tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

selftests/bpf: verifier/value_adj_spill.c converted to inline assembly

Test verifier/value_adj_spill.c automatically converted to use inline assembly.

Signed-off-by: Eduard Zingerman <eddyz87@gmail.com>
Link: https://lore.kernel.org/r/20230325025524.144043-38-eddyz87@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

authored by

Eduard Zingerman and committed by
Alexei Starovoitov 03391494 ab839a58

+80 -43
+2
tools/testing/selftests/bpf/prog_tests/verifier.c
··· 34 34 #include "verifier_spill_fill.skel.h" 35 35 #include "verifier_stack_ptr.skel.h" 36 36 #include "verifier_uninit.skel.h" 37 + #include "verifier_value_adj_spill.skel.h" 37 38 38 39 __maybe_unused 39 40 static void run_tests_aux(const char *skel_name, skel_elf_bytes_fn elf_bytes_factory) ··· 91 90 void test_verifier_spill_fill(void) { RUN(verifier_spill_fill); } 92 91 void test_verifier_stack_ptr(void) { RUN(verifier_stack_ptr); } 93 92 void test_verifier_uninit(void) { RUN(verifier_uninit); } 93 + void test_verifier_value_adj_spill(void) { RUN(verifier_value_adj_spill); }
+78
tools/testing/selftests/bpf/progs/verifier_value_adj_spill.c
··· 1 + // SPDX-License-Identifier: GPL-2.0 2 + /* Converted from tools/testing/selftests/bpf/verifier/value_adj_spill.c */ 3 + 4 + #include <linux/bpf.h> 5 + #include <bpf/bpf_helpers.h> 6 + #include "bpf_misc.h" 7 + 8 + #define MAX_ENTRIES 11 9 + 10 + struct test_val { 11 + unsigned int index; 12 + int foo[MAX_ENTRIES]; 13 + }; 14 + 15 + struct { 16 + __uint(type, BPF_MAP_TYPE_HASH); 17 + __uint(max_entries, 1); 18 + __type(key, long long); 19 + __type(value, struct test_val); 20 + } map_hash_48b SEC(".maps"); 21 + 22 + SEC("socket") 23 + __description("map element value is preserved across register spilling") 24 + __success __failure_unpriv __msg_unpriv("R0 leaks addr") 25 + __retval(0) 26 + __naked void is_preserved_across_register_spilling(void) 27 + { 28 + asm volatile (" \ 29 + r2 = r10; \ 30 + r2 += -8; \ 31 + r1 = 0; \ 32 + *(u64*)(r2 + 0) = r1; \ 33 + r1 = %[map_hash_48b] ll; \ 34 + call %[bpf_map_lookup_elem]; \ 35 + if r0 == 0 goto l0_%=; \ 36 + r1 = 42; \ 37 + *(u64*)(r0 + 0) = r1; \ 38 + r1 = r10; \ 39 + r1 += -184; \ 40 + *(u64*)(r1 + 0) = r0; \ 41 + r3 = *(u64*)(r1 + 0); \ 42 + r1 = 42; \ 43 + *(u64*)(r3 + 0) = r1; \ 44 + l0_%=: exit; \ 45 + " : 46 + : __imm(bpf_map_lookup_elem), 47 + __imm_addr(map_hash_48b) 48 + : __clobber_all); 49 + } 50 + 51 + SEC("socket") 52 + __description("map element value or null is marked on register spilling") 53 + __success __failure_unpriv __msg_unpriv("R0 leaks addr") 54 + __retval(0) 55 + __naked void is_marked_on_register_spilling(void) 56 + { 57 + asm volatile (" \ 58 + r2 = r10; \ 59 + r2 += -8; \ 60 + r1 = 0; \ 61 + *(u64*)(r2 + 0) = r1; \ 62 + r1 = %[map_hash_48b] ll; \ 63 + call %[bpf_map_lookup_elem]; \ 64 + r1 = r10; \ 65 + r1 += -152; \ 66 + *(u64*)(r1 + 0) = r0; \ 67 + if r0 == 0 goto l0_%=; \ 68 + r3 = *(u64*)(r1 + 0); \ 69 + r1 = 42; \ 70 + *(u64*)(r3 + 0) = r1; \ 71 + l0_%=: exit; \ 72 + " : 73 + : __imm(bpf_map_lookup_elem), 74 + __imm_addr(map_hash_48b) 75 + : __clobber_all); 76 + } 77 + 78 + char _license[] SEC("license") = "GPL";
-43
tools/testing/selftests/bpf/verifier/value_adj_spill.c
··· 1 - { 2 - "map element value is preserved across register spilling", 3 - .insns = { 4 - BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 5 - BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 6 - BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0), 7 - BPF_LD_MAP_FD(BPF_REG_1, 0), 8 - BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 9 - BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 6), 10 - BPF_ST_MEM(BPF_DW, BPF_REG_0, 0, 42), 11 - BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), 12 - BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -184), 13 - BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 0), 14 - BPF_LDX_MEM(BPF_DW, BPF_REG_3, BPF_REG_1, 0), 15 - BPF_ST_MEM(BPF_DW, BPF_REG_3, 0, 42), 16 - BPF_EXIT_INSN(), 17 - }, 18 - .fixup_map_hash_48b = { 3 }, 19 - .errstr_unpriv = "R0 leaks addr", 20 - .result = ACCEPT, 21 - .result_unpriv = REJECT, 22 - }, 23 - { 24 - "map element value or null is marked on register spilling", 25 - .insns = { 26 - BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 27 - BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 28 - BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0), 29 - BPF_LD_MAP_FD(BPF_REG_1, 0), 30 - BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 31 - BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), 32 - BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -152), 33 - BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 0), 34 - BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 2), 35 - BPF_LDX_MEM(BPF_DW, BPF_REG_3, BPF_REG_1, 0), 36 - BPF_ST_MEM(BPF_DW, BPF_REG_3, 0, 42), 37 - BPF_EXIT_INSN(), 38 - }, 39 - .fixup_map_hash_48b = { 3 }, 40 - .errstr_unpriv = "R0 leaks addr", 41 - .result = ACCEPT, 42 - .result_unpriv = REJECT, 43 - },