This repository was archived by the owner on Jan 10, 2025. It is now read-only.
Refactor - Assign SBPF versions to SIMDs #602
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Lichtso
force-pushed
the
refactor/assign_sbpf_versions_to_simds
branch
from
88e0c85 to
b6d8898
Compare
Lichtso
force-pushed
the
refactor/assign_sbpf_versions_to_simds
branch
from
b6d8898 to
4b2c3df
Compare
Lichtso
force-pushed
the
refactor/assign_sbpf_versions_to_simds
branch
3 times, most recently
from
dcf9245 to
785454e
Compare
Lichtso
force-pushed
the
refactor/assign_sbpf_versions_to_simds
branch
from
6f0ba50 to
08bcb37
Compare
Lichtso
force-pushed
the
refactor/assign_sbpf_versions_to_simds
branch
2 times, most recently
from
60a4eed to
dbd0844
Compare
LucasSte
reviewed
Nov 22, 2024
src/verifier.rs
Outdated
| ebpf::EXIT if !sbpf_version.static_syscalls() => {}, | ||
| ebpf::RETURN if sbpf_version.static_syscalls() => {}, | ||
| ebpf::SYSCALL if sbpf_version.static_syscalls() => { | ||
| ebpf::SYSCALL if sbpf_version.stricter_controlflow() => { |
There was a problem hiding this comment.
This one is still static syscall isn't it?
There was a problem hiding this comment.
I believe that check here should still be sbpf_version.static_syscalls(), as this path will be available with static syscalls.
| ElfExecutable::parse_ro_sections( | ||
| &config, | ||
| &SBPFVersion::V1, // v2 requires optimize_rodata=true | ||
| &SBPFVersion::V0, // v2 requires optimize_rodata=true |
doc/bytecode.md
Outdated
| - `add64 reg, imm` can use `r11` as destination register | ||
|
|
||
| ### until v3 | ||
| - The targets of `call` instructions (which includes `syscall` instructions) is checked at runtime not verification time |
There was a problem hiding this comment.
Suggested change
| - The targets of `call` instructions (which includes `syscall` instructions) is checked at runtime not verification time | |
| - The targets of `call` instructions (which includes `syscall` instructions) are checked at runtime not verification time |
LucasSte
reviewed
Nov 25, 2024
| SBPFVersion::Reserved | ||
| } else { | ||
| SBPFVersion::V1 | ||
| SBPFVersion::V0 |
There was a problem hiding this comment.
If we get a 3 in the e_flags, the version will be V0 here.
Author
There was a problem hiding this comment.
Yep exactly, that is the bug we are feature gating out here.
src/verifier.rs
Outdated
| ebpf::EXIT if !sbpf_version.static_syscalls() => {}, | ||
| ebpf::RETURN if sbpf_version.static_syscalls() => {}, | ||
| ebpf::SYSCALL if sbpf_version.static_syscalls() => { | ||
| ebpf::SYSCALL if sbpf_version.stricter_controlflow() => { |
There was a problem hiding this comment.
I believe that check here should still be sbpf_version.static_syscalls(), as this path will be available with static syscalls.
Lichtso
force-pushed
the
refactor/assign_sbpf_versions_to_simds
branch
from
dbd0844 to
80aa8e1
Compare
LucasSte
reviewed
Nov 25, 2024
| ebpf::JSLT_REG => { check_jmp_offset(prog, insn_ptr, &function_range)?; }, | ||
| ebpf::JSLE_IMM => { check_jmp_offset(prog, insn_ptr, &function_range)?; }, | ||
| ebpf::JSLE_REG => { check_jmp_offset(prog, insn_ptr, &function_range)?; }, | ||
| ebpf::CALL_IMM if sbpf_version.static_syscalls() => { |
There was a problem hiding this comment.
This one doesn't need to be gated behind static_syscalls does it?
src/verifier.rs
Outdated
| ebpf::SYSCALL if sbpf_version.static_syscalls() => { | ||
| check_call_target( | ||
| insn.imm as u32, | ||
| syscall_registry, | ||
| VerifierError::InvalidSyscall(insn.imm as u32))?; | ||
| if sbpf_version.stricter_controlflow() { |
Author
There was a problem hiding this comment.
One to make it a valid opcode and one for the verification rule. These are two different SIMDs but same SBPF version.
There was a problem hiding this comment.
The verification rule for static syscalls is in the static syscalls SIMD.
doc/bytecode.md
Outdated
| - Opcodes from the product / quotient / remainder instruction class are forbiden | ||
| - `neg32` and `neg64` are allowed | ||
| - `le` is allowed | ||
| - `lddw` (opcodes `0x18` and `0x00`) are allowed |
There was a problem hiding this comment.
Suggested change
| - `lddw` (opcodes `0x18` and `0x00`) are allowed | |
| - `lddw` (opcodes `0x18` and `0x00`) is allowed |
doc/bytecode.md
Outdated
| - Opcodes from the product / quotient / remainder instruction class are allowed | ||
| - `neg32` and `neg64` are forbidden | ||
| - `le` is forbidden | ||
| - `lddw` (opcodes `0x18` and `0x00`) are forbidden |
There was a problem hiding this comment.
Suggested change
| - `lddw` (opcodes `0x18` and `0x00`) are forbidden | |
| - `lddw` (opcodes `0x18` and `0x00`) is forbidden |
Lichtso
force-pushed
the
refactor/assign_sbpf_versions_to_simds
branch
from
80aa8e1 to
0442846
Compare
Lichtso
force-pushed
the
refactor/assign_sbpf_versions_to_simds
branch
from
0442846 to
3630a01
Compare
LucasSte
approved these changes
Nov 26, 2024
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.