From: Eduard Zingerman <eddyz87@gmail.com>
To: Kui-Feng Lee <sinquersw@gmail.com>,
Kui-Feng Lee <thinker.li@gmail.com>,
bpf@vger.kernel.org, ast@kernel.org, martin.lau@linux.dev,
song@kernel.org, kernel-team@meta.com, andrii@kernel.org
Cc: kuifeng@meta.com
Subject: Re: [PATCH bpf-next v5 7/9] selftests/bpf: Test kptr arrays and kptrs in nested struct fields.
Date: Fri, 10 May 2024 16:17:14 -0700 [thread overview]
Message-ID: <cfe0145e88727ccb23be8728671649eb0ffb61ae.camel@gmail.com> (raw)
In-Reply-To: <f2d480de-a598-4771-9c72-722dba941e83@gmail.com>
On Fri, 2024-05-10 at 16:04 -0700, Kui-Feng Lee wrote:
[...]
> I am not sure if I read you question correctly.
>
> For example, we have 3 correct info.
>
> [info(offset=0x8), info(offset=0x10), info(offset=0x18)]
>
> And We have program that includes 3 instructions to access the offset
> 0x8, 0x10, and 0x18. (let's assume these load instructions would be
> checked against infos)
>
> load r1, [0x8]
> load r1, [0x10]
> load r1, [0x18]
>
> If everything works as expected, the verifier would accept the program.
>
> Otherwise, like you said, all 3 info are pointing to the same offset.
>
> [info(0offset=0x8), info(offset=0x8), info(offset=0x8)]
>
> Then, the later two instructions should fail the check.
I think it would be in reverse.
If for some offset there is no record of special semantics
verifier would threat the load as a regular memory access.
However, there is a btf.c:btf_struct_access(), which would report
an error if offset within a special field is accessed directly:
int btf_struct_access(struct bpf_verifier_log *log,
const struct bpf_reg_state *reg,
int off, int size, enum bpf_access_type atype __maybe_unused,
u32 *next_btf_id, enum bpf_type_flag *flag,
const char **field_name)
{
...
struct btf_struct_meta *meta;
struct btf_record *rec;
int i;
meta = btf_find_struct_meta(btf, id);
if (!meta)
break;
rec = meta->record;
for (i = 0; i < rec->cnt; i++) {
struct btf_field *field = &rec->fields[i];
u32 offset = field->offset;
if (off < offset + btf_field_type_size(field->type) && offset < off + size) {
bpf_log(log,
"direct access to %s is disallowed\n",
btf_field_type_name(field->type));
return -EACCES;
}
}
break;
}
So it looks like we need a test with a following structure:
- global definition using an array, e.g. with a size of 3
- program #1 doing a direct access at offset of element #1, expect load time error message
- program #2 doing a direct access at offset of element #2, expect load time error message
- program #3 doing a direct access at offset of element #3, expect load time error message
If some of the offsets is computed incorrectly the error message will not be printed.
(And these could be packed as progs/verifier_*.c tests)
And some similar tests with different levels of nested arrays and structures.
But this looks a bit ugly/bulky.
Wdyt?
>
next prev parent reply other threads:[~2024-05-10 23:17 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-10 1:13 [PATCH bpf-next v5 0/9] Enable BPF programs to declare arrays of kptr, bpf_rb_root, and bpf_list_head Kui-Feng Lee
2024-05-10 1:13 ` [PATCH bpf-next v5 1/9] bpf: Remove unnecessary checks on the offset of btf_field Kui-Feng Lee
2024-05-10 1:13 ` [PATCH bpf-next v5 2/9] bpf: Remove unnecessary call to btf_field_type_size() Kui-Feng Lee
2024-05-10 1:13 ` [PATCH bpf-next v5 3/9] bpf: refactor btf_find_struct_field() and btf_find_datasec_var() Kui-Feng Lee
2024-05-10 1:13 ` [PATCH bpf-next v5 4/9] bpf: create repeated fields for arrays Kui-Feng Lee
2024-05-10 1:13 ` [PATCH bpf-next v5 5/9] bpf: look into the types of the fields of a struct type recursively Kui-Feng Lee
2024-05-10 1:13 ` [PATCH bpf-next v5 6/9] bpf: limit the number of levels of a nested struct type Kui-Feng Lee
2024-05-10 2:37 ` Eduard Zingerman
2024-05-10 1:13 ` [PATCH bpf-next v5 7/9] selftests/bpf: Test kptr arrays and kptrs in nested struct fields Kui-Feng Lee
2024-05-10 10:03 ` Eduard Zingerman
2024-05-10 21:59 ` Kui-Feng Lee
2024-05-10 22:08 ` Eduard Zingerman
2024-05-10 22:25 ` Kui-Feng Lee
2024-05-10 22:31 ` Eduard Zingerman
2024-05-10 22:53 ` Kui-Feng Lee
2024-05-10 22:57 ` Eduard Zingerman
2024-05-10 23:04 ` Kui-Feng Lee
2024-05-10 23:17 ` Eduard Zingerman [this message]
2024-05-10 23:29 ` Eduard Zingerman
2024-05-20 15:55 ` Kui-Feng Lee
2024-05-10 1:13 ` [PATCH bpf-next v5 8/9] selftests/bpf: Test global bpf_rb_root arrays and fields in nested struct types Kui-Feng Lee
2024-05-10 1:13 ` [PATCH bpf-next v5 9/9] selftests/bpf: Test global bpf_list_head arrays Kui-Feng Lee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cfe0145e88727ccb23be8728671649eb0ffb61ae.camel@gmail.com \
--to=eddyz87@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=kernel-team@meta.com \
--cc=kuifeng@meta.com \
--cc=martin.lau@linux.dev \
--cc=sinquersw@gmail.com \
--cc=song@kernel.org \
--cc=thinker.li@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox