aboutsummaryrefslogtreecommitdiffstats
path: root/samples/bpf
diff options
context:
space:
mode:
authorAaron Yue <haoxuany@fb.com>2016-08-11 21:17:17 -0400
committerDavid S. Miller <davem@davemloft.net>2016-08-13 00:56:18 -0400
commit1633ac0a2e774a9af339b9290ef33cd97a918c54 (patch)
tree85008f33388ef2f04b03fc57e5eb2dc7d91523fd /samples/bpf
parent6841de8b0d03cc9a4e0e928453623c13ee754f77 (diff)
samples/bpf: add verifier tests for the helper access to the packet
test various corner cases of the helper function access to the packet via crafted XDP programs. Signed-off-by: Aaron Yue <haoxuany@fb.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'samples/bpf')
-rw-r--r--samples/bpf/test_verifier.c114
1 files changed, 110 insertions, 4 deletions
diff --git a/samples/bpf/test_verifier.c b/samples/bpf/test_verifier.c
index fe2fcec98c1f..78c6f131d94f 100644
--- a/samples/bpf/test_verifier.c
+++ b/samples/bpf/test_verifier.c
@@ -1449,7 +1449,7 @@ static struct bpf_test tests[] = {
1449 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 1449 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
1450 }, 1450 },
1451 { 1451 {
1452 "pkt: test1", 1452 "direct packet access: test1",
1453 .insns = { 1453 .insns = {
1454 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 1454 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
1455 offsetof(struct __sk_buff, data)), 1455 offsetof(struct __sk_buff, data)),
@@ -1466,7 +1466,7 @@ static struct bpf_test tests[] = {
1466 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 1466 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
1467 }, 1467 },
1468 { 1468 {
1469 "pkt: test2", 1469 "direct packet access: test2",
1470 .insns = { 1470 .insns = {
1471 BPF_MOV64_IMM(BPF_REG_0, 1), 1471 BPF_MOV64_IMM(BPF_REG_0, 1),
1472 BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_1, 1472 BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_1,
@@ -1499,7 +1499,7 @@ static struct bpf_test tests[] = {
1499 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 1499 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
1500 }, 1500 },
1501 { 1501 {
1502 "pkt: test3", 1502 "direct packet access: test3",
1503 .insns = { 1503 .insns = {
1504 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 1504 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
1505 offsetof(struct __sk_buff, data)), 1505 offsetof(struct __sk_buff, data)),
@@ -1511,7 +1511,7 @@ static struct bpf_test tests[] = {
1511 .prog_type = BPF_PROG_TYPE_SOCKET_FILTER, 1511 .prog_type = BPF_PROG_TYPE_SOCKET_FILTER,
1512 }, 1512 },
1513 { 1513 {
1514 "pkt: test4", 1514 "direct packet access: test4",
1515 .insns = { 1515 .insns = {
1516 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 1516 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
1517 offsetof(struct __sk_buff, data)), 1517 offsetof(struct __sk_buff, data)),
@@ -1528,6 +1528,112 @@ static struct bpf_test tests[] = {
1528 .result = REJECT, 1528 .result = REJECT,
1529 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 1529 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
1530 }, 1530 },
1531 {
1532 "helper access to packet: test1, valid packet_ptr range",
1533 .insns = {
1534 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
1535 offsetof(struct xdp_md, data)),
1536 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
1537 offsetof(struct xdp_md, data_end)),
1538 BPF_MOV64_REG(BPF_REG_1, BPF_REG_2),
1539 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 8),
1540 BPF_JMP_REG(BPF_JGT, BPF_REG_1, BPF_REG_3, 5),
1541 BPF_LD_MAP_FD(BPF_REG_1, 0),
1542 BPF_MOV64_REG(BPF_REG_3, BPF_REG_2),
1543 BPF_MOV64_IMM(BPF_REG_4, 0),
1544 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_update_elem),
1545 BPF_MOV64_IMM(BPF_REG_0, 0),
1546 BPF_EXIT_INSN(),
1547 },
1548 .fixup = {5},
1549 .result_unpriv = ACCEPT,
1550 .result = ACCEPT,
1551 .prog_type = BPF_PROG_TYPE_XDP,
1552 },
1553 {
1554 "helper access to packet: test2, unchecked packet_ptr",
1555 .insns = {
1556 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
1557 offsetof(struct xdp_md, data)),
1558 BPF_LD_MAP_FD(BPF_REG_1, 0),
1559 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
1560 BPF_MOV64_IMM(BPF_REG_0, 0),
1561 BPF_EXIT_INSN(),
1562 },
1563 .fixup = {1},
1564 .result = REJECT,
1565 .errstr = "invalid access to packet",
1566 .prog_type = BPF_PROG_TYPE_XDP,
1567 },
1568 {
1569 "helper access to packet: test3, variable add",
1570 .insns = {
1571 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
1572 offsetof(struct xdp_md, data)),
1573 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
1574 offsetof(struct xdp_md, data_end)),
1575 BPF_MOV64_REG(BPF_REG_4, BPF_REG_2),
1576 BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, 8),
1577 BPF_JMP_REG(BPF_JGT, BPF_REG_4, BPF_REG_3, 10),
1578 BPF_LDX_MEM(BPF_B, BPF_REG_5, BPF_REG_2, 0),
1579 BPF_MOV64_REG(BPF_REG_4, BPF_REG_2),
1580 BPF_ALU64_REG(BPF_ADD, BPF_REG_4, BPF_REG_5),
1581 BPF_MOV64_REG(BPF_REG_5, BPF_REG_4),
1582 BPF_ALU64_IMM(BPF_ADD, BPF_REG_5, 8),
1583 BPF_JMP_REG(BPF_JGT, BPF_REG_5, BPF_REG_3, 4),
1584 BPF_LD_MAP_FD(BPF_REG_1, 0),
1585 BPF_MOV64_REG(BPF_REG_2, BPF_REG_4),
1586 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
1587 BPF_MOV64_IMM(BPF_REG_0, 0),
1588 BPF_EXIT_INSN(),
1589 },
1590 .fixup = {11},
1591 .result = ACCEPT,
1592 .prog_type = BPF_PROG_TYPE_XDP,
1593 },
1594 {
1595 "helper access to packet: test4, packet_ptr with bad range",
1596 .insns = {
1597 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
1598 offsetof(struct xdp_md, data)),
1599 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
1600 offsetof(struct xdp_md, data_end)),
1601 BPF_MOV64_REG(BPF_REG_4, BPF_REG_2),
1602 BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, 4),
1603 BPF_JMP_REG(BPF_JGT, BPF_REG_4, BPF_REG_3, 2),
1604 BPF_MOV64_IMM(BPF_REG_0, 0),
1605 BPF_EXIT_INSN(),
1606 BPF_LD_MAP_FD(BPF_REG_1, 0),
1607 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
1608 BPF_MOV64_IMM(BPF_REG_0, 0),
1609 BPF_EXIT_INSN(),
1610 },
1611 .fixup = {7},
1612 .result = REJECT,
1613 .errstr = "invalid access to packet",
1614 .prog_type = BPF_PROG_TYPE_XDP,
1615 },
1616 {
1617 "helper access to packet: test5, packet_ptr with too short range",
1618 .insns = {
1619 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
1620 offsetof(struct xdp_md, data)),
1621 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
1622 offsetof(struct xdp_md, data_end)),
1623 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, 1),
1624 BPF_MOV64_REG(BPF_REG_4, BPF_REG_2),
1625 BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, 7),
1626 BPF_JMP_REG(BPF_JGT, BPF_REG_4, BPF_REG_3, 3),
1627 BPF_LD_MAP_FD(BPF_REG_1, 0),
1628 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
1629 BPF_MOV64_IMM(BPF_REG_0, 0),
1630 BPF_EXIT_INSN(),
1631 },
1632 .fixup = {6},
1633 .result = REJECT,
1634 .errstr = "invalid access to packet",
1635 .prog_type = BPF_PROG_TYPE_XDP,
1636 },
1531}; 1637};
1532 1638
1533static int probe_filter_length(struct bpf_insn *fp) 1639static int probe_filter_length(struct bpf_insn *fp)