[LTP] [PATCH v2 4/4] bpf_prog05: Drop CAP_BPF and check if ptr arithmetic is allowed
Joerg Vehlow
lkml@jv-coder.de
Tue Jan 11 11:42:01 CET 2022
Hi Richard,
Am 8/31/2021 um 11:10 AM schrieb Richard Palethorpe via ltp:
> On older kernels pointer arithmetic requires CAP_BPF. They also lack
> the ability to call BPF subprogs. This makes it difficult to exploit
> the div/mod behavior.
>
> Older kernels leave div/mod by zero undefined. This causes the test to
> fail and backporting the new behavior is difficult. So when we find
> that pointer arithmetic is not possible without CAP_BPF we can return
> TCONF. Because in this case, we know the test will fail, the risk is
> limited and there is little that can be done about it.
What does older kernel mean here?
> +
> + if (ret != -1)
> + tst_brk(TBROK, "Invalid bpf() return value: %d", ret);
> +
> + if (log[0] != 0)
> + tst_brk(TCONF | TERRNO, "No pointer arithmetic:\n %s", log);
This check now fails for me with the following output, where the test
was successful, before this patch. The kernel is a non-standard suse
5.3.18 with realtime patches.
bpf_prog05.c:100: TCONF: No pointer arithmetic:
0: (bf) r2 = r10
1: (b7) r3 = -1
2: (0f) r2 += r3
3: (72) *(u8 *)(r2 +0) = 0
4: (b7) r0 = 0
5: (95) exit
from 2 to 3 (speculative execution): R1=ctx(id=0,off=0,imm=0) R2_w=fp0
R3_w=invP-1 R10=fp0
3: (72) *(u8 *)(r2 +0) = 0
invalid stack off=0 size=1
processed 7 insns (limit 1000000) max_states_per_insn 0 total_states 0
peak_states 0 mark_read 0
: EACCES (13)
Is this too old? But then again, the test was successful before this
patch and your commit message states, that it was not successful on
"older kernels".
Joerg
More information about the ltp
mailing list