[PATCH bpf-next 0/5] check bpf_dummy_struct_ops program params for test runs

BPF List
 help / color / mirror / Atom feed

From: Eduard Zingerman <eddyz87@gmail.com>
To: bpf@vger.kernel.org, ast@kernel.org
Cc: andrii@kernel.org, daniel@iogearbox.net, martin.lau@linux.dev,
	kernel-team@fb.com, yonghong.song@linux.dev, jemarch@gnu.org,
	thinker.li@gmail.com, Eduard Zingerman <eddyz87@gmail.com>
Subject: [PATCH bpf-next 0/5] check bpf_dummy_struct_ops program params for test runs
Date: Tue, 23 Apr 2024 18:28:16 -0700	[thread overview]
Message-ID: <20240424012821.595216-1-eddyz87@gmail.com> (raw)

When doing BPF_PROG_TEST_RUN for bpf_dummy_struct_ops programs,
execution should be rejected when NULL is passed for non-nullable
params, because for such params verifier assumes that such params are
never NULL and thus might optimize out NULL checks.

This problem was reported by Jose E. Marchesi in off-list discussion.
The code generated by GCC for dummy_st_ops_success/test_1() function
differs from LLVM variant in a way that allows verifier to remove the
NULL check. The test dummy_st_ops/dummy_init_ret_value actually sets
the 'state' parameter to NULL, thus GCC-generated version of the test
triggers NULL pointer dereference when BPF program is executed.

This patch-set addresses the issue in the following steps:
- patch #1 marks bpf_dummy_struct_ops.test_1 parameter as nullable,
  for verifier to have correct assumptions about test_1() programs;
- patch #2 modifies dummy_st_ops/dummy_init_ret_value to trigger NULL
  dereference with both GCC and LLVM (if patch #1 is not applied);
- patch #3 adjusts a few dummy_st_ops test cases to avoid passing NULL
  for 'state' parameter of test_2() and test_sleepable() functions,
  as parameters of these functions are not marked as nullable;
- patch #4 adjusts bpf_dummy_struct_ops to reject test execution of
  programs if NULL is passed for non-nullable parameter;
- patch #5 adds a test to verify logic from patch #4.

Eduard Zingerman (5):
  bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable
  selftests/bpf: adjust dummy_st_ops_success to detect additional error
  selftests/bpf: do not pass NULL for non-nullable params in
    dummy_st_ops
  bpf: check bpf_dummy_struct_ops program params for test runs
  selftests/bpf: dummy_st_ops should reject 0 for non-nullable params

 net/bpf/bpf_dummy_struct_ops.c                | 55 ++++++++++++++++++-
 .../selftests/bpf/prog_tests/dummy_st_ops.c   | 34 +++++++++++-
 .../bpf/progs/dummy_st_ops_success.c          | 15 ++++-
 3 files changed, 96 insertions(+), 8 deletions(-)

-- 
2.34.1

next             reply	other threads:[~2024-04-24  1:28 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-04-24  1:28 Eduard Zingerman [this message]
2024-04-24  1:28 ` [PATCH bpf-next 1/5] bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable Eduard Zingerman
2024-04-24  1:28 ` [PATCH bpf-next 2/5] selftests/bpf: adjust dummy_st_ops_success to detect additional error Eduard Zingerman
2024-04-24  1:28 ` [PATCH bpf-next 3/5] selftests/bpf: do not pass NULL for non-nullable params in dummy_st_ops Eduard Zingerman
2024-04-24  1:28 ` [PATCH bpf-next 4/5] bpf: check bpf_dummy_struct_ops program params for test runs Eduard Zingerman
2024-04-24  1:28 ` [PATCH bpf-next 5/5] selftests/bpf: dummy_st_ops should reject 0 for non-nullable params Eduard Zingerman
2024-04-25 19:50 ` [PATCH bpf-next 0/5] check bpf_dummy_struct_ops program params for test runs patchwork-bot+netdevbpf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240424012821.595216-1-eddyz87@gmail.com \
    --to=eddyz87@gmail.com \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=jemarch@gnu.org \
    --cc=kernel-team@fb.com \
    --cc=martin.lau@linux.dev \
    --cc=thinker.li@gmail.com \
    --cc=yonghong.song@linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox