mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-11 08:18:47 +00:00
bpf, selftests: Add verifier test case for imm=0,umin=0,umax=1 scalar
Add a test case to trigger the constant scalar issue which leaves the register in scalar(imm=0,umin=0,umax=1,var_off=(0x0; 0x0)) state. Make use of dead code elimination, so that we can see the verifier bailing out on unfixed kernels. For the condition, we use jle given it checks on umax bound. Before: # ./test_verifier 743 #743/p jump & dead code elimination FAIL Failed to load prog 'Permission denied'! R4 !read_ok verification time 11 usec stack depth 0 processed 13 insns (limit 1000000) max_states_per_insn 0 total_states 1 peak_states 1 mark_read 1 Summary: 0 PASSED, 0 SKIPPED, 1 FAILED After: # ./test_verifier 743 #743/p jump & dead code elimination OK Summary: 1 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20220701124727.11153-3-daniel@iogearbox.net
This commit is contained in:
parent
3844d153a4
commit
73c4936f91
@ -373,3 +373,25 @@
|
||||
.result = ACCEPT,
|
||||
.retval = 3,
|
||||
},
|
||||
{
|
||||
"jump & dead code elimination",
|
||||
.insns = {
|
||||
BPF_MOV64_IMM(BPF_REG_0, 1),
|
||||
BPF_MOV64_IMM(BPF_REG_3, 0),
|
||||
BPF_ALU64_IMM(BPF_NEG, BPF_REG_3, 0),
|
||||
BPF_ALU64_IMM(BPF_NEG, BPF_REG_3, 0),
|
||||
BPF_ALU64_IMM(BPF_OR, BPF_REG_3, 32767),
|
||||
BPF_JMP_IMM(BPF_JSGE, BPF_REG_3, 0, 1),
|
||||
BPF_EXIT_INSN(),
|
||||
BPF_JMP_IMM(BPF_JSLE, BPF_REG_3, 0x8000, 1),
|
||||
BPF_EXIT_INSN(),
|
||||
BPF_ALU64_IMM(BPF_ADD, BPF_REG_3, -32767),
|
||||
BPF_MOV64_IMM(BPF_REG_0, 2),
|
||||
BPF_JMP_IMM(BPF_JLE, BPF_REG_3, 0, 1),
|
||||
BPF_MOV64_REG(BPF_REG_0, BPF_REG_4),
|
||||
BPF_EXIT_INSN(),
|
||||
},
|
||||
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
|
||||
.result = ACCEPT,
|
||||
.retval = 2,
|
||||
},
|
||||
|
Loading…
x
Reference in New Issue
Block a user