tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
selftests/bpf: Clobber a lot of registers in tailcall_bpf2bpf_hierarchy tests
Clobbering a lot of registers and stack slots helps exposing tail call
counter overwrite bugs in JITs.
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20250813121016.163375-5-iii@linux.ibm.com
authored by
Ilya Leoshkevich
and committed by
Daniel Borkmann
12741630
bc3905a7
+30
+18
tools/testing/selftests/bpf/progs/bpf_test_utils.h
+18
tools/testing/selftests/bpf/progs/bpf_test_utils.h
···
1
+
/* SPDX-License-Identifier: GPL-2.0 */
2
+
#ifndef __BPF_TEST_UTILS_H__
3
+
#define __BPF_TEST_UTILS_H__
4
+
5
+
#include <bpf/bpf_helpers.h>
6
+
#include "bpf_misc.h"
7
+
8
+
/* Clobber as many native registers and stack slots as possible. */
9
+
static __always_inline void clobber_regs_stack(void)
10
+
{
11
+
char tmp_str[] = "123456789";
12
+
unsigned long tmp;
13
+
14
+
bpf_strtoul(tmp_str, sizeof(tmp_str), 0, &tmp);
15
+
__sink(tmp);
16
+
}
17
+
18
+
#endif
+3
tools/testing/selftests/bpf/progs/tailcall_bpf2bpf_hierarchy1.c
+3
tools/testing/selftests/bpf/progs/tailcall_bpf2bpf_hierarchy1.c
···
2
2
#include <linux/bpf.h>
3
3
#include <bpf/bpf_helpers.h>
4
4
#include "bpf_legacy.h"
5
+
#include "bpf_test_utils.h"
5
6
6
7
struct {
7
8
__uint(type, BPF_MAP_TYPE_PROG_ARRAY);
···
24
23
int entry(struct __sk_buff *skb)
25
24
{
26
25
int ret = 1;
26
+
27
+
clobber_regs_stack();
27
28
28
29
count++;
29
30
subprog_tail(skb);
+3
tools/testing/selftests/bpf/progs/tailcall_bpf2bpf_hierarchy2.c
+3
tools/testing/selftests/bpf/progs/tailcall_bpf2bpf_hierarchy2.c
···
2
2
#include <linux/bpf.h>
3
3
#include <bpf/bpf_helpers.h>
4
4
#include "bpf_misc.h"
5
+
#include "bpf_test_utils.h"
5
6
6
7
int classifier_0(struct __sk_buff *skb);
7
8
int classifier_1(struct __sk_buff *skb);
···
60
59
int tailcall_bpf2bpf_hierarchy_2(struct __sk_buff *skb)
61
60
{
62
61
int ret = 0;
62
+
63
+
clobber_regs_stack();
63
64
64
65
subprog_tail0(skb);
65
66
subprog_tail1(skb);
+3
tools/testing/selftests/bpf/progs/tailcall_bpf2bpf_hierarchy3.c
+3
tools/testing/selftests/bpf/progs/tailcall_bpf2bpf_hierarchy3.c
···
2
2
#include <linux/bpf.h>
3
3
#include <bpf/bpf_helpers.h>
4
4
#include "bpf_misc.h"
5
+
#include "bpf_test_utils.h"
5
6
6
7
int classifier_0(struct __sk_buff *skb);
7
8
···
53
52
int tailcall_bpf2bpf_hierarchy_3(struct __sk_buff *skb)
54
53
{
55
54
int ret = 0;
55
+
56
+
clobber_regs_stack();
56
57
57
58
bpf_tail_call_static(skb, &jmp_table0, 0);
58
59
+3
tools/testing/selftests/bpf/progs/tailcall_bpf2bpf_hierarchy_fentry.c
+3
tools/testing/selftests/bpf/progs/tailcall_bpf2bpf_hierarchy_fentry.c
···
4
4
#include "vmlinux.h"
5
5
#include <bpf/bpf_helpers.h>
6
6
#include <bpf/bpf_tracing.h>
7
+
#include "bpf_test_utils.h"
7
8
8
9
struct {
9
10
__uint(type, BPF_MAP_TYPE_PROG_ARRAY);
···
25
24
SEC("fentry/dummy")
26
25
int BPF_PROG(fentry, struct sk_buff *skb)
27
26
{
27
+
clobber_regs_stack();
28
+
28
29
count++;
29
30
subprog_tail(ctx);
30
31
subprog_tail(ctx);