lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 12 Nov 2023 22:27:53 -0500
From:   Yonghong Song <yonghong.song@...ux.dev>
To:     Stanislav Fomichev <sdf@...gle.com>,
        Puranjay Mohan <puranjay12@...il.com>
Cc:     Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Andrii Nakryiko <andrii@...nel.org>,
        Martin KaFai Lau <martin.lau@...ux.dev>,
        Song Liu <song@...nel.org>,
        John Fastabend <john.fastabend@...il.com>,
        KP Singh <kpsingh@...nel.org>, Hao Luo <haoluo@...gle.com>,
        Jiri Olsa <jolsa@...nel.org>,
        "open list:BPF [GENERAL] (Safe Dynamic Programs and Tools)" 
        <bpf@...r.kernel.org>, open list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH bpf] bpf/tests: Remove test for MOVSX32 with offset=32


On 11/12/23 11:14 AM, Stanislav Fomichev wrote:
> On 11/10, Puranjay Mohan wrote:
>> MOVSX32 only supports sign extending 8-bit and 16-bit operands into 32
>> bit operands. The "ALU_MOVSX | BPF_W" test tries to sign extend a 32 bit
>> operand into a 32 bit operand which is equivalent to a normal BPF_MOV.
>>
>> Remove this test as it tries to run an invalid instruction.
>>
>> Fixes: daabb2b098e0 ("bpf/tests: add tests for cpuv4 instructions")
>> Signed-off-by: Puranjay Mohan <puranjay12@...il.com>
>> Reported-by: kernel test robot <oliver.sang@...el.com>
>> Closes: https://lore.kernel.org/oe-lkp/202310111838.46ff5b6a-oliver.sang@intel.com
> Acked-by: Stanislav Fomichev <sdf@...gle.com>
>
> (based on the fact that emit_movsx_reg doesn't handle 32 bit case under !is64)

The test failure signature is:
   #83 ALU_MOVSX | BPF_W jited:1 ret 2 != 1 (0x2 != 0x1)FAIL (1 times)

If the asm code went though verifier, we should get a verification failure.
But in test_bpf.ko case, the asm code is directly jited (see jited:1 above),
so there is no verification failure.

The current jit does not do error handling and assumes asm code are all legal,
so for !is64 case, the size = 32 asm code is silently ignored for x86 side
and caused the error. But the test is introduced by arm64 and the test passed
for arm64.

Not sure how we could prevent such issues. To handle *all* illegal insns in jit
definitely not a good idea. In any case, the change for this patch looks good.

Acked-by: Yonghong Song <yonghong.song@...ux.dev>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ