From: Luis Gerhorst <luis.gerhorst@fau.de>
To: Nuoqi Gui <gnq25@mails.tsinghua.edu.cn>,
Eduard Zingerman <eddyz87@gmail.com>,
Kumar Kartikeya Dwivedi <memxor@gmail.com>
Cc: Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
John Fastabend <john.fastabend@gmail.com>,
Martin KaFai Lau <martin.lau@linux.dev>,
Shuah Khan <shuah@kernel.org>,
bpf@vger.kernel.org, linux-kselftest@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH bpf 2/2] selftests/bpf: Cover stack nospec slot indexing
Date: Wed, 17 Jun 2026 10:45:50 +0200 [thread overview]
Message-ID: <871pe5v9kx.fsf@fau.de> (raw)
In-Reply-To: <20260617-f01-11-stack-nospec-slot-index-v1-2-e3a080b0cd7e@mails.tsinghua.edu.cn> (Nuoqi Gui's message of "Wed, 17 Jun 2026 00:57:56 +0800")
Nuoqi Gui <gnq25@mails.tsinghua.edu.cn> writes:
> Add a verifier test for the fixed-offset stack write case where two 4-byte
> stores initialize opposite halves of the same stack slot.
>
> The test uses the CAP_BPF-without-CAP_PERFMON loader lane so Spectre v4
> mitigation remains active. It expects both half-slot writes to emit nospec
> in the translated program.
>
> Signed-off-by: Nuoqi Gui <gnq25@mails.tsinghua.edu.cn>
> ---
> .../testing/selftests/bpf/progs/verifier_unpriv.c | 23 ++++++++++++++++++++++
> 1 file changed, 23 insertions(+)
>
> diff --git a/tools/testing/selftests/bpf/progs/verifier_unpriv.c b/tools/testing/selftests/bpf/progs/verifier_unpriv.c
> index c16f8382cf17d..9ebbd4b531df1 100644
> --- a/tools/testing/selftests/bpf/progs/verifier_unpriv.c
> +++ b/tools/testing/selftests/bpf/progs/verifier_unpriv.c
> @@ -976,4 +976,27 @@ l0_%=: exit; \
> : __clobber_all);
> }
>
> +SEC("socket")
> +__description("noperfmon: Spectre v4 stack write slot index")
> +__success __success_unpriv
> +__caps_unpriv(CAP_BPF)
Not sure if the conditions that led Kartikeya and Eduard to add
__caps_unpriv(CAP_BPF) explicitly for some tests also apply here.
It seems adding it to this test will not provide much benefit because
the other tests in verifier_unpriv.c already assume
sysctl_unprivileged_bpf_disabled=0.
Because this already affects the more restricted 'unpriv process under
sysctl_unprivileged_bpf_disabled=0 without CAP_BPF' environment, I
suggest dropping __caps_unpriv(CAP_BPF) it.
> +__retval(0)
> +#ifdef SPEC_V4
> +__xlated_unpriv("r0 = 0")
> +__xlated_unpriv("*(u32 *)(r10 -4) = r0")
> +__xlated_unpriv("nospec")
> +__xlated_unpriv("*(u32 *)(r10 -8) = r0")
> +__xlated_unpriv("nospec")
> +__xlated_unpriv("exit")
> +#endif
> +__naked void stack_write_nospec_slot_index(void)
> +{
> + asm volatile (" \
> + r0 = 0; \
> + *(u32 *)(r10 - 4) = r0; \
> + *(u32 *)(r10 - 8) = r0; \
> + exit; \
> +" ::: __clobber_all);
> +}
> +
> char _license[] SEC("license") = "GPL";
Acked-by: Luis Gerhorst <luis.gerhorst@fau.de>
prev parent reply other threads:[~2026-06-17 8:52 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-16 16:57 [PATCH bpf 0/2] bpf: Fix stack slot index for Spectre v4 nospec checks Nuoqi Gui
2026-06-16 16:57 ` [PATCH bpf 1/2] bpf: Fix stack slot index in " Nuoqi Gui
2026-06-16 21:11 ` Emil Tsalapatis
2026-06-17 7:41 ` Luis Gerhorst
2026-06-17 11:08 ` Jiayuan Chen
2026-06-16 16:57 ` [PATCH bpf 2/2] selftests/bpf: Cover stack nospec slot indexing Nuoqi Gui
2026-06-16 21:14 ` Emil Tsalapatis
2026-06-17 8:45 ` Luis Gerhorst [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871pe5v9kx.fsf@fau.de \
--to=luis.gerhorst@fau.de \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=gnq25@mails.tsinghua.edu.cn \
--cc=john.fastabend@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=memxor@gmail.com \
--cc=shuah@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.