Recently Luiz Capitulino reported BPF test failure for kernel version 6.1.36 (see [7]). The following test_verifier test failed: "precise: ST insn causing spi > allocated_stack". After back-port of the following upstream commit: ecdf985d7615 ("bpf: track immediate values written to stack by BPF_ST instruction")
Investigation in [8] shows that test failure is not a bug, but a difference in BPF verifier behavior between upstream, where commits [1,2,3] by Andrii Nakryiko are present, and 6.1.36, where these commits are absent. Both Luiz and Greg suggested back-porting [1,2,3] from upstream to avoid divergences.
Commits [1,2,3] break test_progs selftest "align/packet variable offset", commit [4] fixes this selftest.
I did some additional testing using the following compiler versions: - Kernel compilation - gcc version 11.3.0 - BPF tests compilation - clang version 16.0.6 - clang version 17.0.0 (fa46feb31481)
And identified a few more failing BPF selftests: - Tests failing with LLVM 16: - test_verifier: - precise: ST insn causing spi > allocated_stack FAIL (fixed by [1,2,3]) - test_progs: - sk_assign (fixed by [6]) - Tests failing with LLVM 17: - test_verifier: - precise: ST insn causing spi > allocated_stack FAIL (fixed by [1,2,3]) - test_progs: - fexit_bpf2bpf/func_replace_verify (fixed by [5]) - fexit_bpf2bpf/func_replace_return_code (fixed by [5]) - sk_assign (fixed by [6])
Commits [4,5,6] only apply to BPF selftests and don't change verifier behavior.
After applying all of the listed commits I have test_verifier, test_progs, test_progs-no_alu32 and test_maps passing on my x86 setup, both for LLVM 16 and LLVM 17.
Upstream commits in chronological order: [1] be2ef8161572 ("bpf: allow precision tracking for programs with subprogs") [2] f63181b6ae79 ("bpf: stop setting precise in current state") [3] 7a830b53c17b ("bpf: aggressively forget precise markings during state checkpointing") [4] 4f999b767769 ("selftests/bpf: make test_align selftest more robust") [5] 63d78b7e8ca2 ("selftests/bpf: Workaround verification failure for fexit_bpf2bpf/func_replace_return_code") [6] 7ce878ca81bc ("selftests/bpf: Fix sk_assign on s390x")
Links: [7] https://lore.kernel.org/stable/935c4751-d368-df29-33a6-9f4fcae720fa@amazon.c... [8] https://lore.kernel.org/stable/c9b10a8a551edafdfec855fbd35757c6238ad258.came...
Changelog: V1 -> V2: added missing signed-off-by tags V1: https://lore.kernel.org/stable/20230722004514.767618-1-eddyz87@gmail.com/
Reported-by: Luiz Capitulino luizcap@amazon.com
Andrii Nakryiko (4): bpf: allow precision tracking for programs with subprogs bpf: stop setting precise in current state bpf: aggressively forget precise markings during state checkpointing selftests/bpf: make test_align selftest more robust
Ilya Leoshkevich (1): selftests/bpf: Fix sk_assign on s390x
Yonghong Song (1): selftests/bpf: Workaround verification failure for fexit_bpf2bpf/func_replace_return_code
kernel/bpf/verifier.c | 202 ++++++++++++++++-- .../testing/selftests/bpf/prog_tests/align.c | 38 ++-- .../selftests/bpf/prog_tests/sk_assign.c | 25 ++- .../selftests/bpf/progs/connect4_prog.c | 2 +- .../selftests/bpf/progs/test_sk_assign.c | 11 + .../bpf/progs/test_sk_assign_libbpf.c | 3 + 6 files changed, 247 insertions(+), 34 deletions(-) create mode 100644 tools/testing/selftests/bpf/progs/test_sk_assign_libbpf.c