From: Andrii Nakryiko <andrii@kernel.org>
To: <bpf@vger.kernel.org>, <ast@kernel.org>, <daniel@iogearbox.net>,
<martin.lau@kernel.org>
Cc: <andrii@kernel.org>, <kernel-team@meta.com>,
Eduard Zingerman <eddyz87@gmail.com>
Subject: [PATCH v3 bpf-next 04/10] selftests/bpf: add selftest validating callback result is enforced
Date: Wed, 29 Nov 2023 16:04:00 -0800 [thread overview]
Message-ID: <20231130000406.480870-5-andrii@kernel.org> (raw)
In-Reply-To: <20231130000406.480870-1-andrii@kernel.org>
BPF verifier expects callback subprogs to return values from specified
range (typically [0, 1]). This requires that r0 at exit is both precise
(because we rely on specific value range) and is marked as read
(otherwise state comparison will ignore such register as unimportant).
Add a simple test that validates that all these conditions are enforced.
Acked-by: Eduard Zingerman <eddyz87@gmail.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
---
.../bpf/progs/verifier_subprog_precision.c | 50 +++++++++++++++++++
1 file changed, 50 insertions(+)
diff --git a/tools/testing/selftests/bpf/progs/verifier_subprog_precision.c b/tools/testing/selftests/bpf/progs/verifier_subprog_precision.c
index b5efcaeaa1ae..d41d2a8bb97e 100644
--- a/tools/testing/selftests/bpf/progs/verifier_subprog_precision.c
+++ b/tools/testing/selftests/bpf/progs/verifier_subprog_precision.c
@@ -117,6 +117,56 @@ __naked int global_subprog_result_precise(void)
);
}
+__naked __noinline __used
+static unsigned long loop_callback_bad()
+{
+ /* bpf_loop() callback that can return values outside of [0, 1] range */
+ asm volatile (
+ "call %[bpf_get_prandom_u32];"
+ "if r0 s> 1000 goto 1f;"
+ "r0 = 0;"
+ "1:"
+ "goto +0;" /* checkpoint */
+ /* bpf_loop() expects [0, 1] values, so branch above skipping
+ * r0 = 0; should lead to a failure, but if exit instruction
+ * doesn't enforce r0's precision, this callback will be
+ * successfully verified
+ */
+ "exit;"
+ :
+ : __imm(bpf_get_prandom_u32)
+ : __clobber_common
+ );
+}
+
+SEC("?raw_tp")
+__failure __log_level(2)
+__flag(BPF_F_TEST_STATE_FREQ)
+/* check that fallthrough code path marks r0 as precise */
+__msg("mark_precise: frame1: regs=r0 stack= before 11: (b7) r0 = 0")
+/* check that we have branch code path doing its own validation */
+__msg("from 10 to 12: frame1: R0=scalar(smin=umin=1001")
+/* check that branch code path marks r0 as precise, before failing */
+__msg("mark_precise: frame1: regs=r0 stack= before 9: (85) call bpf_get_prandom_u32#7")
+__msg("At callback return the register R0 has value (0x0; 0x7fffffffffffffff) should have been in (0x0; 0x1)")
+__naked int callback_precise_return_fail(void)
+{
+ asm volatile (
+ "r1 = 1;" /* nr_loops */
+ "r2 = %[loop_callback_bad];" /* callback_fn */
+ "r3 = 0;" /* callback_ctx */
+ "r4 = 0;" /* flags */
+ "call %[bpf_loop];"
+
+ "r0 = 0;"
+ "exit;"
+ :
+ : __imm_ptr(loop_callback_bad),
+ __imm(bpf_loop)
+ : __clobber_common
+ );
+}
+
SEC("?raw_tp")
__success __log_level(2)
/* First simulated path does not include callback body,
--
2.34.1
next prev parent reply other threads:[~2023-11-30 0:05 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-30 0:03 [PATCH v3 bpf-next 00/10] BPF verifier retval logic fixes Andrii Nakryiko
2023-11-30 0:03 ` [PATCH v3 bpf-next 01/10] bpf: provide correct register name for exception callback retval check Andrii Nakryiko
2023-11-30 5:41 ` Shung-Hsi Yu
2023-11-30 0:03 ` [PATCH v3 bpf-next 02/10] bpf: enforce precision of R0 on callback return Andrii Nakryiko
2023-11-30 5:43 ` Shung-Hsi Yu
2023-11-30 0:03 ` [PATCH v3 bpf-next 03/10] bpf: enforce exact retval range on subprog/callback exit Andrii Nakryiko
2023-11-30 5:49 ` Shung-Hsi Yu
2023-11-30 0:04 ` Andrii Nakryiko [this message]
2023-11-30 5:52 ` [PATCH v3 bpf-next 04/10] selftests/bpf: add selftest validating callback result is enforced Shung-Hsi Yu
2023-11-30 0:04 ` [PATCH v3 bpf-next 05/10] bpf: enforce precise retval range on program exit Andrii Nakryiko
2023-11-30 5:54 ` Shung-Hsi Yu
2023-11-30 0:04 ` [PATCH v3 bpf-next 06/10] bpf: unify async callback and program retval checks Andrii Nakryiko
2023-11-30 5:56 ` Shung-Hsi Yu
2023-11-30 0:04 ` [PATCH v3 bpf-next 07/10] bpf: enforce precision of R0 on program/async callback return Andrii Nakryiko
2023-11-30 6:33 ` Shung-Hsi Yu
2023-11-30 6:41 ` Andrii Nakryiko
2023-11-30 0:04 ` [PATCH v3 bpf-next 08/10] selftests/bpf: validate async callback return value check correctness Andrii Nakryiko
2023-11-30 0:04 ` [PATCH v3 bpf-next 09/10] selftests/bpf: adjust global_func15 test to validate prog exit precision Andrii Nakryiko
2023-11-30 0:04 ` [PATCH v3 bpf-next 10/10] bpf: simplify tnum output if a fully known constant Andrii Nakryiko
2023-11-30 6:34 ` Shung-Hsi Yu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231130000406.480870-5-andrii@kernel.org \
--to=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=kernel-team@meta.com \
--cc=martin.lau@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox