From: Martin KaFai Lau <martin.lau@linux.dev>
To: Amery Hung <ameryhung@gmail.com>
Cc: bpf@vger.kernel.org, netdev@vger.kernel.org,
alexei.starovoitov@gmail.com, andrii@kernel.org,
daniel@iogearbox.net, martin.lau@kernel.org,
kernel-team@meta.com
Subject: Re: [PATCH bpf-next 2/2] selftests/bpf: Test changing packet data from global functions with a kfunc
Date: Thu, 25 Sep 2025 14:58:16 -0700 [thread overview]
Message-ID: <87a79618-cd71-4f4f-ad65-b492e571ade5@linux.dev> (raw)
In-Reply-To: <20250925170013.1752561-2-ameryhung@gmail.com>
On 9/25/25 10:00 AM, Amery Hung wrote:
> The verifier should invalidate all packet pointers after a packet data
> changing kfunc is called. So, similar to commit 3f23ee5590d9
> ("selftests/bpf: test for changing packet data from global functions"),
> test changing packet data from global functions to make sure packet
> pointers are indeed invalidated.
Applied. Thanks.
> +__noinline
> +long xdp_pull_data2(struct xdp_md *x, __u32 len)
> +{
> + return bpf_xdp_pull_data(x, len);
This tested the mark_subprog_changes_pkt_data() in visit_insn().
afaik, it does not test the clear_all_pkt_pointers() in check_"k"func_call().
Unlike the existing "changes_data" helpers, it is the first kfunc doing it.
Although we know that it should work after fixing the xdp_native.bpf.c :), it is
still good to have a regression test for it. Probably another xdp prog in
verifier_sock.c that does bpf_xdp_pull_data() in the main prog. Please follow up.
> +}
> +
> +__noinline
> +long xdp_pull_data1(struct xdp_md *x, __u32 len)
> +{
> + return xdp_pull_data2(x, len);
> +}
> +
> +/* global function calls bpf_xdp_pull_data(), which invalidates packet
> + * pointers established before global function call.
> + */
> +SEC("xdp")
> +__failure __msg("invalid mem access")
> +int invalidate_xdp_pkt_pointers_from_global_func(struct xdp_md *x)
> +{
> + int *p = (void *)(long)x->data;
> +
> + if ((void *)(p + 1) > (void *)(long)x->data_end)
> + return TCX_DROP;
> + xdp_pull_data1(x, 0);
> + *p = 42; /* this is unsafe */
> + return TCX_PASS;
I fixed this to XDP_PASS as we discussed offline.
> +}
> +
> __noinline
> int tail_call(struct __sk_buff *sk)
> {
next prev parent reply other threads:[~2025-09-25 21:58 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-25 17:00 [PATCH bpf-next 1/2] bpf: Emit struct bpf_xdp_sock type in vmlinux BTF Amery Hung
2025-09-25 17:00 ` [PATCH bpf-next 2/2] selftests/bpf: Test changing packet data from global functions with a kfunc Amery Hung
2025-09-25 21:58 ` Martin KaFai Lau [this message]
2025-09-25 23:16 ` Amery Hung
2025-09-25 21:40 ` [PATCH bpf-next 1/2] bpf: Emit struct bpf_xdp_sock type in vmlinux BTF patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87a79618-cd71-4f4f-ad65-b492e571ade5@linux.dev \
--to=martin.lau@linux.dev \
--cc=alexei.starovoitov@gmail.com \
--cc=ameryhung@gmail.com \
--cc=andrii@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=kernel-team@meta.com \
--cc=martin.lau@kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.