leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
bf5088773f
linux/samples/bpf
History
Alexei Starovoitov bf5088773f bpf: add unprivileged bpf tests 
Add new tests samples/bpf/test_verifier:

unpriv: return pointer
  checks that pointer cannot be returned from the eBPF program

unpriv: add const to pointer
unpriv: add pointer to pointer
unpriv: neg pointer
  checks that pointer arithmetic is disallowed

unpriv: cmp pointer with const
unpriv: cmp pointer with pointer
  checks that comparison of pointers is disallowed
  Only one case allowed 'void *value = bpf_map_lookup_elem(..); if (value == 0) ...'

unpriv: check that printk is disallowed
  since bpf_trace_printk is not available to unprivileged

unpriv: pass pointer to helper function
  checks that pointers cannot be passed to functions that expect integers
  If function expects a pointer the verifier allows only that type of pointer.
  Like 1st argument of bpf_map_lookup_elem() must be pointer to map.
  (applies to non-root as well)

unpriv: indirectly pass pointer on stack to helper function
  checks that pointer stored into stack cannot be used as part of key
  passed into bpf_map_lookup_elem()

unpriv: mangle pointer on stack 1
unpriv: mangle pointer on stack 2
  checks that writing into stack slot that already contains a pointer
  is disallowed

unpriv: read pointer from stack in small chunks
  checks that < 8 byte read from stack slot that contains a pointer is
  disallowed

unpriv: write pointer into ctx
  checks that storing pointers into skb->fields is disallowed

unpriv: write pointer into map elem value
  checks that storing pointers into element values is disallowed
  For example:
  int bpf_prog(struct __sk_buff *skb)
  {
    u32 key = 0;
    u64 *value = bpf_map_lookup_elem(&map, &key);
    if (value)
       *value = (u64) skb;
  }
  will be rejected.

unpriv: partial copy of pointer
  checks that doing 32-bit register mov from register containing
  a pointer is disallowed

unpriv: pass pointer to tail_call
  checks that passing pointer as an index into bpf_tail_call
  is disallowed

unpriv: cmp map pointer with zero
  checks that comparing map pointer with constant is disallowed

unpriv: write into frame pointer
  checks that frame pointer is read-only (applies to root too)

unpriv: cmp of frame pointer
  checks that R10 cannot be using in comparison

unpriv: cmp of stack pointer
  checks that Rx = R10 - imm is ok, but comparing Rx is not

unpriv: obfuscate stack pointer
  checks that Rx = R10 - imm is ok, but Rx -= imm is not

Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-10-12 19:13:37 -07:00
..
bpf_helpers.h bpf: add bpf_redirect() helper 2015-09-17 21:09:07 -07:00
bpf_load.c samples/bpf: bpf_tail_call example for tracing 2015-05-21 17:07:59 -04:00
bpf_load.h samples/bpf: Add simple non-portable kprobe filter example 2015-04-02 13:25:50 +02:00
lathist_kern.c bpf: BPF based latency tracing 2015-06-23 06:09:58 -07:00
lathist_user.c bpf: BPF based latency tracing 2015-06-23 06:09:58 -07:00
libbpf.c samples/bpf: Add simple non-portable kprobe filter example 2015-04-02 13:25:50 +02:00
libbpf.h bpf: add unprivileged bpf tests 2015-10-12 19:13:37 -07:00
Makefile samples/bpf: example of get selected PMU counter value 2015-08-09 22:50:06 -07:00
sock_example.c samples/bpf: Add simple non-portable kprobe filter example 2015-04-02 13:25:50 +02:00
sockex1_kern.c samples: bpf: add skb->field examples and tests 2015-03-15 22:02:28 -04:00
sockex1_user.c samples: bpf: add skb->field examples and tests 2015-03-15 22:02:28 -04:00
sockex2_kern.c samples: bpf: add skb->field examples and tests 2015-03-15 22:02:28 -04:00
sockex2_user.c samples: bpf: add skb->field examples and tests 2015-03-15 22:02:28 -04:00
sockex3_kern.c bpf: allow programs to write to certain skb fields 2015-06-07 02:01:33 -07:00
sockex3_user.c samples/bpf: bpf_tail_call example for networking 2015-05-21 17:07:59 -04:00
tcbpf1_kern.c bpf: add bpf_redirect() helper 2015-09-17 21:09:07 -07:00
test_maps.c samples: bpf: relax test_maps check 2015-01-26 17:20:40 -08:00
test_verifier.c bpf: add unprivileged bpf tests 2015-10-12 19:13:37 -07:00
tracex1_kern.c samples: bpf: enable trace samples for s390x 2015-07-08 15:17:45 -07:00
tracex1_user.c samples/bpf: Add simple non-portable kprobe filter example 2015-04-02 13:25:50 +02:00
tracex2_kern.c samples: bpf: enable trace samples for s390x 2015-07-08 15:17:45 -07:00
tracex2_user.c bpf: introduce current->pid, tgid, uid, gid, comm accessors 2015-06-15 15:53:50 -07:00
tracex3_kern.c samples: bpf: enable trace samples for s390x 2015-07-08 15:17:45 -07:00
tracex3_user.c samples/bpf: Add IO latency analysis (iosnoop/heatmap) tool 2015-04-02 13:25:51 +02:00
tracex4_kern.c samples: bpf: enable trace samples for s390x 2015-07-08 15:17:45 -07:00
tracex4_user.c samples/bpf: Add kmem_alloc()/free() tracker tool 2015-04-02 13:25:51 +02:00
tracex5_kern.c samples: bpf: enable trace samples for s390x 2015-07-08 15:17:45 -07:00
tracex5_user.c samples/bpf: bpf_tail_call example for tracing 2015-05-21 17:07:59 -04:00
tracex6_kern.c bpf: fix build warnings and add function read_trace_pipe() 2015-08-12 16:39:12 -07:00
tracex6_user.c bpf: fix build warnings and add function read_trace_pipe() 2015-08-12 16:39:12 -07:00