Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor - Assign SBPF versions to SIMDs #602

Merged
merged 4 commits into from
Nov 26, 2024
Merged

Refactor - Assign SBPF versions to SIMDs #602

merged 4 commits into from
Nov 26, 2024

Conversation

Lichtso
Copy link

@Lichtso Lichtso commented Oct 2, 2024

No description provided.

@Lichtso Lichtso force-pushed the refactor/assign_sbpf_versions_to_simds branch from 88e0c85 to b6d8898 Compare October 3, 2024 16:37
@Lichtso Lichtso force-pushed the refactor/assign_sbpf_versions_to_simds branch from b6d8898 to 4b2c3df Compare October 11, 2024 16:42
@Lichtso Lichtso mentioned this pull request Oct 28, 2024
Merged
@Lichtso Lichtso force-pushed the refactor/assign_sbpf_versions_to_simds branch 3 times, most recently from dcf9245 to 785454e Compare November 22, 2024 12:08
@Lichtso Lichtso marked this pull request as ready for review November 22, 2024 12:10
@Lichtso Lichtso force-pushed the refactor/assign_sbpf_versions_to_simds branch from 6f0ba50 to 08bcb37 Compare November 22, 2024 14:33
@Lichtso Lichtso force-pushed the refactor/assign_sbpf_versions_to_simds branch 2 times, most recently from 60a4eed to dbd0844 Compare November 22, 2024 15:06
LucasSte
LucasSte reviewed Nov 22, 2024
View reviewed changes
src/verifier.rs Outdated
@@ -402,7 +402,7 @@ impl Verifier for RequisiteVerifier {
ebpf::CALL_REG => { check_callx_register(&insn, insn_ptr, sbpf_version)?; },
ebpf::EXIT if !sbpf_version.static_syscalls() => {},
ebpf::RETURN if sbpf_version.static_syscalls() => {},
ebpf::SYSCALL if sbpf_version.static_syscalls() => {
ebpf::SYSCALL if sbpf_version.stricter_controlflow() => {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This one is still static syscall isn't it?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe that check here should still be sbpf_version.static_syscalls(), as this path will be available with static syscalls.

src/elf.rs
@@ -2068,7 +2070,7 @@ mod test {
assert!(matches!(
ElfExecutable::parse_ro_sections(
&config,
&SBPFVersion::V1, // v2 requires optimize_rodata=true
&SBPFVersion::V0, // v2 requires optimize_rodata=true
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should V3 in the comment now?

doc/bytecode.md Outdated
- `add64 reg, imm` can use `r11` as destination register

### until v3
- The targets of `call` instructions (which includes `syscall` instructions) is checked at runtime not verification time
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- The targets of `call` instructions (which includes `syscall` instructions) is checked at runtime not verification time
- The targets of `call` instructions (which includes `syscall` instructions) are checked at runtime not verification time

doc/bytecode.md Show resolved Hide resolved
LucasSte
LucasSte reviewed Nov 25, 2024
View reviewed changes
src/elf.rs
} else {
SBPFVersion::V1
SBPFVersion::V0
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we get a 3 in the e_flags, the version will be V0 here.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep exactly, that is the bug we are feature gating out here.

src/verifier.rs Outdated
@@ -402,7 +402,7 @@ impl Verifier for RequisiteVerifier {
ebpf::CALL_REG => { check_callx_register(&insn, insn_ptr, sbpf_version)?; },
ebpf::EXIT if !sbpf_version.static_syscalls() => {},
ebpf::RETURN if sbpf_version.static_syscalls() => {},
ebpf::SYSCALL if sbpf_version.static_syscalls() => {
ebpf::SYSCALL if sbpf_version.stricter_controlflow() => {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe that check here should still be sbpf_version.static_syscalls(), as this path will be available with static syscalls.

@Lichtso Lichtso force-pushed the refactor/assign_sbpf_versions_to_simds branch from dbd0844 to 80aa8e1 Compare November 25, 2024 20:11
LucasSte
LucasSte reviewed Nov 25, 2024
View reviewed changes
src/verifier.rs Outdated
@@ -391,22 +391,27 @@ impl Verifier for RequisiteVerifier {
ebpf::JSLE_IMM => { check_jmp_offset(prog, insn_ptr, &function_range)?; },
ebpf::JSLE_REG => { check_jmp_offset(prog, insn_ptr, &function_range)?; },
ebpf::CALL_IMM if sbpf_version.static_syscalls() => {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This one doesn't need to be gated behind static_syscalls does it?

src/verifier.rs Outdated
ebpf::SYSCALL if sbpf_version.static_syscalls() => {
check_call_target(
insn.imm as u32,
syscall_registry,
VerifierError::InvalidSyscall(insn.imm as u32))?;
if sbpf_version.stricter_controlflow() {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this one need two gates?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One to make it a valid opcode and one for the verification rule. These are two different SIMDs but same SBPF version.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The verification rule for static syscalls is in the static syscalls SIMD.

doc/bytecode.md Outdated
- `le` is allowed
- `lddw` (opcodes `0x18` and `0x00`) are allowed
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- `lddw` (opcodes `0x18` and `0x00`) are allowed
- `lddw` (opcodes `0x18` and `0x00`) is allowed

doc/bytecode.md Outdated
- `le` is forbidden
- `lddw` (opcodes `0x18` and `0x00`) are forbidden
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- `lddw` (opcodes `0x18` and `0x00`) are forbidden
- `lddw` (opcodes `0x18` and `0x00`) is forbidden

@Lichtso Lichtso force-pushed the refactor/assign_sbpf_versions_to_simds branch from 80aa8e1 to 0442846 Compare November 26, 2024 15:19
@Lichtso Lichtso force-pushed the refactor/assign_sbpf_versions_to_simds branch from 0442846 to 3630a01 Compare November 26, 2024 15:45
@Lichtso Lichtso merged commit a8247dd into main Nov 26, 2024
12 checks passed
@Lichtso Lichtso deleted the refactor/assign_sbpf_versions_to_simds branch November 26, 2024 20:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LucasSte LucasSte LucasSte approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Lichtso @LucasSte