selftests/bpf: Range analysis test case for JSET

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

This patch adds coverage for the warning detected by syzkaller and fixed
in the previous patch. Without the previous patch, this test fails with:

verifier bug: REG INVARIANTS VIOLATION (false_reg1): range bounds
violation u64=[0x0, 0x0] s64=[0x0, 0x0] u32=[0x1, 0x0] s32=[0x0, 0x0]
var_off=(0x0, 0x0)(1)

Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
Acked-by: Yonghong Song <yonghong.song@linux.dev>
Link: https://lore.kernel.org/r/c7893be1170fdbcf64e0200c110cdbd360ce7086.1752171365.git.paul.chaignon@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

authored by

Paul Chaignon and committed by

Alexei Starovoitov 8 months ago d81526a6 6279846b

+18

1 changed file

expand all

tools

testing

selftests

bpf

progs

verifier_bounds.c

+18

tools/testing/selftests/bpf/progs/verifier_bounds.c

··· 2 2 /* Converted from tools/testing/selftests/bpf/verifier/bounds.c */ 3 3 4 4 #include <linux/bpf.h> 5 + #include <../../../include/linux/filter.h> 5 6 #include <bpf/bpf_helpers.h> 6 7 #include "bpf_misc.h" 7 8 ··· 1530 1529 "exit" 1531 1530 : 1532 1531 : __imm(bpf_get_prandom_u32) 1532 + : __clobber_all); 1533 + } 1534 + 1535 + SEC("socket") 1536 + __description("dead branch on jset, does not result in invariants violation error") 1537 + __success __log_level(2) 1538 + __retval(0) __flag(BPF_F_TEST_REG_INVARIANTS) 1539 + __naked void jset_range_analysis(void) 1540 + { 1541 + asm volatile (" \ 1542 + call %[bpf_get_netns_cookie]; \ 1543 + if r0 == 0 goto l0_%=; \ 1544 + if r0 & 0xffffffff goto +0; \ 1545 + l0_%=: r0 = 0; \ 1546 + exit; \ 1547 + " : 1548 + : __imm(bpf_get_netns_cookie) 1533 1549 : __clobber_all); 1534 1550 } 1535 1551