linux/samples
Alexei Starovoitov bf5088773f bpf: add unprivileged bpf tests
Add new tests samples/bpf/test_verifier:

unpriv: return pointer
  checks that pointer cannot be returned from the eBPF program

unpriv: add const to pointer
unpriv: add pointer to pointer
unpriv: neg pointer
  checks that pointer arithmetic is disallowed

unpriv: cmp pointer with const
unpriv: cmp pointer with pointer
  checks that comparison of pointers is disallowed
  Only one case allowed 'void *value = bpf_map_lookup_elem(..); if (value == 0) ...'

unpriv: check that printk is disallowed
  since bpf_trace_printk is not available to unprivileged

unpriv: pass pointer to helper function
  checks that pointers cannot be passed to functions that expect integers
  If function expects a pointer the verifier allows only that type of pointer.
  Like 1st argument of bpf_map_lookup_elem() must be pointer to map.
  (applies to non-root as well)

unpriv: indirectly pass pointer on stack to helper function
  checks that pointer stored into stack cannot be used as part of key
  passed into bpf_map_lookup_elem()

unpriv: mangle pointer on stack 1
unpriv: mangle pointer on stack 2
  checks that writing into stack slot that already contains a pointer
  is disallowed

unpriv: read pointer from stack in small chunks
  checks that < 8 byte read from stack slot that contains a pointer is
  disallowed

unpriv: write pointer into ctx
  checks that storing pointers into skb->fields is disallowed

unpriv: write pointer into map elem value
  checks that storing pointers into element values is disallowed
  For example:
  int bpf_prog(struct __sk_buff *skb)
  {
    u32 key = 0;
    u64 *value = bpf_map_lookup_elem(&map, &key);
    if (value)
       *value = (u64) skb;
  }
  will be rejected.

unpriv: partial copy of pointer
  checks that doing 32-bit register mov from register containing
  a pointer is disallowed

unpriv: pass pointer to tail_call
  checks that passing pointer as an index into bpf_tail_call
  is disallowed

unpriv: cmp map pointer with zero
  checks that comparing map pointer with constant is disallowed

unpriv: write into frame pointer
  checks that frame pointer is read-only (applies to root too)

unpriv: cmp of frame pointer
  checks that R10 cannot be using in comparison

unpriv: cmp of stack pointer
  checks that Rx = R10 - imm is ok, but comparing Rx is not

unpriv: obfuscate stack pointer
  checks that Rx = R10 - imm is ok, but Rx -= imm is not

Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-10-12 19:13:37 -07:00
..
bpf bpf: add unprivileged bpf tests 2015-10-12 19:13:37 -07:00
hidraw HID: samples/hidraw: make it possible to select device 2015-03-15 10:11:21 -04:00
hw_breakpoint
kdb
kfifo
kobject samples/kobject: be explicit in the module license 2015-03-25 13:41:42 +01:00
kprobes kprobes: use _do_fork() in samples to make them work again 2015-10-01 21:42:35 -04:00
livepatch livepatch: rename config to CONFIG_LIVEPATCH 2015-02-04 11:25:51 +01:00
pktgen pktgen: add benchmark script pktgen_bench_xmit_mode_netif_receive.sh 2015-05-22 23:59:17 -04:00
rpmsg
seccomp samples/seccomp: improve label helper 2015-02-17 14:34:55 -08:00
trace_events tracing: Fix sample output of dynamic arrays 2015-07-17 14:15:13 -04:00
uhid
Kconfig livepatch: rename config to CONFIG_LIVEPATCH 2015-02-04 11:25:51 +01:00
Makefile livepatch: samples: add sample live patching module 2014-12-22 15:40:49 +01:00