bpf: Selftests, verifier case for non null pointer map value branch

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

When we have pointer type that is known to be non-null we only follow
the non-null branch. This adds tests to cover the map_value pointer
returned from a map lookup. To force an error if both branches are
followed we do an ALU op on R10.

Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Andrii Nakryiko <andriin@fb.com>
Link: https://lore.kernel.org/bpf/159009168650.6313.7434084136067263554.stgit@john-Precision-5820-Tower

authored by

John Fastabend and committed by

Alexei Starovoitov 5 years ago f9b16ec0 c72b5cbb

+19

1 changed file

expand all

tools

testing

selftests

bpf

verifier

value_or_null.c

+19

tools/testing/selftests/bpf/verifier/value_or_null.c

··· 150 150 .result_unpriv = REJECT, 151 151 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 152 152 }, 153 + { 154 + "map lookup and null branch prediction", 155 + .insns = { 156 + BPF_MOV64_IMM(BPF_REG_1, 10), 157 + BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_1, -8), 158 + BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 159 + BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 160 + BPF_LD_MAP_FD(BPF_REG_1, 0), 161 + BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 162 + BPF_MOV64_REG(BPF_REG_6, BPF_REG_0), 163 + BPF_JMP_IMM(BPF_JEQ, BPF_REG_6, 0, 2), 164 + BPF_JMP_IMM(BPF_JNE, BPF_REG_6, 0, 1), 165 + BPF_ALU64_IMM(BPF_ADD, BPF_REG_10, 10), 166 + BPF_EXIT_INSN(), 167 + }, 168 + .fixup_map_hash_8b = { 4 }, 169 + .prog_type = BPF_PROG_TYPE_SCHED_CLS, 170 + .result = ACCEPT, 171 + },