Re: [PATCH bpf-next v2 5/9] bpf, verifier: improve signed ranges inference... | netdev

[PATCH bpf-next v2 0/9] Add BPF LSM return value range check, BPF part · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-19
[PATCH bpf-next v2 1/9] bpf, lsm: Add disabled BPF LSM hook list · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-19
[PATCH bpf-next v2 3/9] bpf: Prevent tail call between progs attached to different hooks · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-19
[PATCH bpf-next v2 7/9] selftests/bpf: Add return value checks for failed tests · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-19
[PATCH bpf-next v2 2/9] bpf, lsm: Add check for BPF LSM return value · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-19
[PATCH bpf-next v2 4/9] bpf: Fix compare error in function retval_range_within · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-19
[PATCH bpf-next v2 6/9] selftests/bpf: Avoid load failure for token_lsm.c · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-19
[PATCH bpf-next v2 9/9] selftests/bpf: Add verifier tests for bpf lsm · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-19
[PATCH bpf-next v2 8/9] selftests/bpf: Add test for lsm tail call · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-19
[PATCH bpf-next v2 5/9] bpf, verifier: improve signed ranges inference for BPF_AND · Xu Kuohai <xukuohai@huaweicloud.com> · 2024-07-19
Re: [PATCH bpf-next v2 5/9] bpf, verifier: improve signed ranges inference for BPF_AND · Eduard Zingerman <eddyz87@gmail.com> · 2024-07-22
Re: [PATCH bpf-next v2 5/9] bpf, verifier: improve signed ranges inference for BPF_AND · Shung-Hsi Yu <hidden> · 2024-07-22
Re: [PATCH bpf-next v2 5/9] bpf, verifier: improve signed ranges inference for BPF_AND · Eduard Zingerman <eddyz87@gmail.com> · 2024-07-22
Re: [PATCH bpf-next v2 5/9] bpf, verifier: improve signed ranges inference for BPF_AND · Alexei Starovoitov <hidden> · 2024-07-23
Re: [PATCH bpf-next v2 5/9] bpf, verifier: improve signed ranges inference for BPF_AND · Shung-Hsi Yu <hidden> · 2024-07-23
Re: [PATCH bpf-next v2 5/9] bpf, verifier: improve signed ranges inference for BPF_AND · Shung-Hsi Yu <hidden> · 2024-07-23
Re: [PATCH bpf-next v2 5/9] bpf, verifier: improve signed ranges inference for BPF_AND · Alexei Starovoitov <hidden> · 2024-07-24
Re: [PATCH bpf-next v2 0/9] Add BPF LSM return value range check, BPF part · patchwork-bot+netdevbpf@kernel.org · 2024-07-23

Re: [PATCH bpf-next v2 5/9] bpf, verifier: improve signed ranges inference for BPF_AND

From: Shung-Hsi Yu <hidden>
Date: 2024-07-23 07:07:45
Also in: bpf, linux-security-module

On Tue, Jul 23, 2024 at 02:36:18PM GMT, Shung-Hsi Yu wrote:
[...]

quoted

+1
Pls document the logic in the code.
commit log is good, but good chunk of it probably should be copied
as a comment.

I've applied the rest of the patches and removed 'test 3' selftest.
Pls respin this patch and a test.
More than one test would be nice too.

Ack. Will send send another series that:

1. update current patch
  - add code comment explanation how signed ranges are deduced in
    scalar*_min_max_and()
  - revert 229d6db14942 "selftests/bpf: Workaround strict bpf_lsm return
    value check."
2. reintroduce Xu Kuohai's "test 3" into verifier_lsm.c
3. add a few tests for BPF_AND's signed range deduction
   - should it be added to verifier_bounds*.c or verifier_and.c?

     I think former, because if we later add signed range deduction for
     BPF_OR as well...

I was curious whether there would be imminent need for signed range
deduction for BPF_OR, though looks like there is _not_.

Looking at DAGCombiner::SimplifySelectCC() it does not do the
bitwise-OR variant of what we've encountered[1,2], that is

    fold (select_cc seteq (and x, y), 0, A, -1) -> (or (sra (shl x)) A)

In other words, transforming the following theoretial C code that
returns -EACCES when certain bit is unset, and -1 when certain bit is
set

    if (fmode & FMODE_WRITE)
        return -1;
    
    return -EACCESS;

into the following instructions

    r0  <<= 62
    r0 s>>= 63 /* set => r0 = -1, unset => r0 = 0 */
    r0  |= -13 /* set => r0 = (-1 | -13) = -1, unset => r0 = (0 | -13) = -13 = -EACCESS */
	exit       /* returns either -1 or -EACCESS */

So signed ranged deduction with BPF_OR is probably just a nice-to-have
for now.

1: https://github.com/llvm/llvm-project/blob/2b78303/llvm/lib/CodeGen/SelectionDAG/DAGCombiner.cpp#L27657-L27684
2: neither was the setne version transformed, i.e.
   fold (select_cc setne (and x, y), 0, A, 0) -> (and (sra (shl x)) A)

     then test for signed range deducation of both
     BPF_AND and BPF_OR can live in the same file, which would be nice
     as signed range deduction of the two are somewhat symmetric

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help