NOTE: the fixes were manually adjusted to apply to 5.4, so copying bpf@ to see if there are any concerns.
With this patchseries (applied on top of [1], which was not merged yet), all bpf verifier selftests pass: root@intel-x86-64:~# ./test_verifier ... #1056/p XDP pkt read, pkt_meta' <= pkt_data, good access OK #1057/p XDP pkt read, pkt_meta' <= pkt_data, bad access 1 OK #1058/p XDP pkt read, pkt_meta' <= pkt_data, bad access 2 OK #1059/p XDP pkt read, pkt_data <= pkt_meta', good access OK #1060/p XDP pkt read, pkt_data <= pkt_meta', bad access 1 OK #1061/p XDP pkt read, pkt_data <= pkt_meta', bad access 2 OK Summary: 1571 PASSED, 0 SKIPPED, 0 FAILED
[1] https://lore.kernel.org/stable/20210804172001.3909228-2-ovidiu.panait@windri...
Daniel Borkmann (4): bpf: Inherit expanded/patched seen count from old aux data bpf: Do not mark insn as seen under speculative path verification bpf: Fix leakage under speculation on mispredicted branches bpf, selftests: Adjust few selftest outcomes wrt unreachable code
John Fastabend (2): bpf: Test_verifier, add alu32 bounds tracking tests bpf, selftests: Add a verifier test for assigning 32bit reg states to 64bit ones
kernel/bpf/verifier.c | 65 +++++++++++++++++-- tools/testing/selftests/bpf/test_verifier.c | 2 +- tools/testing/selftests/bpf/verifier/bounds.c | 65 +++++++++++++++++++ .../selftests/bpf/verifier/dead_code.c | 2 + tools/testing/selftests/bpf/verifier/jmp32.c | 22 +++++++ tools/testing/selftests/bpf/verifier/jset.c | 10 +-- tools/testing/selftests/bpf/verifier/unpriv.c | 2 + .../selftests/bpf/verifier/value_ptr_arith.c | 7 +- 8 files changed, 160 insertions(+), 15 deletions(-)