From: Daniel Borkmann <daniel@iogearbox.net>
To: bpf@vger.kernel.org
Cc: shung-hsi.yu@suse.com, andrii@kernel.org, ast@kernel.org,
kongln9170@gmail.com, Daniel Borkmann <daniel@iogearbox.net>
Subject: [PATCH bpf-next v5 9/9] selftests/bpf: Add a test case to write mtu result into .rodata
Date: Fri, 13 Sep 2024 21:17:54 +0200 [thread overview]
Message-ID: <20240913191754.13290-9-daniel@iogearbox.net> (raw)
In-Reply-To: <20240913191754.13290-1-daniel@iogearbox.net>
Add a test which attempts to call bpf_check_mtu() and writes the MTU
into .rodata section of the BPF program, and for comparison this adds
test cases also for .bss and .data section again. The bpf_check_mtu()
is a bit more special in that the passed mtu argument is read and
written by the helper (instead of just written to). Assert that writes
into .rodata remain rejected by the verifier.
# ./vmtest.sh -- ./test_progs -t verifier_const
[...]
./test_progs -t verifier_const
[ 1.657367] bpf_testmod: loading out-of-tree module taints kernel.
[ 1.657773] bpf_testmod: module verification failed: signature and/or required key missing - tainting kernel
#473/1 verifier_const/rodata/strtol: write rejected:OK
#473/2 verifier_const/bss/strtol: write accepted:OK
#473/3 verifier_const/data/strtol: write accepted:OK
#473/4 verifier_const/rodata/mtu: write rejected:OK
#473/5 verifier_const/bss/mtu: write accepted:OK
#473/6 verifier_const/data/mtu: write accepted:OK
#473 verifier_const:OK
[...]
Summary: 2/10 PASSED, 0 SKIPPED, 0 FAILED
For comparison, without the MEM_UNINIT on bpf_check_mtu's proto:
# ./vmtest.sh -- ./test_progs -t verifier_const
[...]
#473/3 verifier_const/data/strtol: write accepted:OK
run_subtest:PASS:obj_open_mem 0 nsec
run_subtest:FAIL:unexpected_load_success unexpected success: 0
#473/4 verifier_const/rodata/mtu: write rejected:FAIL
#473/5 verifier_const/bss/mtu: write accepted:OK
#473/6 verifier_const/data/mtu: write accepted:OK
#473 verifier_const:FAIL
[...]
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
---
v4 -> v5:
- new patch
.../selftests/bpf/progs/verifier_const.c | 33 +++++++++++++++++--
1 file changed, 30 insertions(+), 3 deletions(-)
diff --git a/tools/testing/selftests/bpf/progs/verifier_const.c b/tools/testing/selftests/bpf/progs/verifier_const.c
index 5158dbea8c43..2e533d7eec2f 100644
--- a/tools/testing/selftests/bpf/progs/verifier_const.c
+++ b/tools/testing/selftests/bpf/progs/verifier_const.c
@@ -10,7 +10,7 @@ long bar;
long bart = 96;
SEC("tc/ingress")
-__description("rodata: write rejected")
+__description("rodata/strtol: write rejected")
__failure __msg("write into map forbidden")
int tcx1(struct __sk_buff *skb)
{
@@ -20,7 +20,7 @@ int tcx1(struct __sk_buff *skb)
}
SEC("tc/ingress")
-__description("bss: write accepted")
+__description("bss/strtol: write accepted")
__success
int tcx2(struct __sk_buff *skb)
{
@@ -30,7 +30,7 @@ int tcx2(struct __sk_buff *skb)
}
SEC("tc/ingress")
-__description("data: write accepted")
+__description("data/strtol: write accepted")
__success
int tcx3(struct __sk_buff *skb)
{
@@ -39,4 +39,31 @@ int tcx3(struct __sk_buff *skb)
return TCX_PASS;
}
+SEC("tc/ingress")
+__description("rodata/mtu: write rejected")
+__failure __msg("write into map forbidden")
+int tcx4(struct __sk_buff *skb)
+{
+ bpf_check_mtu(skb, skb->ifindex, (__u32 *)&foo, 0, 0);
+ return TCX_PASS;
+}
+
+SEC("tc/ingress")
+__description("bss/mtu: write accepted")
+__success
+int tcx5(struct __sk_buff *skb)
+{
+ bpf_check_mtu(skb, skb->ifindex, (__u32 *)&bar, 0, 0);
+ return TCX_PASS;
+}
+
+SEC("tc/ingress")
+__description("data/mtu: write accepted")
+__success
+int tcx6(struct __sk_buff *skb)
+{
+ bpf_check_mtu(skb, skb->ifindex, (__u32 *)&bart, 0, 0);
+ return TCX_PASS;
+}
+
char LICENSE[] SEC("license") = "GPL";
--
2.43.0
next prev parent reply other threads:[~2024-09-13 19:18 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-13 19:17 [PATCH bpf-next v5 1/9] bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit Daniel Borkmann
2024-09-13 19:17 ` [PATCH bpf-next v5 2/9] bpf: Remove truncation test in bpf_strtol and bpf_strtoul helpers Daniel Borkmann
2024-09-13 19:17 ` [PATCH bpf-next v5 3/9] bpf: Fix helper writes to read-only maps Daniel Borkmann
2024-09-13 19:17 ` [PATCH bpf-next v5 4/9] bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types Daniel Borkmann
2024-09-13 19:17 ` [PATCH bpf-next v5 5/9] bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error Daniel Borkmann
2024-09-13 19:17 ` [PATCH bpf-next v5 6/9] selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test Daniel Borkmann
2024-09-13 19:17 ` [PATCH bpf-next v5 7/9] selftests/bpf: Rename ARG_PTR_TO_LONG test description Daniel Borkmann
2024-09-13 19:17 ` [PATCH bpf-next v5 8/9] selftests/bpf: Add a test case to write strtol result into .rodata Daniel Borkmann
2024-09-13 19:17 ` Daniel Borkmann [this message]
2024-09-13 20:31 ` [PATCH bpf-next v5 1/9] bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240913191754.13290-9-daniel@iogearbox.net \
--to=daniel@iogearbox.net \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=kongln9170@gmail.com \
--cc=shung-hsi.yu@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox