Update verifier to latest (#1991)

* Update verifier to latest Fixes #1451 Fixes #1756 Signed-off-by: Dave Thaler <[email protected]> * Update samples to work around verifier limitation Signed-off-by: Dave Thaler <[email protected]> * Update expected bpf2c output Signed-off-by: Dave Thaler <[email protected]> * Fix cmake build Signed-off-by: Dave Thaler <[email protected]> --------- Signed-off-by: Dave Thaler <[email protected]>
microsoft · Feb 1, 2023 · 68544ba · 68544ba
1 parent 74b1672
commit 68544ba
Show file tree

Hide file tree

Showing 16 changed files with 20,470 additions and 8,758 deletions.
diff --git a/docs/isa-support.rst b/docs/isa-support.rst
@@ -69,28 +69,28 @@ opcode  src   imm   description                                          PREVAIL
 0x5d    any   0x00  if dst != src goto +offset                              Y      Y      Y    jne-reg
 0x5e    any   0x00  if (uint32_t)dst != (uint32_t)src goto +offset          Y      Y      Y    jne32-reg
 0x5f    any   0x00  dst &= src                                              Y      Y      Y    alu64-bit
-0x61    any   0x00  dst = \*(uint32_t \*)(src + offset)                    ???     Y      Y    ldxw
+0x61    any   0x00  dst = \*(uint32_t \*)(src + offset)                     Y      Y      Y    ldxw
 0x62    0x0   any   \*(uint32_t \*)(dst + offset) = imm                     Y      Y      Y    stw
 0x63    any   0x00  \*(uint32_t \*)(dst + offset) = src                     Y      Y      Y    stxw
 0x64    0x0   any   dst = (uint32_t)(dst << imm)                            Y      Y      Y    alu-bit
 0x65    0x0   any   if dst s> imm goto +offset                              Y      Y      Y    jsgt-imm
 0x66    0x0   any   if (int32_t)dst s> (int32_t)imm goto +offset            Y      Y      Y    jsgt32-imm
 0x67    0x0   any   dst <<= imm                                             Y      Y      Y    alu64-bit
-0x69    any   0x00  dst = \*(uint16_t \*)(src + offset)                    ???     Y      Y    ldxh
+0x69    any   0x00  dst = \*(uint16_t \*)(src + offset)                     Y      Y      Y    ldxh
 0x6a    0x0   any   \*(uint16_t \*)(dst + offset) = imm                     Y      Y      Y    sth
 0x6b    any   0x00  \*(uint16_t \*)(dst + offset) = src                     Y      Y      Y    stxh
 0x6c    any   0x00  dst = (uint32_t)(dst << src)                            Y      Y      Y    alu-bit
 0x6d    any   0x00  if dst s> src goto +offset                              Y      Y      Y    jsgt-reg
 0x6e    any   0x00  if (int32_t)dst s> (int32_t)src goto +offset            Y      Y      Y    jsgt32-reg
 0x6f    any   0x00  dst <<= src                                             Y      Y      Y    lsh-reg
-0x71    any   0x00  dst = \*(uint8_t \*)(src + offset)                     ???     Y      Y    ldxb
+0x71    any   0x00  dst = \*(uint8_t \*)(src + offset)                      Y      Y      Y    ldxb
 0x72    0x0   any   \*(uint8_t \*)(dst + offset) = imm                      Y      Y      Y    stb
 0x73    any   0x00  \*(uint8_t \*)(dst + offset) = src                      Y      Y      Y    stxb
 0x74    0x0   any   dst = (uint32_t)(dst >> imm)                            Y      Y      Y    rsh32
 0x75    0x0   any   if dst s>= imm goto +offset                             Y      Y      Y    jsge-imm
 0x76    0x0   any   if (int32_t)dst s>= (int32_t)imm goto +offset           Y      Y      Y    jsge32-imm
 0x77    0x0   any   dst >>= imm                                             Y      Y      Y    alu64-bit
-0x79    any   0x00  dst = \*(uint64_t \*)(src + offset)                    ???     Y      Y    ldxdw
+0x79    any   0x00  dst = \*(uint64_t \*)(src + offset)                     Y      Y      Y    ldxdw
 0x7a    0x0   any   \*(uint64_t \*)(dst + offset) = imm                     Y      Y      Y    stdw
 0x7b    any   0x00  \*(uint64_t \*)(dst + offset) = src                     Y      Y      Y    stxdw
 0x7c    any   0x00  dst = (uint32_t)(dst >> src)                            Y      Y      Y    alu-bit

diff --git a/external/CMakeLists.txt b/external/CMakeLists.txt
@@ -2,7 +2,6 @@
 # SPDX-License-Identifier: MIT
 
 add_subdirectory("ebpf-verifier" EXCLUDE_FROM_ALL)
-add_subdirectory("Catch2" EXCLUDE_FROM_ALL)
 add_subdirectory("ubpf" EXCLUDE_FROM_ALL)
 
 # Special target that we can link to external dependencies
@@ -17,14 +16,6 @@ target_compile_definitions("ebpf_for_windows_external_settings" INTERFACE
   "_SILENCE_ALL_CXX17_DEPRECATION_WARNINGS"
 )
 
-#
-# Catch2
-#
-
-target_link_libraries("Catch2" PRIVATE
-  "ebpf_for_windows_external_settings"
-)
-
 #
 # ebpfverifier
 #

diff --git a/external/ebpf-verifier b/external/ebpf-verifier
diff --git a/libs/execution_context/ebpf_program.c b/libs/execution_context/ebpf_program.c
@@ -1486,7 +1486,7 @@ _ebpf_helper_id_to_index_compare(const void* lhs, const void* rhs)
  * 2) During initialization, the program binds to the program information provider.
  * 3) During the attach callback, the program information is hashed and stored.
  * 4) The verifier then queries the program information from the ebpf_program_t object and uses it to verify the program
- * safety. 
+ * safety.
  * 5) If the program information provider is reattached, the program information is hashed and compared with the
  * hash stored in the program and the program is rejected if the hash does not match. This ensures that the program
  * information the verifier uses to verify the program safety is the same as the program information the program uses to
@@ -1504,7 +1504,7 @@ _ebpf_program_initialize_or_verify_program_info_hash(_Inout_ ebpf_program_t* pro
     ebpf_result_t result;
     ebpf_cryptographic_hash_t* cryptographic_hash = NULL;
     ebpf_helper_id_to_index_t* helper_id_to_index = NULL;
-    const ebpf_program_info_t* program_info = NULL;
+    ebpf_program_info_t* program_info = NULL;
 
     result = ebpf_program_get_program_info(program, &program_info);
     if (result != EBPF_SUCCESS) {
+1 −0		.gitignore
+11 −0		CMakeLists.txt
+1 −1		ebpf-samples
+1 −1		external/ELFIO
+1 −1		external/bpf_conformance
+0 −17,873		external/catch.hpp
+12 −6		src/asm_ostream.cpp
+195 −17		src/asm_parse.cpp
+6 −6		src/asm_syntax.hpp
+7 −3		src/asm_unmarshal.cpp
+7 −1		src/btf_parser.cpp
+1 −0		src/config.cpp
+1 −0		src/config.hpp
+216 −0		src/crab/add_bottom.hpp
+73 −6		src/crab/array_domain.cpp
+3 −3		src/crab/array_domain.hpp
+1 −1		src/crab/bitset_domain.hpp
+6 −2		src/crab/dsl_syntax.hpp
+172 −94		src/crab/ebpf_domain.cpp
+3 −3		src/crab/ebpf_domain.hpp
+6 −2		src/crab/fwd_analyzer.cpp
+2 −2		src/crab/interval.cpp
+30 −4		src/crab/interval.hpp
+459 −437		src/crab/split_dbm.cpp
+50 −238		src/crab/split_dbm.hpp
+23 −12		src/crab_utils/bignums.hpp
+60 −0		src/crab_utils/graph_ops.hpp
+34 −46		src/crab_utils/safeint.hpp
+3 −3		src/crab_verifier.cpp
+29 −6		src/ebpf_yaml.cpp
+1 −1		src/ebpf_yaml.hpp
+7 −1		src/main/run_yaml.cpp
+0 −180		src/string_constraints.cpp
+14 −0		src/string_constraints.hpp
+0 −6		src/test/test.cpp
+22 −20		src/test/test_conformance.cpp
+1 −1		src/test/test_loop.cpp
+1 −1		src/test/test_marshal.cpp
+1 −1		src/test/test_print.cpp
+2 −2		src/test/test_termination.cpp
+33 −11		src/test/test_verify.cpp
+1 −1		src/test/test_wto.cpp
+6 −4		src/test/test_yaml.cpp
+108 −0		test-data/jump.yaml
+80 −0		test-data/parse.yaml
+1,022 −0		test-data/unsigned.yaml