From patchwork Fri Sep 6 13:56:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Borkmann X-Patchwork-Id: 13794231 X-Patchwork-Delegate: bpf@iogearbox.net Received: from www62.your-server.de (www62.your-server.de [213.133.104.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A0E8C1CEEA3 for ; Fri, 6 Sep 2024 13:56:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=213.133.104.62 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725630982; cv=none; b=HNwemckiacb6m5Epi17jXyLYripkmzo8ArHKGxAs2nv0aB2KDcO72EiVTYvSBC4Y446wrzx4kXi86+Gmg109LK3MrU4Q/xeoWchSoyO23A5z0MgMRVbJLO6ilHNVVoPn9YcY4h3MHZqLK/Uq3gGOQrWi2Aq+iOyxGlPf8JeoMVw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725630982; c=relaxed/simple; bh=Fgw5RC9RL2tEnxMC+WA/YKC/jIjukv7toG74PPH9jp8=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=JdQ4nziEyEAJVIECsumyBInC6t7mCvTwXUNZt+stHYuCDNQrkE56vcirq9gzA8BxApCvwr1zk5doQ86ZYBARrBBOUSw6AoTHxpmaDAYqp30+ponIsGggWBbgki0peuT8JDes1SpTO82OHmDPNr77AZyd7mTejGxNSZV3xuhIoVQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=iogearbox.net; spf=pass smtp.mailfrom=iogearbox.net; dkim=pass (2048-bit key) header.d=iogearbox.net header.i=@iogearbox.net header.b=kjLyUXLr; arc=none smtp.client-ip=213.133.104.62 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=iogearbox.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=iogearbox.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=iogearbox.net header.i=@iogearbox.net header.b="kjLyUXLr" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=iogearbox.net; s=default2302; h=Content-Transfer-Encoding:MIME-Version: Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References; bh=Gr5jAw7OlqlGPjjaOsSHO420mza/QBCJH8hGfimTmvI=; b=kjLyUXLrUFRrd5d/p9DEu9leHq U+e3gfagihAFRuxVC4viSkRLi92S5yYeT7Mwkspr9Sd0r8ny32YjfSTyyD9riKo4c5qHIP/O7H37K xUTEn28kL0hAZI3us9m/tqM/VgSYZbxmdyxwRZcE+mlDgPmFYRX4kpyYmDG2TtubndbjHSnGdx2sM oS9Kn3TDzGcQyKurx85Ui0FWkLBdnfqUz5yUkBMEmEid3g7Ws+BzeP0yNhrEUMkM899qmhYeMT/BP m7iCrqo0Y3oTcIy46okX6N1c+UMcbwVig+MG9YbIMZQZjM9UcyYZTRM/Y0GXxHYp6gXMq5/mYhJl+ aPt5DL5A==; Received: from 15.248.197.178.dynamic.cust.swisscom.net ([178.197.248.15] helo=localhost) by www62.your-server.de with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1smZRa-0001yi-LC; Fri, 06 Sep 2024 15:56:10 +0200 From: Daniel Borkmann To: bpf@vger.kernel.org Cc: shung-hsi.yu@suse.com, andrii@kernel.org, ast@kernel.org, kongln9170@gmail.com, Daniel Borkmann Subject: [PATCH bpf-next v4 1/8] bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit Date: Fri, 6 Sep 2024 15:56:01 +0200 Message-Id: <20240906135608.26477-1-daniel@iogearbox.net> X-Mailer: git-send-email 2.21.0 Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Authenticated-Sender: daniel@iogearbox.net X-Virus-Scanned: Clear (ClamAV 0.103.10/27390/Fri Sep 6 10:38:06 2024) X-Patchwork-Delegate: bpf@iogearbox.net The bpf_strtol() and bpf_strtoul() helpers are currently broken on 32bit: The argument type ARG_PTR_TO_LONG is BPF-side "long", not kernel-side "long" and therefore always considered fixed 64bit no matter if 64 or 32bit underlying architecture. This contract breaks in case of the two mentioned helpers since their BPF_CALL definition for the helpers was added with {unsigned,}long *res. Meaning, the transition from BPF-side "long" (BPF program) to kernel-side "long" (BPF helper) breaks here. Both helpers call __bpf_strtoll() with "long long" correctly, but later assigning the result into 32-bit "*(long *)" on 32bit architectures. From a BPF program point of view, this means upper bits will be seen as uninitialised. Therefore, fix both BPF_CALL signatures to {s,u}64 types to fix this situation. Now, changing also uapi/bpf.h helper documentation which generates bpf_helper_defs.h for BPF programs is tricky: Changing signatures there to __{s,u}64 would trigger compiler warnings (incompatible pointer types passing 'long *' to parameter of type '__s64 *' (aka 'long long *')) for existing BPF programs. Leaving the signatures as-is would be fine as from BPF program point of view it is still BPF-side "long" and thus equivalent to __{s,u}64 on 64 or 32bit underlying architectures. Note that bpf_strtol() and bpf_strtoul() are the only helpers with this issue. Fixes: d7a4cb9b6705 ("bpf: Introduce bpf_strtol and bpf_strtoul helpers") Reported-by: Alexei Starovoitov Signed-off-by: Daniel Borkmann Link: https://lore.kernel.org/bpf/481fcec8-c12c-9abb-8ecb-76c71c009959@iogearbox.net Acked-by: Andrii Nakryiko --- v3 -> v4: - added patch kernel/bpf/helpers.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c index 3956be5d6440..0cf42be52890 100644 --- a/kernel/bpf/helpers.c +++ b/kernel/bpf/helpers.c @@ -518,7 +518,7 @@ static int __bpf_strtoll(const char *buf, size_t buf_len, u64 flags, } BPF_CALL_4(bpf_strtol, const char *, buf, size_t, buf_len, u64, flags, - long *, res) + s64 *, res) { long long _res; int err; @@ -543,7 +543,7 @@ const struct bpf_func_proto bpf_strtol_proto = { }; BPF_CALL_4(bpf_strtoul, const char *, buf, size_t, buf_len, u64, flags, - unsigned long *, res) + u64 *, res) { unsigned long long _res; bool is_negative; From patchwork Fri Sep 6 13:56:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Borkmann X-Patchwork-Id: 13794229 X-Patchwork-Delegate: bpf@iogearbox.net Received: from www62.your-server.de (www62.your-server.de [213.133.104.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A0E251C86F2 for ; Fri, 6 Sep 2024 13:56:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=213.133.104.62 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725630981; cv=none; b=RaxIIpuR+rgvnROOMWGVc0QzcRu7cdLO7NZUJCuYRw5OiOD/e5bOrCmBaqjVEQPu0xmo0gxDO/FKGyENDybP8Sp3DhcptGyVBlatARRrZWICtJDhDvZ6ZNX7n7ELNkSmTD/mbzUjGvuFiqFI/89CaicCRzjv64kkC/SD7wmRBfk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725630981; c=relaxed/simple; bh=aSO8udBLKicPLF3+RFIDYapuu6Dk7h/9nchoe6BUh4A=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=iBQYZUn2zU2WS5dHlUeZFS6iOzRlZCuCOkQpkEMPM08BEDecCLh71uSIruc0WEMgR9y81w+AqNyqL8ChcERFDFRiWWQC0I9iCxecir3qEZIxswfCrouOlztQqi0eiQNJL/GENivs7FBq5ekIKe27YaTY673CN8dtJqZcLDnPjEw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=iogearbox.net; spf=pass smtp.mailfrom=iogearbox.net; dkim=pass (2048-bit key) header.d=iogearbox.net header.i=@iogearbox.net header.b=QCJ0wn1x; arc=none smtp.client-ip=213.133.104.62 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=iogearbox.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=iogearbox.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=iogearbox.net header.i=@iogearbox.net header.b="QCJ0wn1x" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=iogearbox.net; s=default2302; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID; bh=fglwQ15qRqlQDvZ3j8FVKvytf3IEa3sofEdEZAk3Bfo=; b=QCJ0wn1xlCdZrtqwXeSTwfz6kO z2gNbKvoKvBC2DrlCDHh3Hwfip1GCRT5Gn8xhtiAjBUutNBM+ZpD4ralEgmy8Lyg1WtTKZdpeMA7x K39UE1BDFfVRusAZHOEoIkYrW+YuEBQ+VEq/ewsSFkyPg7tT0Q0nMEfz8/mNdoouwsNFJpq3dbh9V LNQfGap6yvRYBU9EH3JE204+y1JtRHIPTaamoGwtDSiVwopF7FAPKmWq9ljMh5r8TT+0a6IGf5SCF p3OLpMMZJ3m6WxDqzNc/c4BcZHQtXvYcBzrb+BqtH6o8XJh7coJHmB3hrkK+vNBheMVqAAbtG7/4m YEiOLOjA==; Received: from 15.248.197.178.dynamic.cust.swisscom.net ([178.197.248.15] helo=localhost) by www62.your-server.de with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1smZRb-0001yo-7X; Fri, 06 Sep 2024 15:56:11 +0200 From: Daniel Borkmann To: bpf@vger.kernel.org Cc: shung-hsi.yu@suse.com, andrii@kernel.org, ast@kernel.org, kongln9170@gmail.com, Daniel Borkmann Subject: [PATCH bpf-next v4 2/8] bpf: Remove truncation test in bpf_strtol and bpf_strtoul helpers Date: Fri, 6 Sep 2024 15:56:02 +0200 Message-Id: <20240906135608.26477-2-daniel@iogearbox.net> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20240906135608.26477-1-daniel@iogearbox.net> References: <20240906135608.26477-1-daniel@iogearbox.net> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Authenticated-Sender: daniel@iogearbox.net X-Virus-Scanned: Clear (ClamAV 0.103.10/27390/Fri Sep 6 10:38:06 2024) X-Patchwork-Delegate: bpf@iogearbox.net Both bpf_strtol() and bpf_strtoul() helpers passed a temporary "long long" respectively "unsigned long long" to __bpf_strtoll() / __bpf_strtoull(). Later, the result was checked for truncation via _res != ({unsigned,} long)_res as the destination buffer for the BPF helpers was of type {unsigned,} long which is 32bit on 32bit architectures. Given the latter was a bug in the helper signatures where the destination buffer got adjusted to {s,u}64, the truncation check can now be removed. Signed-off-by: Daniel Borkmann Acked-by: Andrii Nakryiko --- v3 -> v4: - added patch kernel/bpf/helpers.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c index 0cf42be52890..5404bb964d83 100644 --- a/kernel/bpf/helpers.c +++ b/kernel/bpf/helpers.c @@ -526,8 +526,6 @@ BPF_CALL_4(bpf_strtol, const char *, buf, size_t, buf_len, u64, flags, err = __bpf_strtoll(buf, buf_len, flags, &_res); if (err < 0) return err; - if (_res != (long)_res) - return -ERANGE; *res = _res; return err; } @@ -554,8 +552,6 @@ BPF_CALL_4(bpf_strtoul, const char *, buf, size_t, buf_len, u64, flags, return err; if (is_negative) return -EINVAL; - if (_res != (unsigned long)_res) - return -ERANGE; *res = _res; return err; } From patchwork Fri Sep 6 13:56:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Borkmann X-Patchwork-Id: 13794234 X-Patchwork-Delegate: bpf@iogearbox.net Received: from www62.your-server.de (www62.your-server.de [213.133.104.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 69C761CEEBB for ; Fri, 6 Sep 2024 13:56:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=213.133.104.62 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725630983; cv=none; b=LEDHWWNJzvfCvlJJZFZ0tzq77PHbon1+JlMxqZ2DqiVyBG+lhSwU0tHw/Yc0E0qJwjlHhvfp3zDUW8tD4cE4OBA/vvksANzveoidfr8e2Ss5DD7IOJKxiTcrornu9ILK2v7zW8+MNFNbx+HePH4a5i/aIZjG2N7mi/7YnLoVZ3A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725630983; c=relaxed/simple; bh=LcuExBXuIeOaj2nEUNHiPr5NbZ/o0tahMloQGld+gSc=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=nSjQDCpKmFU2Cj3ETJqFwcFSF0MJnuREESAOhxuFxlle73OSaAyFvKY+lwM1UpF2/SYfR+SuYMbCgQK9Ws/mx36ZZXsPl9AjNtwLx/BApbojAe2u3SOoYqag9pj4//WG8L3MvbTpjG+m2aa7iJ60r5ficU6r9Cq+8H2sDPqpmYA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=iogearbox.net; spf=pass smtp.mailfrom=iogearbox.net; dkim=pass (2048-bit key) header.d=iogearbox.net header.i=@iogearbox.net header.b=ZHLjnl0z; arc=none smtp.client-ip=213.133.104.62 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=iogearbox.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=iogearbox.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=iogearbox.net header.i=@iogearbox.net header.b="ZHLjnl0z" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=iogearbox.net; s=default2302; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID; bh=hyDpDyHMw3aHikUsJoegcPUHMidTedR1d1QtP4TT7o0=; b=ZHLjnl0znYLw0EorbQ5/OUhM5m jqJBxvPHAL9fsY5cJYWuwtWqNKIGkxwLLbH272eWhQH7ZwA9AutAM3uO9FFQSrKuO7yOTBTo0QS1w UPqqsdnj0PO0ucJytCHRuM53LroG0imzzoak+4na9G6KrMGnJdSMuirMNSH1Mr823WNCS/YUEkSpp 5XTSWjQKaNFH6GJkvmVIYI+2QooB+tvfOiV+5S8TjIyUP8DacOrSl7YzbulqZHz4g8cSjY0AFuSx8 e2AWwRLjALO29uhEqpXI1xAHcl4E9gAZ+9l+N+pCjmS2/WCBUDkVpS6J9QbeKtqrpFHwdQnyMeG1z O4Y8Wl9Q==; Received: from 15.248.197.178.dynamic.cust.swisscom.net ([178.197.248.15] helo=localhost) by www62.your-server.de with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1smZRb-0001yw-Pg; Fri, 06 Sep 2024 15:56:11 +0200 From: Daniel Borkmann To: bpf@vger.kernel.org Cc: shung-hsi.yu@suse.com, andrii@kernel.org, ast@kernel.org, kongln9170@gmail.com, Daniel Borkmann Subject: [PATCH bpf-next v4 3/8] bpf: Fix helper writes to read-only maps Date: Fri, 6 Sep 2024 15:56:03 +0200 Message-Id: <20240906135608.26477-3-daniel@iogearbox.net> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20240906135608.26477-1-daniel@iogearbox.net> References: <20240906135608.26477-1-daniel@iogearbox.net> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Authenticated-Sender: daniel@iogearbox.net X-Virus-Scanned: Clear (ClamAV 0.103.10/27390/Fri Sep 6 10:38:06 2024) X-Patchwork-Delegate: bpf@iogearbox.net Lonial found an issue that despite user- and BPF-side frozen BPF map (like in case of .rodata), it was still possible to write into it from a BPF program side through specific helpers having ARG_PTR_TO_{LONG,INT} as arguments. In check_func_arg() when the argument is as mentioned, the meta->raw_mode is never set. Later, check_helper_mem_access(), under the case of PTR_TO_MAP_VALUE as register base type, it assumes BPF_READ for the subsequent call to check_map_access_type() and given the BPF map is read-only it succeeds. The helpers really need to be annotated as ARG_PTR_TO_{LONG,INT} | MEM_UNINIT when results are written into them as opposed to read out of them. The latter indicates that it's okay to pass a pointer to uninitialized memory as the memory is written to anyway. However, ARG_PTR_TO_{LONG,INT} is a special case of ARG_PTR_TO_FIXED_SIZE_MEM just with additional alignment requirement. So it is better to just get rid of the ARG_PTR_TO_{LONG,INT} special cases altogether and reuse the fixed size memory types. For this, add MEM_ALIGNED to additionally ensure alignment given these helpers write directly into the args via * = val. The .arg*_size has been initialized reflecting the actual sizeof(*). MEM_ALIGNED can only be used in combination with MEM_FIXED_SIZE annotated argument types, since in !MEM_FIXED_SIZE cases the verifier does not know the buffer size a priori and therefore cannot blindly write * = val. Fixes: 57c3bb725a3d ("bpf: Introduce ARG_PTR_TO_{INT,LONG} arg types") Reported-by: Lonial Con Signed-off-by: Daniel Borkmann Acked-by: Andrii Nakryiko Acked-by: Shung-Hsi Yu --- v1 -> v2: - switch to MEM_FIXED_SIZE v3 -> v4: - fixed 64bit in strto{u,}l (Alexei) include/linux/bpf.h | 7 +++++-- kernel/bpf/helpers.c | 8 ++++++-- kernel/bpf/syscall.c | 4 +++- kernel/bpf/verifier.c | 38 +++++--------------------------------- kernel/trace/bpf_trace.c | 8 ++++++-- net/core/filter.c | 8 ++++++-- 6 files changed, 31 insertions(+), 42 deletions(-) diff --git a/include/linux/bpf.h b/include/linux/bpf.h index 6f87fb014fba..6a61ed4266b6 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -695,6 +695,11 @@ enum bpf_type_flag { /* DYNPTR points to xdp_buff */ DYNPTR_TYPE_XDP = BIT(16 + BPF_BASE_TYPE_BITS), + /* Memory must be aligned on some architectures, used in combination with + * MEM_FIXED_SIZE. + */ + MEM_ALIGNED = BIT(17 + BPF_BASE_TYPE_BITS), + __BPF_TYPE_FLAG_MAX, __BPF_TYPE_LAST_FLAG = __BPF_TYPE_FLAG_MAX - 1, }; @@ -732,8 +737,6 @@ enum bpf_arg_type { ARG_ANYTHING, /* any (initialized) argument is ok */ ARG_PTR_TO_SPIN_LOCK, /* pointer to bpf_spin_lock */ ARG_PTR_TO_SOCK_COMMON, /* pointer to sock_common */ - ARG_PTR_TO_INT, /* pointer to int */ - ARG_PTR_TO_LONG, /* pointer to long */ ARG_PTR_TO_SOCKET, /* pointer to bpf_sock (fullsock) */ ARG_PTR_TO_BTF_ID, /* pointer to in-kernel struct */ ARG_PTR_TO_RINGBUF_MEM, /* pointer to dynamically reserved ringbuf memory */ diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c index 5404bb964d83..0587d0c2375a 100644 --- a/kernel/bpf/helpers.c +++ b/kernel/bpf/helpers.c @@ -537,7 +537,9 @@ const struct bpf_func_proto bpf_strtol_proto = { .arg1_type = ARG_PTR_TO_MEM | MEM_RDONLY, .arg2_type = ARG_CONST_SIZE, .arg3_type = ARG_ANYTHING, - .arg4_type = ARG_PTR_TO_LONG, + .arg4_type = ARG_PTR_TO_FIXED_SIZE_MEM | + MEM_UNINIT | MEM_ALIGNED, + .arg4_size = sizeof(s64), }; BPF_CALL_4(bpf_strtoul, const char *, buf, size_t, buf_len, u64, flags, @@ -563,7 +565,9 @@ const struct bpf_func_proto bpf_strtoul_proto = { .arg1_type = ARG_PTR_TO_MEM | MEM_RDONLY, .arg2_type = ARG_CONST_SIZE, .arg3_type = ARG_ANYTHING, - .arg4_type = ARG_PTR_TO_LONG, + .arg4_type = ARG_PTR_TO_FIXED_SIZE_MEM | + MEM_UNINIT | MEM_ALIGNED, + .arg4_size = sizeof(u64), }; BPF_CALL_3(bpf_strncmp, const char *, s1, u32, s1_sz, const char *, s2) diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index fc62f5c4faf9..feb276771c03 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -5954,7 +5954,9 @@ static const struct bpf_func_proto bpf_kallsyms_lookup_name_proto = { .arg1_type = ARG_PTR_TO_MEM, .arg2_type = ARG_CONST_SIZE_OR_ZERO, .arg3_type = ARG_ANYTHING, - .arg4_type = ARG_PTR_TO_LONG, + .arg4_type = ARG_PTR_TO_FIXED_SIZE_MEM | + MEM_UNINIT | MEM_ALIGNED, + .arg4_size = sizeof(u64), }; static const struct bpf_func_proto * diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 53d0556fbbf3..3a0801933a79 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -8301,16 +8301,6 @@ static bool arg_type_is_dynptr(enum bpf_arg_type type) return base_type(type) == ARG_PTR_TO_DYNPTR; } -static int int_ptr_type_to_size(enum bpf_arg_type type) -{ - if (type == ARG_PTR_TO_INT) - return sizeof(u32); - else if (type == ARG_PTR_TO_LONG) - return sizeof(u64); - - return -EINVAL; -} - static int resolve_map_arg_type(struct bpf_verifier_env *env, const struct bpf_call_arg_meta *meta, enum bpf_arg_type *arg_type) @@ -8383,16 +8373,6 @@ static const struct bpf_reg_types mem_types = { }, }; -static const struct bpf_reg_types int_ptr_types = { - .types = { - PTR_TO_STACK, - PTR_TO_PACKET, - PTR_TO_PACKET_META, - PTR_TO_MAP_KEY, - PTR_TO_MAP_VALUE, - }, -}; - static const struct bpf_reg_types spin_lock_types = { .types = { PTR_TO_MAP_VALUE, @@ -8453,8 +8433,6 @@ static const struct bpf_reg_types *compatible_reg_types[__BPF_ARG_TYPE_MAX] = { [ARG_PTR_TO_SPIN_LOCK] = &spin_lock_types, [ARG_PTR_TO_MEM] = &mem_types, [ARG_PTR_TO_RINGBUF_MEM] = &ringbuf_mem_types, - [ARG_PTR_TO_INT] = &int_ptr_types, - [ARG_PTR_TO_LONG] = &int_ptr_types, [ARG_PTR_TO_PERCPU_BTF_ID] = &percpu_btf_ptr_types, [ARG_PTR_TO_FUNC] = &func_ptr_types, [ARG_PTR_TO_STACK] = &stack_ptr_types, @@ -9020,6 +8998,11 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 arg, err = check_helper_mem_access(env, regno, fn->arg_size[arg], false, meta); + if (err) + return err; + if (arg_type & MEM_ALIGNED) + err = check_ptr_alignment(env, reg, 0, + fn->arg_size[arg], true); } break; case ARG_CONST_SIZE: @@ -9044,17 +9027,6 @@ static int check_func_arg(struct bpf_verifier_env *env, u32 arg, if (err) return err; break; - case ARG_PTR_TO_INT: - case ARG_PTR_TO_LONG: - { - int size = int_ptr_type_to_size(arg_type); - - err = check_helper_mem_access(env, regno, size, false, meta); - if (err) - return err; - err = check_ptr_alignment(env, reg, 0, size, true); - break; - } case ARG_PTR_TO_CONST_STR: { err = check_reg_const_str(env, reg, regno); diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index 98e395f1baae..b444f3d8e2f8 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -1202,7 +1202,9 @@ static const struct bpf_func_proto bpf_get_func_arg_proto = { .ret_type = RET_INTEGER, .arg1_type = ARG_PTR_TO_CTX, .arg2_type = ARG_ANYTHING, - .arg3_type = ARG_PTR_TO_LONG, + .arg3_type = ARG_PTR_TO_FIXED_SIZE_MEM | + MEM_UNINIT | MEM_ALIGNED, + .arg3_size = sizeof(u64), }; BPF_CALL_2(get_func_ret, void *, ctx, u64 *, value) @@ -1218,7 +1220,9 @@ static const struct bpf_func_proto bpf_get_func_ret_proto = { .func = get_func_ret, .ret_type = RET_INTEGER, .arg1_type = ARG_PTR_TO_CTX, - .arg2_type = ARG_PTR_TO_LONG, + .arg2_type = ARG_PTR_TO_FIXED_SIZE_MEM | + MEM_UNINIT | MEM_ALIGNED, + .arg2_size = sizeof(u64), }; BPF_CALL_1(get_func_arg_cnt, void *, ctx) diff --git a/net/core/filter.c b/net/core/filter.c index ecf2ddf633bf..4be175f84eb9 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -6346,7 +6346,9 @@ static const struct bpf_func_proto bpf_skb_check_mtu_proto = { .ret_type = RET_INTEGER, .arg1_type = ARG_PTR_TO_CTX, .arg2_type = ARG_ANYTHING, - .arg3_type = ARG_PTR_TO_INT, + .arg3_type = ARG_PTR_TO_FIXED_SIZE_MEM | + MEM_UNINIT | MEM_ALIGNED, + .arg3_size = sizeof(u32), .arg4_type = ARG_ANYTHING, .arg5_type = ARG_ANYTHING, }; @@ -6357,7 +6359,9 @@ static const struct bpf_func_proto bpf_xdp_check_mtu_proto = { .ret_type = RET_INTEGER, .arg1_type = ARG_PTR_TO_CTX, .arg2_type = ARG_ANYTHING, - .arg3_type = ARG_PTR_TO_INT, + .arg3_type = ARG_PTR_TO_FIXED_SIZE_MEM | + MEM_UNINIT | MEM_ALIGNED, + .arg3_size = sizeof(u32), .arg4_type = ARG_ANYTHING, .arg5_type = ARG_ANYTHING, }; From patchwork Fri Sep 6 13:56:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Borkmann X-Patchwork-Id: 13794230 X-Patchwork-Delegate: bpf@iogearbox.net Received: from www62.your-server.de (www62.your-server.de [213.133.104.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 69D201CF29B for ; Fri, 6 Sep 2024 13:56:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=213.133.104.62 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725630982; cv=none; b=eWxglWchN7BPYOity8apjVngXWm6/Mm9AFR9FjpYGQNlHF3edi1025NUD3itARvFX0P/ysLt/iRxK1u8p3+fINHqQzgoQQ9IXWo2wyaiBH0kqAE3PKwAl4cWEfync23lzGtOWuZ8r5RiYMlaKkdrM9Eys8phQFZxIq+I9/8NIPU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725630982; c=relaxed/simple; bh=5p8wEmvNKp8VN7fMxFNT1p3q8XWH37cEhxx/EYIf64Q=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=QIqgJMOFFsfekW3QF4dF4dYKOVu6BbxzokFqkjfWKVHhNDia/iaVPbNdkAWMBNEiql0lRzwpwn561yrKgTwaoQqSVrBq5jEJ+5NqZylUec0307pflx2WVMGUmgAOpaiSaSx0LXoKVFxVUM9VzPe+mB+p1v9D671ex19a4YvqZaQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=iogearbox.net; spf=pass smtp.mailfrom=iogearbox.net; dkim=pass (2048-bit key) header.d=iogearbox.net header.i=@iogearbox.net header.b=aH1nKpMO; arc=none smtp.client-ip=213.133.104.62 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=iogearbox.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=iogearbox.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=iogearbox.net header.i=@iogearbox.net header.b="aH1nKpMO" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=iogearbox.net; s=default2302; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID; bh=Od00HE5PArnBef8YSwojfsKnQqJijINDhFWQooh5dCQ=; b=aH1nKpMOTyUE2lwDe3/vPlOlFL eZ+Hi5rSsXQcLI97OFA4IG5BQi2dDU/72upFaKS83A7kRYZV4PteaKZwaHvFVKxkNnF9lpNv8vRFy 2E4LeM+9PFW2TcQPgjaLQfTcURJJL9cF3q8PBJfLggYp3u0hYJKknOh4aH1U2HEyqPg6Y4UX7Gsqj rK1VOlPlIkYDVcWNWz+FbEehHrlKijjA+bGaA66af/zxILjvWJOKsFzZRrbBQQochp5+ypjJ9J8ID +PVP04pbnJBRuS+GhpiH7ftBdzMbEEvC1ejaX7vYgx2zzO2fUB4DJG7FhdPL0679wEA/Q0QBwKDYn X+hCMdPw==; Received: from 15.248.197.178.dynamic.cust.swisscom.net ([178.197.248.15] helo=localhost) by www62.your-server.de with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1smZRc-0001z6-Bw; Fri, 06 Sep 2024 15:56:12 +0200 From: Daniel Borkmann To: bpf@vger.kernel.org Cc: shung-hsi.yu@suse.com, andrii@kernel.org, ast@kernel.org, kongln9170@gmail.com, Daniel Borkmann Subject: [PATCH bpf-next v4 4/8] bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types Date: Fri, 6 Sep 2024 15:56:04 +0200 Message-Id: <20240906135608.26477-4-daniel@iogearbox.net> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20240906135608.26477-1-daniel@iogearbox.net> References: <20240906135608.26477-1-daniel@iogearbox.net> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Authenticated-Sender: daniel@iogearbox.net X-Virus-Scanned: Clear (ClamAV 0.103.10/27390/Fri Sep 6 10:38:06 2024) X-Patchwork-Delegate: bpf@iogearbox.net When checking malformed helper function signatures, also take other argument types into account aside from just ARG_PTR_TO_UNINIT_MEM. This concerns (formerly) ARG_PTR_TO_{INT,LONG} given uninitialized memory can be passed there, too. The func proto sanity check goes back to commit 435faee1aae9 ("bpf, verifier: add ARG_PTR_TO_RAW_STACK type"), and its purpose was to detect wrong func protos which had more than just one MEM_UNINIT-tagged type as arguments. The reason more than one is currently not supported is as we mark stack slots with STACK_MISC in check_helper_call() in case of raw mode based on meta.access_size to allow uninitialized stack memory to be passed to helpers when they just write into the buffer. Probing for base type as well as MEM_UNINIT tagging ensures that other types do not get missed (as it used to be the case for ARG_PTR_TO_{INT,LONG}). Fixes: 57c3bb725a3d ("bpf: Introduce ARG_PTR_TO_{INT,LONG} arg types") Reported-by: Shung-Hsi Yu Signed-off-by: Daniel Borkmann Acked-by: Andrii Nakryiko Acked-by: Shung-Hsi Yu --- v1 -> v2: - new patch (Shung-Hsi) v2 -> v3: - base_type(type) was needed also kernel/bpf/verifier.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 3a0801933a79..a1bbe4b401af 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -8291,6 +8291,12 @@ static bool arg_type_is_mem_size(enum bpf_arg_type type) type == ARG_CONST_SIZE_OR_ZERO; } +static bool arg_type_is_raw_mem(enum bpf_arg_type type) +{ + return base_type(type) == ARG_PTR_TO_MEM && + type & MEM_UNINIT; +} + static bool arg_type_is_release(enum bpf_arg_type type) { return type & OBJ_RELEASE; @@ -9343,15 +9349,15 @@ static bool check_raw_mode_ok(const struct bpf_func_proto *fn) { int count = 0; - if (fn->arg1_type == ARG_PTR_TO_UNINIT_MEM) + if (arg_type_is_raw_mem(fn->arg1_type)) count++; - if (fn->arg2_type == ARG_PTR_TO_UNINIT_MEM) + if (arg_type_is_raw_mem(fn->arg2_type)) count++; - if (fn->arg3_type == ARG_PTR_TO_UNINIT_MEM) + if (arg_type_is_raw_mem(fn->arg3_type)) count++; - if (fn->arg4_type == ARG_PTR_TO_UNINIT_MEM) + if (arg_type_is_raw_mem(fn->arg4_type)) count++; - if (fn->arg5_type == ARG_PTR_TO_UNINIT_MEM) + if (arg_type_is_raw_mem(fn->arg5_type)) count++; /* We only support one arg being in raw mode at the moment, From patchwork Fri Sep 6 13:56:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Borkmann X-Patchwork-Id: 13794233 X-Patchwork-Delegate: bpf@iogearbox.net Received: from www62.your-server.de (www62.your-server.de [213.133.104.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 69CCE1CF290 for ; Fri, 6 Sep 2024 13:56:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=213.133.104.62 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725630983; cv=none; b=AS93OIDit4ZSryKy6hqJIrFnC/lAQh/QAPG1h7PhZVr//eCzDzahw9MiFjaZCUrxXPL1QR1gilU1Pb2bN6B9fS5lM2VHHCCFz43fAQAGWmuDckYxxCwTPNJ88ixnIqoUoN80CUuz1kxSG7Hyw9aDO4ajw/tQcg9hyTt/KgqTVaY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725630983; c=relaxed/simple; bh=mOLqmcaj6NfBRTZVi/SyNZIiHuYz0BYonof+zJ3aA0w=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=VL6esw5eDspUpmorTevL6djOXoe4ZWTrAQzIWZzlSufz35IRcWXmYmzm8z/KySfp3AR0kKOetA/Q3vtfp93UTH1lfvgN0QnxSzy0IxejnnCuV+5j9/SO/HVCP1PQv8M/VxDqcBpn7i2M9SEI8+o2hbw+7sPQr1LNxKt4bSxct04= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=iogearbox.net; spf=pass smtp.mailfrom=iogearbox.net; dkim=pass (2048-bit key) header.d=iogearbox.net header.i=@iogearbox.net header.b=HNUsqHrs; arc=none smtp.client-ip=213.133.104.62 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=iogearbox.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=iogearbox.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=iogearbox.net header.i=@iogearbox.net header.b="HNUsqHrs" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=iogearbox.net; s=default2302; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID; bh=hg9Nw2K/PwHqvGvwP5rsyT5iX/6zIzoEGXXOTrrrCuc=; b=HNUsqHrsQ0Yh3/L5Q7wtBpxLL/ CqIsOZW7zJStUjcz+fBIlyJfyVFxauuiE6Ou0hOkvtwLcGlWqRh6nNibaOPUun0GfYSrWUwkUng5J YR3ZuZjeQuON6KKpTWnC2qdQVJC20ZpHuKoO2dmeQo9K26HuFS287rdPXfKTdKW2uFRpAFIM/rgmZ 7PR2X6EdIqCeSKnG2PhyguwGGDnd6/TQa5P6zuIrnn/rcPKnTpmbFfsPrRgIi/wc4jqrpYaG3+j3n wR3WTXAJZkzjBiWpueDdPvXOlI1OPuRyUQMJa1EJdEbFsDcIuLvhRORmOum9Z16Xmqa8Uey5N7RUP ZvO704sg==; Received: from 15.248.197.178.dynamic.cust.swisscom.net ([178.197.248.15] helo=localhost) by www62.your-server.de with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1smZRc-0001zH-SV; Fri, 06 Sep 2024 15:56:12 +0200 From: Daniel Borkmann To: bpf@vger.kernel.org Cc: shung-hsi.yu@suse.com, andrii@kernel.org, ast@kernel.org, kongln9170@gmail.com, Daniel Borkmann Subject: [PATCH bpf-next v4 5/8] bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error Date: Fri, 6 Sep 2024 15:56:05 +0200 Message-Id: <20240906135608.26477-5-daniel@iogearbox.net> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20240906135608.26477-1-daniel@iogearbox.net> References: <20240906135608.26477-1-daniel@iogearbox.net> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Authenticated-Sender: daniel@iogearbox.net X-Virus-Scanned: Clear (ClamAV 0.103.10/27390/Fri Sep 6 10:38:06 2024) X-Patchwork-Delegate: bpf@iogearbox.net For all non-tracing helpers which formerly had ARG_PTR_TO_{LONG,INT} as input arguments, zero the value for the case of an error as otherwise it could leak memory. For tracing, it is not needed given CAP_PERFMON can already read all kernel memory anyway hence bpf_get_func_arg() and bpf_get_func_ret() is skipped in here. Also, rearrange the MTU checker helpers a bit to among other nit fixes consolidate flag checks such that we only need to zero in one location with regards to malformed flag inputs. Fixes: 8a67f2de9b1d ("bpf: expose bpf_strtol and bpf_strtoul to all program types") Fixes: d7a4cb9b6705 ("bpf: Introduce bpf_strtol and bpf_strtoul helpers") Signed-off-by: Daniel Borkmann --- v1 -> v2: - only set *mtu_len in error path (Alexei) kernel/bpf/helpers.c | 2 ++ kernel/bpf/syscall.c | 1 + net/core/filter.c | 35 +++++++++++++++++------------------ 3 files changed, 20 insertions(+), 18 deletions(-) diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c index 0587d0c2375a..ff66a0522799 100644 --- a/kernel/bpf/helpers.c +++ b/kernel/bpf/helpers.c @@ -523,6 +523,7 @@ BPF_CALL_4(bpf_strtol, const char *, buf, size_t, buf_len, u64, flags, long long _res; int err; + *res = 0; err = __bpf_strtoll(buf, buf_len, flags, &_res); if (err < 0) return err; @@ -549,6 +550,7 @@ BPF_CALL_4(bpf_strtoul, const char *, buf, size_t, buf_len, u64, flags, bool is_negative; int err; + *res = 0; err = __bpf_strtoull(buf, buf_len, flags, &_res, &is_negative); if (err < 0) return err; diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index feb276771c03..513b4301a0af 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -5934,6 +5934,7 @@ static const struct bpf_func_proto bpf_sys_close_proto = { BPF_CALL_4(bpf_kallsyms_lookup_name, const char *, name, int, name_sz, int, flags, u64 *, res) { + *res = 0; if (flags) return -EINVAL; diff --git a/net/core/filter.c b/net/core/filter.c index 4be175f84eb9..c219385e7bb4 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -6264,18 +6264,19 @@ BPF_CALL_5(bpf_skb_check_mtu, struct sk_buff *, skb, int skb_len, dev_len; int mtu; - if (unlikely(flags & ~(BPF_MTU_CHK_SEGS))) - return -EINVAL; - - if (unlikely(flags & BPF_MTU_CHK_SEGS && (len_diff || *mtu_len))) + if (unlikely((flags & ~(BPF_MTU_CHK_SEGS)) || + (flags & BPF_MTU_CHK_SEGS && (len_diff || *mtu_len)))) { + *mtu_len = 0; return -EINVAL; + } dev = __dev_via_ifindex(dev, ifindex); - if (unlikely(!dev)) + if (unlikely(!dev)) { + *mtu_len = 0; return -ENODEV; + } mtu = READ_ONCE(dev->mtu); - dev_len = mtu + dev->hard_header_len; /* If set use *mtu_len as input, L3 as iph->tot_len (like fib_lookup) */ @@ -6286,10 +6287,10 @@ BPF_CALL_5(bpf_skb_check_mtu, struct sk_buff *, skb, ret = BPF_MTU_CHK_RET_SUCCESS; goto out; } - /* At this point, skb->len exceed MTU, but as it include length of all - * segments, it can still be below MTU. The SKB can possibly get - * re-segmented in transmit path (see validate_xmit_skb). Thus, user - * must choose if segs are to be MTU checked. + /* At this point, skb->len exceeds MTU, but as it includes the length + * of all segments, it can still be below MTU. The skb can possibly + * get re-segmented in transmit path (see validate_xmit_skb). Thus, + * the user must choose if segments are to be MTU checked. */ if (skb_is_gso(skb)) { ret = BPF_MTU_CHK_RET_SUCCESS; @@ -6299,9 +6300,7 @@ BPF_CALL_5(bpf_skb_check_mtu, struct sk_buff *, skb, ret = BPF_MTU_CHK_RET_SEGS_TOOBIG; } out: - /* BPF verifier guarantees valid pointer */ *mtu_len = mtu; - return ret; } @@ -6314,16 +6313,18 @@ BPF_CALL_5(bpf_xdp_check_mtu, struct xdp_buff *, xdp, int mtu, dev_len; /* XDP variant doesn't support multi-buffer segment check (yet) */ - if (unlikely(flags)) + if (unlikely(flags)) { + *mtu_len = 0; return -EINVAL; + } dev = __dev_via_ifindex(dev, ifindex); - if (unlikely(!dev)) + if (unlikely(!dev)) { + *mtu_len = 0; return -ENODEV; + } mtu = READ_ONCE(dev->mtu); - - /* Add L2-header as dev MTU is L3 size */ dev_len = mtu + dev->hard_header_len; /* Use *mtu_len as input, L3 as iph->tot_len (like fib_lookup) */ @@ -6334,9 +6335,7 @@ BPF_CALL_5(bpf_xdp_check_mtu, struct xdp_buff *, xdp, if (xdp_len > dev_len) ret = BPF_MTU_CHK_RET_FRAG_NEEDED; - /* BPF verifier guarantees valid pointer */ *mtu_len = mtu; - return ret; } From patchwork Fri Sep 6 13:56:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Borkmann X-Patchwork-Id: 13794232 X-Patchwork-Delegate: bpf@iogearbox.net Received: from www62.your-server.de (www62.your-server.de [213.133.104.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B814C1CF2A1 for ; Fri, 6 Sep 2024 13:56:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=213.133.104.62 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725630983; cv=none; b=enSZM3HJNwBARjGD0CLGPx7AljHSMsG+7eEDtYMXhodeJg+oBPF47aeLLthQUwJK5BdZ/1RiSxdy4Mwm7RLLVRgihQrHMub3pLioaF9iRY6SWKa8iPCSXywkS7XxLrJIs78DuWdz3EqVFE/nBJK+r6tt09vK2A7Fi9l2f0rWX2k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725630983; c=relaxed/simple; bh=C7x3Qhn8K0myir3LhvG6UkAeYGwz4eBOQ00P3679p/I=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=cq/JP+ZephECva/rHUihzqCcHZbaWjCGEs2GZYT6JesfsNR/FYqjplAH3GBbjgWvsqUYp6dy4pVkAHMX+ubGuSx8SWQgQlGa023lW8WQgo2wLm/rI22JY5FFpCrcQ28CuQTIP5v9hl7VBL98Xeah6oj1zlo4ojiHlCT2zjlwtEs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=iogearbox.net; spf=pass smtp.mailfrom=iogearbox.net; dkim=pass (2048-bit key) header.d=iogearbox.net header.i=@iogearbox.net header.b=o57J4bKq; arc=none smtp.client-ip=213.133.104.62 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=iogearbox.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=iogearbox.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=iogearbox.net header.i=@iogearbox.net header.b="o57J4bKq" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=iogearbox.net; s=default2302; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID; bh=4t2IOyFua47v4U1VF+xfta9q145bR/4r5FS//oQXIak=; b=o57J4bKqWbV/1PdPLJadGvNZgF 9ZTd+StzWbA7WCVtjYV3WIX8AdQ7SS1w73AjozMf3qUKqIqRB3fvHZ4GY0NxhtHKw2UExxdQV1+2j Sf7Kr0YwvEg417AhlBrSgkXV224FStTfTvA/jSYbRuHnMLAkHsIkin9k4964+QD6fHlRfNqvnKVtW JElILz1bPDKGnSOoHBsfB6l9F/6kTS5x01y4tAxe/FfSfUYv/YXk3LgWohY65I0jP4jjmfjMig1m2 nmiuYDnoWQpN9dTmO2bbxAe7q4MiGbonQ7oJ/OjD8ShRgbJ3WBiPvpg9GGYmoiJpjdExRpgZSTr41 bgxGOrtA==; Received: from 15.248.197.178.dynamic.cust.swisscom.net ([178.197.248.15] helo=localhost) by www62.your-server.de with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1smZRd-0001zU-EA; Fri, 06 Sep 2024 15:56:13 +0200 From: Daniel Borkmann To: bpf@vger.kernel.org Cc: shung-hsi.yu@suse.com, andrii@kernel.org, ast@kernel.org, kongln9170@gmail.com, Daniel Borkmann Subject: [PATCH bpf-next v4 6/8] selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test Date: Fri, 6 Sep 2024 15:56:06 +0200 Message-Id: <20240906135608.26477-6-daniel@iogearbox.net> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20240906135608.26477-1-daniel@iogearbox.net> References: <20240906135608.26477-1-daniel@iogearbox.net> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Authenticated-Sender: daniel@iogearbox.net X-Virus-Scanned: Clear (ClamAV 0.103.10/27390/Fri Sep 6 10:38:06 2024) X-Patchwork-Delegate: bpf@iogearbox.net The assumption of 'in privileged mode reads from uninitialized stack locations are permitted' is not quite correct since the verifier was probing for read access rather than write access. Both tests need to be annotated as __success for privileged and unprivileged. Signed-off-by: Daniel Borkmann Acked-by: Andrii Nakryiko --- tools/testing/selftests/bpf/progs/verifier_int_ptr.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/tools/testing/selftests/bpf/progs/verifier_int_ptr.c b/tools/testing/selftests/bpf/progs/verifier_int_ptr.c index 9fc3fae5cd83..87206803c025 100644 --- a/tools/testing/selftests/bpf/progs/verifier_int_ptr.c +++ b/tools/testing/selftests/bpf/progs/verifier_int_ptr.c @@ -8,7 +8,6 @@ SEC("socket") __description("ARG_PTR_TO_LONG uninitialized") __success -__failure_unpriv __msg_unpriv("invalid indirect read from stack R4 off -16+0 size 8") __naked void arg_ptr_to_long_uninitialized(void) { asm volatile (" \ @@ -36,9 +35,7 @@ __naked void arg_ptr_to_long_uninitialized(void) SEC("socket") __description("ARG_PTR_TO_LONG half-uninitialized") -/* in privileged mode reads from uninitialized stack locations are permitted */ -__success __failure_unpriv -__msg_unpriv("invalid indirect read from stack R4 off -16+4 size 8") +__success __retval(0) __naked void ptr_to_long_half_uninitialized(void) { From patchwork Fri Sep 6 13:56:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Borkmann X-Patchwork-Id: 13794235 X-Patchwork-Delegate: bpf@iogearbox.net Received: from www62.your-server.de (www62.your-server.de [213.133.104.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4D97F1CF2BE for ; Fri, 6 Sep 2024 13:56:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=213.133.104.62 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725630983; cv=none; b=JJsqul++OD7lL35jAfn1R9kPyoOGmSAePRMpFzs5u8kBSRniYLtsyLKoj0+La85pdgItVKzw4hz1AGge66w7qXhOtPbjZlO4A6aBPK/Qxt1ABzMQXDlJdL323h9w3eT9tv4fKIl09SRk1Mnd2xQzVaewpN4efoBDwKqcIiZAr8o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725630983; c=relaxed/simple; bh=jtHROiy8ztZAO6s3m9hHUwUDBEjxrCHdHNJWqzybUuM=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=aE2uzj0i5ly+Mz6YGBcKftJZX5QMdr10MtBDDQqY+hmC41vcdsxaez9lLdAxVwy6LRoHz8EQB/s5gT8wHYnrv5pjlOB38vOlzsYRhv83jAdgfHr+SnGLBq5ZioJkAO5h66Iqd4K24XgRpbBeuYI3TRc/ebIMIZnQ/CdduG6iC+U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=iogearbox.net; spf=pass smtp.mailfrom=iogearbox.net; dkim=pass (2048-bit key) header.d=iogearbox.net header.i=@iogearbox.net header.b=Kl+MyOH8; arc=none smtp.client-ip=213.133.104.62 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=iogearbox.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=iogearbox.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=iogearbox.net header.i=@iogearbox.net header.b="Kl+MyOH8" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=iogearbox.net; s=default2302; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID; bh=UQb/Mq4JBwlTVzgEJDhEBykB0OnacQBYbFi0HQkTpG4=; b=Kl+MyOH8QsrlwGRHd+iaPEH6b2 00jxHWAkv61okSRY1/7U1HfgniDehlrJUIXvQFf4Pavrm716a0OXojtZ9bIk1EvjvAV6EkofdepEO kHr0AytJuJU3XFDIgCHqIbI6qhkwe6TvXInuOWMokwXY1TM0x1AWz19EETXsfPb+AZ6fupRRCSwKS aUgSo9Qgk6PaRvHVCYueCqAgDIjebn5/+5TXRSZzWvKFVL3AK+VvA6JONb7bXZtIWlW0FtR7rkaoY O0gQwKU/r2Jb5Z1+3+elgmfYjdc3zSnWo29y9X1ELXrJCNCLV+ruH+aDEyJk20G/gCZxNx0PjkgKO bfrn2vhQ==; Received: from 15.248.197.178.dynamic.cust.swisscom.net ([178.197.248.15] helo=localhost) by www62.your-server.de with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1smZRd-0001zf-Vu; Fri, 06 Sep 2024 15:56:13 +0200 From: Daniel Borkmann To: bpf@vger.kernel.org Cc: shung-hsi.yu@suse.com, andrii@kernel.org, ast@kernel.org, kongln9170@gmail.com, Daniel Borkmann Subject: [PATCH bpf-next v4 7/8] selftests/bpf: Rename ARG_PTR_TO_LONG test description Date: Fri, 6 Sep 2024 15:56:07 +0200 Message-Id: <20240906135608.26477-7-daniel@iogearbox.net> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20240906135608.26477-1-daniel@iogearbox.net> References: <20240906135608.26477-1-daniel@iogearbox.net> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Authenticated-Sender: daniel@iogearbox.net X-Virus-Scanned: Clear (ClamAV 0.103.10/27390/Fri Sep 6 10:38:06 2024) X-Patchwork-Delegate: bpf@iogearbox.net Given we got rid of ARG_PTR_TO_LONG, change the test case description to avoid potential confusion: # ./vmtest.sh -- ./test_progs -t verifier_int_ptr [...] ./test_progs -t verifier_int_ptr [ 1.610563] bpf_testmod: loading out-of-tree module taints kernel. [ 1.611049] bpf_testmod: module verification failed: signature and/or required key missing - tainting kernel #489/1 verifier_int_ptr/arg pointer to long uninitialized:OK #489/2 verifier_int_ptr/arg pointer to long half-uninitialized:OK #489/3 verifier_int_ptr/arg pointer to long misaligned:OK #489/4 verifier_int_ptr/arg pointer to long size < sizeof(long):OK #489/5 verifier_int_ptr/arg pointer to long initialized:OK #489 verifier_int_ptr:OK Summary: 1/5 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Daniel Borkmann --- v1 -> v2: - new patch tools/testing/selftests/bpf/progs/verifier_int_ptr.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tools/testing/selftests/bpf/progs/verifier_int_ptr.c b/tools/testing/selftests/bpf/progs/verifier_int_ptr.c index 87206803c025..5f2efb895edb 100644 --- a/tools/testing/selftests/bpf/progs/verifier_int_ptr.c +++ b/tools/testing/selftests/bpf/progs/verifier_int_ptr.c @@ -6,7 +6,7 @@ #include "bpf_misc.h" SEC("socket") -__description("ARG_PTR_TO_LONG uninitialized") +__description("arg pointer to long uninitialized") __success __naked void arg_ptr_to_long_uninitialized(void) { @@ -34,7 +34,7 @@ __naked void arg_ptr_to_long_uninitialized(void) } SEC("socket") -__description("ARG_PTR_TO_LONG half-uninitialized") +__description("arg pointer to long half-uninitialized") __success __retval(0) __naked void ptr_to_long_half_uninitialized(void) @@ -64,7 +64,7 @@ __naked void ptr_to_long_half_uninitialized(void) } SEC("cgroup/sysctl") -__description("ARG_PTR_TO_LONG misaligned") +__description("arg pointer to long misaligned") __failure __msg("misaligned stack access off 0+-20+0 size 8") __naked void arg_ptr_to_long_misaligned(void) { @@ -95,7 +95,7 @@ __naked void arg_ptr_to_long_misaligned(void) } SEC("cgroup/sysctl") -__description("ARG_PTR_TO_LONG size < sizeof(long)") +__description("arg pointer to long size < sizeof(long)") __failure __msg("invalid indirect access to stack R4 off=-4 size=8") __naked void to_long_size_sizeof_long(void) { @@ -124,7 +124,7 @@ __naked void to_long_size_sizeof_long(void) } SEC("cgroup/sysctl") -__description("ARG_PTR_TO_LONG initialized") +__description("arg pointer to long initialized") __success __naked void arg_ptr_to_long_initialized(void) { From patchwork Fri Sep 6 13:56:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Borkmann X-Patchwork-Id: 13794236 X-Patchwork-Delegate: bpf@iogearbox.net Received: from www62.your-server.de (www62.your-server.de [213.133.104.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4B4501CF2B8 for ; Fri, 6 Sep 2024 13:56:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=213.133.104.62 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725630984; cv=none; b=Z1oRMYbAO3W6n9pDvAtp2f9INCZn22VUKTsYYxc42k9IqlcLp6JkQeYS1H7rXSqcN4IfKx7Z78yApX5M83212mSJlxdP5jyPOpBAdlq8+GDqLy0cD0jU2yWWoMnH2HsmpiWuqozbZpYmDujt+UYT3Xbcuz+V5MWVE8VjW5ycl5k= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1725630984; c=relaxed/simple; bh=VrXzW/2RAtqjLM4Fu9WGuZA10fCiBj22p0Fs+rEwe8s=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=X/pbZmPh+c+wwc53iAVlWLNXfXTDl/X8FKzWxb4WnlDfpYX33ndDr+zB7vkO7NkFTszMizwwcPqu1eK6NMAB9+UnK3hzr+TLcjO6CDtsr0umQR+biy0Bt61/SNeQuXKC6UTkLd8XPITaUpKJlNbjHgYrFN+R7QO/146N5eDmuBQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=iogearbox.net; spf=pass smtp.mailfrom=iogearbox.net; dkim=pass (2048-bit key) header.d=iogearbox.net header.i=@iogearbox.net header.b=ct00P1JR; arc=none smtp.client-ip=213.133.104.62 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=iogearbox.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=iogearbox.net Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=iogearbox.net header.i=@iogearbox.net header.b="ct00P1JR" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=iogearbox.net; s=default2302; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID; bh=KFNLab3cIsER8Aljjj6meWCJpb+FGLpJck1PnjUyTcQ=; b=ct00P1JRv4OwVEWK+TXy0TWgf3 7/LlHWXssDr7EuGIJjJ0y4h/m3vPChBX0aURxzUGlmAv2jwXZKsgcWSK18nkoNKpk5AqxHU5VZtKf ETCKtpGHWjaCghgTFI5k7+uXJLh4e1iOt9bUgNhpIGc1+UzH1+46AdPbHq3meRyXzU8B0IPoX9fu2 7hRE5jGpmdB6v9rkmSPN0QbXIOjE5KA1Skn2gC6Mx6S/X0TeUEay0z6SJIDG3ftUxdqWPwe6p2CIb q564KAS+ncrmu1/rvwfhHo/yl5ik+3QOpRtoGg1LobDGkXAeJgKcwbhposP05+rES4sHgLF1V59YZ yVcuD0bA==; Received: from 15.248.197.178.dynamic.cust.swisscom.net ([178.197.248.15] helo=localhost) by www62.your-server.de with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1smZRe-0001zp-HS; Fri, 06 Sep 2024 15:56:14 +0200 From: Daniel Borkmann To: bpf@vger.kernel.org Cc: shung-hsi.yu@suse.com, andrii@kernel.org, ast@kernel.org, kongln9170@gmail.com, Daniel Borkmann Subject: [PATCH bpf-next v4 8/8] selftests/bpf: Add a test case to write into .rodata Date: Fri, 6 Sep 2024 15:56:08 +0200 Message-Id: <20240906135608.26477-8-daniel@iogearbox.net> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20240906135608.26477-1-daniel@iogearbox.net> References: <20240906135608.26477-1-daniel@iogearbox.net> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Authenticated-Sender: daniel@iogearbox.net X-Virus-Scanned: Clear (ClamAV 0.103.10/27390/Fri Sep 6 10:38:06 2024) X-Patchwork-Delegate: bpf@iogearbox.net Add a test case which attempts to write into .rodata section of the BPF program, and for comparison this adds test cases also for .bss and .data section. Before fix: # ./vmtest.sh -- ./test_progs -t verifier_const [...] ./test_progs -t verifier_const tester_init:PASS:tester_log_buf 0 nsec process_subtest:PASS:obj_open_mem 0 nsec process_subtest:PASS:specs_alloc 0 nsec run_subtest:PASS:obj_open_mem 0 nsec run_subtest:FAIL:unexpected_load_success unexpected success: 0 #465/1 verifier_const/rodata: write rejected:FAIL #465/2 verifier_const/bss: write accepted:OK #465/3 verifier_const/data: write accepted:OK #465 verifier_const:FAIL [...] After fix: # ./vmtest.sh -- ./test_progs -t verifier_const [...] ./test_progs -t verifier_const #465/1 verifier_const/rodata: write rejected:OK #465/2 verifier_const/bss: write accepted:OK #465/3 verifier_const/data: write accepted:OK #465 verifier_const:OK [...] Signed-off-by: Daniel Borkmann Acked-by: Shung-Hsi Yu Acked-by: Andrii Nakryiko --- v1 -> v2: - const volatile long (Andrii) .../selftests/bpf/prog_tests/verifier.c | 2 + .../selftests/bpf/progs/verifier_const.c | 42 +++++++++++++++++++ 2 files changed, 44 insertions(+) create mode 100644 tools/testing/selftests/bpf/progs/verifier_const.c diff --git a/tools/testing/selftests/bpf/prog_tests/verifier.c b/tools/testing/selftests/bpf/prog_tests/verifier.c index df398e714dff..e26b5150fc43 100644 --- a/tools/testing/selftests/bpf/prog_tests/verifier.c +++ b/tools/testing/selftests/bpf/prog_tests/verifier.c @@ -21,6 +21,7 @@ #include "verifier_cgroup_inv_retcode.skel.h" #include "verifier_cgroup_skb.skel.h" #include "verifier_cgroup_storage.skel.h" +#include "verifier_const.skel.h" #include "verifier_const_or.skel.h" #include "verifier_ctx.skel.h" #include "verifier_ctx_sk_msg.skel.h" @@ -146,6 +147,7 @@ void test_verifier_cfg(void) { RUN(verifier_cfg); } void test_verifier_cgroup_inv_retcode(void) { RUN(verifier_cgroup_inv_retcode); } void test_verifier_cgroup_skb(void) { RUN(verifier_cgroup_skb); } void test_verifier_cgroup_storage(void) { RUN(verifier_cgroup_storage); } +void test_verifier_const(void) { RUN(verifier_const); } void test_verifier_const_or(void) { RUN(verifier_const_or); } void test_verifier_ctx(void) { RUN(verifier_ctx); } void test_verifier_ctx_sk_msg(void) { RUN(verifier_ctx_sk_msg); } diff --git a/tools/testing/selftests/bpf/progs/verifier_const.c b/tools/testing/selftests/bpf/progs/verifier_const.c new file mode 100644 index 000000000000..5158dbea8c43 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/verifier_const.c @@ -0,0 +1,42 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (c) 2024 Isovalent */ + +#include +#include +#include "bpf_misc.h" + +const volatile long foo = 42; +long bar; +long bart = 96; + +SEC("tc/ingress") +__description("rodata: write rejected") +__failure __msg("write into map forbidden") +int tcx1(struct __sk_buff *skb) +{ + char buff[] = { '8', '4', '\0' }; + bpf_strtol(buff, sizeof(buff), 0, (long *)&foo); + return TCX_PASS; +} + +SEC("tc/ingress") +__description("bss: write accepted") +__success +int tcx2(struct __sk_buff *skb) +{ + char buff[] = { '8', '4', '\0' }; + bpf_strtol(buff, sizeof(buff), 0, &bar); + return TCX_PASS; +} + +SEC("tc/ingress") +__description("data: write accepted") +__success +int tcx3(struct __sk_buff *skb) +{ + char buff[] = { '8', '4', '\0' }; + bpf_strtol(buff, sizeof(buff), 0, &bart); + return TCX_PASS; +} + +char LICENSE[] SEC("license") = "GPL";