]> git.ipfire.org Git - thirdparty/linux.git/commitdiff
selftests/bpf: Cover pseudo-BTF ksym log masking
authorNuoqi Gui <gnq25@mails.tsinghua.edu.cn>
Tue, 23 Jun 2026 10:43:39 +0000 (18:43 +0800)
committerAlexei Starovoitov <ast@kernel.org>
Fri, 26 Jun 2026 00:59:05 +0000 (17:59 -0700)
Add verifier_unpriv coverage for a raw socket-filter load of the
bpf_prog_active typed ksym. The test verifies that the unprivileged load
remains accepted and that the verbose verifier log prints the ldimm64
immediate as 0x0 instead of exposing a nonzero kernel address.

Signed-off-by: Nuoqi Gui <gnq25@mails.tsinghua.edu.cn>
Link: https://lore.kernel.org/r/20260623-f01-13-pseudo-btf-id-cap-bpf-v2-2-a190ebb8f3e2@mails.tsinghua.edu.cn
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Eduard Zingerman <eddyz87@gmail.com>
tools/testing/selftests/bpf/progs/verifier_unpriv.c

index 49f7bd05edad2c140d8223f9ebda2252bb717ac6..42de5cff7e52a40ef5da6daa8e7e56259ed4ce3c 100644 (file)
@@ -6,6 +6,8 @@
 #include "../../../include/linux/filter.h"
 #include "bpf_misc.h"
 
+extern const int bpf_prog_active __ksym;
+
 #define BPF_SK_LOOKUP(func) \
        /* struct bpf_sock_tuple tuple = {} */ \
        "r2 = 0;"                       \
@@ -77,6 +79,23 @@ __naked void dummy_prog_loop1_socket(void)
        : __clobber_all);
 }
 
+SEC("socket")
+__description("unpriv: pseudo btf id log masks address")
+__success_unpriv
+__msg_unpriv("0: (18) r1 = 0x0")
+__not_msg_unpriv("0: (18) r1 = 0x{{[1-9a-f][0-9a-f]*}}")
+__retval_unpriv(0)
+__log_level(2)
+__naked void pseudo_btf_id_log_masks_address(void)
+{
+       asm volatile ("r1 = %[bpf_prog_active] ll;"
+                     "r0 = 0;"
+                     "exit;"
+       :
+       : __imm_addr(bpf_prog_active)
+       : __clobber_all);
+}
+
 SEC("socket")
 __description("unpriv: return pointer")
 __success __failure_unpriv __msg_unpriv("R0 leaks addr")