Commit 8032cad1 authored by Joanne Koong's avatar Joanne Koong Committed by Alexei Starovoitov

selftests/bpf: Clean up user_ringbuf, cgrp_kfunc, kfunc_dynptr_param tests

Clean up user_ringbuf, cgrp_kfunc, and kfunc_dynptr_param tests to use
the generic verification tester for checking verifier rejections.
The generic verification tester uses btf_decl_tag-based annotations
for verifying that the tests fail with the expected log messages.
Signed-off-by: default avatarJoanne Koong <joannelkoong@gmail.com>
Acked-by: default avatarDavid Vernet <void@manifault.com>
Reviewed-by: default avatarRoberto Sassu <roberto.sassu@huawei.com>
Link: https://lore.kernel.org/r/20230214051332.4007131-1-joannelkoong@gmail.comSigned-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
parent c8ea0997
...@@ -8,9 +8,6 @@ ...@@ -8,9 +8,6 @@
#include "cgrp_kfunc_failure.skel.h" #include "cgrp_kfunc_failure.skel.h"
#include "cgrp_kfunc_success.skel.h" #include "cgrp_kfunc_success.skel.h"
static size_t log_buf_sz = 1 << 20; /* 1 MB */
static char obj_log_buf[1048576];
static struct cgrp_kfunc_success *open_load_cgrp_kfunc_skel(void) static struct cgrp_kfunc_success *open_load_cgrp_kfunc_skel(void)
{ {
struct cgrp_kfunc_success *skel; struct cgrp_kfunc_success *skel;
...@@ -89,65 +86,6 @@ static const char * const success_tests[] = { ...@@ -89,65 +86,6 @@ static const char * const success_tests[] = {
"test_cgrp_get_ancestors", "test_cgrp_get_ancestors",
}; };
static struct {
const char *prog_name;
const char *expected_err_msg;
} failure_tests[] = {
{"cgrp_kfunc_acquire_untrusted", "Possibly NULL pointer passed to trusted arg0"},
{"cgrp_kfunc_acquire_fp", "arg#0 pointer type STRUCT cgroup must point"},
{"cgrp_kfunc_acquire_unsafe_kretprobe", "reg type unsupported for arg#0 function"},
{"cgrp_kfunc_acquire_trusted_walked", "R1 must be referenced or trusted"},
{"cgrp_kfunc_acquire_null", "Possibly NULL pointer passed to trusted arg0"},
{"cgrp_kfunc_acquire_unreleased", "Unreleased reference"},
{"cgrp_kfunc_get_non_kptr_param", "arg#0 expected pointer to map value"},
{"cgrp_kfunc_get_non_kptr_acquired", "arg#0 expected pointer to map value"},
{"cgrp_kfunc_get_null", "arg#0 expected pointer to map value"},
{"cgrp_kfunc_xchg_unreleased", "Unreleased reference"},
{"cgrp_kfunc_get_unreleased", "Unreleased reference"},
{"cgrp_kfunc_release_untrusted", "arg#0 is untrusted_ptr_or_null_ expected ptr_ or socket"},
{"cgrp_kfunc_release_fp", "arg#0 pointer type STRUCT cgroup must point"},
{"cgrp_kfunc_release_null", "arg#0 is ptr_or_null_ expected ptr_ or socket"},
{"cgrp_kfunc_release_unacquired", "release kernel function bpf_cgroup_release expects"},
};
static void verify_fail(const char *prog_name, const char *expected_err_msg)
{
LIBBPF_OPTS(bpf_object_open_opts, opts);
struct cgrp_kfunc_failure *skel;
int err, i;
opts.kernel_log_buf = obj_log_buf;
opts.kernel_log_size = log_buf_sz;
opts.kernel_log_level = 1;
skel = cgrp_kfunc_failure__open_opts(&opts);
if (!ASSERT_OK_PTR(skel, "cgrp_kfunc_failure__open_opts"))
goto cleanup;
for (i = 0; i < ARRAY_SIZE(failure_tests); i++) {
struct bpf_program *prog;
const char *curr_name = failure_tests[i].prog_name;
prog = bpf_object__find_program_by_name(skel->obj, curr_name);
if (!ASSERT_OK_PTR(prog, "bpf_object__find_program_by_name"))
goto cleanup;
bpf_program__set_autoload(prog, !strcmp(curr_name, prog_name));
}
err = cgrp_kfunc_failure__load(skel);
if (!ASSERT_ERR(err, "unexpected load success"))
goto cleanup;
if (!ASSERT_OK_PTR(strstr(obj_log_buf, expected_err_msg), "expected_err_msg")) {
fprintf(stderr, "Expected err_msg: %s\n", expected_err_msg);
fprintf(stderr, "Verifier output: %s\n", obj_log_buf);
}
cleanup:
cgrp_kfunc_failure__destroy(skel);
}
void test_cgrp_kfunc(void) void test_cgrp_kfunc(void)
{ {
int i, err; int i, err;
...@@ -163,12 +101,7 @@ void test_cgrp_kfunc(void) ...@@ -163,12 +101,7 @@ void test_cgrp_kfunc(void)
run_success_test(success_tests[i]); run_success_test(success_tests[i]);
} }
for (i = 0; i < ARRAY_SIZE(failure_tests); i++) { RUN_TESTS(cgrp_kfunc_failure);
if (!test__start_subtest(failure_tests[i].prog_name))
continue;
verify_fail(failure_tests[i].prog_name, failure_tests[i].expected_err_msg);
}
cleanup: cleanup:
cleanup_cgroup_environment(); cleanup_cgroup_environment();
......
...@@ -10,17 +10,11 @@ ...@@ -10,17 +10,11 @@
#include <test_progs.h> #include <test_progs.h>
#include "test_kfunc_dynptr_param.skel.h" #include "test_kfunc_dynptr_param.skel.h"
static size_t log_buf_sz = 1048576; /* 1 MB */
static char obj_log_buf[1048576];
static struct { static struct {
const char *prog_name; const char *prog_name;
const char *expected_verifier_err_msg;
int expected_runtime_err; int expected_runtime_err;
} kfunc_dynptr_tests[] = { } kfunc_dynptr_tests[] = {
{"not_valid_dynptr", "cannot pass in dynptr at an offset=-8", 0}, {"dynptr_data_null", -EBADMSG},
{"not_ptr_to_stack", "arg#0 expected pointer to stack or dynptr_ptr", 0},
{"dynptr_data_null", NULL, -EBADMSG},
}; };
static bool kfunc_not_supported; static bool kfunc_not_supported;
...@@ -38,29 +32,15 @@ static int libbpf_print_cb(enum libbpf_print_level level, const char *fmt, ...@@ -38,29 +32,15 @@ static int libbpf_print_cb(enum libbpf_print_level level, const char *fmt,
return 0; return 0;
} }
static void verify_fail(const char *prog_name, const char *expected_err_msg) static bool has_pkcs7_kfunc_support(void)
{ {
struct test_kfunc_dynptr_param *skel; struct test_kfunc_dynptr_param *skel;
LIBBPF_OPTS(bpf_object_open_opts, opts);
libbpf_print_fn_t old_print_cb; libbpf_print_fn_t old_print_cb;
struct bpf_program *prog;
int err; int err;
opts.kernel_log_buf = obj_log_buf; skel = test_kfunc_dynptr_param__open();
opts.kernel_log_size = log_buf_sz; if (!ASSERT_OK_PTR(skel, "test_kfunc_dynptr_param__open"))
opts.kernel_log_level = 1; return false;
skel = test_kfunc_dynptr_param__open_opts(&opts);
if (!ASSERT_OK_PTR(skel, "test_kfunc_dynptr_param__open_opts"))
goto cleanup;
prog = bpf_object__find_program_by_name(skel->obj, prog_name);
if (!ASSERT_OK_PTR(prog, "bpf_object__find_program_by_name"))
goto cleanup;
bpf_program__set_autoload(prog, true);
bpf_map__set_max_entries(skel->maps.ringbuf, getpagesize());
kfunc_not_supported = false; kfunc_not_supported = false;
...@@ -72,26 +52,18 @@ static void verify_fail(const char *prog_name, const char *expected_err_msg) ...@@ -72,26 +52,18 @@ static void verify_fail(const char *prog_name, const char *expected_err_msg)
fprintf(stderr, fprintf(stderr,
"%s:SKIP:bpf_verify_pkcs7_signature() kfunc not supported\n", "%s:SKIP:bpf_verify_pkcs7_signature() kfunc not supported\n",
__func__); __func__);
test__skip(); test_kfunc_dynptr_param__destroy(skel);
goto cleanup; return false;
}
if (!ASSERT_ERR(err, "unexpected load success"))
goto cleanup;
if (!ASSERT_OK_PTR(strstr(obj_log_buf, expected_err_msg), "expected_err_msg")) {
fprintf(stderr, "Expected err_msg: %s\n", expected_err_msg);
fprintf(stderr, "Verifier output: %s\n", obj_log_buf);
} }
cleanup:
test_kfunc_dynptr_param__destroy(skel); test_kfunc_dynptr_param__destroy(skel);
return true;
} }
static void verify_success(const char *prog_name, int expected_runtime_err) static void verify_success(const char *prog_name, int expected_runtime_err)
{ {
struct test_kfunc_dynptr_param *skel; struct test_kfunc_dynptr_param *skel;
libbpf_print_fn_t old_print_cb;
struct bpf_program *prog; struct bpf_program *prog;
struct bpf_link *link; struct bpf_link *link;
__u32 next_id; __u32 next_id;
...@@ -103,21 +75,7 @@ static void verify_success(const char *prog_name, int expected_runtime_err) ...@@ -103,21 +75,7 @@ static void verify_success(const char *prog_name, int expected_runtime_err)
skel->bss->pid = getpid(); skel->bss->pid = getpid();
bpf_map__set_max_entries(skel->maps.ringbuf, getpagesize());
kfunc_not_supported = false;
old_print_cb = libbpf_set_print(libbpf_print_cb);
err = test_kfunc_dynptr_param__load(skel); err = test_kfunc_dynptr_param__load(skel);
libbpf_set_print(old_print_cb);
if (err < 0 && kfunc_not_supported) {
fprintf(stderr,
"%s:SKIP:bpf_verify_pkcs7_signature() kfunc not supported\n",
__func__);
test__skip();
goto cleanup;
}
if (!ASSERT_OK(err, "test_kfunc_dynptr_param__load")) if (!ASSERT_OK(err, "test_kfunc_dynptr_param__load"))
goto cleanup; goto cleanup;
...@@ -147,15 +105,15 @@ void test_kfunc_dynptr_param(void) ...@@ -147,15 +105,15 @@ void test_kfunc_dynptr_param(void)
{ {
int i; int i;
if (!has_pkcs7_kfunc_support())
return;
for (i = 0; i < ARRAY_SIZE(kfunc_dynptr_tests); i++) { for (i = 0; i < ARRAY_SIZE(kfunc_dynptr_tests); i++) {
if (!test__start_subtest(kfunc_dynptr_tests[i].prog_name)) if (!test__start_subtest(kfunc_dynptr_tests[i].prog_name))
continue; continue;
if (kfunc_dynptr_tests[i].expected_verifier_err_msg) verify_success(kfunc_dynptr_tests[i].prog_name,
verify_fail(kfunc_dynptr_tests[i].prog_name, kfunc_dynptr_tests[i].expected_runtime_err);
kfunc_dynptr_tests[i].expected_verifier_err_msg);
else
verify_success(kfunc_dynptr_tests[i].prog_name,
kfunc_dynptr_tests[i].expected_runtime_err);
} }
RUN_TESTS(test_kfunc_dynptr_param);
} }
...@@ -19,8 +19,6 @@ ...@@ -19,8 +19,6 @@
#include "../progs/test_user_ringbuf.h" #include "../progs/test_user_ringbuf.h"
static size_t log_buf_sz = 1 << 20; /* 1 MB */
static char obj_log_buf[1048576];
static const long c_sample_size = sizeof(struct sample) + BPF_RINGBUF_HDR_SZ; static const long c_sample_size = sizeof(struct sample) + BPF_RINGBUF_HDR_SZ;
static const long c_ringbuf_size = 1 << 12; /* 1 small page */ static const long c_ringbuf_size = 1 << 12; /* 1 small page */
static const long c_max_entries = c_ringbuf_size / c_sample_size; static const long c_max_entries = c_ringbuf_size / c_sample_size;
...@@ -663,23 +661,6 @@ static void test_user_ringbuf_blocking_reserve(void) ...@@ -663,23 +661,6 @@ static void test_user_ringbuf_blocking_reserve(void)
user_ringbuf_success__destroy(skel); user_ringbuf_success__destroy(skel);
} }
static struct {
const char *prog_name;
const char *expected_err_msg;
} failure_tests[] = {
/* failure cases */
{"user_ringbuf_callback_bad_access1", "negative offset dynptr_ptr ptr"},
{"user_ringbuf_callback_bad_access2", "dereference of modified dynptr_ptr ptr"},
{"user_ringbuf_callback_write_forbidden", "invalid mem access 'dynptr_ptr'"},
{"user_ringbuf_callback_null_context_write", "invalid mem access 'scalar'"},
{"user_ringbuf_callback_null_context_read", "invalid mem access 'scalar'"},
{"user_ringbuf_callback_discard_dynptr", "cannot release unowned const bpf_dynptr"},
{"user_ringbuf_callback_submit_dynptr", "cannot release unowned const bpf_dynptr"},
{"user_ringbuf_callback_invalid_return", "At callback return the register R0 has value"},
{"user_ringbuf_callback_reinit_dynptr_mem", "Dynptr has to be an uninitialized dynptr"},
{"user_ringbuf_callback_reinit_dynptr_ringbuf", "Dynptr has to be an uninitialized dynptr"},
};
#define SUCCESS_TEST(_func) { _func, #_func } #define SUCCESS_TEST(_func) { _func, #_func }
static struct { static struct {
...@@ -700,42 +681,6 @@ static struct { ...@@ -700,42 +681,6 @@ static struct {
SUCCESS_TEST(test_user_ringbuf_blocking_reserve), SUCCESS_TEST(test_user_ringbuf_blocking_reserve),
}; };
static void verify_fail(const char *prog_name, const char *expected_err_msg)
{
LIBBPF_OPTS(bpf_object_open_opts, opts);
struct bpf_program *prog;
struct user_ringbuf_fail *skel;
int err;
opts.kernel_log_buf = obj_log_buf;
opts.kernel_log_size = log_buf_sz;
opts.kernel_log_level = 1;
skel = user_ringbuf_fail__open_opts(&opts);
if (!ASSERT_OK_PTR(skel, "dynptr_fail__open_opts"))
goto cleanup;
prog = bpf_object__find_program_by_name(skel->obj, prog_name);
if (!ASSERT_OK_PTR(prog, "bpf_object__find_program_by_name"))
goto cleanup;
bpf_program__set_autoload(prog, true);
bpf_map__set_max_entries(skel->maps.user_ringbuf, getpagesize());
err = user_ringbuf_fail__load(skel);
if (!ASSERT_ERR(err, "unexpected load success"))
goto cleanup;
if (!ASSERT_OK_PTR(strstr(obj_log_buf, expected_err_msg), "expected_err_msg")) {
fprintf(stderr, "Expected err_msg: %s\n", expected_err_msg);
fprintf(stderr, "Verifier output: %s\n", obj_log_buf);
}
cleanup:
user_ringbuf_fail__destroy(skel);
}
void test_user_ringbuf(void) void test_user_ringbuf(void)
{ {
int i; int i;
...@@ -747,10 +692,5 @@ void test_user_ringbuf(void) ...@@ -747,10 +692,5 @@ void test_user_ringbuf(void)
success_tests[i].test_callback(); success_tests[i].test_callback();
} }
for (i = 0; i < ARRAY_SIZE(failure_tests); i++) { RUN_TESTS(user_ringbuf_fail);
if (!test__start_subtest(failure_tests[i].prog_name))
continue;
verify_fail(failure_tests[i].prog_name, failure_tests[i].expected_err_msg);
}
} }
...@@ -5,6 +5,7 @@ ...@@ -5,6 +5,7 @@
#include <bpf/bpf_tracing.h> #include <bpf/bpf_tracing.h>
#include <bpf/bpf_helpers.h> #include <bpf/bpf_helpers.h>
#include "bpf_misc.h"
#include "cgrp_kfunc_common.h" #include "cgrp_kfunc_common.h"
char _license[] SEC("license") = "GPL"; char _license[] SEC("license") = "GPL";
...@@ -28,6 +29,7 @@ static struct __cgrps_kfunc_map_value *insert_lookup_cgrp(struct cgroup *cgrp) ...@@ -28,6 +29,7 @@ static struct __cgrps_kfunc_map_value *insert_lookup_cgrp(struct cgroup *cgrp)
} }
SEC("tp_btf/cgroup_mkdir") SEC("tp_btf/cgroup_mkdir")
__failure __msg("Possibly NULL pointer passed to trusted arg0")
int BPF_PROG(cgrp_kfunc_acquire_untrusted, struct cgroup *cgrp, const char *path) int BPF_PROG(cgrp_kfunc_acquire_untrusted, struct cgroup *cgrp, const char *path)
{ {
struct cgroup *acquired; struct cgroup *acquired;
...@@ -45,6 +47,7 @@ int BPF_PROG(cgrp_kfunc_acquire_untrusted, struct cgroup *cgrp, const char *path ...@@ -45,6 +47,7 @@ int BPF_PROG(cgrp_kfunc_acquire_untrusted, struct cgroup *cgrp, const char *path
} }
SEC("tp_btf/cgroup_mkdir") SEC("tp_btf/cgroup_mkdir")
__failure __msg("arg#0 pointer type STRUCT cgroup must point")
int BPF_PROG(cgrp_kfunc_acquire_fp, struct cgroup *cgrp, const char *path) int BPF_PROG(cgrp_kfunc_acquire_fp, struct cgroup *cgrp, const char *path)
{ {
struct cgroup *acquired, *stack_cgrp = (struct cgroup *)&path; struct cgroup *acquired, *stack_cgrp = (struct cgroup *)&path;
...@@ -57,6 +60,7 @@ int BPF_PROG(cgrp_kfunc_acquire_fp, struct cgroup *cgrp, const char *path) ...@@ -57,6 +60,7 @@ int BPF_PROG(cgrp_kfunc_acquire_fp, struct cgroup *cgrp, const char *path)
} }
SEC("kretprobe/cgroup_destroy_locked") SEC("kretprobe/cgroup_destroy_locked")
__failure __msg("reg type unsupported for arg#0 function")
int BPF_PROG(cgrp_kfunc_acquire_unsafe_kretprobe, struct cgroup *cgrp) int BPF_PROG(cgrp_kfunc_acquire_unsafe_kretprobe, struct cgroup *cgrp)
{ {
struct cgroup *acquired; struct cgroup *acquired;
...@@ -69,6 +73,7 @@ int BPF_PROG(cgrp_kfunc_acquire_unsafe_kretprobe, struct cgroup *cgrp) ...@@ -69,6 +73,7 @@ int BPF_PROG(cgrp_kfunc_acquire_unsafe_kretprobe, struct cgroup *cgrp)
} }
SEC("tp_btf/cgroup_mkdir") SEC("tp_btf/cgroup_mkdir")
__failure __msg("cgrp_kfunc_acquire_trusted_walked")
int BPF_PROG(cgrp_kfunc_acquire_trusted_walked, struct cgroup *cgrp, const char *path) int BPF_PROG(cgrp_kfunc_acquire_trusted_walked, struct cgroup *cgrp, const char *path)
{ {
struct cgroup *acquired; struct cgroup *acquired;
...@@ -80,8 +85,8 @@ int BPF_PROG(cgrp_kfunc_acquire_trusted_walked, struct cgroup *cgrp, const char ...@@ -80,8 +85,8 @@ int BPF_PROG(cgrp_kfunc_acquire_trusted_walked, struct cgroup *cgrp, const char
return 0; return 0;
} }
SEC("tp_btf/cgroup_mkdir") SEC("tp_btf/cgroup_mkdir")
__failure __msg("Possibly NULL pointer passed to trusted arg0")
int BPF_PROG(cgrp_kfunc_acquire_null, struct cgroup *cgrp, const char *path) int BPF_PROG(cgrp_kfunc_acquire_null, struct cgroup *cgrp, const char *path)
{ {
struct cgroup *acquired; struct cgroup *acquired;
...@@ -96,6 +101,7 @@ int BPF_PROG(cgrp_kfunc_acquire_null, struct cgroup *cgrp, const char *path) ...@@ -96,6 +101,7 @@ int BPF_PROG(cgrp_kfunc_acquire_null, struct cgroup *cgrp, const char *path)
} }
SEC("tp_btf/cgroup_mkdir") SEC("tp_btf/cgroup_mkdir")
__failure __msg("Unreleased reference")
int BPF_PROG(cgrp_kfunc_acquire_unreleased, struct cgroup *cgrp, const char *path) int BPF_PROG(cgrp_kfunc_acquire_unreleased, struct cgroup *cgrp, const char *path)
{ {
struct cgroup *acquired; struct cgroup *acquired;
...@@ -108,6 +114,7 @@ int BPF_PROG(cgrp_kfunc_acquire_unreleased, struct cgroup *cgrp, const char *pat ...@@ -108,6 +114,7 @@ int BPF_PROG(cgrp_kfunc_acquire_unreleased, struct cgroup *cgrp, const char *pat
} }
SEC("tp_btf/cgroup_mkdir") SEC("tp_btf/cgroup_mkdir")
__failure __msg("arg#0 expected pointer to map value")
int BPF_PROG(cgrp_kfunc_get_non_kptr_param, struct cgroup *cgrp, const char *path) int BPF_PROG(cgrp_kfunc_get_non_kptr_param, struct cgroup *cgrp, const char *path)
{ {
struct cgroup *kptr; struct cgroup *kptr;
...@@ -123,6 +130,7 @@ int BPF_PROG(cgrp_kfunc_get_non_kptr_param, struct cgroup *cgrp, const char *pat ...@@ -123,6 +130,7 @@ int BPF_PROG(cgrp_kfunc_get_non_kptr_param, struct cgroup *cgrp, const char *pat
} }
SEC("tp_btf/cgroup_mkdir") SEC("tp_btf/cgroup_mkdir")
__failure __msg("arg#0 expected pointer to map value")
int BPF_PROG(cgrp_kfunc_get_non_kptr_acquired, struct cgroup *cgrp, const char *path) int BPF_PROG(cgrp_kfunc_get_non_kptr_acquired, struct cgroup *cgrp, const char *path)
{ {
struct cgroup *kptr, *acquired; struct cgroup *kptr, *acquired;
...@@ -141,6 +149,7 @@ int BPF_PROG(cgrp_kfunc_get_non_kptr_acquired, struct cgroup *cgrp, const char * ...@@ -141,6 +149,7 @@ int BPF_PROG(cgrp_kfunc_get_non_kptr_acquired, struct cgroup *cgrp, const char *
} }
SEC("tp_btf/cgroup_mkdir") SEC("tp_btf/cgroup_mkdir")
__failure __msg("arg#0 expected pointer to map value")
int BPF_PROG(cgrp_kfunc_get_null, struct cgroup *cgrp, const char *path) int BPF_PROG(cgrp_kfunc_get_null, struct cgroup *cgrp, const char *path)
{ {
struct cgroup *kptr; struct cgroup *kptr;
...@@ -156,6 +165,7 @@ int BPF_PROG(cgrp_kfunc_get_null, struct cgroup *cgrp, const char *path) ...@@ -156,6 +165,7 @@ int BPF_PROG(cgrp_kfunc_get_null, struct cgroup *cgrp, const char *path)
} }
SEC("tp_btf/cgroup_mkdir") SEC("tp_btf/cgroup_mkdir")
__failure __msg("Unreleased reference")
int BPF_PROG(cgrp_kfunc_xchg_unreleased, struct cgroup *cgrp, const char *path) int BPF_PROG(cgrp_kfunc_xchg_unreleased, struct cgroup *cgrp, const char *path)
{ {
struct cgroup *kptr; struct cgroup *kptr;
...@@ -175,6 +185,7 @@ int BPF_PROG(cgrp_kfunc_xchg_unreleased, struct cgroup *cgrp, const char *path) ...@@ -175,6 +185,7 @@ int BPF_PROG(cgrp_kfunc_xchg_unreleased, struct cgroup *cgrp, const char *path)
} }
SEC("tp_btf/cgroup_mkdir") SEC("tp_btf/cgroup_mkdir")
__failure __msg("Unreleased reference")
int BPF_PROG(cgrp_kfunc_get_unreleased, struct cgroup *cgrp, const char *path) int BPF_PROG(cgrp_kfunc_get_unreleased, struct cgroup *cgrp, const char *path)
{ {
struct cgroup *kptr; struct cgroup *kptr;
...@@ -194,6 +205,7 @@ int BPF_PROG(cgrp_kfunc_get_unreleased, struct cgroup *cgrp, const char *path) ...@@ -194,6 +205,7 @@ int BPF_PROG(cgrp_kfunc_get_unreleased, struct cgroup *cgrp, const char *path)
} }
SEC("tp_btf/cgroup_mkdir") SEC("tp_btf/cgroup_mkdir")
__failure __msg("arg#0 is untrusted_ptr_or_null_ expected ptr_ or socket")
int BPF_PROG(cgrp_kfunc_release_untrusted, struct cgroup *cgrp, const char *path) int BPF_PROG(cgrp_kfunc_release_untrusted, struct cgroup *cgrp, const char *path)
{ {
struct __cgrps_kfunc_map_value *v; struct __cgrps_kfunc_map_value *v;
...@@ -209,6 +221,7 @@ int BPF_PROG(cgrp_kfunc_release_untrusted, struct cgroup *cgrp, const char *path ...@@ -209,6 +221,7 @@ int BPF_PROG(cgrp_kfunc_release_untrusted, struct cgroup *cgrp, const char *path
} }
SEC("tp_btf/cgroup_mkdir") SEC("tp_btf/cgroup_mkdir")
__failure __msg("arg#0 pointer type STRUCT cgroup must point")
int BPF_PROG(cgrp_kfunc_release_fp, struct cgroup *cgrp, const char *path) int BPF_PROG(cgrp_kfunc_release_fp, struct cgroup *cgrp, const char *path)
{ {
struct cgroup *acquired = (struct cgroup *)&path; struct cgroup *acquired = (struct cgroup *)&path;
...@@ -220,6 +233,7 @@ int BPF_PROG(cgrp_kfunc_release_fp, struct cgroup *cgrp, const char *path) ...@@ -220,6 +233,7 @@ int BPF_PROG(cgrp_kfunc_release_fp, struct cgroup *cgrp, const char *path)
} }
SEC("tp_btf/cgroup_mkdir") SEC("tp_btf/cgroup_mkdir")
__failure __msg("arg#0 is ptr_or_null_ expected ptr_ or socket")
int BPF_PROG(cgrp_kfunc_release_null, struct cgroup *cgrp, const char *path) int BPF_PROG(cgrp_kfunc_release_null, struct cgroup *cgrp, const char *path)
{ {
struct __cgrps_kfunc_map_value local, *v; struct __cgrps_kfunc_map_value local, *v;
...@@ -251,6 +265,7 @@ int BPF_PROG(cgrp_kfunc_release_null, struct cgroup *cgrp, const char *path) ...@@ -251,6 +265,7 @@ int BPF_PROG(cgrp_kfunc_release_null, struct cgroup *cgrp, const char *path)
} }
SEC("tp_btf/cgroup_mkdir") SEC("tp_btf/cgroup_mkdir")
__failure __msg("release kernel function bpf_cgroup_release expects")
int BPF_PROG(cgrp_kfunc_release_unacquired, struct cgroup *cgrp, const char *path) int BPF_PROG(cgrp_kfunc_release_unacquired, struct cgroup *cgrp, const char *path)
{ {
/* Cannot release trusted cgroup pointer which was not acquired. */ /* Cannot release trusted cgroup pointer which was not acquired. */
......
...@@ -10,6 +10,7 @@ ...@@ -10,6 +10,7 @@
#include <errno.h> #include <errno.h>
#include <bpf/bpf_helpers.h> #include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h> #include <bpf/bpf_tracing.h>
#include "bpf_misc.h"
extern struct bpf_key *bpf_lookup_system_key(__u64 id) __ksym; extern struct bpf_key *bpf_lookup_system_key(__u64 id) __ksym;
extern void bpf_key_put(struct bpf_key *key) __ksym; extern void bpf_key_put(struct bpf_key *key) __ksym;
...@@ -19,6 +20,7 @@ extern int bpf_verify_pkcs7_signature(struct bpf_dynptr *data_ptr, ...@@ -19,6 +20,7 @@ extern int bpf_verify_pkcs7_signature(struct bpf_dynptr *data_ptr,
struct { struct {
__uint(type, BPF_MAP_TYPE_RINGBUF); __uint(type, BPF_MAP_TYPE_RINGBUF);
__uint(max_entries, 4096);
} ringbuf SEC(".maps"); } ringbuf SEC(".maps");
struct { struct {
...@@ -33,6 +35,7 @@ int err, pid; ...@@ -33,6 +35,7 @@ int err, pid;
char _license[] SEC("license") = "GPL"; char _license[] SEC("license") = "GPL";
SEC("?lsm.s/bpf") SEC("?lsm.s/bpf")
__failure __msg("cannot pass in dynptr at an offset=-8")
int BPF_PROG(not_valid_dynptr, int cmd, union bpf_attr *attr, unsigned int size) int BPF_PROG(not_valid_dynptr, int cmd, union bpf_attr *attr, unsigned int size)
{ {
unsigned long val; unsigned long val;
...@@ -42,6 +45,7 @@ int BPF_PROG(not_valid_dynptr, int cmd, union bpf_attr *attr, unsigned int size) ...@@ -42,6 +45,7 @@ int BPF_PROG(not_valid_dynptr, int cmd, union bpf_attr *attr, unsigned int size)
} }
SEC("?lsm.s/bpf") SEC("?lsm.s/bpf")
__failure __msg("arg#0 expected pointer to stack or dynptr_ptr")
int BPF_PROG(not_ptr_to_stack, int cmd, union bpf_attr *attr, unsigned int size) int BPF_PROG(not_ptr_to_stack, int cmd, union bpf_attr *attr, unsigned int size)
{ {
unsigned long val; unsigned long val;
......
...@@ -16,6 +16,7 @@ struct sample { ...@@ -16,6 +16,7 @@ struct sample {
struct { struct {
__uint(type, BPF_MAP_TYPE_USER_RINGBUF); __uint(type, BPF_MAP_TYPE_USER_RINGBUF);
__uint(max_entries, 4096);
} user_ringbuf SEC(".maps"); } user_ringbuf SEC(".maps");
struct { struct {
...@@ -39,7 +40,8 @@ bad_access1(struct bpf_dynptr *dynptr, void *context) ...@@ -39,7 +40,8 @@ bad_access1(struct bpf_dynptr *dynptr, void *context)
/* A callback that accesses a dynptr in a bpf_user_ringbuf_drain callback should /* A callback that accesses a dynptr in a bpf_user_ringbuf_drain callback should
* not be able to read before the pointer. * not be able to read before the pointer.
*/ */
SEC("?raw_tp/") SEC("?raw_tp")
__failure __msg("negative offset dynptr_ptr ptr")
int user_ringbuf_callback_bad_access1(void *ctx) int user_ringbuf_callback_bad_access1(void *ctx)
{ {
bpf_user_ringbuf_drain(&user_ringbuf, bad_access1, NULL, 0); bpf_user_ringbuf_drain(&user_ringbuf, bad_access1, NULL, 0);
...@@ -61,7 +63,8 @@ bad_access2(struct bpf_dynptr *dynptr, void *context) ...@@ -61,7 +63,8 @@ bad_access2(struct bpf_dynptr *dynptr, void *context)
/* A callback that accesses a dynptr in a bpf_user_ringbuf_drain callback should /* A callback that accesses a dynptr in a bpf_user_ringbuf_drain callback should
* not be able to read past the end of the pointer. * not be able to read past the end of the pointer.
*/ */
SEC("?raw_tp/") SEC("?raw_tp")
__failure __msg("dereference of modified dynptr_ptr ptr")
int user_ringbuf_callback_bad_access2(void *ctx) int user_ringbuf_callback_bad_access2(void *ctx)
{ {
bpf_user_ringbuf_drain(&user_ringbuf, bad_access2, NULL, 0); bpf_user_ringbuf_drain(&user_ringbuf, bad_access2, NULL, 0);
...@@ -80,7 +83,8 @@ write_forbidden(struct bpf_dynptr *dynptr, void *context) ...@@ -80,7 +83,8 @@ write_forbidden(struct bpf_dynptr *dynptr, void *context)
/* A callback that accesses a dynptr in a bpf_user_ringbuf_drain callback should /* A callback that accesses a dynptr in a bpf_user_ringbuf_drain callback should
* not be able to write to that pointer. * not be able to write to that pointer.
*/ */
SEC("?raw_tp/") SEC("?raw_tp")
__failure __msg("invalid mem access 'dynptr_ptr'")
int user_ringbuf_callback_write_forbidden(void *ctx) int user_ringbuf_callback_write_forbidden(void *ctx)
{ {
bpf_user_ringbuf_drain(&user_ringbuf, write_forbidden, NULL, 0); bpf_user_ringbuf_drain(&user_ringbuf, write_forbidden, NULL, 0);
...@@ -99,7 +103,8 @@ null_context_write(struct bpf_dynptr *dynptr, void *context) ...@@ -99,7 +103,8 @@ null_context_write(struct bpf_dynptr *dynptr, void *context)
/* A callback that accesses a dynptr in a bpf_user_ringbuf_drain callback should /* A callback that accesses a dynptr in a bpf_user_ringbuf_drain callback should
* not be able to write to that pointer. * not be able to write to that pointer.
*/ */
SEC("?raw_tp/") SEC("?raw_tp")
__failure __msg("invalid mem access 'scalar'")
int user_ringbuf_callback_null_context_write(void *ctx) int user_ringbuf_callback_null_context_write(void *ctx)
{ {
bpf_user_ringbuf_drain(&user_ringbuf, null_context_write, NULL, 0); bpf_user_ringbuf_drain(&user_ringbuf, null_context_write, NULL, 0);
...@@ -120,7 +125,8 @@ null_context_read(struct bpf_dynptr *dynptr, void *context) ...@@ -120,7 +125,8 @@ null_context_read(struct bpf_dynptr *dynptr, void *context)
/* A callback that accesses a dynptr in a bpf_user_ringbuf_drain callback should /* A callback that accesses a dynptr in a bpf_user_ringbuf_drain callback should
* not be able to write to that pointer. * not be able to write to that pointer.
*/ */
SEC("?raw_tp/") SEC("?raw_tp")
__failure __msg("invalid mem access 'scalar'")
int user_ringbuf_callback_null_context_read(void *ctx) int user_ringbuf_callback_null_context_read(void *ctx)
{ {
bpf_user_ringbuf_drain(&user_ringbuf, null_context_read, NULL, 0); bpf_user_ringbuf_drain(&user_ringbuf, null_context_read, NULL, 0);
...@@ -139,7 +145,8 @@ try_discard_dynptr(struct bpf_dynptr *dynptr, void *context) ...@@ -139,7 +145,8 @@ try_discard_dynptr(struct bpf_dynptr *dynptr, void *context)
/* A callback that accesses a dynptr in a bpf_user_ringbuf_drain callback should /* A callback that accesses a dynptr in a bpf_user_ringbuf_drain callback should
* not be able to read past the end of the pointer. * not be able to read past the end of the pointer.
*/ */
SEC("?raw_tp/") SEC("?raw_tp")
__failure __msg("cannot release unowned const bpf_dynptr")
int user_ringbuf_callback_discard_dynptr(void *ctx) int user_ringbuf_callback_discard_dynptr(void *ctx)
{ {
bpf_user_ringbuf_drain(&user_ringbuf, try_discard_dynptr, NULL, 0); bpf_user_ringbuf_drain(&user_ringbuf, try_discard_dynptr, NULL, 0);
...@@ -158,7 +165,8 @@ try_submit_dynptr(struct bpf_dynptr *dynptr, void *context) ...@@ -158,7 +165,8 @@ try_submit_dynptr(struct bpf_dynptr *dynptr, void *context)
/* A callback that accesses a dynptr in a bpf_user_ringbuf_drain callback should /* A callback that accesses a dynptr in a bpf_user_ringbuf_drain callback should
* not be able to read past the end of the pointer. * not be able to read past the end of the pointer.
*/ */
SEC("?raw_tp/") SEC("?raw_tp")
__failure __msg("cannot release unowned const bpf_dynptr")
int user_ringbuf_callback_submit_dynptr(void *ctx) int user_ringbuf_callback_submit_dynptr(void *ctx)
{ {
bpf_user_ringbuf_drain(&user_ringbuf, try_submit_dynptr, NULL, 0); bpf_user_ringbuf_drain(&user_ringbuf, try_submit_dynptr, NULL, 0);
...@@ -175,7 +183,8 @@ invalid_drain_callback_return(struct bpf_dynptr *dynptr, void *context) ...@@ -175,7 +183,8 @@ invalid_drain_callback_return(struct bpf_dynptr *dynptr, void *context)
/* A callback that accesses a dynptr in a bpf_user_ringbuf_drain callback should /* A callback that accesses a dynptr in a bpf_user_ringbuf_drain callback should
* not be able to write to that pointer. * not be able to write to that pointer.
*/ */
SEC("?raw_tp/") SEC("?raw_tp")
__failure __msg("At callback return the register R0 has value")
int user_ringbuf_callback_invalid_return(void *ctx) int user_ringbuf_callback_invalid_return(void *ctx)
{ {
bpf_user_ringbuf_drain(&user_ringbuf, invalid_drain_callback_return, NULL, 0); bpf_user_ringbuf_drain(&user_ringbuf, invalid_drain_callback_return, NULL, 0);
...@@ -197,14 +206,16 @@ try_reinit_dynptr_ringbuf(struct bpf_dynptr *dynptr, void *context) ...@@ -197,14 +206,16 @@ try_reinit_dynptr_ringbuf(struct bpf_dynptr *dynptr, void *context)
return 0; return 0;
} }
SEC("?raw_tp/") SEC("?raw_tp")
__failure __msg("Dynptr has to be an uninitialized dynptr")
int user_ringbuf_callback_reinit_dynptr_mem(void *ctx) int user_ringbuf_callback_reinit_dynptr_mem(void *ctx)
{ {
bpf_user_ringbuf_drain(&user_ringbuf, try_reinit_dynptr_mem, NULL, 0); bpf_user_ringbuf_drain(&user_ringbuf, try_reinit_dynptr_mem, NULL, 0);
return 0; return 0;
} }
SEC("?raw_tp/") SEC("?raw_tp")
__failure __msg("Dynptr has to be an uninitialized dynptr")
int user_ringbuf_callback_reinit_dynptr_ringbuf(void *ctx) int user_ringbuf_callback_reinit_dynptr_ringbuf(void *ctx)
{ {
bpf_user_ringbuf_drain(&user_ringbuf, try_reinit_dynptr_ringbuf, NULL, 0); bpf_user_ringbuf_drain(&user_ringbuf, try_reinit_dynptr_ringbuf, NULL, 0);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment