UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity

bpf: fix test suite to enable all unpriv program types 

Given BPF_PROG_TYPE_CGROUP_SKB program types are also valid in an
unprivileged setting, lets not omit these tests and potentially
have issues fall through the cracks. Make this more obvious by
adding a small test_as_unpriv() helper.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
This commit is contained in:
Daniel Borkmann 2018-10-24 22:05:43 +02:00 committed by Alexei Starovoitov
parent 4a6998aff8
commit 36641ad61d
1 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
tools/testing/selftests/bpf/test_verifier.c
View File

@ -4891,6 +4891,8 @@ static struct bpf_test tests[] = {
BPF_EXIT_INSN(), BPF_EXIT_INSN(),
}, },
.result = ACCEPT, .result = ACCEPT,
.result_unpriv = REJECT,
.errstr_unpriv = "R3 pointer comparison prohibited",
.prog_type = BPF_PROG_TYPE_CGROUP_SKB, .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
}, },
{ {
@ -5146,6 +5148,7 @@ static struct bpf_test tests[] = {
.fixup_cgroup_storage = { 1 }, .fixup_cgroup_storage = { 1 },
.result = REJECT, .result = REJECT,
.errstr = "get_local_storage() doesn't support non-zero flags", .errstr = "get_local_storage() doesn't support non-zero flags",
.errstr_unpriv = "R2 leaks addr into helper function",
.prog_type = BPF_PROG_TYPE_CGROUP_SKB, .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
}, },
{ {
@ -5261,6 +5264,7 @@ static struct bpf_test tests[] = {
.fixup_percpu_cgroup_storage = { 1 }, .fixup_percpu_cgroup_storage = { 1 },
.result = REJECT, .result = REJECT,
.errstr = "get_local_storage() doesn't support non-zero flags", .errstr = "get_local_storage() doesn't support non-zero flags",
.errstr_unpriv = "R2 leaks addr into helper function",
.prog_type = BPF_PROG_TYPE_CGROUP_SKB, .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
}, },
{ {
@ -14050,6 +14054,13 @@ static void get_unpriv_disabled()
fclose(fd); fclose(fd);
} }
static bool test_as_unpriv(struct bpf_test *test)
{
return !test->prog_type ||
test->prog_type == BPF_PROG_TYPE_SOCKET_FILTER ||
test->prog_type == BPF_PROG_TYPE_CGROUP_SKB;
}
static int do_test(bool unpriv, unsigned int from, unsigned int to) static int do_test(bool unpriv, unsigned int from, unsigned int to)
{ {
int i, passes = 0, errors = 0, skips = 0; int i, passes = 0, errors = 0, skips = 0;
@ -14060,10 +14071,10 @@ static int do_test(bool unpriv, unsigned int from, unsigned int to)
/* Program types that are not supported by non-root we /* Program types that are not supported by non-root we
* skip right away. * skip right away.
*/ */
if (!test->prog_type && unpriv_disabled) { if (test_as_unpriv(test) && unpriv_disabled) {
printf("#%d/u %s SKIP\n", i, test->descr); printf("#%d/u %s SKIP\n", i, test->descr);
skips++; skips++;
} else if (!test->prog_type) { } else if (test_as_unpriv(test)) {
if (!unpriv) if (!unpriv)
set_admin(false); set_admin(false);
printf("#%d/u %s ", i, test->descr); printf("#%d/u %s ", i, test->descr);