From: Eduard Zingerman <eddyz87@gmail.com>
To: bpf@vger.kernel.org, ast@kernel.org
Cc: andrii@kernel.org, daniel@iogearbox.net, martin.lau@linux.dev,
kernel-team@fb.com, yhs@fb.com,
Eduard Zingerman <eddyz87@gmail.com>
Subject: [PATCH bpf-next 09/43] selftests/bpf: verifier/bounds_deduction.c converted to inline assembly
Date: Sat, 25 Mar 2023 04:54:50 +0200 [thread overview]
Message-ID: <20230325025524.144043-10-eddyz87@gmail.com> (raw)
In-Reply-To: <20230325025524.144043-1-eddyz87@gmail.com>
Test verifier/bounds_deduction.c automatically converted to use inline assembly.
Signed-off-by: Eduard Zingerman <eddyz87@gmail.com>
---
.../selftests/bpf/prog_tests/verifier.c | 2 +
.../bpf/progs/verifier_bounds_deduction.c | 171 ++++++++++++++++++
.../selftests/bpf/verifier/bounds_deduction.c | 136 --------------
3 files changed, 173 insertions(+), 136 deletions(-)
create mode 100644 tools/testing/selftests/bpf/progs/verifier_bounds_deduction.c
delete mode 100644 tools/testing/selftests/bpf/verifier/bounds_deduction.c
diff --git a/tools/testing/selftests/bpf/prog_tests/verifier.c b/tools/testing/selftests/bpf/prog_tests/verifier.c
index 95a3151db052..a8cfef92ed64 100644
--- a/tools/testing/selftests/bpf/prog_tests/verifier.c
+++ b/tools/testing/selftests/bpf/prog_tests/verifier.c
@@ -6,6 +6,7 @@
#include "verifier_and.skel.h"
#include "verifier_array_access.skel.h"
#include "verifier_basic_stack.skel.h"
+#include "verifier_bounds_deduction.skel.h"
__maybe_unused
static void run_tests_aux(const char *skel_name, skel_elf_bytes_fn elf_bytes_factory)
@@ -34,3 +35,4 @@ static void run_tests_aux(const char *skel_name, skel_elf_bytes_fn elf_bytes_fac
void test_verifier_and(void) { RUN(verifier_and); }
void test_verifier_array_access(void) { RUN(verifier_array_access); }
void test_verifier_basic_stack(void) { RUN(verifier_basic_stack); }
+void test_verifier_bounds_deduction(void) { RUN(verifier_bounds_deduction); }
diff --git a/tools/testing/selftests/bpf/progs/verifier_bounds_deduction.c b/tools/testing/selftests/bpf/progs/verifier_bounds_deduction.c
new file mode 100644
index 000000000000..c506afbdd936
--- /dev/null
+++ b/tools/testing/selftests/bpf/progs/verifier_bounds_deduction.c
@@ -0,0 +1,171 @@
+// SPDX-License-Identifier: GPL-2.0
+/* Converted from tools/testing/selftests/bpf/verifier/bounds_deduction.c */
+
+#include <linux/bpf.h>
+#include <bpf/bpf_helpers.h>
+#include "bpf_misc.h"
+
+SEC("socket")
+__description("check deducing bounds from const, 1")
+__failure __msg("R0 tried to subtract pointer from scalar")
+__msg_unpriv("R1 has pointer with unsupported alu operation")
+__naked void deducing_bounds_from_const_1(void)
+{
+ asm volatile (" \
+ r0 = 1; \
+ if r0 s>= 1 goto l0_%=; \
+l0_%=: r0 -= r1; \
+ exit; \
+" ::: __clobber_all);
+}
+
+SEC("socket")
+__description("check deducing bounds from const, 2")
+__success __failure_unpriv
+__msg_unpriv("R1 has pointer with unsupported alu operation")
+__retval(1)
+__naked void deducing_bounds_from_const_2(void)
+{
+ asm volatile (" \
+ r0 = 1; \
+ if r0 s>= 1 goto l0_%=; \
+ exit; \
+l0_%=: if r0 s<= 1 goto l1_%=; \
+ exit; \
+l1_%=: r1 -= r0; \
+ exit; \
+" ::: __clobber_all);
+}
+
+SEC("socket")
+__description("check deducing bounds from const, 3")
+__failure __msg("R0 tried to subtract pointer from scalar")
+__msg_unpriv("R1 has pointer with unsupported alu operation")
+__naked void deducing_bounds_from_const_3(void)
+{
+ asm volatile (" \
+ r0 = 0; \
+ if r0 s<= 0 goto l0_%=; \
+l0_%=: r0 -= r1; \
+ exit; \
+" ::: __clobber_all);
+}
+
+SEC("socket")
+__description("check deducing bounds from const, 4")
+__success __failure_unpriv
+__msg_unpriv("R6 has pointer with unsupported alu operation")
+__retval(0)
+__naked void deducing_bounds_from_const_4(void)
+{
+ asm volatile (" \
+ r6 = r1; \
+ r0 = 0; \
+ if r0 s<= 0 goto l0_%=; \
+ exit; \
+l0_%=: if r0 s>= 0 goto l1_%=; \
+ exit; \
+l1_%=: r6 -= r0; \
+ exit; \
+" ::: __clobber_all);
+}
+
+SEC("socket")
+__description("check deducing bounds from const, 5")
+__failure __msg("R0 tried to subtract pointer from scalar")
+__msg_unpriv("R1 has pointer with unsupported alu operation")
+__naked void deducing_bounds_from_const_5(void)
+{
+ asm volatile (" \
+ r0 = 0; \
+ if r0 s>= 1 goto l0_%=; \
+ r0 -= r1; \
+l0_%=: exit; \
+" ::: __clobber_all);
+}
+
+SEC("socket")
+__description("check deducing bounds from const, 6")
+__failure __msg("R0 tried to subtract pointer from scalar")
+__msg_unpriv("R1 has pointer with unsupported alu operation")
+__naked void deducing_bounds_from_const_6(void)
+{
+ asm volatile (" \
+ r0 = 0; \
+ if r0 s>= 0 goto l0_%=; \
+ exit; \
+l0_%=: r0 -= r1; \
+ exit; \
+" ::: __clobber_all);
+}
+
+SEC("socket")
+__description("check deducing bounds from const, 7")
+__failure __msg("dereference of modified ctx ptr")
+__msg_unpriv("R1 has pointer with unsupported alu operation")
+__flag(BPF_F_ANY_ALIGNMENT)
+__naked void deducing_bounds_from_const_7(void)
+{
+ asm volatile (" \
+ r0 = %[__imm_0]; \
+ if r0 s>= 0 goto l0_%=; \
+l0_%=: r1 -= r0; \
+ r0 = *(u32*)(r1 + %[__sk_buff_mark]); \
+ exit; \
+" :
+ : __imm_const(__imm_0, ~0),
+ __imm_const(__sk_buff_mark, offsetof(struct __sk_buff, mark))
+ : __clobber_all);
+}
+
+SEC("socket")
+__description("check deducing bounds from const, 8")
+__failure __msg("negative offset ctx ptr R1 off=-1 disallowed")
+__msg_unpriv("R1 has pointer with unsupported alu operation")
+__flag(BPF_F_ANY_ALIGNMENT)
+__naked void deducing_bounds_from_const_8(void)
+{
+ asm volatile (" \
+ r0 = %[__imm_0]; \
+ if r0 s>= 0 goto l0_%=; \
+ r1 += r0; \
+l0_%=: r0 = *(u32*)(r1 + %[__sk_buff_mark]); \
+ exit; \
+" :
+ : __imm_const(__imm_0, ~0),
+ __imm_const(__sk_buff_mark, offsetof(struct __sk_buff, mark))
+ : __clobber_all);
+}
+
+SEC("socket")
+__description("check deducing bounds from const, 9")
+__failure __msg("R0 tried to subtract pointer from scalar")
+__msg_unpriv("R1 has pointer with unsupported alu operation")
+__naked void deducing_bounds_from_const_9(void)
+{
+ asm volatile (" \
+ r0 = 0; \
+ if r0 s>= 0 goto l0_%=; \
+l0_%=: r0 -= r1; \
+ exit; \
+" ::: __clobber_all);
+}
+
+SEC("socket")
+__description("check deducing bounds from const, 10")
+__failure
+__msg("math between ctx pointer and register with unbounded min value is not allowed")
+__failure_unpriv
+__naked void deducing_bounds_from_const_10(void)
+{
+ asm volatile (" \
+ r0 = 0; \
+ if r0 s<= 0 goto l0_%=; \
+l0_%=: /* Marks reg as unknown. */ \
+ r0 = -r0; \
+ r0 -= r1; \
+ exit; \
+" ::: __clobber_all);
+}
+
+char _license[] SEC("license") = "GPL";
diff --git a/tools/testing/selftests/bpf/verifier/bounds_deduction.c b/tools/testing/selftests/bpf/verifier/bounds_deduction.c
deleted file mode 100644
index 3931c481e30c..000000000000
--- a/tools/testing/selftests/bpf/verifier/bounds_deduction.c
+++ /dev/null
@@ -1,136 +0,0 @@
-{
- "check deducing bounds from const, 1",
- .insns = {
- BPF_MOV64_IMM(BPF_REG_0, 1),
- BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 1, 0),
- BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
- BPF_EXIT_INSN(),
- },
- .errstr_unpriv = "R1 has pointer with unsupported alu operation",
- .errstr = "R0 tried to subtract pointer from scalar",
- .result = REJECT,
-},
-{
- "check deducing bounds from const, 2",
- .insns = {
- BPF_MOV64_IMM(BPF_REG_0, 1),
- BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 1, 1),
- BPF_EXIT_INSN(),
- BPF_JMP_IMM(BPF_JSLE, BPF_REG_0, 1, 1),
- BPF_EXIT_INSN(),
- BPF_ALU64_REG(BPF_SUB, BPF_REG_1, BPF_REG_0),
- BPF_EXIT_INSN(),
- },
- .errstr_unpriv = "R1 has pointer with unsupported alu operation",
- .result_unpriv = REJECT,
- .result = ACCEPT,
- .retval = 1,
-},
-{
- "check deducing bounds from const, 3",
- .insns = {
- BPF_MOV64_IMM(BPF_REG_0, 0),
- BPF_JMP_IMM(BPF_JSLE, BPF_REG_0, 0, 0),
- BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
- BPF_EXIT_INSN(),
- },
- .errstr_unpriv = "R1 has pointer with unsupported alu operation",
- .errstr = "R0 tried to subtract pointer from scalar",
- .result = REJECT,
-},
-{
- "check deducing bounds from const, 4",
- .insns = {
- BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
- BPF_MOV64_IMM(BPF_REG_0, 0),
- BPF_JMP_IMM(BPF_JSLE, BPF_REG_0, 0, 1),
- BPF_EXIT_INSN(),
- BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 0, 1),
- BPF_EXIT_INSN(),
- BPF_ALU64_REG(BPF_SUB, BPF_REG_6, BPF_REG_0),
- BPF_EXIT_INSN(),
- },
- .errstr_unpriv = "R6 has pointer with unsupported alu operation",
- .result_unpriv = REJECT,
- .result = ACCEPT,
-},
-{
- "check deducing bounds from const, 5",
- .insns = {
- BPF_MOV64_IMM(BPF_REG_0, 0),
- BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 1, 1),
- BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
- BPF_EXIT_INSN(),
- },
- .errstr_unpriv = "R1 has pointer with unsupported alu operation",
- .errstr = "R0 tried to subtract pointer from scalar",
- .result = REJECT,
-},
-{
- "check deducing bounds from const, 6",
- .insns = {
- BPF_MOV64_IMM(BPF_REG_0, 0),
- BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 0, 1),
- BPF_EXIT_INSN(),
- BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
- BPF_EXIT_INSN(),
- },
- .errstr_unpriv = "R1 has pointer with unsupported alu operation",
- .errstr = "R0 tried to subtract pointer from scalar",
- .result = REJECT,
-},
-{
- "check deducing bounds from const, 7",
- .insns = {
- BPF_MOV64_IMM(BPF_REG_0, ~0),
- BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 0, 0),
- BPF_ALU64_REG(BPF_SUB, BPF_REG_1, BPF_REG_0),
- BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
- offsetof(struct __sk_buff, mark)),
- BPF_EXIT_INSN(),
- },
- .errstr_unpriv = "R1 has pointer with unsupported alu operation",
- .errstr = "dereference of modified ctx ptr",
- .result = REJECT,
- .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
-},
-{
- "check deducing bounds from const, 8",
- .insns = {
- BPF_MOV64_IMM(BPF_REG_0, ~0),
- BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 0, 1),
- BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_0),
- BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
- offsetof(struct __sk_buff, mark)),
- BPF_EXIT_INSN(),
- },
- .errstr_unpriv = "R1 has pointer with unsupported alu operation",
- .errstr = "negative offset ctx ptr R1 off=-1 disallowed",
- .result = REJECT,
- .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
-},
-{
- "check deducing bounds from const, 9",
- .insns = {
- BPF_MOV64_IMM(BPF_REG_0, 0),
- BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 0, 0),
- BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
- BPF_EXIT_INSN(),
- },
- .errstr_unpriv = "R1 has pointer with unsupported alu operation",
- .errstr = "R0 tried to subtract pointer from scalar",
- .result = REJECT,
-},
-{
- "check deducing bounds from const, 10",
- .insns = {
- BPF_MOV64_IMM(BPF_REG_0, 0),
- BPF_JMP_IMM(BPF_JSLE, BPF_REG_0, 0, 0),
- /* Marks reg as unknown. */
- BPF_ALU64_IMM(BPF_NEG, BPF_REG_0, 0),
- BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
- BPF_EXIT_INSN(),
- },
- .errstr = "math between ctx pointer and register with unbounded min value is not allowed",
- .result = REJECT,
-},
--
2.40.0
next prev parent reply other threads:[~2023-03-25 2:56 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-25 2:54 [PATCH bpf-next 00/43] First set of verifier/*.c migrated to inline assembly Eduard Zingerman
2023-03-25 2:54 ` [PATCH bpf-next 01/43] selftests/bpf: Report program name on parse_test_spec error Eduard Zingerman
2023-03-25 2:54 ` [PATCH bpf-next 02/43] selftests/bpf: __imm_insn & __imm_const macro for bpf_misc.h Eduard Zingerman
2023-03-25 2:54 ` [PATCH bpf-next 03/43] selftests/bpf: Unprivileged tests for test_loader.c Eduard Zingerman
2023-03-25 2:54 ` [PATCH bpf-next 04/43] selftests/bpf: Tests execution support " Eduard Zingerman
2023-03-25 2:54 ` [PATCH bpf-next 05/43] selftests/bpf: prog_tests entry point for migrated test_verifier tests Eduard Zingerman
2023-03-25 2:54 ` [PATCH bpf-next 06/43] selftests/bpf: verifier/and.c converted to inline assembly Eduard Zingerman
2023-03-25 2:54 ` [PATCH bpf-next 07/43] selftests/bpf: verifier/array_access.c " Eduard Zingerman
2023-03-25 2:54 ` [PATCH bpf-next 08/43] selftests/bpf: verifier/basic_stack.c " Eduard Zingerman
2023-03-25 2:54 ` Eduard Zingerman [this message]
2023-03-25 2:54 ` [PATCH bpf-next 10/43] selftests/bpf: verifier/bounds_mix_sign_unsign.c " Eduard Zingerman
2023-03-25 2:54 ` [PATCH bpf-next 11/43] selftests/bpf: verifier/cfg.c " Eduard Zingerman
2023-03-25 2:54 ` [PATCH bpf-next 12/43] selftests/bpf: verifier/cgroup_inv_retcode.c " Eduard Zingerman
2023-03-25 2:54 ` [PATCH bpf-next 13/43] selftests/bpf: verifier/cgroup_skb.c " Eduard Zingerman
2023-03-25 2:54 ` [PATCH bpf-next 14/43] selftests/bpf: verifier/cgroup_storage.c " Eduard Zingerman
2023-03-25 2:54 ` [PATCH bpf-next 15/43] selftests/bpf: verifier/const_or.c " Eduard Zingerman
2023-03-25 2:54 ` [PATCH bpf-next 16/43] selftests/bpf: verifier/ctx_sk_msg.c " Eduard Zingerman
2023-03-25 2:54 ` [PATCH bpf-next 17/43] selftests/bpf: verifier/direct_stack_access_wraparound.c " Eduard Zingerman
2023-03-25 2:54 ` [PATCH bpf-next 18/43] selftests/bpf: verifier/div0.c " Eduard Zingerman
2023-03-25 2:55 ` [PATCH bpf-next 19/43] selftests/bpf: verifier/div_overflow.c " Eduard Zingerman
2023-03-25 2:55 ` [PATCH bpf-next 20/43] selftests/bpf: verifier/helper_access_var_len.c " Eduard Zingerman
2023-03-25 2:55 ` [PATCH bpf-next 21/43] selftests/bpf: verifier/helper_packet_access.c " Eduard Zingerman
2023-03-25 2:55 ` [PATCH bpf-next 22/43] selftests/bpf: verifier/helper_restricted.c " Eduard Zingerman
2023-03-25 2:55 ` [PATCH bpf-next 23/43] selftests/bpf: verifier/helper_value_access.c " Eduard Zingerman
2023-03-25 2:55 ` [PATCH bpf-next 24/43] selftests/bpf: verifier/int_ptr.c " Eduard Zingerman
2023-03-25 2:55 ` [PATCH bpf-next 25/43] selftests/bpf: verifier/ld_ind.c " Eduard Zingerman
2023-03-25 2:55 ` [PATCH bpf-next 26/43] selftests/bpf: verifier/leak_ptr.c " Eduard Zingerman
2023-03-25 2:55 ` [PATCH bpf-next 27/43] selftests/bpf: verifier/map_ptr.c " Eduard Zingerman
2023-03-25 2:55 ` [PATCH bpf-next 28/43] selftests/bpf: verifier/map_ret_val.c " Eduard Zingerman
2023-03-25 2:55 ` [PATCH bpf-next 29/43] selftests/bpf: verifier/masking.c " Eduard Zingerman
2023-03-25 2:55 ` [PATCH bpf-next 30/43] selftests/bpf: verifier/meta_access.c " Eduard Zingerman
2023-03-25 2:55 ` [PATCH bpf-next 31/43] selftests/bpf: verifier/raw_stack.c " Eduard Zingerman
2023-03-25 2:55 ` [PATCH bpf-next 32/43] selftests/bpf: verifier/raw_tp_writable.c " Eduard Zingerman
2023-03-25 2:55 ` [PATCH bpf-next 33/43] selftests/bpf: verifier/ringbuf.c " Eduard Zingerman
2023-03-25 2:55 ` [PATCH bpf-next 34/43] selftests/bpf: verifier/spill_fill.c " Eduard Zingerman
2023-03-25 2:55 ` [PATCH bpf-next 35/43] selftests/bpf: verifier/stack_ptr.c " Eduard Zingerman
2023-03-25 2:55 ` [PATCH bpf-next 36/43] selftests/bpf: verifier/uninit.c " Eduard Zingerman
2023-03-25 2:55 ` [PATCH bpf-next 37/43] selftests/bpf: verifier/value_adj_spill.c " Eduard Zingerman
2023-03-25 2:55 ` [PATCH bpf-next 38/43] selftests/bpf: verifier/value.c " Eduard Zingerman
2023-03-25 2:55 ` [PATCH bpf-next 39/43] selftests/bpf: verifier/value_or_null.c " Eduard Zingerman
2023-03-25 2:55 ` [PATCH bpf-next 40/43] selftests/bpf: verifier/var_off.c " Eduard Zingerman
2023-03-25 2:55 ` [PATCH bpf-next 41/43] selftests/bpf: verifier/xadd.c " Eduard Zingerman
2023-03-25 2:55 ` [PATCH bpf-next 42/43] selftests/bpf: verifier/xdp.c " Eduard Zingerman
2023-03-25 3:23 ` [PATCH bpf-next 00/43] First set of verifier/*.c migrated " Stanislav Fomichev
2023-03-25 12:20 ` Eduard Zingerman
2023-03-25 16:16 ` Stanislav Fomichev
2023-03-26 1:19 ` Alexei Starovoitov
2023-03-27 3:15 ` Andrii Nakryiko
2023-03-27 3:57 ` Alexei Starovoitov
2023-03-27 11:26 ` Eduard Zingerman
2023-03-27 16:35 ` Andrii Nakryiko
2023-03-27 16:37 ` Andrii Nakryiko
2023-03-26 1:32 ` patchwork-bot+netdevbpf
2023-03-28 3:48 ` Daniel Borkmann
2023-03-28 21:52 ` Eduard Zingerman
2023-03-28 22:24 ` Andrii Nakryiko
2023-03-28 22:38 ` Eduard Zingerman
2023-03-28 23:31 ` Alexei Starovoitov
2023-03-29 0:11 ` Andrii Nakryiko
2023-03-29 0:07 ` Andrii Nakryiko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230325025524.144043-10-eddyz87@gmail.com \
--to=eddyz87@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=kernel-team@fb.com \
--cc=martin.lau@linux.dev \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.