[PATCH bpf-next v5 9/9] selftests/bpf: Add a test case to write mtu result into .rodata

Daniel Borkmann <daniel@xxxxxxxxxxxxx> · Fri, 13 Sep 2024 21:17:54 +0200

Add a test which attempts to call bpf_check_mtu() and writes the MTU
into .rodata section of the BPF program, and for comparison this adds
test cases also for .bss and .data section again. The bpf_check_mtu()
is a bit more special in that the passed mtu argument is read and
written by the helper (instead of just written to). Assert that writes
into .rodata remain rejected by the verifier.

  # ./vmtest.sh -- ./test_progs -t verifier_const
  [...]
  ./test_progs -t verifier_const
  [    1.657367] bpf_testmod: loading out-of-tree module taints kernel.
  [    1.657773] bpf_testmod: module verification failed: signature and/or required key missing - tainting kernel
  #473/1   verifier_const/rodata/strtol: write rejected:OK
  #473/2   verifier_const/bss/strtol: write accepted:OK
  #473/3   verifier_const/data/strtol: write accepted:OK
  #473/4   verifier_const/rodata/mtu: write rejected:OK
  #473/5   verifier_const/bss/mtu: write accepted:OK
  #473/6   verifier_const/data/mtu: write accepted:OK
  #473     verifier_const:OK
  [...]
  Summary: 2/10 PASSED, 0 SKIPPED, 0 FAILED

For comparison, without the MEM_UNINIT on bpf_check_mtu's proto:

  # ./vmtest.sh -- ./test_progs -t verifier_const
  [...]
  #473/3   verifier_const/data/strtol: write accepted:OK
  run_subtest:PASS:obj_open_mem 0 nsec
  run_subtest:FAIL:unexpected_load_success unexpected success: 0
  #473/4   verifier_const/rodata/mtu: write rejected:FAIL
  #473/5   verifier_const/bss/mtu: write accepted:OK
  #473/6   verifier_const/data/mtu: write accepted:OK
  #473     verifier_const:FAIL
  [...]

Signed-off-by: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
---
 v4 -> v5:
 - new patch

 .../selftests/bpf/progs/verifier_const.c      | 33 +++++++++++++++++--
 1 file changed, 30 insertions(+), 3 deletions(-)

diff --git a/tools/testing/selftests/bpf/progs/verifier_const.c b/tools/testing/selftests/bpf/progs/verifier_const.c
index 5158dbea8c43..2e533d7eec2f 100644
--- a/tools/testing/selftests/bpf/progs/verifier_const.c
+++ b/tools/testing/selftests/bpf/progs/verifier_const.c
@@ -10,7 +10,7 @@ long bar;
 long bart = 96;
 
 SEC("tc/ingress")
-__description("rodata: write rejected")
+__description("rodata/strtol: write rejected")
 __failure __msg("write into map forbidden")
 int tcx1(struct __sk_buff *skb)
 {
@@ -20,7 +20,7 @@ int tcx1(struct __sk_buff *skb)
 }
 
 SEC("tc/ingress")
-__description("bss: write accepted")
+__description("bss/strtol: write accepted")
 __success
 int tcx2(struct __sk_buff *skb)
 {
@@ -30,7 +30,7 @@ int tcx2(struct __sk_buff *skb)
 }
 
 SEC("tc/ingress")
-__description("data: write accepted")
+__description("data/strtol: write accepted")
 __success
 int tcx3(struct __sk_buff *skb)
 {
@@ -39,4 +39,31 @@ int tcx3(struct __sk_buff *skb)
 	return TCX_PASS;
 }
 
+SEC("tc/ingress")
+__description("rodata/mtu: write rejected")
+__failure __msg("write into map forbidden")
+int tcx4(struct __sk_buff *skb)
+{
+	bpf_check_mtu(skb, skb->ifindex, (__u32 *)&foo, 0, 0);
+	return TCX_PASS;
+}
+
+SEC("tc/ingress")
+__description("bss/mtu: write accepted")
+__success
+int tcx5(struct __sk_buff *skb)
+{
+	bpf_check_mtu(skb, skb->ifindex, (__u32 *)&bar, 0, 0);
+	return TCX_PASS;
+}
+
+SEC("tc/ingress")
+__description("data/mtu: write accepted")
+__success
+int tcx6(struct __sk_buff *skb)
+{
+	bpf_check_mtu(skb, skb->ifindex, (__u32 *)&bart, 0, 0);
+	return TCX_PASS;
+}
+
 char LICENSE[] SEC("license") = "GPL";
-- 
2.43.0








