]> git.ipfire.org Git - thirdparty/linux.git/commitdiff
selftests/bpf: Cover stack nospec slot indexing
authorNuoqi Gui <gnq25@mails.tsinghua.edu.cn>
Wed, 17 Jun 2026 17:50:27 +0000 (01:50 +0800)
committerAlexei Starovoitov <ast@kernel.org>
Mon, 22 Jun 2026 00:51:58 +0000 (17:51 -0700)
Add a verifier test for the fixed-offset stack write case where two 4-byte
stores initialize opposite halves of the same stack slot.

The test runs through the unprivileged loader lane and expects both
half-slot writes to emit nospec in the translated program.

Acked-by: Luis Gerhorst <luis.gerhorst@fau.de>
Signed-off-by: Nuoqi Gui <gnq25@mails.tsinghua.edu.cn>
Link: https://lore.kernel.org/r/20260618-f01-11-stack-nospec-slot-index-v3-2-780297041721@mails.tsinghua.edu.cn
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
tools/testing/selftests/bpf/progs/verifier_unpriv.c

index c16f8382cf17d13ccdd3b669c50dd62b88fb698d..49f7bd05edad2c140d8223f9ebda2252bb717ac6 100644 (file)
@@ -976,4 +976,26 @@ l0_%=:     exit;                                           \
        : __clobber_all);
 }
 
+SEC("socket")
+__description("unpriv: Spectre v4 stack write slot index")
+__success __success_unpriv
+__retval(0)
+#ifdef SPEC_V4
+__xlated_unpriv("r0 = 0")
+__xlated_unpriv("*(u32 *)(r10 -4) = r0")
+__xlated_unpriv("nospec")
+__xlated_unpriv("*(u32 *)(r10 -8) = r0")
+__xlated_unpriv("nospec")
+__xlated_unpriv("exit")
+#endif
+__naked void stack_write_nospec_slot_index(void)
+{
+       asm volatile ("                                 \
+       r0 = 0;                                 \
+       *(u32 *)(r10 - 4) = r0;                 \
+       *(u32 *)(r10 - 8) = r0;                 \
+       exit;                                   \
+"      ::: __clobber_all);
+}
+
 char _license[] SEC("license") = "GPL";