From patchwork Sat May  6 01:31:30 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Daniel Rosenberg <drosen@google.com>
X-Patchwork-Id: 13233229
X-Patchwork-Delegate: bpf@iogearbox.net
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net
 [23.128.96.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2123C15A6
	for <bpf@vger.kernel.org>; Sat,  6 May 2023 01:31:49 +0000 (UTC)
Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com
 [IPv6:2607:f8b0:4864:20::b4a])
	by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 86B4EFC
	for <bpf@vger.kernel.org>; Fri,  5 May 2023 18:31:45 -0700 (PDT)
Received: by mail-yb1-xb4a.google.com with SMTP id
 3f1490d57ef6-b8f32cc8c31so4430188276.2
        for <bpf@vger.kernel.org>; Fri, 05 May 2023 18:31:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20221208; t=1683336705; x=1685928705;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=frvyVRQKd8P16QsNHAt3wOX14KYkv1sP6KmHiWvR3jI=;
        b=2j99yagPu6O5tI2XpRBORuGgFc6kEs9y2dUPHawi/JSma8OQ6E2MHhx4O9Ab7BS3rH
         MFxG1wkoBAw6cAjqYhFxrrUBhHLau6dVmxXofEFyBPd9cbm3H44Yk/SORp4v+WCmvBtJ
         GBSuFqUPhggJvx0aKRqAoeUbkMrlgDq+I7ufggQIf8HQw39KdqLnmJya5pApAns3z7xw
         TRx407FBy1LrTIc3P5B5Sah6jQCW+AK2c3TNaR6zPArS+6skFfFgURwxGShjHuhnsYz6
         q0MzhynNEJ263XZort+Gx3jOSQUzGCu1t/4Ot3e/YbFRKkMDSfVPkmn/H9fhdP79SQ5p
         BK7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683336705; x=1685928705;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=frvyVRQKd8P16QsNHAt3wOX14KYkv1sP6KmHiWvR3jI=;
        b=H2gl+z1RaU5110XDedn1c98O8AkC4jXHGcAN7KU5lgmX8Agttz0GpKBKRNAupjbLUB
         d9pKlwi9B0w0TZzg88B414KOuegu2kGVe3Oh7SY2BypFat9M9+gUF7UHfSJ5WjPhGmdO
         otwgT7z1vlhEgLHOsBht3hNTmNKuz7SPP3HKJYUm4xlGAbYD3ko7gvgVArJslgLYaXnv
         rFeXpsDQYl87MYnUbGHNWmVMPNA39XxfuvPfd3buF2uROECpIxrpHBXky3DqlmprKgBG
         UTc9yrBb2bT2cx8cdOhVDIezkk747KY+kRcTwRgXMckBmvRH2U4jbO6Fx/2nSpP91k9i
         2+Mg==
X-Gm-Message-State: AC+VfDzFg79jqbsoFu18DEx1UeDVA0FIPdw8E+4fYNHvyou9Crer4ENZ
	LOohLN3Uo8qzGhYSmAWfm5vZkGeTvuT9hN49s4T3lNS+n412cJeLRQQdFKPD8U/24F/LaprQPLE
	kIA0Uk3gLdGETk83tsqs7KyPdihv9zfFUU0OIWg3O2Ihz9ZhqVYDnO9b+Rw==
X-Google-Smtp-Source: 
 ACHHUZ4g3KQijz58tl0bKbhG9xiE0tgdgnNtq7pfO9dK2OQ/0sV35Cnjv+lvTJ/zUyNMkWNStVyoGJU3FDE=
X-Received: from drosen.mtv.corp.google.com
 ([2620:15c:211:201:6826:a1a:a426:bb4a])
 (user=drosen job=sendgmr) by 2002:a25:e90f:0:b0:b96:7676:db47 with SMTP id
 n15-20020a25e90f000000b00b967676db47mr1478887ybd.13.1683336704703; Fri, 05
 May 2023 18:31:44 -0700 (PDT)
Date: Fri,  5 May 2023 18:31:30 -0700
In-Reply-To: <20230506013134.2492210-1-drosen@google.com>
Precedence: bulk
X-Mailing-List: bpf@vger.kernel.org
List-Id: <bpf.vger.kernel.org>
List-Subscribe: <mailto:bpf+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:bpf+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20230506013134.2492210-1-drosen@google.com>
X-Mailer: git-send-email 2.40.1.521.gf1e218fcd8-goog
Message-ID: <20230506013134.2492210-2-drosen@google.com>
Subject: [PATCH bpf-next v3 1/5] bpf: Allow NULL buffers in
 bpf_dynptr_slice(_rw)
From: Daniel Rosenberg <drosen@google.com>
To: bpf@vger.kernel.org
Cc: Alexei Starovoitov <ast@kernel.org>,
 Daniel Borkmann <daniel@iogearbox.net>,
	John Fastabend <john.fastabend@gmail.com>,
 Andrii Nakryiko <andrii@kernel.org>,
	Martin KaFai Lau <martin.lau@linux.dev>, Song Liu <song@kernel.org>,
 Yonghong Song <yhs@fb.com>,
	KP Singh <kpsingh@kernel.org>, Stanislav Fomichev <sdf@google.com>,
 Hao Luo <haoluo@google.com>,
	Jiri Olsa <jolsa@kernel.org>, Shuah Khan <shuah@kernel.org>,
 Jonathan Corbet <corbet@lwn.net>,
	Joanne Koong <joannelkoong@gmail.com>, Mykola Lysenko <mykolal@fb.com>,
 linux-kernel@vger.kernel.org,
	linux-kselftest@vger.kernel.org, kernel-team@android.com,
	Daniel Rosenberg <drosen@google.com>
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
	SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL
	autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
X-Patchwork-Delegate: bpf@iogearbox.net

bpf_dynptr_slice(_rw) uses a user provided buffer if it can not provide
a pointer to a block of contiguous memory. This buffer is unused in the
case of local dynptrs, and may be unused in other cases as well. There
is no need to require the buffer, as the kfunc can just return NULL if
it was needed and not provided.

This adds another kfunc annotation, __opt, which combines with __sz and
__szk to allow the buffer associated with the size to be NULL. If the
buffer is NULL, the verifier does not check that the buffer is of
sufficient size.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
---
 Documentation/bpf/kfuncs.rst | 23 ++++++++++++++++++++++-
 include/linux/skbuff.h       |  2 +-
 kernel/bpf/helpers.c         | 30 ++++++++++++++++++------------
 kernel/bpf/verifier.c        | 17 +++++++++++++----
 4 files changed, 54 insertions(+), 18 deletions(-)

diff --git a/Documentation/bpf/kfuncs.rst b/Documentation/bpf/kfuncs.rst
index ea2516374d92..7a3d9de5f315 100644
--- a/Documentation/bpf/kfuncs.rst
+++ b/Documentation/bpf/kfuncs.rst
@@ -100,7 +100,7 @@ Hence, whenever a constant scalar argument is accepted by a kfunc which is not a
 size parameter, and the value of the constant matters for program safety, __k
 suffix should be used.
 
-2.2.2 __uninit Annotation
+2.2.3 __uninit Annotation
 -------------------------
 
 This annotation is used to indicate that the argument will be treated as
@@ -117,6 +117,27 @@ Here, the dynptr will be treated as an uninitialized dynptr. Without this
 annotation, the verifier will reject the program if the dynptr passed in is
 not initialized.
 
+2.2.4 __opt Annotation
+-------------------------
+
+This annotation is used to indicate that the buffer associated with an __sz or __szk
+argument may be null. If the function is passed a nullptr in place of the buffer,
+the verifier will not check that length is appropriate for the buffer. The kfunc is
+responsible for checking if this buffer is null before using it.
+
+An example is given below::
+
+        __bpf_kfunc void *bpf_dynptr_slice(..., void *buffer__opt, u32 buffer__szk)
+        {
+        ...
+        }
+
+Here, the buffer may be null. If buffer is not null, it at least of size buffer_szk.
+Either way, the returned buffer is either NULL, or of size buffer_szk. Without this
+annotation, the verifier will reject the program if a null pointer is passed in with
+a nonzero size.
+
+
 .. _BPF_kfunc_nodef:
 
 2.3 Using an existing kernel function
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index 738776ab8838..8ddb4af1a501 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -4033,7 +4033,7 @@ __skb_header_pointer(const struct sk_buff *skb, int offset, int len,
 	if (likely(hlen - offset >= len))
 		return (void *)data + offset;
 
-	if (!skb || unlikely(skb_copy_bits(skb, offset, buffer, len) < 0))
+	if (!skb || !buffer || unlikely(skb_copy_bits(skb, offset, buffer, len) < 0))
 		return NULL;
 
 	return buffer;
diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
index bb6b4637ebf2..0ded98377d37 100644
--- a/kernel/bpf/helpers.c
+++ b/kernel/bpf/helpers.c
@@ -2174,13 +2174,15 @@ __bpf_kfunc struct task_struct *bpf_task_from_pid(s32 pid)
  * bpf_dynptr_slice() - Obtain a read-only pointer to the dynptr data.
  * @ptr: The dynptr whose data slice to retrieve
  * @offset: Offset into the dynptr
- * @buffer: User-provided buffer to copy contents into
- * @buffer__szk: Size (in bytes) of the buffer. This is the length of the
- *		 requested slice. This must be a constant.
+ * @buffer__opt: User-provided buffer to copy contents into.  May be NULL
+ * @buffer__szk: Size (in bytes) of the buffer if present. This is the
+ *               length of the requested slice. This must be a constant.
  *
  * For non-skb and non-xdp type dynptrs, there is no difference between
  * bpf_dynptr_slice and bpf_dynptr_data.
  *
+ *  If buffer__opt is NULL, the call will fail if buffer_opt was needed.
+ *
  * If the intention is to write to the data slice, please use
  * bpf_dynptr_slice_rdwr.
  *
@@ -2197,7 +2199,7 @@ __bpf_kfunc struct task_struct *bpf_task_from_pid(s32 pid)
  * direct pointer)
  */
 __bpf_kfunc void *bpf_dynptr_slice(const struct bpf_dynptr_kern *ptr, u32 offset,
-				   void *buffer, u32 buffer__szk)
+				   void *buffer__opt, u32 buffer__szk)
 {
 	enum bpf_dynptr_type type;
 	u32 len = buffer__szk;
@@ -2217,15 +2219,17 @@ __bpf_kfunc void *bpf_dynptr_slice(const struct bpf_dynptr_kern *ptr, u32 offset
 	case BPF_DYNPTR_TYPE_RINGBUF:
 		return ptr->data + ptr->offset + offset;
 	case BPF_DYNPTR_TYPE_SKB:
-		return skb_header_pointer(ptr->data, ptr->offset + offset, len, buffer);
+		return skb_header_pointer(ptr->data, ptr->offset + offset, len, buffer__opt);
 	case BPF_DYNPTR_TYPE_XDP:
 	{
 		void *xdp_ptr = bpf_xdp_pointer(ptr->data, ptr->offset + offset, len);
 		if (xdp_ptr)
 			return xdp_ptr;
 
-		bpf_xdp_copy_buf(ptr->data, ptr->offset + offset, buffer, len, false);
-		return buffer;
+		if (!buffer__opt)
+			return NULL;
+		bpf_xdp_copy_buf(ptr->data, ptr->offset + offset, buffer__opt, len, false);
+		return buffer__opt;
 	}
 	default:
 		WARN_ONCE(true, "unknown dynptr type %d\n", type);
@@ -2237,13 +2241,15 @@ __bpf_kfunc void *bpf_dynptr_slice(const struct bpf_dynptr_kern *ptr, u32 offset
  * bpf_dynptr_slice_rdwr() - Obtain a writable pointer to the dynptr data.
  * @ptr: The dynptr whose data slice to retrieve
  * @offset: Offset into the dynptr
- * @buffer: User-provided buffer to copy contents into
- * @buffer__szk: Size (in bytes) of the buffer. This is the length of the
- *		 requested slice. This must be a constant.
+ * @buffer__opt: User-provided buffer to copy contents into. May be NULL
+ * @buffer__szk: Size (in bytes) of the buffer if present. This is the
+ *               length of the requested slice. This must be a constant.
  *
  * For non-skb and non-xdp type dynptrs, there is no difference between
  * bpf_dynptr_slice and bpf_dynptr_data.
  *
+ * If buffer__opt is NULL, the call will fail if buffer_opt was needed.
+ *
  * The returned pointer is writable and may point to either directly the dynptr
  * data at the requested offset or to the buffer if unable to obtain a direct
  * data pointer to (example: the requested slice is to the paged area of an skb
@@ -2274,7 +2280,7 @@ __bpf_kfunc void *bpf_dynptr_slice(const struct bpf_dynptr_kern *ptr, u32 offset
  * direct pointer)
  */
 __bpf_kfunc void *bpf_dynptr_slice_rdwr(const struct bpf_dynptr_kern *ptr, u32 offset,
-					void *buffer, u32 buffer__szk)
+					void *buffer__opt, u32 buffer__szk)
 {
 	if (!ptr->data || __bpf_dynptr_is_rdonly(ptr))
 		return NULL;
@@ -2301,7 +2307,7 @@ __bpf_kfunc void *bpf_dynptr_slice_rdwr(const struct bpf_dynptr_kern *ptr, u32 o
 	 * will be copied out into the buffer and the user will need to call
 	 * bpf_dynptr_write() to commit changes.
 	 */
-	return bpf_dynptr_slice(ptr, offset, buffer, buffer__szk);
+	return bpf_dynptr_slice(ptr, offset, buffer__opt, buffer__szk);
 }
 
 __bpf_kfunc int bpf_dynptr_adjust(struct bpf_dynptr_kern *ptr, u32 start, u32 end)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 0fa96581eb77..7e6bbae9db81 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -9743,6 +9743,11 @@ static bool is_kfunc_arg_const_mem_size(const struct btf *btf,
 	return __kfunc_param_match_suffix(btf, arg, "__szk");
 }
 
+static bool is_kfunc_arg_optional(const struct btf *btf, const struct btf_param *arg)
+{
+	return __kfunc_param_match_suffix(btf, arg, "__opt");
+}
+
 static bool is_kfunc_arg_constant(const struct btf *btf, const struct btf_param *arg)
 {
 	return __kfunc_param_match_suffix(btf, arg, "__k");
@@ -10830,13 +10835,17 @@ static int check_kfunc_args(struct bpf_verifier_env *env, struct bpf_kfunc_call_
 			break;
 		case KF_ARG_PTR_TO_MEM_SIZE:
 		{
+			struct bpf_reg_state *buff_reg = &regs[regno];
+			const struct btf_param *buff_arg = &args[i];
 			struct bpf_reg_state *size_reg = &regs[regno + 1];
 			const struct btf_param *size_arg = &args[i + 1];
 
-			ret = check_kfunc_mem_size_reg(env, size_reg, regno + 1);
-			if (ret < 0) {
-				verbose(env, "arg#%d arg#%d memory, len pair leads to invalid memory access\n", i, i + 1);
-				return ret;
+			if (!register_is_null(buff_reg) || !is_kfunc_arg_optional(meta->btf, buff_arg)) {
+				ret = check_kfunc_mem_size_reg(env, size_reg, regno + 1);
+				if (ret < 0) {
+					verbose(env, "arg#%d arg#%d memory, len pair leads to invalid memory access\n", i, i + 1);
+					return ret;
+				}
 			}
 
 			if (is_kfunc_arg_const_mem_size(meta->btf, size_arg, size_reg)) {

From patchwork Sat May  6 01:31:31 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Daniel Rosenberg <drosen@google.com>
X-Patchwork-Id: 13233230
X-Patchwork-Delegate: bpf@iogearbox.net
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net
 [23.128.96.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5D33215B2
	for <bpf@vger.kernel.org>; Sat,  6 May 2023 01:31:49 +0000 (UTC)
Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com
 [IPv6:2607:f8b0:4864:20::b49])
	by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 94EEF40C7
	for <bpf@vger.kernel.org>; Fri,  5 May 2023 18:31:47 -0700 (PDT)
Received: by mail-yb1-xb49.google.com with SMTP id
 3f1490d57ef6-b9a77926afbso4531900276.3
        for <bpf@vger.kernel.org>; Fri, 05 May 2023 18:31:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20221208; t=1683336707; x=1685928707;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=R3tTNtfHOhWvElfdge4+T7awt+4BFTOV0To4APlP4VI=;
        b=L+3tGIfUtG33QZaej3ISSNAYNsm8fPKrSLDAYKcA3ceQTGQCg3cRs+o95z3Q/MyJxJ
         NQ/zEhtyMc76uAK6F7TKhnTWMi9dwhG945m/0ldiygPjD8u5gmV8Z14YMoSxUsX4WBIw
         scz5zEZWdZCRXQLauxvoAZ1CRibC++t4AE1OZhJhKelqjWQgMSOmjB33LF3QCsU287vX
         djAFsLLcbpHyHq/E6gLG9HzkHJyBt0kB3vh/nh2lkcCZyQzqhyz+GRWyEe6DZhg5p19T
         9yqvvb9/0c43abA/f4uFL+p5gdMuc8EyckIpo+P6RzLEZgNMvszGIKCZpa7a1UngyU3y
         wEow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683336707; x=1685928707;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=R3tTNtfHOhWvElfdge4+T7awt+4BFTOV0To4APlP4VI=;
        b=kAWe3M0K49S9sREimgizJKTB6B/pt6yohsPPN4R3l7zr5iUMVY5pFoCdTafzdfkeDx
         G81WnznAQBRWhCa/s0O8UfQA2D0RjVcEgt3gKHX70GN9k1SLUyCce+f6NQQ/eyV77Yie
         5uWrM3bkVzhA5H6h8x+VMn7YW7O7WoDYlLkGdeYg6i9FgWl2Mcxqc8eh9px3pDiC2QYf
         6W7gdxhdPOrft0lNltLPNEkCWdLrsmfZ2fefIXMqf1zNEx9Q7fWN8DkrAUlioBSq8qh5
         OnUm9la3msmef25ZD+OLnBKkVwL3UbxamNcZzUfjluNRevVyRiH06E5ctxw8m2CJMAAr
         fDNA==
X-Gm-Message-State: AC+VfDyYqdy74Z8+AQoyZfamtYj6IeIIc+mMLDJmhjQLIu49WW2p81jG
	kJ5PFxQv1mlWi6kbKnHc5X+RvlcC8BmRaEbO9p5uayrSgDE3Z5//E9YV4/Qg66AyoyfwmNu4Bea
	2HPHlzs0Exn//VKBkpyr9bV/ZzxICd9AhsysskFRd9DYdOdINL8l63pn65g==
X-Google-Smtp-Source: 
 ACHHUZ5sEHQEXSZOMI2fZpHGP8PwNi2cmHJ4+0FJdfCW76FEKiitkn7SABL6ne8pqSXss8RDFZ9X+dcg3eM=
X-Received: from drosen.mtv.corp.google.com
 ([2620:15c:211:201:6826:a1a:a426:bb4a])
 (user=drosen job=sendgmr) by 2002:a25:500f:0:b0:b9e:930b:1b62 with SMTP id
 e15-20020a25500f000000b00b9e930b1b62mr2104563ybb.12.1683336706774; Fri, 05
 May 2023 18:31:46 -0700 (PDT)
Date: Fri,  5 May 2023 18:31:31 -0700
In-Reply-To: <20230506013134.2492210-1-drosen@google.com>
Precedence: bulk
X-Mailing-List: bpf@vger.kernel.org
List-Id: <bpf.vger.kernel.org>
List-Subscribe: <mailto:bpf+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:bpf+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20230506013134.2492210-1-drosen@google.com>
X-Mailer: git-send-email 2.40.1.521.gf1e218fcd8-goog
Message-ID: <20230506013134.2492210-3-drosen@google.com>
Subject: [PATCH bpf-next v3 2/5] selftests/bpf: Test allowing NULL buffer in
 dynptr slice
From: Daniel Rosenberg <drosen@google.com>
To: bpf@vger.kernel.org
Cc: Alexei Starovoitov <ast@kernel.org>,
 Daniel Borkmann <daniel@iogearbox.net>,
	John Fastabend <john.fastabend@gmail.com>,
 Andrii Nakryiko <andrii@kernel.org>,
	Martin KaFai Lau <martin.lau@linux.dev>, Song Liu <song@kernel.org>,
 Yonghong Song <yhs@fb.com>,
	KP Singh <kpsingh@kernel.org>, Stanislav Fomichev <sdf@google.com>,
 Hao Luo <haoluo@google.com>,
	Jiri Olsa <jolsa@kernel.org>, Shuah Khan <shuah@kernel.org>,
 Jonathan Corbet <corbet@lwn.net>,
	Joanne Koong <joannelkoong@gmail.com>, Mykola Lysenko <mykolal@fb.com>,
 linux-kernel@vger.kernel.org,
	linux-kselftest@vger.kernel.org, kernel-team@android.com,
	Daniel Rosenberg <drosen@google.com>
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
	SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL
	autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
X-Patchwork-Delegate: bpf@iogearbox.net

bpf_dynptr_slice(_rw) no longer requires a buffer for verification. If the
buffer is needed, but not present, the function will return NULL.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
---
 tools/testing/selftests/bpf/prog_tests/dynptr.c |  1 +
 .../selftests/bpf/progs/dynptr_success.c        | 17 +++++++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/tools/testing/selftests/bpf/prog_tests/dynptr.c b/tools/testing/selftests/bpf/prog_tests/dynptr.c
index 0478916aff37..13d4b9ab16e7 100644
--- a/tools/testing/selftests/bpf/prog_tests/dynptr.c
+++ b/tools/testing/selftests/bpf/prog_tests/dynptr.c
@@ -26,6 +26,7 @@ static struct {
 	{"test_dynptr_is_null", SETUP_SYSCALL_SLEEP},
 	{"test_dynptr_is_rdonly", SETUP_SKB_PROG},
 	{"test_dynptr_clone", SETUP_SKB_PROG},
+	{"test_dynptr_skb_no_buff", SETUP_SKB_PROG},
 };
 
 static void verify_success(const char *prog_name, enum test_setup_type setup_type)
diff --git a/tools/testing/selftests/bpf/progs/dynptr_success.c b/tools/testing/selftests/bpf/progs/dynptr_success.c
index be7de62de045..d299ef3b4d1f 100644
--- a/tools/testing/selftests/bpf/progs/dynptr_success.c
+++ b/tools/testing/selftests/bpf/progs/dynptr_success.c
@@ -505,3 +505,20 @@ int test_dynptr_clone(struct __sk_buff *skb)
 
 	return 0;
 }
+
+SEC("?cgroup_skb/egress")
+int test_dynptr_skb_no_buff(struct __sk_buff *skb)
+{
+	struct bpf_dynptr ptr;
+	__u64 *data;
+
+	if (bpf_dynptr_from_skb(skb, 0, &ptr)) {
+		err = 1;
+		return 1;
+	}
+
+	/* This may return NULL. SKB may require a buffer */
+	data = bpf_dynptr_slice(&ptr, 0, NULL, 1);
+
+	return !!data;
+}

From patchwork Sat May  6 01:31:32 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Daniel Rosenberg <drosen@google.com>
X-Patchwork-Id: 13233231
X-Patchwork-Delegate: bpf@iogearbox.net
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net
 [23.128.96.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3F9D915B2
	for <bpf@vger.kernel.org>; Sat,  6 May 2023 01:31:52 +0000 (UTC)
Received: from mail-yw1-x1149.google.com (mail-yw1-x1149.google.com
 [IPv6:2607:f8b0:4864:20::1149])
	by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 24A2F49E7
	for <bpf@vger.kernel.org>; Fri,  5 May 2023 18:31:50 -0700 (PDT)
Received: by mail-yw1-x1149.google.com with SMTP id
 00721157ae682-55d9a998c5aso20543537b3.0
        for <bpf@vger.kernel.org>; Fri, 05 May 2023 18:31:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20221208; t=1683336709; x=1685928709;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=QbTxYJIrfalCYzXyCjhhSUmz67kNheh66aN+akhEHWk=;
        b=WWOk88G3muNiSEyLCZtTBwJIQa2OocJuIlljADwsm82KPk2youo8Bi6hAN/nXReTz0
         7r1uI7jxcjSqbZ92pFC1GjUhvhjNVjuK8o7y0Z//QAswGFhvfniUWRhLj4P18q9LvU8V
         XyQOfhD7n7W/99oHPcNTQokqvOCzPLrYlR7puhjDO/d1m6Mk6UKEtSpSmNeHA/O3TCd2
         oKUZs5gi7Nzjto/r3S5LSTSvgNBNHBCd2hRT0VWn12Qcjs8M0lHnqbGFxux3WL3ApZCM
         1KStVH5+p8h02nzto4SrF74lR+4I0PyarTp6k5Ri8qKg9/8/1guA+bDNz4G0PytGNsQK
         SlLg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683336709; x=1685928709;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=QbTxYJIrfalCYzXyCjhhSUmz67kNheh66aN+akhEHWk=;
        b=XACTsUcalGOqLUSPS3gQTAicqauje5GILSNkr5JQ0OhvbwmIwdZ9asRKE13Nbry313
         3Xw6xSuAxhUFO11OKhRJ+9jKB8pPNv6ouzIp3w07EpjKH24JANLsBLNtEetcpKzAvr7d
         kOc2HWcdozviYldLz4H/BfUThAC/ej1G7iOYWEakH+O/FHUFlpNAnB8SmnYwSEOnwgDu
         KlPyvGxClv3UQgVJkFDoe0ox7hrA1Jf1apNfIj/6j2YgKzt1JrZcq5fxk7yjTLUwYi51
         SWDUE1o3lTBSdgWC5y7SadOWI2nW6koIbywUkdBdD5UIP7+stbeP7Y6N3EcJCxpV+txC
         gy9g==
X-Gm-Message-State: AC+VfDwPT3QANA3loD59wmHZXAz/C3WBe3JpdNQ8czk20yuwusU4/y8l
	Ztzs2lu0b2StsBHRdsVG8t1q5yoScHJmrRySIiALcf8gz7OMCDKZU7wrVlUt/EoIYjpjEZqF4MC
	K2oT/yAXCEIsecM48+iHAia1NI0YpnU3coiBrZU1ShismeL4B/fSBcvY/Mw==
X-Google-Smtp-Source: 
 ACHHUZ6+bMT2qUE8qYexYzBwG/ZiwbW6htxo82gL8HL5nwFwc0TUdqnY1SZ54LMlE1W2qQdKF+FLUEIx5KU=
X-Received: from drosen.mtv.corp.google.com
 ([2620:15c:211:201:6826:a1a:a426:bb4a])
 (user=drosen job=sendgmr) by 2002:a81:4045:0:b0:55a:613d:429f with SMTP id
 m5-20020a814045000000b0055a613d429fmr1922195ywn.2.1683336709283; Fri, 05 May
 2023 18:31:49 -0700 (PDT)
Date: Fri,  5 May 2023 18:31:32 -0700
In-Reply-To: <20230506013134.2492210-1-drosen@google.com>
Precedence: bulk
X-Mailing-List: bpf@vger.kernel.org
List-Id: <bpf.vger.kernel.org>
List-Subscribe: <mailto:bpf+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:bpf+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20230506013134.2492210-1-drosen@google.com>
X-Mailer: git-send-email 2.40.1.521.gf1e218fcd8-goog
Message-ID: <20230506013134.2492210-4-drosen@google.com>
Subject: [PATCH bpf-next v3 3/5] selftests/bpf: Check overflow in optional
 buffer
From: Daniel Rosenberg <drosen@google.com>
To: bpf@vger.kernel.org
Cc: Alexei Starovoitov <ast@kernel.org>,
 Daniel Borkmann <daniel@iogearbox.net>,
	John Fastabend <john.fastabend@gmail.com>,
 Andrii Nakryiko <andrii@kernel.org>,
	Martin KaFai Lau <martin.lau@linux.dev>, Song Liu <song@kernel.org>,
 Yonghong Song <yhs@fb.com>,
	KP Singh <kpsingh@kernel.org>, Stanislav Fomichev <sdf@google.com>,
 Hao Luo <haoluo@google.com>,
	Jiri Olsa <jolsa@kernel.org>, Shuah Khan <shuah@kernel.org>,
 Jonathan Corbet <corbet@lwn.net>,
	Joanne Koong <joannelkoong@gmail.com>, Mykola Lysenko <mykolal@fb.com>,
 linux-kernel@vger.kernel.org,
	linux-kselftest@vger.kernel.org, kernel-team@android.com,
	Daniel Rosenberg <drosen@google.com>
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
	SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL
	autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
X-Patchwork-Delegate: bpf@iogearbox.net

This ensures we still reject invalid memory accesses in buffers that are
marked optional.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
---
 .../testing/selftests/bpf/progs/dynptr_fail.c | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/tools/testing/selftests/bpf/progs/dynptr_fail.c b/tools/testing/selftests/bpf/progs/dynptr_fail.c
index efe4ce72d00e..c2f0e18af951 100644
--- a/tools/testing/selftests/bpf/progs/dynptr_fail.c
+++ b/tools/testing/selftests/bpf/progs/dynptr_fail.c
@@ -1665,3 +1665,23 @@ int clone_xdp_packet_data(struct xdp_md *xdp)
 
 	return 0;
 }
+
+/* Buffers that are provided must be sufficiently long */
+SEC("?cgroup_skb/egress")
+__failure __msg("memory, len pair leads to invalid memory access")
+int test_dynptr_skb_small_buff(struct __sk_buff *skb)
+{
+	struct bpf_dynptr ptr;
+	char buffer[8] = {};
+	__u64 *data;
+
+	if (bpf_dynptr_from_skb(skb, 0, &ptr)) {
+		err = 1;
+		return 1;
+	}
+
+	/* This may return NULL. SKB may require a buffer */
+	data = bpf_dynptr_slice(&ptr, 0, buffer, 9);
+
+	return !!data;
+}

From patchwork Sat May  6 01:31:33 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Daniel Rosenberg <drosen@google.com>
X-Patchwork-Id: 13233232
X-Patchwork-Delegate: bpf@iogearbox.net
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net
 [23.128.96.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0A03D1365
	for <bpf@vger.kernel.org>; Sat,  6 May 2023 01:31:55 +0000 (UTC)
Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com
 [IPv6:2607:f8b0:4864:20::b4a])
	by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E32E87289
	for <bpf@vger.kernel.org>; Fri,  5 May 2023 18:31:52 -0700 (PDT)
Received: by mail-yb1-xb4a.google.com with SMTP id
 3f1490d57ef6-b9a7e3fc659so5364142276.1
        for <bpf@vger.kernel.org>; Fri, 05 May 2023 18:31:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20221208; t=1683336711; x=1685928711;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=noqQTFIlV1didrxBB+dE4dD4wTuWXHoC2gsWWh71mN0=;
        b=A7WrekGhFBtviUe07eASnOsEN5eQOjONln//SJzN90P0dq/7aoZYKQNWGWUb0/pxX8
         17Xgy5Y/wecQTNRhXcUpON48bqSvod+CU0oz/gJnfxSfxAdbVUwGR5WKeSHFwl8hzzjA
         n394eeN+M0Ps+XOTymCWGimyWSpPTicDSD93VueMfqQrv2zWNoFiVmObNKdYPb43tL6T
         9m+jH7+LxrlkZUdSVVoUCETsDJNG+Os7lmdcr+hp8DeXQdQ+vS9ezc1aG9yNz9Uxmk8u
         hACmUGU/oHp265pa0tBla0yZtIloMb+FNYOhmgy9PpBBjkMhF6DGYGhjSoe6LQcJnIMN
         /Edg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683336711; x=1685928711;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=noqQTFIlV1didrxBB+dE4dD4wTuWXHoC2gsWWh71mN0=;
        b=Iz07a7iKO6tIC8xqXzv60Ub5c3wFnvGsDfr9jQbhGQXO51k9c2rZWTDSmd/9nSYW4w
         fk7l11Zz+w5yxDxtTm8LMA1AE2NXJESEGw5NU8oMwvXqYu8EVJGXKm2AujxZOlWgA7vF
         UmIMFF4RK/o/pyrr5JG2HVKgvqMBMC61ybW9bJR7UmuVJAXu/dCYLnPIVSsmQYW0t2in
         n1b6cCtvxYxVuVDw6nn0RdH+Rs30I4wDJaULDedmEliLdHjLHvatmeqM+O1wIROfy3vA
         b3cuBppORKa92Ive/xJuTN+wJdIAskMzQ/gVVQqlu09VRhxRaHAMaAzq2DKRZqVqAcLZ
         YqzA==
X-Gm-Message-State: AC+VfDxoaO1hSrq9DBiwiWMXIkCHS4lBGjY75kQ0mHrWCXVpKWMeDmY9
	SGi7HMlYBrSvcWE3lhhF/ZYz4j67+PTPRnVGKUbrxA6HtqZXGa1Z27mGUKLgrYUHaars+hKFlfP
	S7iaLs/A+Y/bi6bp9GY4osq8MlE/R6vdfMFs371+FQfFM0qkzZX7ytJjUeQ==
X-Google-Smtp-Source: 
 ACHHUZ4jAkCfhj/0qkPe2EbJCeuk7CdnGPeEz6q0HYyq5SD351NwAI0IIHutmYZUIFwtUnZ2cgWmvwb4PdU=
X-Received: from drosen.mtv.corp.google.com
 ([2620:15c:211:201:6826:a1a:a426:bb4a])
 (user=drosen job=sendgmr) by 2002:a25:d8cd:0:b0:b9a:703d:e650 with SMTP id
 p196-20020a25d8cd000000b00b9a703de650mr1515459ybg.7.1683336711412; Fri, 05
 May 2023 18:31:51 -0700 (PDT)
Date: Fri,  5 May 2023 18:31:33 -0700
In-Reply-To: <20230506013134.2492210-1-drosen@google.com>
Precedence: bulk
X-Mailing-List: bpf@vger.kernel.org
List-Id: <bpf.vger.kernel.org>
List-Subscribe: <mailto:bpf+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:bpf+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20230506013134.2492210-1-drosen@google.com>
X-Mailer: git-send-email 2.40.1.521.gf1e218fcd8-goog
Message-ID: <20230506013134.2492210-5-drosen@google.com>
Subject: [PATCH bpf-next v3 4/5] bpf: verifier: Accept dynptr mem as mem in
 helpers
From: Daniel Rosenberg <drosen@google.com>
To: bpf@vger.kernel.org
Cc: Alexei Starovoitov <ast@kernel.org>,
 Daniel Borkmann <daniel@iogearbox.net>,
	John Fastabend <john.fastabend@gmail.com>,
 Andrii Nakryiko <andrii@kernel.org>,
	Martin KaFai Lau <martin.lau@linux.dev>, Song Liu <song@kernel.org>,
 Yonghong Song <yhs@fb.com>,
	KP Singh <kpsingh@kernel.org>, Stanislav Fomichev <sdf@google.com>,
 Hao Luo <haoluo@google.com>,
	Jiri Olsa <jolsa@kernel.org>, Shuah Khan <shuah@kernel.org>,
 Jonathan Corbet <corbet@lwn.net>,
	Joanne Koong <joannelkoong@gmail.com>, Mykola Lysenko <mykolal@fb.com>,
 linux-kernel@vger.kernel.org,
	linux-kselftest@vger.kernel.org, kernel-team@android.com,
	Daniel Rosenberg <drosen@google.com>
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
	SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL
	autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
X-Patchwork-Delegate: bpf@iogearbox.net

This allows using memory retrieved from dynptrs with helper functions
that accept ARG_PTR_TO_MEM. For instance, results from bpf_dynptr_data
can be passed along to bpf_strncmp.

Signed-off-by: Daniel Rosenberg <drosen@google.com>
---
 kernel/bpf/verifier.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 7e6bbae9db81..754129d41225 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -7495,12 +7495,16 @@ static int check_reg_type(struct bpf_verifier_env *env, u32 regno,
 	 * ARG_PTR_TO_MEM + MAYBE_NULL is compatible with PTR_TO_MEM and PTR_TO_MEM + MAYBE_NULL,
 	 * but ARG_PTR_TO_MEM is compatible only with PTR_TO_MEM but NOT with PTR_TO_MEM + MAYBE_NULL
 	 *
+	 * ARG_PTR_TO_MEM is compatible with PTR_TO_MEM that is tagged with a dynptr type.
+	 *
 	 * Therefore we fold these flags depending on the arg_type before comparison.
 	 */
 	if (arg_type & MEM_RDONLY)
 		type &= ~MEM_RDONLY;
 	if (arg_type & PTR_MAYBE_NULL)
 		type &= ~PTR_MAYBE_NULL;
+	if (base_type(arg_type) == ARG_PTR_TO_MEM)
+		type &= ~DYNPTR_TYPE_FLAG_MASK;
 
 	if (meta->func_id == BPF_FUNC_kptr_xchg && type & MEM_ALLOC)
 		type &= ~MEM_ALLOC;

From patchwork Sat May  6 01:31:34 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Daniel Rosenberg <drosen@google.com>
X-Patchwork-Id: 13233233
X-Patchwork-Delegate: bpf@iogearbox.net
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net
 [23.128.96.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 46ECC1365
	for <bpf@vger.kernel.org>; Sat,  6 May 2023 01:31:57 +0000 (UTC)
Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com
 [IPv6:2607:f8b0:4864:20::b49])
	by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B95787A84
	for <bpf@vger.kernel.org>; Fri,  5 May 2023 18:31:54 -0700 (PDT)
Received: by mail-yb1-xb49.google.com with SMTP id
 3f1490d57ef6-b9a6eeea78cso21611201276.0
        for <bpf@vger.kernel.org>; Fri, 05 May 2023 18:31:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20221208; t=1683336714; x=1685928714;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=HpBXaqycDpeF1iiIRkKkU5q/FIeyp/QkzxqhW0Xulus=;
        b=EjAImXESIDfPwZ9hTfrYy5t7T/PaXqRElM81DJgaDdmyku00koV3RJuwLs0CjXuMrH
         QqxKeSjl2DRpviPJdfQpgpuUsjdK2dRS7YzYVp3Q6kjC7b122kwMli7b1PpS2xIWnG3Q
         rSmea63nSwQhq/99fsm8Qu80HuHARS9brKGSc2t503R704eAKxAD/8zpSXAKI2e5luGD
         dr7o6tyeENUuU3k8Fjq/x2rsYdMCccizaFRzIdNIjxamWCQEzd9UCHG9+5x+nLpgQFKd
         R1LtLS36OG44zs6if6mN0eloUv/VbbsSCd28EmizmI3nMHsop4hqGEEoaeptveFR4ra1
         uhMA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1683336714; x=1685928714;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=HpBXaqycDpeF1iiIRkKkU5q/FIeyp/QkzxqhW0Xulus=;
        b=EZGFu7GqTYWc6BKv2IS+xFJVKkAJY/9yZaPVjPah0RrI/wHSqK6EGDVUtwisSGyFn2
         r5JWpVo8wS/FejralrtsTnWq9Bu2xm9P/vtWESXfXO6rUAI5gx5hh2xnj8ERHAA9yisn
         SjyC7PJAM9UWsM9xQxCInmHBzzmAK3udYM7i1rEFg10b5bQ21MiW5qrThyxg2OLmpDnC
         /DV2VQKON5dH7m+yd+0WUVJ1sFLTPCPXyFyR0mDeCj1H+GBUWov9GLBruhOheEtYYuGU
         BIucHjZefIJ+AEge48PCOTlDbuf6Jk3v3+tjuEFNzVBDvlUPGk8d36Ez/NV0DqaOUuBR
         8TIg==
X-Gm-Message-State: AC+VfDyU2mySQx6XpQrsTLziI7DKLzvFWvjfedCWFtB5FmbyMGaTFCae
	uSCVilp8IB6qHQQXS9aJzwzTe8j4h955Yn1kEIGiMx6+OB/jdLdZjgl4kCOUWWMdVLY1nFe8iyi
	pZ812BwuctgFCwen4mECgwBU2NBhjm+WOeDXxBYWt5toAGSplG8LhPuzpVw==
X-Google-Smtp-Source: 
 ACHHUZ4A5/VQrgjM9CXLg0QZKufSjQAvXOBL5nKnEMH0jE2qlKOK/DEFBdZCQRuZx7hUTDgFmV9viNuQhQ4=
X-Received: from drosen.mtv.corp.google.com
 ([2620:15c:211:201:6826:a1a:a426:bb4a])
 (user=drosen job=sendgmr) by 2002:a25:6583:0:b0:b8e:efd8:f2c with SMTP id
 z125-20020a256583000000b00b8eefd80f2cmr1995609ybb.1.1683336713910; Fri, 05
 May 2023 18:31:53 -0700 (PDT)
Date: Fri,  5 May 2023 18:31:34 -0700
In-Reply-To: <20230506013134.2492210-1-drosen@google.com>
Precedence: bulk
X-Mailing-List: bpf@vger.kernel.org
List-Id: <bpf.vger.kernel.org>
List-Subscribe: <mailto:bpf+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:bpf+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20230506013134.2492210-1-drosen@google.com>
X-Mailer: git-send-email 2.40.1.521.gf1e218fcd8-goog
Message-ID: <20230506013134.2492210-6-drosen@google.com>
Subject: [PATCH bpf-next v3 5/5] selftests/bpf: Accept mem from dynptr in
 helper funcs
From: Daniel Rosenberg <drosen@google.com>
To: bpf@vger.kernel.org
Cc: Alexei Starovoitov <ast@kernel.org>,
 Daniel Borkmann <daniel@iogearbox.net>,
	John Fastabend <john.fastabend@gmail.com>,
 Andrii Nakryiko <andrii@kernel.org>,
	Martin KaFai Lau <martin.lau@linux.dev>, Song Liu <song@kernel.org>,
 Yonghong Song <yhs@fb.com>,
	KP Singh <kpsingh@kernel.org>, Stanislav Fomichev <sdf@google.com>,
 Hao Luo <haoluo@google.com>,
	Jiri Olsa <jolsa@kernel.org>, Shuah Khan <shuah@kernel.org>,
 Jonathan Corbet <corbet@lwn.net>,
	Joanne Koong <joannelkoong@gmail.com>, Mykola Lysenko <mykolal@fb.com>,
 linux-kernel@vger.kernel.org,
	linux-kselftest@vger.kernel.org, kernel-team@android.com,
	Daniel Rosenberg <drosen@google.com>
X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
	SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL
	autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
X-Patchwork-Delegate: bpf@iogearbox.net

This ensures that buffers retrieved from dynptr_data are allowed to be
passed in to helpers that take mem, like bpf_strncmp

Signed-off-by: Daniel Rosenberg <drosen@google.com>
---
 .../testing/selftests/bpf/prog_tests/dynptr.c |  1 +
 .../selftests/bpf/progs/dynptr_success.c      | 21 +++++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/tools/testing/selftests/bpf/prog_tests/dynptr.c b/tools/testing/selftests/bpf/prog_tests/dynptr.c
index 13d4b9ab16e7..7cfac53c0d58 100644
--- a/tools/testing/selftests/bpf/prog_tests/dynptr.c
+++ b/tools/testing/selftests/bpf/prog_tests/dynptr.c
@@ -27,6 +27,7 @@ static struct {
 	{"test_dynptr_is_rdonly", SETUP_SKB_PROG},
 	{"test_dynptr_clone", SETUP_SKB_PROG},
 	{"test_dynptr_skb_no_buff", SETUP_SKB_PROG},
+	{"test_dynptr_skb_strcmp", SETUP_SKB_PROG},
 };
 
 static void verify_success(const char *prog_name, enum test_setup_type setup_type)
diff --git a/tools/testing/selftests/bpf/progs/dynptr_success.c b/tools/testing/selftests/bpf/progs/dynptr_success.c
index d299ef3b4d1f..0c053976f8f9 100644
--- a/tools/testing/selftests/bpf/progs/dynptr_success.c
+++ b/tools/testing/selftests/bpf/progs/dynptr_success.c
@@ -522,3 +522,24 @@ int test_dynptr_skb_no_buff(struct __sk_buff *skb)
 
 	return !!data;
 }
+
+SEC("?cgroup_skb/egress")
+int test_dynptr_skb_strcmp(struct __sk_buff *skb)
+{
+	struct bpf_dynptr ptr;
+	char *data;
+
+	if (bpf_dynptr_from_skb(skb, 0, &ptr)) {
+		err = 1;
+		return 1;
+	}
+
+	/* This may return NULL. SKB may require a buffer */
+	data = bpf_dynptr_slice(&ptr, 0, NULL, 10);
+	if (data) {
+		bpf_strncmp(data, 10, "foo");
+		return 1;
+	}
+
+	return 1;
+}