bybrooklyn/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-04-26 10:32:25 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
e623b4ebee9d3a4b1e408b2c3e60cfc99b4e61ea
linux/tools/testing/selftests/bpf/progs/test_bpf_nf_fail.c
Puranjay Mohan cf503eb2c6 selftests: bpf: Fix test_bpf_nf for trusted args becoming default 
With trusted args now being the default, passing NULL to kfunc
parameters that are pointers causes verifier rejection rather than a
runtime error. The test_bpf_nf test was failing because it attempted to
pass NULL to bpf_xdp_ct_lookup() to verify runtime error handling.

Since the NULL check now happens at verification time, remove the
runtime test case that passed NULL to the bpf_tuple parameter and
instead add verification-time tests to ensure the verifier correctly
rejects programs that pass NULL to trusted arguments.

Signed-off-by: Puranjay Mohan <puranjay@kernel.org>
Link: https://lore.kernel.org/r/20260102180038.2708325-11-puranjay@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2026-01-02 12:04:29 -08:00

207 lines
4.9 KiB
C
Raw Blame History

// SPDX-License-Identifier: GPL-2.0
#define BPF_NO_KFUNC_PROTOTYPES
#include <vmlinux.h>
#include <bpf/bpf_tracing.h>
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_core_read.h>
#include "bpf_misc.h"
struct nf_conn;
struct bpf_ct_opts___local {
s32 netns_id;
s32 error;
u8 l4proto;
u8 reserved[3];
} __attribute__((preserve_access_index));
struct nf_conn *bpf_skb_ct_alloc(struct __sk_buff *, struct bpf_sock_tuple *, u32,
struct bpf_ct_opts___local *, u32) __ksym;
struct nf_conn *bpf_skb_ct_lookup(struct __sk_buff *, struct bpf_sock_tuple *, u32,
struct bpf_ct_opts___local *, u32) __ksym;
struct nf_conn *bpf_xdp_ct_alloc(struct xdp_md *, struct bpf_sock_tuple *, u32,
struct bpf_ct_opts___local *, u32) __ksym;
struct nf_conn *bpf_xdp_ct_lookup(struct xdp_md *, struct bpf_sock_tuple *, u32,
struct bpf_ct_opts___local *, u32) __ksym;
struct nf_conn *bpf_ct_insert_entry(struct nf_conn *) __ksym;
void bpf_ct_release(struct nf_conn *) __ksym;
void bpf_ct_set_timeout(struct nf_conn *, u32) __ksym;
int bpf_ct_change_timeout(struct nf_conn *, u32) __ksym;
int bpf_ct_set_status(struct nf_conn *, u32) __ksym;
int bpf_ct_change_status(struct nf_conn *, u32) __ksym;
SEC("?tc")
int alloc_release(struct __sk_buff *ctx)
{
struct bpf_ct_opts___local opts = {};
struct bpf_sock_tuple tup = {};
struct nf_conn *ct;
ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
if (!ct)
return 0;
bpf_ct_release(ct);
return 0;
}
SEC("?tc")
int insert_insert(struct __sk_buff *ctx)
{
struct bpf_ct_opts___local opts = {};
struct bpf_sock_tuple tup = {};
struct nf_conn *ct;
ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
if (!ct)
return 0;
ct = bpf_ct_insert_entry(ct);
if (!ct)
return 0;
ct = bpf_ct_insert_entry(ct);
return 0;
}
SEC("?tc")
int lookup_insert(struct __sk_buff *ctx)
{
struct bpf_ct_opts___local opts = {};
struct bpf_sock_tuple tup = {};
struct nf_conn *ct;
ct = bpf_skb_ct_lookup(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
if (!ct)
return 0;
bpf_ct_insert_entry(ct);
return 0;
}
SEC("?tc")
int write_not_allowlisted_field(struct __sk_buff *ctx)
{
struct bpf_ct_opts___local opts = {};
struct bpf_sock_tuple tup = {};
struct nf_conn *ct;
ct = bpf_skb_ct_lookup(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
if (!ct)
return 0;
ct->status = 0xF00;
return 0;
}
SEC("?tc")
int set_timeout_after_insert(struct __sk_buff *ctx)
{
struct bpf_ct_opts___local opts = {};
struct bpf_sock_tuple tup = {};
struct nf_conn *ct;
ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
if (!ct)
return 0;
ct = bpf_ct_insert_entry(ct);
if (!ct)
return 0;
bpf_ct_set_timeout(ct, 0);
return 0;
}
SEC("?tc")
int set_status_after_insert(struct __sk_buff *ctx)
{
struct bpf_ct_opts___local opts = {};
struct bpf_sock_tuple tup = {};
struct nf_conn *ct;
ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
if (!ct)
return 0;
ct = bpf_ct_insert_entry(ct);
if (!ct)
return 0;
bpf_ct_set_status(ct, 0);
return 0;
}
SEC("?tc")
int change_timeout_after_alloc(struct __sk_buff *ctx)
{
struct bpf_ct_opts___local opts = {};
struct bpf_sock_tuple tup = {};
struct nf_conn *ct;
ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
if (!ct)
return 0;
bpf_ct_change_timeout(ct, 0);
return 0;
}
SEC("?tc")
int change_status_after_alloc(struct __sk_buff *ctx)
{
struct bpf_ct_opts___local opts = {};
struct bpf_sock_tuple tup = {};
struct nf_conn *ct;
ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
if (!ct)
return 0;
bpf_ct_change_status(ct, 0);
return 0;
}
SEC("?tc")
__failure __msg("Possibly NULL pointer passed to trusted arg1")
int lookup_null_bpf_tuple(struct __sk_buff *ctx)
{
struct bpf_ct_opts___local opts = {};
struct nf_conn *ct;
ct = bpf_skb_ct_lookup(ctx, NULL, 0, &opts, sizeof(opts));
if (ct)
bpf_ct_release(ct);
return 0;
}
SEC("?tc")
__failure __msg("Possibly NULL pointer passed to trusted arg3")
int lookup_null_bpf_opts(struct __sk_buff *ctx)
{
struct bpf_sock_tuple tup = {};
struct nf_conn *ct;
ct = bpf_skb_ct_lookup(ctx, &tup, sizeof(tup.ipv4), NULL, sizeof(struct bpf_ct_opts___local));
if (ct)
bpf_ct_release(ct);
return 0;
}
SEC("?xdp")
__failure __msg("Possibly NULL pointer passed to trusted arg1")
int xdp_lookup_null_bpf_tuple(struct xdp_md *ctx)
{
struct bpf_ct_opts___local opts = {};
struct nf_conn *ct;
ct = bpf_xdp_ct_lookup(ctx, NULL, 0, &opts, sizeof(opts));
if (ct)
bpf_ct_release(ct);
return 0;
}
SEC("?xdp")
__failure __msg("Possibly NULL pointer passed to trusted arg3")
int xdp_lookup_null_bpf_opts(struct xdp_md *ctx)
{
struct bpf_sock_tuple tup = {};
struct nf_conn *ct;
ct = bpf_xdp_ct_lookup(ctx, &tup, sizeof(tup.ipv4), NULL, sizeof(struct bpf_ct_opts___local));
if (ct)
bpf_ct_release(ct);
return 0;
}
char _license[] SEC("license") = "GPL";
Reference in New Issue View Git Blame Copy Permalink