selftests/bpf: Add test for alu on PTR_TO_FLOW_KEYS

Add a test case for PTR_TO_FLOW_KEYS alu. Testing if alu with variable
offset on flow_keys is rejected. For the fixed offset success case, we
already have C code coverage to verify (e.g. via bpf_flow.c).

Signed-off-by: Hao Sun <sunhao.th@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Yonghong Song <yonghong.song@linux.dev>
Link: https://lore.kernel.org/bpf/20240115082028.9992-2-sunhao.th@gmail.com

diff --git a/tools/testing/selftests/bpf/progs/verifier_value_illegal_alu.c b/tools/testing/selftests/bpf/progs/verifier_value_illegal_alu.c
index 71814a7532160638b1f345d42fcfcef4c62f8182..a9ab37d3b9e2df323d702f44705b1117bc443780 100644 (file)
--- a/tools/testing/selftests/bpf/progs/verifier_value_illegal_alu.c
+++ b/tools/testing/selftests/bpf/progs/verifier_value_illegal_alu.c
@@ -146,4 +146,23 @@ l0_%=:     exit;                                           \
        : __clobber_all);
 }
 
+SEC("flow_dissector")
+__description("flow_keys illegal alu op with variable offset")
+__failure __msg("R7 pointer arithmetic on flow_keys prohibited")
+__naked void flow_keys_illegal_variable_offset_alu(void)
+{
+       asm volatile("                                  \
+       r6 = r1;                                        \
+       r7 = *(u64*)(r6 + %[flow_keys_off]);            \
+       r8 = 8;                                         \
+       r8 /= 1;                                        \
+       r8 &= 8;                                        \
+       r7 += r8;                                       \
+       r0 = *(u64*)(r7 + 0);                           \
+       exit;                                           \
+"      :
+       : __imm_const(flow_keys_off, offsetof(struct __sk_buff, flow_keys))
+       : __clobber_all);
+}
+
 char _license[] SEC("license") = "GPL";