diff options
author | Yonghong Song <yhs@fb.com> | 2020-07-28 15:18:01 -0700 |
---|---|---|
committer | Daniel Borkmann <daniel@iogearbox.net> | 2020-07-31 00:43:49 +0200 |
commit | 12e6196fb15953605be54ac9320ac54371aecab7 (patch) | |
tree | 1b414ad4de4e736a2b5c80b9e5dc00ce60c2e076 /tools/testing/selftests/bpf/progs/bpf_iter_test_kern6.c | |
parent | bpf: Add missing newline characters in verifier error messages (diff) | |
download | linux-dev-12e6196fb15953605be54ac9320ac54371aecab7.tar.xz linux-dev-12e6196fb15953605be54ac9320ac54371aecab7.zip |
selftests/bpf: Test bpf_iter buffer access with negative offset
Commit afbf21dce668 ("bpf: Support readonly/readwrite buffers
in verifier") added readonly/readwrite buffer support which
is currently used by bpf_iter tracing programs. It has
a bug with incorrect parameter ordering which later fixed
by Commit f6dfbe31e8fa ("bpf: Fix swapped arguments in calls
to check_buffer_access").
This patch added a test case with a negative offset access
which will trigger the error path.
Without Commit f6dfbe31e8fa, running the test case in the patch,
the error message looks like:
R1_w=rdwr_buf(id=0,off=0,imm=0) R10=fp0
; value_sum += *(__u32 *)(value - 4);
2: (61) r1 = *(u32 *)(r1 -4)
R1 invalid (null) buffer access: off=-4, size=4
With the above commit, the error message looks like:
R1_w=rdwr_buf(id=0,off=0,imm=0) R10=fp0
; value_sum += *(__u32 *)(value - 4);
2: (61) r1 = *(u32 *)(r1 -4)
R1 invalid rdwr buffer access: off=-4, size=4
Signed-off-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Song Liu <songliubraving@fb.com>
Link: https://lore.kernel.org/bpf/20200728221801.1090406-1-yhs@fb.com
Diffstat (limited to 'tools/testing/selftests/bpf/progs/bpf_iter_test_kern6.c')
-rw-r--r-- | tools/testing/selftests/bpf/progs/bpf_iter_test_kern6.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/tools/testing/selftests/bpf/progs/bpf_iter_test_kern6.c b/tools/testing/selftests/bpf/progs/bpf_iter_test_kern6.c new file mode 100644 index 000000000000..1c7304f56b1e --- /dev/null +++ b/tools/testing/selftests/bpf/progs/bpf_iter_test_kern6.c @@ -0,0 +1,21 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (c) 2020 Facebook */ +#include "bpf_iter.h" +#include <bpf/bpf_helpers.h> + +char _license[] SEC("license") = "GPL"; + +__u32 value_sum = 0; + +SEC("iter/bpf_map_elem") +int dump_bpf_hash_map(struct bpf_iter__bpf_map_elem *ctx) +{ + void *value = ctx->value; + + if (value == (void *)0) + return 0; + + /* negative offset, verifier failure. */ + value_sum += *(__u32 *)(value - 4); + return 0; +} |