This patch adds tests to check whether bpf verifier prevents lookup
on queue/stack maps
Signed-off-by: Prashant Bhole <bhole_prashant...@lab.ntt.co.jp>
---
tools/testing/selftests/bpf/test_verifier.c | 52 +++++++++++++++++++++
1 file changed, 52 insertions(+)
diff --git a/tools/testing/selftests/bpf/test_verifier.c
b/tools/testing/selftests/bpf/test_verifier.c
index 550b7e46bf4a..becd9f4f3980 100644
--- a/tools/testing/selftests/bpf/test_verifier.c
+++ b/tools/testing/selftests/bpf/test_verifier.c
@@ -74,6 +74,8 @@ struct bpf_test {
int fixup_map_in_map[MAX_FIXUPS];
int fixup_cgroup_storage[MAX_FIXUPS];
int fixup_percpu_cgroup_storage[MAX_FIXUPS];
+ int fixup_map_queue[MAX_FIXUPS];
+ int fixup_map_stack[MAX_FIXUPS];
const char *errstr;
const char *errstr_unpriv;
uint32_t retval, retval_unpriv;
@@ -4611,6 +4613,38 @@ static struct bpf_test tests[] = {
.errstr = "cannot pass map_type 7 into func
bpf_map_lookup_elem",
.prog_type = BPF_PROG_TYPE_PERF_EVENT,
},
+ {
+ "prevent map lookup in queue map",
+ .insns = {
+ BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
+ BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
+ BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
+ BPF_LD_MAP_FD(BPF_REG_1, 0),
+ BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
+ BPF_FUNC_map_lookup_elem),
+ BPF_EXIT_INSN(),
+ },
+ .fixup_map_queue = { 3 },
+ .result = REJECT,
+ .errstr = "invalid stack type R2 off=-8 access_size=0",
+ .prog_type = BPF_PROG_TYPE_XDP,
+ },
+ {
+ "prevent map lookup in stack map",
+ .insns = {
+ BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
+ BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
+ BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
+ BPF_LD_MAP_FD(BPF_REG_1, 0),
+ BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
+ BPF_FUNC_map_lookup_elem),
+ BPF_EXIT_INSN(),
+ },
+ .fixup_map_stack = { 3 },
+ .result = REJECT,
+ .errstr = "invalid stack type R2 off=-8 access_size=0",
+ .prog_type = BPF_PROG_TYPE_XDP,
+ },
{
"prevent map lookup in prog array",
.insns = {
@@ -14048,6 +14082,8 @@ static void do_test_fixup(struct bpf_test *test, enum
bpf_map_type prog_type,
int *fixup_map_sockhash = test->fixup_map_sockhash;
int *fixup_map_xskmap = test->fixup_map_xskmap;
int *fixup_map_stacktrace = test->fixup_map_stacktrace;
+ int *fixup_map_queue = test->fixup_map_queue;
+ int *fixup_map_stack = test->fixup_map_stack;
int *fixup_prog1 = test->fixup_prog1;
int *fixup_prog2 = test->fixup_prog2;
int *fixup_map_in_map = test->fixup_map_in_map;
@@ -14168,6 +14204,22 @@ static void do_test_fixup(struct bpf_test *test, enum
bpf_map_type prog_type,
fixup_map_stacktrace++;
} while (fixup_map_stacktrace);
}
+ if (*fixup_map_queue) {
+ map_fds[13] = create_map(BPF_MAP_TYPE_QUEUE, 0,
+ sizeof(u32), 1);
+ do {
+ prog[*fixup_map_queue].imm = map_fds[13];
+ fixup_map_queue++;
+ } while (*fixup_map_queue);
+ }
+ if (*fixup_map_stack) {
+ map_fds[14] = create_map(BPF_MAP_TYPE_STACK, 0,
+ sizeof(u32), 1);
+ do {
+ prog[*fixup_map_stack].imm = map_fds[14];
+ fixup_map_stack++;
+ } while (*fixup_map_stack);
+ }
}
static int set_admin(bool admin)
--
2.17.2
