Commit f1fc7249 authored by Alexei Starovoitov's avatar Alexei Starovoitov

selftests/bpf: tests for jmp to 1st insn

Add 2 tests that check JIT code generation to jumps to 1st insn.
1st test is similar to syzbot reproducer.
The backwards branch is never taken at runtime.
2nd test has branch to 1st insn that executes.
The test is written as two bpf functions, since it's not possible
to construct valid single bpf program that jumps to 1st insn.
Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
Acked-by: default avatarSong Liu <songliubraving@fb.com>
parent 7c2e988f
...@@ -159,3 +159,31 @@ ...@@ -159,3 +159,31 @@
.errstr = "loop detected", .errstr = "loop detected",
.prog_type = BPF_PROG_TYPE_TRACEPOINT, .prog_type = BPF_PROG_TYPE_TRACEPOINT,
}, },
{
"not-taken loop with back jump to 1st insn",
.insns = {
BPF_MOV64_IMM(BPF_REG_0, 123),
BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 4, -2),
BPF_EXIT_INSN(),
},
.result = ACCEPT,
.prog_type = BPF_PROG_TYPE_XDP,
.retval = 123,
},
{
"taken loop with back jump to 1st insn",
.insns = {
BPF_MOV64_IMM(BPF_REG_1, 10),
BPF_MOV64_IMM(BPF_REG_2, 0),
BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 1, 0, 1),
BPF_EXIT_INSN(),
BPF_ALU64_REG(BPF_ADD, BPF_REG_2, BPF_REG_1),
BPF_ALU64_IMM(BPF_SUB, BPF_REG_1, 1),
BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, -3),
BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
BPF_EXIT_INSN(),
},
.result = ACCEPT,
.prog_type = BPF_PROG_TYPE_XDP,
.retval = 55,
},
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment