On Mon, Mar 13, 2023 at 04:58:45PM -0700, Alexei Starovoitov wrote:
> From: Alexei Starovoitov <ast@xxxxxxxxxx>
>
> Add various tests to check helper access into ptr_to_btf_id.
>
> Signed-off-by: Alexei Starovoitov <ast@xxxxxxxxxx>
Thanks a lot for the quick turnaround on this.
LGTM, just left one small nit below.
Acked-by: David Vernet <void@xxxxxxxxxxxxx>
> ---
> .../selftests/bpf/progs/task_kfunc_failure.c | 36 +++++++++++++++++++
> .../selftests/bpf/progs/task_kfunc_success.c | 4 +++
> 2 files changed, 40 insertions(+)
>
> diff --git a/tools/testing/selftests/bpf/progs/task_kfunc_failure.c b/tools/testing/selftests/bpf/progs/task_kfunc_failure.c
> index 002c7f69e47f..27994d6b2914 100644
> --- a/tools/testing/selftests/bpf/progs/task_kfunc_failure.c
> +++ b/tools/testing/selftests/bpf/progs/task_kfunc_failure.c
> @@ -301,3 +301,39 @@ int BPF_PROG(task_kfunc_from_lsm_task_free, struct task_struct *task)
> bpf_task_release(acquired);
> return 0;
> }
> +
> +SEC("tp_btf/task_newtask")
> +__failure __msg("access beyond the end of member comm")
> +int BPF_PROG(task_access_comm1, struct task_struct *task, u64 clone_flags)
> +{
> + bpf_strncmp(task->comm, 17, "foo");
Instead of 17, can you do either TASK_COMM_LEN + 1, or
sizeof(task->comm) + 1, to make the test a bit less brittle? Applies to
the other testcases as well.
> + return 0;
> +}
> +
> +SEC("tp_btf/task_newtask")
> +__failure __msg("access beyond the end of member comm")
> +int BPF_PROG(task_access_comm2, struct task_struct *task, u64 clone_flags)
> +{
> + bpf_strncmp(task->comm + 1, 16, "foo");
> + return 0;
> +}
> +
> +SEC("tp_btf/task_newtask")
> +__failure __msg("write into memory")
> +int BPF_PROG(task_access_comm3, struct task_struct *task, u64 clone_flags)
> +{
> + bpf_probe_read_kernel(task->comm, 16, task->comm);
> + return 0;
> +}
> +
> +SEC("fentry/__set_task_comm")
> +__failure __msg("R1 type=ptr_ expected")
> +int BPF_PROG(task_access_comm4, struct task_struct *task, const char *buf, bool exec)
> +{
> + /*
> + * task->comm is a legacy ptr_to_btf_id. The verifier cannot guarantee
> + * its safety. Hence it cannot be accessed with normal load insns.
> + */
> + bpf_strncmp(task->comm, 16, "foo");
> + return 0;
> +}
> diff --git a/tools/testing/selftests/bpf/progs/task_kfunc_success.c b/tools/testing/selftests/bpf/progs/task_kfunc_success.c
> index aebc4bb14e7d..4f61596b0242 100644
> --- a/tools/testing/selftests/bpf/progs/task_kfunc_success.c
> +++ b/tools/testing/selftests/bpf/progs/task_kfunc_success.c
> @@ -207,6 +207,10 @@ int BPF_PROG(test_task_from_pid_invalid, struct task_struct *task, u64 clone_fla
> if (!is_test_kfunc_task())
> return 0;
>
> + bpf_strncmp(task->comm, 12, "foo");
> + bpf_strncmp(task->comm, 16, "foo");
> + bpf_strncmp(&task->comm[8], 4, "foo");
> +
> if (is_pid_lookup_valid(-1)) {
> err = 1;
> return 0;
> --
> 2.34.1
>
