Skip to content

Commit 6de0b4f

Browse files
harishankarvKernel Patches Daemon
harishankarv
authored and
Kernel Patches Daemon
committed
selftests/bpf: Add testcases for BPF_ADD and BPF_SUB
The previous commit improves the precision in scalar(32)_min_max_add, and scalar(32)_min_max_sub. The improvement in precision occurs in cases when all outcomes overflow or underflow, respectively. This commit adds selftests that exercise those cases. This commit also adds selftests for cases where the output register state bounds for u(32)_min/u(32)_max are conservatively set to unbounded (when there is partial overflow or underflow). Signed-off-by: Harishankar Vishwanathan <[email protected]> Co-developed-by: Matan Shachnai <[email protected]> Signed-off-by: Matan Shachnai <[email protected]> Suggested-by: Eduard Zingerman <[email protected]>
1 parent 13e5019 commit 6de0b4f

File tree

1 file changed

+161
-0
lines changed

1 file changed

+161
-0
lines changed

tools/testing/selftests/bpf/progs/verifier_bounds.c

Lines changed: 161 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1371,4 +1371,165 @@ __naked void mult_sign_ovf(void)
13711371
__imm(bpf_skb_store_bytes)
13721372
: __clobber_all);
13731373
}
1374+
1375+
SEC("socket")
1376+
__description("64-bit addition, all outcomes overflow")
1377+
__success __log_level(2)
1378+
__msg("5: (0f) r3 += r3 {{.*}} R3_w=scalar(umin=0x4000000000000000,umax=0xfffffffffffffffe)")
1379+
__retval(0)
1380+
__naked void add64_full_overflow(void)
1381+
{
1382+
asm volatile (
1383+
"r4 = 0;"
1384+
"r4 = -r4;"
1385+
"r3 = 0xa000000000000000 ll;"
1386+
"r3 |= r4;"
1387+
"r3 += r3;"
1388+
"r0 = 0;"
1389+
"exit"
1390+
:
1391+
:
1392+
: __clobber_all);
1393+
}
1394+
1395+
SEC("socket")
1396+
__description("64-bit addition, partial overflow, result in unbounded reg")
1397+
__success __log_level(2)
1398+
__msg("4: (0f) r3 += r3 {{.*}} R3_w=scalar()")
1399+
__retval(0)
1400+
__naked void add64_partial_overflow(void)
1401+
{
1402+
asm volatile (
1403+
"r4 = 0;"
1404+
"r4 = -r4;"
1405+
"r3 = 2;"
1406+
"r3 |= r4;"
1407+
"r3 += r3;"
1408+
"r0 = 0;"
1409+
"exit"
1410+
:
1411+
:
1412+
: __clobber_all);
1413+
}
1414+
1415+
SEC("socket")
1416+
__description("32-bit addition overflow, all outcomes overflow")
1417+
__success __log_level(2)
1418+
__msg("4: (0c) w3 += w3 {{.*}} R3_w=scalar(smin=umin=umin32=0x40000000,smax=umax=umax32=0xfffffffe,var_off=(0x0; 0xffffffff))")
1419+
__retval(0)
1420+
__naked void add32_full_overflow(void)
1421+
{
1422+
asm volatile (
1423+
"w4 = 0;"
1424+
"w4 = -w4;"
1425+
"w3 = 0xa0000000;"
1426+
"w3 |= w4;"
1427+
"w3 += w3;"
1428+
"r0 = 0;"
1429+
"exit"
1430+
:
1431+
:
1432+
: __clobber_all);
1433+
}
1434+
1435+
SEC("socket")
1436+
__description("32-bit addition, partial overflow, result in unbounded u32 bounds")
1437+
__success __log_level(2)
1438+
__msg("4: (0c) w3 += w3 {{.*}} R3_w=scalar(smin=0,smax=umax=0xffffffff,var_off=(0x0; 0xffffffff))")
1439+
__retval(0)
1440+
__naked void add32_partial_overflow(void)
1441+
{
1442+
asm volatile (
1443+
"w4 = 0;"
1444+
"w4 = -w4;"
1445+
"w3 = 2;"
1446+
"w3 |= w4;"
1447+
"w3 += w3;"
1448+
"r0 = 0;"
1449+
"exit"
1450+
:
1451+
:
1452+
: __clobber_all);
1453+
}
1454+
1455+
SEC("socket")
1456+
__description("64-bit subtraction, all outcomes underflow")
1457+
__success __log_level(2)
1458+
__msg("6: (1f) r3 -= r1 {{.*}} R3_w=scalar(umin=1,umax=0x8000000000000000)")
1459+
__retval(0)
1460+
__naked void sub64_full_overflow(void)
1461+
{
1462+
asm volatile (
1463+
"r1 = 0;"
1464+
"r1 = -r1;"
1465+
"r2 = 0x8000000000000000 ll;"
1466+
"r1 |= r2;"
1467+
"r3 = 0;"
1468+
"r3 -= r1;"
1469+
"r0 = 0;"
1470+
"exit"
1471+
:
1472+
:
1473+
: __clobber_all);
1474+
}
1475+
1476+
SEC("socket")
1477+
__description("64-bit subtration, partial overflow, result in unbounded reg")
1478+
__success __log_level(2)
1479+
__msg("3: (1f) r3 -= r2 {{.*}} R3_w=scalar()")
1480+
__retval(0)
1481+
__naked void sub64_partial_overflow(void)
1482+
{
1483+
asm volatile (
1484+
"r3 = 0;"
1485+
"r3 = -r3;"
1486+
"r2 = 1;"
1487+
"r3 -= r2;"
1488+
"r0 = 0;"
1489+
"exit"
1490+
:
1491+
:
1492+
: __clobber_all);
1493+
}
1494+
1495+
SEC("socket")
1496+
__description("32-bit subtraction overflow, all outcomes underflow")
1497+
__success __log_level(2)
1498+
__msg("5: (1c) w3 -= w1 {{.*}} R3_w=scalar(smin=umin=umin32=1,smax=umax=umax32=0x80000000,var_off=(0x0; 0xffffffff))")
1499+
__retval(0)
1500+
__naked void sub32_full_overflow(void)
1501+
{
1502+
asm volatile (
1503+
"w1 = 0;"
1504+
"w1 = -w1;"
1505+
"w2 = 0x80000000;"
1506+
"w1 |= w2;"
1507+
"w3 = 0;"
1508+
"w3 -= w1;"
1509+
"r0 = 0;"
1510+
"exit"
1511+
:
1512+
:
1513+
: __clobber_all);
1514+
}
1515+
1516+
SEC("socket")
1517+
__description("32-bit subtration, partial overflow, result in unbounded u32 bounds")
1518+
__success __log_level(2)
1519+
__msg("3: (1c) w3 -= w2 {{.*}} R3_w=scalar(smin=0,smax=umax=0xffffffff,var_off=(0x0; 0xffffffff))")
1520+
__retval(0)
1521+
__naked void sub32_partial_overflow(void)
1522+
{
1523+
asm volatile (
1524+
"w3 = 0;"
1525+
"w3 = -w3;"
1526+
"w2 = 1;"
1527+
"w3 -= w2;"
1528+
"r0 = 0;"
1529+
"exit"
1530+
:
1531+
:
1532+
: __clobber_all);
1533+
}
1534+
13741535
char _license[] SEC("license") = "GPL";

0 commit comments

Comments
 (0)