From: Nuoqi Gui Date: Wed, 17 Jun 2026 17:50:27 +0000 (+0800) Subject: selftests/bpf: Cover stack nospec slot indexing X-Git-Tag: v7.2-rc1~25^2~14^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a93ae7ed5972fa4cf7c0244395dc1bcc7e0016be;p=thirdparty%2Flinux.git selftests/bpf: Cover stack nospec slot indexing Add a verifier test for the fixed-offset stack write case where two 4-byte stores initialize opposite halves of the same stack slot. The test runs through the unprivileged loader lane and expects both half-slot writes to emit nospec in the translated program. Acked-by: Luis Gerhorst Signed-off-by: Nuoqi Gui Link: https://lore.kernel.org/r/20260618-f01-11-stack-nospec-slot-index-v3-2-780297041721@mails.tsinghua.edu.cn Signed-off-by: Alexei Starovoitov --- diff --git a/tools/testing/selftests/bpf/progs/verifier_unpriv.c b/tools/testing/selftests/bpf/progs/verifier_unpriv.c index c16f8382cf17d..49f7bd05edad2 100644 --- a/tools/testing/selftests/bpf/progs/verifier_unpriv.c +++ b/tools/testing/selftests/bpf/progs/verifier_unpriv.c @@ -976,4 +976,26 @@ l0_%=: exit; \ : __clobber_all); } +SEC("socket") +__description("unpriv: Spectre v4 stack write slot index") +__success __success_unpriv +__retval(0) +#ifdef SPEC_V4 +__xlated_unpriv("r0 = 0") +__xlated_unpriv("*(u32 *)(r10 -4) = r0") +__xlated_unpriv("nospec") +__xlated_unpriv("*(u32 *)(r10 -8) = r0") +__xlated_unpriv("nospec") +__xlated_unpriv("exit") +#endif +__naked void stack_write_nospec_slot_index(void) +{ + asm volatile (" \ + r0 = 0; \ + *(u32 *)(r10 - 4) = r0; \ + *(u32 *)(r10 - 8) = r0; \ + exit; \ +" ::: __clobber_all); +} + char _license[] SEC("license") = "GPL";