korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2025-01-10 07:44:23 +08:00
Code Issues Packages Projects Releases Wiki Activity
9ac26e9973
linux/tools/testing/selftests/bpf
History
John Fastabend 9ac26e9973 bpf: Test_verifier, bpf_get_stack return value add <0 
With current ALU32 subreg handling and retval refine fix from last
patches we see an expected failure in test_verifier. With verbose
verifier state being printed at each step for clarity we have the
following relavent lines [I omit register states that are not
necessarily useful to see failure cause],

#101/p bpf_get_stack return R0 within range FAIL
Failed to load prog 'Success'!
[..]
14: (85) call bpf_get_stack#67
 R0_w=map_value(id=0,off=0,ks=8,vs=48,imm=0)
 R3_w=inv48
15:
 R0=inv(id=0,smax_value=48,var32_off=(0x0; 0xffffffff))
15: (b7) r1 = 0
16:
 R0=inv(id=0,smax_value=48,var32_off=(0x0; 0xffffffff))
 R1_w=inv0
16: (bf) r8 = r0
17:
 R0=inv(id=0,smax_value=48,var32_off=(0x0; 0xffffffff))
 R1_w=inv0
 R8_w=inv(id=0,smax_value=48,var32_off=(0x0; 0xffffffff))
17: (67) r8 <<= 32
18:
 R0=inv(id=0,smax_value=48,var32_off=(0x0; 0xffffffff))
 R1_w=inv0
 R8_w=inv(id=0,smax_value=9223372032559808512,
               umax_value=18446744069414584320,
               var_off=(0x0; 0xffffffff00000000),
               s32_min_value=0,
               s32_max_value=0,
               u32_max_value=0,
               var32_off=(0x0; 0x0))
18: (c7) r8 s>>= 32
19
 R0=inv(id=0,smax_value=48,var32_off=(0x0; 0xffffffff))
 R1_w=inv0
 R8_w=inv(id=0,smin_value=-2147483648,
               smax_value=2147483647,
               var32_off=(0x0; 0xffffffff))
19: (cd) if r1 s< r8 goto pc+16
 R0=inv(id=0,smax_value=48,var32_off=(0x0; 0xffffffff))
 R1_w=inv0
 R8_w=inv(id=0,smin_value=-2147483648,
               smax_value=0,
               var32_off=(0x0; 0xffffffff))
20:
 R0=inv(id=0,smax_value=48,var32_off=(0x0; 0xffffffff))
 R1_w=inv0
 R8_w=inv(id=0,smin_value=-2147483648,
               smax_value=0,
 R9=inv48
20: (1f) r9 -= r8
21: (bf) r2 = r7
22:
 R2_w=map_value(id=0,off=0,ks=8,vs=48,imm=0)
22: (0f) r2 += r8
value -2147483648 makes map_value pointer be out of bounds

After call bpf_get_stack() on line 14 and some moves we have at line 16
an r8 bound with max_value 48 but an unknown min value. This is to be
expected bpf_get_stack call can only return a max of the input size but
is free to return any negative error in the 32-bit register space. The
C helper is returning an int so will use lower 32-bits.

Lines 17 and 18 clear the top 32 bits with a left/right shift but use
ARSH so we still have worst case min bound before line 19 of -2147483648.
At this point the signed check 'r1 s< r8' meant to protect the addition
on line 22 where dst reg is a map_value pointer may very well return
true with a large negative number. Then the final line 22 will detect
this as an invalid operation and fail the program. What we want to do
is proceed only if r8 is positive non-error. So change 'r1 s< r8' to
'r1 s> r8' so that we jump if r8 is negative.

Next we will throw an error because we access past the end of the map
value. The map value size is 48 and sizeof(struct test_val) is 48 so
we walk off the end of the map value on the second call to
get bpf_get_stack(). Fix this by changing sizeof(struct test_val) to
24 by using 'sizeof(struct test_val) / 2'. After this everything passes
as expected.

Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/158560426019.10843.3285429543232025187.stgit@john-Precision-5820-Tower
2020-03-30 15:00:30 -07:00
..
gnu
map_tests selftests/bpf: Add batch ops testing to array bpf map 2020-01-15 14:00:35 -08:00
prog_tests bpf: Test_progs, add test to catch retval refine error handling 2020-03-30 15:00:30 -07:00
progs bpf: Test_progs, add test to catch retval refine error handling 2020-03-30 15:00:30 -07:00
verifier bpf: Test_verifier, bpf_get_stack return value add <0 2020-03-30 15:00:30 -07:00
.gitignore tools/testing/selftests/bpf: Add self-tests for new helper bpf_get_ns_current_pid_tgid. 2020-03-12 17:40:47 -07:00
bpf_legacy.h selftests/bpf: samples/bpf: Split off legacy stuff from bpf_helpers.h 2019-10-08 23:16:03 +02:00
bpf_rand.h bpf: add ld64 imm test cases 2018-05-14 19:11:45 -07:00
bpf_rlimit.h bpf: unify rlimit handling in selftests 2018-02-26 20:11:23 -08:00
bpf_tcp_helpers.h libbpf: Merge selftests' bpf_trace_helpers.h into libbpf's bpf_tracing.h 2020-03-02 16:25:14 -08:00
bpf_util.h selftests: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
cgroup_helpers.c selftests/bpf: Correct path to include msg + path 2019-10-03 17:21:57 +02:00
cgroup_helpers.h selftests/bpf: Fix const'ness in cgroup_helpers 2018-07-15 00:08:41 +02:00
config bpf: lsm: Add selftests for BPF_PROG_TYPE_LSM 2020-03-30 01:35:11 +02:00
flow_dissector_load.c selftests/bpf: run flow dissector tests in skb-less mode 2019-04-23 18:36:34 +02:00
flow_dissector_load.h selftests/bpf: properly return error from bpf_flow_load 2019-04-23 18:36:34 +02:00
get_cgroup_id_user.c tools/bpf: fix selftest get_cgroup_id_user 2018-06-08 00:10:07 +02:00
Makefile selftests/bpf: Add vmlinux.h selftest exercising tracing of syscalls 2020-03-13 23:30:53 +01:00
netcnt_common.h selftests/bpf: cgroup local storage-based network counters 2018-10-01 16:18:33 +02:00
tcp_client.py selftests/bpf: use localhost in tcp_{server,client}.py 2019-02-04 21:29:27 +01:00
tcp_server.py selftests/bpf: use localhost in tcp_{server,client}.py 2019-02-04 21:29:27 +01:00
test_align.c selftests/bpf: fix test_align liveliness expectations 2019-07-06 00:16:56 +02:00
test_bpftool_build.sh selftests, bpftool: Skip the build test if not in tree 2019-11-24 16:58:45 -08:00
test_bpftool.py selftests/bpf: Add test for "bpftool feature" command 2020-02-26 18:34:34 +01:00
test_bpftool.sh selftests/bpf: Add test for "bpftool feature" command 2020-02-26 18:34:34 +01:00
test_btf.c selftests/bpf: Don't check for btf fd in test_btf 2020-01-20 22:49:03 +01:00
test_btf.h bpf: Refactor BTF encoding macro to test_btf.h 2019-04-27 09:07:05 -07:00
test_cgroup_storage.c selftests/bpf: fix test_cgroup_storage on s390 2019-08-21 16:55:01 +02:00
test_cpp.cpp selftests: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
test_current_pid_tgid_new_ns.c tools/testing/selftests/bpf: Add self-tests for new helper bpf_get_ns_current_pid_tgid. 2020-03-12 17:40:47 -07:00
test_dev_cgroup.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 206 2019-05-30 11:29:53 -07:00
test_flow_dissector.c selftests: bpf: remove duplicated include 2019-01-29 00:09:26 +01:00
test_flow_dissector.sh selftests/bpf: Add test based on port range for BPF flow dissector 2020-01-27 11:25:07 +01:00
test_ftrace.sh selftests/bpf: Test function_graph tracer and bpf trampoline together 2019-12-11 15:19:29 -08:00
test_hashmap.c selftests: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
test_iptunnel_common.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 206 2019-05-30 11:29:53 -07:00
test_kmod.sh selftests: bpf: notification about privilege required to run test_kmod.sh testing script 2018-06-22 00:30:02 +02:00
test_lirc_mode2_user.c media: bpf: add bpf function to report mouse movement 2018-12-09 14:37:18 -08:00
test_lirc_mode2.sh media: bpf: add bpf function to report mouse movement 2018-12-09 14:37:18 -08:00
test_lpm_map.c bpf: lpm_trie: check left child of last leftmost node for NULL 2019-06-11 13:52:37 +02:00
test_lru_map.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 206 2019-05-30 11:29:53 -07:00
test_lwt_ip_encap.sh selftests/bpf: More compatible nc options in test_lwt_ip_encap 2019-10-08 23:59:22 +02:00
test_lwt_seg6local.sh selftests/bpf: update test_lwt_seg6local.sh according to iproute2 2018-08-03 10:19:33 +02:00
test_maps.c bpf, sockmap: Allow inserting listening TCP sockets into sockmap 2020-02-21 22:29:45 +01:00
test_maps.h bpf: Add BPF_MAP_TYPE_SK_STORAGE test to test_maps 2019-04-27 09:07:05 -07:00
test_netcnt.c selftests/bpf: fix incorrect users of create_and_get_cgroup 2019-01-07 13:15:55 -08:00
test_offload.py selftests: bpf: log direct file writes 2019-11-06 09:59:58 -08:00
test_progs.c selftests/bpf: Reset process and thread affinity after each test/sub-test 2020-03-17 19:31:13 +01:00
test_progs.h selftests/bpf: Reset process and thread affinity after each test/sub-test 2020-03-17 19:31:13 +01:00
test_select_reuseport_common.h bpf: Test BPF_PROG_TYPE_SK_REUSEPORT 2018-08-11 01:58:46 +02:00
test_skb_cgroup_id_user.c selftests/bpf: Don't hard-code root cgroup id 2019-12-04 17:56:22 -08:00
test_skb_cgroup_id.sh kselftests/bpf: use ping6 as the default ipv6 ping binary if it exists 2018-10-31 23:05:30 +01:00
test_sock_addr.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-06-17 20:20:36 -07:00
test_sock_addr.sh kselftests/bpf: use ping6 as the default ipv6 ping binary if it exists 2018-10-31 23:05:30 +01:00
test_sock_fields.c selftests: bpf: enable hi32 randomization for all tests 2019-05-24 18:58:37 -07:00
test_sock.c selftests: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
test_socket_cookie.c selftests/bpf: convert socket_cookie test to sk storage 2019-06-15 01:21:59 +02:00
test_sockmap_kern.h selftests: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
test_sockmap.c selftests: bpf: Use a temporary file in test_sockmap 2020-01-24 22:12:13 +01:00
test_stub.c selftests/bpf: Integrate verbose verifier log into test_progs 2019-11-24 16:58:45 -08:00
test_sysctl.c selftests: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
test_tag.c bpf: unify rlimit handling in selftests 2018-02-26 20:11:23 -08:00
test_tc_edt.sh selftests/bpf: More compatible nc options in test_tc_edt 2019-10-18 22:33:57 +02:00
test_tc_tunnel.sh selftests, bpf: Fix test_tc_tunnel hanging 2019-11-18 21:31:49 +01:00
test_tcp_check_syncookie_user.c selftests/bpf: add test for bpf_tcp_gen_syncookie 2019-07-30 21:03:05 -07:00
test_tcp_check_syncookie.sh selftests/bpf: add test for bpf_tcp_gen_syncookie 2019-07-30 21:03:05 -07:00
test_tcpbpf_user.c selftests/bpf: De-flake test_tcpbpf 2019-12-04 18:01:05 -08:00
test_tcpbpf.h selftests/bpf: De-flake test_tcpbpf 2019-12-04 18:01:05 -08:00
test_tcpnotify_user.c selftests/bpf: switch test_tcpnotify to perf_buffer API 2019-07-23 16:05:42 -07:00
test_tcpnotify.h selftests/bpf: add a test case for sock_ops perf-event notification 2018-11-09 09:40:17 +01:00
test_tunnel.sh selftests/bpf: fail test_tunnel.sh if subtests fail 2019-05-28 11:08:57 +02:00
test_verifier_log.c bpf: unify rlimit handling in selftests 2018-02-26 20:11:23 -08:00
test_verifier.c bpf: Add further test_verifier cases for record_func_key 2019-12-19 13:39:22 -08:00
test_xdp_meta.sh tools/bpf: fix batch-mode test failure of test_xdp_redirect.sh 2018-02-06 11:34:42 +01:00
test_xdp_redirect.sh tools/bpf: fix batch-mode test failure of test_xdp_redirect.sh 2018-02-06 11:34:42 +01:00
test_xdp_veth.sh selftests, bpf: Add test for veth native XDP 2019-06-24 18:18:30 -07:00
test_xdp_vlan_mode_generic.sh selftests/bpf: add wrapper scripts for test_xdp_vlan.sh 2019-08-05 11:17:40 -07:00
test_xdp_vlan_mode_native.sh selftests/bpf: add wrapper scripts for test_xdp_vlan.sh 2019-08-05 11:17:40 -07:00
test_xdp_vlan.sh selftests/bpf: reduce time to execute test_xdp_vlan.sh 2019-08-05 11:17:40 -07:00
test_xdping.sh selftests/bpf: measure RTT from xdp using xdping 2019-05-31 19:53:45 -07:00
trace_helpers.c samples, bpf: Move read_trace_pipe to trace_helpers 2020-03-23 22:27:51 +01:00
trace_helpers.h samples, bpf: Move read_trace_pipe to trace_helpers 2020-03-23 22:27:51 +01:00
urandom_read.c selftests: bpf: modify urandom_read and link it non-statically 2019-03-21 19:37:30 -07:00
with_addr.sh selftests/bpf: test bpf flow dissection 2018-09-14 12:04:33 -07:00
with_tunnels.sh selftests/bpf: test bpf flow dissection 2018-09-14 12:04:33 -07:00
xdping.c selftests: bpf: correct perror strings 2019-11-28 22:40:30 -08:00
xdping.h selftests/bpf: measure RTT from xdp using xdping 2019-05-31 19:53:45 -07:00