Received: by 2002:a05:6a10:2785:0:0:0:0 with SMTP id ia5csp3125422pxb;
        Tue, 12 Jan 2021 07:00:22 -0800 (PST)
X-Google-Smtp-Source: ABdhPJxgdCTkpLlJjZ4gV3fI80l2GsOkgvBH8XorO5nUnVaOAcOz8maIbLYNgEOhw/b6VdLQZ0CF
X-Received: by 2002:a50:e719:: with SMTP id a25mr3749283edn.12.1610463622236;
        Tue, 12 Jan 2021 07:00:22 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1610463622; cv=none;
        d=google.com; s=arc-20160816;
        b=BlbQbZBkFgwdOmNGDTVNvz9qqaOnBJYi3Nd2cU9MlN5l/7wP6rWLsNWz7+ElJUdBWH
         RS12k+PCxC2ktEGbUkwQkc7yDZJdW+IZ/vLBXm9AEdPtMPMHzUcszK2NK0pVs1W8yEhR
         jswXDtl31YHFC6jY20BJb4KScBrclxuLynT383CAH65Ak8OdlKLQ+mdoZawtiqmf1Osp
         0tI074XnBx27xs36BGC9HQLpDXoduSFNUk4rk398uAOBgvHrjCmapgHo5t26mikvJrjZ
         4xnxK5RpfXpXViyaCJjuoe6e9+DNqafGgKKvTuBLJWTQdoWr5ejdqwZkFCj/uOUagMKq
         P5Ng==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=HvZAxRbmKTOzfWJZ91dabzp2MoEfkK5+HVWL8/OCeqg=;
        b=ij9pg0X05rJq1vHXqu0Yf5joykeQ1Jra7zy+7S44ilcMz+K0NkNUcZARiWIARDIaKz
         oOBkSAR3AW3qFYwtLkXEYhIkuJDmtczuYmT7ndToHtSRMKoqUAWsqj+aN5t/hdL0Caw6
         KmtXJ2dpjTbGrDiZB9ZeC8lOb5LhhK3/vm23TrV4wjDCYt3RU+bCZT4PWw25JzJG5gen
         P953LBJU+/9jt0QA7ZCy4P8j/JjL9m9x/VsbYW+Cy2PY/3ilt3QkuXAvfGhG37nMp2ce
         qQkb1EzvzA1fVmbzcwU0j+EvhmMmKSkmOD4p1feM6cH2Q4FKAyYUpbBqbQWuKKXjQJQB
         UpOw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=alNY+Vjm;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id u18si1475553edy.420.2021.01.12.06.59.54;
        Tue, 12 Jan 2021 07:00:22 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=alNY+Vjm;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2388992AbhALO4x (ORCPT <rfc822;linux.sihyeon@gmail.com>
        + 99 others); Tue, 12 Jan 2021 09:56:53 -0500
Received: from mail.kernel.org ([198.145.29.99]:60464 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2388969AbhALO4x (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 12 Jan 2021 09:56:53 -0500
Received: by mail.kernel.org (Postfix) with ESMTPSA id 3E8B523134
        for <linux-kernel@vger.kernel.org>; Tue, 12 Jan 2021 14:56:12 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1610463372;
        bh=qme/Mg8GwGx197LNmKM/I8ea4z8PwVO+XEsx8eGoIzA=;
        h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
        b=alNY+VjmDFGHqReI69N1lfH/vDZnLe+IUsBT8m2MV7/oMWmQ6bbNRmcQBMN+pElTM
         JMN1n9ig/mu5H8/tb+3D/aRSSU11TuoSRwagwF7EtpXKFEIR2tyq6MFu82vwhB3fkg
         cleDumE5IBrXgpXs7Ypf2L2kVEZpd9eWF0TlzcALpPeK/DAB30u3Qr6y87GGyKEMpT
         G4qzNgdsM1C+M20Y0OSDliJVklIy7+DKQJanJw7KGYt48F+EU3hiuvcJlaaKmGiSIU
         SDgVRk4YydGqrqx/9RYGuJmmVmdCnBVENJmNrHxmjIg0X6+vktU3NbjaxMVBAmWx6+
         XMWAHRW9fpSPw==
Received: by mail-lf1-f47.google.com with SMTP id b26so3764516lff.9
        for <linux-kernel@vger.kernel.org>; Tue, 12 Jan 2021 06:56:12 -0800 (PST)
X-Gm-Message-State: AOAM532ro/bNYM1OXPm3cU8sjuMUd2B6A7CdsWyIxY8fdDhPYWN6UcPP
        3+Fu+yZW8ftgSuYBLXa/xV9HgWRnaK4OsrNFscFPuQ==
X-Received: by 2002:a19:810:: with SMTP id 16mr2418512lfi.233.1610463370437;
 Tue, 12 Jan 2021 06:56:10 -0800 (PST)
MIME-Version: 1.0
References: <20210112091545.10535-1-gilad.reti@gmail.com>
In-Reply-To: <20210112091545.10535-1-gilad.reti@gmail.com>
From:   KP Singh <kpsingh@kernel.org>
Date:   Tue, 12 Jan 2021 15:55:59 +0100
X-Gmail-Original-Message-ID: <CACYkzJ69serkHRymzDEAcQ-_KAdHA+RxP4qpAwzGmppWUxYeQQ@mail.gmail.com>
Message-ID: <CACYkzJ69serkHRymzDEAcQ-_KAdHA+RxP4qpAwzGmppWUxYeQQ@mail.gmail.com>
Subject: Re: [PATCH 2/2] selftests/bpf: add verifier test for PTR_TO_MEM spill
To:     Gilad Reti <gilad.reti@gmail.com>
Cc:     bpf <bpf@vger.kernel.org>, Shuah Khan <shuah@kernel.org>,
        Alexei Starovoitov <ast@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>,
        Andrii Nakryiko <andrii@kernel.org>,
        Martin KaFai Lau <kafai@fb.com>,
        Song Liu <songliubraving@fb.com>, Yonghong Song <yhs@fb.com>,
        John Fastabend <john.fastabend@gmail.com>,
        linux-kselftest@vger.kernel.org,
        Networking <netdev@vger.kernel.org>,
        open list <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Jan 12, 2021 at 10:16 AM Gilad Reti <gilad.reti@gmail.com> wrote:
>
> Add test to check that the verifier is able to recognize spilling of
> PTR_TO_MEM registers.
>

It would be nice to have some explanation of what the test does to
recognize the spilling of the PTR_TO_MEM registers in the commit
log as well.

Would it be possible to augment an existing test_progs
program like tools/testing/selftests/bpf/progs/test_ringbuf.c to test
this functionality?



> The patch was partially contibuted by CyberArk Software, Inc.
>
> Signed-off-by: Gilad Reti <gilad.reti@gmail.com>
> ---
>  tools/testing/selftests/bpf/test_verifier.c   | 12 +++++++-
>  .../selftests/bpf/verifier/spill_fill.c       | 30 +++++++++++++++++++
>  2 files changed, 41 insertions(+), 1 deletion(-)
>
> diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c
> index 777a81404fdb..f8569f04064b 100644
> --- a/tools/testing/selftests/bpf/test_verifier.c
> +++ b/tools/testing/selftests/bpf/test_verifier.c
> @@ -50,7 +50,7 @@
>  #define MAX_INSNS      BPF_MAXINSNS
>  #define MAX_TEST_INSNS 1000000
>  #define MAX_FIXUPS     8
> -#define MAX_NR_MAPS    20
> +#define MAX_NR_MAPS    21
>  #define MAX_TEST_RUNS  8
>  #define POINTER_VALUE  0xcafe4all
>  #define TEST_DATA_LEN  64
> @@ -87,6 +87,7 @@ struct bpf_test {
>         int fixup_sk_storage_map[MAX_FIXUPS];
>         int fixup_map_event_output[MAX_FIXUPS];
>         int fixup_map_reuseport_array[MAX_FIXUPS];
> +       int fixup_map_ringbuf[MAX_FIXUPS];
>         const char *errstr;
>         const char *errstr_unpriv;
>         uint32_t insn_processed;
> @@ -640,6 +641,7 @@ static void do_test_fixup(struct bpf_test *test, enum bpf_prog_type prog_type,
>         int *fixup_sk_storage_map = test->fixup_sk_storage_map;
>         int *fixup_map_event_output = test->fixup_map_event_output;
>         int *fixup_map_reuseport_array = test->fixup_map_reuseport_array;
> +       int *fixup_map_ringbuf = test->fixup_map_ringbuf;
>
>         if (test->fill_helper) {
>                 test->fill_insns = calloc(MAX_TEST_INSNS, sizeof(struct bpf_insn));
> @@ -817,6 +819,14 @@ static void do_test_fixup(struct bpf_test *test, enum bpf_prog_type prog_type,
>                         fixup_map_reuseport_array++;
>                 } while (*fixup_map_reuseport_array);
>         }
> +       if (*fixup_map_ringbuf) {
> +               map_fds[20] = create_map(BPF_MAP_TYPE_RINGBUF, 0,
> +                                          0, 4096);
> +               do {
> +                       prog[*fixup_map_ringbuf].imm = map_fds[20];
> +                       fixup_map_ringbuf++;
> +               } while (*fixup_map_ringbuf);
> +       }
>  }
>
>  struct libcap {
> diff --git a/tools/testing/selftests/bpf/verifier/spill_fill.c b/tools/testing/selftests/bpf/verifier/spill_fill.c
> index 45d43bf82f26..1833b6c730dd 100644
> --- a/tools/testing/selftests/bpf/verifier/spill_fill.c
> +++ b/tools/testing/selftests/bpf/verifier/spill_fill.c
> @@ -28,6 +28,36 @@
>         .result = ACCEPT,
>         .result_unpriv = ACCEPT,
>  },
> +{
> +       "check valid spill/fill, ptr to mem",
> +       .insns = {
> +       /* reserve 8 byte ringbuf memory */
> +       BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
> +       BPF_LD_MAP_FD(BPF_REG_1, 0),
> +       BPF_MOV64_IMM(BPF_REG_2, 8),
> +       BPF_MOV64_IMM(BPF_REG_3, 0),
> +       BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_ringbuf_reserve),
> +       /* store a pointer to the reserved memory in R6 */
> +       BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
> +       /* check whether the reservation was successful */
> +       BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 6),
> +       /* spill R6(mem) into the stack */
> +       BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_6, -8),
> +       /* fill it back in R7 */
> +       BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_10, -8),
> +       /* should be able to access *(R7) = 0 */
> +       BPF_ST_MEM(BPF_DW, BPF_REG_7, 0, 0),
> +       /* submit the reserved rungbuf memory */
> +       BPF_MOV64_REG(BPF_REG_1, BPF_REG_7),
> +       BPF_MOV64_IMM(BPF_REG_2, 0),
> +       BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_ringbuf_submit),
> +       BPF_MOV64_IMM(BPF_REG_0, 0),
> +       BPF_EXIT_INSN(),
> +       },
> +       .fixup_map_ringbuf = { 1 },
> +       .result = ACCEPT,
> +       .result_unpriv = ACCEPT,
> +},
>  {
>         "check corrupted spill/fill",
>         .insns = {
> --
> 2.27.0
>