selftests/bpf: Add a testcase for 64-bit bounds propagation issue.
./test_progs-no_alu32 -vv -t twfw Before the 64-bit_into_32-bit fix: 19: (25) if r1 > 0x3f goto pc+6 R1_w=inv(id=0,umax_value=63,var_off=(0x0; 0xff),s32_max_value=255,u32_max_value=255) and eventually: invalid access to map value, value_size=8 off=7 size=8 R6 max value is outside of the allowed memory range libbpf: failed to load object 'no_alu32/twfw.o' After the fix: 19: (25) if r1 > 0x3f goto pc+6 R1_w=inv(id=0,umax_value=63,var_off=(0x0; 0x3f)) verif_twfw:OK Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Acked-by: Yonghong Song <yhs@fb.com> Link: https://lore.kernel.org/bpf/20211101222153.78759-3-alexei.starovoitov@gmail.com
This commit is contained in:
parent
388e2c0b97
commit
0869e5078a
@ -202,3 +202,8 @@ void test_verif_scale_seg6_loop()
|
||||
{
|
||||
scale_test("test_seg6_loop.o", BPF_PROG_TYPE_LWT_SEG6LOCAL, false);
|
||||
}
|
||||
|
||||
void test_verif_twfw()
|
||||
{
|
||||
scale_test("twfw.o", BPF_PROG_TYPE_CGROUP_SKB, false);
|
||||
}
|
||||
|
58
tools/testing/selftests/bpf/progs/twfw.c
Normal file
58
tools/testing/selftests/bpf/progs/twfw.c
Normal file
@ -0,0 +1,58 @@
|
||||
// SPDX-License-Identifier: GPL-2.0
|
||||
/* Copyright (c) 2021 Facebook */
|
||||
#include <linux/types.h>
|
||||
#include <bpf/bpf_helpers.h>
|
||||
#include <linux/bpf.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#define TWFW_MAX_TIERS (64)
|
||||
/*
|
||||
* load is successful
|
||||
* #define TWFW_MAX_TIERS (64u)$
|
||||
*/
|
||||
|
||||
struct twfw_tier_value {
|
||||
unsigned long mask[1];
|
||||
};
|
||||
|
||||
struct rule {
|
||||
uint8_t seqnum;
|
||||
};
|
||||
|
||||
struct rules_map {
|
||||
__uint(type, BPF_MAP_TYPE_ARRAY);
|
||||
__type(key, __u32);
|
||||
__type(value, struct rule);
|
||||
__uint(max_entries, 1);
|
||||
};
|
||||
|
||||
struct tiers_map {
|
||||
__uint(type, BPF_MAP_TYPE_ARRAY);
|
||||
__type(key, __u32);
|
||||
__type(value, struct twfw_tier_value);
|
||||
__uint(max_entries, 1);
|
||||
};
|
||||
|
||||
struct rules_map rules SEC(".maps");
|
||||
struct tiers_map tiers SEC(".maps");
|
||||
|
||||
SEC("cgroup_skb/ingress")
|
||||
int twfw_verifier(struct __sk_buff* skb)
|
||||
{
|
||||
const uint32_t key = 0;
|
||||
const struct twfw_tier_value* tier = bpf_map_lookup_elem(&tiers, &key);
|
||||
if (!tier)
|
||||
return 1;
|
||||
|
||||
struct rule* rule = bpf_map_lookup_elem(&rules, &key);
|
||||
if (!rule)
|
||||
return 1;
|
||||
|
||||
if (rule && rule->seqnum < TWFW_MAX_TIERS) {
|
||||
/* rule->seqnum / 64 should always be 0 */
|
||||
unsigned long mask = tier->mask[rule->seqnum / 64];
|
||||
if (mask)
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
Loading…
Reference in New Issue
Block a user