selftests/bpf: Add arena direct-value one-past-end reject test#12424
Open
kernel-patches-daemon-bpf[bot] wants to merge 1 commit into
Open
selftests/bpf: Add arena direct-value one-past-end reject test#12424kernel-patches-daemon-bpf[bot] wants to merge 1 commit into
kernel-patches-daemon-bpf[bot] wants to merge 1 commit into
Conversation
BPF_MAP_TYPE_ARENA supports direct-value pseudo loads, but unlike array maps its map value_size is zero and the valid direct-value range is the arena mmap size, max_entries * PAGE_SIZE. Commit 3ac1a46 ("bpf: Fix off-by-one boundary validation in arena direct-value access") fixed arena_map_direct_value_addr() to reject an offset exactly at the end of the arena mapping. Add a regression test that loads a BPF_PSEUDO_MAP_VALUE with off == arena_size and verifies that the verifier rejects it with the expected offset in the log. This is intentionally kept as a userspace raw-instruction test. I tried expressing the same BPF_PSEUDO_MAP_VALUE + off == arena_size case in verifier_arena.c with inline assembly. The only form that produces the desired instruction bytes uses __imm_addr(arena), but that emits R_BPF_64_NODYLD32, which the libbpf/bpftool link step rejects. Other register, immediate, and memory constraints either fail in the BPF backend or lower to a normal R_BPF_64_64 load followed by an ALU add, which does not exercise arena_map_direct_value_addr() with the boundary offset in the second ldimm64 slot. A legacy test_verifier fixture can express the raw instruction directly, but it needs arena map creation, mmap, and fixup plumbing in the legacy runner. That is more intrusive than the small prog_tests raw-instruction test. Use the userspace raw-instruction test, following the existing selftests pattern used for direct map-value pseudo loads, so insns[1].imm can be set to arena_size precisely. Assisted-by: ChatGPT:gpt-5.5 Signed-off-by: Woojin Ji <random6.xyz@gmail.com> Cc: Emil Tsalapatis <emil@etsalapatis.com> Cc: Junyoung Jang <graypanda.inzag@gmail.com>
Author
|
Upstream branch: 140fa23 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull request for series with
subject: selftests/bpf: Add arena direct-value one-past-end reject test
version: 3
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=1109031