From: KaFai Wan <kafai.wan@linux.dev>
To: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org,
martin.lau@linux.dev, eddyz87@gmail.com, song@kernel.org,
yonghong.song@linux.dev, john.fastabend@gmail.com,
kpsingh@kernel.org, sdf@fomichev.me, haoluo@google.com,
jolsa@kernel.org, davem@davemloft.net, edumazet@google.com,
kuba@kernel.org, pabeni@redhat.com, horms@kernel.org,
hawk@kernel.org, shuah@kernel.org, aleksander.lobakin@intel.com,
toke@redhat.com, bpf@vger.kernel.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org
Cc: KaFai Wan <kafai.wan@linux.dev>
Subject: [PATCH bpf-next 2/2] selftests/bpf: Add test for xdp_md context with LIVE_FRAMES in BPF_PROG_TEST_RUN
Date: Mon, 5 Jan 2026 00:23:50 +0800 [thread overview]
Message-ID: <20260104162350.347403-3-kafai.wan@linux.dev> (raw)
In-Reply-To: <20260104162350.347403-1-kafai.wan@linux.dev>
Add a test case uses xdp_md as context parameter for BPF_PROG_TEST_RUN
with LIVE_FRAMES flag. The test ensures that potential user-memory-access
vulnerabilities are properly prevented.
Signed-off-by: KaFai Wan <kafai.wan@linux.dev>
---
.../bpf/prog_tests/xdp_context_test_run.c | 19 +++++++++++++++++++
.../bpf/progs/test_xdp_context_test_run.c | 6 ++++++
2 files changed, 25 insertions(+)
diff --git a/tools/testing/selftests/bpf/prog_tests/xdp_context_test_run.c b/tools/testing/selftests/bpf/prog_tests/xdp_context_test_run.c
index ee94c281888a..0276daaae45c 100644
--- a/tools/testing/selftests/bpf/prog_tests/xdp_context_test_run.c
+++ b/tools/testing/selftests/bpf/prog_tests/xdp_context_test_run.c
@@ -45,6 +45,7 @@ void test_xdp_context_error(int prog_fd, struct bpf_test_run_opts opts,
void test_xdp_context_test_run(void)
{
struct test_xdp_context_test_run *skel = NULL;
+ char data_xdp[sizeof(pkt_v4) + XDP_PACKET_HEADROOM];
char data[sizeof(pkt_v4) + sizeof(__u32)];
char bad_ctx[sizeof(struct xdp_md) + 1];
struct xdp_md ctx_in, ctx_out;
@@ -55,6 +56,12 @@ void test_xdp_context_test_run(void)
.ctx_size_out = sizeof(ctx_out),
.repeat = 1,
);
+ DECLARE_LIBBPF_OPTS(bpf_test_run_opts, opts_xdp,
+ .data_in = &data_xdp,
+ .data_size_in = sizeof(data_xdp),
+ .flags = BPF_F_TEST_XDP_LIVE_FRAMES,
+ .repeat = 1,
+ );
int err, prog_fd;
skel = test_xdp_context_test_run__open_and_load();
@@ -70,6 +77,18 @@ void test_xdp_context_test_run(void)
ASSERT_EQ(errno, E2BIG, "extradata-errno");
ASSERT_ERR(err, "bpf_prog_test_run(extradata)");
+ memset(&ctx_in, 0, sizeof(ctx_in));
+ ctx_in.data_meta = 0;
+ ctx_in.data = 0xf4;
+ ctx_in.data_end = sizeof(data_xdp);
+ opts_xdp.ctx_in = &ctx_in;
+ opts_xdp.ctx_size_in = sizeof(ctx_in);
+ *(__u32 *)(data_xdp + 0) = 0x28d6a0b5;
+ *(__u32 *)(data_xdp + 4) = 0xf273eea3;
+ *(struct ipv4_packet *)(data_xdp + ctx_in.data) = pkt_v4;
+ err = bpf_prog_test_run_opts(bpf_program__fd(skel->progs.xdp_pass), &opts_xdp);
+ ASSERT_OK(err, "bpf_prog_test_run(valid meta)");
+
*(__u32 *)data = XDP_PASS;
*(struct ipv4_packet *)(data + sizeof(__u32)) = pkt_v4;
opts.ctx_in = &ctx_in;
diff --git a/tools/testing/selftests/bpf/progs/test_xdp_context_test_run.c b/tools/testing/selftests/bpf/progs/test_xdp_context_test_run.c
index d7b88cd05afd..2166928d4680 100644
--- a/tools/testing/selftests/bpf/progs/test_xdp_context_test_run.c
+++ b/tools/testing/selftests/bpf/progs/test_xdp_context_test_run.c
@@ -17,4 +17,10 @@ int xdp_context(struct xdp_md *xdp)
return ret;
}
+SEC("xdp")
+int xdp_pass(struct xdp_md *xdp)
+{
+ return XDP_PASS;
+}
+
char _license[] SEC("license") = "GPL";
--
2.43.0
next prev parent reply other threads:[~2026-01-04 16:25 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <fa2be179-bad7-4ee3-8668-4903d1853461@hust.edu.cn>
2026-01-04 16:23 ` [PATCH bpf-next 0/2] bpf, test_run: Fix user-memory-access vulnerability for LIVE_FRAMES KaFai Wan
2026-01-04 16:23 ` [PATCH bpf-next 1/2] " KaFai Wan
2026-01-05 10:46 ` Toke Høiland-Jørgensen
2026-01-05 13:22 ` KaFai Wan
2026-01-05 16:43 ` Toke Høiland-Jørgensen
2026-01-06 13:53 ` KaFai Wan
2026-01-04 16:23 ` KaFai Wan [this message]
2026-01-05 8:07 ` [syzbot ci] " syzbot ci
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260104162350.347403-3-kafai.wan@linux.dev \
--to=kafai.wan@linux.dev \
--cc=aleksander.lobakin@intel.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=eddyz87@gmail.com \
--cc=edumazet@google.com \
--cc=haoluo@google.com \
--cc=hawk@kernel.org \
--cc=horms@kernel.org \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=sdf@fomichev.me \
--cc=shuah@kernel.org \
--cc=song@kernel.org \
--cc=toke@redhat.com \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox