| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 9 Nov 2021 17:16:14 -0800
From: Andrii Nakryiko <andrii.nakryiko@...il.com>
To: Dmitrii Banshchikov <me@...que.spb.ru>
Cc: bpf <bpf@...r.kernel.org>, Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>, Martin Lau <kafai@...com>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
john fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...nel.org>,
Networking <netdev@...r.kernel.org>,
Andrey Ignatov <rdna@...com>, john.stultz@...aro.org,
sboyd@...nel.org, Peter Ziljstra <peterz@...radead.org>,
Mark Rutland <mark.rutland@....com>, rosted@...dmis.org
Subject: Re: [PATCH bpf 2/2] selftests/bpf: Add tests for allowed helpers
On Mon, Nov 8, 2021 at 10:48 PM Dmitrii Banshchikov <me@...que.spb.ru> wrote:
>
> On Mon, Nov 08, 2021 at 08:46:20PM +0400, Dmitrii Banshchikov wrote:
> > This patch adds tests that bpf_ktime_get_coarse_ns() and bpf_timer_* and
> > bpf_spin_lock()/bpf_spin_unlock() helpers are forbidden in tracing
> > progs as it may result in various locking issues.
> >
> > Signed-off-by: Dmitrii Banshchikov <me@...que.spb.ru>
> > ---
> > tools/testing/selftests/bpf/test_verifier.c | 36 +++-
> > .../selftests/bpf/verifier/helper_allowed.c | 196 ++++++++++++++++++
> > 2 files changed, 231 insertions(+), 1 deletion(-)
> > create mode 100644 tools/testing/selftests/bpf/verifier/helper_allowed.c
> >
> > diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c
> > index 25afe423b3f0..e16eab6fc3a9 100644
> > --- a/tools/testing/selftests/bpf/test_verifier.c
> > +++ b/tools/testing/selftests/bpf/test_verifier.c
> > @@ -92,6 +92,7 @@ struct bpf_test {
> > int fixup_map_event_output[MAX_FIXUPS];
> > int fixup_map_reuseport_array[MAX_FIXUPS];
> > int fixup_map_ringbuf[MAX_FIXUPS];
> > + int fixup_map_timer[MAX_FIXUPS];
> > /* Expected verifier log output for result REJECT or VERBOSE_ACCEPT.
> > * Can be a tab-separated sequence of expected strings. An empty string
> > * means no log verification.
> > @@ -605,7 +606,7 @@ static int create_cgroup_storage(bool percpu)
> > * struct bpf_spin_lock l;
> > * };
> > */
> > -static const char btf_str_sec[] = "\0bpf_spin_lock\0val\0cnt\0l";
> > +static const char btf_str_sec[] = "\0bpf_spin_lock\0val\0cnt\0l\0bpf_timer\0";
>
> There is extra null byte at the end.
Won't hurt, probably. But I wonder if it will be much easier to add
all those programs as C code and test from test_progs? Instead of all
this assembly.
You can put all of them into a single file and have loop that disabled
all but one program at a time (using bpf_program__set_autoload()) and
loading it and validating that the load failed. WDYT?
>
>
> --
>
> Dmitrii Banshchikov
Powered by blists - more mailing lists