selftests/bpf: Test for writes to map key from BPF helpers

When invoking bpf_for_each_map_elem callback, we are passed a PTR_TO_MAP_KEY, previously writes to this through helper may be allowed, but the fix in previous patches is meant to prevent that case. The test case tries to pass it as writable memory to helper, and fails test if it succeeds to pass the verifier. Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20220319080827.73251-6-memxor@gmail.comSigned-off-by: Alexei Starovoitov <ast@kernel.org>

selftests/bpf: Test for writes to map key from BPF helpers
When invoking bpf_for_each_map_elem callback, we are passed a PTR_TO_MAP_KEY, previously writes to this through helper may be allowed, but the fix in previous patches is meant to prevent that case. The test case tries to pass it as writable memory to helper, and fails test if it succeeds to pass the verifier. Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/r/20220319080827.73251-6-memxor@gmail.comSigned-off-by: Alexei Starovoitov <ast@kernel.org>
9fc4476a · Kumar Kartikeya Dwivedi · Alexei Starovoitov · 7cb29b1c · 9fc4476a · 9fc4476a
Commit 9fc4476a authored Mar 19, 2022 by Kumar Kartikeya Dwivedi Committed by Alexei Starovoitov Apr 06, 2022
2 changed files
--- a/tools/testing/selftests/bpf/prog_tests/for_each.c
+++ b/tools/testing/selftests/bpf/prog_tests/for_each.c
@@ -4,6 +4,7 @@
 #include <network_helpers.h>
 #include "for_each_hash_map_elem.skel.h"
 #include "for_each_array_map_elem.skel.h"
+#include "for_each_map_elem_write_key.skel.h"

 static unsigned int duration;

@@ -129,10 +130,21 @@ static void test_array_map(void)
 	for_each_array_map_elem__destroy(skel);
 }

+static void test_write_map_key(void)
+{
+	struct for_each_map_elem_write_key *skel;
+
+	skel = for_each_map_elem_write_key__open_and_load();
+	if (!ASSERT_ERR_PTR(skel, "for_each_map_elem_write_key__open_and_load"))
+		for_each_map_elem_write_key__destroy(skel);
+}
+
 void test_for_each(void)
 {
 	if (test__start_subtest("hash_map"))
 		test_hash_map();
 	if (test__start_subtest("array_map"))
 		test_array_map();
+	if (test__start_subtest("write_map_key"))
+		test_write_map_key();
 }
--- a/tools/testing/selftests/bpf/progs/for_each_map_elem_write_key.c
+++ b/tools/testing/selftests/bpf/progs/for_each_map_elem_write_key.c
+// SPDX-License-Identifier: GPL-2.0
+#include <vmlinux.h>
+#include <bpf/bpf_helpers.h>
+
+struct {
+	__uint(type, BPF_MAP_TYPE_ARRAY);
+	__uint(max_entries, 1);
+	__type(key, __u32);
+	__type(value, __u64);
+} array_map SEC(".maps");
+
+static __u64
+check_array_elem(struct bpf_map *map, __u32 *key, __u64 *val,
+		 void *data)
+{
+	bpf_get_current_comm(key, sizeof(*key));
+	return 0;
+}
+
+SEC("raw_tp/sys_enter")
+int test_map_key_write(const void *ctx)
+{
+	bpf_for_each_map_elem(&array_map, check_array_elem, NULL, 0);
+	return 0;
+}
+
+char _license[] SEC("license") = "GPL";