lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAPhsuW7KwUns7WeAqx3s1Po0Vif0fvp8mZRYvpVm-nFtYzTYTg@mail.gmail.com>
Date:   Fri, 1 Mar 2019 15:22:33 -0800
From:   Song Liu <liu.song.a23@...il.com>
To:     Daniel Borkmann <daniel@...earbox.net>
Cc:     Alexei Starovoitov <ast@...com>, afabre@...udflare.com,
        Marek Majkowski <marek@...udflare.com>, bpf@...r.kernel.org,
        Networking <netdev@...r.kernel.org>
Subject: Re: [PATCH bpf-next] bpf: add test cases for non-pointer sanitiation logic

On Fri, Mar 1, 2019 at 1:10 PM Daniel Borkmann <daniel@...earbox.net> wrote:
>
> Add two additional tests for further asserting the
> BPF_ALU_NON_POINTER logic with cases that were missed
> previously.
>
> Signed-off-by: Daniel Borkmann <daniel@...earbox.net>
> Cc: Marek Majkowski <marek@...udflare.com>
> Cc: Arthur Fabre <afabre@...udflare.com>
> ---
>  .../selftests/bpf/verifier/value_ptr_arith.c  | 44 ++++++++++++++++++-
>  1 file changed, 43 insertions(+), 1 deletion(-)
>
> diff --git a/tools/testing/selftests/bpf/verifier/value_ptr_arith.c b/tools/testing/selftests/bpf/verifier/value_ptr_arith.c
> index 4b721a77bebb..c3de1a2c9dc5 100644
> --- a/tools/testing/selftests/bpf/verifier/value_ptr_arith.c
> +++ b/tools/testing/selftests/bpf/verifier/value_ptr_arith.c
> @@ -173,7 +173,7 @@
>         .retval = 0,
>  },
>  {
> -       "sanitation: alu with different scalars",
> +       "sanitation: alu with different scalars 1",
>         .insns = {
>         BPF_MOV64_IMM(BPF_REG_0, 1),
>         BPF_LD_MAP_FD(BPF_REG_ARG1, 0),
> @@ -198,6 +198,48 @@
>         .result = ACCEPT,
>         .retval = 0x100000,
>  },
> +{
> +       "sanitation: alu with different scalars 2",
> +       .insns = {
> +       BPF_MOV64_IMM(BPF_REG_0, 1),
> +       BPF_LD_MAP_FD(BPF_REG_1, 0),
> +       BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
> +       BPF_MOV64_REG(BPF_REG_2, BPF_REG_FP),
> +       BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -16),
> +       BPF_ST_MEM(BPF_DW, BPF_REG_FP, -16, 0),
> +       BPF_EMIT_CALL(BPF_FUNC_map_delete_elem),
> +       BPF_MOV64_REG(BPF_REG_7, BPF_REG_0),
> +       BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
> +       BPF_MOV64_REG(BPF_REG_2, BPF_REG_FP),
> +       BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -16),
> +       BPF_EMIT_CALL(BPF_FUNC_map_delete_elem),
> +       BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
> +       BPF_MOV64_REG(BPF_REG_8, BPF_REG_6),
> +       BPF_ALU64_REG(BPF_ADD, BPF_REG_8, BPF_REG_7),
> +       BPF_MOV64_REG(BPF_REG_0, BPF_REG_8),
> +       BPF_EXIT_INSN(),
> +       },
> +       .fixup_map_array_48b = { 1 },
> +       .result = ACCEPT,
> +       .retval = -EINVAL * 2,

Why "-EINVAL * 2" here?

> +},
> +{
> +       "sanitation: alu with different scalars 3",
> +       .insns = {
> +       BPF_MOV64_IMM(BPF_REG_0, EINVAL),
> +       BPF_ALU64_IMM(BPF_MUL, BPF_REG_0, -1),
> +       BPF_MOV64_REG(BPF_REG_7, BPF_REG_0),
> +       BPF_MOV64_IMM(BPF_REG_0, EINVAL),
> +       BPF_ALU64_IMM(BPF_MUL, BPF_REG_0, -1),
> +       BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
> +       BPF_MOV64_REG(BPF_REG_8, BPF_REG_6),
> +       BPF_ALU64_REG(BPF_ADD, BPF_REG_8, BPF_REG_7),
> +       BPF_MOV64_REG(BPF_REG_0, BPF_REG_8),
> +       BPF_EXIT_INSN(),
> +       },
> +       .result = ACCEPT,
> +       .retval = -EINVAL * 2,
> +},
>  {
>         "map access: value_ptr += known scalar, upper oob arith, test 1",
>         .insns = {
> --
> 2.17.1
>

Powered by blists - more mailing lists