On Tue, Jun 6, 2023 at 2:43 PM Maxim Mikityanskiy maxtram95@gmail.com wrote:
From: Maxim Mikityanskiy maxim@isovalent.com
The previous commit fixed a verifier bypass by ensuring that ID is not preserved on narrowing spills. Add the test cases to check the problematic patterns.
Signed-off-by: Maxim Mikityanskiy maxim@isovalent.com
.../selftests/bpf/progs/verifier_spill_fill.c | 198 ++++++++++++++++++ 1 file changed, 198 insertions(+)
diff --git a/tools/testing/selftests/bpf/progs/verifier_spill_fill.c b/tools/testing/selftests/bpf/progs/verifier_spill_fill.c index 136e5530b72c..999677acc8ae 100644 --- a/tools/testing/selftests/bpf/progs/verifier_spill_fill.c +++ b/tools/testing/selftests/bpf/progs/verifier_spill_fill.c @@ -371,4 +371,202 @@ __naked void and_then_at_fp_8(void) " ::: __clobber_all); }
+SEC("xdp") +__description("32-bit spill of 64-bit reg should clear ID") +__failure __msg("math between ctx pointer and 4294967295 is not allowed") +__naked void spill_32bit_of_64bit_fail(void)
It's an overkill to test all possible combinations. 32_of_64 and 16_of_32 would be enough.