch
from
20ff674
to
5ec7327
Compare
kernel-patches-bot
force-pushed
the
bpf-next_base
branch
from
810ca15
to
58302c4
Compare
|
Upstream branch: f16a7aa |
kernel-patches-bot
force-pushed
the
series/701084=>bpf-next
branch
from
5ec7327
to
d509534
Compare
kernel-patches-bot
force-pushed
the
bpf-next_base
branch
from
58302c4
to
ce7c915
Compare
|
Upstream branch: 7068194 |
kernel-patches-bot
force-pushed
the
series/701084=>bpf-next
branch
from
d509534
to
4ec1023
Compare
kernel-patches-bot
force-pushed
the
bpf-next_base
branch
from
ce7c915
to
8c65545
Compare
|
Upstream branch: 1910676 |
kernel-patches-bot
force-pushed
the
series/701084=>bpf-next
branch
from
4ec1023
to
48d062f
Compare
kernel-patches-bot
force-pushed
the
bpf-next_base
branch
from
8c65545
to
c856075
Compare
|
Upstream branch: c0c852d |
kernel-patches-bot
force-pushed
the
series/701084=>bpf-next
branch
from
48d062f
to
0ed9caa
Compare
kernel-patches-bot
force-pushed
the
bpf-next_base
branch
from
c856075
to
317a4d7
Compare
|
Upstream branch: 8972e18 |
kernel-patches-bot
force-pushed
the
series/701084=>bpf-next
branch
from
0ed9caa
to
e6ee398
Compare
kernel-patches-bot
force-pushed
the
bpf-next_base
branch
from
317a4d7
to
b4fe570
Compare
|
Upstream branch: 41d76c7 |
kernel-patches-bot
force-pushed
the
series/701084=>bpf-next
branch
from
e6ee398
to
7b7e7ba
Compare
kernel-patches-bot
force-pushed
the
bpf-next_base
branch
from
b4fe570
to
904e4e7
Compare
|
Upstream branch: 578ce69 |
|
Upstream branch: aa67961 |
kernel-patches-bot
force-pushed
the
series/701084=>bpf-next
branch
from
8488e50
to
a9a8c22
Compare
kernel-patches-bot
force-pushed
the
bpf-next_base
branch
from
bc978f4
to
34310fa
Compare
|
Upstream branch: c21dc52 |
kernel-patches-bot
force-pushed
the
series/701084=>bpf-next
branch
from
a9a8c22
to
6bb60cb
Compare
kernel-patches-bot
force-pushed
the
bpf-next_base
branch
from
34310fa
to
e4c567d
Compare
|
Upstream branch: 235d2ef |
kernel-patches-bot
force-pushed
the
series/701084=>bpf-next
branch
from
6bb60cb
to
c9cdc29
Compare
kernel-patches-bot
force-pushed
the
bpf-next_base
branch
from
e4c567d
to
661aeb6
Compare
|
Upstream branch: 156ed20 |
kernel-patches-bot
force-pushed
the
series/701084=>bpf-next
branch
from
c9cdc29
to
846aad4
Compare
kernel-patches-bot
force-pushed
the
bpf-next_base
branch
from
661aeb6
to
b9829b3
Compare
BPF verifier marks some instructions as prune points. Currently these prune points serve two purposes. It's a point where verifier tries to find previously verified state and check current state's equivalence to short circuit verification for current code path. But also currently it's a point where jump history, used for precision backtracking, is updated. This is done so that non-linear flow of execution could be properly backtracked. Such coupling is coincidental and unnecessary. Some prune points are not part of some non-linear jump path, so don't need update of jump history. On the other hand, not all instructions which have to be recorded in jump history necessarily are good prune points. This patch splits prune and jump points into independent flags. Currently all prune points are marked as jump points to minimize amount of changes in this patch, but next patch will perform some optimization of prune vs jmp point placement. No functional changes are intended. Acked-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
|
Upstream branch: d8939cb |
Jump history updating and state equivalence checks are conceptually independent, so move push_jmp_history() out of is_state_visited(). Also make a decision whether to perform state equivalence checks or not one layer higher in do_check(), keeping is_state_visited() unconditionally performing state checks. push_jmp_history() should be performed after state checks. There is just one small non-uniformity. When is_state_visited() finds already validated equivalent state, it propagates precision marks to current state's parent chain. For this to work correctly, jump history has to be updated, so is_state_visited() is doing that internally. But if no equivalent verified state is found, jump history has to be updated in a newly cloned child state, so is_jmp_point() + push_jmp_history() is performed after is_state_visited() exited with zero result, which means "proceed with validation". This change has no functional changes. It's not strictly necessary, but feels right to decouple these two processes. Acked-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Don't mark some instructions as jump points when there are actually no jumps and instructions are just processed sequentially. Such case is handled naturally by precision backtracking logic without the need to update jump history. See get_prev_insn_idx(). It goes back linearly by one instruction, unless current top of jmp_history is pointing to current instruction. In such case we use `st->jmp_history[cnt - 1].prev_idx` to find instruction from which we jumped to the current instruction non-linearly. Also remove both jump and prune point marking for instruction right after unconditional jumps, as program flow can get to the instruction right after unconditional jump instruction only if there is a jump to that instruction from somewhere else in the program. In such case we'll mark such instruction as prune/jump point because it's a destination of a jump. This change has no changes in terms of number of instructions or states processes across Cilium and selftests programs. Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: John Fastabend <john.fastabend@gmail.com>
kernel-patches-bot
force-pushed
the
series/701084=>bpf-next
branch
from
846aad4
to
6c5014c
Compare
kernel-patches-bot
force-pushed
the
bpf-next_base
branch
2 times, most recently
from
9b910d8
to
9e288d3
Compare
|
At least one diff in series https://patchwork.kernel.org/project/netdevbpf/list/?series=702333 irrelevant now. Closing PR. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull request for series with
subject: Refactor verifier prune and jump point handling
version: 1
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=701084