From patchwork Wed Nov 1 07:33:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hao Sun X-Patchwork-Id: 160456 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:abcd:0:b0:403:3b70:6f57 with SMTP id f13csp242691vqx; Wed, 1 Nov 2023 00:34:37 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHT1RIXjbxpggVyaiDggG7OVj8QdMNn4dK6ipUKnolW26IrDMmtdNdSkLAnIQ4p2z1XduAj X-Received: by 2002:a17:90a:357:b0:280:1729:b3e6 with SMTP id 23-20020a17090a035700b002801729b3e6mr11217382pjf.10.1698824077584; Wed, 01 Nov 2023 00:34:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698824077; cv=none; d=google.com; s=arc-20160816; b=A88NZE88mtwmPsqeAJ8noDTLxJucWyhdr7fXsLBuwsOkNvmpFRkV+pWb0yaM6afAno a3y4dAWP8K8QskqT8iWbYKd+QZ47F69i8DNHsTdK4MqfINlb/Vuy3E5b82oi+NkTJzSJ qkVYtWqXOzJYiDSimUaJCXz97B51jXa33ninow9BJV9RwiRW9sGbvqlfy9URZNe5WmD9 LsLcusikkN5KIL1cOAOAf+oZNR625dXjvdTxRewrKrbYAiGhw6NUoNiHxyKcn00y2WtO zzRx0xAaUA3jPZVLn+D71wdJp2kPcmvTGJ/DxKzMta9UCbWaeS+sTzvDKxWrLjZ/M+He ixdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=K8hgrjlDvFMKSVzJkLU39O15qC5sfoG0Arowg8Wk8LM=; fh=jfziyIVOQDNOZBGPiw9gaxcqMRAwxDHSKC0F0xcYq1k=; b=jAKBinqVNpgHj+vxoJfc6qJ4ZpIncf6NKv8m4pwkp8+SWygzNez0dRk0egKhMue3mI UU+qzPensORtXFwDIPWtWiEWscDxpXOY9UAGyzPcpUWyk4WFTP5kShPxxyCyyKHueoG3 Ckojg5jVjvaw/rVi47WxwS1iWZo3JJLQMZEnalSisNAKMdXE8O/ShsLHd7fu7eA0PizS HS+1jf48kCpt4ozyFNQJhUpfkNEjZrJM3s5xrWF6n912O9KkGBIdmaRugx859IFg+ZYF RpUOtY0FgL+WE3YclAhQixnqK08KLwYD6X+PkWB77QeMrrvSLabIher54DL+dtIL+/aC BU0w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Gt0Hk+jg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from fry.vger.email (fry.vger.email. [23.128.96.38]) by mx.google.com with ESMTPS id il13-20020a17090b164d00b002768cfbe6desi275139pjb.112.2023.11.01.00.34.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Nov 2023 00:34:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) client-ip=23.128.96.38; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Gt0Hk+jg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id DAEE480A056D; Wed, 1 Nov 2023 00:34:34 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231220AbjKAHeM (ORCPT + 35 others); Wed, 1 Nov 2023 03:34:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45172 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230206AbjKAHeK (ORCPT ); Wed, 1 Nov 2023 03:34:10 -0400 Received: from mail-lj1-x22e.google.com (mail-lj1-x22e.google.com [IPv6:2a00:1450:4864:20::22e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 270D7E4; Wed, 1 Nov 2023 00:34:08 -0700 (PDT) Received: by mail-lj1-x22e.google.com with SMTP id 38308e7fff4ca-2c514cbbe7eso90076371fa.1; Wed, 01 Nov 2023 00:34:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1698824046; x=1699428846; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=K8hgrjlDvFMKSVzJkLU39O15qC5sfoG0Arowg8Wk8LM=; b=Gt0Hk+jgxbM8Pc/LxlG+Ik0K+FOr5UxAj1G0rCxbg8/9O50Lgk8nPA3yCPZUrejQPd C9Ysej+PmDG30BQJvyosS88IyTeR58fJoGb/vBayrcteLYIxeEfV7mIs8svMRJ8+0BzQ FiARKKib/XkfqRRGAwAWJZHsics5swhtL9RL/363l6XjwwDlLzVwxT1RBNGwp3zW4Lo9 blh2UlqbgJJuxzoonkev5A1DiO40MHmdSkTvO7BKaTnZ0/Qu7tbbimLRQzVauUr2JUrF 53oIX5nLlXKDXE9LV4qomMBD4JuC8HS60rGjo/4aHK89LTVAJtghwLDOLcVxgoRIMKcM C+kw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698824046; x=1699428846; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=K8hgrjlDvFMKSVzJkLU39O15qC5sfoG0Arowg8Wk8LM=; b=mBnkWg2q60w9zG//M7eIuMe3DGYxFNOyN98G2kJEiQFmbkNjNvH13Up64b/2OkOFW+ aUQszAgnVj70zxlFCQVJGyERm4Ods8Ba+xWLCy5JrPHaM3gjo7JJ2xc+w5qBdHXz+XLc T4xCPsjGMPinm7sb2JSvNnWMRKkyZrl99JRw7HqvNP3aLAvt9XlC3w1ecNR7P9uRwFfV IzRilPjije1dgQU3cA0krnDMRZwWgs7LYv2Opct3Lo8RvVvvAjVLaOxTBVGOo3nDXGVA 8I1scgU+X8CDFs1rb2qA+qLavj04BsVtMNwxgRN84iR6G2A+99Nr1esIUSsTonbEURT5 ZACw== X-Gm-Message-State: AOJu0Yz8oUbgxyY+iTft464xrK+JtQo1i6+waOrG/1XyadROSCdhtgZ+ Ljydv7sZ13LDbfTa07keBA== X-Received: by 2002:a05:6512:3ba8:b0:509:3785:fd98 with SMTP id g40-20020a0565123ba800b005093785fd98mr3049466lfv.44.1698824045756; Wed, 01 Nov 2023 00:34:05 -0700 (PDT) Received: from amdsuplus2.inf.ethz.ch (amdsuplus2.inf.ethz.ch. [129.132.31.88]) by smtp.gmail.com with ESMTPSA id i18-20020adff312000000b0032d893d8dc8sm3401810wro.2.2023.11.01.00.34.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Nov 2023 00:34:04 -0700 (PDT) From: Hao Sun Date: Wed, 01 Nov 2023 08:33:22 +0100 Subject: [PATCH bpf v2 1/2] bpf: Fix check_stack_write_fixed_off() to correctly spill imm MIME-Version: 1.0 Message-Id: <20231101-fix-check-stack-write-v2-1-cb7c17b869b0@gmail.com> References: <20231101-fix-check-stack-write-v2-0-cb7c17b869b0@gmail.com> In-Reply-To: <20231101-fix-check-stack-write-v2-0-cb7c17b869b0@gmail.com> To: Alexei Starovoitov , Daniel Borkmann , John Fastabend , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Mykola Lysenko , Shuah Khan , Eduard Zingerman , Shung-Hsi Yu Cc: bpf@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Hao Sun , stable@vger.kernel.org X-Mailer: b4 0.12.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1698824042; l=2043; i=sunhao.th@gmail.com; s=20231009; h=from:subject:message-id; bh=ul85j3F8ehQe8EUMkKWv7wQfGIECOmyaTKwskzJcVEc=; b=a9SceJhCUVsYqeRF9Abk77k9yz7T72uAeX43PMew3+zfC1bN990ouVGTwaY4tBccnBb5o0ula 9RkuD00PzovBipIYuBXsJcm9knM4amjzhnO5T82h4DLs9TEJNt5PueX X-Developer-Key: i=sunhao.th@gmail.com; a=ed25519; pk=AHFxrImGtyqXOuw4f5xTNh4PGReb7hzD86ayyTZCXd4= X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Wed, 01 Nov 2023 00:34:34 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781346156203805718 X-GMAIL-MSGID: 1781346156203805718 In check_stack_write_fixed_off(), imm value is cast to u32 before being spilled to the stack. Therefore, the sign information is lost, and the range information is incorrect when load from the stack again. For the following prog: 0: r2 = r10 1: *(u64*)(r2 -40) = -44 2: r0 = *(u64*)(r2 - 40) 3: if r0 s<= 0xa goto +2 4: r0 = 1 5: exit 6: r0 = 0 7: exit The verifier gives: func#0 @0 0: R1=ctx(off=0,imm=0) R10=fp0 0: (bf) r2 = r10 ; R2_w=fp0 R10=fp0 1: (7a) *(u64 *)(r2 -40) = -44 ; R2_w=fp0 fp-40_w=4294967252 2: (79) r0 = *(u64 *)(r2 -40) ; R0_w=4294967252 R2_w=fp0 fp-40_w=4294967252 3: (c5) if r0 s< 0xa goto pc+2 mark_precise: frame0: last_idx 3 first_idx 0 subseq_idx -1 mark_precise: frame0: regs=r0 stack= before 2: (79) r0 = *(u64 *)(r2 -40) 3: R0_w=4294967252 4: (b7) r0 = 1 ; R0_w=1 5: (95) exit verification time 7971 usec stack depth 40 processed 6 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0 So remove the incorrect cast, since imm field is declared as s32, and __mark_reg_known() takes u64, so imm would be correctly sign extended by compiler. Fixes: ecdf985d7615 ("bpf: track immediate values written to stack by BPF_ST instruction") Cc: stable@vger.kernel.org Signed-off-by: Hao Sun Acked-by: Shung-Hsi Yu Acked-by: Eduard Zingerman --- kernel/bpf/verifier.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 857d76694517..44af69ce1301 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -4674,7 +4674,7 @@ static int check_stack_write_fixed_off(struct bpf_verifier_env *env, insn->imm != 0 && env->bpf_capable) { struct bpf_reg_state fake_reg = {}; - __mark_reg_known(&fake_reg, (u32)insn->imm); + __mark_reg_known(&fake_reg, insn->imm); fake_reg.type = SCALAR_VALUE; save_register_state(state, spi, &fake_reg, size); } else if (reg && is_spillable_regtype(reg->type)) { From patchwork Wed Nov 1 07:33:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hao Sun X-Patchwork-Id: 160455 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:abcd:0:b0:403:3b70:6f57 with SMTP id f13csp242677vqx; Wed, 1 Nov 2023 00:34:35 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGNXivLDcKK16SK97irf1WH055yIKSzw22zQJhHWi9FeND9H5vtWVGavJopRHSb0j8Cv/hU X-Received: by 2002:a17:902:db0f:b0:1cc:5aef:f2d1 with SMTP id m15-20020a170902db0f00b001cc5aeff2d1mr7139246plx.25.1698824075072; Wed, 01 Nov 2023 00:34:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698824075; cv=none; d=google.com; s=arc-20160816; b=kAygX19FAEmP+vVMGsTFc15qw28fbgV6XUad6EsGD+B/KafsCc5oUxGoyTtxBhruIA wAgkN+kzJPyiTI8BlP+6QT7dCz/VliWmUO45hcNXUeAZ8qJRaeuGia2gY+oEkur5idY4 gx9OflD4ADtV57PKa/VCMyYflBZhO4o4BHbBF67yjFCxWO/5UQW8JVYtBzTo4Xyav/dM WJfR9xAp9TH+Rv1jNykcB0P8XdHr07ljnRM9DMe5iih23CC7hb/MBECV0++bMvHQwqh8 e+R42tPsqlZdd3wl8obi/y1zrYqyWOFnSFhySgWb8P1AWW87O+P47RTDBq4iBUDHyR5K Qr3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=yHuPB109KsQAxIHXMrlfX3Zfn2UV329R/EJ5GBjTAOI=; fh=8hmxUlMoo9DjnB1CyzFj79xM7lkYj89TBjjY0Dg9ibY=; b=PbzflWYnU5HosYtm/fK4f5sM96OjbEfo1WzGcbjlaIg7okU2hg33U7Y9U7jz8z+9Im B9JmN/noNk2w9655dF3l49kS7tlbqQ3dFQA9obXkSVdHDOvjo+AgN6e8Tn/Ib8mWcOAI QEC2Iqihd0hVCR0jjcSxi0iVKrhlsBcYkwvnud0Cflm88lRd5Lg0K7HDQV2NDjkOAJDU khl5f1Bq5N0zUfdQCyvZBmpM2uQK4qWy/mIzt/4znipYCQvsL9d7OtonrwjjNKysVcvV AGUdUsTfuvlrH0f9HF0WAJgrRN9XR0fFaoU0iImD3qKQEFdP4leIm97ZFeFqUlNCFsSj HVmg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=E8JPvk6f; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from pete.vger.email (pete.vger.email. [2620:137:e000::3:6]) by mx.google.com with ESMTPS id l11-20020a170903244b00b001cc467a339esi2579090pls.389.2023.11.01.00.34.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Nov 2023 00:34:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) client-ip=2620:137:e000::3:6; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=E8JPvk6f; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id A0949803DAF3; Wed, 1 Nov 2023 00:34:32 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231276AbjKAHeQ (ORCPT + 35 others); Wed, 1 Nov 2023 03:34:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45188 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231179AbjKAHeL (ORCPT ); Wed, 1 Nov 2023 03:34:11 -0400 Received: from mail-wm1-x330.google.com (mail-wm1-x330.google.com [IPv6:2a00:1450:4864:20::330]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1950EC2; Wed, 1 Nov 2023 00:34:09 -0700 (PDT) Received: by mail-wm1-x330.google.com with SMTP id 5b1f17b1804b1-40806e4106dso3227515e9.1; Wed, 01 Nov 2023 00:34:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1698824047; x=1699428847; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=yHuPB109KsQAxIHXMrlfX3Zfn2UV329R/EJ5GBjTAOI=; b=E8JPvk6fJHiqZWBVw0kxYop0PlUsEL+0LDnpTssztnyoYP7wFNfI6jDaboazB5aVrW yBd4EOQAiK2MajaVXqVw2B6HtC4FN+vGW5mNGGQ6prnGi9/1yVu+Xt4FMgzsiOqw2aYP OYj0W8rS5AjLRyzpXrjEd8+yAVFQkfB/oC292n+nJZIYG6uqw+te0bQSx5kLTRPuS++K JUxIEb8ubUfgbXbLu2EAQjd7q3Vn+WX07QS4gicGJKASXmnjRxWOFVtdnbQ6fgVspoKw aABYvrciqGgHwz6/DVJ5zgzRFzGlgh6BnAfIm21/d33GiQ15tI1JY00bXfls3SxbmSZ0 rbMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698824047; x=1699428847; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=yHuPB109KsQAxIHXMrlfX3Zfn2UV329R/EJ5GBjTAOI=; b=YKQ2b7t31Tb1gP/eTyppwxClTKSp68GIk11+dFrXnAnBxuINoDYrndTs66ittSN+1l 5uSd8ZRb/lReMOG1rKXEpWyjh63WklyGorLphpZHpoMVCmLrhITwfvRdEfgfegOF7oe1 rhLSy//VwgHwNKxO7NmkSq9NJzBDQUlOtL6mLxeAh4FK2GBBYPGIVoopEFs7ygH6RGXN rdwybHGsKPlPV3bG2QRZbFw1LuCSu/i2jud5IUjCD+QKrg+/2t+oYqBjtb71lIwyOS1V u//kDQKu4WDzh8ZkIA2Ph+EwjW5/6v4OgKi/7KaC0ngYZLF+hu4tImdm6xRSD8TJYwCQ Th1Q== X-Gm-Message-State: AOJu0Yy4kbGReFGreefQ5VCucaABJorPiMsg5sukgvulhHopHSlfCgin ZwaHqFP1pt+sbXbQwImuBg== X-Received: by 2002:a05:600c:3146:b0:408:36bb:5b0c with SMTP id h6-20020a05600c314600b0040836bb5b0cmr1999352wmo.7.1698824047195; Wed, 01 Nov 2023 00:34:07 -0700 (PDT) Received: from amdsuplus2.inf.ethz.ch (amdsuplus2.inf.ethz.ch. [129.132.31.88]) by smtp.gmail.com with ESMTPSA id i18-20020adff312000000b0032d893d8dc8sm3401810wro.2.2023.11.01.00.34.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Nov 2023 00:34:06 -0700 (PDT) From: Hao Sun Date: Wed, 01 Nov 2023 08:33:23 +0100 Subject: [PATCH bpf v2 2/2] selftests/bpf: Add test for immediate spilled to stack MIME-Version: 1.0 Message-Id: <20231101-fix-check-stack-write-v2-2-cb7c17b869b0@gmail.com> References: <20231101-fix-check-stack-write-v2-0-cb7c17b869b0@gmail.com> In-Reply-To: <20231101-fix-check-stack-write-v2-0-cb7c17b869b0@gmail.com> To: Alexei Starovoitov , Daniel Borkmann , John Fastabend , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Mykola Lysenko , Shuah Khan , Eduard Zingerman , Shung-Hsi Yu Cc: bpf@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Hao Sun X-Mailer: b4 0.12.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1698824042; l=1562; i=sunhao.th@gmail.com; s=20231009; h=from:subject:message-id; bh=RsQQJC1kz5RaWMBIQa3UXHDscXwUBIZwC2LrZY94Ug8=; b=2D5CtDRRnmzsb7u21FbfWzwordfaO3zTME3qmQjlmraBAi9/A0FMHxGNxSA46wa/qzpYzel7r UmnA7cRuRo0ArLRb4cHvE6XOa70EBWAn2hWXkDvKy1bqnB/iQqna2wF X-Developer-Key: i=sunhao.th@gmail.com; a=ed25519; pk=AHFxrImGtyqXOuw4f5xTNh4PGReb7hzD86ayyTZCXd4= X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Wed, 01 Nov 2023 00:34:32 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781346153273909397 X-GMAIL-MSGID: 1781346153273909397 Add a test to check if the verifier correctly reason about the sign of an immediate spilled to stack by BPF_ST instruction. Signed-off-by: Hao Sun --- tools/testing/selftests/bpf/verifier/bpf_st_mem.c | 32 +++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/tools/testing/selftests/bpf/verifier/bpf_st_mem.c b/tools/testing/selftests/bpf/verifier/bpf_st_mem.c index 3af2501082b2..0ba23807c46c 100644 --- a/tools/testing/selftests/bpf/verifier/bpf_st_mem.c +++ b/tools/testing/selftests/bpf/verifier/bpf_st_mem.c @@ -65,3 +65,35 @@ .expected_attach_type = BPF_SK_LOOKUP, .runs = -1, }, +{ + "BPF_ST_MEM stack imm sign", + /* Check if verifier correctly reasons about sign of an + * immediate spilled to stack by BPF_ST instruction. + * + * fp[-8] = -44; + * r0 = fp[-8]; + * if r0 s< 0 goto ret0; + * r0 = -1; + * exit; + * ret0: + * r0 = 0; + * exit; + */ + .insns = { + BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, -44), + BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_10, -8), + BPF_JMP_IMM(BPF_JSLT, BPF_REG_0, 0, 2), + BPF_MOV64_IMM(BPF_REG_0, -1), + BPF_EXIT_INSN(), + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }, + /* Use prog type that requires return value in range [0, 1] */ + .prog_type = BPF_PROG_TYPE_SK_LOOKUP, + .expected_attach_type = BPF_SK_LOOKUP, + .result = VERBOSE_ACCEPT, + .runs = -1, + .errstr = "0: (7a) *(u64 *)(r10 -8) = -44 ; R10=fp0 fp-8_w=-44\ + 2: (c5) if r0 s< 0x0 goto pc+2\ + 2: R0_w=-44", +},