| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ede57ee2-a975-b98c-5978-102280a77d8c@fb.com>
Date: Wed, 28 Jul 2021 15:31:28 -0700
From: Yonghong Song <yhs@...com>
To: Johan Almbladh <johan.almbladh@...finetworks.com>,
<ast@...nel.org>, <daniel@...earbox.net>, <andrii@...nel.org>
CC: <kafai@...com>, <songliubraving@...com>,
<john.fastabend@...il.com>, <kpsingh@...nel.org>,
<Tony.Ambardar@...il.com>, <netdev@...r.kernel.org>,
<bpf@...r.kernel.org>
Subject: Re: [PATCH 01/14] bpf/tests: Add BPF_JMP32 test cases
On 7/28/21 10:04 AM, Johan Almbladh wrote:
> An eBPF JIT may implement JMP32 operations in a different way than JMP,
> especially on 32-bit architectures. This patch adds a series of tests
> for JMP32 operations, mainly for testing JITs.
>
> Signed-off-by: Johan Almbladh <johan.almbladh@...finetworks.com>
LGTM with a few minor comments below.
Acked-by: Yonghong Song <yhs@...com>
> ---
> lib/test_bpf.c | 511 +++++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 511 insertions(+)
>
> diff --git a/lib/test_bpf.c b/lib/test_bpf.c
> index f6d5d30d01bf..bfac033db590 100644
> --- a/lib/test_bpf.c
> +++ b/lib/test_bpf.c
> @@ -4398,6 +4398,517 @@ static struct bpf_test tests[] = {
> { { 0, 4134 } },
> .fill_helper = bpf_fill_stxdw,
> },
> + /* BPF_JMP32 | BPF_JEQ | BPF_K */
> + {
> + "JMP32_JEQ_K: Small immediate",
> + .u.insns_int = {
> + BPF_ALU32_IMM(BPF_MOV, R0, 123),
> + BPF_JMP32_IMM(BPF_JEQ, R0, 321, 1),
> + BPF_JMP32_IMM(BPF_JEQ, R0, 123, 1),
> + BPF_ALU32_IMM(BPF_MOV, R0, 0),
> + BPF_EXIT_INSN(),
> + },
> + INTERNAL,
> + { },
> + { { 0, 123 } }
> + },
[...]
> + /* BPF_JMP32 | BPF_JGT | BPF_X */
> + {
> + "JMP32_JGT_X",
> + .u.insns_int = {
> + BPF_ALU32_IMM(BPF_MOV, R0, 0xfffffffe),
> + BPF_ALU32_IMM(BPF_MOV, R1, 0xffffffff),
> + BPF_JMP32_REG(BPF_JGT, R0, R1, 1),
Maybe change the offset from 1 to 2? Otherwise, this may jump to
BPF_JMP32_REG(BPF_JGT, R0, R1, 1)
which will just do the same comparison and jump to BTT_EXIT_INSN()
which will also have R0 = 0xfffffffe at the end.
> + BPF_ALU32_IMM(BPF_MOV, R1, 0xfffffffd),
> + BPF_JMP32_REG(BPF_JGT, R0, R1, 1),
> + BPF_ALU32_IMM(BPF_MOV, R0, 0),
> + BPF_EXIT_INSN(),
> + },
> + INTERNAL,
> + { },
> + { { 0, 0xfffffffe } }
> + },
> + /* BPF_JMP32 | BPF_JGE | BPF_K */
> + {
> + "JMP32_JGE_K: Small immediate",
> + .u.insns_int = {
> + BPF_ALU32_IMM(BPF_MOV, R0, 123),
> + BPF_JMP32_IMM(BPF_JGE, R0, 124, 1),
> + BPF_JMP32_IMM(BPF_JGE, R0, 123, 1),
> + BPF_ALU32_IMM(BPF_MOV, R0, 0),
> + BPF_EXIT_INSN(),
> + },
> + INTERNAL,
> + { },
> + { { 0, 123 } }
> + },
> + {
> + "JMP32_JGE_K: Large immediate",
> + .u.insns_int = {
> + BPF_ALU32_IMM(BPF_MOV, R0, 0xfffffffe),
> + BPF_JMP32_IMM(BPF_JGE, R0, 0xffffffff, 1),
> + BPF_JMP32_IMM(BPF_JGE, R0, 0xfffffffe, 1),
> + BPF_ALU32_IMM(BPF_MOV, R0, 0),
> + BPF_EXIT_INSN(),
> + },
> + INTERNAL,
> + { },
> + { { 0, 0xfffffffe } }
> + },
> + /* BPF_JMP32 | BPF_JGE | BPF_X */
> + {
> + "JMP32_JGE_X",
> + .u.insns_int = {
> + BPF_ALU32_IMM(BPF_MOV, R0, 0xfffffffe),
> + BPF_ALU32_IMM(BPF_MOV, R1, 0xffffffff),
> + BPF_JMP32_REG(BPF_JGE, R0, R1, 1),
ditto, change offset 1 to 2?
> + BPF_ALU32_IMM(BPF_MOV, R1, 0xfffffffe),
> + BPF_JMP32_REG(BPF_JGE, R0, R1, 1),
> + BPF_ALU32_IMM(BPF_MOV, R0, 0),
> + BPF_EXIT_INSN(),
> + },
> + INTERNAL,
> + { },
> + { { 0, 0xfffffffe } }
> + },
> + /* BPF_JMP32 | BPF_JLT | BPF_K */
> + {
> + "JMP32_JLT_K: Small immediate",
> + .u.insns_int = {
> + BPF_ALU32_IMM(BPF_MOV, R0, 123),
> + BPF_JMP32_IMM(BPF_JLT, R0, 123, 1),
> + BPF_JMP32_IMM(BPF_JLT, R0, 124, 1),
> + BPF_ALU32_IMM(BPF_MOV, R0, 0),
> + BPF_EXIT_INSN(),
> + },
> + INTERNAL,
> + { },
> + { { 0, 123 } }
> + },
> + {
> + "JMP32_JLT_K: Large immediate",
> + .u.insns_int = {
> + BPF_ALU32_IMM(BPF_MOV, R0, 0xfffffffe),
> + BPF_JMP32_IMM(BPF_JLT, R0, 0xfffffffd, 1),
> + BPF_JMP32_IMM(BPF_JLT, R0, 0xffffffff, 1),
> + BPF_ALU32_IMM(BPF_MOV, R0, 0),
> + BPF_EXIT_INSN(),
> + },
> + INTERNAL,
> + { },
> + { { 0, 0xfffffffe } }
> + },
> + /* BPF_JMP32 | BPF_JLT | BPF_X */
> + {
> + "JMP32_JLT_X",
> + .u.insns_int = {
> + BPF_ALU32_IMM(BPF_MOV, R0, 0xfffffffe),
> + BPF_ALU32_IMM(BPF_MOV, R1, 0xfffffffd),
> + BPF_JMP32_REG(BPF_JLT, R0, R1, 1),
ditto.
> + BPF_ALU32_IMM(BPF_MOV, R1, 0xffffffff),
> + BPF_JMP32_REG(BPF_JLT, R0, R1, 1),
> + BPF_ALU32_IMM(BPF_MOV, R0, 0),
> + BPF_EXIT_INSN(),
> + },
> + INTERNAL,
> + { },
> + { { 0, 0xfffffffe } }
> + },
> + /* BPF_JMP32 | BPF_JLE | BPF_K */
> + {
> + "JMP32_JLE_K: Small immediate",
> + .u.insns_int = {
> + BPF_ALU32_IMM(BPF_MOV, R0, 123),
> + BPF_JMP32_IMM(BPF_JLE, R0, 122, 1),
> + BPF_JMP32_IMM(BPF_JLE, R0, 123, 1),
> + BPF_ALU32_IMM(BPF_MOV, R0, 0),
> + BPF_EXIT_INSN(),
> + },
> + INTERNAL,
> + { },
> + { { 0, 123 } }
> + },
> + {
> + "JMP32_JLE_K: Large immediate",
> + .u.insns_int = {
> + BPF_ALU32_IMM(BPF_MOV, R0, 0xfffffffe),
> + BPF_JMP32_IMM(BPF_JLE, R0, 0xfffffffd, 1),
> + BPF_JMP32_IMM(BPF_JLE, R0, 0xfffffffe, 1),
> + BPF_ALU32_IMM(BPF_MOV, R0, 0),
> + BPF_EXIT_INSN(),
> + },
> + INTERNAL,
> + { },
> + { { 0, 0xfffffffe } }
> + },
> + /* BPF_JMP32 | BPF_JLE | BPF_X */
> + {
> + "JMP32_JLE_X",
> + .u.insns_int = {
> + BPF_ALU32_IMM(BPF_MOV, R0, 0xfffffffe),
> + BPF_ALU32_IMM(BPF_MOV, R1, 0xfffffffd),
> + BPF_JMP32_REG(BPF_JLE, R0, R1, 1),
> + BPF_ALU32_IMM(BPF_MOV, R1, 0xfffffffe),
> + BPF_JMP32_REG(BPF_JLE, R0, R1, 1),
ditto
> + BPF_ALU32_IMM(BPF_MOV, R0, 0),
> + BPF_EXIT_INSN(),
> + },
> + INTERNAL,
> + { },
> + { { 0, 0xfffffffe } }
> + },
> + /* BPF_JMP32 | BPF_JSGT | BPF_K */
> + {
> + "JMP32_JSGT_K: Small immediate",
> + .u.insns_int = {
> + BPF_ALU32_IMM(BPF_MOV, R0, -123),
> + BPF_JMP32_IMM(BPF_JSGT, R0, -123, 1),
> + BPF_JMP32_IMM(BPF_JSGT, R0, -124, 1),
> + BPF_ALU32_IMM(BPF_MOV, R0, 0),
> + BPF_EXIT_INSN(),
> + },
> + INTERNAL,
> + { },
> + { { 0, -123 } }
> + },
> + {
> + "JMP32_JSGT_K: Large immediate",
> + .u.insns_int = {
> + BPF_ALU32_IMM(BPF_MOV, R0, -12345678),
> + BPF_JMP32_IMM(BPF_JSGT, R0, -12345678, 1),
> + BPF_JMP32_IMM(BPF_JSGT, R0, -12345679, 1),
> + BPF_ALU32_IMM(BPF_MOV, R0, 0),
> + BPF_EXIT_INSN(),
> + },
> + INTERNAL,
> + { },
> + { { 0, -12345678 } }
> + },
> + /* BPF_JMP32 | BPF_JSGT | BPF_X */
> + {
> + "JMP32_JSGT_X",
> + .u.insns_int = {
> + BPF_ALU32_IMM(BPF_MOV, R0, -12345678),
> + BPF_ALU32_IMM(BPF_MOV, R1, -12345678),
> + BPF_JMP32_REG(BPF_JSGT, R0, R1, 1),
ditto
> + BPF_ALU32_IMM(BPF_MOV, R1, -12345679),
> + BPF_JMP32_REG(BPF_JSGT, R0, R1, 1),
> + BPF_ALU32_IMM(BPF_MOV, R0, 0),
> + BPF_EXIT_INSN(),
> + },
> + INTERNAL,
> + { },
> + { { 0, -12345678 } }
> + },
> + /* BPF_JMP32 | BPF_JSGE | BPF_K */
> + {
> + "JMP32_JSGE_K: Small immediate",
> + .u.insns_int = {
> + BPF_ALU32_IMM(BPF_MOV, R0, -123),
> + BPF_JMP32_IMM(BPF_JSGE, R0, -122, 1),
> + BPF_JMP32_IMM(BPF_JSGE, R0, -123, 1),
> + BPF_ALU32_IMM(BPF_MOV, R0, 0),
> + BPF_EXIT_INSN(),
> + },
> + INTERNAL,
> + { },
> + { { 0, -123 } }
> + },
> + {
> + "JMP32_JSGE_K: Large immediate",
> + .u.insns_int = {
> + BPF_ALU32_IMM(BPF_MOV, R0, -12345678),
> + BPF_JMP32_IMM(BPF_JSGE, R0, -12345677, 1),
> + BPF_JMP32_IMM(BPF_JSGE, R0, -12345678, 1),
> + BPF_ALU32_IMM(BPF_MOV, R0, 0),
> + BPF_EXIT_INSN(),
> + },
> + INTERNAL,
> + { },
> + { { 0, -12345678 } }
> + },
> + /* BPF_JMP32 | BPF_JSGE | BPF_X */
> + {
> + "JMP32_JSGE_X",
> + .u.insns_int = {
> + BPF_ALU32_IMM(BPF_MOV, R0, -12345678),
> + BPF_ALU32_IMM(BPF_MOV, R1, -12345677),
> + BPF_JMP32_REG(BPF_JSGE, R0, R1, 1),
ditto
> + BPF_ALU32_IMM(BPF_MOV, R1, -12345678),
> + BPF_JMP32_REG(BPF_JSGE, R0, R1, 1),
> + BPF_ALU32_IMM(BPF_MOV, R0, 0),
> + BPF_EXIT_INSN(),
> + },
> + INTERNAL,
> + { },
> + { { 0, -12345678 } }
> + },
> + /* BPF_JMP32 | BPF_JSLT | BPF_K */
> + {
> + "JMP32_JSLT_K: Small immediate",
> + .u.insns_int = {
> + BPF_ALU32_IMM(BPF_MOV, R0, -123),
> + BPF_JMP32_IMM(BPF_JSLT, R0, -123, 1),
> + BPF_JMP32_IMM(BPF_JSLT, R0, -122, 1),
> + BPF_ALU32_IMM(BPF_MOV, R0, 0),
> + BPF_EXIT_INSN(),
> + },
> + INTERNAL,
> + { },
> + { { 0, -123 } }
> + },
> + {
> + "JMP32_JSLT_K: Large immediate",
> + .u.insns_int = {
> + BPF_ALU32_IMM(BPF_MOV, R0, -12345678),
> + BPF_JMP32_IMM(BPF_JSLT, R0, -12345678, 1),
> + BPF_JMP32_IMM(BPF_JSLT, R0, -12345677, 1),
> + BPF_ALU32_IMM(BPF_MOV, R0, 0),
> + BPF_EXIT_INSN(),
> + },
> + INTERNAL,
> + { },
> + { { 0, -12345678 } }
> + },
> + /* BPF_JMP32 | BPF_JSLT | BPF_X */
> + {
> + "JMP32_JSLT_X",
> + .u.insns_int = {
> + BPF_ALU32_IMM(BPF_MOV, R0, -12345678),
> + BPF_ALU32_IMM(BPF_MOV, R1, -12345678),
> + BPF_JMP32_REG(BPF_JSLT, R0, R1, 1),
ditto
> + BPF_ALU32_IMM(BPF_MOV, R1, -12345677),
> + BPF_JMP32_REG(BPF_JSLT, R0, R1, 1),
> + BPF_ALU32_IMM(BPF_MOV, R0, 0),
> + BPF_EXIT_INSN(),
> + },
> + INTERNAL,
> + { },
> + { { 0, -12345678 } }
> + },
> + /* BPF_JMP32 | BPF_JSLE | BPF_K */
> + {
> + "JMP32_JSLE_K: Small immediate",
> + .u.insns_int = {
> + BPF_ALU32_IMM(BPF_MOV, R0, -123),
> + BPF_JMP32_IMM(BPF_JSLE, R0, -124, 1),
> + BPF_JMP32_IMM(BPF_JSLE, R0, -123, 1),
> + BPF_ALU32_IMM(BPF_MOV, R0, 0),
> + BPF_EXIT_INSN(),
> + },
> + INTERNAL,
> + { },
> + { { 0, -123 } }
> + },
> + {
> + "JMP32_JSLE_K: Large immediate",
> + .u.insns_int = {
> + BPF_ALU32_IMM(BPF_MOV, R0, -12345678),
> + BPF_JMP32_IMM(BPF_JSLE, R0, -12345679, 1),
> + BPF_JMP32_IMM(BPF_JSLE, R0, -12345678, 1),
> + BPF_ALU32_IMM(BPF_MOV, R0, 0),
> + BPF_EXIT_INSN(),
> + },
> + INTERNAL,
> + { },
> + { { 0, -12345678 } }
> + },
> + /* BPF_JMP32 | BPF_JSLE | BPF_K */
> + {
> + "JMP32_JSLE_X",
> + .u.insns_int = {
> + BPF_ALU32_IMM(BPF_MOV, R0, -12345678),
> + BPF_ALU32_IMM(BPF_MOV, R1, -12345679),
> + BPF_JMP32_REG(BPF_JSLE, R0, R1, 1),
ditto
> + BPF_ALU32_IMM(BPF_MOV, R1, -12345678),
> + BPF_JMP32_REG(BPF_JSLE, R0, R1, 1),
> + BPF_ALU32_IMM(BPF_MOV, R0, 0),
> + BPF_EXIT_INSN(),
> + },
> + INTERNAL,
> + { },
> + { { 0, -12345678 } }
> + },
> /* BPF_JMP | BPF_EXIT */
> {
> "JMP_EXIT",
>
Powered by blists - more mailing lists