linux/tools/testing/selftests/bpf
Daniel Borkmann ab21c1b5f7 bpf: disallow direct packet access for unpriv in cg_skb
Commit b39b5f411d ("bpf: add cg_skb_is_valid_access for
BPF_PROG_TYPE_CGROUP_SKB") added support for returning pkt pointers
for direct packet access. Given this program type is allowed for both
unprivileged and privileged users, we shouldn't allow unprivileged
ones to use it, e.g. besides others one reason would be to avoid any
potential speculation on the packet test itself, thus guard this for
root only.

Fixes: b39b5f411d ("bpf: add cg_skb_is_valid_access for BPF_PROG_TYPE_CGROUP_SKB")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Cc: Song Liu <songliubraving@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2018-10-25 17:02:06 -07:00
..
gnu selftests/bpf: get rid of -D__x86_64__ 2017-05-03 09:51:25 -04:00
include/uapi/linux License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
.gitignore selftests/bpf: add missing executables to .gitignore 2018-10-19 13:31:27 -07:00
bpf_endian.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
bpf_flow.c selftests/bpf: fix bpf_flow.c build 2018-09-14 12:09:05 -07:00
bpf_helpers.h bpf: libbpf support for msg_push_data 2018-10-20 21:37:12 +02:00
bpf_rand.h bpf: add ld64 imm test cases 2018-05-14 19:11:45 -07:00
bpf_rlimit.h bpf: unify rlimit handling in selftests 2018-02-26 20:11:23 -08:00
bpf_util.h bpf: Refactor ARRAY_SIZE macro to bpf_util.h 2018-08-11 01:58:46 +02:00
cgroup_helpers.c selftests/bpf: Fix const'ness in cgroup_helpers 2018-07-15 00:08:41 +02:00
cgroup_helpers.h selftests/bpf: Fix const'ness in cgroup_helpers 2018-07-15 00:08:41 +02:00
config selftests/bpf: add config fragments BPF_STREAM_PARSER and XDP_SOCKETS 2018-10-26 00:33:21 +02:00
connect4_prog.c selftests/bpf: Selftest for sys_connect hooks 2018-03-31 02:16:14 +02:00
connect6_prog.c selftests/bpf: Selftest for sys_connect hooks 2018-03-31 02:16:14 +02:00
dev_cgroup.c selftests/bpf: add a test for device cgroup controller 2017-11-05 23:26:51 +09:00
flow_dissector_load.c selftests/bpf: test bpf flow dissection 2018-09-14 12:04:33 -07:00
get_cgroup_id_kern.c tools/bpf: fix selftest get_cgroup_id_user 2018-06-08 00:10:07 +02:00
get_cgroup_id_user.c tools/bpf: fix selftest get_cgroup_id_user 2018-06-08 00:10:07 +02:00
Makefile selftests/bpf: add test cases for queue and stack maps 2018-10-19 13:24:31 -07:00
netcnt_common.h selftests/bpf: cgroup local storage-based network counters 2018-10-01 16:18:33 +02:00
netcnt_prog.c selftests/bpf: cgroup local storage-based network counters 2018-10-01 16:18:33 +02:00
sample_map_ret0.c selftest/bpf: extend the offload test with map checks 2018-01-18 22:54:26 +01:00
sample_ret0.c selftests/bpf: add offload test based on netdevsim 2017-12-03 00:27:58 +01:00
sendmsg4_prog.c selftests/bpf: Selftest for sys_sendmsg hooks 2018-05-28 17:41:05 +02:00
sendmsg6_prog.c selftests/bpf: Selftest for sys_sendmsg hooks 2018-05-28 17:41:05 +02:00
socket_cookie_prog.c selftests/bpf: Test for get_socket_cookie 2018-07-31 09:33:48 +02:00
sockmap_parse_prog.c bpf: add map tests for BPF_PROG_TYPE_SK_MSG 2018-03-19 21:14:39 +01:00
sockmap_tcp_msg_prog.c bpf: add map tests for BPF_PROG_TYPE_SK_MSG 2018-03-19 21:14:39 +01:00
sockmap_verdict_prog.c bpf: add map tests for BPF_PROG_TYPE_SK_MSG 2018-03-19 21:14:39 +01:00
tcp_client.py bpf: Add Python 3 support to selftests scripts for bpf 2018-07-25 07:46:48 +02:00
tcp_server.py bpf: Add Python 3 support to selftests scripts for bpf 2018-07-25 07:46:48 +02:00
test_adjust_tail.c bpf: adding tests for bpf_xdp_adjust_tail 2018-04-18 23:34:17 +02:00
test_align.c bpf: Refactor ARRAY_SIZE macro to bpf_util.h 2018-08-11 01:58:46 +02:00
test_btf_haskv.c bpf: Introduce BPF_ANNOTATE_KV_PAIR 2018-07-25 06:57:55 +02:00
test_btf_nokv.c bpf: btf: Add BTF tests 2018-04-19 21:47:42 +02:00
test_btf.c tools/bpf: add bpffs percpu map pretty print tests in test_btf 2018-08-30 14:03:53 +02:00
test_cgroup_storage.c selftests/bpf: extend the storage test to test per-cpu cgroup storage 2018-10-01 16:18:33 +02:00
test_dev_cgroup.c bpf: unify rlimit handling in selftests 2018-02-26 20:11:23 -08:00
test_flow_dissector.c selftests/bpf: test bpf flow dissection 2018-09-14 12:04:33 -07:00
test_flow_dissector.sh selftests/bpf: test bpf flow dissection 2018-09-14 12:04:33 -07:00
test_get_stack_rawtp.c tools/bpf: add a test for bpf_get_stack with raw tracepoint prog 2018-04-29 08:45:54 -07:00
test_iptunnel_common.h selftests/bpf: add a test for basic XDP functionality 2017-04-01 12:45:57 -07:00
test_kmod.sh selftests: bpf: notification about privilege required to run test_kmod.sh testing script 2018-06-22 00:30:02 +02:00
test_l4lb_noinline.c selftests/bpf: add bpf_call test 2017-12-17 20:34:36 +01:00
test_l4lb.c bpf: Move endianness BPF helpers out of bpf_util.h 2017-05-01 12:43:49 -07:00
test_libbpf_open.c selftests/bpf: add test program for loading BPF ELF files 2018-02-09 00:24:38 +01:00
test_libbpf.sh selftests/bpf: fix return value comparison for tests in test_libbpf.sh 2018-10-20 23:17:43 -07:00
test_lirc_mode2_kern.c bpf: add selftest for lirc_mode2 type program 2018-05-30 12:40:14 +02:00
test_lirc_mode2_user.c bpf: add selftest for lirc_mode2 type program 2018-05-30 12:40:14 +02:00
test_lirc_mode2.sh selftests: bpf: notification about privilege required to run test_lirc_mode2.sh testing script 2018-06-26 12:15:28 +02:00
test_lpm_map.c bpf: unify rlimit handling in selftests 2018-02-26 20:11:23 -08:00
test_lru_map.c bpf: unify rlimit handling in selftests 2018-02-26 20:11:23 -08:00
test_lwt_seg6local.c selftests/bpf: test for seg6local End.BPF action 2018-05-24 11:57:36 +02:00
test_lwt_seg6local.sh selftests/bpf: update test_lwt_seg6local.sh according to iproute2 2018-08-03 10:19:33 +02:00
test_maps.c selftests/bpf: add test cases for queue and stack maps 2018-10-19 13:24:31 -07:00
test_netcnt.c selftests/bpf: cgroup local storage-based network counters 2018-10-01 16:18:33 +02:00
test_obj_id.c bpf: Fix test_obj_id.c for llvm 5.0 2017-06-09 15:15:11 -04:00
test_offload.py selftests/bpf: add test for sharing objects between netdevs 2018-07-18 15:10:34 +02:00
test_pkt_access.c selftests/bpf: fix broken build due to types.h 2017-05-17 18:45:14 -04:00
test_pkt_md_access.c bpf: fix selftest/bpf/test_pkt_md_access on s390x 2017-08-07 10:06:27 -07:00
test_progs.c selftests/bpf: add test cases for queue and stack maps 2018-10-19 13:24:31 -07:00
test_queue_map.c selftests/bpf: add test cases for queue and stack maps 2018-10-19 13:24:31 -07:00
test_queue_stack_map.h selftests/bpf: add test cases for queue and stack maps 2018-10-19 13:24:31 -07:00
test_section_names.c selftests/bpf: Test libbpf_{prog,attach}_type_by_name 2018-09-27 21:14:59 +02:00
test_select_reuseport_common.h bpf: Test BPF_PROG_TYPE_SK_REUSEPORT 2018-08-11 01:58:46 +02:00
test_select_reuseport_kern.c bpf: Test BPF_PROG_TYPE_SK_REUSEPORT 2018-08-11 01:58:46 +02:00
test_select_reuseport.c bpf: Test BPF_PROG_TYPE_SK_REUSEPORT 2018-08-11 01:58:46 +02:00
test_sk_lookup_kern.c selftests/bpf: Add C tests for reference tracking 2018-10-03 02:53:48 +02:00
test_skb_cgroup_id_kern.c selftests/bpf: Selftest for bpf_skb_ancestor_cgroup_id 2018-08-13 01:02:40 +02:00
test_skb_cgroup_id_user.c selftests/bpf: Selftest for bpf_skb_ancestor_cgroup_id 2018-08-13 01:02:40 +02:00
test_skb_cgroup_id.sh selftests/bpf: Selftest for bpf_skb_ancestor_cgroup_id 2018-08-13 01:02:40 +02:00
test_sock_addr.c bpf: Refactor ARRAY_SIZE macro to bpf_util.h 2018-08-11 01:58:46 +02:00
test_sock_addr.sh tools/bpf: fix test_sock and test_sock_addr.sh failure 2018-04-19 00:16:37 +02:00
test_sock.c bpf: Refactor ARRAY_SIZE macro to bpf_util.h 2018-08-11 01:58:46 +02:00
test_socket_cookie.c selftests/bpf: Use libbpf_attach_type_by_name in test_socket_cookie 2018-09-27 21:14:59 +02:00
test_sockhash_kern.c bpf: selftest additions for SOCKHASH 2018-05-16 22:00:12 +02:00
test_sockmap_kern.c bpf: selftest additions for SOCKHASH 2018-05-16 22:00:12 +02:00
test_sockmap_kern.h bpf: test_sockmap add options to use msg_push_data 2018-10-20 21:37:12 +02:00
test_sockmap.c bpf: test_sockmap add options to use msg_push_data 2018-10-20 21:37:12 +02:00
test_stack_map.c selftests/bpf: add test cases for queue and stack maps 2018-10-19 13:24:31 -07:00
test_stacktrace_build_id.c tools/bpf: add a test for bpf_get_stack with tracepoint prog 2018-04-29 08:45:54 -07:00
test_stacktrace_map.c tools/bpf: add a test for bpf_get_stack with tracepoint prog 2018-04-29 08:45:54 -07:00
test_tag.c bpf: unify rlimit handling in selftests 2018-02-26 20:11:23 -08:00
test_tcp_estats.c selftests/bpf: add a test case to check verifier pointer arithmetic 2017-05-03 09:51:25 -04:00
test_tcpbpf_kern.c bpf: add selftest for bpf's (set|get)_sockopt for SAVE_SYN 2018-09-01 01:37:00 +02:00
test_tcpbpf_user.c bpf: add selftest for bpf's (set|get)_sockopt for SAVE_SYN 2018-09-01 01:37:00 +02:00
test_tcpbpf.h selftests/bpf: Test case for BPF_SOCK_OPS_TCP_LISTEN_CB 2018-07-15 00:08:41 +02:00
test_tracepoint.c bpf/tracing: add a bpf test for new ioctl query interface 2017-12-12 08:46:40 -08:00
test_tunnel_kern.c selftests/bpf: bpf tunnel test. 2018-04-27 00:11:14 +02:00
test_tunnel.sh bpf, selftests: delete xfrm tunnel when test exits. 2018-06-15 03:31:52 +02:00
test_verifier_log.c bpf: unify rlimit handling in selftests 2018-02-26 20:11:23 -08:00
test_verifier.c bpf: disallow direct packet access for unpriv in cg_skb 2018-10-25 17:02:06 -07:00
test_xdp_meta.c bpf: improve selftests and add tests for meta pointer 2017-09-26 13:36:44 -07:00
test_xdp_meta.sh tools/bpf: fix batch-mode test failure of test_xdp_redirect.sh 2018-02-06 11:34:42 +01:00
test_xdp_noinline.c selftests/bpf: add xdp noinline test 2017-12-17 20:34:36 +01:00
test_xdp_redirect.c selftests: bpf: add a test for XDP redirect 2017-08-08 18:12:50 -07:00
test_xdp_redirect.sh tools/bpf: fix batch-mode test failure of test_xdp_redirect.sh 2018-02-06 11:34:42 +01:00
test_xdp_vlan.c selftests/bpf: add XDP selftests for modifying and popping VLAN headers 2018-10-09 21:59:09 -07:00
test_xdp_vlan.sh selftests/bpf: add XDP selftests for modifying and popping VLAN headers 2018-10-09 21:59:09 -07:00
test_xdp.c selftests: bpf: Use bpf_endian.h in test_xdp.c 2017-05-02 07:52:01 -07:00
trace_helpers.c bpf, libbpf: simplify and cleanup perf ring buffer walk 2018-10-20 23:13:32 -07:00
trace_helpers.h trace_helpers.c: Add helpers to poll multiple perf FDs for events 2018-06-27 11:01:03 +02:00
urandom_read.c bpf: add selftest for stackmap with build_id in NMI context 2018-05-14 23:29:45 +02:00
with_addr.sh selftests/bpf: test bpf flow dissection 2018-09-14 12:04:33 -07:00
with_tunnels.sh selftests/bpf: test bpf flow dissection 2018-09-14 12:04:33 -07:00