selftests/bpf: Add test for reg2btf_ids out of bounds access

author Kumar Kartikeya Dwivedi <memxor@gmail.com>

Sun, 20 Feb 2022 02:31:38 +0000 (08:01 +0530)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Sun, 1 May 2022 15:22:34 +0000 (17:22 +0200)
author Kumar Kartikeya Dwivedi <memxor@gmail.com>
Sun, 20 Feb 2022 02:31:38 +0000 (08:01 +0530)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 1 May 2022 15:22:34 +0000 (17:22 +0200)
diff --git a/tools/testing/selftests/bpf/verifier/calls.c b/tools/testing/selftests/bpf/verifier/calls.c

index 336a749..2e701e7 100644 (file)
--- a/tools/testing/selftests/bpf/verifier/calls.c
+++ b/tools/testing/selftests/bpf/verifier/calls.c
@@ -108,6 +108,25 @@
         .errstr = "R0 min value is outside of the allowed memory range",
  },
  {
+       "calls: trigger reg2btf_ids[reg->type] for reg->type > __BPF_REG_TYPE_MAX",
+       .insns = {
+       BPF_MOV64_REG(BPF_REG_1, BPF_REG_10),
+       BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -8),
+       BPF_ST_MEM(BPF_DW, BPF_REG_1, 0, 0),
+       BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, BPF_PSEUDO_KFUNC_CALL, 0, 0),
+       BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
+       BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, BPF_PSEUDO_KFUNC_CALL, 0, 0),
+       BPF_EXIT_INSN(),
+       },
+       .prog_type = BPF_PROG_TYPE_SCHED_CLS,
+       .result = REJECT,
+       .errstr = "arg#0 pointer type STRUCT prog_test_ref_kfunc must point",
+       .fixup_kfunc_btf_id = {
+               { "bpf_kfunc_call_test_acquire", 3 },
+               { "bpf_kfunc_call_test_release", 5 },
+       },
+},
+{
         "calls: overlapping caller/callee",
         .insns = {
         BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 1, 0, 0),
author	Kumar Kartikeya Dwivedi <memxor@gmail.com>
	Sun, 20 Feb 2022 02:31:38 +0000 (08:01 +0530)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sun, 1 May 2022 15:22:34 +0000 (17:22 +0200)