lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAPhsuW7KwUns7WeAqx3s1Po0Vif0fvp8mZRYvpVm-nFtYzTYTg@mail.gmail.com> Date: Fri, 1 Mar 2019 15:22:33 -0800 From: Song Liu <liu.song.a23@...il.com> To: Daniel Borkmann <daniel@...earbox.net> Cc: Alexei Starovoitov <ast@...com>, afabre@...udflare.com, Marek Majkowski <marek@...udflare.com>, bpf@...r.kernel.org, Networking <netdev@...r.kernel.org> Subject: Re: [PATCH bpf-next] bpf: add test cases for non-pointer sanitiation logic On Fri, Mar 1, 2019 at 1:10 PM Daniel Borkmann <daniel@...earbox.net> wrote: > > Add two additional tests for further asserting the > BPF_ALU_NON_POINTER logic with cases that were missed > previously. > > Signed-off-by: Daniel Borkmann <daniel@...earbox.net> > Cc: Marek Majkowski <marek@...udflare.com> > Cc: Arthur Fabre <afabre@...udflare.com> > --- > .../selftests/bpf/verifier/value_ptr_arith.c | 44 ++++++++++++++++++- > 1 file changed, 43 insertions(+), 1 deletion(-) > > diff --git a/tools/testing/selftests/bpf/verifier/value_ptr_arith.c b/tools/testing/selftests/bpf/verifier/value_ptr_arith.c > index 4b721a77bebb..c3de1a2c9dc5 100644 > --- a/tools/testing/selftests/bpf/verifier/value_ptr_arith.c > +++ b/tools/testing/selftests/bpf/verifier/value_ptr_arith.c > @@ -173,7 +173,7 @@ > .retval = 0, > }, > { > - "sanitation: alu with different scalars", > + "sanitation: alu with different scalars 1", > .insns = { > BPF_MOV64_IMM(BPF_REG_0, 1), > BPF_LD_MAP_FD(BPF_REG_ARG1, 0), > @@ -198,6 +198,48 @@ > .result = ACCEPT, > .retval = 0x100000, > }, > +{ > + "sanitation: alu with different scalars 2", > + .insns = { > + BPF_MOV64_IMM(BPF_REG_0, 1), > + BPF_LD_MAP_FD(BPF_REG_1, 0), > + BPF_MOV64_REG(BPF_REG_6, BPF_REG_1), > + BPF_MOV64_REG(BPF_REG_2, BPF_REG_FP), > + BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -16), > + BPF_ST_MEM(BPF_DW, BPF_REG_FP, -16, 0), > + BPF_EMIT_CALL(BPF_FUNC_map_delete_elem), > + BPF_MOV64_REG(BPF_REG_7, BPF_REG_0), > + BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), > + BPF_MOV64_REG(BPF_REG_2, BPF_REG_FP), > + BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -16), > + BPF_EMIT_CALL(BPF_FUNC_map_delete_elem), > + BPF_MOV64_REG(BPF_REG_6, BPF_REG_0), > + BPF_MOV64_REG(BPF_REG_8, BPF_REG_6), > + BPF_ALU64_REG(BPF_ADD, BPF_REG_8, BPF_REG_7), > + BPF_MOV64_REG(BPF_REG_0, BPF_REG_8), > + BPF_EXIT_INSN(), > + }, > + .fixup_map_array_48b = { 1 }, > + .result = ACCEPT, > + .retval = -EINVAL * 2, Why "-EINVAL * 2" here? > +}, > +{ > + "sanitation: alu with different scalars 3", > + .insns = { > + BPF_MOV64_IMM(BPF_REG_0, EINVAL), > + BPF_ALU64_IMM(BPF_MUL, BPF_REG_0, -1), > + BPF_MOV64_REG(BPF_REG_7, BPF_REG_0), > + BPF_MOV64_IMM(BPF_REG_0, EINVAL), > + BPF_ALU64_IMM(BPF_MUL, BPF_REG_0, -1), > + BPF_MOV64_REG(BPF_REG_6, BPF_REG_0), > + BPF_MOV64_REG(BPF_REG_8, BPF_REG_6), > + BPF_ALU64_REG(BPF_ADD, BPF_REG_8, BPF_REG_7), > + BPF_MOV64_REG(BPF_REG_0, BPF_REG_8), > + BPF_EXIT_INSN(), > + }, > + .result = ACCEPT, > + .retval = -EINVAL * 2, > +}, > { > "map access: value_ptr += known scalar, upper oob arith, test 1", > .insns = { > -- > 2.17.1 >
Powered by blists - more mailing lists