Commit ebafc1e5 authored by Hou Tao's avatar Hou Tao Committed by Alexei Starovoitov
Browse files

selftests/bpf: Add three test cases for bits_iter 



Add more test cases for bits iterator:

(1) huge word test
Verify the multiplication overflow of nr_bits in bits_iter. Without
the overflow check, when nr_words is 67108865, nr_bits becomes 64,
causing bpf_probe_read_kernel_common() to corrupt the stack.
(2) max word test
Verify correct handling of maximum nr_words value (511).
(3) bad word test
Verify early termination of bits iteration when bits iterator
initialization fails.

Also rename bits_nomem to bits_too_big to better reflect its purpose.

Signed-off-by: default avatarHou Tao <houtao1@huawei.com>
Link: https://lore.kernel.org/r/20241030100516.3633640-6-houtao@huaweicloud.com


Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
parent e1339383

tools/testing/selftests/bpf/progs/verifier_bits_iter.c

+58 −3
Original line number Diff line number Diff line
@@ -15,6 +15,8 @@ int bpf_iter_bits_new(struct bpf_iter_bits *it, const u64 *unsafe_ptr__ign, 
int *bpf_iter_bits_next(struct bpf_iter_bits *it) __ksym __weak;

void bpf_iter_bits_destroy(struct bpf_iter_bits *it) __ksym __weak;



u64 bits_array[511] = {};



SEC("iter.s/cgroup")

__description("bits iter without destroy")

__failure __msg("Unreleased reference")
@@ -110,16 +112,16 @@ int bit_index(void) 
}



SEC("syscall")

__description("bits nomem")

__description("bits too big")

__success __retval(0)

int bits_nomem(void)

int bits_too_big(void)

{

	u64 data[4];

	int nr = 0;

	int *bit;



	__builtin_memset(&data, 0xff, sizeof(data));

	bpf_for_each(bits, bit, &data[0], 513) /* Be greater than 512 */

	bpf_for_each(bits, bit, &data[0], 512) /* Be greater than 511 */

		nr++;

	return nr;

}
@@ -151,3 +153,56 @@ int zero_words(void) 
		nr++;

	return nr;

}



SEC("syscall")

__description("huge words")

__success __retval(0)

int huge_words(void)

{

	u64 data[8] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1};

	int nr = 0;

	int *bit;



	bpf_for_each(bits, bit, &data[0], 67108865)

		nr++;

	return nr;

}



SEC("syscall")

__description("max words")

__success __retval(4)

int max_words(void)

{

	volatile int nr = 0;

	int *bit;



	bits_array[0] = (1ULL << 63) | 1U;

	bits_array[510] = (1ULL << 33) | (1ULL << 32);



	bpf_for_each(bits, bit, bits_array, 511) {

		if (nr == 0 && *bit != 0)

			break;

		if (nr == 2 && *bit != 32672)

			break;

		nr++;

	}

	return nr;

}



SEC("syscall")

__description("bad words")

__success __retval(0)

int bad_words(void)

{

	void *bad_addr = (void *)(3UL << 30);

	int nr = 0;

	int *bit;



	bpf_for_each(bits, bit, bad_addr, 1)

		nr++;



	bpf_for_each(bits, bit, bad_addr, 4)

		nr++;



	return nr;

}