public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-08-05 16:54:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/tools/testing/selftests/bpf/progs/map_kptr_fail.c

389 lines
7.5 KiB
C
Raw Permalink Normal View History

selftests/bpf: Add negative C tests for kptrs This uses the newly added SEC("?foo") naming to disable autoload of programs, and then loads them one by one for the object and verifies that loading fails and matches the returned error string from verifier. This is similar to already existing verifier tests but provides coverage for BPF C. Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20220511194654.765705-4-memxor@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-05-12 01:16:53 +05:30
// SPDX-License-Identifier: GPL-2.0
#include <vmlinux.h>
#include <bpf/bpf_tracing.h>
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_core_read.h>
selftests/bpf: convert dynptr_fail and map_kptr_fail subtests to generic tester Convert big chunks of dynptr and map_kptr subtests to use generic verification_tester. They are switched from using manually maintained tables of test cases, specifying program name and expected error verifier message, to btf_decl_tag-based annotations directly on corresponding BPF programs: __failure to specify that BPF program is expected to fail verification, and __msg() to specify expected log message. Acked-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20221207201648.2990661-2-andrii@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-12-07 12:16:48 -08:00
#include "bpf_misc.h"
selftests/bpf: Consolidate kernel modules into common directory The selftests build four kernel modules which use copy-pasted Makefile targets. This is a bit messy, and doesn't scale so well when we add more modules, so let's consolidate these rules into a single rule generated for each module name, and move the module sources into a single directory. To avoid parallel builds of the different modules stepping on each other's toes during the 'modpost' phase of the Kbuild 'make modules', the module files should really be a grouped target. However, make only added explicit support for grouped targets in version 4.3, which is newer than the minimum version supported by the kernel. However, make implicitly treats pattern matching rules with multiple targets as a grouped target, so we can work around this by turning the rule into a pattern matching target. We do this by replacing '.ko' with '%ko' in the targets with subst(). Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Viktor Malik <vmalik@redhat.com> Link: https://lore.kernel.org/bpf/20241204-bpf-selftests-mod-compile-v5-1-b96231134a49@redhat.com
2024-12-04 14:28:26 +01:00
#include "../test_kmods/bpf_testmod_kfunc.h"
selftests/bpf: Add negative C tests for kptrs This uses the newly added SEC("?foo") naming to disable autoload of programs, and then loads them one by one for the object and verifies that loading fails and matches the returned error string from verifier. This is similar to already existing verifier tests but provides coverage for BPF C. Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20220511194654.765705-4-memxor@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-05-12 01:16:53 +05:30
struct map_value {
char buf[8];
bpf: Rename __kptr_ref -> __kptr and __kptr -> __kptr_untrusted. __kptr meant to store PTR_UNTRUSTED kernel pointers inside bpf maps. The concept felt useful, but didn't get much traction, since bpf_rdonly_cast() was added soon after and bpf programs received a simpler way to access PTR_UNTRUSTED kernel pointers without going through restrictive __kptr usage. Rename __kptr_ref -> __kptr and __kptr -> __kptr_untrusted to indicate its intended usage. The main goal of __kptr_untrusted was to read/write such pointers directly while bpf_kptr_xchg was a mechanism to access refcnted kernel pointers. The next patch will allow RCU protected __kptr access with direct read. At that point __kptr_untrusted will be deprecated. Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: David Vernet <void@manifault.com> Link: https://lore.kernel.org/bpf/20230303041446.3630-2-alexei.starovoitov@gmail.com
2023-03-02 20:14:41 -08:00
struct prog_test_ref_kfunc __kptr_untrusted *unref_ptr;
struct prog_test_ref_kfunc __kptr *ref_ptr;
struct prog_test_member __kptr *ref_memb_ptr;
selftests/bpf: Add negative C tests for kptrs This uses the newly added SEC("?foo") naming to disable autoload of programs, and then loads them one by one for the object and verifies that loading fails and matches the returned error string from verifier. This is similar to already existing verifier tests but provides coverage for BPF C. Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20220511194654.765705-4-memxor@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-05-12 01:16:53 +05:30
};
struct array_map {
__uint(type, BPF_MAP_TYPE_ARRAY);
__type(key, int);
__type(value, struct map_value);
__uint(max_entries, 1);
} array_map SEC(".maps");
SEC("?tc")
selftests/bpf: convert dynptr_fail and map_kptr_fail subtests to generic tester Convert big chunks of dynptr and map_kptr subtests to use generic verification_tester. They are switched from using manually maintained tables of test cases, specifying program name and expected error verifier message, to btf_decl_tag-based annotations directly on corresponding BPF programs: __failure to specify that BPF program is expected to fail verification, and __msg() to specify expected log message. Acked-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20221207201648.2990661-2-andrii@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-12-07 12:16:48 -08:00
__failure __msg("kptr access size must be BPF_DW")
selftests/bpf: Add negative C tests for kptrs This uses the newly added SEC("?foo") naming to disable autoload of programs, and then loads them one by one for the object and verifies that loading fails and matches the returned error string from verifier. This is similar to already existing verifier tests but provides coverage for BPF C. Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20220511194654.765705-4-memxor@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-05-12 01:16:53 +05:30
int size_not_bpf_dw(struct __sk_buff *ctx)
{
struct map_value *v;
int key = 0;
v = bpf_map_lookup_elem(&array_map, &key);
if (!v)
return 0;
*(u32 *)&v->unref_ptr = 0;
return 0;
}
SEC("?tc")
selftests/bpf: convert dynptr_fail and map_kptr_fail subtests to generic tester Convert big chunks of dynptr and map_kptr subtests to use generic verification_tester. They are switched from using manually maintained tables of test cases, specifying program name and expected error verifier message, to btf_decl_tag-based annotations directly on corresponding BPF programs: __failure to specify that BPF program is expected to fail verification, and __msg() to specify expected log message. Acked-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20221207201648.2990661-2-andrii@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-12-07 12:16:48 -08:00
__failure __msg("kptr access cannot have variable offset")
selftests/bpf: Add negative C tests for kptrs This uses the newly added SEC("?foo") naming to disable autoload of programs, and then loads them one by one for the object and verifies that loading fails and matches the returned error string from verifier. This is similar to already existing verifier tests but provides coverage for BPF C. Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20220511194654.765705-4-memxor@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-05-12 01:16:53 +05:30
int non_const_var_off(struct __sk_buff *ctx)
{
struct map_value *v;
int key = 0, id;
v = bpf_map_lookup_elem(&array_map, &key);
if (!v)
return 0;
id = ctx->protocol;
if (id < 4 || id > 12)
return 0;
*(u64 *)((void *)v + id) = 0;
return 0;
}
SEC("?tc")
selftests/bpf: convert dynptr_fail and map_kptr_fail subtests to generic tester Convert big chunks of dynptr and map_kptr subtests to use generic verification_tester. They are switched from using manually maintained tables of test cases, specifying program name and expected error verifier message, to btf_decl_tag-based annotations directly on corresponding BPF programs: __failure to specify that BPF program is expected to fail verification, and __msg() to specify expected log message. Acked-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20221207201648.2990661-2-andrii@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-12-07 12:16:48 -08:00
__failure __msg("R1 doesn't have constant offset. kptr has to be")
selftests/bpf: Add negative C tests for kptrs This uses the newly added SEC("?foo") naming to disable autoload of programs, and then loads them one by one for the object and verifies that loading fails and matches the returned error string from verifier. This is similar to already existing verifier tests but provides coverage for BPF C. Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20220511194654.765705-4-memxor@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-05-12 01:16:53 +05:30
int non_const_var_off_kptr_xchg(struct __sk_buff *ctx)
{
struct map_value *v;
int key = 0, id;
v = bpf_map_lookup_elem(&array_map, &key);
if (!v)
return 0;
id = ctx->protocol;
if (id < 4 || id > 12)
return 0;
bpf_kptr_xchg((void *)v + id, NULL);
return 0;
}
SEC("?tc")
selftests/bpf: convert dynptr_fail and map_kptr_fail subtests to generic tester Convert big chunks of dynptr and map_kptr subtests to use generic verification_tester. They are switched from using manually maintained tables of test cases, specifying program name and expected error verifier message, to btf_decl_tag-based annotations directly on corresponding BPF programs: __failure to specify that BPF program is expected to fail verification, and __msg() to specify expected log message. Acked-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20221207201648.2990661-2-andrii@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-12-07 12:16:48 -08:00
__failure __msg("kptr access misaligned expected=8 off=7")
selftests/bpf: Add negative C tests for kptrs This uses the newly added SEC("?foo") naming to disable autoload of programs, and then loads them one by one for the object and verifies that loading fails and matches the returned error string from verifier. This is similar to already existing verifier tests but provides coverage for BPF C. Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20220511194654.765705-4-memxor@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-05-12 01:16:53 +05:30
int misaligned_access_write(struct __sk_buff *ctx)
{
struct map_value *v;
int key = 0;
v = bpf_map_lookup_elem(&array_map, &key);
if (!v)
return 0;
*(void **)((void *)v + 7) = NULL;
return 0;
}
SEC("?tc")
selftests/bpf: convert dynptr_fail and map_kptr_fail subtests to generic tester Convert big chunks of dynptr and map_kptr subtests to use generic verification_tester. They are switched from using manually maintained tables of test cases, specifying program name and expected error verifier message, to btf_decl_tag-based annotations directly on corresponding BPF programs: __failure to specify that BPF program is expected to fail verification, and __msg() to specify expected log message. Acked-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20221207201648.2990661-2-andrii@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-12-07 12:16:48 -08:00
__failure __msg("kptr access misaligned expected=8 off=1")
selftests/bpf: Add negative C tests for kptrs This uses the newly added SEC("?foo") naming to disable autoload of programs, and then loads them one by one for the object and verifies that loading fails and matches the returned error string from verifier. This is similar to already existing verifier tests but provides coverage for BPF C. Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20220511194654.765705-4-memxor@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-05-12 01:16:53 +05:30
int misaligned_access_read(struct __sk_buff *ctx)
{
struct map_value *v;
int key = 0;
v = bpf_map_lookup_elem(&array_map, &key);
if (!v)
return 0;
return *(u64 *)((void *)v + 1);
}
SEC("?tc")
selftests/bpf: convert dynptr_fail and map_kptr_fail subtests to generic tester Convert big chunks of dynptr and map_kptr subtests to use generic verification_tester. They are switched from using manually maintained tables of test cases, specifying program name and expected error verifier message, to btf_decl_tag-based annotations directly on corresponding BPF programs: __failure to specify that BPF program is expected to fail verification, and __msg() to specify expected log message. Acked-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20221207201648.2990661-2-andrii@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-12-07 12:16:48 -08:00
__failure __msg("variable untrusted_ptr_ access var_off=(0x0; 0x1e0)")
selftests/bpf: Add negative C tests for kptrs This uses the newly added SEC("?foo") naming to disable autoload of programs, and then loads them one by one for the object and verifies that loading fails and matches the returned error string from verifier. This is similar to already existing verifier tests but provides coverage for BPF C. Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20220511194654.765705-4-memxor@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-05-12 01:16:53 +05:30
int reject_var_off_store(struct __sk_buff *ctx)
{
struct prog_test_ref_kfunc *unref_ptr;
struct map_value *v;
int key = 0, id;
v = bpf_map_lookup_elem(&array_map, &key);
if (!v)
return 0;
unref_ptr = v->unref_ptr;
if (!unref_ptr)
return 0;
id = ctx->protocol;
if (id < 4 || id > 12)
return 0;
unref_ptr += id;
v->unref_ptr = unref_ptr;
return 0;
}
SEC("?tc")
selftests/bpf: convert dynptr_fail and map_kptr_fail subtests to generic tester Convert big chunks of dynptr and map_kptr subtests to use generic verification_tester. They are switched from using manually maintained tables of test cases, specifying program name and expected error verifier message, to btf_decl_tag-based annotations directly on corresponding BPF programs: __failure to specify that BPF program is expected to fail verification, and __msg() to specify expected log message. Acked-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20221207201648.2990661-2-andrii@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-12-07 12:16:48 -08:00
__failure __msg("invalid kptr access, R1 type=untrusted_ptr_prog_test_ref_kfunc")
selftests/bpf: Add negative C tests for kptrs This uses the newly added SEC("?foo") naming to disable autoload of programs, and then loads them one by one for the object and verifies that loading fails and matches the returned error string from verifier. This is similar to already existing verifier tests but provides coverage for BPF C. Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20220511194654.765705-4-memxor@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-05-12 01:16:53 +05:30
int reject_bad_type_match(struct __sk_buff *ctx)
{
struct prog_test_ref_kfunc *unref_ptr;
struct map_value *v;
int key = 0;
v = bpf_map_lookup_elem(&array_map, &key);
if (!v)
return 0;
unref_ptr = v->unref_ptr;
if (!unref_ptr)
return 0;
unref_ptr = (void *)unref_ptr + 4;
v->unref_ptr = unref_ptr;
return 0;
}
SEC("?tc")
selftests/bpf: convert dynptr_fail and map_kptr_fail subtests to generic tester Convert big chunks of dynptr and map_kptr subtests to use generic verification_tester. They are switched from using manually maintained tables of test cases, specifying program name and expected error verifier message, to btf_decl_tag-based annotations directly on corresponding BPF programs: __failure to specify that BPF program is expected to fail verification, and __msg() to specify expected log message. Acked-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20221207201648.2990661-2-andrii@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-12-07 12:16:48 -08:00
__failure __msg("R1 type=untrusted_ptr_or_null_ expected=percpu_ptr_")
selftests/bpf: Add negative C tests for kptrs This uses the newly added SEC("?foo") naming to disable autoload of programs, and then loads them one by one for the object and verifies that loading fails and matches the returned error string from verifier. This is similar to already existing verifier tests but provides coverage for BPF C. Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20220511194654.765705-4-memxor@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-05-12 01:16:53 +05:30
int marked_as_untrusted_or_null(struct __sk_buff *ctx)
{
struct map_value *v;
int key = 0;
v = bpf_map_lookup_elem(&array_map, &key);
if (!v)
return 0;
bpf_this_cpu_ptr(v->unref_ptr);
return 0;
}
SEC("?tc")
selftests/bpf: convert dynptr_fail and map_kptr_fail subtests to generic tester Convert big chunks of dynptr and map_kptr subtests to use generic verification_tester. They are switched from using manually maintained tables of test cases, specifying program name and expected error verifier message, to btf_decl_tag-based annotations directly on corresponding BPF programs: __failure to specify that BPF program is expected to fail verification, and __msg() to specify expected log message. Acked-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20221207201648.2990661-2-andrii@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-12-07 12:16:48 -08:00
__failure __msg("access beyond struct prog_test_ref_kfunc at off 32 size 4")
selftests/bpf: Add negative C tests for kptrs This uses the newly added SEC("?foo") naming to disable autoload of programs, and then loads them one by one for the object and verifies that loading fails and matches the returned error string from verifier. This is similar to already existing verifier tests but provides coverage for BPF C. Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20220511194654.765705-4-memxor@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-05-12 01:16:53 +05:30
int correct_btf_id_check_size(struct __sk_buff *ctx)
{
struct prog_test_ref_kfunc *p;
struct map_value *v;
int key = 0;
v = bpf_map_lookup_elem(&array_map, &key);
if (!v)
return 0;
p = v->unref_ptr;
if (!p)
return 0;
return *(int *)((void *)p + bpf_core_type_size(struct prog_test_ref_kfunc));
}
SEC("?tc")
selftests/bpf: convert dynptr_fail and map_kptr_fail subtests to generic tester Convert big chunks of dynptr and map_kptr subtests to use generic verification_tester. They are switched from using manually maintained tables of test cases, specifying program name and expected error verifier message, to btf_decl_tag-based annotations directly on corresponding BPF programs: __failure to specify that BPF program is expected to fail verification, and __msg() to specify expected log message. Acked-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20221207201648.2990661-2-andrii@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-12-07 12:16:48 -08:00
__failure __msg("R1 type=untrusted_ptr_ expected=percpu_ptr_")
selftests/bpf: Add negative C tests for kptrs This uses the newly added SEC("?foo") naming to disable autoload of programs, and then loads them one by one for the object and verifies that loading fails and matches the returned error string from verifier. This is similar to already existing verifier tests but provides coverage for BPF C. Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20220511194654.765705-4-memxor@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-05-12 01:16:53 +05:30
int inherit_untrusted_on_walk(struct __sk_buff *ctx)
{
struct prog_test_ref_kfunc *unref_ptr;
struct map_value *v;
int key = 0;
v = bpf_map_lookup_elem(&array_map, &key);
if (!v)
return 0;
unref_ptr = v->unref_ptr;
if (!unref_ptr)
return 0;
unref_ptr = unref_ptr->next;
bpf_this_cpu_ptr(unref_ptr);
return 0;
}
SEC("?tc")
selftests/bpf: convert dynptr_fail and map_kptr_fail subtests to generic tester Convert big chunks of dynptr and map_kptr subtests to use generic verification_tester. They are switched from using manually maintained tables of test cases, specifying program name and expected error verifier message, to btf_decl_tag-based annotations directly on corresponding BPF programs: __failure to specify that BPF program is expected to fail verification, and __msg() to specify expected log message. Acked-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20221207201648.2990661-2-andrii@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-12-07 12:16:48 -08:00
__failure __msg("off=8 kptr isn't referenced kptr")
selftests/bpf: Add negative C tests for kptrs This uses the newly added SEC("?foo") naming to disable autoload of programs, and then loads them one by one for the object and verifies that loading fails and matches the returned error string from verifier. This is similar to already existing verifier tests but provides coverage for BPF C. Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20220511194654.765705-4-memxor@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-05-12 01:16:53 +05:30
int reject_kptr_xchg_on_unref(struct __sk_buff *ctx)
{
struct map_value *v;
int key = 0;
v = bpf_map_lookup_elem(&array_map, &key);
if (!v)
return 0;
bpf_kptr_xchg(&v->unref_ptr, NULL);
return 0;
}
SEC("?tc")
bpf: Introduce kptr_rcu. The life time of certain kernel structures like 'struct cgroup' is protected by RCU. Hence it's safe to dereference them directly from __kptr tagged pointers in bpf maps. The resulting pointer is MEM_RCU and can be passed to kfuncs that expect KF_RCU. Derefrence of other kptr-s returns PTR_UNTRUSTED. For example: struct map_value { struct cgroup __kptr *cgrp; }; SEC("tp_btf/cgroup_mkdir") int BPF_PROG(test_cgrp_get_ancestors, struct cgroup *cgrp_arg, const char *path) { struct cgroup *cg, *cg2; cg = bpf_cgroup_acquire(cgrp_arg); // cg is PTR_TRUSTED and ref_obj_id > 0 bpf_kptr_xchg(&v->cgrp, cg); cg2 = v->cgrp; // This is new feature introduced by this patch. // cg2 is PTR_MAYBE_NULL | MEM_RCU. // When cg2 != NULL, it's a valid cgroup, but its percpu_ref could be zero if (cg2) bpf_cgroup_ancestor(cg2, level); // safe to do. } Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Tejun Heo <tj@kernel.org> Acked-by: David Vernet <void@manifault.com> Link: https://lore.kernel.org/bpf/20230303041446.3630-4-alexei.starovoitov@gmail.com
2023-03-02 20:14:43 -08:00
__failure __msg("R1 type=rcu_ptr_or_null_ expected=percpu_ptr_")
selftests/bpf: Add negative C tests for kptrs This uses the newly added SEC("?foo") naming to disable autoload of programs, and then loads them one by one for the object and verifies that loading fails and matches the returned error string from verifier. This is similar to already existing verifier tests but provides coverage for BPF C. Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20220511194654.765705-4-memxor@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-05-12 01:16:53 +05:30
int mark_ref_as_untrusted_or_null(struct __sk_buff *ctx)
{
struct map_value *v;
int key = 0;
v = bpf_map_lookup_elem(&array_map, &key);
if (!v)
return 0;
bpf_this_cpu_ptr(v->ref_ptr);
return 0;
}
SEC("?tc")
selftests/bpf: convert dynptr_fail and map_kptr_fail subtests to generic tester Convert big chunks of dynptr and map_kptr subtests to use generic verification_tester. They are switched from using manually maintained tables of test cases, specifying program name and expected error verifier message, to btf_decl_tag-based annotations directly on corresponding BPF programs: __failure to specify that BPF program is expected to fail verification, and __msg() to specify expected log message. Acked-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20221207201648.2990661-2-andrii@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-12-07 12:16:48 -08:00
__failure __msg("store to referenced kptr disallowed")
selftests/bpf: Add negative C tests for kptrs This uses the newly added SEC("?foo") naming to disable autoload of programs, and then loads them one by one for the object and verifies that loading fails and matches the returned error string from verifier. This is similar to already existing verifier tests but provides coverage for BPF C. Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20220511194654.765705-4-memxor@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-05-12 01:16:53 +05:30
int reject_untrusted_store_to_ref(struct __sk_buff *ctx)
{
struct prog_test_ref_kfunc *p;
struct map_value *v;
int key = 0;
v = bpf_map_lookup_elem(&array_map, &key);
if (!v)
return 0;
p = v->ref_ptr;
if (!p)
return 0;
/* Checkmate, clang */
*(struct prog_test_ref_kfunc * volatile *)&v->ref_ptr = p;
return 0;
}
SEC("?tc")
bpf: Introduce kptr_rcu. The life time of certain kernel structures like 'struct cgroup' is protected by RCU. Hence it's safe to dereference them directly from __kptr tagged pointers in bpf maps. The resulting pointer is MEM_RCU and can be passed to kfuncs that expect KF_RCU. Derefrence of other kptr-s returns PTR_UNTRUSTED. For example: struct map_value { struct cgroup __kptr *cgrp; }; SEC("tp_btf/cgroup_mkdir") int BPF_PROG(test_cgrp_get_ancestors, struct cgroup *cgrp_arg, const char *path) { struct cgroup *cg, *cg2; cg = bpf_cgroup_acquire(cgrp_arg); // cg is PTR_TRUSTED and ref_obj_id > 0 bpf_kptr_xchg(&v->cgrp, cg); cg2 = v->cgrp; // This is new feature introduced by this patch. // cg2 is PTR_MAYBE_NULL | MEM_RCU. // When cg2 != NULL, it's a valid cgroup, but its percpu_ref could be zero if (cg2) bpf_cgroup_ancestor(cg2, level); // safe to do. } Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Tejun Heo <tj@kernel.org> Acked-by: David Vernet <void@manifault.com> Link: https://lore.kernel.org/bpf/20230303041446.3630-4-alexei.starovoitov@gmail.com
2023-03-02 20:14:43 -08:00
__failure __msg("R2 must be referenced")
selftests/bpf: Add negative C tests for kptrs This uses the newly added SEC("?foo") naming to disable autoload of programs, and then loads them one by one for the object and verifies that loading fails and matches the returned error string from verifier. This is similar to already existing verifier tests but provides coverage for BPF C. Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20220511194654.765705-4-memxor@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-05-12 01:16:53 +05:30
int reject_untrusted_xchg(struct __sk_buff *ctx)
{
struct prog_test_ref_kfunc *p;
struct map_value *v;
int key = 0;
v = bpf_map_lookup_elem(&array_map, &key);
if (!v)
return 0;
p = v->ref_ptr;
if (!p)
return 0;
bpf_kptr_xchg(&v->ref_ptr, p);
return 0;
}
SEC("?tc")
selftests/bpf: convert dynptr_fail and map_kptr_fail subtests to generic tester Convert big chunks of dynptr and map_kptr subtests to use generic verification_tester. They are switched from using manually maintained tables of test cases, specifying program name and expected error verifier message, to btf_decl_tag-based annotations directly on corresponding BPF programs: __failure to specify that BPF program is expected to fail verification, and __msg() to specify expected log message. Acked-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20221207201648.2990661-2-andrii@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-12-07 12:16:48 -08:00
__failure
__msg("invalid kptr access, R2 type=ptr_prog_test_ref_kfunc expected=ptr_prog_test_member")
selftests/bpf: Add negative C tests for kptrs This uses the newly added SEC("?foo") naming to disable autoload of programs, and then loads them one by one for the object and verifies that loading fails and matches the returned error string from verifier. This is similar to already existing verifier tests but provides coverage for BPF C. Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20220511194654.765705-4-memxor@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-05-12 01:16:53 +05:30
int reject_bad_type_xchg(struct __sk_buff *ctx)
{
struct prog_test_ref_kfunc *ref_ptr;
struct map_value *v;
int key = 0;
v = bpf_map_lookup_elem(&array_map, &key);
if (!v)
return 0;
ref_ptr = bpf_kfunc_call_test_acquire(&(unsigned long){0});
if (!ref_ptr)
return 0;
bpf_kptr_xchg(&v->ref_memb_ptr, ref_ptr);
return 0;
}
SEC("?tc")
selftests/bpf: convert dynptr_fail and map_kptr_fail subtests to generic tester Convert big chunks of dynptr and map_kptr subtests to use generic verification_tester. They are switched from using manually maintained tables of test cases, specifying program name and expected error verifier message, to btf_decl_tag-based annotations directly on corresponding BPF programs: __failure to specify that BPF program is expected to fail verification, and __msg() to specify expected log message. Acked-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20221207201648.2990661-2-andrii@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-12-07 12:16:48 -08:00
__failure __msg("invalid kptr access, R2 type=ptr_prog_test_ref_kfunc")
selftests/bpf: Add negative C tests for kptrs This uses the newly added SEC("?foo") naming to disable autoload of programs, and then loads them one by one for the object and verifies that loading fails and matches the returned error string from verifier. This is similar to already existing verifier tests but provides coverage for BPF C. Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20220511194654.765705-4-memxor@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-05-12 01:16:53 +05:30
int reject_member_of_ref_xchg(struct __sk_buff *ctx)
{
struct prog_test_ref_kfunc *ref_ptr;
struct map_value *v;
int key = 0;
v = bpf_map_lookup_elem(&array_map, &key);
if (!v)
return 0;
ref_ptr = bpf_kfunc_call_test_acquire(&(unsigned long){0});
if (!ref_ptr)
return 0;
bpf_kptr_xchg(&v->ref_memb_ptr, &ref_ptr->memb);
return 0;
}
SEC("?syscall")
selftests/bpf: convert dynptr_fail and map_kptr_fail subtests to generic tester Convert big chunks of dynptr and map_kptr subtests to use generic verification_tester. They are switched from using manually maintained tables of test cases, specifying program name and expected error verifier message, to btf_decl_tag-based annotations directly on corresponding BPF programs: __failure to specify that BPF program is expected to fail verification, and __msg() to specify expected log message. Acked-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20221207201648.2990661-2-andrii@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-12-07 12:16:48 -08:00
__failure __msg("kptr cannot be accessed indirectly by helper")
selftests/bpf: Add negative C tests for kptrs This uses the newly added SEC("?foo") naming to disable autoload of programs, and then loads them one by one for the object and verifies that loading fails and matches the returned error string from verifier. This is similar to already existing verifier tests but provides coverage for BPF C. Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20220511194654.765705-4-memxor@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-05-12 01:16:53 +05:30
int reject_indirect_helper_access(struct __sk_buff *ctx)
{
struct map_value *v;
int key = 0;
v = bpf_map_lookup_elem(&array_map, &key);
if (!v)
return 0;
bpf_get_current_comm(v, sizeof(v->buf) + 1);
return 0;
}
__noinline
int write_func(int *p)
{
return p ? *p = 42 : 0;
}
SEC("?tc")
selftests/bpf: convert dynptr_fail and map_kptr_fail subtests to generic tester Convert big chunks of dynptr and map_kptr subtests to use generic verification_tester. They are switched from using manually maintained tables of test cases, specifying program name and expected error verifier message, to btf_decl_tag-based annotations directly on corresponding BPF programs: __failure to specify that BPF program is expected to fail verification, and __msg() to specify expected log message. Acked-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20221207201648.2990661-2-andrii@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-12-07 12:16:48 -08:00
__failure __msg("kptr cannot be accessed indirectly by helper")
selftests/bpf: Add negative C tests for kptrs This uses the newly added SEC("?foo") naming to disable autoload of programs, and then loads them one by one for the object and verifies that loading fails and matches the returned error string from verifier. This is similar to already existing verifier tests but provides coverage for BPF C. Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20220511194654.765705-4-memxor@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-05-12 01:16:53 +05:30
int reject_indirect_global_func_access(struct __sk_buff *ctx)
{
struct map_value *v;
int key = 0;
v = bpf_map_lookup_elem(&array_map, &key);
if (!v)
return 0;
return write_func((void *)v + 5);
}
SEC("?tc")
bpf: verifier: Support eliding map lookup nullness This commit allows progs to elide a null check on statically known map lookup keys. In other words, if the verifier can statically prove that the lookup will be in-bounds, allow the prog to drop the null check. This is useful for two reasons: 1. Large numbers of nullness checks (especially when they cannot fail) unnecessarily pushes prog towards BPF_COMPLEXITY_LIMIT_JMP_SEQ. 2. It forms a tighter contract between programmer and verifier. For (1), bpftrace is starting to make heavier use of percpu scratch maps. As a result, for user scripts with large number of unrolled loops, we are starting to hit jump complexity verification errors. These percpu lookups cannot fail anyways, as we only use static key values. Eliding nullness probably results in less work for verifier as well. For (2), percpu scratch maps are often used as a larger stack, as the currrent stack is limited to 512 bytes. In these situations, it is desirable for the programmer to express: "this lookup should never fail, and if it does, it means I messed up the code". By omitting the null check, the programmer can "ask" the verifier to double check the logic. Tests also have to be updated in sync with these changes, as the verifier is more efficient with this change. Notable, iters.c tests had to be changed to use a map type that still requires null checks, as it's exercising verifier tracking logic w.r.t iterators. Signed-off-by: Daniel Xu <dxu@dxuuu.xyz> Link: https://lore.kernel.org/r/68f3ea96ff3809a87e502a11a4bd30177fc5823e.1736886479.git.dxu@dxuuu.xyz Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2025-01-14 13:28:45 -07:00
__failure __msg("Unreleased reference id=4 alloc_insn=")
selftests/bpf: Add negative C tests for kptrs This uses the newly added SEC("?foo") naming to disable autoload of programs, and then loads them one by one for the object and verifies that loading fails and matches the returned error string from verifier. This is similar to already existing verifier tests but provides coverage for BPF C. Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20220511194654.765705-4-memxor@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-05-12 01:16:53 +05:30
int kptr_xchg_ref_state(struct __sk_buff *ctx)
{
struct prog_test_ref_kfunc *p;
struct map_value *v;
int key = 0;
v = bpf_map_lookup_elem(&array_map, &key);
if (!v)
return 0;
p = bpf_kfunc_call_test_acquire(&(unsigned long){0});
if (!p)
return 0;
bpf_kptr_xchg(&v->ref_ptr, p);
return 0;
}
selftests/bpf: Add testcases for ptr_*_or_null_ in bpf_kptr_xchg The second argument of the bpf_kptr_xchg() helper function is ARG_PTR_TO_BTF_ID_OR_NULL. A recent patch fixed a bug whereby the verifier would fail with an internal error message if a program invoked the helper with a PTR_TO_BTF_ID | PTR_MAYBE_NULL register. This testcase adds some testcases to ensure that it fails gracefully moving forward. Before the fix, these testcases would have failed an error resembling the following: ; p = bpf_kfunc_call_test_acquire(&(unsigned long){0}); 99: (7b) *(u64 *)(r10 -16) = r7 ; frame1: ... 100: (bf) r1 = r10 ; frame1: ... 101: (07) r1 += -16 ; frame1: ... ; p = bpf_kfunc_call_test_acquire(&(unsigned long){0}); 102: (85) call bpf_kfunc_call_test_acquire#13908 ; frame1: R0_w=ptr_or_null_prog_test_ref_kfunc... ; p = bpf_kptr_xchg(&v->ref_ptr, p); 103: (bf) r1 = r6 ; frame1: ... 104: (bf) r2 = r0 ; frame1: R0_w=ptr_or_null_prog_test_ref_kfunc... 105: (85) call bpf_kptr_xchg#194 verifier internal error: invalid PTR_TO_BTF_ID register for type match Signed-off-by: David Vernet <void@manifault.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20230330145203.80506-2-void@manifault.com
2023-03-30 09:52:03 -05:00
SEC("?tc")
__failure __msg("Possibly NULL pointer passed to helper arg2")
int kptr_xchg_possibly_null(struct __sk_buff *ctx)
{
struct prog_test_ref_kfunc *p;
struct map_value *v;
int key = 0;
v = bpf_map_lookup_elem(&array_map, &key);
if (!v)
return 0;
p = bpf_kfunc_call_test_acquire(&(unsigned long){0});
/* PTR_TO_BTF_ID | PTR_MAYBE_NULL passed to bpf_kptr_xchg() */
p = bpf_kptr_xchg(&v->ref_ptr, p);
if (p)
bpf_kfunc_call_test_release(p);
return 0;
}
selftests/bpf: Add negative C tests for kptrs This uses the newly added SEC("?foo") naming to disable autoload of programs, and then loads them one by one for the object and verifies that loading fails and matches the returned error string from verifier. This is similar to already existing verifier tests but provides coverage for BPF C. Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20220511194654.765705-4-memxor@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-05-12 01:16:53 +05:30
char _license[] SEC("license") = "GPL";
Reference in a new issue Copy permalink