On Thu, 2021-08-12 at 16:05 +0200, Ilya Leoshkevich wrote:
> Prevent regressions related to zero-extension metadata handling during
> dead code sanitization.
>
> Signed-off-by: Ilya Leoshkevich <iii@xxxxxxxxxxxxx>
> ---
> tools/testing/selftests/bpf/verifier/dead_code.c | 13 +++++++++++++
> 1 file changed, 13 insertions(+)
>
> diff --git a/tools/testing/selftests/bpf/verifier/dead_code.c
> b/tools/testing/selftests/bpf/verifier/dead_code.c
> index 2c8935b3e65d..c642138b7fc2 100644
> --- a/tools/testing/selftests/bpf/verifier/dead_code.c
> +++ b/tools/testing/selftests/bpf/verifier/dead_code.c
> @@ -159,3 +159,16 @@
> .result = ACCEPT,
> .retval = 2,
> },
> +{
> + "dead code: zero extension",
> + .insns = {
> + BPF_MOV64_IMM(BPF_REG_0, 0),
> + BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 1),
> + BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_10, 0),
> + BPF_EXIT_INSN(),
> + },
> + .errstr_unpriv = "invalid read from stack R10 off=0 size=4",
> + .result_unpriv = REJECT,
> + .result = ACCEPT,
> + .retval = 0,
> +},
Please disregard this patch: the test does not fail in absence of the
fix. What rather fails is:
BPF_MOV64_IMM(BPF_REG_0, 0),
BPF_STX_MEM(BPF_W, BPF_REG_10, BPF_REG_0, -4),
BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 1),
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_10, -4),
BPF_EXIT_INSN(),
The difference is that here the dead ldx_w is actually safe. I will
send a v3 shortly (I also realized I forgot to tag this series with
v2).
