Skip to content

Commit fc559a7

Browse files
Alexei Starovoitovborkmann
Alexei Starovoitov
authored and
borkmann
committed
selftests/bpf: fix tests due to const spill/fill
fix tests that incorrectly assumed that the verifier cannot track constants through stack. Signed-off-by: Alexei Starovoitov <[email protected]> Acked-by: Andrii Nakryiko <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]>
1 parent f7cf25b commit fc559a7

File tree

2 files changed

+17
-14
lines changed

2 files changed

+17
-14
lines changed

tools/testing/selftests/bpf/verifier/direct_packet_access.c

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -511,7 +511,8 @@
511511
offsetof(struct __sk_buff, data)),
512512
BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
513513
offsetof(struct __sk_buff, data_end)),
514-
BPF_MOV64_IMM(BPF_REG_0, 0xffffffff),
514+
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
515+
offsetof(struct __sk_buff, mark)),
515516
BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -8),
516517
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_10, -8),
517518
BPF_ALU64_IMM(BPF_AND, BPF_REG_0, 0xffff),

tools/testing/selftests/bpf/verifier/helper_access_var_len.c

Lines changed: 15 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -29,9 +29,9 @@
2929
{
3030
"helper access to variable memory: stack, bitwise AND, zero included",
3131
.insns = {
32+
BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, 8),
3233
BPF_MOV64_REG(BPF_REG_1, BPF_REG_10),
3334
BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -64),
34-
BPF_MOV64_IMM(BPF_REG_2, 16),
3535
BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_2, -128),
3636
BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, -128),
3737
BPF_ALU64_IMM(BPF_AND, BPF_REG_2, 64),
@@ -46,9 +46,9 @@
4646
{
4747
"helper access to variable memory: stack, bitwise AND + JMP, wrong max",
4848
.insns = {
49+
BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, 8),
4950
BPF_MOV64_REG(BPF_REG_1, BPF_REG_10),
5051
BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -64),
51-
BPF_MOV64_IMM(BPF_REG_2, 16),
5252
BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_2, -128),
5353
BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, -128),
5454
BPF_ALU64_IMM(BPF_AND, BPF_REG_2, 65),
@@ -122,9 +122,9 @@
122122
{
123123
"helper access to variable memory: stack, JMP, bounds + offset",
124124
.insns = {
125+
BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, 8),
125126
BPF_MOV64_REG(BPF_REG_1, BPF_REG_10),
126127
BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -64),
127-
BPF_MOV64_IMM(BPF_REG_2, 16),
128128
BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_2, -128),
129129
BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, -128),
130130
BPF_JMP_IMM(BPF_JGT, BPF_REG_2, 64, 5),
@@ -143,9 +143,9 @@
143143
{
144144
"helper access to variable memory: stack, JMP, wrong max",
145145
.insns = {
146+
BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, 8),
146147
BPF_MOV64_REG(BPF_REG_1, BPF_REG_10),
147148
BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -64),
148-
BPF_MOV64_IMM(BPF_REG_2, 16),
149149
BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_2, -128),
150150
BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, -128),
151151
BPF_JMP_IMM(BPF_JGT, BPF_REG_2, 65, 4),
@@ -163,9 +163,9 @@
163163
{
164164
"helper access to variable memory: stack, JMP, no max check",
165165
.insns = {
166+
BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, 8),
166167
BPF_MOV64_REG(BPF_REG_1, BPF_REG_10),
167168
BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -64),
168-
BPF_MOV64_IMM(BPF_REG_2, 16),
169169
BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_2, -128),
170170
BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, -128),
171171
BPF_MOV64_IMM(BPF_REG_4, 0),
@@ -183,9 +183,9 @@
183183
{
184184
"helper access to variable memory: stack, JMP, no min check",
185185
.insns = {
186+
BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, 8),
186187
BPF_MOV64_REG(BPF_REG_1, BPF_REG_10),
187188
BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -64),
188-
BPF_MOV64_IMM(BPF_REG_2, 16),
189189
BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_2, -128),
190190
BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, -128),
191191
BPF_JMP_IMM(BPF_JGT, BPF_REG_2, 64, 3),
@@ -201,9 +201,9 @@
201201
{
202202
"helper access to variable memory: stack, JMP (signed), no min check",
203203
.insns = {
204+
BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, 8),
204205
BPF_MOV64_REG(BPF_REG_1, BPF_REG_10),
205206
BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -64),
206-
BPF_MOV64_IMM(BPF_REG_2, 16),
207207
BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_2, -128),
208208
BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, -128),
209209
BPF_JMP_IMM(BPF_JSGT, BPF_REG_2, 64, 3),
@@ -244,14 +244,15 @@
244244
{
245245
"helper access to variable memory: map, JMP, wrong max",
246246
.insns = {
247+
BPF_LDX_MEM(BPF_DW, BPF_REG_6, BPF_REG_1, 8),
247248
BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
248249
BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
249250
BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0),
250251
BPF_LD_MAP_FD(BPF_REG_1, 0),
251252
BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
252253
BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 10),
253254
BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
254-
BPF_MOV64_IMM(BPF_REG_2, sizeof(struct test_val)),
255+
BPF_MOV64_REG(BPF_REG_2, BPF_REG_6),
255256
BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -128),
256257
BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_10, -128),
257258
BPF_JMP_IMM(BPF_JSGT, BPF_REG_2, sizeof(struct test_val) + 1, 4),
@@ -262,7 +263,7 @@
262263
BPF_MOV64_IMM(BPF_REG_0, 0),
263264
BPF_EXIT_INSN(),
264265
},
265-
.fixup_map_hash_48b = { 3 },
266+
.fixup_map_hash_48b = { 4 },
266267
.errstr = "invalid access to map value, value_size=48 off=0 size=49",
267268
.result = REJECT,
268269
.prog_type = BPF_PROG_TYPE_TRACEPOINT,
@@ -296,6 +297,7 @@
296297
{
297298
"helper access to variable memory: map adjusted, JMP, wrong max",
298299
.insns = {
300+
BPF_LDX_MEM(BPF_DW, BPF_REG_6, BPF_REG_1, 8),
299301
BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
300302
BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
301303
BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0),
@@ -304,7 +306,7 @@
304306
BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 11),
305307
BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
306308
BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 20),
307-
BPF_MOV64_IMM(BPF_REG_2, sizeof(struct test_val)),
309+
BPF_MOV64_REG(BPF_REG_2, BPF_REG_6),
308310
BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -128),
309311
BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_10, -128),
310312
BPF_JMP_IMM(BPF_JSGT, BPF_REG_2, sizeof(struct test_val) - 19, 4),
@@ -315,7 +317,7 @@
315317
BPF_MOV64_IMM(BPF_REG_0, 0),
316318
BPF_EXIT_INSN(),
317319
},
318-
.fixup_map_hash_48b = { 3 },
320+
.fixup_map_hash_48b = { 4 },
319321
.errstr = "R1 min value is outside of the array range",
320322
.result = REJECT,
321323
.prog_type = BPF_PROG_TYPE_TRACEPOINT,
@@ -337,8 +339,8 @@
337339
{
338340
"helper access to variable memory: size > 0 not allowed on NULL (ARG_PTR_TO_MEM_OR_NULL)",
339341
.insns = {
342+
BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 0),
340343
BPF_MOV64_IMM(BPF_REG_1, 0),
341-
BPF_MOV64_IMM(BPF_REG_2, 1),
342344
BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -128),
343345
BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_10, -128),
344346
BPF_ALU64_IMM(BPF_AND, BPF_REG_2, 64),
@@ -562,6 +564,7 @@
562564
{
563565
"helper access to variable memory: 8 bytes leak",
564566
.insns = {
567+
BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, 8),
565568
BPF_MOV64_REG(BPF_REG_1, BPF_REG_10),
566569
BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -64),
567570
BPF_MOV64_IMM(BPF_REG_0, 0),
@@ -572,7 +575,6 @@
572575
BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -24),
573576
BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -16),
574577
BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -8),
575-
BPF_MOV64_IMM(BPF_REG_2, 1),
576578
BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -128),
577579
BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_10, -128),
578580
BPF_ALU64_IMM(BPF_AND, BPF_REG_2, 63),

0 commit comments

Comments
 (0)