Re: [PATCH bpf-next v4 7/7] selftests/bpf: add missing netfilter return value and ctx access tests

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Apr 20, 2023 at 02:44:55PM +0200, Florian Westphal wrote:
> +
> +SEC("netfilter")
> +__description("netfilter valid context access")
> +__success __failure_unpriv
> +__retval(1)
> +__naked void with_invalid_ctx_access_test5(void)
> +{
> +	asm volatile ("					\
> +	r2 = *(u64*)(r1 + %[__bpf_nf_ctx_state]);	\
> +	r1 = *(u64*)(r1 + %[__bpf_nf_ctx_skb]);		\
> +	r0 = 1;						\
> +	exit;						\
> +"	:
> +	: __imm_const(__bpf_nf_ctx_state, offsetof(struct bpf_nf_ctx, state)),
> +	  __imm_const(__bpf_nf_ctx_skb, offsetof(struct bpf_nf_ctx, skb))
> +	: __clobber_all);

Could you write this one in C instead?
Also check that skb and state are dereferenceable after that.
Since they should be seen as trusted ptr_to_btf_id skb->len and state->sk should work.
You cannot craft this test case in asm, since it needs CO-RE.

Also see that BPF CI is not happy:
https://github.com/kernel-patches/bpf/actions/runs/4757642030/jobs/8455500277
Error: #112 libbpf_probe_prog_types
Error: #112/32 libbpf_probe_prog_types/BPF_PROG_TYPE_NETFILTER
Error: #113 libbpf_str
Error: #113/4 libbpf_str/bpf_prog_type_str



[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux