selftests/bpf: add missing netfilter return value and ctx access tests (006c0e44) · Commits · jan.koester / Linux

tools/testing/selftests/bpf/prog_tests/verifier.c

+4 −0

Original line number	Diff line number	Diff line
		@@ -29,6 +29,8 @@
		#include "verifier_map_ret_val.skel.h"
		#include "verifier_masking.skel.h"
		#include "verifier_meta_access.skel.h"
		#include "verifier_netfilter_ctx.skel.h"
		#include "verifier_netfilter_retcode.skel.h"
		#include "verifier_raw_stack.skel.h"
		#include "verifier_raw_tp_writable.skel.h"
		#include "verifier_reg_equal.skel.h"
		@@ -103,6 +105,8 @@ void test_verifier_map_ptr(void) { RUN(verifier_map_ptr); }
		void test_verifier_map_ret_val(void) { RUN(verifier_map_ret_val); }
		void test_verifier_masking(void) { RUN(verifier_masking); }
		void test_verifier_meta_access(void) { RUN(verifier_meta_access); }
		void test_verifier_netfilter_ctx(void) { RUN(verifier_netfilter_ctx); }
		void test_verifier_netfilter_retcode(void) { RUN(verifier_netfilter_retcode); }
		void test_verifier_raw_stack(void) { RUN(verifier_raw_stack); }
		void test_verifier_raw_tp_writable(void) { RUN(verifier_raw_tp_writable); }
		void test_verifier_reg_equal(void) { RUN(verifier_reg_equal); }

tools/testing/selftests/bpf/progs/verifier_netfilter_ctx.c

0 → 100644

+121 −0

Original line number	Diff line number	Diff line
		// SPDX-License-Identifier: GPL-2.0

		#include "vmlinux.h"

		#include "bpf_misc.h"

		#include <bpf/bpf_endian.h>
		#include <bpf/bpf_tracing.h>
		#include <bpf/bpf_helpers.h>

		SEC("netfilter")
		__description("netfilter invalid context access, size too short")
		__failure __msg("invalid bpf_context access")
		__naked void with_invalid_ctx_access_test1(void)
		{
		asm volatile (" \
		r2 = (u8)(r1 + %[__bpf_nf_ctx_state]); \
		r0 = 0; \
		exit; \
		" :
		: __imm_const(__bpf_nf_ctx_state, offsetof(struct bpf_nf_ctx, state))
		: __clobber_all);
		}

		SEC("netfilter")
		__description("netfilter invalid context access, size too short")
		__failure __msg("invalid bpf_context access")
		__naked void with_invalid_ctx_access_test2(void)
		{
		asm volatile (" \
		r2 = (u16)(r1 + %[__bpf_nf_ctx_skb]); \
		r0 = 0; \
		exit; \
		" :
		: __imm_const(__bpf_nf_ctx_skb, offsetof(struct bpf_nf_ctx, skb))
		: __clobber_all);
		}

		SEC("netfilter")
		__description("netfilter invalid context access, past end of ctx")
		__failure __msg("invalid bpf_context access")
		__naked void with_invalid_ctx_access_test3(void)
		{
		asm volatile (" \
		r2 = (u64)(r1 + %[__bpf_nf_ctx_size]); \
		r0 = 0; \
		exit; \
		" :
		: __imm_const(__bpf_nf_ctx_size, sizeof(struct bpf_nf_ctx))
		: __clobber_all);
		}

		SEC("netfilter")
		__description("netfilter invalid context, write")
		__failure __msg("invalid bpf_context access")
		__naked void with_invalid_ctx_access_test4(void)
		{
		asm volatile (" \
		r2 = r1; \
		(u64)(r2 + 0) = r1; \
		r0 = 1; \
		exit; \
		" :
		: __imm_const(__bpf_nf_ctx_skb, offsetof(struct bpf_nf_ctx, skb))
		: __clobber_all);
		}

		#define NF_DROP 0
		#define NF_ACCEPT 1

		SEC("netfilter")
		__description("netfilter valid context read and invalid write")
		__failure __msg("only read is supported")
		int with_invalid_ctx_access_test5(struct bpf_nf_ctx *ctx)
		{
		struct nf_hook_state state = (void )ctx->state;

		state->sk = NULL;
		return NF_ACCEPT;
		}

		extern int bpf_dynptr_from_skb(struct sk_buff *skb, __u64 flags,
		struct bpf_dynptr *ptr__uninit) __ksym;
		extern void bpf_dynptr_slice(const struct bpf_dynptr ptr, uint32_t offset,
		void *buffer, uint32_t buffer__sz) __ksym;

		SEC("netfilter")
		__description("netfilter test prog with skb and state read access")
		__success __failure_unpriv
		__retval(0)
		int with_valid_ctx_access_test6(struct bpf_nf_ctx *ctx)
		{
		const struct nf_hook_state *state = ctx->state;
		struct sk_buff *skb = ctx->skb;
		const struct iphdr *iph;
		const struct tcphdr *th;
		u8 buffer_iph[20] = {};
		u8 buffer_th[40] = {};
		struct bpf_dynptr ptr;
		uint8_t ihl;

		if (skb->len <= 20 \|\| bpf_dynptr_from_skb(skb, 0, &ptr))
		return NF_ACCEPT;

		iph = bpf_dynptr_slice(&ptr, 0, buffer_iph, sizeof(buffer_iph));
		if (!iph)
		return NF_ACCEPT;

		if (state->pf != 2)
		return NF_ACCEPT;

		ihl = iph->ihl << 2;

		th = bpf_dynptr_slice(&ptr, ihl, buffer_th, sizeof(buffer_th));
		if (!th)
		return NF_ACCEPT;

		return th->dest == bpf_htons(22) ? NF_ACCEPT : NF_DROP;
		}

		char _license[] SEC("license") = "GPL";

tools/testing/selftests/bpf/progs/verifier_netfilter_retcode.c

0 → 100644

+49 −0

Original line number	Diff line number	Diff line
		// SPDX-License-Identifier: GPL-2.0

		#include <linux/bpf.h>
		#include <bpf/bpf_helpers.h>
		#include "bpf_misc.h"

		SEC("netfilter")
		__description("bpf_exit with invalid return code. test1")
		__failure __msg("R0 is not a known value")
		__naked void with_invalid_return_code_test1(void)
		{
		asm volatile (" \
		r0 = (u64)(r1 + 0); \
		exit; \
		" ::: __clobber_all);
		}

		SEC("netfilter")
		__description("bpf_exit with valid return code. test2")
		__success
		__naked void with_valid_return_code_test2(void)
		{
		asm volatile (" \
		r0 = 0; \
		exit; \
		" ::: __clobber_all);
		}

		SEC("netfilter")
		__description("bpf_exit with valid return code. test3")
		__success
		__naked void with_valid_return_code_test3(void)
		{
		asm volatile (" \
		r0 = 1; \
		exit; \
		" ::: __clobber_all);
		}

		SEC("netfilter")
		__description("bpf_exit with invalid return code. test4")
		__failure __msg("R0 has value (0x2; 0x0)")
		__naked void with_invalid_return_code_test4(void)
		{
		asm volatile (" \
		r0 = 2; \
		exit; \
		" ::: __clobber_all);
		}