On Tue, May 2, 2023 at 5:43 PM Martin KaFai Lau <martin.lau@xxxxxxxxx> wrote:
>
> On 5/2/23 5:29 PM, Martin KaFai Lau wrote:
> > On 5/1/23 12:48 PM, Stanislav Fomichev wrote:
> >> Instead of assuming EFAULT, let's assume the BPF program's
> >> output is ignored.
> >>
> >> Remove "getsockopt: deny arbitrary ctx->retval" because it
> >> was actually testing optlen. We have separate set of tests
> >> for retval.
> >>
> >> Signed-off-by: Stanislav Fomichev <sdf@xxxxxxxxxx>
> >> ---
> >> .../selftests/bpf/prog_tests/sockopt.c | 98 +++++++++++++++++--
> >> 1 file changed, 92 insertions(+), 6 deletions(-)
> >>
> >> diff --git a/tools/testing/selftests/bpf/prog_tests/sockopt.c
> >> b/tools/testing/selftests/bpf/prog_tests/sockopt.c
> >> index aa4debf62fc6..a7bc9dc93ce0 100644
> >> --- a/tools/testing/selftests/bpf/prog_tests/sockopt.c
> >> +++ b/tools/testing/selftests/bpf/prog_tests/sockopt.c
> >> @@ -5,6 +5,10 @@
> >> static char bpf_log_buf[4096];
> >> static bool verbose;
> >> +#ifndef PAGE_SIZE
> >> +#define PAGE_SIZE 4096
> >> +#endif
> >> +
> >> enum sockopt_test_error {
> >> OK = 0,
> >> DENY_LOAD,
> >> @@ -273,10 +277,30 @@ static struct sockopt_test {
> >> .error = EFAULT_GETSOCKOPT,
> >> },
> >> {
> >> - .descr = "getsockopt: deny arbitrary ctx->retval",
> >> + .descr = "getsockopt: ignore >PAGE_SIZE optlen",
> >> .insns = {
> >> - /* ctx->retval = 123 */
> >> - BPF_MOV64_IMM(BPF_REG_0, 123),
> >> + /* write 0xFF to the first optval byte */
> >> +
> >> + /* r6 = ctx->optval */
> >> + BPF_LDX_MEM(BPF_DW, BPF_REG_6, BPF_REG_1,
> >> + offsetof(struct bpf_sockopt, optval)),
> >> + /* r2 = ctx->optval */
> >> + BPF_MOV64_REG(BPF_REG_2, BPF_REG_6),
> >> + /* r6 = ctx->optval + 1 */
> >> + BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, 1),
> >> +
> >> + /* r7 = ctx->optval_end */
> >> + BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_1,
> >> + offsetof(struct bpf_sockopt, optval_end)),
> >> +
> >> + /* if (ctx->optval + 1 <= ctx->optval_end) { */
> >> + BPF_JMP_REG(BPF_JGT, BPF_REG_6, BPF_REG_7, 1),
> >> + /* ctx->optval[0] = 0xF0 */
> >> + BPF_ST_MEM(BPF_B, BPF_REG_2, 0, 0xFF),
> >> + /* } */
> >> +
> >> + /* ctx->retval = 0 */
> >> + BPF_MOV64_IMM(BPF_REG_0, 0),
> >
> >
> > This is an interesting test case. One more question just came to my mind,
> > does it make sense to also ignore the bpf-prog's 'ctx->retval = 0' in getsockopt
> > considering its optval change has already been ignored. Something like:
> >
> > if (optval && (ctx.optlen > max_optlen || ctx.optlen < 0)) {
> > if (orig_optlen > PAGE_SIZE && ctx.optlen >= 0) {
> > pr_info_once("bpf getsockopt: ignoring program buffer with
> > optlen=%d (max_optlen=%d)\n",
> > ctx.optlen, max_optlen);
> > ret = retval;
> > goto out;
> > }
> > ret = -EFAULT;
> > goto out;
> > }
>
> Previous one has indentation off. Meaning to be:
>
> if (optval && (ctx.optlen > max_optlen || ctx.optlen < 0)) {
> if (orig_optlen > PAGE_SIZE && ctx.optlen >= 0) {
> pr_info_once("bpf getsockopt: ignoring program buffer with optlen=%d
> (max_optlen=%d)\n",
> ctx.optlen, max_optlen);
> ret = retval;
> goto out;
> }
> ret = -EFAULT;
> goto out;
> }
Good idea. I'll also try to add 'retval = 123' to this testcase to verify.
