提交 a6c39de7 编写于 作者: D Daniel Borkmann

bpf, selftests: Add test cases for pointer alu from multiple paths

Add several test cases for checking update_alu_sanitation_state() under
multiple paths:

  # ./test_verifier
  [...]
  #1061/u map access: known scalar += value_ptr unknown vs const OK
  #1061/p map access: known scalar += value_ptr unknown vs const OK
  #1062/u map access: known scalar += value_ptr const vs unknown OK
  #1062/p map access: known scalar += value_ptr const vs unknown OK
  #1063/u map access: known scalar += value_ptr const vs const (ne) OK
  #1063/p map access: known scalar += value_ptr const vs const (ne) OK
  #1064/u map access: known scalar += value_ptr const vs const (eq) OK
  #1064/p map access: known scalar += value_ptr const vs const (eq) OK
  #1065/u map access: known scalar += value_ptr unknown vs unknown (eq) OK
  #1065/p map access: known scalar += value_ptr unknown vs unknown (eq) OK
  #1066/u map access: known scalar += value_ptr unknown vs unknown (lt) OK
  #1066/p map access: known scalar += value_ptr unknown vs unknown (lt) OK
  #1067/u map access: known scalar += value_ptr unknown vs unknown (gt) OK
  #1067/p map access: known scalar += value_ptr unknown vs unknown (gt) OK
  [...]
  Summary: 1762 PASSED, 0 SKIPPED, 0 FAILED
Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
Acked-by: NAlexei Starovoitov <ast@kernel.org>
上级 e042aa53
{
"map access: known scalar += value_ptr unknown vs const",
.insns = {
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
offsetof(struct __sk_buff, len)),
BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 1, 3),
BPF_LD_MAP_FD(BPF_REG_1, 0),
BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 1, 2),
BPF_LD_MAP_FD(BPF_REG_1, 0),
BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 9),
BPF_LDX_MEM(BPF_B, BPF_REG_4, BPF_REG_0, 0),
BPF_JMP_IMM(BPF_JEQ, BPF_REG_4, 1, 4),
BPF_MOV64_IMM(BPF_REG_1, 6),
BPF_ALU64_IMM(BPF_NEG, BPF_REG_1, 0),
BPF_ALU64_IMM(BPF_AND, BPF_REG_1, 0x7),
BPF_JMP_IMM(BPF_JA, 0, 0, 1),
BPF_MOV64_IMM(BPF_REG_1, 3),
BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_0),
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 0),
BPF_MOV64_IMM(BPF_REG_0, 1),
BPF_EXIT_INSN(),
},
.fixup_map_hash_16b = { 5 },
.fixup_map_array_48b = { 8 },
.result_unpriv = REJECT,
.errstr_unpriv = "R1 tried to add from different maps, paths or scalars",
.result = ACCEPT,
.retval = 1,
},
{
"map access: known scalar += value_ptr const vs unknown",
.insns = {
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
offsetof(struct __sk_buff, len)),
BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 1, 3),
BPF_LD_MAP_FD(BPF_REG_1, 0),
BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 1, 2),
BPF_LD_MAP_FD(BPF_REG_1, 0),
BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 9),
BPF_LDX_MEM(BPF_B, BPF_REG_4, BPF_REG_0, 0),
BPF_JMP_IMM(BPF_JEQ, BPF_REG_4, 1, 2),
BPF_MOV64_IMM(BPF_REG_1, 3),
BPF_JMP_IMM(BPF_JA, 0, 0, 3),
BPF_MOV64_IMM(BPF_REG_1, 6),
BPF_ALU64_IMM(BPF_NEG, BPF_REG_1, 0),
BPF_ALU64_IMM(BPF_AND, BPF_REG_1, 0x7),
BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_0),
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 0),
BPF_MOV64_IMM(BPF_REG_0, 1),
BPF_EXIT_INSN(),
},
.fixup_map_hash_16b = { 5 },
.fixup_map_array_48b = { 8 },
.result_unpriv = REJECT,
.errstr_unpriv = "R1 tried to add from different maps, paths or scalars",
.result = ACCEPT,
.retval = 1,
},
{
"map access: known scalar += value_ptr const vs const (ne)",
.insns = {
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
offsetof(struct __sk_buff, len)),
BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 1, 3),
BPF_LD_MAP_FD(BPF_REG_1, 0),
BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 1, 2),
BPF_LD_MAP_FD(BPF_REG_1, 0),
BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 7),
BPF_LDX_MEM(BPF_B, BPF_REG_4, BPF_REG_0, 0),
BPF_JMP_IMM(BPF_JEQ, BPF_REG_4, 1, 2),
BPF_MOV64_IMM(BPF_REG_1, 3),
BPF_JMP_IMM(BPF_JA, 0, 0, 1),
BPF_MOV64_IMM(BPF_REG_1, 5),
BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_0),
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 0),
BPF_MOV64_IMM(BPF_REG_0, 1),
BPF_EXIT_INSN(),
},
.fixup_map_hash_16b = { 5 },
.fixup_map_array_48b = { 8 },
.result_unpriv = REJECT,
.errstr_unpriv = "R1 tried to add from different maps, paths or scalars",
.result = ACCEPT,
.retval = 1,
},
{
"map access: known scalar += value_ptr const vs const (eq)",
.insns = {
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
offsetof(struct __sk_buff, len)),
BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 1, 3),
BPF_LD_MAP_FD(BPF_REG_1, 0),
BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 1, 2),
BPF_LD_MAP_FD(BPF_REG_1, 0),
BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 7),
BPF_LDX_MEM(BPF_B, BPF_REG_4, BPF_REG_0, 0),
BPF_JMP_IMM(BPF_JEQ, BPF_REG_4, 1, 2),
BPF_MOV64_IMM(BPF_REG_1, 5),
BPF_JMP_IMM(BPF_JA, 0, 0, 1),
BPF_MOV64_IMM(BPF_REG_1, 5),
BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_0),
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 0),
BPF_MOV64_IMM(BPF_REG_0, 1),
BPF_EXIT_INSN(),
},
.fixup_map_hash_16b = { 5 },
.fixup_map_array_48b = { 8 },
.result = ACCEPT,
.retval = 1,
},
{
"map access: known scalar += value_ptr unknown vs unknown (eq)",
.insns = {
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
offsetof(struct __sk_buff, len)),
BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 1, 3),
BPF_LD_MAP_FD(BPF_REG_1, 0),
BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 1, 2),
BPF_LD_MAP_FD(BPF_REG_1, 0),
BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 11),
BPF_LDX_MEM(BPF_B, BPF_REG_4, BPF_REG_0, 0),
BPF_JMP_IMM(BPF_JEQ, BPF_REG_4, 1, 4),
BPF_MOV64_IMM(BPF_REG_1, 6),
BPF_ALU64_IMM(BPF_NEG, BPF_REG_1, 0),
BPF_ALU64_IMM(BPF_AND, BPF_REG_1, 0x7),
BPF_JMP_IMM(BPF_JA, 0, 0, 3),
BPF_MOV64_IMM(BPF_REG_1, 6),
BPF_ALU64_IMM(BPF_NEG, BPF_REG_1, 0),
BPF_ALU64_IMM(BPF_AND, BPF_REG_1, 0x7),
BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_0),
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 0),
BPF_MOV64_IMM(BPF_REG_0, 1),
BPF_EXIT_INSN(),
},
.fixup_map_hash_16b = { 5 },
.fixup_map_array_48b = { 8 },
.result = ACCEPT,
.retval = 1,
},
{
"map access: known scalar += value_ptr unknown vs unknown (lt)",
.insns = {
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
offsetof(struct __sk_buff, len)),
BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 1, 3),
BPF_LD_MAP_FD(BPF_REG_1, 0),
BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 1, 2),
BPF_LD_MAP_FD(BPF_REG_1, 0),
BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 11),
BPF_LDX_MEM(BPF_B, BPF_REG_4, BPF_REG_0, 0),
BPF_JMP_IMM(BPF_JEQ, BPF_REG_4, 1, 4),
BPF_MOV64_IMM(BPF_REG_1, 6),
BPF_ALU64_IMM(BPF_NEG, BPF_REG_1, 0),
BPF_ALU64_IMM(BPF_AND, BPF_REG_1, 0x3),
BPF_JMP_IMM(BPF_JA, 0, 0, 3),
BPF_MOV64_IMM(BPF_REG_1, 6),
BPF_ALU64_IMM(BPF_NEG, BPF_REG_1, 0),
BPF_ALU64_IMM(BPF_AND, BPF_REG_1, 0x7),
BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_0),
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 0),
BPF_MOV64_IMM(BPF_REG_0, 1),
BPF_EXIT_INSN(),
},
.fixup_map_hash_16b = { 5 },
.fixup_map_array_48b = { 8 },
.result_unpriv = REJECT,
.errstr_unpriv = "R1 tried to add from different maps, paths or scalars",
.result = ACCEPT,
.retval = 1,
},
{
"map access: known scalar += value_ptr unknown vs unknown (gt)",
.insns = {
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
offsetof(struct __sk_buff, len)),
BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 1, 3),
BPF_LD_MAP_FD(BPF_REG_1, 0),
BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 1, 2),
BPF_LD_MAP_FD(BPF_REG_1, 0),
BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 11),
BPF_LDX_MEM(BPF_B, BPF_REG_4, BPF_REG_0, 0),
BPF_JMP_IMM(BPF_JEQ, BPF_REG_4, 1, 4),
BPF_MOV64_IMM(BPF_REG_1, 6),
BPF_ALU64_IMM(BPF_NEG, BPF_REG_1, 0),
BPF_ALU64_IMM(BPF_AND, BPF_REG_1, 0x7),
BPF_JMP_IMM(BPF_JA, 0, 0, 3),
BPF_MOV64_IMM(BPF_REG_1, 6),
BPF_ALU64_IMM(BPF_NEG, BPF_REG_1, 0),
BPF_ALU64_IMM(BPF_AND, BPF_REG_1, 0x3),
BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_0),
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 0),
BPF_MOV64_IMM(BPF_REG_0, 1),
BPF_EXIT_INSN(),
},
.fixup_map_hash_16b = { 5 },
.fixup_map_array_48b = { 8 },
.result_unpriv = REJECT,
.errstr_unpriv = "R1 tried to add from different maps, paths or scalars",
.result = ACCEPT,
.retval = 1,
},
{
"map access: known scalar += value_ptr from different maps",
.insns = {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册