On Tue, Jun 6, 2023 at 2:43 PM Maxim Mikityanskiy <maxtram95@xxxxxxxxx> wrote:
>
> From: Maxim Mikityanskiy <maxim@xxxxxxxxxxxxx>
>
> The previous commit fixed a verifier bypass by ensuring that ID is not
> preserved on narrowing spills. Add the test cases to check the
> problematic patterns.
>
> Signed-off-by: Maxim Mikityanskiy <maxim@xxxxxxxxxxxxx>
> ---
> .../selftests/bpf/progs/verifier_spill_fill.c | 198 ++++++++++++++++++
> 1 file changed, 198 insertions(+)
>
> diff --git a/tools/testing/selftests/bpf/progs/verifier_spill_fill.c b/tools/testing/selftests/bpf/progs/verifier_spill_fill.c
> index 136e5530b72c..999677acc8ae 100644
> --- a/tools/testing/selftests/bpf/progs/verifier_spill_fill.c
> +++ b/tools/testing/selftests/bpf/progs/verifier_spill_fill.c
> @@ -371,4 +371,202 @@ __naked void and_then_at_fp_8(void)
> " ::: __clobber_all);
> }
>
> +SEC("xdp")
> +__description("32-bit spill of 64-bit reg should clear ID")
> +__failure __msg("math between ctx pointer and 4294967295 is not allowed")
> +__naked void spill_32bit_of_64bit_fail(void)
It's an overkill to test all possible combinations.
32_of_64 and 16_of_32 would be enough.
