From: Daniel Borkmann Date: Wed, 19 Jun 2019 00:22:53 +0000 (+0200) Subject: Merge branch 'bpf-bounded-loops' X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=94079b64255fe40b9b53fd2e4081f68b9b14f54a;p=openwrt%2Fstaging%2Fblogic.git Merge branch 'bpf-bounded-loops' Alexei Starovoitov says: ==================== v2->v3: fixed issues in backtracking pointed out by Andrii. The next step is to add a lot more tests for backtracking. v1->v2: addressed Andrii's feedback. this patch set introduces verifier support for bounded loops and adds several other improvements. Ideally they would be introduced one at a time, but to support bounded loop the verifier needs to 'step back' in the patch 1. That patch introduces tracking of spill/fill of constants through the stack. Though it's a useful feature it hurts cilium tests. Patch 3 introduces another feature by extending is_branch_taken logic to 'if rX op rY' conditions. This feature is also necessary to support bounded loops. Then patch 4 adds support for the loops while adding key heuristics with jmp_processed. Introduction of parentage chain of verifier states in patch 4 allows patch 9 to add backtracking of precise scalar registers which finally resolves degradation from patch 1. The end result is much faster verifier for existing programs and new support for loops. See patch 8 for many kinds of loops that are now validated. Patch 9 is the most tricky one and could be rewritten with a different algorithm in the future. ==================== Signed-off-by: Daniel Borkmann --- 94079b64255fe40b9b53fd2e4081f68b9b14f54a