Commit ba578b87 authored by Paul Chaignon's avatar Paul Chaignon Committed by Martin KaFai Lau
Browse files

selftests/bpf: Test invalid narrower ctx load 



This patch adds selftests to cover invalid narrower loads on the
context. These used to cause kernel warnings before the previous patch.
To trigger the warning, the load had to be aligned, to read an affected
context field (ex., skb->sk), and not starting at the beginning of the
field.

The nine new cases all fail without the previous patch.

Suggested-by: default avatarEduard Zingerman <eddyz87@gmail.com>
Signed-off-by: default avatarPaul Chaignon <paul.chaignon@gmail.com>
Signed-off-by: default avatarMartin KaFai Lau <martin.lau@kernel.org>
Acked-by: default avatarEduard Zingerman <eddyz87@gmail.com>
Link: https://patch.msgid.link/44cd83ea9c6868079943f0a436c6efa850528cc1.1753194596.git.paul.chaignon@gmail.com
parent e0929922

tools/testing/selftests/bpf/progs/verifier_ctx.c

+25 −0
Original line number Diff line number Diff line
@@ -218,4 +218,29 @@ __naked void null_check_8_null_bind(void) 
	: __clobber_all);

}



#define narrow_load(type, ctx, field)					\

	SEC(type)							\

	__description("narrow load on field " #field " of " #ctx)	\

	__failure __msg("invalid bpf_context access")			\

	__naked void invalid_narrow_load##ctx##field(void)		\

	{								\

		asm volatile ("						\

		r1 = *(u32 *)(r1 + %[off]);				\

		r0 = 0;							\

		exit;"							\

		:							\

		: __imm_const(off, offsetof(struct ctx, field) + 4)	\

		: __clobber_all);					\

	}



narrow_load("cgroup/getsockopt", bpf_sockopt, sk);

narrow_load("cgroup/getsockopt", bpf_sockopt, optval);

narrow_load("cgroup/getsockopt", bpf_sockopt, optval_end);

narrow_load("tc", __sk_buff, sk);

narrow_load("cgroup/bind4", bpf_sock_addr, sk);

narrow_load("sockops", bpf_sock_ops, sk);

narrow_load("sockops", bpf_sock_ops, skb_data);

narrow_load("sockops", bpf_sock_ops, skb_data_end);

narrow_load("sockops", bpf_sock_ops, skb_hwtstamp);



char _license[] SEC("license") = "GPL";