Skip to content

Commit

Permalink
Merge branch 'vbpf:main' into issue728
Browse files Browse the repository at this point in the history
  • Loading branch information
@Alan-Jowett
Alan-Jowett authored Oct 25, 2024
2 parents 8d4bc1e + 3308618 commit 549a828
Show file tree
Hide file tree
Showing 4 changed files with 649 additions and 3 deletions.
31 changes: 28 additions & 3 deletions src/assertions.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,6 +137,31 @@ class AssertExtractor {
// no need to check for valid access, it must be a number
res.emplace_back(TypeConstraint{cond.left, TypeGroup::number});
} else {
bool allow_pointers = false;

switch (cond.op) {
case Condition::Op::EQ: allow_pointers = true; break;
case Condition::Op::NE: allow_pointers = true; break;
case Condition::Op::SET: allow_pointers = true; break;
case Condition::Op::NSET: allow_pointers = true; break;
case Condition::Op::LT: allow_pointers = true; break;
case Condition::Op::LE: allow_pointers = true; break;
case Condition::Op::GT: allow_pointers = true; break;
case Condition::Op::GE: allow_pointers = true; break;
case Condition::Op::SLT: allow_pointers = false; break;
case Condition::Op::SLE: allow_pointers = false; break;
case Condition::Op::SGT: allow_pointers = false; break;
case Condition::Op::SGE: allow_pointers = false; break;
default: assert(!"unexpected condition");
}

// Only permit pointer comparisons if the operation is 64-bit.
allow_pointers &= cond.is64;

if (!allow_pointers) {
res.emplace_back(TypeConstraint{cond.left, TypeGroup::number});
}

res.emplace_back(ValidAccess{cond.left});
// OK - map_fd is just another pointer
// Anything can be compared to 0
Expand Down Expand Up @@ -168,8 +193,7 @@ class AssertExtractor {
Imm width{static_cast<uint32_t>(ins.access.width)};
const int offset = ins.access.offset;
if (basereg.v == R10_STACK_POINTER) {
// We know we are accessing the stack.
if (offset < -EBPF_STACK_SIZE || offset + static_cast<int>(width.v) >= 0) {
if (offset < -EBPF_STACK_SIZE || offset + static_cast<int>(width.v) > 0) {
// This assertion will fail
res.emplace_back(
ValidAccess{basereg, offset, width, false, ins.is_load ? AccessType::read : AccessType::write});
Expand Down Expand Up @@ -242,7 +266,8 @@ class AssertExtractor {
}
return {Assert{TypeConstraint{ins.dst, TypeGroup::number}}};
}
// For all other binary operations, the destination register must be a number and the source must either be an immediate or a number.
// For all other binary operations, the destination register must be a number and the source must either be an
// immediate or a number.
default:
if (const auto src = std::get_if<Reg>(&ins.v)) {
return {Assert{TypeConstraint{ins.dst, TypeGroup::number}},
Expand Down
5 changes: 5 additions & 0 deletions src/test/ebpf_yaml.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -196,6 +196,9 @@ static ebpf_verifier_options_t raw_options_to_options(const std::set<string>& ra
// Default to the machine's native endianness.
options.big_endian = (std::endian::native == std::endian::big);

// Default to not assuming assertions.
options.assume_assertions = false;

for (const string& name : raw_options) {
if (name == "!allow_division_by_zero") {
options.allow_division_by_zero = false;
Expand All @@ -209,6 +212,8 @@ static ebpf_verifier_options_t raw_options_to_options(const std::set<string>& ra
options.big_endian = true;
} else if (name == "!big_endian") {
options.big_endian = false;
} else if (name == "assume_assertions") {
options.assume_assertions = true;
} else {
throw std::runtime_error("Unknown option: " + name);
}
Expand Down
Loading

0 comments on commit 549a828

Please sign in to comment.