Commit 180a46bc authored by Paul Chaignon's avatar Paul Chaignon Committed by Daniel Borkmann
Browse files

selftests/bpf: Test accesses to ctx padding 



This patch adds tests covering the various paddings in ctx structures.
In case of sk_lookup BPF programs, the behavior is a bit different
because accesses to the padding are explicitly allowed. Other cases
result in a clear reject from the verifier.

Signed-off-by: default avatarPaul Chaignon <paul.chaignon@gmail.com>
Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
Acked-by: default avatarEduard Zingerman <eddyz87@gmail.com>
Acked-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/3dc5f025e350aeb2bb1c257b87c577518e574aeb.1758094761.git.paul.chaignon@gmail.com
parent 7c60f6e4

tools/testing/selftests/bpf/progs/verifier_ctx.c

+30 −0
Original line number Diff line number Diff line
@@ -262,4 +262,34 @@ narrow_load("sockops", bpf_sock_ops, skb_hwtstamp); 
unaligned_access("flow_dissector", __sk_buff, data);

unaligned_access("netfilter", bpf_nf_ctx, skb);



#define padding_access(type, ctx, prev_field, sz)			\

	SEC(type)							\

	__description("access on " #ctx " padding after " #prev_field)	\

	__naked void padding_ctx_access_##ctx(void)			\

	{								\

		asm volatile ("						\

		r1 = *(u%[size] *)(r1 + %[off]);			\

		r0 = 0;							\

		exit;"							\

		:							\

		: __imm_const(size, sz * 8),				\

		  __imm_const(off, offsetofend(struct ctx, prev_field))	\

		: __clobber_all);					\

	}



__failure __msg("invalid bpf_context access")

padding_access("cgroup/bind4", bpf_sock_addr, msg_src_ip6[3], 4);



__success

padding_access("sk_lookup", bpf_sk_lookup, remote_port, 2);



__failure __msg("invalid bpf_context access")

padding_access("tc", __sk_buff, tstamp_type, 2);



__failure __msg("invalid bpf_context access")

padding_access("cgroup/post_bind4", bpf_sock, dst_port, 2);



__failure __msg("invalid bpf_context access")

padding_access("sk_reuseport", sk_reuseport_md, hash, 4);



char _license[] SEC("license") = "GPL";