selftests/bpf: Test changing packet data from kfunc bpf_xdp_pull_data() is the first kfunc that changes packet data. Make sure the verifier clear all packet pointers after calling packet data changing kfunc. Signed-off-by: Amery Hung <ameryhung@gmail.com> Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org> Link: https://patch.msgid.link/20250926164142.1850176-1-ameryhung@gmail.com

commit: 991e555efffde314e94be9c28fc0ea5504195df8 [log] [tgz]
author: Amery Hung <ameryhung@gmail.com> Fri Sep 26 09:41:42 2025 -0700
committer: Martin KaFai Lau <martin.lau@kernel.org> Fri Sep 26 10:44:51 2025 -0700
tree: d98d726a78086e56638e72b788488fa7a20bce91
parent: d43029ff7d1b7183dc0cf11b6cc2c12a0b810ad8 [diff]
diff --git a/tools/testing/selftests/bpf/progs/verifier_sock.c b/tools/testing/selftests/bpf/progs/verifier_sock.c
index b4d31f1..2b4610b 100644
--- a/tools/testing/selftests/bpf/progs/verifier_sock.c
+++ b/tools/testing/selftests/bpf/progs/verifier_sock.c

@@ -1096,6 +1096,20 @@ int invalidate_xdp_pkt_pointers_from_global_func(struct xdp_md *x)
 	return XDP_PASS;
 }
 
+/* XDP packet changing kfunc calls invalidate packet pointers */
+SEC("xdp")
+__failure __msg("invalid mem access")
+int invalidate_xdp_pkt_pointers(struct xdp_md *x)
+{
+	int *p = (void *)(long)x->data;
+
+	if ((void *)(p + 1) > (void *)(long)x->data_end)
+		return XDP_DROP;
+	bpf_xdp_pull_data(x, 0);
+	*p = 42; /* this is unsafe */
+	return XDP_PASS;
+}
+
 __noinline
 int tail_call(struct __sk_buff *sk)
 {
commit	991e555efffde314e94be9c28fc0ea5504195df8	[log] [tgz]
author	Amery Hung <ameryhung@gmail.com>	Fri Sep 26 09:41:42 2025 -0700
committer	Martin KaFai Lau <martin.lau@kernel.org>	Fri Sep 26 10:44:51 2025 -0700
tree	d98d726a78086e56638e72b788488fa7a20bce91
parent	d43029ff7d1b7183dc0cf11b6cc2c12a0b810ad8 [diff]