From patchwork Wed Nov 1 12:33:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hao Sun X-Patchwork-Id: 160536 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:abcd:0:b0:403:3b70:6f57 with SMTP id f13csp384787vqx; Wed, 1 Nov 2023 05:38:34 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHo6tO6l4bZ/7D9vzkEHR8AcmD3psptHrvJnl/w1uz4GwLqjOa+JRfu77TK+Sl42XxKjiZq X-Received: by 2002:ac2:4a79:0:b0:503:90d:e0df with SMTP id q25-20020ac24a79000000b00503090de0dfmr10885219lfp.34.1698842313922; Wed, 01 Nov 2023 05:38:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698842313; cv=none; d=google.com; s=arc-20160816; b=tIiupz6TPFlBvTOkIGKg3kd16JPmZZjFTp20nbjqsmJTnf4CeYIGRG8qu8lQrZn50B TfxLPoPe4/AirCd5QfWV/QudPT6oDSYtee9scqhJYC9yBcRQZeNlI+NA+baaFEvf6HQF vw9P5vFthx/8W/g3Qk3ugQTf45jBe6Zif0k675sGm6eR+ZdoMsrs8fDX61Agb00znOkL GNTCD4OLZNmzFZoKq3AoDROWT5xayL4rVbeybnKknz7gdqQ4dl1oXtUhAvMtpKdKrtCB 930TdzpMJ6y0FSEmoJMZr2R5mL+jL3mcy03tZkIRH4RvbBTtmpU5tSZI7dyS5j6SH/+e DuMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=C/NwfKtoyspxT9DotnbjmoTKFlNWUE7/HmaMh4d/yZM=; fh=jfziyIVOQDNOZBGPiw9gaxcqMRAwxDHSKC0F0xcYq1k=; b=JLg/MlCEWLcfjjDMuDtoyk7F2RHxY3rz8xCbKXgWlXsVhDO/dfyZiE0kiY+Xs2oYC0 K/A+XbYY7M2U6of1WhSu0xAzW4rFny1H0Knx3BDKgrs3Bk190IWJm/Td5XyBUQI1+bDj 4lVzLYYujcjNQNePn6PJHvctOIoYGcJSxKiJxlnmRqu50mRyCC4SERKCAvNZFLBAcCQm wxzcDE+W+rLxPg7tJtKLSF8WIP4bU6dql7jcQxBDumhaMZ3h+cNOJmHcG+VG4loITn5i e+10NEu5CsJYzW4g/i0zhMrDWyS3B0DxDx7sUMs0beMgZXmezXdu10BYldtd9bNi9zjT krzQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=jDubYWjf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id z15-20020a05640235cf00b005435888a89bsi724261edc.279.2023.11.01.05.38.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Nov 2023 05:38:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=jDubYWjf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 0485F8053F8E; Wed, 1 Nov 2023 05:38:04 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343956AbjKAMeG (ORCPT + 35 others); Wed, 1 Nov 2023 08:34:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51102 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343670AbjKAMeF (ORCPT ); Wed, 1 Nov 2023 08:34:05 -0400 Received: from mail-lj1-x230.google.com (mail-lj1-x230.google.com [IPv6:2a00:1450:4864:20::230]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 617A4E4; Wed, 1 Nov 2023 05:34:02 -0700 (PDT) Received: by mail-lj1-x230.google.com with SMTP id 38308e7fff4ca-2c50d1b9f22so87049791fa.0; Wed, 01 Nov 2023 05:34:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1698842040; x=1699446840; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=C/NwfKtoyspxT9DotnbjmoTKFlNWUE7/HmaMh4d/yZM=; b=jDubYWjfISERIunB27vuNZspL9NmWjE1butfVlPShGaRwEctheifwbZSz6O5ge4IMs QKdTE3GtEQky+qJ7hHCopRmkU3dzdnuTD8+k1zXLw6Zi1cVsdYMzPuZnXwV4tRZ03cXc TJK6oe2aYuvXMRGa9rpRN9d1u/LuD+uefoH4a3wbZfcCNZyACRQ7FJjg/3+LxFfXWCXp B7bXWjpvbX0Ag6qui7cgHbG5Lp8PJMKam/Fh7iKa0xN6vuhZEMrQv67f7ToJM/ANQZ6x WxAq15n+ePkiy98vvPt+EDAGQLtQKYpmdxI8+zRMRkjb4VQY1HeIwmqxL8rX7KXacqRQ X0dw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698842040; x=1699446840; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=C/NwfKtoyspxT9DotnbjmoTKFlNWUE7/HmaMh4d/yZM=; b=Oy+eb3D0iyN2HOcfgBfTygCDjPNMM4j8ZDJUDbcJaviriSiUnCAcP3vH/ox3Eg3Vi9 uWDhihum1KCtXb/6U4wRHl8OSjjs6oOoiI6u967mnfjv5jyuWObkU0K+xFnSR3GQkvAX ORsXRDkHoCqjGTwgfVl8+05JaiC3eTFQ+ItDfjjt3gwgyuPz+t1o1fceXKtV6xbemde4 KyBJgEeMYT29VDZ7mDqnVylj4lTx0Ha3jX3JaUfNhhvjOAE7vprwvui6Xpdm3BLOjjyX ijNO/yPQLPEegXYRMSEPDKSalkyoGlX+jyPFNnF8vtT2vg9oyS017GpQ4uGy0Bg48Ke9 vdpA== X-Gm-Message-State: AOJu0YzNgnZafC6m5em5NA4lUVRYdonQTqen3YezQf3GHFAsLLwN95GA CvmNBw1TjpjCP1m01KHJ+A== X-Received: by 2002:a2e:3e1a:0:b0:2bf:ab17:d48b with SMTP id l26-20020a2e3e1a000000b002bfab17d48bmr12931671lja.34.1698842040205; Wed, 01 Nov 2023 05:34:00 -0700 (PDT) Received: from amdsuplus2.inf.ethz.ch (amdsuplus2.inf.ethz.ch. [129.132.31.88]) by smtp.gmail.com with ESMTPSA id fk15-20020a05600c0ccf00b0040849ce7116sm1453505wmb.43.2023.11.01.05.33.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Nov 2023 05:33:59 -0700 (PDT) From: Hao Sun Date: Wed, 01 Nov 2023 13:33:51 +0100 Subject: [PATCH bpf v3 1/2] bpf: Fix check_stack_write_fixed_off() to correctly spill imm MIME-Version: 1.0 Message-Id: <20231101-fix-check-stack-write-v3-1-f05c2b1473d5@gmail.com> References: <20231101-fix-check-stack-write-v3-0-f05c2b1473d5@gmail.com> In-Reply-To: <20231101-fix-check-stack-write-v3-0-f05c2b1473d5@gmail.com> To: Alexei Starovoitov , Daniel Borkmann , John Fastabend , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Mykola Lysenko , Shuah Khan , Eduard Zingerman , Shung-Hsi Yu Cc: bpf@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Hao Sun , stable@vger.kernel.org X-Mailer: b4 0.12.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1698842036; l=2139; i=sunhao.th@gmail.com; s=20231009; h=from:subject:message-id; bh=4BtzXLkq4i2wNmdy8ecUMdiwriJ5sawqxpkEKLH1c/8=; b=sBMS/uPQK6NCw+m9NjK4TUB4ZeIxMxZnXuNhGWMxzje1/bQxqOz6YDGyGxVIIjZWFLm30UKJ2 gMS37A4LHYJDI6FE8DLdpAb5ihedoaHU20y5UFPcAWzxZ4Fis0HB235 X-Developer-Key: i=sunhao.th@gmail.com; a=ed25519; pk=AHFxrImGtyqXOuw4f5xTNh4PGReb7hzD86ayyTZCXd4= X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Wed, 01 Nov 2023 05:38:04 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781365278475464198 X-GMAIL-MSGID: 1781365278475464198 In check_stack_write_fixed_off(), imm value is cast to u32 before being spilled to the stack. Therefore, the sign information is lost, and the range information is incorrect when load from the stack again. For the following prog: 0: r2 = r10 1: *(u64*)(r2 -40) = -44 2: r0 = *(u64*)(r2 - 40) 3: if r0 s<= 0xa goto +2 4: r0 = 1 5: exit 6: r0 = 0 7: exit The verifier gives: func#0 @0 0: R1=ctx(off=0,imm=0) R10=fp0 0: (bf) r2 = r10 ; R2_w=fp0 R10=fp0 1: (7a) *(u64 *)(r2 -40) = -44 ; R2_w=fp0 fp-40_w=4294967252 2: (79) r0 = *(u64 *)(r2 -40) ; R0_w=4294967252 R2_w=fp0 fp-40_w=4294967252 3: (c5) if r0 s< 0xa goto pc+2 mark_precise: frame0: last_idx 3 first_idx 0 subseq_idx -1 mark_precise: frame0: regs=r0 stack= before 2: (79) r0 = *(u64 *)(r2 -40) 3: R0_w=4294967252 4: (b7) r0 = 1 ; R0_w=1 5: (95) exit verification time 7971 usec stack depth 40 processed 6 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0 So remove the incorrect cast, since imm field is declared as s32, and __mark_reg_known() takes u64, so imm would be correctly sign extended by compiler. Fixes: ecdf985d7615 ("bpf: track immediate values written to stack by BPF_ST instruction") Cc: stable@vger.kernel.org Signed-off-by: Hao Sun Acked-by: Shung-Hsi Yu Acked-by: Eduard Zingerman --- kernel/bpf/verifier.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 857d76694517..44af69ce1301 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -4674,7 +4674,7 @@ static int check_stack_write_fixed_off(struct bpf_verifier_env *env, insn->imm != 0 && env->bpf_capable) { struct bpf_reg_state fake_reg = {}; - __mark_reg_known(&fake_reg, (u32)insn->imm); + __mark_reg_known(&fake_reg, insn->imm); fake_reg.type = SCALAR_VALUE; save_register_state(state, spi, &fake_reg, size); } else if (reg && is_spillable_regtype(reg->type)) { From patchwork Wed Nov 1 12:33:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hao Sun X-Patchwork-Id: 160533 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:abcd:0:b0:403:3b70:6f57 with SMTP id f13csp382495vqx; Wed, 1 Nov 2023 05:34:35 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGLaahBieAY0Q70CoqizZkjrMiFJyhXukC82Yc6ASD3IFDompS+zsoLRMCv+hy8qRNvKBXy X-Received: by 2002:a17:902:cecc:b0:1cc:5505:fff3 with SMTP id d12-20020a170902cecc00b001cc5505fff3mr7567712plg.30.1698842075342; Wed, 01 Nov 2023 05:34:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698842075; cv=none; d=google.com; s=arc-20160816; b=bf8B8YXtsycB7xx7wpOWab3EMzpvDG2QEPKDnzYJaJD0BLueSCsiM+kD472UU/zleN ToKGMy+NrsLmz2FeSsgs7wwNiJFN92j4UGAfWQHgKVzM49mxaY3BMBTp/rIJHgWHosNV Lnoa45y4s9zR4rUvYdAJ7JSsLIQNeUuLjRG0hpVaufvhrDw60gfD40QPuTM9p2IXMnqb 4db1/qxylK7s2r6AcJDZFjA6ViXqUJuPGUl9eJE/yIJDMHAwgtApRU6nMHv3hUWMqZ1Z RZKGptdRypYwnCsq1+e+mvoZy3uOmOar5SIwb+TQnM6hhpJKj0V0c08t7LqkNs7j9uea weBA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:in-reply-to:references:message-id :content-transfer-encoding:mime-version:subject:date:from :dkim-signature; bh=S9Pg+WxBX7vVh8/93O1aJ08ibN1FlpxRcOHpc2+Gdpw=; fh=8hmxUlMoo9DjnB1CyzFj79xM7lkYj89TBjjY0Dg9ibY=; b=KNBgWemkGAlRAOnN9GWZvVlXVPjh8A7jJSqeXWs+lFUaXzuS1mxxoBVzeevKue5bbR 95vzAeIf+351wZLGDliVQIp1FoU8k0XDwpwaoKMbwtz7CixwbzP2W0CR/5XzI65yUGc7 nEornKxdIUuKC132ePgBMihCjTRg98fnhvDBWFt66K1TT5/NmzGdZB8CXnnYTfLchVDW et81QTlmhCo02Z8tYNSp4h8hYznt6QW4i00uudZY3j1oboSxzz6CzyIfOZ2FvJOfMz6E GMPE2xtIcbTykmuVXCsg66kugPt/gKe3MiDiFNHyAxfxoIrF5FnBKL4iCpx/2F0wHOOD EuNg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=ltM61i4f; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2]) by mx.google.com with ESMTPS id t8-20020a170902e84800b001c736266dedsi3039361plg.189.2023.11.01.05.34.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Nov 2023 05:34:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=ltM61i4f; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 1DCD780A9168; Wed, 1 Nov 2023 05:34:33 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343986AbjKAMeL (ORCPT + 35 others); Wed, 1 Nov 2023 08:34:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51104 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343969AbjKAMeH (ORCPT ); Wed, 1 Nov 2023 08:34:07 -0400 Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 42A58102; Wed, 1 Nov 2023 05:34:04 -0700 (PDT) Received: by mail-lf1-x12a.google.com with SMTP id 2adb3069b0e04-50930f126b1so2599142e87.3; Wed, 01 Nov 2023 05:34:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1698842042; x=1699446842; darn=vger.kernel.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=S9Pg+WxBX7vVh8/93O1aJ08ibN1FlpxRcOHpc2+Gdpw=; b=ltM61i4fimw0ZVsKQFv6OCcJFxHluZEYZLk+Fw4nglPa9ZFnCB4fklag9KxeqLvxu4 0n3WvJUeasDI8VDC1Ecj4XzsQu28uTuMiuGBwDGFihYIkMbHFLckZ2D6O0RC7DeDuXfp PV833CDxdpEQS/QW9XwtU9fQfUFnB/DJuxEbYfPLv9rAjUvbiLEd4+AHbp3CkpLycy/o hO0tQVjgxvJ7KgcOt/p8hEZQPeQWain98xWKkOaX2FPpWPwyNur7+oXNGDkcPiSagnSs IQtSlce1FexN7Ta5Ujt/oJZ1m/py9gs1fZvcOdY8u6ZuaHa6TAxdMMq5O2la0eylEwif 2PEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698842042; x=1699446842; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=S9Pg+WxBX7vVh8/93O1aJ08ibN1FlpxRcOHpc2+Gdpw=; b=jzXElyPFLhZwO36G6pjg+yf8T/o8I3YmDwdVQEqpRi1Q2nw4ibZncb7nATjxjCTv6J G0gJgOrxRKZSmfZwvUAYQELjYXkf89ChLBHQjTo7K1ih6vgUvrCrHE8bRpI25fQ85vMM mcSgGxOHfwl8tDyMMGFgfF02cbQYNXh7XEiiPfyROyXnwBeVPHzQnJE5MOcIehuGS2gt FZBlAt71WanmMg70us7GezGt+9VN/5eZk0Jp9kl7aUQuQJhchTBlDPAgDxKqhD/u1LCF Jtl/j5pDKGWMQfS1ko8FiPIrGdZxLEDj2qnh9XszmOaYWt8+JKtPDRazR7x3BCrLO6NT vN3g== X-Gm-Message-State: AOJu0YzACMhzXDM8QWilffGWy2hEokVVTSQhYOaZAWOF1oSRvfKdBz+t QSpdRZh1jCJYvXJVZmftp7vUT1dBzA== X-Received: by 2002:ac2:5a4c:0:b0:4f9:51ac:41eb with SMTP id r12-20020ac25a4c000000b004f951ac41ebmr11108529lfn.16.1698842042115; Wed, 01 Nov 2023 05:34:02 -0700 (PDT) Received: from amdsuplus2.inf.ethz.ch (amdsuplus2.inf.ethz.ch. [129.132.31.88]) by smtp.gmail.com with ESMTPSA id fk15-20020a05600c0ccf00b0040849ce7116sm1453505wmb.43.2023.11.01.05.34.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Nov 2023 05:34:00 -0700 (PDT) From: Hao Sun Date: Wed, 01 Nov 2023 13:33:52 +0100 Subject: [PATCH bpf v3 2/2] selftests/bpf: Add test for immediate spilled to stack MIME-Version: 1.0 Message-Id: <20231101-fix-check-stack-write-v3-2-f05c2b1473d5@gmail.com> References: <20231101-fix-check-stack-write-v3-0-f05c2b1473d5@gmail.com> In-Reply-To: <20231101-fix-check-stack-write-v3-0-f05c2b1473d5@gmail.com> To: Alexei Starovoitov , Daniel Borkmann , John Fastabend , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Mykola Lysenko , Shuah Khan , Eduard Zingerman , Shung-Hsi Yu Cc: bpf@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, Hao Sun X-Mailer: b4 0.12.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1698842036; l=1559; i=sunhao.th@gmail.com; s=20231009; h=from:subject:message-id; bh=X708/twj4ALP3sH/UCKpd3VcD0BtAnZ51P5Y+lRiPRs=; b=++oeE46PI1J1crf5k1aYBSJFGizoKfdmleJvtvCppmRPIRWoLkWYWOgFnuBuvRm0LbN0LU73p 3GjqBRHyVTzB9WCDwWMoEWvY2xJsO31BC3cO6OBZh0tFUue4GzS0CxR X-Developer-Key: i=sunhao.th@gmail.com; a=ed25519; pk=AHFxrImGtyqXOuw4f5xTNh4PGReb7hzD86ayyTZCXd4= X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Wed, 01 Nov 2023 05:34:33 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781365028087532655 X-GMAIL-MSGID: 1781365028087532655 Add a test to check if the verifier correctly reason about the sign of an immediate spilled to stack by BPF_ST instruction. Signed-off-by: Hao Sun --- tools/testing/selftests/bpf/verifier/bpf_st_mem.c | 32 +++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/tools/testing/selftests/bpf/verifier/bpf_st_mem.c b/tools/testing/selftests/bpf/verifier/bpf_st_mem.c index 3af2501082b2..b616575c3b00 100644 --- a/tools/testing/selftests/bpf/verifier/bpf_st_mem.c +++ b/tools/testing/selftests/bpf/verifier/bpf_st_mem.c @@ -65,3 +65,35 @@ .expected_attach_type = BPF_SK_LOOKUP, .runs = -1, }, +{ + "BPF_ST_MEM stack imm sign", + /* Check if verifier correctly reasons about sign of an + * immediate spilled to stack by BPF_ST instruction. + * + * fp[-8] = -44; + * r0 = fp[-8]; + * if r0 s< 0 goto ret0; + * r0 = -1; + * exit; + * ret0: + * r0 = 0; + * exit; + */ + .insns = { + BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, -44), + BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_10, -8), + BPF_JMP_IMM(BPF_JSLT, BPF_REG_0, 0, 2), + BPF_MOV64_IMM(BPF_REG_0, -1), + BPF_EXIT_INSN(), + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }, + /* Use prog type that requires return value in range [0, 1] */ + .prog_type = BPF_PROG_TYPE_SK_LOOKUP, + .expected_attach_type = BPF_SK_LOOKUP, + .result = VERBOSE_ACCEPT, + .runs = -1, + .errstr = "0: (7a) *(u64 *)(r10 -8) = -44 ; R10=fp0 fp-8_w=-44\ + 2: (c5) if r0 s< 0x0 goto pc+2\ + R0_w=-44", +},