On Mon, Jan 8, 2024 at 12:53 PM Maxim Mikityanskiy maxtram95@gmail.com wrote:
From: Maxim Mikityanskiy maxim@isovalent.com
The previous commit implemented assigning IDs to registers holding scalars before spill. Add the test cases to check the new functionality.
Signed-off-by: Maxim Mikityanskiy maxim@isovalent.com Acked-by: Eduard Zingerman eddyz87@gmail.com
.../selftests/bpf/progs/verifier_spill_fill.c | 133 ++++++++++++++++++ 1 file changed, 133 insertions(+)
diff --git a/tools/testing/selftests/bpf/progs/verifier_spill_fill.c b/tools/testing/selftests/bpf/progs/verifier_spill_fill.c index f303ac19cf41..b05aab925ee5 100644 --- a/tools/testing/selftests/bpf/progs/verifier_spill_fill.c +++ b/tools/testing/selftests/bpf/progs/verifier_spill_fill.c @@ -766,4 +766,137 @@ l0_%=: r0 = 0; \ : __clobber_all); }
[...]
+SEC("xdp") +__description("8-bit spill of 8-bit reg should assign ID") +__success __retval(0) +__naked void spill_8bit_of_8bit_ok(void) +{
asm volatile (" \/* Roll one bit to make the register inexact. */\call %[bpf_get_prandom_u32]; \r0 &= 0x80; \/* 8-bit spill r0 to stack - should assign an ID. */\*(u8*)(r10 - 8) = r0; \/* 8-bit fill r1 from stack - should preserve the ID. */\r1 = *(u8*)(r10 - 8); \/* Compare r1 with another register to trigger find_equal_scalars.\* Having one random bit is important here, otherwise the verifier cuts\* the corners. \*/ \r2 = 0; \if r1 != r2 goto l0_%=; \/* The result of this comparison is predefined. */\if r0 == r2 goto l0_%=; \/* Dead branch: the verifier should prune it. Do an invalid memory\* access if the verifier follows it. \*/ \r0 = *(u64*)(r9 + 0); \exit; \+l0_%=: r0 = 0; \
exit; \+" :
: __imm(bpf_get_prandom_u32): __clobber_all);+}
Can you add a test where we spill register of one size and fill a different size? And what should the behavior be? Should we or should we not preserve linked IDs in such situation?
char _license[] SEC("license") = "GPL";
2.43.0