1*4882a593Smuzhiyun================== 2*4882a593SmuzhiyunBPF Selftest Notes 3*4882a593Smuzhiyun================== 4*4882a593SmuzhiyunGeneral instructions on running selftests can be found in 5*4882a593Smuzhiyun`Documentation/bpf/bpf_devel_QA.rst`_. 6*4882a593Smuzhiyun 7*4882a593SmuzhiyunAdditional information about selftest failures are 8*4882a593Smuzhiyundocumented here. 9*4882a593Smuzhiyun 10*4882a593Smuzhiyunprofiler[23] test failures with clang/llvm <12.0.0 11*4882a593Smuzhiyun================================================== 12*4882a593Smuzhiyun 13*4882a593SmuzhiyunWith clang/llvm <12.0.0, the profiler[23] test may fail. 14*4882a593SmuzhiyunThe symptom looks like 15*4882a593Smuzhiyun 16*4882a593Smuzhiyun.. code-block:: c 17*4882a593Smuzhiyun 18*4882a593Smuzhiyun // r9 is a pointer to map_value 19*4882a593Smuzhiyun // r7 is a scalar 20*4882a593Smuzhiyun 17: bf 96 00 00 00 00 00 00 r6 = r9 21*4882a593Smuzhiyun 18: 0f 76 00 00 00 00 00 00 r6 += r7 22*4882a593Smuzhiyun math between map_value pointer and register with unbounded min value is not allowed 23*4882a593Smuzhiyun 24*4882a593Smuzhiyun // the instructions below will not be seen in the verifier log 25*4882a593Smuzhiyun 19: a5 07 01 00 01 01 00 00 if r7 < 257 goto +1 26*4882a593Smuzhiyun 20: bf 96 00 00 00 00 00 00 r6 = r9 27*4882a593Smuzhiyun // r6 is used here 28*4882a593Smuzhiyun 29*4882a593SmuzhiyunThe verifier will reject such code with above error. 30*4882a593SmuzhiyunAt insn 18 the r7 is indeed unbounded. The later insn 19 checks the bounds and 31*4882a593Smuzhiyunthe insn 20 undoes map_value addition. It is currently impossible for the 32*4882a593Smuzhiyunverifier to understand such speculative pointer arithmetic. 33*4882a593SmuzhiyunHence 34*4882a593Smuzhiyun https://reviews.llvm.org/D85570 35*4882a593Smuzhiyunaddresses it on the compiler side. It was committed on llvm 12. 36*4882a593Smuzhiyun 37*4882a593SmuzhiyunThe corresponding C code 38*4882a593Smuzhiyun.. code-block:: c 39*4882a593Smuzhiyun 40*4882a593Smuzhiyun for (int i = 0; i < MAX_CGROUPS_PATH_DEPTH; i++) { 41*4882a593Smuzhiyun filepart_length = bpf_probe_read_str(payload, ...); 42*4882a593Smuzhiyun if (filepart_length <= MAX_PATH) { 43*4882a593Smuzhiyun barrier_var(filepart_length); // workaround 44*4882a593Smuzhiyun payload += filepart_length; 45*4882a593Smuzhiyun } 46*4882a593Smuzhiyun } 47*4882a593Smuzhiyun 48*4882a593Smuzhiyunbpf_iter test failures with clang/llvm 10.0.0 49*4882a593Smuzhiyun============================================= 50*4882a593Smuzhiyun 51*4882a593SmuzhiyunWith clang/llvm 10.0.0, the following two bpf_iter tests failed: 52*4882a593Smuzhiyun * ``bpf_iter/ipv6_route`` 53*4882a593Smuzhiyun * ``bpf_iter/netlink`` 54*4882a593Smuzhiyun 55*4882a593SmuzhiyunThe symptom for ``bpf_iter/ipv6_route`` looks like 56*4882a593Smuzhiyun 57*4882a593Smuzhiyun.. code-block:: c 58*4882a593Smuzhiyun 59*4882a593Smuzhiyun 2: (79) r8 = *(u64 *)(r1 +8) 60*4882a593Smuzhiyun ... 61*4882a593Smuzhiyun 14: (bf) r2 = r8 62*4882a593Smuzhiyun 15: (0f) r2 += r1 63*4882a593Smuzhiyun ; BPF_SEQ_PRINTF(seq, "%pi6 %02x ", &rt->fib6_dst.addr, rt->fib6_dst.plen); 64*4882a593Smuzhiyun 16: (7b) *(u64 *)(r8 +64) = r2 65*4882a593Smuzhiyun only read is supported 66*4882a593Smuzhiyun 67*4882a593SmuzhiyunThe symptom for ``bpf_iter/netlink`` looks like 68*4882a593Smuzhiyun 69*4882a593Smuzhiyun.. code-block:: c 70*4882a593Smuzhiyun 71*4882a593Smuzhiyun ; struct netlink_sock *nlk = ctx->sk; 72*4882a593Smuzhiyun 2: (79) r7 = *(u64 *)(r1 +8) 73*4882a593Smuzhiyun ... 74*4882a593Smuzhiyun 15: (bf) r2 = r7 75*4882a593Smuzhiyun 16: (0f) r2 += r1 76*4882a593Smuzhiyun ; BPF_SEQ_PRINTF(seq, "%pK %-3d ", s, s->sk_protocol); 77*4882a593Smuzhiyun 17: (7b) *(u64 *)(r7 +0) = r2 78*4882a593Smuzhiyun only read is supported 79*4882a593Smuzhiyun 80*4882a593SmuzhiyunThis is due to a llvm BPF backend bug. The fix 81*4882a593Smuzhiyun https://reviews.llvm.org/D78466 82*4882a593Smuzhiyunhas been pushed to llvm 10.x release branch and will be 83*4882a593Smuzhiyunavailable in 10.0.1. The fix is available in llvm 11.0.0 trunk. 84*4882a593Smuzhiyun 85*4882a593SmuzhiyunBPF CO-RE-based tests and Clang version 86*4882a593Smuzhiyun======================================= 87*4882a593Smuzhiyun 88*4882a593SmuzhiyunA set of selftests use BPF target-specific built-ins, which might require 89*4882a593Smuzhiyunbleeding-edge Clang versions (Clang 12 nightly at this time). 90*4882a593Smuzhiyun 91*4882a593SmuzhiyunFew sub-tests of core_reloc test suit (part of test_progs test runner) require 92*4882a593Smuzhiyunthe following built-ins, listed with corresponding Clang diffs introducing 93*4882a593Smuzhiyunthem to Clang/LLVM. These sub-tests are going to be skipped if Clang is too 94*4882a593Smuzhiyunold to support them, they shouldn't cause build failures or runtime test 95*4882a593Smuzhiyunfailures: 96*4882a593Smuzhiyun 97*4882a593Smuzhiyun - __builtin_btf_type_id() ([0], [1], [2]); 98*4882a593Smuzhiyun - __builtin_preserve_type_info(), __builtin_preserve_enum_value() ([3], [4]). 99*4882a593Smuzhiyun 100*4882a593Smuzhiyun [0] https://reviews.llvm.org/D74572 101*4882a593Smuzhiyun [1] https://reviews.llvm.org/D74668 102*4882a593Smuzhiyun [2] https://reviews.llvm.org/D85174 103*4882a593Smuzhiyun [3] https://reviews.llvm.org/D83878 104*4882a593Smuzhiyun [4] https://reviews.llvm.org/D83242 105