Patch "selftests/bpf: test widening for iterating callbacks" has been added to the 6.6-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Fri, 26 Jan 2024 17:17:12 -0800

This is a note to let you know that I've just added the patch titled

    selftests/bpf: test widening for iterating callbacks

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     selftests-bpf-test-widening-for-iterating-callbacks.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 9f3330aa644d6d979eb064c46e85c62d4b4eac75 Mon Sep 17 00:00:00 2001
From: Eduard Zingerman <eddyz87@xxxxxxxxx>
Date: Tue, 21 Nov 2023 04:06:59 +0200
Subject: selftests/bpf: test widening for iterating callbacks

From: Eduard Zingerman <eddyz87@xxxxxxxxx>

commit 9f3330aa644d6d979eb064c46e85c62d4b4eac75 upstream.

A test case to verify that imprecise scalars widening is applied to
callback entering state, when callback call is simulated repeatedly.

Signed-off-by: Eduard Zingerman <eddyz87@xxxxxxxxx>
Link: https://lore.kernel.org/r/20231121020701.26440-10-eddyz87@xxxxxxxxx
Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 tools/testing/selftests/bpf/progs/verifier_iterating_callbacks.c |   20 ++++++++++
 1 file changed, 20 insertions(+)

--- a/tools/testing/selftests/bpf/progs/verifier_iterating_callbacks.c
+++ b/tools/testing/selftests/bpf/progs/verifier_iterating_callbacks.c
@@ -25,6 +25,7 @@ struct buf_context {
 
 struct num_context {
 	__u64 i;
+	__u64 j;
 };
 
 __u8 choice_arr[2] = { 0, 1 };
@@ -69,6 +70,25 @@ int unsafe_on_zero_iter(void *unused)
 	return choice_arr[loop_ctx.i];
 }
 
+static int widening_cb(__u32 idx, struct num_context *ctx)
+{
+	++ctx->i;
+	return 0;
+}
+
+SEC("?raw_tp")
+__success
+int widening(void *unused)
+{
+	struct num_context loop_ctx = { .i = 0, .j = 1 };
+
+	bpf_loop(100, widening_cb, &loop_ctx, 0);
+	/* loop_ctx.j is not changed during callback iteration,
+	 * verifier should not apply widening to it.
+	 */
+	return choice_arr[loop_ctx.j];
+}
+
 static int loop_detection_cb(__u32 idx, struct num_context *ctx)
 {
 	for (;;) {}


Patches currently in stable-queue which might be from eddyz87@xxxxxxxxx are

queue-6.6/bpf-move-explored_state-closer-to-the-beginning-of-verifier.c.patch
queue-6.6/bpf-verify-callbacks-as-if-they-are-called-unknown-number-of-times.patch
queue-6.6/selftests-bpf-test-widening-for-iterating-callbacks.patch
queue-6.6/bpf-keep-track-of-max-number-of-bpf_loop-callback-iterations.patch
queue-6.6/bpf-extract-setup_func_entry-utility-function.patch
queue-6.6/selftests-bpf-tests-with-delayed-read-precision-makrs-in-loop-body.patch
queue-6.6/selftests-bpf-track-string-payload-offset-as-scalar-in-strobemeta.patch
queue-6.6/bpf-print-full-verifier-states-on-infinite-loop-detection.patch
queue-6.6/selftests-bpf-track-tcp-payload-offset-as-scalar-in-xdp_synproxy.patch
queue-6.6/bpf-extract-__check_reg_arg-utility-function.patch
queue-6.6/bpf-extract-same_callsites-as-utility-function.patch
queue-6.6/bpf-widening-for-callback-iterators.patch
queue-6.6/selftests-bpf-test-if-state-loops-are-detected-in-a-tricky-case.patch
queue-6.6/bpf-correct-loop-detection-for-iterators-convergence.patch
queue-6.6/selftests-bpf-tests-for-iterating-callbacks.patch
queue-6.6/bpf-exact-states-comparison-for-iterator-convergence-checks.patch
queue-6.6/selftests-bpf-check-if-max-number-of-bpf_loop-iterations-is-tracked.patch







