From patchwork Mon Jul 17 16:15:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kumar Kartikeya Dwivedi X-Patchwork-Id: 13315976 X-Patchwork-Delegate: bpf@iogearbox.net Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 343CEBA58 for ; Mon, 17 Jul 2023 16:15:43 +0000 (UTC) Received: from mail-pl1-x643.google.com (mail-pl1-x643.google.com [IPv6:2607:f8b0:4864:20::643]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9F4BC10C8 for ; Mon, 17 Jul 2023 09:15:41 -0700 (PDT) Received: by mail-pl1-x643.google.com with SMTP id d9443c01a7336-1bb119be881so30694945ad.3 for ; Mon, 17 Jul 2023 09:15:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1689610540; x=1692202540; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=nQ8NSB2G45OwY3HLwNNmgR/S5booL8je0m5EfIGrRO4=; b=qRXQKNM4d7ivrKJWNK9J9oBzPBP/palpM0vTUU6MZRxrnAwR1uYAdn7sc7HNGbY+8n mfo/4bZpFAzLhP6M0ztvSrWz0qOkjVq9KHfqfqvNJGsrOL9aJjFcOtArNG0CnYZcQLIP WCizLLNuUFJwhhjGdkqDPDTBCDh7ht6yngbmvt3zyH5d5Rwbb3rj8jQqVmzOiVrhSWEy xfdXTamYC+uaMdkdlwC5NDdn9X6kMF7ZOMS0lT3PTox7DHQ07/fJPzD6KVszl2FMn5Kn swIwb3EwKX4u6i6Q2eT4LqdN/DxxfU8Z4uaggN2vb6zi+gJB6uiBOd5utVGgYTxbzTnE LsvA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689610540; x=1692202540; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nQ8NSB2G45OwY3HLwNNmgR/S5booL8je0m5EfIGrRO4=; b=RqUmutB6UV04jzZ0G9kRZWQ0d9b5KieVgR45Y/Qhmo00l/46gfKEK65PoVJlfEtCGF kEDMk7jriOJLTNFNLRXQv/R4G5Yp+wirOYBA+DDrUZyloWdn3FmJW0uy7erpFooH4vop SiUUPzBQPp4W+uzdjMY9PwBhmTutP0fHEBNxgGeTgoCtXtLf7UlvYXYiVdgUmLn4u9Qr nRo1FweTcExRBHCNohI+Dan46YQ7y14fluBl5YI9XPX9z9peN5/m26nPTrgzZ1wFXXdx xtdUr5fwjQ3zDt+SYb1T5EMYrE/HshrNSqUe6cg3ejI417s86YtWES6k1kvmhaI2eqQM M4Vw== X-Gm-Message-State: ABy/qLbYcecFJUD+yLneBu8CR0a5dgxHLWvN4LGa9z87sET/a5iW0LBV yk5oQ4n4SJXWFHYtMUyJlJHTY7wuZKbutg== X-Google-Smtp-Source: APBJJlGyj4JnSzvUBr1Mq+qEmqfccwS7rECMCLLQWZUrB3ivdPtABlCipi4fwHWO+fQAfTyrFpqxcg== X-Received: by 2002:a17:903:230e:b0:1b9:e97f:3846 with SMTP id d14-20020a170903230e00b001b9e97f3846mr16886653plh.15.1689610540413; Mon, 17 Jul 2023 09:15:40 -0700 (PDT) Received: from localhost ([49.36.211.25]) by smtp.gmail.com with ESMTPSA id z15-20020a1709028f8f00b001b889df671bsm57165plo.297.2023.07.17.09.15.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 17 Jul 2023 09:15:39 -0700 (PDT) From: Kumar Kartikeya Dwivedi To: bpf@vger.kernel.org Cc: Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau Subject: [PATCH bpf v2 1/3] bpf: Fix subprog idx logic in check_max_stack_depth Date: Mon, 17 Jul 2023 21:45:28 +0530 Message-Id: <20230717161530.1238-2-memxor@gmail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230717161530.1238-1-memxor@gmail.com> References: <20230717161530.1238-1-memxor@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2368; i=memxor@gmail.com; h=from:subject; bh=6qecsnL6zGkoFbqycGe72zut9wJdLqettZ2hasHeZyA=; b=owEBbQKS/ZANAwAKAUzgyIZIvxHKAcsmYgBktWjfQeMyYMjwsADPOADQmm91Q4s56xn+bHYZL xw+FLuev/2JAjMEAAEKAB0WIQRLvip+Buz51YI8YRFM4MiGSL8RygUCZLVo3wAKCRBM4MiGSL8R ykTmEACVfCXHja21qyDqQwAh/NWd5DTgVWiXdQAkjxYLTugJPYhqWsZoNflPTmsvENGp2UIPrUH w8F5BmRPMl8vP1RcBdZ0sIqL/vKxgWWhmVR4v+jMr2jMF2/6FKDDr42zq6/7w2jdrPZEsbw6KFG CsJK/qTqwChVK9tBczbIVfC4Jway9KscYDPK57v2DOuKKSRhwAn7ECrC/k3eBviST/jtSsFcOu2 OIk7kvHJ0boEFO+2LhK/QWurhEI2+2p4hks3I7s8m/A3lapsguyLjGeaY06zLrt45qSrAY/pWHw 6BMbMpgKnjp9rvIQzzPojn8Emub/wfq1OEiV0RimYxMj8tjcADxgAUTW0Eh4Laf4b+pfJ6//NnT tXyrjAUFUp+bp9TkJKvX2isEgy/IHmw779HahDj5uI+tXNLMwjj92WSzH/zzJsK1L9gl7z5VUOa UvrMbXa9R3ZRXSBP6UGxoaa5vDLqvF6LW7Go1naW0P7AKIEBtaGW48z7075+kaf5mXggmTfdMHL pbvlCXJZGna1BiDxWjh8vLOXAg3cC8vStt12HcNPKaJXhbm2pL7rN4pEPJrTAITQV8+H1dTROwU ypZwaR+pzuU5hrieUe1sa4n1RFfkrj5DVIUDZ99jcsmwyniQd0NDqrXZhSuHef4R1iOIhvvhCRQ eugyQbqPR6p3EAA== X-Developer-Key: i=memxor@gmail.com; a=openpgp; fpr=4BBE2A7E06ECF9D5823C61114CE0C88648BF11CA X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: bpf@iogearbox.net The assignment to idx in check_max_stack_depth happens once we see a bpf_pseudo_call or bpf_pseudo_func. This is not an issue as the rest of the code performs a few checks and then pushes the frame to the frame stack, except the case of async callbacks. If the async callback case causes the loop iteration to be skipped, the idx assignment will be incorrect on the next iteration of the loop. The value stored in the frame stack (as the subprogno of the current subprog) will be incorrect. This leads to incorrect checks and incorrect tail_call_reachable marking. Save the target subprog in a new variable and only assign to idx once we are done with the is_async_cb check which may skip pushing of frame to the frame stack and subsequent stack depth checks and tail call markings. Fixes: 7ddc80a476c2 ("bpf: Teach stack depth check about async callbacks.") Signed-off-by: Kumar Kartikeya Dwivedi --- kernel/bpf/verifier.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 930b5555cfd3..e682056dd144 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -5621,7 +5621,7 @@ static int check_max_stack_depth(struct bpf_verifier_env *env) continue_func: subprog_end = subprog[idx + 1].start; for (; i < subprog_end; i++) { - int next_insn; + int next_insn, sidx; if (!bpf_pseudo_call(insn + i) && !bpf_pseudo_func(insn + i)) continue; @@ -5631,14 +5631,14 @@ static int check_max_stack_depth(struct bpf_verifier_env *env) /* find the callee */ next_insn = i + insn[i].imm + 1; - idx = find_subprog(env, next_insn); - if (idx < 0) { + sidx = find_subprog(env, next_insn); + if (sidx < 0) { WARN_ONCE(1, "verifier bug. No program starts at insn %d\n", next_insn); return -EFAULT; } - if (subprog[idx].is_async_cb) { - if (subprog[idx].has_tail_call) { + if (subprog[sidx].is_async_cb) { + if (subprog[sidx].has_tail_call) { verbose(env, "verifier bug. subprog has tail_call and async cb\n"); return -EFAULT; } @@ -5647,6 +5647,7 @@ static int check_max_stack_depth(struct bpf_verifier_env *env) continue; } i = next_insn; + idx = sidx; if (subprog[idx].has_tail_call) tail_call_reachable = true; From patchwork Mon Jul 17 16:15:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kumar Kartikeya Dwivedi X-Patchwork-Id: 13315977 X-Patchwork-Delegate: bpf@iogearbox.net Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 38754BA49 for ; Mon, 17 Jul 2023 16:15:52 +0000 (UTC) Received: from mail-pl1-x643.google.com (mail-pl1-x643.google.com [IPv6:2607:f8b0:4864:20::643]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 75D7310F8 for ; Mon, 17 Jul 2023 09:15:45 -0700 (PDT) Received: by mail-pl1-x643.google.com with SMTP id d9443c01a7336-1b9ecf0cb4cso27844695ad.2 for ; Mon, 17 Jul 2023 09:15:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1689610544; x=1692202544; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=O0sE7x+Pmx9ObRUicpaod1BQl7P3Nqx5J30aOVHU6jg=; b=EHuJUE2N7sQMUMA9Latz3X7Ut08VndOU/f5wkDzDZFyaFrsoElyuNPiIxpkjMUBQNp e0GcV5tdAvhqsUgUnLSKFxqCENuFcj1I26k6snuSaYjGvc7QOJCkITRg3uDMhckUT+8F uZpeTmhyl4q85dWTVdlxYbYQncRxdv0Gch0ioq9ztxFhrqk2Nl+GgC29+eo4M8WnmtxK OBK3pxDzb7q5hqzzmtUJyOY4YsWa/bLXswhdROPN3F5tz5E69WfxPZhLIieAm194F4Ou x36H2GlEgUYldFpuoq6I/gQcweZjwluzMy90iWieoxmP92BKrTsEwu4wLIBidLrgJK2w B4tA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689610544; x=1692202544; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=O0sE7x+Pmx9ObRUicpaod1BQl7P3Nqx5J30aOVHU6jg=; b=QjaWEGGr86CJpwQi8fjsGWCaSGchbubXfbRbQzIgEg1w9J8V8vz1yNLNCCkxzT16uZ wQUxfKS/c7zQkWFoeUu7Vju8HojuW7kd1xeFSgvjlOpACbwXCP1VpLaMgweb+LG88zLM taYkCg1e8fQiofS0P2Y9C5LZ3yCynK7lfpz9wPJ/1AkBuY5rHinkw2ryofIDC7reiPmo 2J7+XgpjpxKkpJf9xaYaSkUuTPK7n1cK00upvlIb/XD8zH2RchiFnuZWdV+HsxrSAVLj xceV/mKSyy5nEVlD9paxjPxLNqCM4Juc/ipBTRbuxFlQWoR5sY5L9e8ugvP7sv+/Wh7p UUkA== X-Gm-Message-State: ABy/qLar4SqQyKaouBm9KyLSe05YBkuFUgcOhLV107TNyvfU1P8hwsvJ KO8CIRMLB7RBTAE1Uj6cz4MJ3nkooWKluA== X-Google-Smtp-Source: APBJJlFUawzLAW8T/Gl+CTO2VRsvAhITj2BhoeKuhObjgo8pwIHXtkTHXSz70PUwvfy/OE/sEes6sw== X-Received: by 2002:a17:902:c407:b0:1b8:1be2:3938 with SMTP id k7-20020a170902c40700b001b81be23938mr14111105plk.5.1689610544109; Mon, 17 Jul 2023 09:15:44 -0700 (PDT) Received: from localhost ([49.36.211.25]) by smtp.gmail.com with ESMTPSA id jf10-20020a170903268a00b001b077301a58sm97199plb.79.2023.07.17.09.15.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 17 Jul 2023 09:15:43 -0700 (PDT) From: Kumar Kartikeya Dwivedi To: bpf@vger.kernel.org Cc: Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau Subject: [PATCH bpf v2 2/3] bpf: Repeat check_max_stack_depth for async callbacks Date: Mon, 17 Jul 2023 21:45:29 +0530 Message-Id: <20230717161530.1238-3-memxor@gmail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230717161530.1238-1-memxor@gmail.com> References: <20230717161530.1238-1-memxor@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=3225; i=memxor@gmail.com; h=from:subject; bh=5GvfA1qEEtUZA8ygJhQ7lHj/KVQJMWve05m54jV1mPc=; b=owEBbQKS/ZANAwAKAUzgyIZIvxHKAcsmYgBktWjgrkjx6bGKvf5ej5hGTPjgolw0R7BVFP6TP f7BqiU1eNmJAjMEAAEKAB0WIQRLvip+Buz51YI8YRFM4MiGSL8RygUCZLVo4AAKCRBM4MiGSL8R yiXpD/sG2yPnpX4qmfQZTjJJM56ei9Hrxp8SWADXXH/42v9PPCMltYsV9krvIrEy3vlA5in2T1L r1vN2HDzoaRh8COOqRZZzKqrfCsOQsOTSDcRgFTGgfQH4Clhe2Fm1R7uIKk4hbeTR8h0b7lZge/ /zi9CDDKpD1FcKZv0sGoCL7xGcZOdD8qaz4XcGdqeM6TR7wG4iEK2zYIZvVAZxGPQgjgFgoD82p MYaW//7cB9dO/TIeOal9sUXPVStoGETgsCk5MVWAwuz3Sg8ANSvqGKXfetEY9502egGjo3EgCfa MbldAVSiHRxm5qzFF599Mrv48FuSFcL2DR/IhW5+NlsOegwndMX6EJGk6uZNQM5xgxpKAZfLvnu +FZjBSofqkl1JbcwotasSSS8Rf9ms4TzPTIMGFsChyAAe0g9GlUclaZY7p/PjE6wxzD8M3Sqmon oUCTNHNDGYSlL1QPLhWafVZZ7kMn5CDzueWHda19gnrKEFZ71AkWFD+P07ZkqH+5UiQ3O8Z5XYf yW1ZAq72YxIYf03waNvDv4l2utdWzscc0WSgWCeEbkH6SnJ1Nv8wNJvtNkg8JPAWmcdnTtc1K0m jUq6LSbeV2rVngmJFvYJDPknMhuTFC6wiRhRrFwheoUUAbYv0ZCnkj3/Ghp0P4bKOFXZEVx4/Wq Rcoy0M+FpKya7UQ== X-Developer-Key: i=memxor@gmail.com; a=openpgp; fpr=4BBE2A7E06ECF9D5823C61114CE0C88648BF11CA X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: bpf@iogearbox.net While the check_max_stack_depth function explores call chains emanating from the main prog, which is typically enough to cover all possible call chains, it doesn't explore those rooted at async callbacks unless the async callback will have been directly called, since unlike non-async callbacks it skips their instruction exploration as they don't contribute to stack depth. It could be the case that the async callback leads to a callchain which exceeds the stack depth, but this is never reachable while only exploring the entry point from main subprog. Hence, repeat the check for the main subprog *and* all async callbacks marked by the symbolic execution pass of the verifier, as execution of the program may begin at any of them. Consider functions with following stack depths: main: 256 async: 256 foo: 256 main: rX = async bpf_timer_set_callback(...) async: foo() Here, async is not descended as it does not contribute to stack depth of main (since it is referenced using bpf_pseudo_func and not bpf_pseudo_call). However, when async is invoked asynchronously, it will end up breaching the MAX_BPF_STACK limit by calling foo. Hence, in addition to main, we also need to explore call chains beginning at all async callback subprogs in a program. Fixes: 7ddc80a476c2 ("bpf: Teach stack depth check about async callbacks.") Signed-off-by: Kumar Kartikeya Dwivedi --- kernel/bpf/verifier.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index e682056dd144..02a021c524ab 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -5573,16 +5573,17 @@ static int update_stack_depth(struct bpf_verifier_env *env, * Since recursion is prevented by check_cfg() this algorithm * only needs a local stack of MAX_CALL_FRAMES to remember callsites */ -static int check_max_stack_depth(struct bpf_verifier_env *env) +static int check_max_stack_depth_subprog(struct bpf_verifier_env *env, int idx) { - int depth = 0, frame = 0, idx = 0, i = 0, subprog_end; struct bpf_subprog_info *subprog = env->subprog_info; struct bpf_insn *insn = env->prog->insnsi; + int depth = 0, frame = 0, i, subprog_end; bool tail_call_reachable = false; int ret_insn[MAX_CALL_FRAMES]; int ret_prog[MAX_CALL_FRAMES]; int j; + i = subprog[idx].start; process_func: /* protect against potential stack overflow that might happen when * bpf2bpf calls get combined with tailcalls. Limit the caller's stack @@ -5683,6 +5684,22 @@ static int check_max_stack_depth(struct bpf_verifier_env *env) goto continue_func; } +static int check_max_stack_depth(struct bpf_verifier_env *env) +{ + struct bpf_subprog_info *si = env->subprog_info; + int ret; + + for (int i = 0; i < env->subprog_cnt; i++) { + if (!i || si[i].is_async_cb) { + ret = check_max_stack_depth_subprog(env, i); + if (ret < 0) + return ret; + } + continue; + } + return 0; +} + #ifndef CONFIG_BPF_JIT_ALWAYS_ON static int get_callee_stack_depth(struct bpf_verifier_env *env, const struct bpf_insn *insn, int idx) From patchwork Mon Jul 17 16:15:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kumar Kartikeya Dwivedi X-Patchwork-Id: 13315978 X-Patchwork-Delegate: bpf@iogearbox.net Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 12641253CA for ; Mon, 17 Jul 2023 16:15:56 +0000 (UTC) Received: from mail-pg1-x541.google.com (mail-pg1-x541.google.com [IPv6:2607:f8b0:4864:20::541]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C90E21715 for ; Mon, 17 Jul 2023 09:15:49 -0700 (PDT) Received: by mail-pg1-x541.google.com with SMTP id 41be03b00d2f7-55adfa72d3fso2607836a12.3 for ; Mon, 17 Jul 2023 09:15:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1689610548; x=1692202548; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=zKrz1A0vGFtHcHg3EaeYTb9Cdgqp8lyQvCacQQZZF1I=; b=jXe6z2alpLdUGc5aL5mvFKtqJqSmI/z6BMuiMGwTjZ5XGEwJFVyYqQeuH/WzMmpDIn yTnIFd1EMKOdn7DLqXusEsCA/DA8IGfCOY/TblGDpsiCXCMz/VbADiSC208nedcyNl8U LpSH8lUWgjt7HKTSHS+knOC6w5nvpTmAtUsOn64QC1pcQKrKXYcfkj6RQxhB27UQ3heX 5bYIRqqisLdpQjWUDJKMo9rbTZfwaDSTaGi6pOYfmfnv+BkffnilgaC/HXXCT6rM8Jir qVj8ulX7VLXcw5SM7We2+FnX9Ptpn+d4jTgsAvutwEotoAF7K8QTHi0r+MAai3+A7vZd w+xw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689610548; x=1692202548; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zKrz1A0vGFtHcHg3EaeYTb9Cdgqp8lyQvCacQQZZF1I=; b=SVhqjbBb9jlOJrXeNv80aB40/ee0wUo5DS2D4n/1NG3l9AxvKTP+UcKdEfn1SChRw9 K7K456Bhxsxh6VykhmuHzOI9LSALnj4KOakbPLNqGppw4+t2rJqPKVEv3+Tlt0wqzAwZ yVju6wxuKW1LYOk7bWaG4Wyn5X09StfIUSDluhwXkkoGBRtY93QOuy8GPrGZF5ZfxkqL QSR03FewC7naAQMvkI2BA3SAf9itB2L598JXSSpPjoVoDHnfH+DtX2u6mu1tYq4qbIQk LucNCgqTE8b+33BC54Q4395mh4gxvFd5KL0qHeiuMIC9QjPypD8rXDe9YU8qJYVQoDnW V6Hg== X-Gm-Message-State: ABy/qLaCz44iy3fqpm1lV5NC0kX7prDjOJAbSLgGWOws7/xj2ncRo3S9 QwL4+sQw+wiXBqtO8a7roSnEv3qCQjl16Q== X-Google-Smtp-Source: APBJJlElcGIqpofulNksznj+eG7t58ieUZ9ua9BvD9xFWLV6i7sp3aql05mZP7WHTc5nqY9O3iiOCA== X-Received: by 2002:a17:90b:4f8d:b0:267:6c28:17b2 with SMTP id qe13-20020a17090b4f8d00b002676c2817b2mr9581910pjb.7.1689610547857; Mon, 17 Jul 2023 09:15:47 -0700 (PDT) Received: from localhost ([49.36.211.25]) by smtp.gmail.com with ESMTPSA id t7-20020a17090abc4700b00263ed4efa9bsm74953pjv.19.2023.07.17.09.15.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 17 Jul 2023 09:15:47 -0700 (PDT) From: Kumar Kartikeya Dwivedi To: bpf@vger.kernel.org Cc: Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau Subject: [PATCH bpf v2 3/3] selftests/bpf: Add more tests for check_max_stack_depth bug Date: Mon, 17 Jul 2023 21:45:30 +0530 Message-Id: <20230717161530.1238-4-memxor@gmail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230717161530.1238-1-memxor@gmail.com> References: <20230717161530.1238-1-memxor@gmail.com> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1801; i=memxor@gmail.com; h=from:subject; bh=wYIJHcKzPwNySuFQ464kcwZ+uH75u3RqpKzcvaAjzn0=; b=owEBbQKS/ZANAwAKAUzgyIZIvxHKAcsmYgBktWjgiG8xYHfHEx8yN0IsiLmd5Nz/Sv7V4l/fO BuCz7QK+TKJAjMEAAEKAB0WIQRLvip+Buz51YI8YRFM4MiGSL8RygUCZLVo4AAKCRBM4MiGSL8R ysmxD/0UxGlgdlDwi4Zh66f/UXsTTBi5TcY6dRtP5dXOlQyCB03UoGBdCHxgNIX40Ce8+FSQVM1 7J6xRmt8k6485AjLqX9Lk9wHWfpCBDEpSsYBQ3kDtcV1Lpkq8nsnRPFRQ5JntkB22F/DHsVHUTZ EpioArL8/nKTS9DTMVviu401AOGlnLG7tWzpSlnjSHzDYE5EbEsBtZBb3SQ4DV34yc5eL6mlF4R wM+118wo/UC74+/jHV0KNHKQpJLapxon8IgNa3EeEoL2AC4fiJQCP2q6uuPRjAvLYoJKeKpG0zk WBYgw8Lawxio1WLzvy+VUO4jUnoyt4Fne1/1IftswGksEP1c0C4B2lAWOrh/kfdwht6w16IRRQJ nKQd95lWMksPSfdTWM7Djr0EfAn35nJyoZZU2KcPS6UrWWYpU8d0sd1eXFuMGBFatGDNbpeYbw9 VEsRQvbFMOgnFn/I06A7JQ23SF0k0j14ZRsqwzNZKOKM8DbwhOqFDv1Q8VmhUIYHm++5mBxCI00 53fBI0qt/jH7X5YGYn+tW2rkPykVESr+zXwhl/jyNA1a/PybgPTjZG/URD8cupxSJ/eEMTvPPx4 Ny/8C6QHB0CSnf0Xh9hMlbKN2vQsk8uu9AZ2y2rXJ1GwDCxgrv4pviGIA1MVmqsEAdOWQZTITMd A2R1TV2cbX/FzUg== X-Developer-Key: i=memxor@gmail.com; a=openpgp; fpr=4BBE2A7E06ECF9D5823C61114CE0C88648BF11CA X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net X-Patchwork-Delegate: bpf@iogearbox.net Another test which now exercies the path of the verifier where it will explore call chains rooted at the async callback. Without the prior fixes, this program loads successfully, which is incorrect. Signed-off-by: Kumar Kartikeya Dwivedi --- .../selftests/bpf/progs/async_stack_depth.c | 25 +++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/tools/testing/selftests/bpf/progs/async_stack_depth.c b/tools/testing/selftests/bpf/progs/async_stack_depth.c index 477ba950bb43..3517c0e01206 100644 --- a/tools/testing/selftests/bpf/progs/async_stack_depth.c +++ b/tools/testing/selftests/bpf/progs/async_stack_depth.c @@ -22,9 +22,16 @@ static int timer_cb(void *map, int *key, struct bpf_timer *timer) return buf[69]; } +__attribute__((noinline)) +static int bad_timer_cb(void *map, int *key, struct bpf_timer *timer) +{ + volatile char buf[300] = {}; + return buf[255] + timer_cb(NULL, NULL, NULL); +} + SEC("tc") -__failure __msg("combined stack size of 2 calls") -int prog(struct __sk_buff *ctx) +__failure __msg("combined stack size of 2 calls is 576. Too large") +int pseudo_call_check(struct __sk_buff *ctx) { struct hmap_elem *elem; volatile char buf[256] = {}; @@ -37,4 +44,18 @@ int prog(struct __sk_buff *ctx) return bpf_timer_set_callback(&elem->timer, timer_cb) + buf[0]; } +SEC("tc") +__failure __msg("combined stack size of 2 calls is 608. Too large") +int async_call_root_check(struct __sk_buff *ctx) +{ + struct hmap_elem *elem; + volatile char buf[256] = {}; + + elem = bpf_map_lookup_elem(&hmap, &(int){0}); + if (!elem) + return 0; + + return bpf_timer_set_callback(&elem->timer, bad_timer_cb) + buf[0]; +} + char _license[] SEC("license") = "GPL";