From patchwork Thu Nov 2 05:39:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Shung-Hsi Yu X-Patchwork-Id: 13443416 X-Patchwork-Delegate: bpf@iogearbox.net Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E29784C92 for ; Thu, 2 Nov 2023 05:40:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=suse.com header.i=@suse.com header.b="Eo2c/t6V" Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on2047.outbound.protection.outlook.com [40.107.8.47]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 23425127; Wed, 1 Nov 2023 22:39:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iWoYVNkaWa/HwppkdMZcBVeT5hB/saKhby+rI7l0mRk4TIhPGZHNtt+nAK9Q3rRpyOWobGX3F09Jzyi6Wo7f4rswiVzloKJ/eE7GhQdSlSeReqBTi+IiRsgpSyxG54e7WJDlqKQqeHBgUYFxmXOL4B4AGxNivAKJQ+5ajGhXDvHC7VNNrxPQmWSlRO5iBhVGeuv9/CcXHOR/+viuGewFNRvsCFdy+Mugw30Ml6PXj4QcCNzqwiWNrVHQyySknmZuWpSHf8JGrUmBCL8tQXsRsLMobkDS9qWL8YmoFUpzM+50k0d28SkiU00Z22nwWKfQHFOVZ5yObSlYRt7RmIv9ew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CoeMHK1uLtLSRZ3BZi7F8b7wPIodeCsSUeSs0Hy+/G0=; b=GF4KL2MfanMmRX7tpjR5eGbbya08p1D05Tx8hk+tFDSJzPgS3Wrh2fgcqIL34irOCjFq65N+pnpfDfnRo4gew8l1FHkeUZNrDmaTLOm+B5lMPbF1gO6Ljz2Rrd3QIviH3kWUyIVkBqj6aOVRj1hEGw6YDFNaPllMa2WpokjWB5FhlW3/TA65UuYdcQyAfKI2M0hcpbNrUSPNYkrJn7YNC9TnYAOEbKx6zIpblyzTZoHBgnv4Eymnwo6fKy1jSB4ToTiDlFMmFNySJQEX+H4rCRjJQiWzP5S9mf+nxxA9j2L1GFol18LDyose+1RjrEBx5qDaTfihkwtO6VbdOh0MIQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CoeMHK1uLtLSRZ3BZi7F8b7wPIodeCsSUeSs0Hy+/G0=; b=Eo2c/t6VGTwzh4Bl/b5odNJsLOQla/66ROvZxbAPXnUsGOxB6upyabX1pD/sXfsBQE2vGPmJfpuo1+X7hW8jH3nexYLhlqAt1x0OkCDopyLwZSVwHnQgFtNgmlrPySTIkLRx0pQ50yZBdnf6apZ18X7R5XpG9xX0CZswwMUL554RQQFAni8qOmMECeio5BBemcPHl/H1OJYlkhleAciKUGhultyO6WXLMMpcW+twmWGVMA68Mx7ihGrcwwaUjECEdz0a5/v3mPCy8gDVaxjbO5RaRwRm1wjYxQNa8KZTGoBAQRC+xCva+LbjdbBRgb4UPQ1KgJN9qbh5dLkrn3Zi6g== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Received: from AS8PR04MB9510.eurprd04.prod.outlook.com (2603:10a6:20b:44a::11) by AS8PR04MB7687.eurprd04.prod.outlook.com (2603:10a6:20b:291::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.19; Thu, 2 Nov 2023 05:39:56 +0000 Received: from AS8PR04MB9510.eurprd04.prod.outlook.com ([fe80::9f3e:3b47:5ccd:c47c]) by AS8PR04MB9510.eurprd04.prod.outlook.com ([fe80::9f3e:3b47:5ccd:c47c%6]) with mapi id 15.20.6954.019; Thu, 2 Nov 2023 05:39:56 +0000 From: Shung-Hsi Yu To: bpf@vger.kernel.org Cc: Shung-Hsi Yu , Daniel Borkmann , Alexei Starovoitov , =?utf-8?q?Toke_H=C3=B8iland-J=C3=B8rgensen?= , John Fastabend , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Eduard Zingerman , stable@vger.kernel.org, Mohamed Mahmoud , Tao Lyu Subject: [PATCH bpf v1 1/2] bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END Date: Thu, 2 Nov 2023 13:39:03 +0800 Message-ID: <20231102053913.12004-2-shung-hsi.yu@suse.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20231102053913.12004-1-shung-hsi.yu@suse.com> References: <20231102053913.12004-1-shung-hsi.yu@suse.com> X-ClientProxiedBy: TYWPR01CA0041.jpnprd01.prod.outlook.com (2603:1096:400:17f::16) To AS8PR04MB9510.eurprd04.prod.outlook.com (2603:10a6:20b:44a::11) Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR04MB9510:EE_|AS8PR04MB7687:EE_ X-MS-Office365-Filtering-Correlation-Id: 21093481-b571-4f27-be44-08dbdb662583 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: TlkcW0bz/cnsBBJwUveg5h3ESl1tFfDPIhqdBoNXamUBPSJGY8eEFlscCnGkG8ZpfCFxzfsGLbLW10rbG94kKjyLJ4/UZIxZ5dIuR0nwvB268R+ZCQVNnDAajT07roQuIGX5BL20Oa9xAYbh5QK1YQM0cGGwczQLR5MyWqJie0m4J90XtNilNx1w+qfhem6fz/XP5ceL7CtXPPG0GrmyKfhz8TdW/yJrwMflJ3a0EAgMykWnTswjBE+PyAqTzEgcAdpk+7uIo0fdXyCNUB5DBg8/EXI5W/YssRaRFsDvB1pj9t+AbTxOM4QsQcMAJIIMQQwqdBOexfapdkwYPNqgJKQNI2UGacte/HaU5sg2PgYaZcsYPgwfUmZWwshXEUEBdboo5Q7qqx9oL56L6iBfA/bRXgi1Xxk+OLsqb7iw/cx/cgDSoxbcbZAlOvCiW37nqgUeAynmoAqsi+awOQVHznEwfLQQdZjuv/5t/f35Fn+TE2720QbRSSeMaoMqCMg72vRpmF7i22YxTPLIEx+QOb3OzGCL5zuA2fkLTPUhTVw= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR04MB9510.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(136003)(396003)(366004)(346002)(39860400002)(376002)(230922051799003)(186009)(64100799003)(451199024)(1800799009)(7416002)(41300700001)(54906003)(316002)(6916009)(66476007)(66946007)(2906002)(8676002)(6486002)(8936002)(5660300002)(4326008)(478600001)(966005)(38100700002)(6506007)(2616005)(6512007)(36756003)(83380400001)(66556008)(1076003)(6666004)(66574015)(86362001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?7qwtlniY7PkvdGjb8z09w+wb6i+q?= =?utf-8?q?A3vp2M31Ay7BqYfyodIe8JtqvLXeUfg/esIOxLygFYYzZOvaoS8v08PdqjBilM7bH?= =?utf-8?q?7WrA60U6tomAd2I4B668red4eSYzd6MJwG24BUwsQSWEXFPhauD420EJLUu1upnpt?= =?utf-8?q?gf1mDgiyx/byaG9puEhP6ft2lI1I8aWSM3kLjLm+V45SGfEFzMSF6BAI1WwvZYEvS?= =?utf-8?q?1saBPwcwgb40OhBv6WSxZBbXQAJOqKCB6NmmcpCwTi/kj+373D1kwKSdm/YVjg/TF?= =?utf-8?q?DDsmfzWmjZzf6LTrFcGEnj8ua4T/TmoWqyQ63XuYDV3ezSw9EtyVs2IClVW2cJZY8?= =?utf-8?q?bggVI4IiIm+F6kfaAYdzLMtEhaXUL04TWdC7dKNed1bluIQ/h7XMmadvdcwpo7wT5?= =?utf-8?q?o/vwLIdFEq2WxUx/glhXpGl1MWaKXnZea1Hc0u7uqNBQR8XPqXl97ugcW4KoPhruL?= =?utf-8?q?5JDfo+/zPVp8bvp8NjcPdroq8NsxJ5PZRT49KZN0nA4eADljbUKlygP4HsBkSgvTU?= =?utf-8?q?h9cljMfHi4gb2KEqZGRHZd8jwvvyEddFrbRt4vNhPXn6DIJ431FKMsNduzITPAj9i?= =?utf-8?q?wlTUONBiu5nD5Ghu36mEBdE2J+fpw3MmIkKz3/PmL3QgpKGXzFKzuBNZyA4cF9OK6?= =?utf-8?q?bT6VPf9/PlqLpzn79MorvB0mjsGSx3GldCBtMuTfviQmLkN0mh9ZXNjpV102RrovP?= =?utf-8?q?cRTIecfGLJx94xqxyGVy/KKWrfM2HHxKgvIQfuhVee72O+oNsY/CNOvqbpNZDS5qA?= =?utf-8?q?jS5A5PgJHA7CEWVam5Y2NTlwGeKGdY0L1Rf+T0Q9ZbnGf/SUp6OTJT6aYulgHzINd?= =?utf-8?q?laeUv1HVcMJNZg1xQNduyKVHIiBOP63u7S/nP3ItHlIMY12CBcKn6CxESetJVyBr6?= =?utf-8?q?3WKKiGogtWI9t/nuYI1mllWuynvqb0LC9xJ7sS+WJ6BdPxjk8fG1fpcouhGX9Rhfu?= =?utf-8?q?3b4rMCSng9T5EDP+rW+480cAmDtSxU2ts/UIp50AxnN4PnEoFn5GcxbpkVbm9d13F?= =?utf-8?q?a8ZIW1/N0n7ZAQpU1zgGsYBkwhnEwPTv6tZUjJJqw5WBrHWtl9jWzA0LKji6LOJqi?= =?utf-8?q?2NIQRwM266DslPG9f56vkw8UsLhAfzciuNHwTh2uAvwdGkz1Vc6lrRs3ctBISlk5n?= =?utf-8?q?kWIcRrEirVe9mig4SorzFpX4b/A8mc6VqFlgnb378ayf6miv6s2V/bpSwGQ38L77s?= =?utf-8?q?45IxqdM6IhpAs1jD1Ksib8Hiw+bQ1jxxO6KOhmUCVBYu5Rz1WhBeI7MN2lsMNX7+E?= =?utf-8?q?/IJYQSspk/ZoOOZgaM1QVrmKLQ0xLu0Mgq2z8e3EhJRy6kNI7Gu0Y0C982VT7q9ga?= =?utf-8?q?wMZbFlyMS7GfXlFUFriHz4EX2zCbZBLddB5fk7Hq6B2lM34i75ujFdcLFTZWpUvXn?= =?utf-8?q?CUENZQEUUeCSWAQ2B4L7JIU6GhU/imxevRxYBgBhdLcd5xwUVddydcJ1QEhWCgJPD?= =?utf-8?q?5LUe9GGcWDx8e/joIyQVDOBLjOqfq9NlMBpKLxNyjnnMkrev3t5WvabZV5m6k0ilA?= =?utf-8?q?12ycR7M+UGIVQvPzWcQw8vL9l/Xpa1biRj3uM+A1tU0WWcbG/lOL8EAyNysY59xla?= =?utf-8?q?cDUyl/eXpi6nZaLK3HO9APfDaQClUTpBA=3D=3D?= X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 21093481-b571-4f27-be44-08dbdb662583 X-MS-Exchange-CrossTenant-AuthSource: AS8PR04MB9510.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Nov 2023 05:39:56.8708 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: T+gSebNpj7dKuCAAy3DjecUoUtdWpBKyjStwNuftHm5wsjhutbTedswssDLz/gGMVEfiOarbD0ei6PfjkZTB0A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR04MB7687 X-Patchwork-Delegate: bpf@iogearbox.net BPF_END and BPF_NEG has a different specification for the source bit in the opcode compared to other ALU/ALU64 instructions, and is either reserved or use to specify the byte swap endianness. In both cases the source bit does not encode source operand location, and src_reg is a reserved field. backtrack_insn() currently does not differentiate BPF_END and BPF_NEG from other ALU/ALU64 instructions, which leads to r0 being incorrectly marked as precise when processing BPF_ALU | BPF_TO_BE | BPF_END instructions. This commit teaches backtrack_insn() to correctly mark precision for such case. While precise tracking of BPF_NEG and other BPF_END instructions are correct and does not need fixing, this commit opt to process all BPF_NEG and BPF_END instructions within the same if-clause to better align with current convention used in the verifier (e.g. check_alu_op). Fixes: b5dc0163d8fd ("bpf: precise scalar_value tracking") Cc: stable@vger.kernel.org Reported-by: Mohamed Mahmoud Closes: https://lore.kernel.org/r/87jzrrwptf.fsf@toke.dk Tested-by: Toke Høiland-Jørgensen Tested-by: Tao Lyu Acked-by: Eduard Zingerman Signed-off-by: Shung-Hsi Yu --- kernel/bpf/verifier.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 873ade146f3d..ba9aee3a4269 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -3426,7 +3426,12 @@ static int backtrack_insn(struct bpf_verifier_env *env, int idx, int subseq_idx, if (class == BPF_ALU || class == BPF_ALU64) { if (!bt_is_reg_set(bt, dreg)) return 0; - if (opcode == BPF_MOV) { + if (opcode == BPF_END || opcode == BPF_NEG) { + /* sreg is reserved and unused + * dreg still need precision before this insn + */ + return 0; + } else if (opcode == BPF_MOV) { if (BPF_SRC(insn->code) == BPF_X) { /* dreg = sreg or dreg = (s8, s16, s32)sreg * dreg needs precision after this insn From patchwork Thu Nov 2 05:39:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shung-Hsi Yu X-Patchwork-Id: 13443417 X-Patchwork-Delegate: bpf@iogearbox.net Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 89097210F for ; Thu, 2 Nov 2023 05:40:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=suse.com header.i=@suse.com header.b="rE2FGT6r" Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on2074.outbound.protection.outlook.com [40.107.13.74]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 79725130 for ; Wed, 1 Nov 2023 22:40:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DYm1/tOkH62MfYD+LgWbqbXPbuOFP07i3H8HuXZ3SXvjt/4eMEDGmcDYtU4+p+c9h3/6KU1BvKYOoBESd8T4agXxuw7M0EY8tQQgfXevpaFA3KfDY4dAn4bKS/YGl+ywAM6TmC97OjLnhfctS3WvyASh0ECunJbkkxKPTL71OHfEhArLZd53CzHMdNi8/r6A0shKVu+Ezvwd++5Z9fPBJOVg1TlrYX7PnGmaZ3ozvq473FJRxhQsoTBxfwRvSEz6+wGXQf6WIhlV99bef1iS+FKs9hSBkSx4eBBr5yNzOaoA5uC6NpjBTf9VF+YPc8u+Z4Nt6SLLfxp5c6xUwyD52Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/ZA3MBZ/6HEhHqJ1sL7zr2+713NH/CAOJYbX38mTjKk=; b=Q0LyrW5k6eEKBIAOJZ4BO8cSIoAOYogRaSePCu9OYV0/LolpDC3yPJy+1aTyPViAbzz/VKkfipO6ngZvGbsV5wbPuYf6kcbrMv952ec8nHijNuRdHbqlff5J1jVynrmwv/f6OjUUEiekGDLyeRvOdNxmPYqGq7KgkOi9aeAHVOBzvu/7CApc1kenw7rpm1rRLUsRcKAj01BxLblxYSVpfpYXcisIV9WP1tSw9UuKAVS4mfxzp5GrDPBhcJTxmfg597R7GYufgdsUazOSYvOGuRLjt5yUTkUdhjUHylA7mxhEibn8+E21Mfvd/1A6drzw5tBGYmJEKafLKuMIgRnlHw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/ZA3MBZ/6HEhHqJ1sL7zr2+713NH/CAOJYbX38mTjKk=; b=rE2FGT6rnN7lXEX8XaPqAfk5exqsnRJ1fCIZMKqksyOmHE16THfLdBDCky9rD7b/pd1Myec6tahhDM7qzhvXj6nYBwmAZMSuTTiclUfHMoeWCYetSbr3WwlIPaDQdx0N9HC3mGByn9eqQTOnx9geYoHxg1/0POKGx/RcHvasE65bqRpgp0iO6lCqWy0uLYByT0h7L2LOKFKdPGNFTzG2TuyvbsIF+Y0KhJM84/vvcIdiUD+P9X8hzsDBoaOm6eHezU053z4UQzSEhmvTJhsEJrl0SLYPAOt5UgSWPuzCGbQWrFa/Q3mkdfyGQoRUmc03xrjIVbBWjFilL+160Z1JCQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com; Received: from AS8PR04MB9510.eurprd04.prod.outlook.com (2603:10a6:20b:44a::11) by AS8PR04MB7687.eurprd04.prod.outlook.com (2603:10a6:20b:291::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.19; Thu, 2 Nov 2023 05:40:49 +0000 Received: from AS8PR04MB9510.eurprd04.prod.outlook.com ([fe80::9f3e:3b47:5ccd:c47c]) by AS8PR04MB9510.eurprd04.prod.outlook.com ([fe80::9f3e:3b47:5ccd:c47c%6]) with mapi id 15.20.6954.019; Thu, 2 Nov 2023 05:40:49 +0000 From: Shung-Hsi Yu To: bpf@vger.kernel.org Cc: Shung-Hsi Yu , Daniel Borkmann , Alexei Starovoitov , =?utf-8?q?Toke_H=C3=B8iland-J=C3=B8rgensen?= , John Fastabend , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Eduard Zingerman , Mykola Lysenko , Shuah Khan , Paul Walmsley , Palmer Dabbelt , Albert Ou Subject: [PATCH bpf v1 2/2] selftests/bpf: precision tracking test for BPF_NEG and BPF_END Date: Thu, 2 Nov 2023 13:39:05 +0800 Message-ID: <20231102053913.12004-4-shung-hsi.yu@suse.com> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20231102053913.12004-1-shung-hsi.yu@suse.com> References: <20231102053913.12004-1-shung-hsi.yu@suse.com> X-ClientProxiedBy: TYCPR01CA0032.jpnprd01.prod.outlook.com (2603:1096:405:1::20) To AS8PR04MB9510.eurprd04.prod.outlook.com (2603:10a6:20b:44a::11) Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8PR04MB9510:EE_|AS8PR04MB7687:EE_ X-MS-Office365-Filtering-Correlation-Id: 9a4b0707-c68e-46f0-77a1-08dbdb6644d3 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: H0U8+3yiaHG16Rp4jV35UdesX3KoXSnqk7hyYFZetk+TtbvN+0KrNpej2YSXCIlGE8lNVrrOUz97QSpsobHgnQHTKBYFVLcuv/u2/P+9YAzi18+kZXIneuxpX8xtnnvh8rzPnRqfyXXs4WB2/QZmZINJ1V6vzamIZvhtMcLY2omf+a3GUqBP2wLjtBcGtYsn+qOJWQZDTmHAQ2h0/cvRgDa0ldojYL/9JEu7TlWDZgQz2asMMu+EamIQZyTUfdwnXKG4jwmSghBme4lsYM04XehfkYo2ud1nh1YNn8fTp1JSyAMvp3NNKXNzgLvKLe8G2nugqvyExb0pUlzZyIqWxr4jOych79ud2DAJabbZFk/8vllY3pDNTcAZQx9vrrU/El60N28baDyJLRCPakJsPXCLgwILuvImeQNj1KM0j9DHzx6Ol8n0guj7CZB+udMHSpnQICHENCC1LUPcIswGpTfFc+9fyX0vP/vOc0GCcGsETCVZ4nlPhzt+t0QBA0qhgaFoxFTLOLEUH9luwCPSmhuyukTIspDTiwqLiuFzu523N+V1Jq4vHF8IKcCJxlSF X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8PR04MB9510.eurprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(136003)(396003)(366004)(346002)(39860400002)(376002)(230922051799003)(186009)(64100799003)(451199024)(1800799009)(7416002)(41300700001)(54906003)(316002)(6916009)(66476007)(66946007)(2906002)(8676002)(6486002)(8936002)(5660300002)(4326008)(478600001)(38100700002)(6506007)(2616005)(6512007)(36756003)(83380400001)(66556008)(1076003)(6666004)(86362001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: IHYquck6Ywnnc4PUD6ywf42IMGbfQZZeUH9xTY8FwDWnDqp0IVaUBJNnrArceXVBsFu0vI4pPUecmFXiEftssuHmzVQDYoEL4Kkdqh+WFYcxjYpnbk1QmQzrQbjq8SH03l1pV4lObncjBbR8N6pBy3h6TrCwTGaF2ZfvslFusuF9UB7vZ4eVEpjl3K9S/PgPXS8Ro2qFwf3kN//0+0oHAc54E98Y1hMvUII8VDr9CfsN04kUlRqcJmSK78dUspdidByh1KMPAlJmsD08EJwHKw8zzjCJLTW089Rb82a985dppu2bYtoUSDnRSFigyKtzq96VUDeI49LESWIJ+ixcTTOlfseLFDvoXMQkvjt2wQq614IzKtXBEk6snNZo0kbVg/dpOeleMu6m0CXD9bRLTfa+bS+h+bHduj0EdU+BxXmR0X2Kpoq2IELpQmpHKIVrFclwy47+NnzP4Hj4j+cbZucOb4lvEjY0zCMHwTGZ3lqnAW++RwUmdQB1kDf3/LPWvuYUlKKkDe58Fnam0IyQaAfXXMc+vTYWUb3lbswuii4TpMAVE5M0X9kxXJ7ghAwVzYDxu08Mk52FFKp552EM+18Z89HXbBayf+tFxVOl1Vc9M7lH5d8fiwNXFLQeq7QNgnuEiBf+eJkMCzi0XFpLetWfPOP5OG2yMgzi2ncVe5PAsxmEeczeiY7hI66SiG49KTjhlh0y05KNW0zHiUpZez2qY73DFTWWyy3IYU+7tnTRw3xVoDAJxk2+upfzDGB8uTFkUFADsxZg9HI+iWbkkPwSbvzfA/hgkKTKp51KbyxiUQHZ6KdkuZWh1aEDTNtLnSZmAigET9qSry8oK3IARvrrkW6gfUyz5ahhBlH3isKsHPC0LyWTn8Fr94SOtta9oUzGGrF/CB+psYBZSbVK/te0Tk4guvJ5f1Nre9msrSl82DVLbVMqJ2vvOMRSj0xz7toCGoWPMNZBBvO7DSs2DKSjC5x0q2hzNT/yjtShRMAFFHQyVJpyonD7JbFjnzE3QIVzQ0gozro5gCH4fGzoLbJ04099ZzrmSW8eY0+RKZa68x9dnv4sjO3a0f8Z/+7u3adJ8p/MND09Efcy0adBFUfF1cJ5fkH2gzdJSlKmrpplVXE+bXUkn2dCl3chnZcgckLTy4fWDOP+jtZKb0+Nvs6qo+1SAlVxPT2Bc1Y2igqp4aPYip2SeJPfWQQXtOihoZFBSQ9q2O44YaotZfJqosvWADXvRG0tVC6YMybWX3TppxGXiHzSqWVDtlgtZhwJS+Hk1e3FEeEfYq/cT36USiQs01TpkenZ3qU/zSf6srTinpcVPrRrSk87I+BKD0AUboN+2RbTrdBYf/PaafZYTHKluSd8X+sClThif/Snhy7uTGr4BZLUC3kT8IhHZ9yyzZfvDNzX8qS9XL4UwucmdVUYMGzMRfAGWTaEHQoGeKik4A5f1ToRwky0qmi7BL8CxUJH+aRfPBd7WEuyGy8kjhC7zBE5uNUgt44O9BB/1AjeAkYvte5HP25cJE291BtDkEQOjFoexVkLVNiqIxyHOhfLJyjj7w0zmUWp+eQCUOCgEbotRM03rGe4N4amBOGZl/TywQZu+Czx4hb02snhdjnvZ++FZBg8I1HqLl+jkMf/EkfGr8Eg5F9bnGAatl5ZNDQplwTlIwm0PH8bz0MGFw== X-OriginatorOrg: suse.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9a4b0707-c68e-46f0-77a1-08dbdb6644d3 X-MS-Exchange-CrossTenant-AuthSource: AS8PR04MB9510.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Nov 2023 05:40:49.4189 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: etDGcEQnnj+o3F9B6wO/cvzNSw2w/RBHOPzX8Sf1b/My+OLjVRragWj1IVlJiIZO8tq31Xxwa9Hm0RnFptU+qg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR04MB7687 X-Patchwork-Delegate: bpf@iogearbox.net As seen from previous commit that fix backtracking for BPF_ALU | BPF_TO_BE | BPF_END, both BPF_NEG and BPF_END require special handling. Add tests written with inline assembly to check that the verifier does not incorrecly use the src_reg field of BPF_NEG and BPF_END (including bswap added in v4). Suggested-by: Eduard Zingerman Signed-off-by: Shung-Hsi Yu --- .../selftests/bpf/prog_tests/verifier.c | 2 + .../selftests/bpf/progs/verifier_precision.c | 93 +++++++++++++++++++ 2 files changed, 95 insertions(+) create mode 100644 tools/testing/selftests/bpf/progs/verifier_precision.c diff --git a/tools/testing/selftests/bpf/prog_tests/verifier.c b/tools/testing/selftests/bpf/prog_tests/verifier.c index e3e68c97b40c..e5c61aa6604a 100644 --- a/tools/testing/selftests/bpf/prog_tests/verifier.c +++ b/tools/testing/selftests/bpf/prog_tests/verifier.c @@ -46,6 +46,7 @@ #include "verifier_movsx.skel.h" #include "verifier_netfilter_ctx.skel.h" #include "verifier_netfilter_retcode.skel.h" +#include "verifier_precision.skel.h" #include "verifier_prevent_map_lookup.skel.h" #include "verifier_raw_stack.skel.h" #include "verifier_raw_tp_writable.skel.h" @@ -153,6 +154,7 @@ void test_verifier_meta_access(void) { RUN(verifier_meta_access); } void test_verifier_movsx(void) { RUN(verifier_movsx); } void test_verifier_netfilter_ctx(void) { RUN(verifier_netfilter_ctx); } void test_verifier_netfilter_retcode(void) { RUN(verifier_netfilter_retcode); } +void test_verifier_precision(void) { RUN(verifier_precision); } void test_verifier_prevent_map_lookup(void) { RUN(verifier_prevent_map_lookup); } void test_verifier_raw_stack(void) { RUN(verifier_raw_stack); } void test_verifier_raw_tp_writable(void) { RUN(verifier_raw_tp_writable); } diff --git a/tools/testing/selftests/bpf/progs/verifier_precision.c b/tools/testing/selftests/bpf/progs/verifier_precision.c new file mode 100644 index 000000000000..193c0f8272d0 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/verifier_precision.c @@ -0,0 +1,93 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (C) 2023 SUSE LLC */ +#include +#include +#include "bpf_misc.h" + +SEC("?raw_tp") +__success __log_level(2) +__msg("mark_precise: frame0: regs=r2 stack= before 3: (bf) r1 = r10") +__msg("mark_precise: frame0: regs=r2 stack= before 2: (55) if r2 != 0xfffffff8 goto pc+2") +__msg("mark_precise: frame0: regs=r2 stack= before 1: (87) r2 = -r2") +__msg("mark_precise: frame0: regs=r2 stack= before 0: (b7) r2 = 8") +__naked int bpf_neg(void) +{ + asm volatile ( + "r2 = 8;" + "r2 = -r2;" + "if r2 != -8 goto 1f;" + "r1 = r10;" + "r1 += r2;" + "1:" + "r0 = 0;" + "exit;" + ::: __clobber_all); +} + +SEC("?raw_tp") +__success __log_level(2) +__msg("mark_precise: frame0: regs=r2 stack= before 3: (bf) r1 = r10") +__msg("mark_precise: frame0: regs=r2 stack= before 2: (55) if r2 != 0x0 goto pc+2") +__msg("mark_precise: frame0: regs=r2 stack= before 1: (d4) r2 = le16 r2") +__msg("mark_precise: frame0: regs=r2 stack= before 0: (b7) r2 = 0") +__naked int bpf_end_to_le(void) +{ + asm volatile ( + "r2 = 0;" + "r2 = le16 r2;" + "if r2 != 0 goto 1f;" + "r1 = r10;" + "r1 += r2;" + "1:" + "r0 = 0;" + "exit;" + ::: __clobber_all); +} + + +SEC("?raw_tp") +__success __log_level(2) +__msg("mark_precise: frame0: regs=r2 stack= before 3: (bf) r1 = r10") +__msg("mark_precise: frame0: regs=r2 stack= before 2: (55) if r2 != 0x0 goto pc+2") +__msg("mark_precise: frame0: regs=r2 stack= before 1: (dc) r2 = be16 r2") +__msg("mark_precise: frame0: regs=r2 stack= before 0: (b7) r2 = 0") +__naked int bpf_end_to_be(void) +{ + asm volatile ( + "r2 = 0;" + "r2 = be16 r2;" + "if r2 != 0 goto 1f;" + "r1 = r10;" + "r1 += r2;" + "1:" + "r0 = 0;" + "exit;" + ::: __clobber_all); +} + +#if (defined(__TARGET_ARCH_arm64) || defined(__TARGET_ARCH_x86) || \ + (defined(__TARGET_ARCH_riscv) && __riscv_xlen == 64) || \ + defined(__TARGET_ARCH_arm) || defined(__TARGET_ARCH_s390)) && \ + __clang_major__ >= 18 + +SEC("?raw_tp") +__success __log_level(2) +__msg("mark_precise: frame0: regs=r2 stack= before 3: (bf) r1 = r10") +__msg("mark_precise: frame0: regs=r2 stack= before 2: (55) if r2 != 0x0 goto pc+2") +__msg("mark_precise: frame0: regs=r2 stack= before 1: (d7) r2 = bswap16 r2") +__msg("mark_precise: frame0: regs=r2 stack= before 0: (b7) r2 = 0") +__naked int bpf_end_bswap(void) +{ + asm volatile ( + "r2 = 0;" + "r2 = bswap16 r2;" + "if r2 != 0 goto 1f;" + "r1 = r10;" + "r1 += r2;" + "1:" + "r0 = 0;" + "exit;" + ::: __clobber_all); +} + +#endif /* v4 instruction */