selftests/bpf: validate that tail call invalidates packet pointers

commit d9706b56e13b7916461ca6b4b731e169ed44ed09 upstream. Add a test case with a tail call done from a global sub-program. Such tails calls should be considered as invalidating packet pointers. Signed-off-by: Eduard Zingerman <eddyz87@gmail.com> Link: https://lore.kernel.org/r/20241210041100.1898468-9-eddyz87@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Shung-Hsi Yu <shung-hsi.yu@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-04-30 16:19:50 +08:00
parent f1692ee23d
commit b7c0d2d4ef
1 changed files with 28 additions and 0 deletions
--- a/tools/testing/selftests/bpf/progs/verifier_sock.c
+++ b/tools/testing/selftests/bpf/progs/verifier_sock.c
@@ -50,6 +50,13 @@ struct {
 	__uint(map_flags, BPF_F_NO_PREALLOC);
 } sk_storage_map SEC(".maps");
 struct {
 	__uint(type, BPF_MAP_TYPE_PROG_ARRAY);
 	__uint(max_entries, 1);
 	__uint(key_size, sizeof(__u32));
 	__uint(value_size, sizeof(__u32));
 } jmp_table SEC(".maps");
 SEC("cgroup/skb")
 __description("skb->sk: no NULL check")
 __failure __msg("invalid mem access 'sock_common_or_null'")
@@ -1005,4 +1012,25 @@ int invalidate_pkt_pointers_from_global_func(struct __sk_buff *sk)
 	return TCX_PASS;
 }
 __noinline
 int tail_call(struct __sk_buff *sk)
 {
 	bpf_tail_call_static(sk, &jmp_table, 0);
 	return 0;
 }
 /* Tail calls invalidate packet pointers. */
 SEC("tc")
 __failure __msg("invalid mem access")
 int invalidate_pkt_pointers_by_tail_call(struct __sk_buff *sk)
 {
 	int *p = (void *)(long)sk->data;
 	if ((void *)(p + 1) > (void *)(long)sk->data_end)
 		return TCX_DROP;
 	tail_call(sk);
 	*p = 42; /* this is unsafe */
 	return TCX_PASS;
 }
 char _license[] SEC("license") = "GPL";