Commit 12741630 authored Aug 13, 2025 by Ilya Leoshkevich Committed by Daniel Borkmann Aug 18, 2025

selftests/bpf: Clobber a lot of registers in tailcall_bpf2bpf_hierarchy tests



Clobbering a lot of registers and stack slots helps exposing tail call
counter overwrite bugs in JITs.

Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20250813121016.163375-5-iii@linux.ibm.com

parent bc3905a7

tools/testing/selftests/bpf/progs/bpf_test_utils.h

0 → 100644

+18 −0

Original line number	Diff line number	Diff line
		/* SPDX-License-Identifier: GPL-2.0 */
		#ifndef __BPF_TEST_UTILS_H__
		#define __BPF_TEST_UTILS_H__

		#include <bpf/bpf_helpers.h>
		#include "bpf_misc.h"

		/* Clobber as many native registers and stack slots as possible. */
		static __always_inline void clobber_regs_stack(void)
		{
		char tmp_str[] = "123456789";
		unsigned long tmp;

		bpf_strtoul(tmp_str, sizeof(tmp_str), 0, &tmp);
		__sink(tmp);
		}

		#endif

tools/testing/selftests/bpf/progs/tailcall_bpf2bpf_hierarchy1.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -2,6 +2,7 @@
		#include <linux/bpf.h>
		#include <bpf/bpf_helpers.h>
		#include "bpf_legacy.h"
		#include "bpf_test_utils.h"

		struct {
		__uint(type, BPF_MAP_TYPE_PROG_ARRAY);
		@@ -24,6 +25,8 @@ int entry(struct __sk_buff *skb)
		{
		int ret = 1;

		clobber_regs_stack();

		count++;
		subprog_tail(skb);
		subprog_tail(skb);

tools/testing/selftests/bpf/progs/tailcall_bpf2bpf_hierarchy2.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -2,6 +2,7 @@
		#include <linux/bpf.h>
		#include <bpf/bpf_helpers.h>
		#include "bpf_misc.h"
		#include "bpf_test_utils.h"

		int classifier_0(struct __sk_buff *skb);
		int classifier_1(struct __sk_buff *skb);
		@@ -60,6 +61,8 @@ int tailcall_bpf2bpf_hierarchy_2(struct __sk_buff *skb)
		{
		int ret = 0;

		clobber_regs_stack();

		subprog_tail0(skb);
		subprog_tail1(skb);

tools/testing/selftests/bpf/progs/tailcall_bpf2bpf_hierarchy3.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -2,6 +2,7 @@
		#include <linux/bpf.h>
		#include <bpf/bpf_helpers.h>
		#include "bpf_misc.h"
		#include "bpf_test_utils.h"

		int classifier_0(struct __sk_buff *skb);

		@@ -53,6 +54,8 @@ int tailcall_bpf2bpf_hierarchy_3(struct __sk_buff *skb)
		{
		int ret = 0;

		clobber_regs_stack();

		bpf_tail_call_static(skb, &jmp_table0, 0);

		__sink(ret);

tools/testing/selftests/bpf/progs/tailcall_bpf2bpf_hierarchy_fentry.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -4,6 +4,7 @@
		#include "vmlinux.h"
		#include <bpf/bpf_helpers.h>
		#include <bpf/bpf_tracing.h>
		#include "bpf_test_utils.h"

		struct {
		__uint(type, BPF_MAP_TYPE_PROG_ARRAY);
		@@ -24,6 +25,8 @@ int subprog_tail(void *ctx)
		SEC("fentry/dummy")
		int BPF_PROG(fentry, struct sk_buff *skb)
		{
		clobber_regs_stack();

		count++;
		subprog_tail(ctx);
		subprog_tail(ctx);