[bpf-next,v3,10/12] selftests/bpf: Add dynptr var_off tests

Message ID	20230120034314.1921848-11-memxor@gmail.com (mailing list archive)
State	Superseded
Delegated to:	BPF
Headers	show Return-Path: <bpf-owner@vger.kernel.org> From: Kumar Kartikeya Dwivedi <memxor@gmail.com> To: bpf@vger.kernel.org Cc: Alexei Starovoitov <ast@kernel.org>, Andrii Nakryiko <andrii@kernel.org>, Daniel Borkmann <daniel@iogearbox.net>, Martin KaFai Lau <martin.lau@kernel.org>, Joanne Koong <joannelkoong@gmail.com>, David Vernet <void@manifault.com>, Eduard Zingerman <eddyz87@gmail.com> Subject: [PATCH bpf-next v3 10/12] selftests/bpf: Add dynptr var_off tests Date: Fri, 20 Jan 2023 09:13:12 +0530 Message-Id: <20230120034314.1921848-11-memxor@gmail.com> In-Reply-To: <20230120034314.1921848-1-memxor@gmail.com> References: <20230120034314.1921848-1-memxor@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	Dynptr fixes \| expand [bpf-next,v3,00/12] Dynptr fixes [bpf-next,v3,01/12] bpf: Fix state pruning for STACK_DYNPTR stack slots [bpf-next,v3,02/12] bpf: Fix missing var_off check for ARG_PTR_TO_DYNPTR [bpf-next,v3,03/12] bpf: Fix partial dynptr stack slot reads/writes [bpf-next,v3,04/12] bpf: Invalidate slices on destruction of dynptrs on stack [bpf-next,v3,05/12] bpf: Allow reinitializing unreferenced dynptr stack slots [bpf-next,v3,06/12] bpf: Combine dynptr_get_spi and is_spi_bounds_valid [bpf-next,v3,07/12] bpf: Avoid recomputing spi in process_dynptr_func [bpf-next,v3,08/12] selftests/bpf: convenience macro for use with 'asm volatile' blocks [bpf-next,v3,09/12] selftests/bpf: Add dynptr pruning tests [bpf-next,v3,10/12] selftests/bpf: Add dynptr var_off tests [bpf-next,v3,11/12] selftests/bpf: Add dynptr partial slot overwrite tests [bpf-next,v3,12/12] selftests/bpf: Add dynptr helper tests

Message ID

20230120034314.1921848-11-memxor@gmail.com (mailing list archive)

State

Superseded

Delegated to:

BPF

Headers

From: Kumar Kartikeya Dwivedi <memxor@gmail.com>
To: bpf@vger.kernel.org
Cc: Alexei Starovoitov <ast@kernel.org>,
        Andrii Nakryiko <andrii@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>,
        Martin KaFai Lau <martin.lau@kernel.org>,
        Joanne Koong <joannelkoong@gmail.com>,
        David Vernet <void@manifault.com>,
        Eduard Zingerman <eddyz87@gmail.com>
Subject: [PATCH bpf-next v3 10/12] selftests/bpf: Add dynptr var_off tests
Date: Fri, 20 Jan 2023 09:13:12 +0530
Message-Id: <20230120034314.1921848-11-memxor@gmail.com>
In-Reply-To: <20230120034314.1921848-1-memxor@gmail.com>
References: <20230120034314.1921848-1-memxor@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

Dynptr fixes | expand

Context	Check	Description
bpf/vmtest-bpf-next-PR	success	PR summary
bpf/vmtest-bpf-next-VM_Test-1	success	Logs for ShellCheck
bpf/vmtest-bpf-next-VM_Test-2	success	Logs for build for aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-3	success	Logs for build for aarch64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-5	success	Logs for build for x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-6	success	Logs for build for x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-7	success	Logs for llvm-toolchain
bpf/vmtest-bpf-next-VM_Test-8	success	Logs for set-matrix
bpf/vmtest-bpf-next-VM_Test-4	success	Logs for build for s390x with gcc
bpf/vmtest-bpf-next-VM_Test-34	success	Logs for test_verifier on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-35	success	Logs for test_verifier on aarch64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-37	success	Logs for test_verifier on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-38	success	Logs for test_verifier on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-9	success	Logs for test_maps on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-10	success	Logs for test_maps on aarch64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-12	success	Logs for test_maps on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-13	success	Logs for test_maps on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-14	success	Logs for test_progs on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-15	success	Logs for test_progs on aarch64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-17	success	Logs for test_progs on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-18	success	Logs for test_progs on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-19	success	Logs for test_progs_no_alu32 on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-20	success	Logs for test_progs_no_alu32 on aarch64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-22	success	Logs for test_progs_no_alu32 on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-23	success	Logs for test_progs_no_alu32 on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-24	success	Logs for test_progs_no_alu32_parallel on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-25	success	Logs for test_progs_no_alu32_parallel on aarch64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-27	success	Logs for test_progs_no_alu32_parallel on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-28	success	Logs for test_progs_no_alu32_parallel on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-29	success	Logs for test_progs_parallel on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-30	success	Logs for test_progs_parallel on aarch64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-31	success	Logs for test_progs_parallel on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-32	success	Logs for test_progs_parallel on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-33	success	Logs for test_progs_parallel on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-36	success	Logs for test_verifier on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-26	success	Logs for test_progs_no_alu32_parallel on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-11	success	Logs for test_maps on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-16	success	Logs for test_progs on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-21	success	Logs for test_progs_no_alu32 on s390x with gcc
netdev/tree_selection	success	Clearly marked for bpf-next
netdev/fixes_present	success	Fixes tag not required for -next series
netdev/subject_prefix	success	Link
netdev/cover_letter	success	Series has a cover letter
netdev/patch_count	success	Link
netdev/header_inline	success	No static functions without inline keyword in header files
netdev/build_32bit	success	Errors and warnings before: 0 this patch: 0
netdev/cc_maintainers	warning	11 maintainers not CCed: linux-kselftest@vger.kernel.org kpsingh@kernel.org haoluo@google.com song@kernel.org yhs@fb.com martin.lau@linux.dev sdf@google.com john.fastabend@gmail.com shuah@kernel.org jolsa@kernel.org mykolal@fb.com
netdev/build_clang	success	Errors and warnings before: 0 this patch: 0
netdev/module_param	success	Was 0 now: 0
netdev/verify_signedoff	success	Signed-off-by tag matches author and committer
netdev/check_selftest	success	No net selftest shell script
netdev/verify_fixes	success	No Fixes tag
netdev/build_allmodconfig_warn	success	Errors and warnings before: 0 this patch: 0
netdev/checkpatch	warning	CHECK: Lines should not end with a '(' WARNING: quoted string split across lines
netdev/kdoc	success	Errors and warnings before: 0 this patch: 0
netdev/source_inline	success	Was 0 now: 0

Context

Check

Description

bpf/vmtest-bpf-next-PR

success

PR summary

bpf/vmtest-bpf-next-VM_Test-1

success

Logs for ShellCheck

bpf/vmtest-bpf-next-VM_Test-2

success

Logs for build for aarch64 with gcc

bpf/vmtest-bpf-next-VM_Test-3

success

Logs for build for aarch64 with llvm-16

bpf/vmtest-bpf-next-VM_Test-5

success

Logs for build for x86_64 with gcc

bpf/vmtest-bpf-next-VM_Test-6

success

Logs for build for x86_64 with llvm-16

bpf/vmtest-bpf-next-VM_Test-7

success

Logs for llvm-toolchain

bpf/vmtest-bpf-next-VM_Test-8

success

Logs for set-matrix

bpf/vmtest-bpf-next-VM_Test-4

success

Logs for build for s390x with gcc

bpf/vmtest-bpf-next-VM_Test-34

success

Logs for test_verifier on aarch64 with gcc

bpf/vmtest-bpf-next-VM_Test-35

success

Logs for test_verifier on aarch64 with llvm-16

bpf/vmtest-bpf-next-VM_Test-37

success

Logs for test_verifier on x86_64 with gcc

bpf/vmtest-bpf-next-VM_Test-38

success

Logs for test_verifier on x86_64 with llvm-16

bpf/vmtest-bpf-next-VM_Test-9

success

Logs for test_maps on aarch64 with gcc

bpf/vmtest-bpf-next-VM_Test-10

success

Logs for test_maps on aarch64 with llvm-16

bpf/vmtest-bpf-next-VM_Test-12

success

Logs for test_maps on x86_64 with gcc

bpf/vmtest-bpf-next-VM_Test-13

success

Logs for test_maps on x86_64 with llvm-16

bpf/vmtest-bpf-next-VM_Test-14

success

Logs for test_progs on aarch64 with gcc

bpf/vmtest-bpf-next-VM_Test-15

success

Logs for test_progs on aarch64 with llvm-16

bpf/vmtest-bpf-next-VM_Test-17

success

Logs for test_progs on x86_64 with gcc

bpf/vmtest-bpf-next-VM_Test-18

success

Logs for test_progs on x86_64 with llvm-16

bpf/vmtest-bpf-next-VM_Test-19

success

Logs for test_progs_no_alu32 on aarch64 with gcc

bpf/vmtest-bpf-next-VM_Test-20

success

Logs for test_progs_no_alu32 on aarch64 with llvm-16

bpf/vmtest-bpf-next-VM_Test-22

success

Logs for test_progs_no_alu32 on x86_64 with gcc

bpf/vmtest-bpf-next-VM_Test-23

success

Logs for test_progs_no_alu32 on x86_64 with llvm-16

bpf/vmtest-bpf-next-VM_Test-24

success

Logs for test_progs_no_alu32_parallel on aarch64 with gcc

bpf/vmtest-bpf-next-VM_Test-25

success

Logs for test_progs_no_alu32_parallel on aarch64 with llvm-16

bpf/vmtest-bpf-next-VM_Test-27

success

Logs for test_progs_no_alu32_parallel on x86_64 with gcc

bpf/vmtest-bpf-next-VM_Test-28

success

Logs for test_progs_no_alu32_parallel on x86_64 with llvm-16

bpf/vmtest-bpf-next-VM_Test-29

success

Logs for test_progs_parallel on aarch64 with gcc

bpf/vmtest-bpf-next-VM_Test-30

success

Logs for test_progs_parallel on aarch64 with llvm-16

bpf/vmtest-bpf-next-VM_Test-31

success

Logs for test_progs_parallel on s390x with gcc

bpf/vmtest-bpf-next-VM_Test-32

success

Logs for test_progs_parallel on x86_64 with gcc

bpf/vmtest-bpf-next-VM_Test-33

success

Logs for test_progs_parallel on x86_64 with llvm-16

bpf/vmtest-bpf-next-VM_Test-36

success

Logs for test_verifier on s390x with gcc

bpf/vmtest-bpf-next-VM_Test-26

success

Logs for test_progs_no_alu32_parallel on s390x with gcc

bpf/vmtest-bpf-next-VM_Test-11

success

Logs for test_maps on s390x with gcc

bpf/vmtest-bpf-next-VM_Test-16

success

Logs for test_progs on s390x with gcc

bpf/vmtest-bpf-next-VM_Test-21

success

Logs for test_progs_no_alu32 on s390x with gcc

netdev/tree_selection

success

Clearly marked for bpf-next

netdev/fixes_present

success

Fixes tag not required for -next series

netdev/subject_prefix

success

Link

netdev/cover_letter

success

Series has a cover letter

netdev/patch_count

success

Link

netdev/header_inline

success

No static functions without inline keyword in header files

netdev/build_32bit

success

Errors and warnings before: 0 this patch: 0

netdev/cc_maintainers

warning

11 maintainers not CCed: linux-kselftest@vger.kernel.org kpsingh@kernel.org haoluo@google.com song@kernel.org yhs@fb.com martin.lau@linux.dev sdf@google.com john.fastabend@gmail.com shuah@kernel.org jolsa@kernel.org mykolal@fb.com

netdev/build_clang

success

Errors and warnings before: 0 this patch: 0

netdev/module_param

success

Was 0 now: 0

netdev/verify_signedoff

success

Signed-off-by tag matches author and committer

netdev/check_selftest

success

No net selftest shell script

netdev/verify_fixes

success

No Fixes tag

netdev/build_allmodconfig_warn

success

Errors and warnings before: 0 this patch: 0

netdev/checkpatch

warning

CHECK: Lines should not end with a '(' WARNING: quoted string split across lines

netdev/kdoc

success

Errors and warnings before: 0 this patch: 0

netdev/source_inline

success

Was 0 now: 0

Commit Message

Kumar Kartikeya Dwivedi Jan. 20, 2023, 3:43 a.m. UTC

Ensure that variable offset is handled correctly, and verifier takes
both fixed and variable part into account. Also ensures that only
constant var_off is allowed.

Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
---
 .../testing/selftests/bpf/progs/dynptr_fail.c | 40 +++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/tools/testing/selftests/bpf/progs/dynptr_fail.c b/tools/testing/selftests/bpf/progs/dynptr_fail.c
index 8f7b239b8503..9477c238af57 100644
--- a/tools/testing/selftests/bpf/progs/dynptr_fail.c
+++ b/tools/testing/selftests/bpf/progs/dynptr_fail.c
@@ -794,3 +794,43 @@  int dynptr_pruning_type_confusion(struct __sk_buff *ctx)
 	);
 	return 0;
 }
+
+SEC("?tc")
+__failure __msg("dynptr has to be at a constant offset") __log_level(2)
+int dynptr_var_off_overwrite(struct __sk_buff *ctx)
+{
+	asm volatile (
+		"r9 = 16;"
+		"*(u32 *)(r10 - 4) = r9;"
+		"r8 = *(u32 *)(r10 - 4);"
+		"if r8 >= 0 goto vjmp1;"
+		"r0 = 1;"
+		"exit;"
+	"vjmp1:"
+		"if r8 <= 16 goto vjmp2;"
+		"r0 = 1;"
+		"exit;"
+	"vjmp2:"
+		"r8 &= 16;"
+		"r1 = %[ringbuf] ll;"
+		"r2 = 8;"
+		"r3 = 0;"
+		"r4 = r10;"
+		"r4 += -32;"
+		"r4 += r8;"
+		"call %[bpf_ringbuf_reserve_dynptr];"
+		"r9 = 0xeB9F;"
+		"*(u64 *)(r10 - 16) = r9;"
+		"r1 = r10;"
+		"r1 += -32;"
+		"r1 += r8;"
+		"r2 = 0;"
+		"call %[bpf_ringbuf_discard_dynptr];"
+		:
+		: __imm(bpf_ringbuf_reserve_dynptr),
+		  __imm(bpf_ringbuf_discard_dynptr),
+		  __imm_addr(ringbuf)
+		: __clobber_all
+	);
+	return 0;
+}

[bpf-next,v3,10/12] selftests/bpf: Add dynptr var_off tests

Checks

Commit Message

Patch