Skip to content

Commit 0a13e35

Browse files
piotr-krysiukborkmann
piotr-krysiuk
authored and
borkmann
committed
bpf, selftests: Fix up some test_verifier cases for unprivileged
Fix up test_verifier error messages for the case where the original error message changed, or for the case where pointer alu errors differ between privileged and unprivileged tests. Also, add alternative tests for keeping coverage of the original verifier rejection error message (fp alu), and newly reject map_ptr += rX where rX == 0 given we now forbid alu on these types for unprivileged. All test_verifier cases pass after the change. The test case fixups were kept separate to ease backporting of core changes. Signed-off-by: Piotr Krysiuk <[email protected]> Co-developed-by: Daniel Borkmann <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Acked-by: Alexei Starovoitov <[email protected]>
1 parent 1b1597e commit 0a13e35

File tree

4 files changed

+59
-10
lines changed

4 files changed

+59
-10
lines changed

tools/testing/selftests/bpf/verifier/bounds_deduction.c

Lines changed: 19 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,9 @@
66
BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
77
BPF_EXIT_INSN(),
88
},
9-
.result = REJECT,
9+
.errstr_unpriv = "R0 tried to sub from different maps, paths, or prohibited types",
1010
.errstr = "R0 tried to subtract pointer from scalar",
11+
.result = REJECT,
1112
},
1213
{
1314
"check deducing bounds from const, 2",
@@ -20,6 +21,8 @@
2021
BPF_ALU64_REG(BPF_SUB, BPF_REG_1, BPF_REG_0),
2122
BPF_EXIT_INSN(),
2223
},
24+
.errstr_unpriv = "R1 tried to sub from different maps, paths, or prohibited types",
25+
.result_unpriv = REJECT,
2326
.result = ACCEPT,
2427
.retval = 1,
2528
},
@@ -31,8 +34,9 @@
3134
BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
3235
BPF_EXIT_INSN(),
3336
},
34-
.result = REJECT,
37+
.errstr_unpriv = "R0 tried to sub from different maps, paths, or prohibited types",
3538
.errstr = "R0 tried to subtract pointer from scalar",
39+
.result = REJECT,
3640
},
3741
{
3842
"check deducing bounds from const, 4",
@@ -45,6 +49,8 @@
4549
BPF_ALU64_REG(BPF_SUB, BPF_REG_1, BPF_REG_0),
4650
BPF_EXIT_INSN(),
4751
},
52+
.errstr_unpriv = "R1 tried to sub from different maps, paths, or prohibited types",
53+
.result_unpriv = REJECT,
4854
.result = ACCEPT,
4955
},
5056
{
@@ -55,8 +61,9 @@
5561
BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
5662
BPF_EXIT_INSN(),
5763
},
58-
.result = REJECT,
64+
.errstr_unpriv = "R0 tried to sub from different maps, paths, or prohibited types",
5965
.errstr = "R0 tried to subtract pointer from scalar",
66+
.result = REJECT,
6067
},
6168
{
6269
"check deducing bounds from const, 6",
@@ -67,8 +74,9 @@
6774
BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
6875
BPF_EXIT_INSN(),
6976
},
70-
.result = REJECT,
77+
.errstr_unpriv = "R0 tried to sub from different maps, paths, or prohibited types",
7178
.errstr = "R0 tried to subtract pointer from scalar",
79+
.result = REJECT,
7280
},
7381
{
7482
"check deducing bounds from const, 7",
@@ -80,8 +88,9 @@
8088
offsetof(struct __sk_buff, mark)),
8189
BPF_EXIT_INSN(),
8290
},
83-
.result = REJECT,
91+
.errstr_unpriv = "R1 tried to sub from different maps, paths, or prohibited types",
8492
.errstr = "dereference of modified ctx ptr",
93+
.result = REJECT,
8594
.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
8695
},
8796
{
@@ -94,8 +103,9 @@
94103
offsetof(struct __sk_buff, mark)),
95104
BPF_EXIT_INSN(),
96105
},
97-
.result = REJECT,
106+
.errstr_unpriv = "R1 tried to add from different maps, paths, or prohibited types",
98107
.errstr = "dereference of modified ctx ptr",
108+
.result = REJECT,
99109
.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
100110
},
101111
{
@@ -106,8 +116,9 @@
106116
BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
107117
BPF_EXIT_INSN(),
108118
},
109-
.result = REJECT,
119+
.errstr_unpriv = "R0 tried to sub from different maps, paths, or prohibited types",
110120
.errstr = "R0 tried to subtract pointer from scalar",
121+
.result = REJECT,
111122
},
112123
{
113124
"check deducing bounds from const, 10",
@@ -119,6 +130,6 @@
119130
BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
120131
BPF_EXIT_INSN(),
121132
},
122-
.result = REJECT,
123133
.errstr = "math between ctx pointer and register with unbounded min value is not allowed",
134+
.result = REJECT,
124135
},

tools/testing/selftests/bpf/verifier/map_ptr.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -75,6 +75,8 @@
7575
BPF_EXIT_INSN(),
7676
},
7777
.fixup_map_hash_16b = { 4 },
78+
.result_unpriv = REJECT,
79+
.errstr_unpriv = "R1 tried to add from different maps, paths, or prohibited types",
7880
.result = ACCEPT,
7981
},
8082
{
@@ -91,5 +93,7 @@
9193
BPF_EXIT_INSN(),
9294
},
9395
.fixup_map_hash_16b = { 4 },
96+
.result_unpriv = REJECT,
97+
.errstr_unpriv = "R1 tried to add from different maps, paths, or prohibited types",
9498
.result = ACCEPT,
9599
},

tools/testing/selftests/bpf/verifier/unpriv.c

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -497,14 +497,27 @@
497497
.result = ACCEPT,
498498
},
499499
{
500-
"unpriv: adding of fp",
500+
"unpriv: adding of fp, reg",
501501
.insns = {
502502
BPF_MOV64_IMM(BPF_REG_0, 0),
503503
BPF_MOV64_IMM(BPF_REG_1, 0),
504504
BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_10),
505505
BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, -8),
506506
BPF_EXIT_INSN(),
507507
},
508+
.errstr_unpriv = "R1 tried to add from different maps, paths, or prohibited types",
509+
.result_unpriv = REJECT,
510+
.result = ACCEPT,
511+
},
512+
{
513+
"unpriv: adding of fp, imm",
514+
.insns = {
515+
BPF_MOV64_IMM(BPF_REG_0, 0),
516+
BPF_MOV64_REG(BPF_REG_1, BPF_REG_10),
517+
BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 0),
518+
BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, -8),
519+
BPF_EXIT_INSN(),
520+
},
508521
.errstr_unpriv = "R1 stack pointer arithmetic goes out of range",
509522
.result_unpriv = REJECT,
510523
.result = ACCEPT,

tools/testing/selftests/bpf/verifier/value_ptr_arith.c

Lines changed: 22 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -169,7 +169,7 @@
169169
.fixup_map_array_48b = { 1 },
170170
.result = ACCEPT,
171171
.result_unpriv = REJECT,
172-
.errstr_unpriv = "R2 tried to add from different maps or paths",
172+
.errstr_unpriv = "R2 tried to add from different maps, paths, or prohibited types",
173173
.retval = 0,
174174
},
175175
{
@@ -516,6 +516,27 @@
516516
.result = ACCEPT,
517517
.retval = 0xabcdef12,
518518
},
519+
{
520+
"map access: value_ptr += N, value_ptr -= N known scalar",
521+
.insns = {
522+
BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
523+
BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
524+
BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
525+
BPF_LD_MAP_FD(BPF_REG_1, 0),
526+
BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
527+
BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 6),
528+
BPF_MOV32_IMM(BPF_REG_1, 0x12345678),
529+
BPF_STX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 0),
530+
BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 2),
531+
BPF_MOV64_IMM(BPF_REG_1, 2),
532+
BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
533+
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, 0),
534+
BPF_EXIT_INSN(),
535+
},
536+
.fixup_map_array_48b = { 3 },
537+
.result = ACCEPT,
538+
.retval = 0x12345678,
539+
},
519540
{
520541
"map access: unknown scalar += value_ptr, 1",
521542
.insns = {

0 commit comments

Comments
 (0)