torvalds/linux
3
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-03-22 07:27:12 +08:00
Code Issues Packages Projects Releases Wiki Activity

selftests/bpf: Clobber a lot of registers in tailcall_bpf2bpf_hierarchy tests

Browse Source 
Clobbering a lot of registers and stack slots helps exposing tail call
counter overwrite bugs in JITs.

Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20250813121016.163375-5-iii@linux.ibm.com
This commit is contained in:
Ilya Leoshkevich
2025-08-13 14:06:31 +02:00
committed by Daniel Borkmann
parent bc3905a71f
commit 1274163035
5 changed files with 30 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
tools/testing/selftests/bpf/progs/bpf_test_utils.h Normal file
View File

@@ -0,0 +1,18 @@
/* SPDX-License-Identifier: GPL-2.0 */
#ifndef __BPF_TEST_UTILS_H__
#define __BPF_TEST_UTILS_H__
#include <bpf/bpf_helpers.h>
#include "bpf_misc.h"
/* Clobber as many native registers and stack slots as possible. */
static __always_inline void clobber_regs_stack(void)
{
char tmp_str[] = "123456789";
unsigned long tmp;
bpf_strtoul(tmp_str, sizeof(tmp_str), 0, &tmp);
__sink(tmp);
}
#endif

3
tools/testing/selftests/bpf/progs/tailcall_bpf2bpf_hierarchy1.c
View File

@@ -2,6 +2,7 @@
#include <linux/bpf.h>
#include <bpf/bpf_helpers.h>
#include "bpf_legacy.h"
#include "bpf_test_utils.h"
struct {
__uint(type, BPF_MAP_TYPE_PROG_ARRAY);
@@ -24,6 +25,8 @@ int entry(struct __sk_buff *skb)
{
int ret = 1;
clobber_regs_stack();
count++;
subprog_tail(skb);
subprog_tail(skb);

3
tools/testing/selftests/bpf/progs/tailcall_bpf2bpf_hierarchy2.c
View File

@@ -2,6 +2,7 @@
#include <linux/bpf.h>
#include <bpf/bpf_helpers.h>
#include "bpf_misc.h"
#include "bpf_test_utils.h"
int classifier_0(struct __sk_buff *skb);
int classifier_1(struct __sk_buff *skb);
@@ -60,6 +61,8 @@ int tailcall_bpf2bpf_hierarchy_2(struct __sk_buff *skb)
{
int ret = 0;
clobber_regs_stack();
subprog_tail0(skb);
subprog_tail1(skb);

3
tools/testing/selftests/bpf/progs/tailcall_bpf2bpf_hierarchy3.c
View File

@@ -2,6 +2,7 @@
#include <linux/bpf.h>
#include <bpf/bpf_helpers.h>
#include "bpf_misc.h"
#include "bpf_test_utils.h"
int classifier_0(struct __sk_buff *skb);
@@ -53,6 +54,8 @@ int tailcall_bpf2bpf_hierarchy_3(struct __sk_buff *skb)
{
int ret = 0;
clobber_regs_stack();
bpf_tail_call_static(skb, &jmp_table0, 0);
__sink(ret);

3
tools/testing/selftests/bpf/progs/tailcall_bpf2bpf_hierarchy_fentry.c
View File

@@ -4,6 +4,7 @@
#include "vmlinux.h"
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h>
#include "bpf_test_utils.h"
struct {
__uint(type, BPF_MAP_TYPE_PROG_ARRAY);
@@ -24,6 +25,8 @@ int subprog_tail(void *ctx)
SEC("fentry/dummy")
int BPF_PROG(fentry, struct sk_buff *skb)
{
clobber_regs_stack();
count++;
subprog_tail(ctx);
subprog_tail(ctx);