Skip to content

Commit d8d2d9d

Browse files
pchaignoAlexei Starovoitov
pchaigno
authored and
Alexei Starovoitov
committed
selftests/bpf: Test for unaligned flow_dissector ctx access
This patch adds tests for two context fields where unaligned accesses were not properly rejected. Note the new macro is similar to the existing narrow_load macro, but we need a different description and access offset. Combining the two macros into one is probably doable but I don't think it would help readability. vmlinux.h is included in place of bpf.h so we have the definition of struct bpf_nf_ctx. Signed-off-by: Paul Chaignon <[email protected]> Tested-by: Eduard Zingerman <[email protected]> Acked-by: Yonghong Song <[email protected]> Link: https://lore.kernel.org/r/bf014046ddcf41677fb8b98d150c14027e9fddba.1754039605.git.paul.chaignon@gmail.com Signed-off-by: Alexei Starovoitov <[email protected]>
1 parent f914876 commit d8d2d9d

File tree

1 file changed

+22
-1
lines changed

1 file changed

+22
-1
lines changed

tools/testing/selftests/bpf/progs/verifier_ctx.c

Lines changed: 22 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,12 @@
11
// SPDX-License-Identifier: GPL-2.0
22
/* Converted from tools/testing/selftests/bpf/verifier/ctx.c */
33

4-
#include <linux/bpf.h>
4+
#include "vmlinux.h"
55
#include <bpf/bpf_helpers.h>
66
#include "bpf_misc.h"
77

8+
#define sizeof_field(TYPE, MEMBER) sizeof((((TYPE *)0)->MEMBER))
9+
810
SEC("tc")
911
__description("context stores via BPF_ATOMIC")
1012
__failure __msg("BPF_ATOMIC stores into R1 ctx is not allowed")
@@ -243,4 +245,23 @@ narrow_load("sockops", bpf_sock_ops, skb_data);
243245
narrow_load("sockops", bpf_sock_ops, skb_data_end);
244246
narrow_load("sockops", bpf_sock_ops, skb_hwtstamp);
245247

248+
#define unaligned_access(type, ctx, field) \
249+
SEC(type) \
250+
__description("unaligned access on field " #field " of " #ctx) \
251+
__failure __msg("invalid bpf_context access") \
252+
__naked void unaligned_ctx_access_##ctx##field(void) \
253+
{ \
254+
asm volatile (" \
255+
r1 = *(u%[size] *)(r1 + %[off]); \
256+
r0 = 0; \
257+
exit;" \
258+
: \
259+
: __imm_const(size, sizeof_field(struct ctx, field) * 8), \
260+
__imm_const(off, offsetof(struct ctx, field) + 1) \
261+
: __clobber_all); \
262+
}
263+
264+
unaligned_access("flow_dissector", __sk_buff, data);
265+
unaligned_access("netfilter", bpf_nf_ctx, skb);
266+
246267
char _license[] SEC("license") = "GPL";

0 commit comments

Comments
 (0)