Received: by 2002:a05:6a10:2785:0:0:0:0 with SMTP id ia5csp3125422pxb; Tue, 12 Jan 2021 07:00:22 -0800 (PST) X-Google-Smtp-Source: ABdhPJxgdCTkpLlJjZ4gV3fI80l2GsOkgvBH8XorO5nUnVaOAcOz8maIbLYNgEOhw/b6VdLQZ0CF X-Received: by 2002:a50:e719:: with SMTP id a25mr3749283edn.12.1610463622236; Tue, 12 Jan 2021 07:00:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1610463622; cv=none; d=google.com; s=arc-20160816; b=BlbQbZBkFgwdOmNGDTVNvz9qqaOnBJYi3Nd2cU9MlN5l/7wP6rWLsNWz7+ElJUdBWH RS12k+PCxC2ktEGbUkwQkc7yDZJdW+IZ/vLBXm9AEdPtMPMHzUcszK2NK0pVs1W8yEhR jswXDtl31YHFC6jY20BJb4KScBrclxuLynT383CAH65Ak8OdlKLQ+mdoZawtiqmf1Osp 0tI074XnBx27xs36BGC9HQLpDXoduSFNUk4rk398uAOBgvHrjCmapgHo5t26mikvJrjZ 4xnxK5RpfXpXViyaCJjuoe6e9+DNqafGgKKvTuBLJWTQdoWr5ejdqwZkFCj/uOUagMKq P5Ng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=HvZAxRbmKTOzfWJZ91dabzp2MoEfkK5+HVWL8/OCeqg=; b=ij9pg0X05rJq1vHXqu0Yf5joykeQ1Jra7zy+7S44ilcMz+K0NkNUcZARiWIARDIaKz oOBkSAR3AW3qFYwtLkXEYhIkuJDmtczuYmT7ndToHtSRMKoqUAWsqj+aN5t/hdL0Caw6 KmtXJ2dpjTbGrDiZB9ZeC8lOb5LhhK3/vm23TrV4wjDCYt3RU+bCZT4PWw25JzJG5gen P953LBJU+/9jt0QA7ZCy4P8j/JjL9m9x/VsbYW+Cy2PY/3ilt3QkuXAvfGhG37nMp2ce qQkb1EzvzA1fVmbzcwU0j+EvhmMmKSkmOD4p1feM6cH2Q4FKAyYUpbBqbQWuKKXjQJQB UpOw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=alNY+Vjm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u18si1475553edy.420.2021.01.12.06.59.54; Tue, 12 Jan 2021 07:00:22 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=alNY+Vjm; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388992AbhALO4x (ORCPT + 99 others); Tue, 12 Jan 2021 09:56:53 -0500 Received: from mail.kernel.org ([198.145.29.99]:60464 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388969AbhALO4x (ORCPT ); Tue, 12 Jan 2021 09:56:53 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 3E8B523134 for ; Tue, 12 Jan 2021 14:56:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1610463372; bh=qme/Mg8GwGx197LNmKM/I8ea4z8PwVO+XEsx8eGoIzA=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=alNY+VjmDFGHqReI69N1lfH/vDZnLe+IUsBT8m2MV7/oMWmQ6bbNRmcQBMN+pElTM JMN1n9ig/mu5H8/tb+3D/aRSSU11TuoSRwagwF7EtpXKFEIR2tyq6MFu82vwhB3fkg cleDumE5IBrXgpXs7Ypf2L2kVEZpd9eWF0TlzcALpPeK/DAB30u3Qr6y87GGyKEMpT G4qzNgdsM1C+M20Y0OSDliJVklIy7+DKQJanJw7KGYt48F+EU3hiuvcJlaaKmGiSIU SDgVRk4YydGqrqx/9RYGuJmmVmdCnBVENJmNrHxmjIg0X6+vktU3NbjaxMVBAmWx6+ XMWAHRW9fpSPw== Received: by mail-lf1-f47.google.com with SMTP id b26so3764516lff.9 for ; Tue, 12 Jan 2021 06:56:12 -0800 (PST) X-Gm-Message-State: AOAM532ro/bNYM1OXPm3cU8sjuMUd2B6A7CdsWyIxY8fdDhPYWN6UcPP 3+Fu+yZW8ftgSuYBLXa/xV9HgWRnaK4OsrNFscFPuQ== X-Received: by 2002:a19:810:: with SMTP id 16mr2418512lfi.233.1610463370437; Tue, 12 Jan 2021 06:56:10 -0800 (PST) MIME-Version: 1.0 References: <20210112091545.10535-1-gilad.reti@gmail.com> In-Reply-To: <20210112091545.10535-1-gilad.reti@gmail.com> From: KP Singh Date: Tue, 12 Jan 2021 15:55:59 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 2/2] selftests/bpf: add verifier test for PTR_TO_MEM spill To: Gilad Reti Cc: bpf , Shuah Khan , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , linux-kselftest@vger.kernel.org, Networking , open list Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jan 12, 2021 at 10:16 AM Gilad Reti wrote: > > Add test to check that the verifier is able to recognize spilling of > PTR_TO_MEM registers. > It would be nice to have some explanation of what the test does to recognize the spilling of the PTR_TO_MEM registers in the commit log as well. Would it be possible to augment an existing test_progs program like tools/testing/selftests/bpf/progs/test_ringbuf.c to test this functionality? > The patch was partially contibuted by CyberArk Software, Inc. > > Signed-off-by: Gilad Reti > --- > tools/testing/selftests/bpf/test_verifier.c | 12 +++++++- > .../selftests/bpf/verifier/spill_fill.c | 30 +++++++++++++++++++ > 2 files changed, 41 insertions(+), 1 deletion(-) > > diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c > index 777a81404fdb..f8569f04064b 100644 > --- a/tools/testing/selftests/bpf/test_verifier.c > +++ b/tools/testing/selftests/bpf/test_verifier.c > @@ -50,7 +50,7 @@ > #define MAX_INSNS BPF_MAXINSNS > #define MAX_TEST_INSNS 1000000 > #define MAX_FIXUPS 8 > -#define MAX_NR_MAPS 20 > +#define MAX_NR_MAPS 21 > #define MAX_TEST_RUNS 8 > #define POINTER_VALUE 0xcafe4all > #define TEST_DATA_LEN 64 > @@ -87,6 +87,7 @@ struct bpf_test { > int fixup_sk_storage_map[MAX_FIXUPS]; > int fixup_map_event_output[MAX_FIXUPS]; > int fixup_map_reuseport_array[MAX_FIXUPS]; > + int fixup_map_ringbuf[MAX_FIXUPS]; > const char *errstr; > const char *errstr_unpriv; > uint32_t insn_processed; > @@ -640,6 +641,7 @@ static void do_test_fixup(struct bpf_test *test, enum bpf_prog_type prog_type, > int *fixup_sk_storage_map = test->fixup_sk_storage_map; > int *fixup_map_event_output = test->fixup_map_event_output; > int *fixup_map_reuseport_array = test->fixup_map_reuseport_array; > + int *fixup_map_ringbuf = test->fixup_map_ringbuf; > > if (test->fill_helper) { > test->fill_insns = calloc(MAX_TEST_INSNS, sizeof(struct bpf_insn)); > @@ -817,6 +819,14 @@ static void do_test_fixup(struct bpf_test *test, enum bpf_prog_type prog_type, > fixup_map_reuseport_array++; > } while (*fixup_map_reuseport_array); > } > + if (*fixup_map_ringbuf) { > + map_fds[20] = create_map(BPF_MAP_TYPE_RINGBUF, 0, > + 0, 4096); > + do { > + prog[*fixup_map_ringbuf].imm = map_fds[20]; > + fixup_map_ringbuf++; > + } while (*fixup_map_ringbuf); > + } > } > > struct libcap { > diff --git a/tools/testing/selftests/bpf/verifier/spill_fill.c b/tools/testing/selftests/bpf/verifier/spill_fill.c > index 45d43bf82f26..1833b6c730dd 100644 > --- a/tools/testing/selftests/bpf/verifier/spill_fill.c > +++ b/tools/testing/selftests/bpf/verifier/spill_fill.c > @@ -28,6 +28,36 @@ > .result = ACCEPT, > .result_unpriv = ACCEPT, > }, > +{ > + "check valid spill/fill, ptr to mem", > + .insns = { > + /* reserve 8 byte ringbuf memory */ > + BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), > + BPF_LD_MAP_FD(BPF_REG_1, 0), > + BPF_MOV64_IMM(BPF_REG_2, 8), > + BPF_MOV64_IMM(BPF_REG_3, 0), > + BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_ringbuf_reserve), > + /* store a pointer to the reserved memory in R6 */ > + BPF_MOV64_REG(BPF_REG_6, BPF_REG_0), > + /* check whether the reservation was successful */ > + BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 6), > + /* spill R6(mem) into the stack */ > + BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_6, -8), > + /* fill it back in R7 */ > + BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_10, -8), > + /* should be able to access *(R7) = 0 */ > + BPF_ST_MEM(BPF_DW, BPF_REG_7, 0, 0), > + /* submit the reserved rungbuf memory */ > + BPF_MOV64_REG(BPF_REG_1, BPF_REG_7), > + BPF_MOV64_IMM(BPF_REG_2, 0), > + BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_ringbuf_submit), > + BPF_MOV64_IMM(BPF_REG_0, 0), > + BPF_EXIT_INSN(), > + }, > + .fixup_map_ringbuf = { 1 }, > + .result = ACCEPT, > + .result_unpriv = ACCEPT, > +}, > { > "check corrupted spill/fill", > .insns = { > -- > 2.27.0 >