git.kernel.dk Git - linux-block.git/commit

author	Kohei Enju <enjuk@amazon.com>
	Sat, 22 Mar 2025 04:52:56 +0000 (13:52 +0900)
committer	Alexei Starovoitov <ast@kernel.org>
	Sat, 22 Mar 2025 13:19:09 +0000 (06:19 -0700)
commit	5f3077d7fcd4d777b52473a7d8d6fd065a7deb20
tree	993a4903cf9b49124c6cea0c33739ce65d8f1072	tree
parent	c03bb2fa327e4c25d6c5360a8803a4b1cdc2d0b9	commit \| diff

selftests/bpf: Add selftests for load-acquire/store-release when register number is invalid

syzbot reported out-of-bounds read in check_atomic_load/store() when the
register number is invalid in this context:
https://syzkaller.appspot.com/bug?extid=a5964227adc0f904549c

To avoid the issue from now on, let's add tests where the register number
is invalid for load-acquire/store-release.

After discussion with Eduard, I decided to use R15 as invalid register
because the actual slab-out-of-bounds read issue occurs when the register
number is R12 or larger.

Signed-off-by: Kohei Enju <enjuk@amazon.com>
Acked-by: Eduard Zingerman <eddyz87@gmail.com>
Link: https://lore.kernel.org/r/20250322045340.18010-6-enjuk@amazon.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

tools/testing/selftests/bpf/progs/verifier_load_acquire.c		diff \| blob \| blame \| history
tools/testing/selftests/bpf/progs/verifier_store_release.c		diff \| blob \| blame \| history