selftests/bpf: Test invalid narrower ctx load

commit ba578b87fe2beef95b37264f8a98c0b505b93de9 upstream.

This patch adds selftests to cover invalid narrower loads on the
context. These used to cause kernel warnings before the previous patch.
To trigger the warning, the load had to be aligned, to read an affected
context field (ex., skb->sk), and not starting at the beginning of the
field.

The nine new cases all fail without the previous patch.

Suggested-by: Eduard Zingerman <eddyz87@gmail.com>
Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Acked-by: Eduard Zingerman <eddyz87@gmail.com>
Link: https://patch.msgid.link/44cd83ea9c6868079943f0a436c6efa850528cc1.1753194596.git.paul.chaignon@gmail.com
Signed-off-by: Shung-Hsi Yu <shung-hsi.yu@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/tools/testing/selftests/bpf/progs/verifier_ctx.c b/tools/testing/selftests/bpf/progs/verifier_ctx.c
index a83809a1dbbf47e5fe793e865bc260262bba2df4..0450840c92d97440f9f5a58af06600d22cc91a0b 100644 (file)
--- a/tools/testing/selftests/bpf/progs/verifier_ctx.c
+++ b/tools/testing/selftests/bpf/progs/verifier_ctx.c
@@ -218,4 +218,29 @@ __naked void null_check_8_null_bind(void)
        : __clobber_all);
 }
 
+#define narrow_load(type, ctx, field)                                  \
+       SEC(type)                                                       \
+       __description("narrow load on field " #field " of " #ctx)       \
+       __failure __msg("invalid bpf_context access")                   \
+       __naked void invalid_narrow_load##ctx##field(void)              \
+       {                                                               \
+               asm volatile ("                                         \
+               r1 = *(u32 *)(r1 + %[off]);                             \
+               r0 = 0;                                                 \
+               exit;"                                                  \
+               :                                                       \
+               : __imm_const(off, offsetof(struct ctx, field) + 4)     \
+               : __clobber_all);                                       \
+       }
+
+narrow_load("cgroup/getsockopt", bpf_sockopt, sk);
+narrow_load("cgroup/getsockopt", bpf_sockopt, optval);
+narrow_load("cgroup/getsockopt", bpf_sockopt, optval_end);
+narrow_load("tc", __sk_buff, sk);
+narrow_load("cgroup/bind4", bpf_sock_addr, sk);
+narrow_load("sockops", bpf_sock_ops, sk);
+narrow_load("sockops", bpf_sock_ops, skb_data);
+narrow_load("sockops", bpf_sock_ops, skb_data_end);
+narrow_load("sockops", bpf_sock_ops, skb_hwtstamp);
+
 char _license[] SEC("license") = "GPL";