]> www.infradead.org Git - linux.git/commitdiff
projects / linux.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: aa30eb3)
selftests/bpf: Test with a very short loop
authorEduard Zingerman <eddyz87@gmail.com>
Tue, 29 Oct 2024 17:26:41 +0000 (10:26 -0700)
committerAndrii Nakryiko <andrii@kernel.org>
Tue, 29 Oct 2024 18:42:23 +0000 (11:42 -0700)
The test added is a simplified reproducer from syzbot report [1].
If verifier does not insert checkpoint somewhere inside the loop,
verification of the program would take a very long time.

This would happen because mark_chain_precision() for register r7 would
constantly trace jump history of the loop back, processing many
iterations for each mark_chain_precision() call.

[1] https://lore.kernel.org/bpf/670429f6.050a0220.49194.0517.GAE@google.com/

Signed-off-by: Eduard Zingerman <eddyz87@gmail.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20241029172641.1042523-2-eddyz87@gmail.com
tools/testing/selftests/bpf/progs/verifier_search_pruning.c patch | blob | history
tools/testing/selftests/bpf/veristat.cfg patch | blob | history

diff --git a/tools/testing/selftests/bpf/progs/verifier_search_pruning.c b/tools/testing/selftests/bpf/progs/verifier_search_pruning.c
index 5a14498d352f3ef9760f536f0b46ff05aef0b1f1..f40e57251e9419a9ea6a8639e2befce8d68747ee 100644 (file)
--- a/tools/testing/selftests/bpf/progs/verifier_search_pruning.c
+++ b/tools/testing/selftests/bpf/progs/verifier_search_pruning.c
@@ -2,6 +2,7 @@
 /* Converted from tools/testing/selftests/bpf/verifier/search_pruning.c */
 
 #include <linux/bpf.h>
+#include <../../../include/linux/filter.h>
 #include <bpf/bpf_helpers.h>
 #include "bpf_misc.h"
 
@@ -336,4 +337,26 @@ l0_%=:     r1 = 42;                                        \
        : __clobber_all);
 }
 
+/* Without checkpoint forcibly inserted at the back-edge a loop this
+ * test would take a very long time to verify.
+ */
+SEC("kprobe")
+__failure __log_level(4)
+__msg("BPF program is too large.")
+__naked void short_loop1(void)
+{
+       asm volatile (
+       "   r7 = *(u16 *)(r1 +0);"
+       "1: r7 += 0x1ab064b9;"
+       "   .8byte %[jset];" /* same as 'if r7 & 0x702000 goto 1b;' */
+       "   r7 &= 0x1ee60e;"
+       "   r7 += r1;"
+       "   if r7 s> 0x37d2 goto +0;"
+       "   r0 = 0;"
+       "   exit;"
+       :
+       : __imm_insn(jset, BPF_JMP_IMM(BPF_JSET, BPF_REG_7, 0x702000, -2))
+       : __clobber_all);
+}
+
 char _license[] SEC("license") = "GPL";
diff --git a/tools/testing/selftests/bpf/veristat.cfg b/tools/testing/selftests/bpf/veristat.cfg
index 1a385061618d849aeeb08ff39da331618c13db89..e661ffdcaadff187b2100306bde2df91c16ea8aa 100644 (file)
--- a/tools/testing/selftests/bpf/veristat.cfg
+++ b/tools/testing/selftests/bpf/veristat.cfg
@@ -15,3 +15,4 @@ test_usdt*
 test_verif_scale*
 test_xdp_noinline*
 xdp_synproxy*
+verifier_search_pruning*
Unnamed repository; edit this file 'description' to name the repository.