selftests/bpf: make 'dubious pointer arithmetic' test useful
authorAlexei Starovoitov <ast@kernel.org>
Wed, 24 Jan 2018 04:05:51 +0000 (20:05 -0800)
committerDaniel Borkmann <daniel@iogearbox.net>
Wed, 24 Jan 2018 09:39:58 +0000 (10:39 +0100)
mostly revert the previous workaround and make
'dubious pointer arithmetic' test useful again.
Use (ptr - ptr) << const instead of ptr << const to generate large scalar.
The rest stays as before commit 2b36047e7889.

Fixes: 2b36047e7889 ("selftests/bpf: fix test_align")
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
tools/testing/selftests/bpf/test_align.c

index e19b410125eb81fade990a60eef7677274d77bd8..ff8bd7e3e50c19231f35233714e499d8b2504d24 100644 (file)
@@ -446,11 +446,9 @@ static struct bpf_align_test tests[] = {
                .insns = {
                        PREP_PKT_POINTERS,
                        BPF_MOV64_IMM(BPF_REG_0, 0),
-                       /* ptr & const => unknown & const */
-                       BPF_MOV64_REG(BPF_REG_5, BPF_REG_2),
-                       BPF_ALU64_IMM(BPF_AND, BPF_REG_5, 0x40),
-                       /* ptr << const => unknown << const */
-                       BPF_MOV64_REG(BPF_REG_5, BPF_REG_2),
+                       /* (ptr - ptr) << 2 */
+                       BPF_MOV64_REG(BPF_REG_5, BPF_REG_3),
+                       BPF_ALU64_REG(BPF_SUB, BPF_REG_5, BPF_REG_2),
                        BPF_ALU64_IMM(BPF_LSH, BPF_REG_5, 2),
                        /* We have a (4n) value.  Let's make a packet offset
                         * out of it.  First add 14, to make it a (4n+2)
@@ -473,8 +471,26 @@ static struct bpf_align_test tests[] = {
                .prog_type = BPF_PROG_TYPE_SCHED_CLS,
                .result = REJECT,
                .matches = {
-                       {4, "R5_w=pkt(id=0,off=0,r=0,imm=0)"},
-                       /* R5 bitwise operator &= on pointer prohibited */
+                       {4, "R5_w=pkt_end(id=0,off=0,imm=0)"},
+                       /* (ptr - ptr) << 2 == unknown, (4n) */
+                       {6, "R5_w=inv(id=0,smax_value=9223372036854775804,umax_value=18446744073709551612,var_off=(0x0; 0xfffffffffffffffc))"},
+                       /* (4n) + 14 == (4n+2).  We blow our bounds, because
+                        * the add could overflow.
+                        */
+                       {7, "R5=inv(id=0,var_off=(0x2; 0xfffffffffffffffc))"},
+                       /* Checked s>=0 */
+                       {9, "R5=inv(id=0,umin_value=2,umax_value=9223372036854775806,var_off=(0x2; 0x7ffffffffffffffc))"},
+                       /* packet pointer + nonnegative (4n+2) */
+                       {11, "R6_w=pkt(id=1,off=0,r=0,umin_value=2,umax_value=9223372036854775806,var_off=(0x2; 0x7ffffffffffffffc))"},
+                       {13, "R4=pkt(id=1,off=4,r=0,umin_value=2,umax_value=9223372036854775806,var_off=(0x2; 0x7ffffffffffffffc))"},
+                       /* NET_IP_ALIGN + (4n+2) == (4n), alignment is fine.
+                        * We checked the bounds, but it might have been able
+                        * to overflow if the packet pointer started in the
+                        * upper half of the address space.
+                        * So we did not get a 'range' on R6, and the access
+                        * attempt will fail.
+                        */
+                       {15, "R6=pkt(id=1,off=0,r=0,umin_value=2,umax_value=9223372036854775806,var_off=(0x2; 0x7ffffffffffffffc))"},
                }
        },
        {