linux/tools/testing/selftests/bpf
Brendan Jackman 39491867ac bpf: Explicitly zero-extend R0 after 32-bit cmpxchg
As pointed out by Ilya and explained in the new comment, there's a
discrepancy between x86 and BPF CMPXCHG semantics: BPF always loads
the value from memory into r0, while x86 only does so when r0 and the
value in memory are different. The same issue affects s390.

At first this might sound like pure semantics, but it makes a real
difference when the comparison is 32-bit, since the load will
zero-extend r0/rax.

The fix is to explicitly zero-extend rax after doing such a
CMPXCHG. Since this problem affects multiple archs, this is done in
the verifier by patching in a BPF_ZEXT_REG instruction after every
32-bit cmpxchg. Any archs that don't need such manual zero-extension
can do a look-ahead with insn_is_zext to skip the unnecessary mov.

Note this still goes on top of Ilya's patch:

https://lore.kernel.org/bpf/20210301154019.129110-1-iii@linux.ibm.com/T/#u

Differences v5->v6[1]:
 - Moved is_cmpxchg_insn and ensured it can be safely re-used. Also renamed it
   and removed 'inline' to match the style of the is_*_function helpers.
 - Fixed up comments in verifier test (thanks for the careful review, Martin!)

Differences v4->v5[1]:
 - Moved the logic entirely into opt_subreg_zext_lo32_rnd_hi32, thanks to Martin
   for suggesting this.

Differences v3->v4[1]:
 - Moved the optimization against pointless zext into the correct place:
   opt_subreg_zext_lo32_rnd_hi32 is called _after_ fixup_bpf_calls.

Differences v2->v3[1]:
 - Moved patching into fixup_bpf_calls (patch incoming to rename this function)
 - Added extra commentary on bpf_jit_needs_zext
 - Added check to avoid adding a pointless zext(r0) if there's already one there.

Difference v1->v2[1]: Now solved centrally in the verifier instead of
  specifically for the x86 JIT. Thanks to Ilya and Daniel for the suggestions!

[1] v5: https://lore.kernel.org/bpf/CA+i-1C3ytZz6FjcPmUg5s4L51pMQDxWcZNvM86w4RHZ_o2khwg@mail.gmail.com/T/#t
    v4: https://lore.kernel.org/bpf/CA+i-1C3ytZz6FjcPmUg5s4L51pMQDxWcZNvM86w4RHZ_o2khwg@mail.gmail.com/T/#t
    v3: https://lore.kernel.org/bpf/08669818-c99d-0d30-e1db-53160c063611@iogearbox.net/T/#t
    v2: https://lore.kernel.org/bpf/08669818-c99d-0d30-e1db-53160c063611@iogearbox.net/T/#t
    v1: https://lore.kernel.org/bpf/d7ebaefb-bfd6-a441-3ff2-2fdfe699b1d2@iogearbox.net/T/#t

Reported-by: Ilya Leoshkevich <iii@linux.ibm.com>
Fixes: 5ffa25502b ("bpf: Add instructions for atomic_[cmp]xchg")
Signed-off-by: Brendan Jackman <jackmanb@google.com>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Acked-by: Ilya Leoshkevich <iii@linux.ibm.com>
Tested-by: Ilya Leoshkevich <iii@linux.ibm.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2021-03-04 19:06:03 -08:00
..
benchs bpf/benchs/bench_ringbufs: Remove unneeded semicolon 2021-02-08 13:41:24 -08:00
bpf_testmod selftests: bpf: Add a new test for bare tracepoints 2021-01-20 14:14:05 -08:00
gnu
map_tests
prog_tests selftests/bpf: Add unit tests for pointers in global functions 2021-02-12 17:37:23 -08:00
progs selftests/bpf: Use the last page in test_snprintf_btf on s390 2021-03-02 11:30:59 +01:00
verifier bpf: Explicitly zero-extend R0 after 32-bit cmpxchg 2021-03-04 19:06:03 -08:00
.gitignore selftests/bpf: Integrate the socket_cookie test to test_progs 2021-02-11 17:44:41 -08:00
bench.c selftests: Remove fmod_ret from test_overhead 2020-09-28 17:20:28 -07:00
bench.h
bpf_legacy.h selftests: bpf: Remove unused bpf_map_def_legacy struct 2020-07-08 01:33:14 +02:00
bpf_rand.h
bpf_rlimit.h
bpf_sockopt_helpers.h bpf: Enable bpf_{g,s}etsockopt in BPF_CGROUP_UDP{4,6}_SENDMSG 2021-01-29 02:09:05 +01:00
bpf_tcp_helpers.h bpf: selftests: Add non function pointer test to struct_ops 2021-02-12 11:49:36 -08:00
bpf_util.h
btf_helpers.c selftests/bpf: Add split BTF dedup selftests 2020-11-05 18:37:31 -08:00
btf_helpers.h selftests/bpf: Add split BTF dedup selftests 2020-11-05 18:37:31 -08:00
cgroup_helpers.c bpf, selftests: Use single cgroup helpers for both test_sockmap/progs 2020-08-01 20:20:59 -07:00
cgroup_helpers.h bpf, selftests: Use single cgroup helpers for both test_sockmap/progs 2020-08-01 20:20:59 -07:00
config selftests/bpf: Add config dependency on BLK_DEV_LOOP 2020-12-03 11:20:21 -08:00
flow_dissector_load.c
flow_dissector_load.h selftests/bpf: Don't use deprecated libbpf APIs 2020-09-03 17:14:40 -07:00
get_cgroup_id_user.c bpf, selftests: Use single cgroup helpers for both test_sockmap/progs 2020-08-01 20:20:59 -07:00
ima_setup.sh selftests/bpf: Silence ima_setup.sh when not running in verbose mode. 2020-12-10 22:14:32 -08:00
Makefile selftests/bpf: Integrate the socket_cookie test to test_progs 2021-02-11 17:44:41 -08:00
netcnt_common.h
network_helpers.c bpf: selftests: Add fastopen_connect to network_helpers 2020-08-24 14:35:00 -07:00
network_helpers.h bpf: selftests: Add fastopen_connect to network_helpers 2020-08-24 14:35:00 -07:00
README.rst bpf/selftests: Add a short note about vmtest.sh in README.rst 2021-02-04 16:03:16 -08:00
settings selftests: bpf: Switch off timeout 2020-08-06 16:57:05 -07:00
test_bpftool_build.sh selftests, bpftool: Add bpftool (and eBPF helpers) documentation build 2020-09-10 11:02:45 -07:00
test_bpftool_metadata.sh selftests/bpf: Test load and dump metadata with btftool and skel 2020-09-15 18:28:27 -07:00
test_bpftool.py
test_bpftool.sh
test_btf.h
test_cgroup_storage.c bpf: Rename BPF_XADD and prepare to encode other atomics in .imm 2021-01-14 18:34:29 -08:00
test_cpp.cpp
test_dev_cgroup.c bpf, selftests: Use single cgroup helpers for both test_sockmap/progs 2020-08-01 20:20:59 -07:00
test_flow_dissector.c selftests/bpf: Remove unneeded semicolon 2021-02-08 17:54:24 -08:00
test_flow_dissector.sh
test_ftrace.sh
test_iptunnel_common.h
test_kmod.sh selftests: bpf: test_kmod.sh: Fix running out of srctree 2020-07-21 13:26:24 -07:00
test_lirc_mode2_user.c
test_lirc_mode2.sh
test_lpm_map.c
test_lru_map.c
test_lwt_ip_encap.sh
test_lwt_seg6local.sh selftests/bpf: Fix test_lwt_seg6local.sh hangs 2020-07-21 13:26:26 -07:00
test_maps.c selftests/bpf: Work-around EBUSY errors from hashmap update/delete 2020-12-24 01:35:46 +01:00
test_maps.h
test_netcnt.c bpf, selftests: Use single cgroup helpers for both test_sockmap/progs 2020-08-01 20:20:59 -07:00
test_offload.py Kbuild updates for v5.11 2020-12-22 14:02:39 -08:00
test_progs.c selftests/bpf: Don't exit on failed bpf_testmod unload 2021-01-26 17:02:00 +01:00
test_progs.h bpf: Remove extra lock_sock for TCP_ZEROCOPY_RECEIVE 2021-01-20 14:23:00 -08:00
test_select_reuseport_common.h
test_skb_cgroup_id_user.c bpf, selftests: Use single cgroup helpers for both test_sockmap/progs 2020-08-01 20:20:59 -07:00
test_skb_cgroup_id.sh
test_sock_addr.c selftests/bpf: Rewrite recvmsg{4,6} asm progs to c in test_sock_addr 2021-01-29 02:09:05 +01:00
test_sock_addr.sh
test_sock.c bpf, selftests: Use single cgroup helpers for both test_sockmap/progs 2020-08-01 20:20:59 -07:00
test_sockmap.c selftests/bpf: Fix invalid use of strncat in test_sockmap 2020-12-03 18:07:05 -08:00
test_stub.c
test_sysctl.c bpf, selftests: Use single cgroup helpers for both test_sockmap/progs 2020-08-01 20:20:59 -07:00
test_tag.c
test_tc_edt.sh
test_tc_redirect.sh bpf, selftests: Extend test_tc_redirect to use modified bpf_redirect_neigh() 2020-10-22 01:30:00 +02:00
test_tc_tunnel.sh
test_tcp_check_syncookie_user.c
test_tcp_check_syncookie.sh
test_tcp_hdr_options.h bpf: selftest: Ensure the child sk inherited all bpf_sock_ops_cb_flags 2020-10-02 11:34:48 -07:00
test_tcpbpf.h selftests/bpf: Add Userspace tests for TCP_WINDOW_CLAMP 2020-12-03 17:23:24 -08:00
test_tcpnotify_user.c bpf: Fix compilation warning of selftests 2020-08-06 16:58:42 -07:00
test_tcpnotify.h
test_tunnel.sh selftest/bpf: Add missed ip6ip6 test back 2020-11-10 15:37:45 -08:00
test_verifier_log.c
test_verifier.c selftest/bpf: Testing for multiple logs on REJECT 2021-02-03 22:01:25 +01:00
test_xdp_meta.sh
test_xdp_redirect.sh selftests/bpf: Convert test_xdp_redirect.sh to bash 2021-02-11 16:28:02 +01:00
test_xdp_veth.sh
test_xdp_vlan_mode_generic.sh
test_xdp_vlan_mode_native.sh
test_xdp_vlan.sh
test_xdping.sh
test_xsk.sh selftests/bpf: Xsk selftests - Bi-directional Sockets - SKB, DRV 2020-12-09 16:44:45 +01:00
testing_helpers.c selftests/bpf: Add link detach tests for cgroup, netns, and xdp bpf_links 2020-08-01 20:38:28 -07:00
testing_helpers.h selftests/bpf: Add link detach tests for cgroup, netns, and xdp bpf_links 2020-08-01 20:38:28 -07:00
trace_helpers.c selftests/bpf: Ksyms_btf to test typed ksyms 2020-10-02 14:59:25 -07:00
trace_helpers.h selftests/bpf: Ksyms_btf to test typed ksyms 2020-10-02 14:59:25 -07:00
urandom_read.c
vmtest.sh bpf: Helper script for running BPF presubmit tests 2021-02-04 16:03:16 -08:00
with_addr.sh
with_tunnels.sh
xdping.c
xdping.h
xdpxceiver.c selftests/bpf: Simplify the calculation of variables 2021-02-10 12:14:27 -08:00
xdpxceiver.h selftests/bpf: Remove unused enums 2021-01-26 00:05:01 +01:00
xsk_prereqs.sh selftests/bpf: Xsk selftests - SKB POLL, NOPOLL 2020-12-09 16:44:45 +01:00

==================
BPF Selftest Notes
==================
General instructions on running selftests can be found in
`Documentation/bpf/bpf_devel_QA.rst`__.

__ /Documentation/bpf/bpf_devel_QA.rst#q-how-to-run-bpf-selftests

=========================
Running Selftests in a VM
=========================

It's now possible to run the selftests using ``tools/testing/selftests/bpf/vmtest.sh``.
The script tries to ensure that the tests are run with the same environment as they
would be run post-submit in the CI used by the Maintainers.

This script downloads a suitable Kconfig and VM userspace image from the system used by
the CI. It builds the kernel (without overwriting your existing Kconfig), recompiles the
bpf selftests, runs them (by default ``tools/testing/selftests/bpf/test_progs``) and
saves the resulting output (by default in ``~/.bpf_selftests``).

For more information on about using the script, run:

.. code-block:: console

  $ tools/testing/selftests/bpf/vmtest.sh -h

.. note:: The script uses pahole and clang based on host environment setting.
          If you want to change pahole and llvm, you can change `PATH` environment
          variable in the beginning of script.

.. note:: The script currently only supports x86_64.

Additional information about selftest failures are
documented here.

profiler[23] test failures with clang/llvm <12.0.0
==================================================

With clang/llvm <12.0.0, the profiler[23] test may fail.
The symptom looks like

.. code-block:: c

  // r9 is a pointer to map_value
  // r7 is a scalar
  17:       bf 96 00 00 00 00 00 00 r6 = r9
  18:       0f 76 00 00 00 00 00 00 r6 += r7
  math between map_value pointer and register with unbounded min value is not allowed

  // the instructions below will not be seen in the verifier log
  19:       a5 07 01 00 01 01 00 00 if r7 < 257 goto +1
  20:       bf 96 00 00 00 00 00 00 r6 = r9
  // r6 is used here

The verifier will reject such code with above error.
At insn 18 the r7 is indeed unbounded. The later insn 19 checks the bounds and
the insn 20 undoes map_value addition. It is currently impossible for the
verifier to understand such speculative pointer arithmetic.
Hence `this patch`__ addresses it on the compiler side. It was committed on llvm 12.

__ https://reviews.llvm.org/D85570

The corresponding C code

.. code-block:: c

  for (int i = 0; i < MAX_CGROUPS_PATH_DEPTH; i++) {
          filepart_length = bpf_probe_read_str(payload, ...);
          if (filepart_length <= MAX_PATH) {
                  barrier_var(filepart_length); // workaround
                  payload += filepart_length;
          }
  }

bpf_iter test failures with clang/llvm 10.0.0
=============================================

With clang/llvm 10.0.0, the following two bpf_iter tests failed:
  * ``bpf_iter/ipv6_route``
  * ``bpf_iter/netlink``

The symptom for ``bpf_iter/ipv6_route`` looks like

.. code-block:: c

  2: (79) r8 = *(u64 *)(r1 +8)
  ...
  14: (bf) r2 = r8
  15: (0f) r2 += r1
  ; BPF_SEQ_PRINTF(seq, "%pi6 %02x ", &rt->fib6_dst.addr, rt->fib6_dst.plen);
  16: (7b) *(u64 *)(r8 +64) = r2
  only read is supported

The symptom for ``bpf_iter/netlink`` looks like

.. code-block:: c

  ; struct netlink_sock *nlk = ctx->sk;
  2: (79) r7 = *(u64 *)(r1 +8)
  ...
  15: (bf) r2 = r7
  16: (0f) r2 += r1
  ; BPF_SEQ_PRINTF(seq, "%pK %-3d ", s, s->sk_protocol);
  17: (7b) *(u64 *)(r7 +0) = r2
  only read is supported

This is due to a llvm BPF backend bug. `The fix`__
has been pushed to llvm 10.x release branch and will be
available in 10.0.1. The patch is available in llvm 11.0.0 trunk.

__  https://reviews.llvm.org/D78466

BPF CO-RE-based tests and Clang version
=======================================

A set of selftests use BPF target-specific built-ins, which might require
bleeding-edge Clang versions (Clang 12 nightly at this time).

Few sub-tests of core_reloc test suit (part of test_progs test runner) require
the following built-ins, listed with corresponding Clang diffs introducing
them to Clang/LLVM. These sub-tests are going to be skipped if Clang is too
old to support them, they shouldn't cause build failures or runtime test
failures:

- __builtin_btf_type_id() [0_, 1_, 2_];
- __builtin_preserve_type_info(), __builtin_preserve_enum_value() [3_, 4_].

.. _0: https://reviews.llvm.org/D74572
.. _1: https://reviews.llvm.org/D74668
.. _2: https://reviews.llvm.org/D85174
.. _3: https://reviews.llvm.org/D83878
.. _4: https://reviews.llvm.org/D83242