Add a test case uses xdp_md as context parameter for BPF_PROG_TEST_RUN with LIVE_FRAMES flag. The test ensures that potential user-memory-access vulnerabilities are properly prevented.
Signed-off-by: KaFai Wan kafai.wan@linux.dev --- .../bpf/prog_tests/xdp_context_test_run.c | 19 +++++++++++++++++++ .../bpf/progs/test_xdp_context_test_run.c | 6 ++++++ 2 files changed, 25 insertions(+)
diff --git a/tools/testing/selftests/bpf/prog_tests/xdp_context_test_run.c b/tools/testing/selftests/bpf/prog_tests/xdp_context_test_run.c index ee94c281888a..0276daaae45c 100644 --- a/tools/testing/selftests/bpf/prog_tests/xdp_context_test_run.c +++ b/tools/testing/selftests/bpf/prog_tests/xdp_context_test_run.c @@ -45,6 +45,7 @@ void test_xdp_context_error(int prog_fd, struct bpf_test_run_opts opts, void test_xdp_context_test_run(void) { struct test_xdp_context_test_run *skel = NULL; + char data_xdp[sizeof(pkt_v4) + XDP_PACKET_HEADROOM]; char data[sizeof(pkt_v4) + sizeof(__u32)]; char bad_ctx[sizeof(struct xdp_md) + 1]; struct xdp_md ctx_in, ctx_out; @@ -55,6 +56,12 @@ void test_xdp_context_test_run(void) .ctx_size_out = sizeof(ctx_out), .repeat = 1, ); + DECLARE_LIBBPF_OPTS(bpf_test_run_opts, opts_xdp, + .data_in = &data_xdp, + .data_size_in = sizeof(data_xdp), + .flags = BPF_F_TEST_XDP_LIVE_FRAMES, + .repeat = 1, + ); int err, prog_fd;
skel = test_xdp_context_test_run__open_and_load(); @@ -70,6 +77,18 @@ void test_xdp_context_test_run(void) ASSERT_EQ(errno, E2BIG, "extradata-errno"); ASSERT_ERR(err, "bpf_prog_test_run(extradata)");
+ memset(&ctx_in, 0, sizeof(ctx_in)); + ctx_in.data_meta = 0; + ctx_in.data = 0xf4; + ctx_in.data_end = sizeof(data_xdp); + opts_xdp.ctx_in = &ctx_in; + opts_xdp.ctx_size_in = sizeof(ctx_in); + *(__u32 *)(data_xdp + 0) = 0x28d6a0b5; + *(__u32 *)(data_xdp + 4) = 0xf273eea3; + *(struct ipv4_packet *)(data_xdp + ctx_in.data) = pkt_v4; + err = bpf_prog_test_run_opts(bpf_program__fd(skel->progs.xdp_pass), &opts_xdp); + ASSERT_OK(err, "bpf_prog_test_run(valid meta)"); + *(__u32 *)data = XDP_PASS; *(struct ipv4_packet *)(data + sizeof(__u32)) = pkt_v4; opts.ctx_in = &ctx_in; diff --git a/tools/testing/selftests/bpf/progs/test_xdp_context_test_run.c b/tools/testing/selftests/bpf/progs/test_xdp_context_test_run.c index d7b88cd05afd..2166928d4680 100644 --- a/tools/testing/selftests/bpf/progs/test_xdp_context_test_run.c +++ b/tools/testing/selftests/bpf/progs/test_xdp_context_test_run.c @@ -17,4 +17,10 @@ int xdp_context(struct xdp_md *xdp) return ret; }
+SEC("xdp") +int xdp_pass(struct xdp_md *xdp) +{ + return XDP_PASS; +} + char _license[] SEC("license") = "GPL";