Re: [PATCH bpf] bpf: btf: Use exact btf value_size match in map_check_btf()

2018-07-26 Thread Daniel Borkmann 
On 07/26/2018 06:57 PM, Martin KaFai Lau wrote:
> The current map_check_btf() in BPF_MAP_TYPE_ARRAY rejects
> '> map->value_size' to ensure map_seq_show_elem() will not
> access things beyond an array element.
> 
> Yonghong suggested that using '!=' is a more correct
> check.  The 8 bytes round_up on value_size is stored
> in array->elem_size.  Hence, using '!=' on map->value_size
> is a proper check.
> 
> This patch also adds new tests to check the btf array
> key type and value type.  Two of these new tests verify
> the btf's value_size (the change in this patch).
> 
> It also fixes two existing tests that wrongly encoded
> a btf's type size (pprint_test) and the value_type_id (in one
> of the raw_tests[]).  However, that do not affect these two
> BTF verification tests before or after this test changes.
> These two tests mainly failed at array creation time after
> this patch.
> 
> Fixes: a26ca7c982cb ("bpf: btf: Add pretty print support to the basic 
> arraymap")
> Suggested-by: Yonghong Song 
> Acked-by: Yonghong Song 
> Signed-off-by: Martin KaFai Lau 

Applied to bpf, thanks Martin!

[PATCH bpf] bpf: btf: Use exact btf value_size match in map_check_btf()

2018-07-26 Thread Martin KaFai Lau 
The current map_check_btf() in BPF_MAP_TYPE_ARRAY rejects
'> map->value_size' to ensure map_seq_show_elem() will not
access things beyond an array element.

Yonghong suggested that using '!=' is a more correct
check.  The 8 bytes round_up on value_size is stored
in array->elem_size.  Hence, using '!=' on map->value_size
is a proper check.

This patch also adds new tests to check the btf array
key type and value type.  Two of these new tests verify
the btf's value_size (the change in this patch).

It also fixes two existing tests that wrongly encoded
a btf's type size (pprint_test) and the value_type_id (in one
of the raw_tests[]).  However, that do not affect these two
BTF verification tests before or after this test changes.
These two tests mainly failed at array creation time after
this patch.

Fixes: a26ca7c982cb ("bpf: btf: Add pretty print support to the basic arraymap")
Suggested-by: Yonghong Song 
Acked-by: Yonghong Song 
Signed-off-by: Martin KaFai Lau 
---
 kernel/bpf/arraymap.c  |  2 +-
 tools/testing/selftests/bpf/test_btf.c | 86 +-
 2 files changed, 85 insertions(+), 3 deletions(-)

diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c
index 544e58f5f642..2aa55d030c77 100644
--- a/kernel/bpf/arraymap.c
+++ b/kernel/bpf/arraymap.c
@@ -378,7 +378,7 @@ static int array_map_check_btf(const struct bpf_map *map, 
const struct btf *btf,
return -EINVAL;
 
value_type = btf_type_id_size(btf, _value_id, _size);
-   if (!value_type || value_size > map->value_size)
+   if (!value_type || value_size != map->value_size)
return -EINVAL;
 
return 0;
diff --git a/tools/testing/selftests/bpf/test_btf.c 
b/tools/testing/selftests/bpf/test_btf.c
index 402c0f7cc418..ffdd27737c9e 100644
--- a/tools/testing/selftests/bpf/test_btf.c
+++ b/tools/testing/selftests/bpf/test_btf.c
@@ -507,7 +507,7 @@ static struct btf_raw_test raw_tests[] = {
.key_size = sizeof(int),
.value_size = sizeof(void *) * 4,
.key_type_id = 1,
-   .value_type_id = 4,
+   .value_type_id = 5,
.max_entries = 4,
 },
 
@@ -1292,6 +1292,88 @@ static struct btf_raw_test raw_tests[] = {
.err_str = "type != 0",
 },
 
+{
+   .descr = "arraymap invalid btf key (a bit field)",
+   .raw_types = {
+   /* int */   /* [1] */
+   BTF_TYPE_INT_ENC(0, BTF_INT_SIGNED, 0, 32, 4),
+   /* 32 bit int with 32 bit offset */ /* [2] */
+   BTF_TYPE_INT_ENC(0, BTF_INT_SIGNED, 32, 32, 8),
+   BTF_END_RAW,
+   },
+   .str_sec = "",
+   .str_sec_size = sizeof(""),
+   .map_type = BPF_MAP_TYPE_ARRAY,
+   .map_name = "array_map_check_btf",
+   .key_size = sizeof(int),
+   .value_size = sizeof(int),
+   .key_type_id = 2,
+   .value_type_id = 1,
+   .max_entries = 4,
+   .map_create_err = true,
+},
+
+{
+   .descr = "arraymap invalid btf key (!= 32 bits)",
+   .raw_types = {
+   /* int */   /* [1] */
+   BTF_TYPE_INT_ENC(0, BTF_INT_SIGNED, 0, 32, 4),
+   /* 16 bit int with 0 bit offset */  /* [2] */
+   BTF_TYPE_INT_ENC(0, BTF_INT_SIGNED, 0, 16, 2),
+   BTF_END_RAW,
+   },
+   .str_sec = "",
+   .str_sec_size = sizeof(""),
+   .map_type = BPF_MAP_TYPE_ARRAY,
+   .map_name = "array_map_check_btf",
+   .key_size = sizeof(int),
+   .value_size = sizeof(int),
+   .key_type_id = 2,
+   .value_type_id = 1,
+   .max_entries = 4,
+   .map_create_err = true,
+},
+
+{
+   .descr = "arraymap invalid btf value (too small)",
+   .raw_types = {
+   /* int */   /* [1] */
+   BTF_TYPE_INT_ENC(0, BTF_INT_SIGNED, 0, 32, 4),
+   BTF_END_RAW,
+   },
+   .str_sec = "",
+   .str_sec_size = sizeof(""),
+   .map_type = BPF_MAP_TYPE_ARRAY,
+   .map_name = "array_map_check_btf",
+   .key_size = sizeof(int),
+   /* btf_value_size < map->value_size */
+   .value_size = sizeof(__u64),
+   .key_type_id = 1,
+   .value_type_id = 1,
+   .max_entries = 4,
+   .map_create_err = true,
+},
+
+{
+   .descr = "arraymap invalid btf value (too big)",
+   .raw_types = {
+   /* int */   /* [1] */
+   BTF_TYPE_INT_ENC(0, BTF_INT_SIGNED, 0, 32, 4),
+   BTF_END_RAW,
+   },
+   .str_sec = "",
+   .str_sec_size = sizeof(""),
+   .map_type = BPF_MAP_TYPE_ARRAY,
+   .map_name = "array_map_check_btf",
+   .key_size = sizeof(int),
+   /* btf_value_size > map->value_size */
+   .value_size = sizeof(__u16),
+   .key_type_id = 1,
+   .value_type_id = 1,
+   .max_entries = 4,
+   .map_create_err = true,
+},
+
 }; /* struct btf_raw_test raw_tests[] */
 
 static const char