2019-05-19 13:08:55 +01:00
// SPDX-License-Identifier: GPL-2.0-only
2017-08-07 15:26:19 +01:00
/* tnum: tracked (or tristate) numbers
*
* A tnum tracks knowledge about the bits of a value . Each bit can be either
* known ( 0 or 1 ) , or unknown ( x ) . Arithmetic operations on tnums will
* propagate the unknown bits such that the tnum result represents all the
* possible results for possible values of the operands .
*/
# include <linux/kernel.h>
# include <linux/tnum.h>
# define TNUM(_v, _m) (struct tnum){.value = _v, .mask = _m}
/* A completely unknown value */
const struct tnum tnum_unknown = { . value = 0 , . mask = - 1 } ;
struct tnum tnum_const ( u64 value )
{
return TNUM ( value , 0 ) ;
}
2017-08-07 15:26:36 +01:00
struct tnum tnum_range ( u64 min , u64 max )
{
u64 chi = min ^ max , delta ;
u8 bits = fls64 ( chi ) ;
/* special case, needed because 1ULL << 64 is undefined */
if ( bits > 63 )
return tnum_unknown ;
/* e.g. if chi = 4, bits = 3, delta = (1<<3) - 1 = 7.
* if chi = 0 , bits = 0 , delta = ( 1 < < 0 ) - 1 = 0 , so we return
* constant min ( since min = = max ) .
*/
delta = ( 1ULL < < bits ) - 1 ;
return TNUM ( min & ~ delta , delta ) ;
}
2017-08-07 15:26:19 +01:00
struct tnum tnum_lshift ( struct tnum a , u8 shift )
{
return TNUM ( a . value < < shift , a . mask < < shift ) ;
}
struct tnum tnum_rshift ( struct tnum a , u8 shift )
{
return TNUM ( a . value > > shift , a . mask > > shift ) ;
}
bpf/verifier: improve register value range tracking with ARSH
When helpers like bpf_get_stack returns an int value
and later on used for arithmetic computation, the LSH and ARSH
operations are often required to get proper sign extension into
64-bit. For example, without this patch:
54: R0=inv(id=0,umax_value=800)
54: (bf) r8 = r0
55: R0=inv(id=0,umax_value=800) R8_w=inv(id=0,umax_value=800)
55: (67) r8 <<= 32
56: R8_w=inv(id=0,umax_value=3435973836800,var_off=(0x0; 0x3ff00000000))
56: (c7) r8 s>>= 32
57: R8=inv(id=0)
With this patch:
54: R0=inv(id=0,umax_value=800)
54: (bf) r8 = r0
55: R0=inv(id=0,umax_value=800) R8_w=inv(id=0,umax_value=800)
55: (67) r8 <<= 32
56: R8_w=inv(id=0,umax_value=3435973836800,var_off=(0x0; 0x3ff00000000))
56: (c7) r8 s>>= 32
57: R8=inv(id=0, umax_value=800,var_off=(0x0; 0x3ff))
With better range of "R8", later on when "R8" is added to other register,
e.g., a map pointer or scalar-value register, the better register
range can be derived and verifier failure may be avoided.
In our later example,
......
usize = bpf_get_stack(ctx, raw_data, max_len, BPF_F_USER_STACK);
if (usize < 0)
return 0;
ksize = bpf_get_stack(ctx, raw_data + usize, max_len - usize, 0);
......
Without improving ARSH value range tracking, the register representing
"max_len - usize" will have smin_value equal to S64_MIN and will be
rejected by verifier.
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2018-04-28 22:28:11 -07:00
struct tnum tnum_arshift ( struct tnum a , u8 min_shift )
{
/* if a.value is negative, arithmetic shifting by minimum shift
* will have larger negative offset compared to more shifting .
* If a . value is nonnegative , arithmetic shifting by minimum shift
* will have larger positive offset compare to more shifting .
*/
return TNUM ( ( s64 ) a . value > > min_shift , ( s64 ) a . mask > > min_shift ) ;
}
2017-08-07 15:26:19 +01:00
struct tnum tnum_add ( struct tnum a , struct tnum b )
{
u64 sm , sv , sigma , chi , mu ;
sm = a . mask + b . mask ;
sv = a . value + b . value ;
sigma = sm + sv ;
chi = sigma ^ sv ;
mu = chi | a . mask | b . mask ;
return TNUM ( sv & ~ mu , mu ) ;
}
struct tnum tnum_sub ( struct tnum a , struct tnum b )
{
u64 dv , alpha , beta , chi , mu ;
dv = a . value - b . value ;
alpha = dv + a . mask ;
beta = dv - b . mask ;
chi = alpha ^ beta ;
mu = chi | a . mask | b . mask ;
return TNUM ( dv & ~ mu , mu ) ;
}
struct tnum tnum_and ( struct tnum a , struct tnum b )
{
u64 alpha , beta , v ;
alpha = a . value | a . mask ;
beta = b . value | b . mask ;
v = a . value & b . value ;
return TNUM ( v , alpha & beta & ~ v ) ;
}
struct tnum tnum_or ( struct tnum a , struct tnum b )
{
u64 v , mu ;
v = a . value | b . value ;
mu = a . mask | b . mask ;
return TNUM ( v , mu & ~ v ) ;
}
struct tnum tnum_xor ( struct tnum a , struct tnum b )
{
u64 v , mu ;
v = a . value ^ b . value ;
mu = a . mask | b . mask ;
return TNUM ( v & ~ mu , mu ) ;
}
/* half-multiply add: acc += (unknown * mask * value).
* An intermediate step in the multiply algorithm .
*/
static struct tnum hma ( struct tnum acc , u64 value , u64 mask )
{
while ( mask ) {
if ( mask & 1 )
acc = tnum_add ( acc , TNUM ( 0 , value ) ) ;
mask > > = 1 ;
value < < = 1 ;
}
return acc ;
}
struct tnum tnum_mul ( struct tnum a , struct tnum b )
{
struct tnum acc ;
u64 pi ;
pi = a . value * b . value ;
acc = hma ( TNUM ( pi , 0 ) , a . mask , b . mask | b . value ) ;
return hma ( acc , b . mask , a . value ) ;
}
/* Note that if a and b disagree - i.e. one has a 'known 1' where the other has
* a ' known 0 ' - this will return a ' known 1 ' for that bit .
*/
struct tnum tnum_intersect ( struct tnum a , struct tnum b )
{
u64 v , mu ;
v = a . value | b . value ;
mu = a . mask & b . mask ;
return TNUM ( v & ~ mu , mu ) ;
}
struct tnum tnum_cast ( struct tnum a , u8 size )
{
a . value & = ( 1ULL < < ( size * 8 ) ) - 1 ;
a . mask & = ( 1ULL < < ( size * 8 ) ) - 1 ;
return a ;
}
bool tnum_is_aligned ( struct tnum a , u64 size )
{
if ( ! size )
return true ;
return ! ( ( a . value | a . mask ) & ( size - 1 ) ) ;
}
bool tnum_in ( struct tnum a , struct tnum b )
{
if ( b . mask & ~ a . mask )
return false ;
b . value & = ~ a . mask ;
return a . value = = b . value ;
}
int tnum_strn ( char * str , size_t size , struct tnum a )
{
return snprintf ( str , size , " (%#llx; %#llx) " , a . value , a . mask ) ;
}
EXPORT_SYMBOL_GPL ( tnum_strn ) ;
int tnum_sbin ( char * str , size_t size , struct tnum a )
{
size_t n ;
for ( n = 64 ; n ; n - - ) {
if ( n < size ) {
if ( a . mask & 1 )
str [ n - 1 ] = ' x ' ;
else if ( a . value & 1 )
str [ n - 1 ] = ' 1 ' ;
else
str [ n - 1 ] = ' 0 ' ;
}
a . mask > > = 1 ;
a . value > > = 1 ;
}
str [ min ( size - 1 , ( size_t ) 64 ) ] = 0 ;
return 64 ;
}