Re: [PATCH bpf-next v5 7/9] selftests/bpf: Test kptr arrays and kptrs in nested struct fields.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, 2024-05-10 at 16:04 -0700, Kui-Feng Lee wrote:

[...]


> I am not sure if I read you question correctly.
> 
> For example, we have 3 correct info.
> 
>   [info(offset=0x8), info(offset=0x10), info(offset=0x18)]
> 
> And We have program that includes 3 instructions to access the offset 
> 0x8, 0x10, and 0x18. (let's assume these load instructions would be 
> checked against infos)
> 
>   load r1, [0x8]
>   load r1, [0x10]
>   load r1, [0x18]
> 
> If everything works as expected, the verifier would accept the program.
> 
> Otherwise, like you said, all 3 info are pointing to the same offset.
> 
>   [info(0offset=0x8), info(offset=0x8), info(offset=0x8)]
> 
> Then, the later two instructions should fail the check.

I think it would be in reverse.
If for some offset there is no record of special semantics
verifier would threat the load as a regular memory access.

However, there is a btf.c:btf_struct_access(), which would report
an error if offset within a special field is accessed directly:

int btf_struct_access(struct bpf_verifier_log *log,
		      const struct bpf_reg_state *reg,
		      int off, int size, enum bpf_access_type atype __maybe_unused,
		      u32 *next_btf_id, enum bpf_type_flag *flag,
		      const char **field_name)
{
	...
	struct btf_struct_meta *meta;
	struct btf_record *rec;
	int i;

	meta = btf_find_struct_meta(btf, id);
	if (!meta)
		break;
	rec = meta->record;
	for (i = 0; i < rec->cnt; i++) {
		struct btf_field *field = &rec->fields[i];
		u32 offset = field->offset;
		if (off < offset + btf_field_type_size(field->type) && offset < off + size) {
			bpf_log(log,
				"direct access to %s is disallowed\n",
				btf_field_type_name(field->type));
			return -EACCES;
		}
	}
	break;
}

So it looks like we need a test with a following structure:

- global definition using an array, e.g. with a size of 3
- program #1 doing a direct access at offset of element #1, expect load time error message
- program #2 doing a direct access at offset of element #2, expect load time error message
- program #3 doing a direct access at offset of element #3, expect load time error message
If some of the offsets is computed incorrectly the error message will not be printed.

(And these could be packed as progs/verifier_*.c tests)
And some similar tests with different levels of nested arrays and structures.
But this looks a bit ugly/bulky.
Wdyt?
>
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux