On Fri, 2024-12-13 at 22:27 +0100, Arthur Fabre wrote: > Test the bounds of r0 aren't known by the verifier in all three cases > where a callee can abnormally return. > > Signed-off-by: Arthur Fabre <afabre@xxxxxxxxxxxxxx> > --- Acked-by: Eduard Zingerman <eddyz87@xxxxxxxxx> [...] > +++ b/tools/testing/selftests/bpf/progs/verifier_abnormal_ret.c > @@ -0,0 +1,88 @@ > +// SPDX-License-Identifier: GPL-2.0 > + > +#include <linux/bpf.h> > +#include <bpf/bpf_helpers.h> > +#include "../../../include/linux/filter.h" > +#include "bpf_misc.h" > + > +#define TEST(NAME, CALLEE) \ > + SEC("socket") \ > + __description("abnormal_ret: " #NAME) \ > + __failure __msg("math between ctx pointer and register with unbounded min value") \ > + __naked void check_abnormal_ret_##NAME(void) \ > + { \ Nit: this one and 'callee_tail_call' could be plain C. > + asm volatile(" \ > + r6 = r1; \ > + call " #CALLEE "; \ > + r6 += r0; \ > + r0 = 0; \ > + exit; \ > + " : \ > + : \ > + : __clobber_all); \ > + } [...] > +static __naked __noinline __used > +int callee_tail_call(void) > +{ > + asm volatile(" \ > + r2 = %[map_prog] ll; \ > + r3 = 0; \ > + call %[bpf_tail_call]; \ > + r0 = 0; \ > + exit; \ > +" : > + : __imm(bpf_tail_call), __imm_addr(map_prog) > + : __clobber_all); > +} > + > +char _license[] SEC("license") = "GPL";