tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

selftest/bpf: Add a test that reads various addresses.

Add a function to bpf_testmod that returns invalid kernel and user addresses.
Then attach an fexit program to that function that tries to read
memory through these addresses.

This logic checks that bpf_probe_read_kernel and BPF_PROBE_MEM logic is sane.

Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>

authored by

Alexei Starovoitov and committed by
Daniel Borkmann 7edc3fcb 588a25e9

+32
+20
tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.c
··· 33 33 return sum; 34 34 } 35 35 36 + __weak noinline struct file *bpf_testmod_return_ptr(int arg) 37 + { 38 + static struct file f = {}; 39 + 40 + switch (arg) { 41 + case 1: return (void *)EINVAL; /* user addr */ 42 + case 2: return (void *)0xcafe4a11; /* user addr */ 43 + case 3: return (void *)-EINVAL; /* canonical, but invalid */ 44 + case 4: return (void *)(1ull << 60); /* non-canonical and invalid */ 45 + case 5: return (void *)~(1ull << 30); /* trigger extable */ 46 + case 6: return &f; /* valid addr */ 47 + case 7: return (void *)((long)&f | 1); /* kernel tricks */ 48 + default: return NULL; 49 + } 50 + } 51 + 36 52 noinline ssize_t 37 53 bpf_testmod_test_read(struct file *file, struct kobject *kobj, 38 54 struct bin_attribute *bin_attr, ··· 59 43 .off = off, 60 44 .len = len, 61 45 }; 46 + int i = 1; 47 + 48 + while (bpf_testmod_return_ptr(i)) 49 + i++; 62 50 63 51 /* This is always true. Use the check to make sure the compiler 64 52 * doesn't remove bpf_testmod_loop_test.
+12
tools/testing/selftests/bpf/progs/test_module_attach.c
··· 87 87 return 0; 88 88 } 89 89 90 + SEC("fexit/bpf_testmod_return_ptr") 91 + int BPF_PROG(handle_fexit_ret, int arg, struct file *ret) 92 + { 93 + long buf = 0; 94 + 95 + bpf_probe_read_kernel(&buf, 8, ret); 96 + bpf_probe_read_kernel(&buf, 8, (char *)ret + 256); 97 + *(volatile long long *)ret; 98 + *(volatile int *)&ret->f_mode; 99 + return 0; 100 + } 101 + 90 102 __u32 fmod_ret_read_sz = 0; 91 103 92 104 SEC("fmod_ret/bpf_testmod_test_read")