Add a test case for PTR_TO_FLOW_KEYS alu. Testing if alu with
variable offset on flow_keys is rejected.
Signed-off-by: Hao Sun <[email protected]>
---
.../bpf/progs/verifier_value_illegal_alu.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/tools/testing/selftests/bpf/progs/verifier_value_illegal_alu.c b/tools/testing/selftests/bpf/progs/verifier_value_illegal_alu.c
index 71814a753216..a9ab37d3b9e2 100644
--- a/tools/testing/selftests/bpf/progs/verifier_value_illegal_alu.c
+++ b/tools/testing/selftests/bpf/progs/verifier_value_illegal_alu.c
@@ -146,4 +146,23 @@ l0_%=: exit; \
: __clobber_all);
}
+SEC("flow_dissector")
+__description("flow_keys illegal alu op with variable offset")
+__failure __msg("R7 pointer arithmetic on flow_keys prohibited")
+__naked void flow_keys_illegal_variable_offset_alu(void)
+{
+ asm volatile(" \
+ r6 = r1; \
+ r7 = *(u64*)(r6 + %[flow_keys_off]); \
+ r8 = 8; \
+ r8 /= 1; \
+ r8 &= 8; \
+ r7 += r8; \
+ r0 = *(u64*)(r7 + 0); \
+ exit; \
+" :
+ : __imm_const(flow_keys_off, offsetof(struct __sk_buff, flow_keys))
+ : __clobber_all);
+}
+
char _license[] SEC("license") = "GPL";
--
2.34.1
On 1/15/24 12:20 AM, Hao Sun wrote:
> Add a test case for PTR_TO_FLOW_KEYS alu. Testing if alu with
> variable offset on flow_keys is rejected.
>
> Signed-off-by: Hao Sun <[email protected]>
Acked-by: Yonghong Song <[email protected]>
On 1/15/24 9:20 AM, Hao Sun wrote:
> Add a test case for PTR_TO_FLOW_KEYS alu. Testing if alu with
> variable offset on flow_keys is rejected.
>
> Signed-off-by: Hao Sun <[email protected]>
Thanks applied, I've also added a note that we already have coverage
on the success case. Do you plan to follow up with checking the
remaining pointer types as Eduard suggested earlier?
Thanks,
Daniel
On Tue, Jan 16, 2024 at 5:20 PM Daniel Borkmann <[email protected]> wrote:
>
> On 1/15/24 9:20 AM, Hao Sun wrote:
> > Add a test case for PTR_TO_FLOW_KEYS alu. Testing if alu with
> > variable offset on flow_keys is rejected.
> >
> > Signed-off-by: Hao Sun <[email protected]>
>
> Thanks applied, I've also added a note that we already have coverage
> on the success case. Do you plan to follow up with checking the
> remaining pointer types as Eduard suggested earlier?
>
Yes, will do it in the following days.