Hi,
On Tue, Aug 23, 2022 at 10:23:14AM +0200, Greg Kroah-Hartman wrote:
> From: Ovidiu Panait <ovidiu.panait@xxxxxxxxxxxxx>
>
> From: Stanislav Fomichev <sdf@xxxxxxxxxx>
>
> commit 5366d2269139ba8eb6a906d73a0819947e3e4e0a upstream.
>
> Commit 294f2fc6da27 ("bpf: Verifer, adjust_scalar_min_max_vals to always
> call update_reg_bounds()") changed the way verifier logs some of its state,
> adjust the test_align accordingly. Where possible, I tried to not copy-paste
> the entire log line and resorted to dropping the last closing brace instead.
>
> Fixes: 294f2fc6da27 ("bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()")
> Signed-off-by: Stanislav Fomichev <sdf@xxxxxxxxxx>
> Signed-off-by: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
> Link: https://lore.kernel.org/bpf/20200515194904.229296-1-sdf@xxxxxxxxxx
> [OP: adjust for 4.19 selftests]
> Signed-off-by: Ovidiu Panait <ovidiu.panait@xxxxxxxxxxxxx>
> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
I believe this one shouldn't be applied as-is either, only partially. See
https://lore.kernel.org/stable/20220824144327.277365-1-jean-philippe@xxxxxxxxxx/
Ovidiu, do you want to resend this one with only the fixes for "bpf:
Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()"?
Thanks,
Jean
> ---
> tools/testing/selftests/bpf/test_align.c | 41 +++++++++++++++----------------
> 1 file changed, 21 insertions(+), 20 deletions(-)
>
> --- a/tools/testing/selftests/bpf/test_align.c
> +++ b/tools/testing/selftests/bpf/test_align.c
> @@ -359,15 +359,15 @@ static struct bpf_align_test tests[] = {
> * is still (4n), fixed offset is not changed.
> * Also, we create a new reg->id.
> */
> - {29, "R5_w=pkt(id=4,off=18,r=0,umax_value=2040,var_off=(0x0; 0x7fc))"},
> + {29, "R5_w=pkt(id=4,off=18,r=0,umax_value=2040,var_off=(0x0; 0x7fc)"},
> /* At the time the word size load is performed from R5,
> * its total fixed offset is NET_IP_ALIGN + reg->off (18)
> * which is 20. Then the variable offset is (4n), so
> * the total offset is 4-byte aligned and meets the
> * load's requirements.
> */
> - {33, "R4=pkt(id=4,off=22,r=22,umax_value=2040,var_off=(0x0; 0x7fc))"},
> - {33, "R5=pkt(id=4,off=18,r=22,umax_value=2040,var_off=(0x0; 0x7fc))"},
> + {33, "R4=pkt(id=4,off=22,r=22,umax_value=2040,var_off=(0x0; 0x7fc)"},
> + {33, "R5=pkt(id=4,off=18,r=22,umax_value=2040,var_off=(0x0; 0x7fc)"},
> },
> },
> {
> @@ -410,15 +410,15 @@ static struct bpf_align_test tests[] = {
> /* Adding 14 makes R6 be (4n+2) */
> {9, "R6_w=inv(id=0,umin_value=14,umax_value=1034,var_off=(0x2; 0x7fc))"},
> /* Packet pointer has (4n+2) offset */
> - {11, "R5_w=pkt(id=1,off=0,r=0,umin_value=14,umax_value=1034,var_off=(0x2; 0x7fc))"},
> - {13, "R4=pkt(id=1,off=4,r=0,umin_value=14,umax_value=1034,var_off=(0x2; 0x7fc))"},
> + {11, "R5_w=pkt(id=1,off=0,r=0,umin_value=14,umax_value=1034,var_off=(0x2; 0x7fc)"},
> + {13, "R4=pkt(id=1,off=4,r=0,umin_value=14,umax_value=1034,var_off=(0x2; 0x7fc)"},
> /* At the time the word size load is performed from R5,
> * its total fixed offset is NET_IP_ALIGN + reg->off (0)
> * which is 2. Then the variable offset is (4n+2), so
> * the total offset is 4-byte aligned and meets the
> * load's requirements.
> */
> - {15, "R5=pkt(id=1,off=0,r=4,umin_value=14,umax_value=1034,var_off=(0x2; 0x7fc))"},
> + {15, "R5=pkt(id=1,off=0,r=4,umin_value=14,umax_value=1034,var_off=(0x2; 0x7fc)"},
> /* Newly read value in R6 was shifted left by 2, so has
> * known alignment of 4.
> */
> @@ -426,15 +426,15 @@ static struct bpf_align_test tests[] = {
> /* Added (4n) to packet pointer's (4n+2) var_off, giving
> * another (4n+2).
> */
> - {19, "R5_w=pkt(id=2,off=0,r=0,umin_value=14,umax_value=2054,var_off=(0x2; 0xffc))"},
> - {21, "R4=pkt(id=2,off=4,r=0,umin_value=14,umax_value=2054,var_off=(0x2; 0xffc))"},
> + {19, "R5_w=pkt(id=2,off=0,r=0,umin_value=14,umax_value=2054,var_off=(0x2; 0xffc)"},
> + {21, "R4=pkt(id=2,off=4,r=0,umin_value=14,umax_value=2054,var_off=(0x2; 0xffc)"},
> /* At the time the word size load is performed from R5,
> * its total fixed offset is NET_IP_ALIGN + reg->off (0)
> * which is 2. Then the variable offset is (4n+2), so
> * the total offset is 4-byte aligned and meets the
> * load's requirements.
> */
> - {23, "R5=pkt(id=2,off=0,r=4,umin_value=14,umax_value=2054,var_off=(0x2; 0xffc))"},
> + {23, "R5=pkt(id=2,off=0,r=4,umin_value=14,umax_value=2054,var_off=(0x2; 0xffc)"},
> },
> },
> {
> @@ -469,16 +469,16 @@ static struct bpf_align_test tests[] = {
> .matches = {
> {4, "R5_w=pkt_end(id=0,off=0,imm=0)"},
> /* (ptr - ptr) << 2 == unknown, (4n) */
> - {6, "R5_w=inv(id=0,smax_value=9223372036854775804,umax_value=18446744073709551612,var_off=(0x0; 0xfffffffffffffffc))"},
> + {6, "R5_w=inv(id=0,smax_value=9223372036854775804,umax_value=18446744073709551612,var_off=(0x0; 0xfffffffffffffffc)"},
> /* (4n) + 14 == (4n+2). We blow our bounds, because
> * the add could overflow.
> */
> - {7, "R5=inv(id=0,var_off=(0x2; 0xfffffffffffffffc))"},
> + {7, "R5=inv(id=0,smin_value=-9223372036854775806,smax_value=9223372036854775806,umin_value=2,umax_value=18446744073709551614,var_off=(0x2; 0xfffffffffffffffc)"},
> /* Checked s>=0 */
> - {9, "R5=inv(id=0,umin_value=2,umax_value=9223372036854775806,var_off=(0x2; 0x7ffffffffffffffc))"},
> + {9, "R5=inv(id=0,umin_value=2,umax_value=9223372034707292158,var_off=(0x2; 0x7fffffff7ffffffc)"},
> /* packet pointer + nonnegative (4n+2) */
> - {11, "R6_w=pkt(id=1,off=0,r=0,umin_value=2,umax_value=9223372036854775806,var_off=(0x2; 0x7ffffffffffffffc))"},
> - {13, "R4=pkt(id=1,off=4,r=0,umin_value=2,umax_value=9223372036854775806,var_off=(0x2; 0x7ffffffffffffffc))"},
> + {11, "R6_w=pkt(id=1,off=0,r=0,umin_value=2,umax_value=9223372034707292158,var_off=(0x2; 0x7fffffff7ffffffc)"},
> + {13, "R4=pkt(id=1,off=4,r=0,umin_value=2,umax_value=9223372034707292158,var_off=(0x2; 0x7fffffff7ffffffc)"},
> /* NET_IP_ALIGN + (4n+2) == (4n), alignment is fine.
> * We checked the bounds, but it might have been able
> * to overflow if the packet pointer started in the
> @@ -486,7 +486,7 @@ static struct bpf_align_test tests[] = {
> * So we did not get a 'range' on R6, and the access
> * attempt will fail.
> */
> - {15, "R6=pkt(id=1,off=0,r=0,umin_value=2,umax_value=9223372036854775806,var_off=(0x2; 0x7ffffffffffffffc))"},
> + {15, "R6=pkt(id=1,off=0,r=0,umin_value=2,umax_value=9223372034707292158,var_off=(0x2; 0x7fffffff7ffffffc)"},
> }
> },
> {
> @@ -528,7 +528,7 @@ static struct bpf_align_test tests[] = {
> /* New unknown value in R7 is (4n) */
> {11, "R7_w=inv(id=0,umax_value=1020,var_off=(0x0; 0x3fc))"},
> /* Subtracting it from R6 blows our unsigned bounds */
> - {12, "R6=inv(id=0,smin_value=-1006,smax_value=1034,var_off=(0x2; 0xfffffffffffffffc))"},
> + {12, "R6=inv(id=0,smin_value=-1006,smax_value=1034,umin_value=2,umax_value=18446744073709551614,var_off=(0x2; 0xfffffffffffffffc)"},
> /* Checked s>= 0 */
> {14, "R6=inv(id=0,umin_value=2,umax_value=1034,var_off=(0x2; 0x7fc))"},
> /* At the time the word size load is performed from R5,
> @@ -537,7 +537,8 @@ static struct bpf_align_test tests[] = {
> * the total offset is 4-byte aligned and meets the
> * load's requirements.
> */
> - {20, "R5=pkt(id=1,off=0,r=4,umin_value=2,umax_value=1034,var_off=(0x2; 0x7fc))"},
> + {20, "R5=pkt(id=1,off=0,r=4,umin_value=2,umax_value=1034,var_off=(0x2; 0x7fc)"},
> +
> },
> },
> {
> @@ -579,18 +580,18 @@ static struct bpf_align_test tests[] = {
> /* Adding 14 makes R6 be (4n+2) */
> {11, "R6_w=inv(id=0,umin_value=14,umax_value=74,var_off=(0x2; 0x7c))"},
> /* Subtracting from packet pointer overflows ubounds */
> - {13, "R5_w=pkt(id=1,off=0,r=8,umin_value=18446744073709551542,umax_value=18446744073709551602,var_off=(0xffffffffffffff82; 0x7c))"},
> + {13, "R5_w=pkt(id=1,off=0,r=8,umin_value=18446744073709551542,umax_value=18446744073709551602,var_off=(0xffffffffffffff82; 0x7c)"},
> /* New unknown value in R7 is (4n), >= 76 */
> {15, "R7_w=inv(id=0,umin_value=76,umax_value=1096,var_off=(0x0; 0x7fc))"},
> /* Adding it to packet pointer gives nice bounds again */
> - {16, "R5_w=pkt(id=2,off=0,r=0,umin_value=2,umax_value=1082,var_off=(0x2; 0x7fc))"},
> + {16, "R5_w=pkt(id=2,off=0,r=0,umin_value=2,umax_value=1082,var_off=(0x2; 0xfffffffc)"},
> /* At the time the word size load is performed from R5,
> * its total fixed offset is NET_IP_ALIGN + reg->off (0)
> * which is 2. Then the variable offset is (4n+2), so
> * the total offset is 4-byte aligned and meets the
> * load's requirements.
> */
> - {20, "R5=pkt(id=2,off=0,r=4,umin_value=2,umax_value=1082,var_off=(0x2; 0x7fc))"},
> + {20, "R5=pkt(id=2,off=0,r=4,umin_value=2,umax_value=1082,var_off=(0x2; 0xfffffffc)"},
> },
> },
> };
>
>
>
