git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Luis Gerhorst <luis.gerhorst@fau.de>
	Sat, 5 Jul 2025 19:09:08 +0000 (21:09 +0200)
committer	Alexei Starovoitov <ast@kernel.org>
	Mon, 7 Jul 2025 15:32:34 +0000 (08:32 -0700)
commit	92974cef83b560175fc52acb53aa833cb1e93306
tree	240c4d8e51c21feca6c2118c8e964e62fac3f1be	tree
parent	dadb59104c6441f54d0c42bba3e4bd11e25fc6d9	commit \| diff

selftests/bpf: Add Spectre v4 tests

Add the following tests:

1. A test with an (unimportant) ldimm64 (16 byte insn) and a
   Spectre-v4--induced nospec that clarifies and serves as a basic
   Spectre v4 test.

2. Make sure a Spectre v4 nospec_result does not prevent a Spectre v1
   nospec from being added before the dangerous instruction (tests that
   [1] is fixed).

3. Combine the two, which is the combination that triggers the warning
   in [2]. This is because the unanalyzed stack write has nospec_result
   set, but the ldimm64 (which was just analyzed) had incremented
   insn_idx by 2. That violates the assertion that nospec_result is only
   used after insns that increment insn_idx by 1 (i.e., stack writes).

[1] https://lore.kernel.org/bpf/4266fd5de04092aa4971cbef14f1b4b96961f432.camel@gmail.com/
[2] https://lore.kernel.org/bpf/685b3c1b.050a0220.2303ee.0010.GAE@google.com/

Signed-off-by: Luis Gerhorst <luis.gerhorst@fau.de>
Link: https://lore.kernel.org/r/20250705190908.1756862-3-luis.gerhorst@fau.de
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

tools/testing/selftests/bpf/progs/bpf_misc.h		diff \| blob \| blame \| history
tools/testing/selftests/bpf/progs/verifier_unpriv.c		diff \| blob \| blame \| history