selftests/bpf: ignore call depth accounting for retbleed in verifier tests

When running the selftests on a retbleed-affected platform (eg:
Skylake), with call depth accounting enabled
(CONFIG_CALL_DEPTH_TRACKING=y) _and_ with retbleed=stuff, some verifier
selftests fail to validate the jited instructions. For example:

  MATCHED    SUBSTR: '	endbr64'
  MATCHED    SUBSTR: '	nopl	(%rax,%rax)'
  MATCHED    SUBSTR: '	xorq	%rax, %rax'
  MATCHED    SUBSTR: '	pushq	%rbp'
  MATCHED    SUBSTR: '	movq	%rsp, %rbp'
  MATCHED    SUBSTR: '	endbr64'
  MATCHED    SUBSTR: '	cmpq	$0x21, %rax'
  MATCHED    SUBSTR: '	ja	L0'
  MATCHED    SUBSTR: '	pushq	%rax'
  MATCHED    SUBSTR: '	movq	%rsp, %rax'
  MATCHED    SUBSTR: '	jmp	L1'
  MATCHED    SUBSTR: 'L0:	pushq	%rax'
  MATCHED    SUBSTR: 'L1:	pushq	%rax'
  MATCHED    SUBSTR: '	movq	-0x10(%rbp), %rax'
  WRONG LINE  REGEX: '	callq	0x{{.*}}'

Those affected selftests allways fail on some call instruction: this
failure is due to the JIT compiler emitting call depth accounting for
retbleed mitigation (see x86_call_depth_emit_accounting calls in
bpf_jit_comp.c), resulting in an additional instruction being inserted
in front of every call instruction, similar to this one:

  sarq    $0x5, %gs:-0x39882741(%rip)

Fix those selftests by allowing them to ignore this possibly present
call depth accounting instruction.

Signed-off-by: Alexis Lothoré (eBPF Foundation) <alexis.lothore@bootlin.com>
Reviewed-by: Emil Tsalapatis <emil@etsalapatis.com>
Link: https://lore.kernel.org/r/20260528-fix_tests_for_retbleed_stuff-v1-1-c2022a1f3bee@bootlin.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/tools/testing/selftests/bpf/progs/verifier_private_stack.c b/tools/testing/selftests/bpf/progs/verifier_private_stack.c
index 046f7445a4582056e8169b104946765fd9020162..bb8206e10880c4de74b90dd054683d1a582938cc 100644 (file)
--- a/tools/testing/selftests/bpf/progs/verifier_private_stack.c
+++ b/tools/testing/selftests/bpf/progs/verifier_private_stack.c
@@ -94,6 +94,7 @@ __jited("     addq    %gs:{{.*}}, %r9")
 __jited("      movl    $0x2a, %edi")
 __jited("      movq    %rdi, -0x200(%r9)")
 __jited("      pushq   %r9")
+__jited("...")
 __jited("      callq   0x{{.*}}")
 __jited("      popq    %r9")
 __jited("      xorl    %eax, %eax")
@@ -153,11 +154,13 @@ __jited(" endbr64")
 __jited("      movabsq $0x{{.*}}, %r9")
 __jited("      addq    %gs:{{.*}}, %r9")
 __jited("      pushq   %r9")
+__jited("...")
 __jited("      callq")
 __jited("      popq    %r9")
 __jited("      movl    $0x2a, %edi")
 __jited("      movq    %rdi, -0x200(%r9)")
 __jited("      pushq   %r9")
+__jited("...")
 __jited("      callq")
 __jited("      popq    %r9")
 __arch_arm64
@@ -199,6 +202,7 @@ __description("Private stack, exception in main prog")
 __success __retval(0)
 __arch_x86_64
 __jited("      pushq   %r9")
+__jited("...")
 __jited("      callq")
 __jited("      popq    %r9")
 __arch_arm64
@@ -246,6 +250,7 @@ __success __retval(0)
 __arch_x86_64
 __jited("      movq    %rdi, -0x200(%r9)")
 __jited("      pushq   %r9")
+__jited("...")
 __jited("      callq")
 __jited("      popq    %r9")
 __arch_arm64

diff --git a/tools/testing/selftests/bpf/progs/verifier_tailcall_jit.c b/tools/testing/selftests/bpf/progs/verifier_tailcall_jit.c
index 8d60c634a114f09995119aa576c4b9e2e0f47069..48fa34d2959f464cf356d3812bb263b672f46b0e 100644 (file)
--- a/tools/testing/selftests/bpf/progs/verifier_tailcall_jit.c
+++ b/tools/testing/selftests/bpf/progs/verifier_tailcall_jit.c
@@ -56,6 +56,7 @@ __jited("L1:  pushq   %rax")                  /* rbp[-16] = rax         */
  * (cause original rax might be clobbered by this point)
  */
 __jited("      movq    -0x10(%rbp), %rax")
+__jited("...")
 __jited("      callq   0x{{.*}}")              /* call to sub()          */
 __jited("      xorl    %eax, %eax")
 __jited("      leave")