Skip to content

Commit 1f9ab38

Browse files
ecree-solarflaredavem330
ecree-solarflare
authored and
davem330
committed
selftests/bpf: don't try to access past MAX_PACKET_OFF in test_verifier
A number of selftests fell foul of the changed MAX_PACKET_OFF handling. For instance, "direct packet access: test2" was potentially reading four bytes from pkt + 0xffff, which could take it past the verifier's limit, causing the program to be rejected (checks against pkt_end didn't give us any reg->range). Increase the shifts by one so that R2 is now mask 0x7fff instead of mask 0xffff. Signed-off-by: Edward Cree <[email protected]> Signed-off-by: David S. Miller <[email protected]>
1 parent c2c3e11 commit 1f9ab38

File tree

1 file changed

+8
-8
lines changed

1 file changed

+8
-8
lines changed

tools/testing/selftests/bpf/test_verifier.c

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -2330,8 +2330,8 @@ static struct bpf_test tests[] = {
23302330
offsetof(struct __sk_buff, data)),
23312331
BPF_ALU64_REG(BPF_ADD, BPF_REG_3, BPF_REG_4),
23322332
BPF_MOV64_REG(BPF_REG_2, BPF_REG_1),
2333-
BPF_ALU64_IMM(BPF_LSH, BPF_REG_2, 48),
2334-
BPF_ALU64_IMM(BPF_RSH, BPF_REG_2, 48),
2333+
BPF_ALU64_IMM(BPF_LSH, BPF_REG_2, 49),
2334+
BPF_ALU64_IMM(BPF_RSH, BPF_REG_2, 49),
23352335
BPF_ALU64_REG(BPF_ADD, BPF_REG_3, BPF_REG_2),
23362336
BPF_MOV64_REG(BPF_REG_2, BPF_REG_3),
23372337
BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, 8),
@@ -2710,11 +2710,11 @@ static struct bpf_test tests[] = {
27102710
BPF_MOV64_IMM(BPF_REG_0, 0xffffffff),
27112711
BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -8),
27122712
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_10, -8),
2713-
BPF_ALU64_IMM(BPF_AND, BPF_REG_0, 0xffff),
2713+
BPF_ALU64_IMM(BPF_AND, BPF_REG_0, 0x7fff),
27142714
BPF_MOV64_REG(BPF_REG_4, BPF_REG_0),
27152715
BPF_ALU64_REG(BPF_ADD, BPF_REG_4, BPF_REG_2),
27162716
BPF_MOV64_REG(BPF_REG_5, BPF_REG_4),
2717-
BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, 0xffff - 1),
2717+
BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, 0x7fff - 1),
27182718
BPF_JMP_REG(BPF_JGT, BPF_REG_4, BPF_REG_3, 1),
27192719
BPF_STX_MEM(BPF_DW, BPF_REG_5, BPF_REG_4, 0),
27202720
BPF_MOV64_IMM(BPF_REG_0, 0),
@@ -2736,10 +2736,10 @@ static struct bpf_test tests[] = {
27362736
BPF_MOV64_IMM(BPF_REG_4, 0xffffffff),
27372737
BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_4, -8),
27382738
BPF_LDX_MEM(BPF_DW, BPF_REG_4, BPF_REG_10, -8),
2739-
BPF_ALU64_IMM(BPF_AND, BPF_REG_4, 0xffff),
2739+
BPF_ALU64_IMM(BPF_AND, BPF_REG_4, 0x7fff),
27402740
BPF_ALU64_REG(BPF_ADD, BPF_REG_4, BPF_REG_2),
27412741
BPF_MOV64_REG(BPF_REG_5, BPF_REG_4),
2742-
BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, 0xffff - 1),
2742+
BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, 0x7fff - 1),
27432743
BPF_JMP_REG(BPF_JGT, BPF_REG_4, BPF_REG_3, 1),
27442744
BPF_STX_MEM(BPF_DW, BPF_REG_5, BPF_REG_4, 0),
27452745
BPF_MOV64_IMM(BPF_REG_0, 0),
@@ -2765,7 +2765,7 @@ static struct bpf_test tests[] = {
27652765
BPF_MOV64_IMM(BPF_REG_4, 0xffffffff),
27662766
BPF_STX_XADD(BPF_DW, BPF_REG_10, BPF_REG_4, -8),
27672767
BPF_LDX_MEM(BPF_DW, BPF_REG_4, BPF_REG_10, -8),
2768-
BPF_ALU64_IMM(BPF_RSH, BPF_REG_4, 48),
2768+
BPF_ALU64_IMM(BPF_RSH, BPF_REG_4, 49),
27692769
BPF_ALU64_REG(BPF_ADD, BPF_REG_4, BPF_REG_2),
27702770
BPF_MOV64_REG(BPF_REG_0, BPF_REG_4),
27712771
BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 2),
@@ -2820,7 +2820,7 @@ static struct bpf_test tests[] = {
28202820
BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_4),
28212821
BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_2),
28222822
BPF_MOV64_REG(BPF_REG_5, BPF_REG_0),
2823-
BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 0xffff - 1),
2823+
BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 0x7fff - 1),
28242824
BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1),
28252825
BPF_STX_MEM(BPF_DW, BPF_REG_5, BPF_REG_0, 0),
28262826
BPF_MOV64_IMM(BPF_REG_0, 0),

0 commit comments

Comments
 (0)