selftests/bpf: Add various tests to check helper access into ptr_to_btf_id.

Add various tests to check helper access into ptr_to_btf_id.

Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: David Vernet <void@manifault.com>
Link: https://lore.kernel.org/r/20230313235845.61029-4-alexei.starovoitov@gmail.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>

diff --git a/tools/testing/selftests/bpf/progs/task_kfunc_failure.c b/tools/testing/selftests/bpf/progs/task_kfunc_failure.c
index 002c7f69e47f59ce71bc7265f8684dc339cc478f..27994d6b291427088891198fa42dbf5d9f53a850 100644 (file)
--- a/tools/testing/selftests/bpf/progs/task_kfunc_failure.c
+++ b/tools/testing/selftests/bpf/progs/task_kfunc_failure.c
@@ -301,3 +301,39 @@ int BPF_PROG(task_kfunc_from_lsm_task_free, struct task_struct *task)
        bpf_task_release(acquired);
        return 0;
 }
+
+SEC("tp_btf/task_newtask")
+__failure __msg("access beyond the end of member comm")
+int BPF_PROG(task_access_comm1, struct task_struct *task, u64 clone_flags)
+{
+       bpf_strncmp(task->comm, 17, "foo");
+       return 0;
+}
+
+SEC("tp_btf/task_newtask")
+__failure __msg("access beyond the end of member comm")
+int BPF_PROG(task_access_comm2, struct task_struct *task, u64 clone_flags)
+{
+       bpf_strncmp(task->comm + 1, 16, "foo");
+       return 0;
+}
+
+SEC("tp_btf/task_newtask")
+__failure __msg("write into memory")
+int BPF_PROG(task_access_comm3, struct task_struct *task, u64 clone_flags)
+{
+       bpf_probe_read_kernel(task->comm, 16, task->comm);
+       return 0;
+}
+
+SEC("fentry/__set_task_comm")
+__failure __msg("R1 type=ptr_ expected")
+int BPF_PROG(task_access_comm4, struct task_struct *task, const char *buf, bool exec)
+{
+       /*
+        * task->comm is a legacy ptr_to_btf_id. The verifier cannot guarantee
+        * its safety. Hence it cannot be accessed with normal load insns.
+        */
+       bpf_strncmp(task->comm, 16, "foo");
+       return 0;
+}

diff --git a/tools/testing/selftests/bpf/progs/task_kfunc_success.c b/tools/testing/selftests/bpf/progs/task_kfunc_success.c
index aebc4bb14e7dd894043dbc7f58c56187fd673cfc..4f61596b0242f6fa72a092f201202fd84f1fee11 100644 (file)
--- a/tools/testing/selftests/bpf/progs/task_kfunc_success.c
+++ b/tools/testing/selftests/bpf/progs/task_kfunc_success.c
@@ -207,6 +207,10 @@ int BPF_PROG(test_task_from_pid_invalid, struct task_struct *task, u64 clone_fla
        if (!is_test_kfunc_task())
                return 0;
 
+       bpf_strncmp(task->comm, 12, "foo");
+       bpf_strncmp(task->comm, 16, "foo");
+       bpf_strncmp(&task->comm[8], 4, "foo");
+
        if (is_pid_lookup_valid(-1)) {
                err = 1;
                return 0;