selftests/bpf: Test for unaligned flow_dissector ctx access

This patch adds tests for two context fields where unaligned accesses
were not properly rejected.

Note the new macro is similar to the existing narrow_load macro, but we
need a different description and access offset. Combining the two
macros into one is probably doable but I don't think it would help
readability.

vmlinux.h is included in place of bpf.h so we have the definition of
struct bpf_nf_ctx.

Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
Tested-by: Eduard Zingerman <eddyz87@gmail.com>
Acked-by: Yonghong Song <yonghong.song@linux.dev>
Link: https://lore.kernel.org/r/bf014046ddcf41677fb8b98d150c14027e9fddba.1754039605.git.paul.chaignon@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/tools/testing/selftests/bpf/progs/verifier_ctx.c b/tools/testing/selftests/bpf/progs/verifier_ctx.c
index 0450840c92d97440f9f5a58af06600d22cc91a0b..424463094760ac0f3a943be2e07a4df5cca4dc3c 100644 (file)
--- a/tools/testing/selftests/bpf/progs/verifier_ctx.c
+++ b/tools/testing/selftests/bpf/progs/verifier_ctx.c
@@ -1,10 +1,12 @@
 // SPDX-License-Identifier: GPL-2.0
 /* Converted from tools/testing/selftests/bpf/verifier/ctx.c */
 
-#include <linux/bpf.h>
+#include "vmlinux.h"
 #include <bpf/bpf_helpers.h>
 #include "bpf_misc.h"
 
+#define sizeof_field(TYPE, MEMBER) sizeof((((TYPE *)0)->MEMBER))
+
 SEC("tc")
 __description("context stores via BPF_ATOMIC")
 __failure __msg("BPF_ATOMIC stores into R1 ctx is not allowed")
@@ -243,4 +245,23 @@ narrow_load("sockops", bpf_sock_ops, skb_data);
 narrow_load("sockops", bpf_sock_ops, skb_data_end);
 narrow_load("sockops", bpf_sock_ops, skb_hwtstamp);
 
+#define unaligned_access(type, ctx, field)                                     \
+       SEC(type)                                                               \
+       __description("unaligned access on field " #field " of " #ctx)          \
+       __failure __msg("invalid bpf_context access")                           \
+       __naked void unaligned_ctx_access_##ctx##field(void)                    \
+       {                                                                       \
+               asm volatile ("                                                 \
+               r1 = *(u%[size] *)(r1 + %[off]);                                \
+               r0 = 0;                                                         \
+               exit;"                                                          \
+               :                                                               \
+               : __imm_const(size, sizeof_field(struct ctx, field) * 8),       \
+                 __imm_const(off, offsetof(struct ctx, field) + 1)             \
+               : __clobber_all);                                               \
+       }
+
+unaligned_access("flow_dissector", __sk_buff, data);
+unaligned_access("netfilter", bpf_nf_ctx, skb);
+
 char _license[] SEC("license") = "GPL";