From: Hengqi Chen <hengqi.chen@gmail.com>
To: bpf@vger.kernel.org
Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org,
keescook@chromium.org, luto@amacapital.net, wad@chromium.org,
hengqi.chen@gmail.com
Subject: [PATCH bpf-next 5/6] selftests/bpf: Add seccomp verifier tests
Date: Tue, 31 Oct 2023 01:24:06 +0000 [thread overview]
Message-ID: <20231031012407.51371-6-hengqi.chen@gmail.com> (raw)
In-Reply-To: <20231031012407.51371-1-hengqi.chen@gmail.com>
This tests seccomp context access and helper call
restriction.
# ./test_progs -t verifier_seccomp
#375/1 verifier_seccomp/seccomp no helper call:OK
#375/2 verifier_seccomp/seccomp invalid ctx access, write:OK
#375/3 verifier_seccomp/seccomp invalid ctx access, out of range:OK
#375/4 verifier_seccomp/seccomp invalid ctx access, size too short:OK
#375/5 verifier_seccomp/seccomp invalid ctx access, size too short:OK
#375/6 verifier_seccomp/seccomp invalid ctx access, size too short:OK
#375/7 verifier_seccomp/seccomp invalid ctx access, size too short:OK
#375/8 verifier_seccomp/seccomp invalid ctx access, size too large:OK
#375/9 verifier_seccomp/seccomp ctx access, valid:OK
#375 verifier_seccomp:OK
Summary: 1/9 PASSED, 0 SKIPPED, 0 FAILED
Signed-off-by: Hengqi Chen <hengqi.chen@gmail.com>
---
.../selftests/bpf/prog_tests/verifier.c | 2 +
.../selftests/bpf/progs/verifier_seccomp.c | 154 ++++++++++++++++++
2 files changed, 156 insertions(+)
create mode 100644 tools/testing/selftests/bpf/progs/verifier_seccomp.c
diff --git a/tools/testing/selftests/bpf/prog_tests/verifier.c b/tools/testing/selftests/bpf/prog_tests/verifier.c
index e3e68c97b40c..dfb40a11939e 100644
--- a/tools/testing/selftests/bpf/prog_tests/verifier.c
+++ b/tools/testing/selftests/bpf/prog_tests/verifier.c
@@ -57,6 +57,7 @@
#include "verifier_scalar_ids.skel.h"
#include "verifier_sdiv.skel.h"
#include "verifier_search_pruning.skel.h"
+#include "verifier_seccomp.skel.h"
#include "verifier_sock.skel.h"
#include "verifier_spill_fill.skel.h"
#include "verifier_spin_lock.skel.h"
@@ -164,6 +165,7 @@ void test_verifier_runtime_jit(void) { RUN(verifier_runtime_jit); }
void test_verifier_scalar_ids(void) { RUN(verifier_scalar_ids); }
void test_verifier_sdiv(void) { RUN(verifier_sdiv); }
void test_verifier_search_pruning(void) { RUN(verifier_search_pruning); }
+void test_verifier_seccomp(void) { RUN(verifier_seccomp); }
void test_verifier_sock(void) { RUN(verifier_sock); }
void test_verifier_spill_fill(void) { RUN(verifier_spill_fill); }
void test_verifier_spin_lock(void) { RUN(verifier_spin_lock); }
diff --git a/tools/testing/selftests/bpf/progs/verifier_seccomp.c b/tools/testing/selftests/bpf/progs/verifier_seccomp.c
new file mode 100644
index 000000000000..d3984a0cdae0
--- /dev/null
+++ b/tools/testing/selftests/bpf/progs/verifier_seccomp.c
@@ -0,0 +1,154 @@
+// SPDX-License-Identifier: GPL-2.0
+/* Copyright (c) 2023 Hengqi Chen */
+
+#include "vmlinux.h"
+#include "bpf_misc.h"
+
+#include <bpf/bpf_endian.h>
+#include <bpf/bpf_tracing.h>
+#include <bpf/bpf_helpers.h>
+
+SEC("seccomp")
+__description("seccomp no helper call")
+__failure __msg("unknown func bpf_get_prandom_u32")
+__naked void seccomp_no_helper_call(void)
+{
+ asm volatile (" \
+ call %[bpf_get_prandom_u32]; \
+ r0 = 0; \
+ exit;" \
+ :
+ : __imm(bpf_get_prandom_u32)
+ : __clobber_all);
+}
+
+SEC("seccomp")
+__description("seccomp invalid ctx access, write")
+__failure __msg("invalid bpf_context access")
+__naked void seccomp_ctx_write(void)
+{
+ asm volatile (" \
+ r2 = r1; \
+ *(u64*)(r2 + 8) = r1; \
+ r0 = 0; \
+ exit;" \
+ :
+ :
+ : __clobber_all);
+}
+
+SEC("seccomp")
+__description("seccomp invalid ctx access, out of range")
+__failure __msg("invalid bpf_context access")
+__naked void seccomp_ctx_read_out_of_range(void)
+{
+ asm volatile (" \
+ r2 = *(u64*)(r1 + %[__bpf_seccomp_ctx_size]); \
+ r0 = 0; \
+ exit;" \
+ :
+ : __imm_const(__bpf_seccomp_ctx_size, sizeof(struct seccomp_data))
+ : __clobber_all);
+}
+
+SEC("seccomp")
+__description("seccomp invalid ctx access, size too short")
+__failure __msg("invalid bpf_context access")
+__naked void seccomp_ctx_read_too_short1(void)
+{
+ asm volatile (" \
+ r2 = *(u8*)(r1 + %[__bpf_seccomp_ctx_nr]); \
+ r0 = 0; \
+ exit;" \
+ :
+ : __imm_const(__bpf_seccomp_ctx_nr, offsetof(struct seccomp_data, nr))
+ : __clobber_all);
+}
+
+SEC("seccomp")
+__description("seccomp invalid ctx access, size too short")
+__failure __msg("invalid bpf_context access")
+__naked void seccomp_ctx_read_too_short2(void)
+{
+ asm volatile (" \
+ r2 = *(u16*)(r1 + %[__bpf_seccomp_ctx_arch]); \
+ r0 = 0; \
+ exit;" \
+ :
+ : __imm_const(__bpf_seccomp_ctx_arch, offsetof(struct seccomp_data, arch))
+ : __clobber_all);
+}
+
+SEC("seccomp")
+__description("seccomp invalid ctx access, size too short")
+__failure __msg("invalid bpf_context access")
+__naked void seccomp_ctx_read_too_short3(void)
+{
+ asm volatile (" \
+ r2 = *(u32*)(r1 + %[__bpf_seccomp_ctx_ip]); \
+ r0 = 0; \
+ exit;" \
+ :
+ : __imm_const(__bpf_seccomp_ctx_ip, offsetof(struct seccomp_data, instruction_pointer))
+ : __clobber_all);
+}
+
+SEC("seccomp")
+__description("seccomp invalid ctx access, size too short")
+__failure __msg("invalid bpf_context access")
+__naked void seccomp_ctx_read_too_short4(void)
+{
+ asm volatile (" \
+ r2 = *(u32*)(r1 + %[__bpf_seccomp_ctx_arg1]); \
+ r0 = 0; \
+ exit;" \
+ :
+ : __imm_const(__bpf_seccomp_ctx_arg1, offsetof(struct seccomp_data, args[1]))
+ : __clobber_all);
+}
+
+SEC("seccomp")
+__description("seccomp invalid ctx access, size too large")
+__failure __msg("invalid bpf_context access")
+__naked void seccomp_ctx_read_too_large(void)
+{
+ asm volatile (" \
+ r2 = *(u64*)(r1 + %[__bpf_seccomp_ctx_nr]); \
+ r0 = 0; \
+ exit;" \
+ :
+ : __imm_const(__bpf_seccomp_ctx_nr, offsetof(struct seccomp_data, nr))
+ : __clobber_all);
+}
+
+SEC("seccomp")
+__description("seccomp ctx access, valid")
+__success __retval(0x5ecc0779)
+__naked void seccomp_ctx_read_ok(void)
+{
+ asm volatile (" \
+ r2 = *(u32*)(r1 + %[__bpf_seccomp_ctx_nr]); \
+ r2 = *(u32*)(r1 + %[__bpf_seccomp_ctx_arch]); \
+ r2 = *(u64*)(r1 + %[__bpf_seccomp_ctx_ip]); \
+ r2 = *(u64*)(r1 + %[__bpf_seccomp_ctx_arg0]); \
+ r2 = *(u64*)(r1 + %[__bpf_seccomp_ctx_arg1]); \
+ r2 = *(u64*)(r1 + %[__bpf_seccomp_ctx_arg2]); \
+ r2 = *(u64*)(r1 + %[__bpf_seccomp_ctx_arg3]); \
+ r2 = *(u64*)(r1 + %[__bpf_seccomp_ctx_arg4]); \
+ r2 = *(u64*)(r1 + %[__bpf_seccomp_ctx_arg5]); \
+ r0 = 0x5ecc0779; \
+ exit;" \
+ :
+ : __imm_const(__bpf_seccomp_ctx_nr, offsetof(struct seccomp_data, nr)),
+ __imm_const(__bpf_seccomp_ctx_arch, offsetof(struct seccomp_data, arch)),
+ __imm_const(__bpf_seccomp_ctx_ip, offsetof(struct seccomp_data, instruction_pointer)),
+ __imm_const(__bpf_seccomp_ctx_arg0, offsetof(struct seccomp_data, args[0])),
+ __imm_const(__bpf_seccomp_ctx_arg1, offsetof(struct seccomp_data, args[1])),
+ __imm_const(__bpf_seccomp_ctx_arg2, offsetof(struct seccomp_data, args[2])),
+ __imm_const(__bpf_seccomp_ctx_arg3, offsetof(struct seccomp_data, args[3])),
+ __imm_const(__bpf_seccomp_ctx_arg4, offsetof(struct seccomp_data, args[4])),
+ __imm_const(__bpf_seccomp_ctx_arg5, offsetof(struct seccomp_data, args[5]))
+ : __clobber_all);
+}
+
+char _license[] SEC("license") = "GPL";
--
2.34.1
next prev parent reply other threads:[~2023-10-31 6:18 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-31 1:24 [PATCH bpf-next 0/6] bpf: Add seccomp program type Hengqi Chen
2023-10-31 1:24 ` [PATCH bpf-next 1/6] bpf: Introduce BPF_PROG_TYPE_SECCOMP Hengqi Chen
2023-11-02 17:30 ` Andrii Nakryiko
2023-11-02 19:49 ` Kees Cook
2023-11-02 19:53 ` Alexei Starovoitov
2023-11-03 20:44 ` Kees Cook
2023-11-03 5:46 ` Hengqi Chen
2023-11-03 8:47 ` Hengqi Chen
2023-10-31 1:24 ` [PATCH bpf-next 2/6] bpf: Add test_run support for seccomp program type Hengqi Chen
2023-11-02 17:32 ` Andrii Nakryiko
2023-10-31 1:24 ` [PATCH bpf-next 3/6] seccomp: Refactor filter copy/create for reuse Hengqi Chen
2023-10-31 1:24 ` [PATCH bpf-next 4/6] seccomp: Support attaching BPF_PROG_TYPE_SECCOMP progs Hengqi Chen
2023-10-31 1:24 ` Hengqi Chen [this message]
2023-10-31 1:24 ` [PATCH bpf-next 6/6] selftests/bpf: Test BPF_PROG_TYPE_SECCOMP Hengqi Chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231031012407.51371-6-hengqi.chen@gmail.com \
--to=hengqi.chen@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=keescook@chromium.org \
--cc=luto@amacapital.net \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.