Merge bpf_filter.c r182425 and add test cases for jump range checks.

While I am here, fix stupid typos in test0080.h and make it JIT compiler only.
2008-08-29 02:12:45 +00:00 · 2008-08-29 02:12:45 +00:00 · a85de0848e
commit a85de0848e
parent 4d92376beb
6 changed files with 136 additions and 26 deletions
--- a/tools/regression/bpf/bpf_filter/Makefile
+++ b/tools/regression/bpf/bpf_filter/Makefile
@ -19,7 +19,8 @@ TEST_CASES?=	test0001 test0002 test0003 test0004	\
 		test0065 test0066 test0067 test0068	\
 		test0069 test0070 test0071 test0072	\
 		test0073 test0074 test0075 test0076	\
-		test0077 test0078 test0079 test0080
+		test0077 test0078 test0079 test0080	\
+		test0081 test0082

 SYSDIR?=	${.CURDIR}/../../../../sys

--- a/tools/regression/bpf/bpf_filter/bpf_test.c
+++ b/tools/regression/bpf/bpf_filter/bpf_test.c
@ -145,14 +145,13 @@ bpf_validate(const struct bpf_insn *f, int len)
 		 * the code block.
 		 */
 		if (BPF_CLASS(p->code) == BPF_JMP) {
-			register int from = i + 1;
+			register u_int offset;

-			if (BPF_OP(p->code) == BPF_JA) {
-				if (from >= len || p->k >= (u_int)len - from)
-					return (0);
-			}
-			else if (from >= len || p->jt >= len - from ||
-				 p->jf >= len - from)
+			if (BPF_OP(p->code) == BPF_JA)
+				offset = p->k;
+			else
+				offset = p->jt > p->jf ? p->jt : p->jf;
+			if (offset >= (u_int)(len - i) - 1)
 				return (0);
 		}
 		/*
--- a/tools/regression/bpf/bpf_filter/tests/test0080.h
+++ b/tools/regression/bpf/bpf_filter/tests/test0080.h
@ -1,45 +1,47 @@
 /*-
- * Test 0080:	Check uninitialized scratch memory.
- *
- * Note:	This behavior is not guaranteed with bpf_filter(9).
+ * Test 0080:	Check uninitialized scratch memory (only for JIT compiler).
 *
 * $FreeBSD$
 */

 /* BPF program */
 struct bpf_insn pc[] = {
+#ifdef BPF_JIT_COMPILER
 	BPF_STMT(BPF_LDX+BPF_IMM, 0xffffffff),
 	BPF_STMT(BPF_LD+BPF_MEM, 0),
-	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 30, 0, 0),
+	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 29, 0),
 	BPF_STMT(BPF_LD+BPF_MEM, 1),
-	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 28, 0, 0),
+	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 27, 0),
 	BPF_STMT(BPF_LD+BPF_MEM, 2),
-	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 26, 0, 0),
+	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 25, 0),
 	BPF_STMT(BPF_LD+BPF_MEM, 3),
-	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 24, 0, 0),
+	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 23, 0),
 	BPF_STMT(BPF_LD+BPF_MEM, 4),
-	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 22, 0, 0),
+	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 21, 0),
 	BPF_STMT(BPF_LD+BPF_MEM, 5),
-	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 20, 0, 0),
+	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 19, 0),
 	BPF_STMT(BPF_LD+BPF_MEM, 6),
-	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 18, 0, 0),
+	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 17, 0),
 	BPF_STMT(BPF_LD+BPF_MEM, 7),
-	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 16, 0, 0),
+	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 15, 0),
 	BPF_STMT(BPF_LD+BPF_MEM, 8),
-	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 14, 0, 0),
+	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 13, 0),
 	BPF_STMT(BPF_LD+BPF_MEM, 9),
-	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 12, 0, 0),
+	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 11, 0),
 	BPF_STMT(BPF_LD+BPF_MEM, 10),
-	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 10, 0, 0),
+	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 9, 0),
 	BPF_STMT(BPF_LD+BPF_MEM, 11),
-	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 8, 0, 0),
+	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 7, 0),
 	BPF_STMT(BPF_LD+BPF_MEM, 12),
-	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 6, 0, 0),
+	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 5, 0),
 	BPF_STMT(BPF_LD+BPF_MEM, 13),
-	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 4, 0, 0),
+	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 3, 0),
 	BPF_STMT(BPF_LD+BPF_MEM, 14),
-	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 2, 0, 0),
+	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 1, 0),
 	BPF_STMT(BPF_LD+BPF_MEM, 15),
+#else
+	BPF_STMT(BPF_LD+BPF_IMM, 0),
+#endif
 	BPF_STMT(BPF_RET+BPF_A, 0),
 };

--- a/tools/regression/bpf/bpf_filter/tests/test0081.h
+++ b/tools/regression/bpf/bpf_filter/tests/test0081.h
@ -0,0 +1,37 @@
+/*-
+ * Test 0081:	Check unconditional jump range.
+ *
+ * $FreeBSD$
+ */
+
+/* BPF program */
+struct bpf_insn pc[] = {
+	BPF_STMT(BPF_LD+BPF_IMM, 0),
+	BPF_JUMP(BPF_JMP+BPF_JA, 2, 0, 0),
+	BPF_STMT(BPF_LD+BPF_IMM, 0xdeadc0de),
+	BPF_STMT(BPF_RET+BPF_A, 0),
+};
+
+/* Packet */
+u_char	pkt[] = {
+	0x00,
+};
+
+/* Packet length seen on wire */
+u_int	wirelen =	sizeof(pkt);
+
+/* Packet length passed on buffer */
+u_int	buflen =	sizeof(pkt);
+
+/* Invalid instruction */
+int	invalid =	1;
+
+/* Expected return value */
+u_int	expect =	0;
+
+/* Expected signal */
+#ifdef BPF_JIT_COMPILER
+int	expect_signal =	SIGSEGV;
+#else
+int	expect_signal =	SIGABRT;
+#endif
--- a/tools/regression/bpf/bpf_filter/tests/test0082.h
+++ b/tools/regression/bpf/bpf_filter/tests/test0082.h
@ -0,0 +1,37 @@
+/*-
+ * Test 0082:	Check conditional jump ranges.
+ *
+ * $FreeBSD$
+ */
+
+/* BPF program */
+struct bpf_insn pc[] = {
+	BPF_STMT(BPF_LD+BPF_IMM, 0),
+	BPF_JUMP(BPF_JMP+BPF_JGT+BPF_K, 0, 1, 2),
+	BPF_STMT(BPF_LD+BPF_IMM, 0xdeadc0de),
+	BPF_STMT(BPF_RET+BPF_A, 0),
+};
+
+/* Packet */
+u_char	pkt[] = {
+	0x00,
+};
+
+/* Packet length seen on wire */
+u_int	wirelen =	sizeof(pkt);
+
+/* Packet length passed on buffer */
+u_int	buflen =	sizeof(pkt);
+
+/* Invalid instruction */
+int	invalid =	1;
+
+/* Expected return value */
+u_int	expect =	0;
+
+/* Expected signal */
+#ifdef BPF_JIT_COMPILER
+int	expect_signal =	SIGSEGV;
+#else
+int	expect_signal =	SIGABRT;
+#endif
--- a/tools/regression/bpf/bpf_filter/tests/test0083.h
+++ b/tools/regression/bpf/bpf_filter/tests/test0083.h
@ -0,0 +1,34 @@
+/*-
+ * Test 0083:	Check that the last instruction is BPF_RET.
+ *
+ * $FreeBSD$
+ */
+
+/* BPF program */
+struct bpf_insn pc[] = {
+	BPF_JUMP(BPF_JMP+BPF_JA, 0, 0, 0),
+};
+
+/* Packet */
+u_char	pkt[] = {
+	0x00,
+};
+
+/* Packet length seen on wire */
+u_int	wirelen =	sizeof(pkt);
+
+/* Packet length passed on buffer */
+u_int	buflen =	sizeof(pkt);
+
+/* Invalid instruction */
+int	invalid =	1;
+
+/* Expected return value */
+u_int	expect =	0;
+
+/* Expected signal */
+#ifdef BPF_JIT_COMPILER
+int	expect_signal =	SIGSEGV;
+#else
+int	expect_signal =	SIGABRT;
+#endif