github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-04 04:23:35 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
a24a2dda70
linux/tools/testing/selftests
History
Eduard Zingerman a24a2dda70 selftests/bpf: trigger verifier.c:maybe_exit_scc() for a speculative state 
This is a test case minimized from a syzbot reproducer from [1].
The test case triggers verifier.c:maybe_exit_scc() w/o
preceding call to verifier.c:maybe_enter_scc() on a speculative
symbolic execution path.

Here is verifier log for the test case:

  Live regs before insn:
        0: .......... (b7) r0 = 100
    1   1: 0......... (7b) *(u64 *)(r10 -512) = r0
    1   2: 0......... (b5) if r0 <= 0x0 goto pc-2
        3: 0......... (95) exit
  0: R1=ctx() R10=fp0
  0: (b7) r0 = 100                      ; R0_w=100
  1: (7b) *(u64 *)(r10 -512) = r0       ; R0_w=100 R10=fp0 fp-512_w=100
  2: (b5) if r0 <= 0x0 goto pc-2
  mark_precise: ...
  2: R0_w=100
  3: (95) exit

  from 2 to 1 (speculative execution): R0_w=scalar() R1=ctx() R10=fp0 fp-512_w=100
  1: R0_w=scalar() R1=ctx() R10=fp0 fp-512_w=100
  1: (7b) *(u64 *)(r10 -512) = r0
  processed 5 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0

- Non-speculative execution path 0-3 does not allocate any checkpoints
  (and hence does not call maybe_enter_scc()), and schedules a
  speculative jump from 2 to 1.
- Speculative execution path stops immediately because of an infinite
  loop detection and triggers verifier.c:update_branch_counts() ->
  maybe_exit_scc() calls.

[1] https://lore.kernel.org/bpf/68c85acd.050a0220.2ff435.03a4.GAE@google.com/

Signed-off-by: Eduard Zingerman <eddyz87@gmail.com>
Link: https://lore.kernel.org/r/20250916212251.3490455-2-eddyz87@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2025-09-17 11:19:58 -07:00
..
acct
alsa selftests: ALSA: fix memory leak in utimer test 2025-07-31 17:01:53 +02:00
amd-pstate
arm64 kselftest/arm64: Don't open code SVE_PT_SIZE() in fp-ptrace 2025-08-30 11:31:11 +01:00
bpf selftests/bpf: trigger verifier.c:maybe_exit_scc() for a speculative state 2025-09-17 11:19:58 -07:00
breakpoints selftests: breakpoints: use suspend_stats to reliably check suspend success 2025-07-10 14:21:30 -06:00
cachestat selftests: cachestat: add tests for mmap, refactor and enhance mmap test for cachestat validation 2025-08-02 12:06:09 -07:00
capabilities
cgroup selftests/cgroup: fix cpu.max tests 2025-07-17 08:12:19 -10:00
clone3
connector
core
coredump selftests/coredump: Remove the read() that fails the test 2025-08-11 15:43:31 +02:00
cpu-hotplug selftests/cpu-hotplug: fix typo in hotplaggable_offline_cpus function name 2025-06-17 14:12:16 -06:00
cpufreq
damon selftests/damon: fix selftests by installing drgn related script 2025-08-19 16:35:55 -07:00
devices
dma
dmabuf-heaps
drivers selftests: drv-net: csum: fix interface name for remote host 2025-09-01 12:43:10 -07:00
dt
efivarfs
exec
fchmodat2
filelock
filesystems selftests/fs/mount-notify: Fix compilation failure. 2025-09-02 10:34:37 +02:00
firmware
fpu
ftrace Probes updates for v6.17: 2025-07-30 15:38:01 -07:00
futex Update for the futex subsystem: 2025-07-29 14:39:42 -07:00
gpio
hid hid-for-linus-2025073101 2025-07-31 21:26:05 -07:00
ia64
intel_pstate
iommu iommufd 6.17 merge window pull 2025-07-31 12:43:08 -07:00
ipc selftests: ipc: Replace fail print statements with ksft_test_result_fail 2025-06-17 14:45:05 -06:00
ir
kcmp
kexec selftests/kexec: fix test_kexec_jump build 2025-07-22 15:10:52 -06:00
kho kho: add test for kexec handover 2025-08-02 12:01:41 -07:00
kmod
kselftest
kselftest_harness
kvm KVM/arm64 changes for 6.17, take #2 2025-08-29 12:57:31 -04:00
landlock selftests/landlock: Add test to check rule tied to covered mount point 2025-06-19 13:55:41 +02:00
lib
livepatch
lkdtm stackleak: Rename STACKLEAK to KSTACK_ERASE 2025-07-21 21:35:01 -07:00
locking
lsm
media_tests
membarrier
memfd
memory-hotplug
mincore
mm selftests/mm: fix FORCE_READ to read input value correctly 2025-08-27 22:45:42 -07:00
module
mount
mount_setattr selftests/mount_setattr: add smoke tests for open_tree_attr(2) bug 2025-08-11 14:51:49 +02:00
move_mount_set_group
mqueue
mseal_system_mappings
nci
net selftest: net: Fix weird setsockopt() in bind_bhash.c. 2025-09-04 07:30:04 -07:00
nolibc selftests/nolibc: add x32 test configuration 2025-07-13 16:58:41 +02:00
ntb
openat2
pci_endpoint selftests: pci_endpoint: Add doorbell test case 2025-07-24 16:51:47 -05:00
pcie_bwctrl
perf_events selftests/perf_events: Add a mmap() correctness test 2025-08-05 21:55:29 +02:00
pid_namespace
pidfd linux_kselftest-next-6.17-rc1 2025-07-29 12:48:53 -07:00
power_supply
powerpc
prctl
proc selftests/proc: fix string literal warning in proc-maps-race.c 2025-08-11 23:00:59 -07:00
pstore
ptp testptp: add option to enable external timestamping edges 2025-06-23 13:32:14 +01:00
ptrace Significant patch series in this pull request: 2025-08-03 16:23:09 -07:00
rcutorture Merge branches 'rcu-exp.23.07.2025', 'rcu.22.07.2025', 'torture-scripts.16.07.2025', 'srcu.19.07.2025', 'rcu.nocb.18.07.2025' and 'refscale.07.07.2025' into rcu.merge.23.07.2025 2025-07-23 21:42:20 +05:30
resctrl
ring-buffer
riscv
rlimits
rseq
rtc
rust
safesetid
sched
sched_ext selftests/sched_ext: Remove duplicate sched.h header 2025-08-11 08:24:08 -10:00
seccomp
sgx
signal
size
sparc64
splice
static_keys
sync
syscall_user_dispatch selftests: Add tests for PR_SYS_DISPATCH_INCLUSIVE_ON 2025-06-13 18:36:39 +02:00
sysctl sysctl: Nixify sysctl.sh 2025-07-23 11:56:02 +02:00
tc-testing selftests/tc-testing: Check backlog stats in gso_skb case 2025-08-14 17:52:29 -07:00
tdx
thermal/intel selftests/thermal: remove duplicate newlines in perror calls 2025-07-19 19:08:28 -07:00
timens
timers
tmpfs
tpm2
tty
turbostat
ublk ublk selftests: add --no_ublk_fixed_fd for not using registered ublk char device 2025-08-28 07:56:57 -06:00
uevent
user_events
vDSO selftests: vDSO: vdso_standalone_test_x86: Replace source file with symlink 2025-07-01 15:50:43 +02:00
vsock selftests/vsock: add initial vmtest.sh for vsock 2025-06-11 13:17:59 -07:00
watchdog
wireguard selftests: net: Enable legacy netfilter legacy options. 2025-07-25 18:38:55 +02:00
x86 selftests/x86: Add a test to detect infinite SIGTRAP handler loop 2025-06-09 08:52:06 -07:00
zram
.gitignore
gen_kselftest_tar.sh
kselftest_deps.sh
kselftest_harness.h selftests: harness: Rename is_signed_type() to avoid collision with overflow.h 2025-08-20 08:04:09 -07:00
kselftest_install.sh
kselftest_module.h
kselftest.h
lib.mk
Makefile nolibc changes for v6.17 2025-07-29 15:32:02 -07:00
run_kselftest.sh