> On Jul 30, 2019, at 6:38 PM, Alexei Starovoitov <ast@xxxxxxxxxx> wrote:
>
> Add 2 tests that check JIT code generation to jumps to 1st insn.
> 1st test is similar to syzbot reproducer.
> The backwards branch is never taken at runtime.
> 2nd test has branch to 1st insn that executes.
> The test is written as two bpf functions, since it's not possible
> to construct valid single bpf program that jumps to 1st insn.
>
> Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxx>
Acked-by: Song Liu <songliubraving@xxxxxx>
> ---
> tools/testing/selftests/bpf/verifier/loops1.c | 28 +++++++++++++++++++
> 1 file changed, 28 insertions(+)
>
> diff --git a/tools/testing/selftests/bpf/verifier/loops1.c b/tools/testing/selftests/bpf/verifier/loops1.c
> index 5e980a5ab69d..1fc4e61e9f9f 100644
> --- a/tools/testing/selftests/bpf/verifier/loops1.c
> +++ b/tools/testing/selftests/bpf/verifier/loops1.c
> @@ -159,3 +159,31 @@
> .errstr = "loop detected",
> .prog_type = BPF_PROG_TYPE_TRACEPOINT,
> },
> +{
> + "not-taken loop with back jump to 1st insn",
> + .insns = {
> + BPF_MOV64_IMM(BPF_REG_0, 123),
> + BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 4, -2),
> + BPF_EXIT_INSN(),
> + },
> + .result = ACCEPT,
> + .prog_type = BPF_PROG_TYPE_XDP,
> + .retval = 123,
> +},
> +{
> + "taken loop with back jump to 1st insn",
> + .insns = {
> + BPF_MOV64_IMM(BPF_REG_1, 10),
> + BPF_MOV64_IMM(BPF_REG_2, 0),
> + BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 1, 0, 1),
> + BPF_EXIT_INSN(),
> + BPF_ALU64_REG(BPF_ADD, BPF_REG_2, BPF_REG_1),
> + BPF_ALU64_IMM(BPF_SUB, BPF_REG_1, 1),
> + BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, -3),
> + BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
> + BPF_EXIT_INSN(),
> + },
> + .result = ACCEPT,
> + .prog_type = BPF_PROG_TYPE_XDP,
> + .retval = 55,
> +},
> --
> 2.20.0
>
