tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

selftests/bpf: Tests for is_scalar_branch_taken tnum logic

This patch adds tests for the new jeq and jne logic in
is_scalar_branch_taken. The following shows the first test failing
before the previous patch is applied. Once the previous patch is
applied, the verifier can use the tnum values to deduce that instruction
7 is dead code.

0: call bpf_get_prandom_u32#7 ; R0_w=scalar()
1: w0 = w0 ; R0_w=scalar(smin=0,smax=umax=0xffffffff,var_off=(0x0; 0xffffffff))
2: r0 >>= 30 ; R0_w=scalar(smin=smin32=0,smax=umax=smax32=umax32=3,var_off=(0x0; 0x3))
3: r0 <<= 30 ; R0_w=scalar(smin=0,smax=umax=umax32=0xc0000000,smax32=0x40000000,var_off=(0x0; 0xc0000000))
4: r1 = r0 ; R0_w=scalar(id=1,smin=0,smax=umax=umax32=0xc0000000,smax32=0x40000000,var_off=(0x0; 0xc0000000)) R1_w=scalar(id=1,smin=0,smax=umax=umax32=0xc0000000,smax32=0x40000000,var_off=(0x0; 0xc0000000))
5: r1 += 1024 ; R1_w=scalar(smin=umin=umin32=1024,smax=umax=umax32=0xc0000400,smin32=0x80000400,smax32=0x40000400,var_off=(0x400; 0xc0000000))
6: if r1 != r0 goto pc+1 ; R0_w=scalar(id=1,smin=umin=umin32=1024,smax=umax=umax32=0xc0000000,smin32=0x80000400,smax32=0x40000000,var_off=(0x400; 0xc0000000)) R1_w=scalar(smin=umin=umin32=1024,smax=umax=umax32=0xc0000000,smin32=0x80000400,smax32=0x40000400,var_off=(0x400; 0xc0000000))
7: r10 = 0
frame pointer is read only

Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Eduard Zingerman <eddyz87@gmail.com>
Link: https://lore.kernel.org/bpf/550004f935e2553bdb2fb1f09cbde7d0452112d0.1755694148.git.paul.chaignon@gmail.com

authored by

Paul Chaignon and committed by
Daniel Borkmann 0780f54a f41345f4

+41
+41
tools/testing/selftests/bpf/progs/verifier_bounds.c
··· 1668 1668 : __clobber_all); 1669 1669 } 1670 1670 1671 + SEC("socket") 1672 + __description("dead jne branch due to disagreeing tnums") 1673 + __success __log_level(2) 1674 + __naked void jne_disagreeing_tnums(void *ctx) 1675 + { 1676 + asm volatile(" \ 1677 + call %[bpf_get_prandom_u32]; \ 1678 + w0 = w0; \ 1679 + r0 >>= 30; \ 1680 + r0 <<= 30; \ 1681 + r1 = r0; \ 1682 + r1 += 1024; \ 1683 + if r1 != r0 goto +1; \ 1684 + r10 = 0; \ 1685 + exit; \ 1686 + " : 1687 + : __imm(bpf_get_prandom_u32) 1688 + : __clobber_all); 1689 + } 1690 + 1691 + SEC("socket") 1692 + __description("dead jeq branch due to disagreeing tnums") 1693 + __success __log_level(2) 1694 + __naked void jeq_disagreeing_tnums(void *ctx) 1695 + { 1696 + asm volatile(" \ 1697 + call %[bpf_get_prandom_u32]; \ 1698 + w0 = w0; \ 1699 + r0 >>= 30; \ 1700 + r0 <<= 30; \ 1701 + r1 = r0; \ 1702 + r1 += 1024; \ 1703 + if r1 == r0 goto +1; \ 1704 + exit; \ 1705 + r10 = 0; \ 1706 + exit; \ 1707 + " : 1708 + : __imm(bpf_get_prandom_u32) 1709 + : __clobber_all); 1710 + } 1711 + 1671 1712 char _license[] SEC("license") = "GPL";