Message ID | 20200925000421.3857616-1-kafai@fb.com |
---|---|
State | New |
Headers | show |
Series | bpf: Enable bpf_skc_to_* sock casting helper to networking prog type | expand |
On Fri, 25 Sep 2020 at 01:04, Martin KaFai Lau <kafai@fb.com> wrote: > > The patch tests for: > 1. bpf_sk_release() can be called on a tcp_sock btf_id ptr. > > 2. Ensure the tcp_sock btf_id pointer cannot be used > after bpf_sk_release(). > > Signed-off-by: Martin KaFai Lau <kafai@fb.com> Acked-by: Lorenz Bauer <lmb@cloudflare.com> > --- > .../selftests/bpf/verifier/ref_tracking.c | 47 +++++++++++++++++++ > 1 file changed, 47 insertions(+) > > diff --git a/tools/testing/selftests/bpf/verifier/ref_tracking.c b/tools/testing/selftests/bpf/verifier/ref_tracking.c > index 056e0273bf12..006b5bd99c08 100644 > --- a/tools/testing/selftests/bpf/verifier/ref_tracking.c > +++ b/tools/testing/selftests/bpf/verifier/ref_tracking.c > @@ -854,3 +854,50 @@ > .errstr = "Unreleased reference", > .result = REJECT, > }, > +{ > + "reference tracking: bpf_sk_release(btf_tcp_sock)", > + .insns = { > + BPF_SK_LOOKUP(sk_lookup_tcp), > + BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), > + BPF_EXIT_INSN(), > + BPF_MOV64_REG(BPF_REG_6, BPF_REG_0), > + BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), > + BPF_EMIT_CALL(BPF_FUNC_skc_to_tcp_sock), > + BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 3), > + BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), > + BPF_EMIT_CALL(BPF_FUNC_sk_release), > + BPF_EXIT_INSN(), > + BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), > + BPF_EMIT_CALL(BPF_FUNC_sk_release), > + BPF_EXIT_INSN(), > + }, > + .prog_type = BPF_PROG_TYPE_SCHED_CLS, > + .result = ACCEPT, > + .result_unpriv = REJECT, > + .errstr_unpriv = "unknown func", > +}, > +{ > + "reference tracking: use ptr from bpf_skc_to_tcp_sock() after release", > + .insns = { > + BPF_SK_LOOKUP(sk_lookup_tcp), > + BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), > + BPF_EXIT_INSN(), > + BPF_MOV64_REG(BPF_REG_6, BPF_REG_0), > + BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), > + BPF_EMIT_CALL(BPF_FUNC_skc_to_tcp_sock), > + BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 3), > + BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), > + BPF_EMIT_CALL(BPF_FUNC_sk_release), > + BPF_EXIT_INSN(), > + BPF_MOV64_REG(BPF_REG_7, BPF_REG_0), > + BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), > + BPF_EMIT_CALL(BPF_FUNC_sk_release), > + BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_7, 0), > + BPF_EXIT_INSN(), > + }, > + .prog_type = BPF_PROG_TYPE_SCHED_CLS, > + .result = REJECT, > + .errstr = "invalid mem access", > + .result_unpriv = REJECT, > + .errstr_unpriv = "unknown func", > +}, > -- > 2.24.1 >
diff --git a/tools/testing/selftests/bpf/verifier/ref_tracking.c b/tools/testing/selftests/bpf/verifier/ref_tracking.c index 056e0273bf12..006b5bd99c08 100644 --- a/tools/testing/selftests/bpf/verifier/ref_tracking.c +++ b/tools/testing/selftests/bpf/verifier/ref_tracking.c @@ -854,3 +854,50 @@ .errstr = "Unreleased reference", .result = REJECT, }, +{ + "reference tracking: bpf_sk_release(btf_tcp_sock)", + .insns = { + BPF_SK_LOOKUP(sk_lookup_tcp), + BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), + BPF_EXIT_INSN(), + BPF_MOV64_REG(BPF_REG_6, BPF_REG_0), + BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), + BPF_EMIT_CALL(BPF_FUNC_skc_to_tcp_sock), + BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 3), + BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), + BPF_EMIT_CALL(BPF_FUNC_sk_release), + BPF_EXIT_INSN(), + BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), + BPF_EMIT_CALL(BPF_FUNC_sk_release), + BPF_EXIT_INSN(), + }, + .prog_type = BPF_PROG_TYPE_SCHED_CLS, + .result = ACCEPT, + .result_unpriv = REJECT, + .errstr_unpriv = "unknown func", +}, +{ + "reference tracking: use ptr from bpf_skc_to_tcp_sock() after release", + .insns = { + BPF_SK_LOOKUP(sk_lookup_tcp), + BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), + BPF_EXIT_INSN(), + BPF_MOV64_REG(BPF_REG_6, BPF_REG_0), + BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), + BPF_EMIT_CALL(BPF_FUNC_skc_to_tcp_sock), + BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 3), + BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), + BPF_EMIT_CALL(BPF_FUNC_sk_release), + BPF_EXIT_INSN(), + BPF_MOV64_REG(BPF_REG_7, BPF_REG_0), + BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), + BPF_EMIT_CALL(BPF_FUNC_sk_release), + BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_7, 0), + BPF_EXIT_INSN(), + }, + .prog_type = BPF_PROG_TYPE_SCHED_CLS, + .result = REJECT, + .errstr = "invalid mem access", + .result_unpriv = REJECT, + .errstr_unpriv = "unknown func", +},
The patch tests for: 1. bpf_sk_release() can be called on a tcp_sock btf_id ptr. 2. Ensure the tcp_sock btf_id pointer cannot be used after bpf_sk_release(). Signed-off-by: Martin KaFai Lau <kafai@fb.com> --- .../selftests/bpf/verifier/ref_tracking.c | 47 +++++++++++++++++++ 1 file changed, 47 insertions(+)