When running the selftests on a retbleed-affected platform (eg:
Skylake), with call depth accounting enabled
(CONFIG_CALL_DEPTH_TRACKING=y) _and_ with retbleed=stuff, some verifier
selftests fail to validate the jited instructions. For example:
MATCHED SUBSTR: ' endbr64'
MATCHED SUBSTR: ' nopl (%rax,%rax)'
MATCHED SUBSTR: ' xorq %rax, %rax'
MATCHED SUBSTR: ' pushq %rbp'
MATCHED SUBSTR: ' movq %rsp, %rbp'
MATCHED SUBSTR: ' endbr64'
MATCHED SUBSTR: ' cmpq $0x21, %rax'
MATCHED SUBSTR: ' ja L0'
MATCHED SUBSTR: ' pushq %rax'
MATCHED SUBSTR: ' movq %rsp, %rax'
MATCHED SUBSTR: ' jmp L1'
MATCHED SUBSTR: 'L0: pushq %rax'
MATCHED SUBSTR: 'L1: pushq %rax'
MATCHED SUBSTR: ' movq -0x10(%rbp), %rax'
WRONG LINE REGEX: ' callq 0x{{.*}}'
Those affected selftests allways fail on some call instruction: this
failure is due to the JIT compiler emitting call depth accounting for
retbleed mitigation (see x86_call_depth_emit_accounting calls in
bpf_jit_comp.c), resulting in an additional instruction being inserted
in front of every call instruction, similar to this one:
sarq $0x5, %gs:-0x39882741(%rip)
Fix those selftests by allowing them to ignore this possibly present
call depth accounting instruction.
Signed-off-by: Alexis Lothoré (eBPF Foundation) <[email protected]>
---
tools/testing/selftests/bpf/progs/verifier_private_stack.c | 5 +++++
tools/testing/selftests/bpf/progs/verifier_tailcall_jit.c | 1 +
2 files changed, 6 insertions(+)
diff --git a/tools/testing/selftests/bpf/progs/verifier_private_stack.c
b/tools/testing/selftests/bpf/progs/verifier_private_stack.c
index 046f7445a458..bb8206e10880 100644
--- a/tools/testing/selftests/bpf/progs/verifier_private_stack.c
+++ b/tools/testing/selftests/bpf/progs/verifier_private_stack.c
@@ -94,6 +94,7 @@ __jited(" addq %gs:{{.*}}, %r9")
__jited(" movl $0x2a, %edi")
__jited(" movq %rdi, -0x200(%r9)")
__jited(" pushq %r9")
+__jited("...")
__jited(" callq 0x{{.*}}")
__jited(" popq %r9")
__jited(" xorl %eax, %eax")
@@ -153,11 +154,13 @@ __jited(" endbr64")
__jited(" movabsq $0x{{.*}}, %r9")
__jited(" addq %gs:{{.*}}, %r9")
__jited(" pushq %r9")
+__jited("...")
__jited(" callq")
__jited(" popq %r9")
__jited(" movl $0x2a, %edi")
__jited(" movq %rdi, -0x200(%r9)")
__jited(" pushq %r9")
+__jited("...")
__jited(" callq")
__jited(" popq %r9")
__arch_arm64
@@ -199,6 +202,7 @@ __description("Private stack, exception in main prog")
__success __retval(0)
__arch_x86_64
__jited(" pushq %r9")
+__jited("...")
__jited(" callq")
__jited(" popq %r9")
__arch_arm64
@@ -246,6 +250,7 @@ __success __retval(0)
__arch_x86_64
__jited(" movq %rdi, -0x200(%r9)")
__jited(" pushq %r9")
+__jited("...")
__jited(" callq")
__jited(" popq %r9")
__arch_arm64
diff --git a/tools/testing/selftests/bpf/progs/verifier_tailcall_jit.c
b/tools/testing/selftests/bpf/progs/verifier_tailcall_jit.c
index 8d60c634a114..48fa34d2959f 100644
--- a/tools/testing/selftests/bpf/progs/verifier_tailcall_jit.c
+++ b/tools/testing/selftests/bpf/progs/verifier_tailcall_jit.c
@@ -56,6 +56,7 @@ __jited("L1: pushq %rax") /* rbp[-16] =
rax */
* (cause original rax might be clobbered by this point)
*/
__jited(" movq -0x10(%rbp), %rax")
+__jited("...")
__jited(" callq 0x{{.*}}") /* call to sub() */
__jited(" xorl %eax, %eax")
__jited(" leave")
---
base-commit: 4a8eaccfdd6f4ae4b0e8735664e9d3e5ce826329
change-id: 20260528-fix_tests_for_retbleed_stuff-c3c89b738e70
Best regards,
--
Alexis Lothoré (eBPF Foundation) <[email protected]>
