experiment01-tailgrow: add #2 example that fail xdp_prog_fail2.c

netoptimizer · netoptimizer · commit 745b58772db2 · 2020-05-05T18:09:56.000+02:00
Signed-off-by: Jesper Dangaard Brouer &lt;brouer@redhat.com&gt;
diff --git a/experiment01-tailgrow/Makefile b/experiment01-tailgrow/Makefile
@@ -2,6 +2,7 @@
 
 XDP_TARGETS  := xdp_prog_kern xdp_prog_kern2
 XDP_TARGETS  += xdp_prog_fail1
+XDP_TARGETS  += xdp_prog_fail2
 
 # USER_TARGETS :=
 
diff --git a/experiment01-tailgrow/README.org b/experiment01-tailgrow/README.org
@@ -50,3 +50,16 @@ calculation cannot be used for static analysis.
 #+begin_src sh
  sudo ./xdp_loader --dev mlx5p1 --force --file xdp_prog_fail1.o
 #+end_src
+
+** Fail#2: Use data_end directly
+
+In example [[file:xdp_prog_fail2.c]], we try to use the =data_end= pointer
+more or less directy to find the last byte in the packet.  The packet
+data [[https://www.mathwords.com/i/interval_notation.htm][interval]] is defined as =[data, data_end)=, meaning that the byte
+=data_end= is pointing is *excluded*.  The example tries to access
+2nd-last byte (to have a code if-construct that doesn't get removed by
+compiler optimizations).
+
+#+begin_src sh
+ sudo ./xdp_loader --dev mlx5p1 --force --file xdp_prog_fail2.o
+#+end_src
diff --git a/experiment01-tailgrow/xdp_prog_fail2.c b/experiment01-tailgrow/xdp_prog_fail2.c
@@ -0,0 +1,34 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#include <linux/bpf.h>
+#include <bpf/bpf_helpers.h>
+
+/*
+ * This BPF-prog will FAIL, due to verifier rejecting it.
+ *
+ * General idea: Use data_end point to access last (2nd-last) byte in
+ * packet.  That is not allowed by verifier, as pointer arithmetic on
+ * pkt_end is prohibited.
+ */
+
+SEC("xdp_fail2")
+int _xdp_fail2(struct xdp_md *ctx)
+{
+	void *data_end = (void *)(long)ctx->data_end;
+	volatile unsigned char *ptr;
+	volatile void *pos;
+
+	pos = data_end;
+
+#pragma clang optimize off
+	if (pos - 1 > data_end)
+		goto out;
+#pragma clang optimize on
+
+	/* Verifier fails with: "pointer arithmetic on pkt_end prohibited"
+	 */
+	ptr = pos - 2;
+	if (*ptr == 0xFF)
+		return XDP_ABORTED;
+out:
+	return XDP_PASS;
+}
diff --git a/experiment01-tailgrow/xdp_prog_kern2.c b/experiment01-tailgrow/xdp_prog_kern2.c
@@ -125,30 +125,6 @@ int _xdp_test2(struct xdp_md *ctx)
 	return xdp_stats_record_action(ctx, XDP_PASS);
 }
 
-/* Also invalid
-SEC("xdp_test4")
-int _xdp_test4(struct xdp_md *ctx)
-{
-	void *data_end = (void *)(long)ctx->data_end;
-	volatile unsigned char *ptr;
-	volatile void *pos;
-
-	pos = data_end;
-
-#pragma clang optimize off
-	if (pos - 1 > data_end)
-		goto out;
-
-	ptr = pos - 2;  //Err: "pointer arithmetic on pkt_end prohibited"
-	if (*ptr == 0xFF)
-		return XDP_ABORTED;
-#pragma clang optimize on
-out:
-	return XDP_PASS;
-}
-*/
-
-
 SEC("xdp_pass")
 int xdp_pass_f1(struct xdp_md *ctx)
 {
