selftests: bpf: Add test for JMP32 JSET BPF_X with upper bits set

The existing tests attempt to check that JMP32 JSET ignores the upper
bits in the operand registers. However, the tests missed one such bug in
the x32 JIT that is only uncovered when a previous instruction pollutes
the upper 32 bits of the registers.

This patch adds a new test case that catches the bug by first executing
a 64-bit JSET to pollute the upper 32-bits of the temporary registers,
followed by a 32-bit JSET which should ignore the upper 32 bits.

Co-developed-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Signed-off-by: Luke Nelson <luke.r.nels@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20200305234416.31597-2-luke.r.nels@gmail.com

diff --git a/tools/testing/selftests/bpf/verifier/jmp32.c b/tools/testing/selftests/bpf/verifier/jmp32.c
index bf0322eb53464d41bb6d38098f8d95fc2c2536a7..bd5cae4a7f7338d182af5fa41f95daa72fec8dc3 100644 (file)
--- a/tools/testing/selftests/bpf/verifier/jmp32.c
+++ b/tools/testing/selftests/bpf/verifier/jmp32.c
@@ -61,6 +61,21 @@
        },
        .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
 },
+{
+       "jset32: ignores upper bits",
+       .insns = {
+       BPF_MOV64_IMM(BPF_REG_0, 0),
+       BPF_LD_IMM64(BPF_REG_7, 0x8000000000000000),
+       BPF_LD_IMM64(BPF_REG_8, 0x8000000000000000),
+       BPF_JMP_REG(BPF_JSET, BPF_REG_7, BPF_REG_8, 1),
+       BPF_EXIT_INSN(),
+       BPF_JMP32_REG(BPF_JSET, BPF_REG_7, BPF_REG_8, 1),
+       BPF_MOV64_IMM(BPF_REG_0, 2),
+       BPF_EXIT_INSN(),
+       },
+       .result = ACCEPT,
+       .retval = 2,
+},
 {
        "jset32: min/max deduction",
        .insns = {