selftests/bpf: Add test for immediate spilled to stack

Add a test to check if the verifier correctly reason about the sign
of an immediate spilled to stack by BPF_ST instruction.

Signed-off-by: Hao Sun <sunhao.th@gmail.com>
Link: https://lore.kernel.org/r/20231101-fix-check-stack-write-v3-2-f05c2b1473d5@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/tools/testing/selftests/bpf/verifier/bpf_st_mem.c b/tools/testing/selftests/bpf/verifier/bpf_st_mem.c
index 3af2501082b29b625f7de508059971cb2f996acb..b616575c3b00a5b74a5e4af180fe91004258e506 100644 (file)
--- a/tools/testing/selftests/bpf/verifier/bpf_st_mem.c
+++ b/tools/testing/selftests/bpf/verifier/bpf_st_mem.c
@@ -65,3 +65,35 @@
        .expected_attach_type = BPF_SK_LOOKUP,
        .runs = -1,
 },
+{
+       "BPF_ST_MEM stack imm sign",
+       /* Check if verifier correctly reasons about sign of an
+        * immediate spilled to stack by BPF_ST instruction.
+        *
+        *   fp[-8] = -44;
+        *   r0 = fp[-8];
+        *   if r0 s< 0 goto ret0;
+        *   r0 = -1;
+        *   exit;
+        * ret0:
+        *   r0 = 0;
+        *   exit;
+        */
+       .insns = {
+       BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, -44),
+       BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_10, -8),
+       BPF_JMP_IMM(BPF_JSLT, BPF_REG_0, 0, 2),
+       BPF_MOV64_IMM(BPF_REG_0, -1),
+       BPF_EXIT_INSN(),
+       BPF_MOV64_IMM(BPF_REG_0, 0),
+       BPF_EXIT_INSN(),
+       },
+       /* Use prog type that requires return value in range [0, 1] */
+       .prog_type = BPF_PROG_TYPE_SK_LOOKUP,
+       .expected_attach_type = BPF_SK_LOOKUP,
+       .result = VERBOSE_ACCEPT,
+       .runs = -1,
+       .errstr = "0: (7a) *(u64 *)(r10 -8) = -44        ; R10=fp0 fp-8_w=-44\
+       2: (c5) if r0 s< 0x0 goto pc+2\
+       R0_w=-44",
+},