On Thu, May 17, 2018 at 08:54:10AM -0700, John Fastabend wrote:
> Add tests for BPF_PROG_TYPE_SK_MSG to test_verifier for read access
> to new sk fields.
>
> Signed-off-by: John Fastabend <john.fastab...@gmail.com>
> ---
> tools/include/uapi/linux/bpf.h | 8 ++
> tools/testing/selftests/bpf/test_verifier.c | 115
> +++++++++++++++++++++++++++
> 2 files changed, 123 insertions(+)
>
> diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
> index d94d333..97446bb 100644
> --- a/tools/include/uapi/linux/bpf.h
> +++ b/tools/include/uapi/linux/bpf.h
> @@ -2176,6 +2176,14 @@ enum sk_action {
> struct sk_msg_md {
> void *data;
> void *data_end;
> +
> + __u32 family;
> + __u32 remote_ip4; /* Stored in network byte order */
> + __u32 local_ip4; /* Stored in network byte order */
> + __u32 remote_ip6[4]; /* Stored in network byte order */
> + __u32 local_ip6[4]; /* Stored in network byte order */
> + __u32 remote_port; /* Stored in network byte order */
> + __u32 local_port; /* stored in host byte order */
> };
>
> #define BPF_TAG_SIZE 8
> diff --git a/tools/testing/selftests/bpf/test_verifier.c
> b/tools/testing/selftests/bpf/test_verifier.c
> index a877af0..1ac7630 100644
> --- a/tools/testing/selftests/bpf/test_verifier.c
> +++ b/tools/testing/selftests/bpf/test_verifier.c
> @@ -1686,6 +1686,121 @@ static void bpf_fill_rand_ld_dw(struct bpf_test *self)
> .prog_type = BPF_PROG_TYPE_SK_SKB,
> },
> {
> + "valid access family in SK_MSG",
> + .insns = {
> + BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
> + offsetof(struct sk_msg_md, family)),
> + BPF_EXIT_INSN(),
> + },
> + .result = ACCEPT,
> + .prog_type = BPF_PROG_TYPE_SK_MSG,
> + },
> + {
> + "valid access remote_ip4 in SK_MSG",
> + .insns = {
> + BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
> + offsetof(struct sk_msg_md, remote_ip4)),
> + BPF_EXIT_INSN(),
> + },
> + .result = ACCEPT,
> + .prog_type = BPF_PROG_TYPE_SK_MSG,
> + },
> + {
> + "valid access local_ip4 in SK_MSG",
> + .insns = {
> + BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
> + offsetof(struct sk_msg_md, local_ip4)),
> + BPF_EXIT_INSN(),
> + },
> + .result = ACCEPT,
> + .prog_type = BPF_PROG_TYPE_SK_MSG,
> + },
> + {
> + "valid access remote_port in SK_MSG",
> + .insns = {
> + BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
> + offsetof(struct sk_msg_md, remote_port)),
> + BPF_EXIT_INSN(),
> + },
> + .result = ACCEPT,
> + .prog_type = BPF_PROG_TYPE_SK_MSG,
> + },
> + {
> + "valid access local_port in SK_MSG",
> + .insns = {
> + BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
> + offsetof(struct sk_msg_md, local_port)),
> + BPF_EXIT_INSN(),
> + },
> + .result = ACCEPT,
> + .prog_type = BPF_PROG_TYPE_SK_MSG,
> + },
> + {
> + "valid access remote_ip6 in SK_MSG",
> + .insns = {
> + BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
> + offsetof(struct sk_msg_md, remote_ip6[0])),
> + BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
> + offsetof(struct sk_msg_md, remote_ip6[1])),
> + BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
> + offsetof(struct sk_msg_md, remote_ip6[2])),
> + BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
> + offsetof(struct sk_msg_md, remote_ip6[3])),
> + BPF_EXIT_INSN(),
> + },
> + .result = ACCEPT,
> + .prog_type = BPF_PROG_TYPE_SK_SKB,
> + },
> + {
> + "valid access local_ip6 in SK_MSG",
> + .insns = {
> + BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
> + offsetof(struct sk_msg_md, local_ip6[0])),
> + BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
> + offsetof(struct sk_msg_md, local_ip6[1])),
> + BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
> + offsetof(struct sk_msg_md, local_ip6[2])),
> + BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
> + offsetof(struct sk_msg_md, local_ip6[3])),
> + BPF_EXIT_INSN(),
> + },
> + .result = ACCEPT,
> + .prog_type = BPF_PROG_TYPE_SK_SKB,
> + },
> + {
> + "invalid 64B read of family in SK_MSG",
> + .insns = {
> + BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1,
> + offsetof(struct sk_msg_md, family)),
> + BPF_EXIT_INSN(),
> + },
> + .errstr = "invalid bpf_context access",
> + .result = REJECT,
> + .prog_type = BPF_PROG_TYPE_SK_MSG,
> + },
> + {
> + "invalid read past end of SK_MSG",
> + .insns = {
> + BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
> + offsetof(struct sk_msg_md, local_port) + 4),
> + BPF_EXIT_INSN(),
> + },
> + .errstr = "",
no errstr in this case?
> + .result = REJECT,
> + .prog_type = BPF_PROG_TYPE_SK_MSG,
> + },
> + {
> + "invalid read offset in SK_MSG",
> + .insns = {
> + BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
> + offsetof(struct sk_msg_md, family) + 1),
> + BPF_EXIT_INSN(),
> + },
> + .errstr = "",
same here.
> + .result = REJECT,
> + .prog_type = BPF_PROG_TYPE_SK_MSG,
> + },
> + {
> "direct packet read for SK_MSG",
> .insns = {
> BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1,
>
Other than the above,
Acked-by: Martin KaFai Lau <ka...@fb.com>
