selftest/bpf: Add a test that reads various addresses.

Add a function to bpf_testmod that returns invalid kernel and user addresses.
Then attach an fexit program to that function that tries to read
memory through these addresses.

This logic checks that bpf_probe_read_kernel and BPF_PROBE_MEM logic is sane.

Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>

diff --git a/tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.c b/tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.c
index 5d52ea2768df4480a496ad87457fe8b862d57457..df3b292a8ffec06b0d902b6eb815f40742a35aad 100644 (file)
--- a/tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.c
+++ b/tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.c
@@ -33,6 +33,22 @@ noinline int bpf_testmod_loop_test(int n)
        return sum;
 }
 
+__weak noinline struct file *bpf_testmod_return_ptr(int arg)
+{
+       static struct file f = {};
+
+       switch (arg) {
+       case 1: return (void *)EINVAL;          /* user addr */
+       case 2: return (void *)0xcafe4a11;      /* user addr */
+       case 3: return (void *)-EINVAL;         /* canonical, but invalid */
+       case 4: return (void *)(1ull << 60);    /* non-canonical and invalid */
+       case 5: return (void *)~(1ull << 30);   /* trigger extable */
+       case 6: return &f;                      /* valid addr */
+       case 7: return (void *)((long)&f | 1);  /* kernel tricks */
+       default: return NULL;
+       }
+}
+
 noinline ssize_t
 bpf_testmod_test_read(struct file *file, struct kobject *kobj,
                      struct bin_attribute *bin_attr,
@@ -43,6 +59,10 @@ bpf_testmod_test_read(struct file *file, struct kobject *kobj,
                .off = off,
                .len = len,
        };
+       int i = 1;
+
+       while (bpf_testmod_return_ptr(i))
+               i++;
 
        /* This is always true. Use the check to make sure the compiler
         * doesn't remove bpf_testmod_loop_test.

diff --git a/tools/testing/selftests/bpf/progs/test_module_attach.c b/tools/testing/selftests/bpf/progs/test_module_attach.c
index b36857093f71fea44eb42b068e0aff1e5d5b70b1..50ce16d02da7b1a9a4bdfe1ec0f0276e8603e1e3 100644 (file)
--- a/tools/testing/selftests/bpf/progs/test_module_attach.c
+++ b/tools/testing/selftests/bpf/progs/test_module_attach.c
@@ -87,6 +87,18 @@ int BPF_PROG(handle_fexit,
        return 0;
 }
 
+SEC("fexit/bpf_testmod_return_ptr")
+int BPF_PROG(handle_fexit_ret, int arg, struct file *ret)
+{
+       long buf = 0;
+
+       bpf_probe_read_kernel(&buf, 8, ret);
+       bpf_probe_read_kernel(&buf, 8, (char *)ret + 256);
+       *(volatile long long *)ret;
+       *(volatile int *)&ret->f_mode;
+       return 0;
+}
+
 __u32 fmod_ret_read_sz = 0;
 
 SEC("fmod_ret/bpf_testmod_test_read")