bpf: fix test suite to enable all unpriv program types

Given BPF_PROG_TYPE_CGROUP_SKB program types are also valid in an
unprivileged setting, lets not omit these tests and potentially
have issues fall through the cracks. Make this more obvious by
adding a small test_as_unpriv() helper.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c
index 769d68a48f303960781c07a99c69be15b0691e5b..8e1a79d2792c471fbb23845ca557b51881d5d901 100644 (file)
--- a/tools/testing/selftests/bpf/test_verifier.c
+++ b/tools/testing/selftests/bpf/test_verifier.c
@@ -4891,6 +4891,8 @@ static struct bpf_test tests[] = {
                        BPF_EXIT_INSN(),
                },
                .result = ACCEPT,
+               .result_unpriv = REJECT,
+               .errstr_unpriv = "R3 pointer comparison prohibited",
                .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
        },
        {
@@ -5146,6 +5148,7 @@ static struct bpf_test tests[] = {
                .fixup_cgroup_storage = { 1 },
                .result = REJECT,
                .errstr = "get_local_storage() doesn't support non-zero flags",
+               .errstr_unpriv = "R2 leaks addr into helper function",
                .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
        },
        {
@@ -5261,6 +5264,7 @@ static struct bpf_test tests[] = {
                .fixup_percpu_cgroup_storage = { 1 },
                .result = REJECT,
                .errstr = "get_local_storage() doesn't support non-zero flags",
+               .errstr_unpriv = "R2 leaks addr into helper function",
                .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
        },
        {
@@ -14050,6 +14054,13 @@ static void get_unpriv_disabled()
        fclose(fd);
 }
 
+static bool test_as_unpriv(struct bpf_test *test)
+{
+       return !test->prog_type ||
+              test->prog_type == BPF_PROG_TYPE_SOCKET_FILTER ||
+              test->prog_type == BPF_PROG_TYPE_CGROUP_SKB;
+}
+
 static int do_test(bool unpriv, unsigned int from, unsigned int to)
 {
        int i, passes = 0, errors = 0, skips = 0;
@@ -14060,10 +14071,10 @@ static int do_test(bool unpriv, unsigned int from, unsigned int to)
                /* Program types that are not supported by non-root we
                 * skip right away.
                 */
-               if (!test->prog_type && unpriv_disabled) {
+               if (test_as_unpriv(test) && unpriv_disabled) {
                        printf("#%d/u %s SKIP\n", i, test->descr);
                        skips++;
-               } else if (!test->prog_type) {
+               } else if (test_as_unpriv(test)) {
                        if (!unpriv)
                                set_admin(false);
                        printf("#%d/u %s ", i, test->descr);