[PATCH bpf-next 2/2] selftests/bpf: Add a couple of tests for potential sdiv overflow

BPF List
 help / color / mirror / Atom feed

From: Yonghong Song <yonghong.song@linux.dev>
To: bpf@vger.kernel.org
Cc: Alexei Starovoitov <ast@kernel.org>,
	Andrii Nakryiko <andrii@kernel.org>,
	Daniel Borkmann <daniel@iogearbox.net>,
	kernel-team@fb.com, Martin KaFai Lau <martin.lau@kernel.org>
Subject: [PATCH bpf-next 2/2] selftests/bpf: Add a couple of tests for potential sdiv overflow
Date: Tue, 10 Sep 2024 21:40:22 -0700	[thread overview]
Message-ID: <20240911044022.2262427-1-yonghong.song@linux.dev> (raw)
In-Reply-To: <20240911044017.2261738-1-yonghong.song@linux.dev>

Two subtests are added to exercise the patched code which handles
LLONG_MIN/-1. The first subtest will cause kernel exception without
previous kernel verifier change. The second subtest exercises part
of the patched code logic and the end result is still correct.

Translated asm codes are parts of correctness checking and those asm
codes also make it easy to understand the patched code in verifier.

Signed-off-by: Yonghong Song <yonghong.song@linux.dev>
---
 .../selftests/bpf/progs/verifier_sdiv.c       | 69 +++++++++++++++++++
 1 file changed, 69 insertions(+)

diff --git a/tools/testing/selftests/bpf/progs/verifier_sdiv.c b/tools/testing/selftests/bpf/progs/verifier_sdiv.c
index 2a2271cf0294..c9c56008e534 100644
--- a/tools/testing/selftests/bpf/progs/verifier_sdiv.c
+++ b/tools/testing/selftests/bpf/progs/verifier_sdiv.c
@@ -1,6 +1,7 @@
 // SPDX-License-Identifier: GPL-2.0
 
 #include <linux/bpf.h>
+#include <limits.h>
 #include <bpf/bpf_helpers.h>
 #include "bpf_misc.h"
 
@@ -770,6 +771,74 @@ __naked void smod64_zero_divisor(void)
 "	::: __clobber_all);
 }
 
+SEC("socket")
+__description("SDIV64, overflow, LLONG_MIN/-1")
+__success __retval(1)
+__arch_x86_64
+__xlated("0: r2 = 0x8000000000000000")
+__xlated("2: r3 = -1")
+__xlated("3: r4 = r2")
+__xlated("4: if r3 != 0x0 goto pc+2")
+__xlated("5: w2 ^= w2")
+__xlated("6: goto pc+8")
+__xlated("7: if r3 != 0xffffffff goto pc+6")
+__xlated("8: r3 = 0x8000000000000000")
+__xlated("10: if r2 != r3 goto pc+2")
+__xlated("11: r3 = -1")
+__xlated("12: goto pc+2")
+__xlated("13: r3 = -1")
+__xlated("14: r2 s/= r3")
+__xlated("15: r0 = 0")
+__xlated("16: if r2 != r4 goto pc+1")
+__xlated("17: r0 = 1")
+__xlated("18: exit")
+__naked void sdiv64_overflow(void)
+{
+	asm volatile ("					\
+	r2 = %[llong_min] ll;				\
+	r3 = -1;					\
+	r4 = r2;					\
+	r2 s/= r3;					\
+	r0 = 0;						\
+	if r2 != r4 goto +1;				\
+	r0 = 1;						\
+	exit;						\
+"	:
+	: __imm_const(llong_min, LLONG_MIN)
+	: __clobber_all);
+}
+
+SEC("socket")
+__description("SDIV64, divisor -1")
+__success __retval(-5)
+__arch_x86_64
+__xlated("0: r2 = 5")
+__xlated("1: r3 = -1")
+__xlated("2: if r3 != 0x0 goto pc+2")
+__xlated("3: w2 ^= w2")
+__xlated("4: goto pc+8")
+__xlated("5: if r3 != 0xffffffff goto pc+6")
+__xlated("6: r3 = 0x8000000000000000")
+__xlated("8: if r2 != r3 goto pc+2")
+__xlated("9: r3 = -1")
+__xlated("10: goto pc+2")
+__xlated("11: r3 = -1")
+__xlated("12: r2 s/= r3")
+__xlated("13: r0 = r2")
+__xlated("14: exit")
+__naked void sdiv64_divisor_neg_1(void)
+{
+	asm volatile ("					\
+	r2 = 5;						\
+	r3 = -1;					\
+	r2 s/= r3;					\
+	r0 = r2;					\
+	exit;						\
+"	:
+	: __imm_const(llong_min, LLONG_MIN)
+	: __clobber_all);
+}
+
 #else
 
 SEC("socket")
-- 
2.43.5

next prev parent reply	other threads:[~2024-09-11  4:40 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-09-11  4:40 [PATCH bpf-next 1/2] bpf: Fix a sdiv overflow issue Yonghong Song
2024-09-11  4:40 ` Yonghong Song [this message]
2024-09-11 14:18 ` Daniel Borkmann
2024-09-11 15:14   ` Yonghong Song
2024-09-11 15:52 ` Alexei Starovoitov
2024-09-11 17:01   ` Yonghong Song
2024-09-11 17:17 ` Andrii Nakryiko
2024-09-11 17:32   ` Yonghong Song
2024-09-12  6:54 ` kernel test robot
2024-09-12 16:43   ` Yonghong Song

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:2a2271cf029 dfblob:c9c56008e53 )
 OR (
bs:"[PATCH bpf-next 2/2] selftests/bpf: Add a couple of tests for potential sdiv overflow" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240911044022.2262427-1-yonghong.song@linux.dev \
    --to=yonghong.song@linux.dev \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=kernel-team@fb.com \
    --cc=martin.lau@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox