On Wed, Dec 27, 2017 at 11:00:30AM +0800, kernel test robot wrote: > > FYI, we noticed the following commit (built with gcc-7): > > commit: 82abbf8d2fc46d79611ab58daa7c608df14bb3ee ("bpf: do not allow root to > mangle valid pointers") > https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master > > in testcase: kernel_selftests > with following parameters: > > > test-description: The kernel contains a set of "self tests" under the > tools/testing/selftests/ directory. These are intended to be small unit tests > to exercise individual code paths in the kernel. > test-url: https://www.kernel.org/doc/Documentation/kselftest.txt > > > on test machine: qemu-system-x86_64 -enable-kvm -cpu host -smp 2 -m 4G > > caused below changes (please refer to attached dmesg/kmsg for entire > log/backtrace): > > > > > selftests: test_align > ======================================== > Test 0: mov ... PASS > Test 1: shift ... PASS > Test 2: addsub ... PASS > Test 3: mul ... PASS > Test 4: unknown shift ... PASS > Test 5: unknown mul ... PASS > Test 6: packet const offset ... PASS > Test 7: packet variable offset ... PASS > Test 8: packet variable offset 2 ... PASS > Test 9: dubious pointer arithmetic ... Failed to find line 5 for match: > R5=inv(id=0,umax_value=64,var_off=(0x0; 0x40)) > 0: R1=ctx(id=0,off=0,imm=0) R10=fp0 > 0: (61) r2 = *(u32 *)(r1 +76) > 1: R1=ctx(id=0,off=0,imm=0) R2=pkt(id=0,off=0,r=0,imm=0) R10=fp0 > 1: (61) r3 = *(u32 *)(r1 +80) > 2: R1=ctx(id=0,off=0,imm=0) R2=pkt(id=0,off=0,r=0,imm=0) > R3=pkt_end(id=0,off=0,imm=0) R10=fp0 > 2: (b7) r0 = 0 > 3: R0=inv0 R1=ctx(id=0,off=0,imm=0) R2=pkt(id=0,off=0,r=0,imm=0) > R3=pkt_end(id=0,off=0,imm=0) R10=fp0 > 3: (bf) r5 = r2 > 4: R0=inv0 R1=ctx(id=0,off=0,imm=0) R2=pkt(id=0,off=0,r=0,imm=0) > R3=pkt_end(id=0,off=0,imm=0) R5=pkt(id=0,off=0,r=0,imm=0) R10=fp0 > 4: (57) r5 &= 64 > R5 bitwise operator &= on pointer prohibited > FAIL
thanks for reporting. The verifier output has changed. Will send a fix shortly. I wish 0-bot was running selftests/bpf on net/net-next and bpf/bpf-next trees It would have caught this issue sooner.