From: Alexis Lothoré (eBPF Foundation) Date: Thu, 28 May 2026 13:27:14 +0000 (+0200) Subject: selftests/bpf: ignore call depth accounting for retbleed in verifier tests X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bf29346fc39355cc57118e4e825109f66ac3542d;p=thirdparty%2Flinux.git selftests/bpf: ignore call depth accounting for retbleed in verifier tests When running the selftests on a retbleed-affected platform (eg: Skylake), with call depth accounting enabled (CONFIG_CALL_DEPTH_TRACKING=y) _and_ with retbleed=stuff, some verifier selftests fail to validate the jited instructions. For example: MATCHED SUBSTR: ' endbr64' MATCHED SUBSTR: ' nopl (%rax,%rax)' MATCHED SUBSTR: ' xorq %rax, %rax' MATCHED SUBSTR: ' pushq %rbp' MATCHED SUBSTR: ' movq %rsp, %rbp' MATCHED SUBSTR: ' endbr64' MATCHED SUBSTR: ' cmpq $0x21, %rax' MATCHED SUBSTR: ' ja L0' MATCHED SUBSTR: ' pushq %rax' MATCHED SUBSTR: ' movq %rsp, %rax' MATCHED SUBSTR: ' jmp L1' MATCHED SUBSTR: 'L0: pushq %rax' MATCHED SUBSTR: 'L1: pushq %rax' MATCHED SUBSTR: ' movq -0x10(%rbp), %rax' WRONG LINE REGEX: ' callq 0x{{.*}}' Those affected selftests allways fail on some call instruction: this failure is due to the JIT compiler emitting call depth accounting for retbleed mitigation (see x86_call_depth_emit_accounting calls in bpf_jit_comp.c), resulting in an additional instruction being inserted in front of every call instruction, similar to this one: sarq $0x5, %gs:-0x39882741(%rip) Fix those selftests by allowing them to ignore this possibly present call depth accounting instruction. Signed-off-by: Alexis Lothoré (eBPF Foundation) Reviewed-by: Emil Tsalapatis Link: https://lore.kernel.org/r/20260528-fix_tests_for_retbleed_stuff-v1-1-c2022a1f3bee@bootlin.com Signed-off-by: Alexei Starovoitov --- diff --git a/tools/testing/selftests/bpf/progs/verifier_private_stack.c b/tools/testing/selftests/bpf/progs/verifier_private_stack.c index 046f7445a458..bb8206e10880 100644 --- a/tools/testing/selftests/bpf/progs/verifier_private_stack.c +++ b/tools/testing/selftests/bpf/progs/verifier_private_stack.c @@ -94,6 +94,7 @@ __jited(" addq %gs:{{.*}}, %r9") __jited(" movl $0x2a, %edi") __jited(" movq %rdi, -0x200(%r9)") __jited(" pushq %r9") +__jited("...") __jited(" callq 0x{{.*}}") __jited(" popq %r9") __jited(" xorl %eax, %eax") @@ -153,11 +154,13 @@ __jited(" endbr64") __jited(" movabsq $0x{{.*}}, %r9") __jited(" addq %gs:{{.*}}, %r9") __jited(" pushq %r9") +__jited("...") __jited(" callq") __jited(" popq %r9") __jited(" movl $0x2a, %edi") __jited(" movq %rdi, -0x200(%r9)") __jited(" pushq %r9") +__jited("...") __jited(" callq") __jited(" popq %r9") __arch_arm64 @@ -199,6 +202,7 @@ __description("Private stack, exception in main prog") __success __retval(0) __arch_x86_64 __jited(" pushq %r9") +__jited("...") __jited(" callq") __jited(" popq %r9") __arch_arm64 @@ -246,6 +250,7 @@ __success __retval(0) __arch_x86_64 __jited(" movq %rdi, -0x200(%r9)") __jited(" pushq %r9") +__jited("...") __jited(" callq") __jited(" popq %r9") __arch_arm64 diff --git a/tools/testing/selftests/bpf/progs/verifier_tailcall_jit.c b/tools/testing/selftests/bpf/progs/verifier_tailcall_jit.c index 8d60c634a114..48fa34d2959f 100644 --- a/tools/testing/selftests/bpf/progs/verifier_tailcall_jit.c +++ b/tools/testing/selftests/bpf/progs/verifier_tailcall_jit.c @@ -56,6 +56,7 @@ __jited("L1: pushq %rax") /* rbp[-16] = rax */ * (cause original rax might be clobbered by this point) */ __jited(" movq -0x10(%rbp), %rax") +__jited("...") __jited(" callq 0x{{.*}}") /* call to sub() */ __jited(" xorl %eax, %eax") __jited(" leave")