Google Git
Sign in
kernel / pub / scm / linux / kernel / git / ast / bpf / refs/heads/unpriv
commitec7902f0242440c8015729c6932f3a75864b9ce3[log] [tgz]
authorAlexei Starovoitov <ast@plumgrid.com>Mon Oct 05 20:17:00 2015 -0700
committerAlexei Starovoitov <ast@plumgrid.com>Wed Oct 07 19:17:26 2015 -0700
treeea47fe0bce789426d31d89489719543079b6eee0
parentc9bfc326acf5bd7e1e85cacf23672f4bb776a74b [diff]
bpf: add unprivileged bpf tests

New tests added to test_verifier:
unpriv: return pointer
  checks that pointers cannot be returned from the eBPF progrom

unpriv: add const to pointer
unpriv: add pointer to pointer
unpriv: neg pointer
  checks that pointer arithmetic is disallowed

unpriv: cmp pointer with const
unpriv: cmp pointer with pointer
  checks that comparison of pointers is disallowed
  Only one case allowed 'void *value = bpf_map_lookup_elem(..); if (value == 0) ...'

unpriv: pass pointer to printk
  checks that pointers cannotbe passed as varargs of printk

unpriv: pass pointer to helper function
  checks that pointers cannot be passed to functions that expect integers
  If function expects a pointer it allows only that type of pointer.
  Like 1st argument of bpf_map_lookup_elem() must be pointer to map.
  (applies to non-root as well)

unpriv: indirectly pass pointer on stack to helper function
  checks that pointer stored into stack cannot be used as part of key
  to be passed into bpf_map_lookup_elem() and cannot be used as part
  of format string passed to bpf_trace_printk()

unpriv: mangle pointer on stack 1
unpriv: mangle pointer on stack 2
  checks that writing into stack slot that already contains a pointer
  is disallowed

unpriv: read pointer from stack in small chunks
  checks that < 8 byte read from stack slot that contains a pointer is
  disallowed

unpriv: write pointer into ctx
  checks that storing pointers into skb->fields is disallowed

unpriv: write pointer into map elem value
  checks that storing pointers into element values is disallowed
  For example:
  int bpf_prog(struct __sk_buff *skb)
  {
    u32 key = 0;
    u64 *value = bpf_map_lookup_elem(&map, &key);
    if (value)
       *value = (u64) skb;
  }
  will be rejected.

unpriv: partial copy of pointer
  checks that doing 32-bit register mov from register containing
  a pointer is disallowed

unpriv: pass pointer to bpf_tail_call
  checks that passing pointer as an index into bpf_tail_call
  is disallowed

Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
---
v1-v2:
- split tests into separate patch
- add tail_call test and explained tests in commit log
2 files changed
tree: ea47fe0bce789426d31d89489719543079b6eee0
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .get_maintainer.ignore
  24. .gitignore
  25. .mailmap
  26. COPYING
  27. CREDITS
  28. Kbuild
  29. Kconfig
  30. MAINTAINERS
  31. Makefile
  32. README
  33. REPORTING-BUGS