bpf: selftest for late caller stack size increase

author Jann Horn <jannh@google.com>

Fri, 22 Dec 2017 18:12:35 +0000 (19:12 +0100)

committer Daniel Borkmann <daniel@iogearbox.net>

Wed, 27 Dec 2017 17:35:07 +0000 (18:35 +0100)
author Jann Horn <jannh@google.com>
Fri, 22 Dec 2017 18:12:35 +0000 (19:12 +0100)
committer Daniel Borkmann <daniel@iogearbox.net>
Wed, 27 Dec 2017 17:35:07 +0000 (18:35 +0100)
diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c

index 5e79515d10c5ddcee6658f2b5b4a7cff41fca7f0..41dcc7dbba4278411b97154658ba0ab4f643fc09 100644 (file)
--- a/tools/testing/selftests/bpf/test_verifier.c
+++ b/tools/testing/selftests/bpf/test_verifier.c
@@ -8729,6 +8729,40 @@ static struct bpf_test tests[] = {
                 .prog_type = BPF_PROG_TYPE_XDP,
                 .result = ACCEPT,
         },
+       {
+               "calls: stack overflow using two frames (pre-call access)",
+               .insns = {
+                       /* prog 1 */
+                       BPF_ST_MEM(BPF_B, BPF_REG_10, -300, 0),
+                       BPF_RAW_INSN(BPF_JMP|BPF_CALL, 0, 1, 0, 1),
+                       BPF_EXIT_INSN(),
+
+                       /* prog 2 */
+                       BPF_ST_MEM(BPF_B, BPF_REG_10, -300, 0),
+                       BPF_MOV64_IMM(BPF_REG_0, 0),
+                       BPF_EXIT_INSN(),
+               },
+               .prog_type = BPF_PROG_TYPE_XDP,
+               .errstr = "combined stack size",
+               .result = REJECT,
+       },
+       {
+               "calls: stack overflow using two frames (post-call access)",
+               .insns = {
+                       /* prog 1 */
+                       BPF_RAW_INSN(BPF_JMP|BPF_CALL, 0, 1, 0, 2),
+                       BPF_ST_MEM(BPF_B, BPF_REG_10, -300, 0),
+                       BPF_EXIT_INSN(),
+
+                       /* prog 2 */
+                       BPF_ST_MEM(BPF_B, BPF_REG_10, -300, 0),
+                       BPF_MOV64_IMM(BPF_REG_0, 0),
+                       BPF_EXIT_INSN(),
+               },
+               .prog_type = BPF_PROG_TYPE_XDP,
+               .errstr = "combined stack size",
+               .result = REJECT,
+       },
         {
                 "calls: spill into caller stack frame",
                 .insns = {
author	Jann Horn <jannh@google.com>
	Fri, 22 Dec 2017 18:12:35 +0000 (19:12 +0100)
committer	Daniel Borkmann <daniel@iogearbox.net>
	Wed, 27 Dec 2017 17:35:07 +0000 (18:35 +0100)