This patch adds two selftests to cover invalid narrower loads on the
context. These used to cause kernel warning before the previous patch.
To trigger the warning, the load had to be aligned, to read an affected
pointer field (ex., skb->sk), and not starting at the beginning of the
pointer field. The new selftests show two such loads of 1B and 4B sizes.

Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
---
 .../selftests/bpf/progs/verifier_ctx.c        | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/tools/testing/selftests/bpf/progs/verifier_ctx.c b/tools/testing/selftests/bpf/progs/verifier_ctx.c
index a83809a1dbbf..229f26d1d413 100644
--- a/tools/testing/selftests/bpf/progs/verifier_ctx.c
+++ b/tools/testing/selftests/bpf/progs/verifier_ctx.c
@@ -218,4 +218,31 @@ __naked void null_check_8_null_bind(void)
 	: __clobber_all);
 }
 
+SEC("tc")
+__description("invalid narrow skb->sk load")
+__failure __msg("invalid bpf_context access")
+__naked void invalid_narrow_skb_sk_load(void)
+{
+	asm volatile ("				\
+	r0 = *(u8 *)(r1 + %[__sk_buff_sk]);	\
+	exit;					\
+"	:
+	: __imm_const(__sk_buff_sk, offsetof(struct __sk_buff, sk) + 1)
+	: __clobber_all);
+}
+
+SEC("sockops")
+__description("invalid narrow skops->sk_data load")
+__failure __msg("invalid bpf_context access")
+__naked void invalid_narrow_skops_sk_data_load(void)
+{
+	asm volatile ("				\
+	r1 = *(u32 *)(r1 + %[sk_data]);		\
+	r0 = 0;					\
+	exit;					\
+"	:
+	: __imm_const(sk_data, offsetof(struct bpf_sock_ops, skb_data) + 4)
+	: __clobber_all);
+}
+
 char _license[] SEC("license") = "GPL";
-- 
2.43.0