From patchwork Thu Jul 13 00:31:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kumar Kartikeya Dwivedi X-Patchwork-Id: 13311119 X-Patchwork-Delegate: bpf@iogearbox.net Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 49393812 for ; Thu, 13 Jul 2023 00:31:29 +0000 (UTC) Received: from mail-pj1-x1044.google.com (mail-pj1-x1044.google.com [IPv6:2607:f8b0:4864:20::1044]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0C4091FF0 for ; Wed, 12 Jul 2023 17:31:28 -0700 (PDT) Received: by mail-pj1-x1044.google.com with SMTP id 98e67ed59e1d1-2637aa1a48dso20552a91.2 for ; Wed, 12 Jul 2023 17:31:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1689208287; x=1691800287; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=nQ8NSB2G45OwY3HLwNNmgR/S5booL8je0m5EfIGrRO4=; b=hS/YvhnoKLuCAnM5WZ4Q4hE6jxAp/Zqoo2dlAJocZKHsGagxfNGyREMVRov+dwBbKZ RJtUqOyslH4v9O5CT+QLryoHJZ6KSLcnbpxqsAdiwBMAThlscOuGtWEu+bhOQcYmMoBN NsOSJIxMY+Ni7eb1mGgewlypU1Xg5jXazxv33Cr74n6orc4Y+2zfgcPrWVdyasqIGAjP eXEn2KxuK3g2nWMTtOFzVZ0d8e/SdCxwtg0o0Yc6Ummb78qdCzNoetp6NyYd+NTIdRQ8 9y8ZJcKCPPTS6gp+uDLra/7skWM4S6pxm8A0ZcwjtWfbA6XfNjQCAeauKYlg1MuVeZ3x 2LQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689208287; x=1691800287; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nQ8NSB2G45OwY3HLwNNmgR/S5booL8je0m5EfIGrRO4=; b=Qs1LGRq8jueHT4lRckGzW8HAzwpcoo8Z00BAK0I/KMXN2t3F3x+AujTGv7vJ17T2sM AwR95Z9wCrQlOdzcWS1U3Yd5sWitQq4kv++Lddi+rWi8O4PUP3p8OmJjVvN3/k3ddGsi 7JSwDl7MFschmqOiSZwoN2Jhcpp6OWCuFX6MqbrRx5JjHZkzrfiXA6chzEwZH+mNVLOU TMCR2xaaomZ6KRgXDQfQ7qtpoLCmiFr6HWWkd6OLB2bu1SEiW4AV3pxVrClhUE6m4T6X fuSxlWdsp5Ov+WMDwidzkEr0P6+SZm8p/pxfH4N543FYuc02SgYglp0WbuUsOK2T9Grf 16QQ== X-Gm-Message-State: ABy/qLaBMEhpm4D2QdM9VAbQ2u6AcCHqCCmyC/FCY/5PZfaQEdGjkfEk EjgZY2sRD+DmL10vDUqC6KnFItMvsUgq/Q== X-Google-Smtp-Source: APBJJlGBobjDZ0SHd+LtRSTLPRmIgqjd++bjwxj0Tth5wDFx0TVs09iie/8AmKUDoUhPkoob94IR7Q== X-Received: by 2002:a17:90a:6748:b0:263:5c6a:1956 with SMTP id c8-20020a17090a674800b002635c6a1956mr15621504pjm.25.1689208286870; Wed, 12 Jul 2023 17:31:26 -0700 (PDT) Received: from localhost ([49.36.211.37]) by smtp.gmail.com with ESMTPSA id t5-20020a17090a3b4500b0023fcece8067sm4601427pjf.2.2023.07.12.17.31.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jul 2023 17:31:26 -0700 (PDT) From: Kumar Kartikeya Dwivedi To: bpf@vger.kernel.org Cc: Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau Subject: [PATCH bpf v1 1/3] bpf: Fix subprog idx logic in check_max_stack_depth Date: Thu, 13 Jul 2023 06:01:16 +0530 Message-Id: <20230713003118.1327943-2-memxor@gmail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230713003118.1327943-1-memxor@gmail.com> References: <20230713003118.1327943-1-memxor@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2368; i=memxor@gmail.com; h=from:subject; bh=6qecsnL6zGkoFbqycGe72zut9wJdLqettZ2hasHeZyA=; b=owEBbQKS/ZANAwAKAUzgyIZIvxHKAcsmYgBkr0XQQeMyYMjwsADPOADQmm91Q4s56xn+bHYZL xw+FLuev/2JAjMEAAEKAB0WIQRLvip+Buz51YI8YRFM4MiGSL8RygUCZK9F0AAKCRBM4MiGSL8R ygwrD/9JqtElc309UFCK45PwdvFZ5dgNTCeqHLDyN2sLJ46Oduxh8Q5OCamUB5fcK1tafUNOHWK MGPUtB2jGpxBRsY4eilSTwmNDuO9ZQFdUfkuNHoFKUahUHaqcSxDt/swBcPSd+AYEXBcvk+WmiI zK4QIxB33VDxbHzt/L3EgL5C5MUFfHbQAPmZQ9qJzbGoJrtlaQVw3efSrYexXrqid9NH2RzJ1FR YSz7vroy4J9Q9lxmMmeG0n8gDRYoQvhKXTwKzsq5NWDMwloEMQ3JiMbyteLYIGhHCx10AoNxXGh xZfvctrz+9tcsrpDUpspbKSQ1q8WuXJTHsxb8Wwxs6A8zy3nuf3anIHoe0IlYaU1EToTXZ6c4lR DiUnVRDySGjHC/qRiNlyxHEsP5vQBTS3QtYQPqOLuuZ+wHzCFsp162UYnGBc7pkD7m+Fs4sF9HP UBjmKrqVuNOPhKWf6I36tfdOjHZKx1uZteXLu5rLCRjjGZnEiRNN5E4ci4DTz/eoJeGDcx/mupz rjr79nJ5yW2xHdEJtEX2SI5zcHxUKVnJ7nGJhUeoGQXnWh39Hx/FA6OQ2ll0HWg1qP94dxmSDk6 Rofxb86MlCdaiQY6j+NRPlsFMyvnOhDu8WVjdapcApdPaxaxlVE35rgmJ3W+mMwrsNFTjHArr6X nfAKnJ3tOKX72fw== X-Developer-Key: i=memxor@gmail.com; a=openpgp; fpr=4BBE2A7E06ECF9D5823C61114CE0C88648BF11CA X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: bpf@iogearbox.net The assignment to idx in check_max_stack_depth happens once we see a bpf_pseudo_call or bpf_pseudo_func. This is not an issue as the rest of the code performs a few checks and then pushes the frame to the frame stack, except the case of async callbacks. If the async callback case causes the loop iteration to be skipped, the idx assignment will be incorrect on the next iteration of the loop. The value stored in the frame stack (as the subprogno of the current subprog) will be incorrect. This leads to incorrect checks and incorrect tail_call_reachable marking. Save the target subprog in a new variable and only assign to idx once we are done with the is_async_cb check which may skip pushing of frame to the frame stack and subsequent stack depth checks and tail call markings. Fixes: 7ddc80a476c2 ("bpf: Teach stack depth check about async callbacks.") Signed-off-by: Kumar Kartikeya Dwivedi --- kernel/bpf/verifier.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 930b5555cfd3..e682056dd144 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -5621,7 +5621,7 @@ static int check_max_stack_depth(struct bpf_verifier_env *env) continue_func: subprog_end = subprog[idx + 1].start; for (; i < subprog_end; i++) { - int next_insn; + int next_insn, sidx; if (!bpf_pseudo_call(insn + i) && !bpf_pseudo_func(insn + i)) continue; @@ -5631,14 +5631,14 @@ static int check_max_stack_depth(struct bpf_verifier_env *env) /* find the callee */ next_insn = i + insn[i].imm + 1; - idx = find_subprog(env, next_insn); - if (idx < 0) { + sidx = find_subprog(env, next_insn); + if (sidx < 0) { WARN_ONCE(1, "verifier bug. No program starts at insn %d\n", next_insn); return -EFAULT; } - if (subprog[idx].is_async_cb) { - if (subprog[idx].has_tail_call) { + if (subprog[sidx].is_async_cb) { + if (subprog[sidx].has_tail_call) { verbose(env, "verifier bug. subprog has tail_call and async cb\n"); return -EFAULT; } @@ -5647,6 +5647,7 @@ static int check_max_stack_depth(struct bpf_verifier_env *env) continue; } i = next_insn; + idx = sidx; if (subprog[idx].has_tail_call) tail_call_reachable = true; From patchwork Thu Jul 13 00:31:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kumar Kartikeya Dwivedi X-Patchwork-Id: 13311120 X-Patchwork-Delegate: bpf@iogearbox.net Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A0C3E634 for ; Thu, 13 Jul 2023 00:31:36 +0000 (UTC) Received: from mail-pf1-x442.google.com (mail-pf1-x442.google.com [IPv6:2607:f8b0:4864:20::442]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B0D031FF5 for ; Wed, 12 Jul 2023 17:31:32 -0700 (PDT) Received: by mail-pf1-x442.google.com with SMTP id d2e1a72fcca58-6686708c986so188882b3a.0 for ; Wed, 12 Jul 2023 17:31:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1689208291; x=1691800291; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=MEE6zx35d16/kbM01kThG2BCGWZrCA9SdHm01FpogwY=; b=sSUn7watb3E3VtB/pEIilHKsA3UDm5YDak0U0i9/0oBl/CLcDw2dGGNxFvVmqVeGBj +ua3Zrn9JzoOAHHjoDlOugEUai2LG9+cfAiai2hifMpeOu3pRhIfKqPuXYa1OS6yLMW4 BjAsqqTc7OKfvWvantz9IvZV0wiQvWx2yrHCiThlYrgnZgMb7e3URWoKGprMudxcYBNp dWSm0jZt0tJS6PHlIQaXRUE1XDhNR6TWW15MIEcR0jK3BcwzizaG92V826wXrHTJ3q6L l7/VD49AAExlycGLf9uVxRxXTxRE6KgbCOkdgn5WwC4+RcpXMG1FJtQQnWqL86hfeuE3 PpMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689208291; x=1691800291; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MEE6zx35d16/kbM01kThG2BCGWZrCA9SdHm01FpogwY=; b=EU2+mywNtjdJXguomK6H6x5WI2rY1yb5vUUzep43xYhqQCLMag9VqipSPUhzycaDhz IZyoqGGPCF3Ngrgz7XBxGaFGBVRvmXJnF23mAve2Oqh3Am3iqDkSdevMnZKMKfOgsx3y gnGUwJcpXwjo5wcOHfGdKFnqF2RjZSEWTlqsn94ps1dZWoPSgjIEObRctDtmQmL4p7VB J5UdVD1Wngnv/waBu2lAdd/w2Xm8RAPchlKYtNZ+ztWndjWk0TdGgbjnfipMilvRgFEj l+ECdVb0Wy/3SpKPLSm+mW2nBu6sJKkR+guI7dSEm2XoolJLraG+wjw5zjsJckc4aXuP GF7Q== X-Gm-Message-State: ABy/qLbEHCrGrVNtv9GuE3uYbgBUJczWM0IJi0u12y17KPcmnku/WgqQ v7n9htJ2gdyHOHDxccYrR911F4VEdBtzEw== X-Google-Smtp-Source: APBJJlHZMDapMDyVZrWYxdlzR+YV5MsmL7tcTRBv/mm5kkm/OHPIBsUTXp6/+j7L+jnWT/zrkaJvHA== X-Received: by 2002:a05:6a00:198c:b0:63a:ea82:b7b7 with SMTP id d12-20020a056a00198c00b0063aea82b7b7mr208572pfl.28.1689208291442; Wed, 12 Jul 2023 17:31:31 -0700 (PDT) Received: from localhost ([49.36.211.37]) by smtp.gmail.com with ESMTPSA id d7-20020aa78147000000b0067ea048cf83sm4131537pfn.186.2023.07.12.17.31.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jul 2023 17:31:30 -0700 (PDT) From: Kumar Kartikeya Dwivedi To: bpf@vger.kernel.org Cc: Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau Subject: [PATCH bpf v1 2/3] bpf: Repeat check_max_stack_depth for async callbacks Date: Thu, 13 Jul 2023 06:01:17 +0530 Message-Id: <20230713003118.1327943-3-memxor@gmail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230713003118.1327943-1-memxor@gmail.com> References: <20230713003118.1327943-1-memxor@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3068; i=memxor@gmail.com; h=from:subject; bh=TqMAxpoVZzh8Mq8VkVgnZKNByejTlGc5Z/jls6bJ190=; b=owEBbQKS/ZANAwAKAUzgyIZIvxHKAcsmYgBkr0XROgeENIyHRrSGfSQGrorJZxnjqlFKE5OGN Bllf7IQdXmJAjMEAAEKAB0WIQRLvip+Buz51YI8YRFM4MiGSL8RygUCZK9F0QAKCRBM4MiGSL8R ypXtEACUkxMZi0AHiChd9EQ3Z8IRkJI1ZTXT4jj9uNZbAhzfJluvITkNDGd1Y+CLmatFqiJ/UzF TrH9fPcgcWpVVEFfBdclObI1lsyKs87H3YS0oIak5GwtRtve0bFshKFp8qP0cPHp+6H8juHTniL qfBKm0XPw6bnftA7BkPCB8I/A1bmZ2sntQkOcDWtTAYmenTyyI9YAYCLQR/e8hu39zFF1avOwh4 XiSnjh1Uhb5t/Wj7Y//2qxLdEu7chIeE4p0UWhrCJtz9xq5QkfltCvCNuhdotKy5rA81yx+sP51 tJg2yrOKxugwXCzvHbQ6HxdybBw/W/HG8JKKzEKz1ziGn9bHTeIPXgzFzJ6B/CMQfVYG3s79kH5 KR7WOrmok4RLrgcblRbYY8SJGrzt4m3vzsXJoxFOwVz69LfJFhwYlM18C6aqyJa/j5n5OpPttd2 BEr0ud79rl8I2n+It4onu686qVVoyzqWONMFw2VninM7f5NhcaIdonicQf9vimVt0Ju+QXCvN0z 2kQy/aJHcnyg0ev50vQw6136K377xfAzMHjwd6720Be1ybji9ZleatY9StDuAaKOhGtrAXJDoER TilCVzgXeTlQ7PsdPEeV9qwxqyCV0+7+hkXG89y5vfhV29phO1HXfx69IAUGsO786e4Gu4Jgu4S TOOZWazaJeglzMQ== X-Developer-Key: i=memxor@gmail.com; a=openpgp; fpr=4BBE2A7E06ECF9D5823C61114CE0C88648BF11CA X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: bpf@iogearbox.net While the check_max_stack_depth function explores call chains emanating from the main prog, which is typically enough to cover all possible call chains, it doesn't explore those rooted at async callbacks unless the async callback will have been directly called, since unlike non-async callbacks it skips their instruction exploration as they don't contribute to stack depth. It could be the case that the async callback leads to a callchain which exceeds the stack depth, but this is never reachable while only exploring the entry point from main subprog. Hence, repeat the check for the main subprog *and* all async callbacks marked by the symbolic execution pass of the verifier, as execution of the program may begin at any of them. Consider a function with following stack depths: main : 256 async : 256 foo: 256 main: rX = async bpf_timer_set_callback(...) async: foo() Here, async is never seen to contribute to the stack depth of main, so it is not descended, but when async is invoked asynchronously when the timer fires, it will end up breaching MAX_BPF_STACK limit imposed by the verifier. Fixes: 7ddc80a476c2 ("bpf: Teach stack depth check about async callbacks.") Signed-off-by: Kumar Kartikeya Dwivedi --- kernel/bpf/verifier.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index e682056dd144..02a021c524ab 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -5573,16 +5573,17 @@ static int update_stack_depth(struct bpf_verifier_env *env, * Since recursion is prevented by check_cfg() this algorithm * only needs a local stack of MAX_CALL_FRAMES to remember callsites */ -static int check_max_stack_depth(struct bpf_verifier_env *env) +static int check_max_stack_depth_subprog(struct bpf_verifier_env *env, int idx) { - int depth = 0, frame = 0, idx = 0, i = 0, subprog_end; struct bpf_subprog_info *subprog = env->subprog_info; struct bpf_insn *insn = env->prog->insnsi; + int depth = 0, frame = 0, i, subprog_end; bool tail_call_reachable = false; int ret_insn[MAX_CALL_FRAMES]; int ret_prog[MAX_CALL_FRAMES]; int j; + i = subprog[idx].start; process_func: /* protect against potential stack overflow that might happen when * bpf2bpf calls get combined with tailcalls. Limit the caller's stack @@ -5683,6 +5684,22 @@ static int check_max_stack_depth(struct bpf_verifier_env *env) goto continue_func; } +static int check_max_stack_depth(struct bpf_verifier_env *env) +{ + struct bpf_subprog_info *si = env->subprog_info; + int ret; + + for (int i = 0; i < env->subprog_cnt; i++) { + if (!i || si[i].is_async_cb) { + ret = check_max_stack_depth_subprog(env, i); + if (ret < 0) + return ret; + } + continue; + } + return 0; +} + #ifndef CONFIG_BPF_JIT_ALWAYS_ON static int get_callee_stack_depth(struct bpf_verifier_env *env, const struct bpf_insn *insn, int idx) From patchwork Thu Jul 13 00:31:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kumar Kartikeya Dwivedi X-Patchwork-Id: 13311121 X-Patchwork-Delegate: bpf@iogearbox.net Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 56A737E3 for ; Thu, 13 Jul 2023 00:31:37 +0000 (UTC) Received: from mail-pf1-x443.google.com (mail-pf1-x443.google.com [IPv6:2607:f8b0:4864:20::443]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6C57D1FF0 for ; Wed, 12 Jul 2023 17:31:36 -0700 (PDT) Received: by mail-pf1-x443.google.com with SMTP id d2e1a72fcca58-676f16e0bc4so115676b3a.0 for ; Wed, 12 Jul 2023 17:31:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1689208295; x=1691800295; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=zKrz1A0vGFtHcHg3EaeYTb9Cdgqp8lyQvCacQQZZF1I=; b=ckfBG7Ukq2Z0ufwLTcBqwZvfhKwb74XLBmLBN03GP07TaKUW5nlfoPC02Dx1ZKMNvj duOBbuxwL/7NsC6hpub6q6XERaSde02XwRK/QukM2Ecfuvq1JKc4AiqhhHoV6AlsibKb Inju8goWqoc/vCtXaDzhRP8o8X8vICQvXSNx/CxD8UePm4yLnmSuPQtmE2a6o1HHfcos BW0kBAfT/XgHq5KHEqF6GQtt37lI2BJ/qRme8F2bGQG38zMb8cpAGpHHc8O5RnIzLcQL Rchbmq7sJuK/LSPW0wNN9UOOANPbWEQus8ZPxe8kCVICb7jL405YkKlvgKGnoQpdBXrp 39iw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689208295; x=1691800295; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zKrz1A0vGFtHcHg3EaeYTb9Cdgqp8lyQvCacQQZZF1I=; b=dJ6k6NQKQXyc/WkcmJOZXUXg7PYxj+WTfvmX+YaDVfx9vD/QjKEpUn3pAipKPvJtCs 7Qok+KeIi94N/UxF+n/NTRXzKUpOsGK0aqpeclvv18+YrwDbFaKHGTLH9XIGY42ugv10 oWx3XmBpKanPMVk9DDDG5D3TV/vdyYKxybg5SdAEWTujZagpT4R/LKBSEGQu9vlDrCUm 7mIce/94K/5MGC9cYVAXpA19JZ0e40mY06Cpj6kF94Bl7qNqfm5pnVOFzrn7fi3RAwjz zdaweVgW5srFPn7hTe+Nq6M3cYWgVSx8NUg30EQPubxo5T+pvEM5goBqFzZE9MZcIlEs yjOA== X-Gm-Message-State: ABy/qLZzV/dBphFsjZjjYRJE4C4dND4VwqtPbGPYft5mZGML4b1KfTn8 Z4M4dpeLzACOCb3utUBivEmKha9KX98eZQ== X-Google-Smtp-Source: APBJJlELCR1ZKIbhIpkRs9j6LkJAtU9E73n+TSWmLGAXlsvIqysBdR8RSAysXmah3bmdVYzd/APf0A== X-Received: by 2002:a05:6a00:2443:b0:682:4b93:a4d3 with SMTP id d3-20020a056a00244300b006824b93a4d3mr195844pfj.1.1689208295208; Wed, 12 Jul 2023 17:31:35 -0700 (PDT) Received: from localhost ([49.36.211.37]) by smtp.gmail.com with ESMTPSA id g13-20020a62e30d000000b0064398fe3451sm4135650pfh.217.2023.07.12.17.31.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jul 2023 17:31:34 -0700 (PDT) From: Kumar Kartikeya Dwivedi To: bpf@vger.kernel.org Cc: Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau Subject: [PATCH bpf v1 3/3] selftests/bpf: Add more tests for check_max_stack_depth bug Date: Thu, 13 Jul 2023 06:01:18 +0530 Message-Id: <20230713003118.1327943-4-memxor@gmail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230713003118.1327943-1-memxor@gmail.com> References: <20230713003118.1327943-1-memxor@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1801; i=memxor@gmail.com; h=from:subject; bh=wYIJHcKzPwNySuFQ464kcwZ+uH75u3RqpKzcvaAjzn0=; b=owEBbQKS/ZANAwAKAUzgyIZIvxHKAcsmYgBkr0XRiG8xYHfHEx8yN0IsiLmd5Nz/Sv7V4l/fO BuCz7QK+TKJAjMEAAEKAB0WIQRLvip+Buz51YI8YRFM4MiGSL8RygUCZK9F0QAKCRBM4MiGSL8R yqmDD/90tfgYrmToRzeeX010/uRHkDpmhj89qLlul1ckRCkNzZAFQyquj2SqM6+r+oK/GIao1s1 ZIgWiU8vfe+QT0VWfF1BuhuDVjtbInLf4r4616TGsX9B/CbwSC+akR5VCZ2W2pr5hks9bTDtWau SDNyWTYbfl0gZdA+/hctcUKiFkUTSbz8Wj/KsD4gLZlL8qMTADZ/uHqrE8z8Af+deJxAzcp8d9N gqlCASOGGGQckYBIrqEir4zsKlcavcrzDn99AxHezbrF9DrwQRokxP6xZ2DTPEkpdH2plQeX67x B+uf1zQc+q4hNlMnqpk9EteFNjs2iAfUhyJmuV48RoMiEn9/SquY9KwfBWIJ3LlKfllN0NQkeQM svCwPardazdBJqgAgKUkd2V+3K456yefA+kzT9S/RKX4+dgDaCn1HJIDcK4AMfquQLeFJOftKbq XVVPGAPyO0a9WJnWoP24Sw/JRPGoacunkfW8F8sddkcXbi/R6lLqM4+g14M6urLt4tN0KOlg9Kz OskCMtYtKCIDEn6xaCv+4ZbfhM7avCCRCPYnbrkDkhilFSXthTtqaX6GZw7U+fhWthXqrmj/aAu EuyWT1rOHC4p5wYlILhFk/HJmxXUQnIO2QaJRF1ZHGKq19warV5FbYxHVCM8ycm0cxOd+Xj/R3O Wo5bFVb1Y8boy5Q== X-Developer-Key: i=memxor@gmail.com; a=openpgp; fpr=4BBE2A7E06ECF9D5823C61114CE0C88648BF11CA X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: bpf@iogearbox.net Another test which now exercies the path of the verifier where it will explore call chains rooted at the async callback. Without the prior fixes, this program loads successfully, which is incorrect. Signed-off-by: Kumar Kartikeya Dwivedi --- .../selftests/bpf/progs/async_stack_depth.c | 25 +++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/bpf/progs/async_stack_depth.c b/tools/testing/selftests/bpf/progs/async_stack_depth.c index 477ba950bb43..3517c0e01206 100644 --- a/tools/testing/selftests/bpf/progs/async_stack_depth.c +++ b/tools/testing/selftests/bpf/progs/async_stack_depth.c @@ -22,9 +22,16 @@ static int timer_cb(void *map, int *key, struct bpf_timer *timer) return buf[69]; } +__attribute__((noinline)) +static int bad_timer_cb(void *map, int *key, struct bpf_timer *timer) +{ + volatile char buf[300] = {}; + return buf[255] + timer_cb(NULL, NULL, NULL); +} + SEC("tc") -__failure __msg("combined stack size of 2 calls") -int prog(struct __sk_buff *ctx) +__failure __msg("combined stack size of 2 calls is 576. Too large") +int pseudo_call_check(struct __sk_buff *ctx) { struct hmap_elem *elem; volatile char buf[256] = {}; @@ -37,4 +44,18 @@ int prog(struct __sk_buff *ctx) return bpf_timer_set_callback(&elem->timer, timer_cb) + buf[0]; } +SEC("tc") +__failure __msg("combined stack size of 2 calls is 608. Too large") +int async_call_root_check(struct __sk_buff *ctx) +{ + struct hmap_elem *elem; + volatile char buf[256] = {}; + + elem = bpf_map_lookup_elem(&hmap, &(int){0}); + if (!elem) + return 0; + + return bpf_timer_set_callback(&elem->timer, bad_timer_cb) + buf[0]; +} + char _license[] SEC("license") = "GPL";