From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Youlin Li <liulin063@gmail.com>,
Daniel Borkmann <daniel@iogearbox.net>,
Sasha Levin <sashal@kernel.org>,
ast@kernel.org, andrii@kernel.org, shuah@kernel.org,
memxor@gmail.com, mykolal@fb.com, roberto.sassu@huawei.com,
bpf@vger.kernel.org, linux-kselftest@vger.kernel.org
Subject: [PATCH AUTOSEL 5.15 11/27] selftests/bpf: Add verifier test for release_reference()
Date: Fri, 18 Nov 2022 21:13:36 -0500 [thread overview]
Message-ID: <20221119021352.1774592-11-sashal@kernel.org> (raw)
In-Reply-To: <20221119021352.1774592-1-sashal@kernel.org>
From: Youlin Li <liulin063@gmail.com>
[ Upstream commit 475244f5e06beeda7b557d9dde46a5f439bf3379 ]
Add a test case to ensure that released pointer registers will not be
leaked into the map.
Before fix:
./test_verifier 984
984/u reference tracking: try to leak released ptr reg FAIL
Unexpected success to load!
verification time 67 usec
stack depth 4
processed 23 insns (limit 1000000) max_states_per_insn 0 total_states 2
peak_states 2 mark_read 1
984/p reference tracking: try to leak released ptr reg OK
Summary: 1 PASSED, 0 SKIPPED, 1 FAILED
After fix:
./test_verifier 984
984/u reference tracking: try to leak released ptr reg OK
984/p reference tracking: try to leak released ptr reg OK
Summary: 2 PASSED, 0 SKIPPED, 0 FAILED
Signed-off-by: Youlin Li <liulin063@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20221103093440.3161-2-liulin063@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../selftests/bpf/verifier/ref_tracking.c | 36 +++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/tools/testing/selftests/bpf/verifier/ref_tracking.c b/tools/testing/selftests/bpf/verifier/ref_tracking.c
index 3b6ee009c00b..4a768b130d61 100644
--- a/tools/testing/selftests/bpf/verifier/ref_tracking.c
+++ b/tools/testing/selftests/bpf/verifier/ref_tracking.c
@@ -905,3 +905,39 @@
.result_unpriv = REJECT,
.errstr_unpriv = "unknown func",
},
+{
+ "reference tracking: try to leak released ptr reg",
+ .insns = {
+ BPF_MOV64_IMM(BPF_REG_0, 0),
+ BPF_STX_MEM(BPF_W, BPF_REG_10, BPF_REG_0, -4),
+ BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
+ BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
+ BPF_LD_MAP_FD(BPF_REG_1, 0),
+ BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
+ BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
+ BPF_EXIT_INSN(),
+ BPF_MOV64_REG(BPF_REG_9, BPF_REG_0),
+
+ BPF_MOV64_IMM(BPF_REG_0, 0),
+ BPF_LD_MAP_FD(BPF_REG_1, 0),
+ BPF_MOV64_IMM(BPF_REG_2, 8),
+ BPF_MOV64_IMM(BPF_REG_3, 0),
+ BPF_EMIT_CALL(BPF_FUNC_ringbuf_reserve),
+ BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
+ BPF_EXIT_INSN(),
+ BPF_MOV64_REG(BPF_REG_8, BPF_REG_0),
+
+ BPF_MOV64_REG(BPF_REG_1, BPF_REG_8),
+ BPF_MOV64_IMM(BPF_REG_2, 0),
+ BPF_EMIT_CALL(BPF_FUNC_ringbuf_discard),
+ BPF_MOV64_IMM(BPF_REG_0, 0),
+
+ BPF_STX_MEM(BPF_DW, BPF_REG_9, BPF_REG_8, 0),
+ BPF_EXIT_INSN()
+ },
+ .fixup_map_array_48b = { 4 },
+ .fixup_map_ringbuf = { 11 },
+ .result = ACCEPT,
+ .result_unpriv = REJECT,
+ .errstr_unpriv = "R8 !read_ok"
+},
--
2.35.1
next prev parent reply other threads:[~2022-11-19 2:23 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-19 2:13 [PATCH AUTOSEL 5.15 01/27] wifi: mac80211: fix memory free error when registering wiphy fail Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 02/27] wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 03/27] riscv: dts: sifive unleashed: Add PWM controlled LEDs Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 04/27] audit: fix undefined behavior in bit shift for AUDIT_BIT Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 05/27] wifi: airo: do not assign -1 to unsigned char Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 06/27] wifi: mac80211: Fix ack frame idr leak when mesh has no route Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 07/27] wifi: ath11k: Fix QCN9074 firmware boot on x86 Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 08/27] spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 09/27] clocksource/drivers/hyperv: add data structure for reference TSC MSR Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 10/27] x86/hyperv: fix invalid writes to MSRs during root partition kexec Sasha Levin
2022-11-19 2:13 ` Sasha Levin [this message]
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 12/27] Revert "net: macsec: report real_dev features when HW offloading is enabled" Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 13/27] ACPI: video: Add backlight=native DMI quirk for Dell G15 5515 Sasha Levin
2022-11-19 13:20 ` Daniel Dadap
2022-11-24 16:53 ` Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 14/27] platform/x86: ideapad-laptop: Disable touchpad_switch Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 15/27] platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1 Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 16/27] platform/x86/intel/pmt: Sapphire Rapids PMT errata fix Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 17/27] platform/x86/intel/hid: Add some ACPI device IDs Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 18/27] scsi: ibmvfc: Avoid path failures during live migration Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 19/27] scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 20/27] drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017) Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 21/27] block, bfq: fix null pointer dereference in bfq_bio_bfqg() Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 22/27] arm64/syscall: Include asm/ptrace.h in syscall_wrapper header Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 23/27] nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 24/27] Revert "drm/amdgpu: Revert "drm/amdgpu: getting fan speed pwm for vega10 properly"" Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 25/27] ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 26/27] RISC-V: vdso: Do not add missing symbols to version section in linker script Sasha Levin
2022-11-19 2:13 ` [PATCH AUTOSEL 5.15 27/27] MIPS: pic32: treat port as signed integer Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221119021352.1774592-11-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=liulin063@gmail.com \
--cc=memxor@gmail.com \
--cc=mykolal@fb.com \
--cc=roberto.sassu@huawei.com \
--cc=shuah@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox