linux/tools/testing/selftests/bpf
Jann Horn 6b80ad2992 bpf: selftest for late caller stack size increase
This checks that it is not possible to bypass the total stack size check in
update_stack_depth() by calling a function that uses a large amount of
stack memory *before* using a large amount of stack memory in the caller.

Currently, the first added testcase causes a rejection as expected, but
the second testcase is (AFAICS incorrectly) accepted:

[...]
#483/p calls: stack overflow using two frames (post-call access) FAIL
Unexpected success to load!
0: (85) call pc+2
caller:
 R10=fp0,call_-1
callee:
 frame1: R1=ctx(id=0,off=0,imm=0) R10=fp0,call_0
3: (72) *(u8 *)(r10 -300) = 0
4: (b7) r0 = 0
5: (95) exit
returning from callee:
 frame1: R0_w=inv0 R1=ctx(id=0,off=0,imm=0) R10=fp0,call_0
to caller at 1:
 R0_w=inv0 R10=fp0,call_-1

from 5 to 1: R0=inv0 R10=fp0,call_-1
1: (72) *(u8 *)(r10 -300) = 0
2: (95) exit
processed 6 insns, stack depth 300+300
[...]
Summary: 704 PASSED, 1 FAILED

AFAICS the JIT-generated code for the second testcase shows that this
really causes the stack pointer to be decremented by 300+300:

first function:
00000000  55                push rbp
00000001  4889E5            mov rbp,rsp
00000004  4881EC58010000    sub rsp,0x158
0000000B  4883ED28          sub rbp,byte +0x28
[...]
00000025  E89AB3AFE5        call 0xffffffffe5afb3c4
0000002A  C685D4FEFFFF00    mov byte [rbp-0x12c],0x0
[...]
00000041  4883C528          add rbp,byte +0x28
00000045  C9                leave
00000046  C3                ret

second function:
00000000  55                push rbp
00000001  4889E5            mov rbp,rsp
00000004  4881EC58010000    sub rsp,0x158
0000000B  4883ED28          sub rbp,byte +0x28
[...]
00000025  C685D4FEFFFF00    mov byte [rbp-0x12c],0x0
[...]
0000003E  4883C528          add rbp,byte +0x28
00000042  C9                leave
00000043  C3                ret

Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2017-12-27 18:35:07 +01:00
..
gnu selftests/bpf: get rid of -D__x86_64__ 2017-05-03 09:51:25 -04:00
include/uapi/linux License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
.gitignore bpf: Add test_tag to .gitignore 2017-02-10 15:56:08 -05:00
bpf_endian.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
bpf_helpers.h samples/bpf: add a test for bpf_override_return 2017-12-12 09:02:40 -08:00
bpf_util.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
cgroup_helpers.c bpf: move cgroup_helpers from samples/bpf/ to tools/testing/selftesting/bpf/ 2017-11-05 23:26:51 +09:00
cgroup_helpers.h bpf: move cgroup_helpers from samples/bpf/ to tools/testing/selftesting/bpf/ 2017-11-05 23:26:51 +09:00
config selftests/bpf: add netdevsim to config 2017-12-19 01:35:12 +01:00
dev_cgroup.c selftests/bpf: add a test for device cgroup controller 2017-11-05 23:26:51 +09:00
Makefile Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2017-12-18 10:51:06 -05:00
sample_ret0.c selftests/bpf: add offload test based on netdevsim 2017-12-03 00:27:58 +01:00
sockmap_parse_prog.c selftests/bpf: remove useless bpf_trace_printk 2017-11-01 12:06:46 +09:00
sockmap_verdict_prog.c selftests/bpf: remove useless bpf_trace_printk 2017-11-01 12:06:46 +09:00
test_align.c selftests/bpf: adjust test_align expected output 2017-12-01 11:25:10 +01:00
test_dev_cgroup.c tools/bpf: adjust rlimit RLIMIT_MEMLOCK for test_dev_cgroup 2017-12-20 19:15:54 -08:00
test_iptunnel_common.h selftests/bpf: add a test for basic XDP functionality 2017-04-01 12:45:57 -07:00
test_kmod.sh License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
test_l4lb_noinline.c selftests/bpf: add bpf_call test 2017-12-17 20:34:36 +01:00
test_l4lb.c bpf: Move endianness BPF helpers out of bpf_util.h 2017-05-01 12:43:49 -07:00
test_lpm_map.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-04 09:26:51 +09:00
test_lru_map.c bpf: lru: Lower the PERCPU_NR_SCANS from 16 to 4 2017-04-17 13:55:52 -04:00
test_maps.c selftests/bpf: fix broken build of test_maps 2017-10-23 01:06:31 +01:00
test_obj_id.c bpf: Fix test_obj_id.c for llvm 5.0 2017-06-09 15:15:11 -04:00
test_offload.py selftests/bpf: add offload test based on netdevsim 2017-12-03 00:27:58 +01:00
test_pkt_access.c selftests/bpf: fix broken build due to types.h 2017-05-17 18:45:14 -04:00
test_pkt_md_access.c bpf: fix selftest/bpf/test_pkt_md_access on s390x 2017-08-07 10:06:27 -07:00
test_progs.c selftests/bpf: add xdp noinline test 2017-12-17 20:34:36 +01:00
test_tag.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
test_tcp_estats.c selftests/bpf: add a test case to check verifier pointer arithmetic 2017-05-03 09:51:25 -04:00
test_tracepoint.c bpf/tracing: add a bpf test for new ioctl query interface 2017-12-12 08:46:40 -08:00
test_verifier_log.c tools/bpf: adjust rlimit RLIMIT_MEMLOCK for test_verifier_log 2017-11-30 19:55:18 +01:00
test_verifier.c bpf: selftest for late caller stack size increase 2017-12-27 18:35:07 +01:00
test_xdp_meta.c bpf: improve selftests and add tests for meta pointer 2017-09-26 13:36:44 -07:00
test_xdp_meta.sh bpf: improve selftests and add tests for meta pointer 2017-09-26 13:36:44 -07:00
test_xdp_noinline.c selftests/bpf: add xdp noinline test 2017-12-17 20:34:36 +01:00
test_xdp_redirect.c selftests: bpf: add a test for XDP redirect 2017-08-08 18:12:50 -07:00
test_xdp_redirect.sh selftests: bpf: add check for ip XDP redirect 2017-08-11 14:57:31 -07:00
test_xdp.c selftests: bpf: Use bpf_endian.h in test_xdp.c 2017-05-02 07:52:01 -07:00