Re: [PATCH 2/2] selftests/bpf: add negative tests for relaxed fixed offset constraint on trusted pointer arguments

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 17 Jun 2024 at 15:44, Matt Bobrowski <mattbobrowski@xxxxxxxxxx> wrote:
>
> Adding some new negative selftests which are responsible for asserting
> that the new relaxed fixed offset constraints applicable to BPF
> helpers and kfuncs taking trusted pointer arguments are enforced
> correctly by the BPF verifier.
>
> The BPF programs contained within the new negative selftests are
> mainly responsible for triggering the various branches and checks
> performed within the check_release_arg_reg_off() helper.
>
> Signed-off-by: Matt Bobrowski <mattbobrowski@xxxxxxxxxx>
> ---

With the stuff below addressed, please add:
Acked-by: Kumar Kartikeya Dwivedi <memxor@xxxxxxxxx>

I believe sockmap map_update and dynptr ones are also providing
positive coverage (given previous versions made them fail), so I think
focusing on negative cases is good enough here. I guess bpf_sk_release
is also covered by existing ones.

Still it'd be good to add a few more cases if you find any, as Eduard
suggested, just to make sure we're not missing anything.

> [...]
> +SEC("tp_btf/task_newtask")
> +__failure
> +__msg("variable trusted_ptr_ access var_off=(0x0; 0xffffffffffffffff) disallowed")
> +int BPF_PROG(trusted_type_match_mismatch_neg_var_off, struct task_struct *task,
> +            u64 clone_flags)
> +{
> +       s64 var_off = task->start_time;
> +       task = bpf_get_current_task_btf();
> +
> +       bpf_assert_range(var_off, -64, 64);
> +       /* Need one bpf_throw() reference, otherwise BTF gen fails. */
> +       if (!task)
> +               bpf_throw(1);

It seems s390x is failing because it doesn't have support for throw.
So I'd just drop this selftest, since on second thought I think it
doesn't provide any additional coverage than the pos var_off one.

> +
> +       task = (void *)task + var_off;
> +       /* Passing a trusted pointer with an incorrect variable offset, type
> +        * match will succeed due to reg->off == 0, but the later call to
> +        * __check_ptr_off_reg should fail as it's responsible for checking
> +        * reg->var_off.
> +        */
> +       task = bpf_task_acquire(task);
> +       return 0;
> +}
> +
> +char _license[] SEC("license") = "GPL";
> --
> 2.45.2.627.g7a2c4fd464-goog
>
> /M
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux