Add a test case to ensure that 32-bit bounds can be learned from 64-bit
bounds when performing 64-bit ALU operations.
Make use of dead code elimination, so that we can see the verifier
bailing out on unmodified kernels.
Before:
./test_verifier 165
#165/p 32-bit bounds update in ALU64 FAIL
Failed to load prog 'Permission denied'!
R2 !read_ok
verification time 49 usec
stack depth 0
processed 8 insns (limit 1000000) max_states_per_insn 0 total_states
0 peak_states 0 mark_read 0
Summary: 0 PASSED, 1 SKIPPED, 1 FAILED
After:
./test_verifier 165
#165/p 32-bit bounds update in ALU64 OK
Summary: 1 PASSED, 1 SKIPPED, 0 FAILED
Signed-off-by: Youlin Li <liulin063@xxxxxxxxx>
---
tools/testing/selftests/bpf/verifier/bounds.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/tools/testing/selftests/bpf/verifier/bounds.c b/tools/testing/selftests/bpf/verifier/bounds.c
index 33125d5f6772..b9aee2f2c66e 100644
--- a/tools/testing/selftests/bpf/verifier/bounds.c
+++ b/tools/testing/selftests/bpf/verifier/bounds.c
@@ -753,3 +753,20 @@
.result_unpriv = REJECT,
.result = ACCEPT,
},
+{
+ "32-bit bounds update in ALU64",
+ .insns = {
+ BPF_MOV64_IMM(BPF_REG_0, 0),
+ BPF_MOV64_IMM(BPF_REG_1, 0),
+ BPF_ALU64_IMM(BPF_NEG, BPF_REG_1, 0),
+ BPF_ALU64_IMM(BPF_NEG, BPF_REG_1, 0),
+ BPF_ALU64_IMM(BPF_ARSH, BPF_REG_1, 63),
+ BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 2),
+ BPF_JMP32_IMM(BPF_JGE, BPF_REG_1, 1, 1),
+ BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
+ BPF_JMP32_IMM(BPF_JLE, BPF_REG_1, 2, 1),
+ BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
+ BPF_EXIT_INSN()
+ },
+ .result = ACCEPT,
+},
--
2.25.1
