Loading...
Note: File does not exist in v4.6.
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Testsuite for eBPF verifier
4 *
5 * Copyright (c) 2014 PLUMgrid, http://plumgrid.com
6 * Copyright (c) 2017 Facebook
7 * Copyright (c) 2018 Covalent IO, Inc. http://covalent.io
8 */
9
10#include <endian.h>
11#include <asm/types.h>
12#include <linux/types.h>
13#include <stdint.h>
14#include <stdio.h>
15#include <stdlib.h>
16#include <unistd.h>
17#include <errno.h>
18#include <string.h>
19#include <stddef.h>
20#include <stdbool.h>
21#include <sched.h>
22#include <limits.h>
23#include <assert.h>
24
25#include <sys/capability.h>
26
27#include <linux/unistd.h>
28#include <linux/filter.h>
29#include <linux/bpf_perf_event.h>
30#include <linux/bpf.h>
31#include <linux/if_ether.h>
32#include <linux/btf.h>
33
34#include <bpf/bpf.h>
35#include <bpf/libbpf.h>
36
37#ifdef HAVE_GENHDR
38# include "autoconf.h"
39#else
40# if defined(__i386) || defined(__x86_64) || defined(__s390x__) || defined(__aarch64__)
41# define CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS 1
42# endif
43#endif
44#include "bpf_rlimit.h"
45#include "bpf_rand.h"
46#include "bpf_util.h"
47#include "test_btf.h"
48#include "../../../include/linux/filter.h"
49
50#define MAX_INSNS BPF_MAXINSNS
51#define MAX_TEST_INSNS 1000000
52#define MAX_FIXUPS 8
53#define MAX_NR_MAPS 19
54#define MAX_TEST_RUNS 8
55#define POINTER_VALUE 0xcafe4all
56#define TEST_DATA_LEN 64
57
58#define F_NEEDS_EFFICIENT_UNALIGNED_ACCESS (1 << 0)
59#define F_LOAD_WITH_STRICT_ALIGNMENT (1 << 1)
60
61#define UNPRIV_SYSCTL "kernel/unprivileged_bpf_disabled"
62static bool unpriv_disabled = false;
63static int skips;
64static bool verbose = false;
65
66struct bpf_test {
67 const char *descr;
68 struct bpf_insn insns[MAX_INSNS];
69 struct bpf_insn *fill_insns;
70 int fixup_map_hash_8b[MAX_FIXUPS];
71 int fixup_map_hash_48b[MAX_FIXUPS];
72 int fixup_map_hash_16b[MAX_FIXUPS];
73 int fixup_map_array_48b[MAX_FIXUPS];
74 int fixup_map_sockmap[MAX_FIXUPS];
75 int fixup_map_sockhash[MAX_FIXUPS];
76 int fixup_map_xskmap[MAX_FIXUPS];
77 int fixup_map_stacktrace[MAX_FIXUPS];
78 int fixup_prog1[MAX_FIXUPS];
79 int fixup_prog2[MAX_FIXUPS];
80 int fixup_map_in_map[MAX_FIXUPS];
81 int fixup_cgroup_storage[MAX_FIXUPS];
82 int fixup_percpu_cgroup_storage[MAX_FIXUPS];
83 int fixup_map_spin_lock[MAX_FIXUPS];
84 int fixup_map_array_ro[MAX_FIXUPS];
85 int fixup_map_array_wo[MAX_FIXUPS];
86 int fixup_map_array_small[MAX_FIXUPS];
87 int fixup_sk_storage_map[MAX_FIXUPS];
88 int fixup_map_event_output[MAX_FIXUPS];
89 const char *errstr;
90 const char *errstr_unpriv;
91 uint32_t insn_processed;
92 int prog_len;
93 enum {
94 UNDEF,
95 ACCEPT,
96 REJECT,
97 VERBOSE_ACCEPT,
98 } result, result_unpriv;
99 enum bpf_prog_type prog_type;
100 uint8_t flags;
101 void (*fill_helper)(struct bpf_test *self);
102 uint8_t runs;
103#define bpf_testdata_struct_t \
104 struct { \
105 uint32_t retval, retval_unpriv; \
106 union { \
107 __u8 data[TEST_DATA_LEN]; \
108 __u64 data64[TEST_DATA_LEN / 8]; \
109 }; \
110 }
111 union {
112 bpf_testdata_struct_t;
113 bpf_testdata_struct_t retvals[MAX_TEST_RUNS];
114 };
115 enum bpf_attach_type expected_attach_type;
116};
117
118/* Note we want this to be 64 bit aligned so that the end of our array is
119 * actually the end of the structure.
120 */
121#define MAX_ENTRIES 11
122
123struct test_val {
124 unsigned int index;
125 int foo[MAX_ENTRIES];
126};
127
128struct other_val {
129 long long foo;
130 long long bar;
131};
132
133static void bpf_fill_ld_abs_vlan_push_pop(struct bpf_test *self)
134{
135 /* test: {skb->data[0], vlan_push} x 51 + {skb->data[0], vlan_pop} x 51 */
136#define PUSH_CNT 51
137 /* jump range is limited to 16 bit. PUSH_CNT of ld_abs needs room */
138 unsigned int len = (1 << 15) - PUSH_CNT * 2 * 5 * 6;
139 struct bpf_insn *insn = self->fill_insns;
140 int i = 0, j, k = 0;
141
142 insn[i++] = BPF_MOV64_REG(BPF_REG_6, BPF_REG_1);
143loop:
144 for (j = 0; j < PUSH_CNT; j++) {
145 insn[i++] = BPF_LD_ABS(BPF_B, 0);
146 /* jump to error label */
147 insn[i] = BPF_JMP32_IMM(BPF_JNE, BPF_REG_0, 0x34, len - i - 3);
148 i++;
149 insn[i++] = BPF_MOV64_REG(BPF_REG_1, BPF_REG_6);
150 insn[i++] = BPF_MOV64_IMM(BPF_REG_2, 1);
151 insn[i++] = BPF_MOV64_IMM(BPF_REG_3, 2);
152 insn[i++] = BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
153 BPF_FUNC_skb_vlan_push),
154 insn[i] = BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, len - i - 3);
155 i++;
156 }
157
158 for (j = 0; j < PUSH_CNT; j++) {
159 insn[i++] = BPF_LD_ABS(BPF_B, 0);
160 insn[i] = BPF_JMP32_IMM(BPF_JNE, BPF_REG_0, 0x34, len - i - 3);
161 i++;
162 insn[i++] = BPF_MOV64_REG(BPF_REG_1, BPF_REG_6);
163 insn[i++] = BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
164 BPF_FUNC_skb_vlan_pop),
165 insn[i] = BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, len - i - 3);
166 i++;
167 }
168 if (++k < 5)
169 goto loop;
170
171 for (; i < len - 3; i++)
172 insn[i] = BPF_ALU64_IMM(BPF_MOV, BPF_REG_0, 0xbef);
173 insn[len - 3] = BPF_JMP_A(1);
174 /* error label */
175 insn[len - 2] = BPF_MOV32_IMM(BPF_REG_0, 0);
176 insn[len - 1] = BPF_EXIT_INSN();
177 self->prog_len = len;
178}
179
180static void bpf_fill_jump_around_ld_abs(struct bpf_test *self)
181{
182 struct bpf_insn *insn = self->fill_insns;
183 /* jump range is limited to 16 bit. every ld_abs is replaced by 6 insns,
184 * but on arches like arm, ppc etc, there will be one BPF_ZEXT inserted
185 * to extend the error value of the inlined ld_abs sequence which then
186 * contains 7 insns. so, set the dividend to 7 so the testcase could
187 * work on all arches.
188 */
189 unsigned int len = (1 << 15) / 7;
190 int i = 0;
191
192 insn[i++] = BPF_MOV64_REG(BPF_REG_6, BPF_REG_1);
193 insn[i++] = BPF_LD_ABS(BPF_B, 0);
194 insn[i] = BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 10, len - i - 2);
195 i++;
196 while (i < len - 1)
197 insn[i++] = BPF_LD_ABS(BPF_B, 1);
198 insn[i] = BPF_EXIT_INSN();
199 self->prog_len = i + 1;
200}
201
202static void bpf_fill_rand_ld_dw(struct bpf_test *self)
203{
204 struct bpf_insn *insn = self->fill_insns;
205 uint64_t res = 0;
206 int i = 0;
207
208 insn[i++] = BPF_MOV32_IMM(BPF_REG_0, 0);
209 while (i < self->retval) {
210 uint64_t val = bpf_semi_rand_get();
211 struct bpf_insn tmp[2] = { BPF_LD_IMM64(BPF_REG_1, val) };
212
213 res ^= val;
214 insn[i++] = tmp[0];
215 insn[i++] = tmp[1];
216 insn[i++] = BPF_ALU64_REG(BPF_XOR, BPF_REG_0, BPF_REG_1);
217 }
218 insn[i++] = BPF_MOV64_REG(BPF_REG_1, BPF_REG_0);
219 insn[i++] = BPF_ALU64_IMM(BPF_RSH, BPF_REG_1, 32);
220 insn[i++] = BPF_ALU64_REG(BPF_XOR, BPF_REG_0, BPF_REG_1);
221 insn[i] = BPF_EXIT_INSN();
222 self->prog_len = i + 1;
223 res ^= (res >> 32);
224 self->retval = (uint32_t)res;
225}
226
227#define MAX_JMP_SEQ 8192
228
229/* test the sequence of 8k jumps */
230static void bpf_fill_scale1(struct bpf_test *self)
231{
232 struct bpf_insn *insn = self->fill_insns;
233 int i = 0, k = 0;
234
235 insn[i++] = BPF_MOV64_REG(BPF_REG_6, BPF_REG_1);
236 /* test to check that the long sequence of jumps is acceptable */
237 while (k++ < MAX_JMP_SEQ) {
238 insn[i++] = BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
239 BPF_FUNC_get_prandom_u32);
240 insn[i++] = BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, bpf_semi_rand_get(), 2);
241 insn[i++] = BPF_MOV64_REG(BPF_REG_1, BPF_REG_10);
242 insn[i++] = BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_6,
243 -8 * (k % 64 + 1));
244 }
245 /* is_state_visited() doesn't allocate state for pruning for every jump.
246 * Hence multiply jmps by 4 to accommodate that heuristic
247 */
248 while (i < MAX_TEST_INSNS - MAX_JMP_SEQ * 4)
249 insn[i++] = BPF_ALU64_IMM(BPF_MOV, BPF_REG_0, 42);
250 insn[i] = BPF_EXIT_INSN();
251 self->prog_len = i + 1;
252 self->retval = 42;
253}
254
255/* test the sequence of 8k jumps in inner most function (function depth 8)*/
256static void bpf_fill_scale2(struct bpf_test *self)
257{
258 struct bpf_insn *insn = self->fill_insns;
259 int i = 0, k = 0;
260
261#define FUNC_NEST 7
262 for (k = 0; k < FUNC_NEST; k++) {
263 insn[i++] = BPF_CALL_REL(1);
264 insn[i++] = BPF_EXIT_INSN();
265 }
266 insn[i++] = BPF_MOV64_REG(BPF_REG_6, BPF_REG_1);
267 /* test to check that the long sequence of jumps is acceptable */
268 k = 0;
269 while (k++ < MAX_JMP_SEQ) {
270 insn[i++] = BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
271 BPF_FUNC_get_prandom_u32);
272 insn[i++] = BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, bpf_semi_rand_get(), 2);
273 insn[i++] = BPF_MOV64_REG(BPF_REG_1, BPF_REG_10);
274 insn[i++] = BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_6,
275 -8 * (k % (64 - 4 * FUNC_NEST) + 1));
276 }
277 while (i < MAX_TEST_INSNS - MAX_JMP_SEQ * 4)
278 insn[i++] = BPF_ALU64_IMM(BPF_MOV, BPF_REG_0, 42);
279 insn[i] = BPF_EXIT_INSN();
280 self->prog_len = i + 1;
281 self->retval = 42;
282}
283
284static void bpf_fill_scale(struct bpf_test *self)
285{
286 switch (self->retval) {
287 case 1:
288 return bpf_fill_scale1(self);
289 case 2:
290 return bpf_fill_scale2(self);
291 default:
292 self->prog_len = 0;
293 break;
294 }
295}
296
297/* BPF_SK_LOOKUP contains 13 instructions, if you need to fix up maps */
298#define BPF_SK_LOOKUP(func) \
299 /* struct bpf_sock_tuple tuple = {} */ \
300 BPF_MOV64_IMM(BPF_REG_2, 0), \
301 BPF_STX_MEM(BPF_W, BPF_REG_10, BPF_REG_2, -8), \
302 BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -16), \
303 BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -24), \
304 BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -32), \
305 BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -40), \
306 BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -48), \
307 /* sk = func(ctx, &tuple, sizeof tuple, 0, 0) */ \
308 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), \
309 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -48), \
310 BPF_MOV64_IMM(BPF_REG_3, sizeof(struct bpf_sock_tuple)), \
311 BPF_MOV64_IMM(BPF_REG_4, 0), \
312 BPF_MOV64_IMM(BPF_REG_5, 0), \
313 BPF_EMIT_CALL(BPF_FUNC_ ## func)
314
315/* BPF_DIRECT_PKT_R2 contains 7 instructions, it initializes default return
316 * value into 0 and does necessary preparation for direct packet access
317 * through r2. The allowed access range is 8 bytes.
318 */
319#define BPF_DIRECT_PKT_R2 \
320 BPF_MOV64_IMM(BPF_REG_0, 0), \
321 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, \
322 offsetof(struct __sk_buff, data)), \
323 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, \
324 offsetof(struct __sk_buff, data_end)), \
325 BPF_MOV64_REG(BPF_REG_4, BPF_REG_2), \
326 BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, 8), \
327 BPF_JMP_REG(BPF_JLE, BPF_REG_4, BPF_REG_3, 1), \
328 BPF_EXIT_INSN()
329
330/* BPF_RAND_UEXT_R7 contains 4 instructions, it initializes R7 into a random
331 * positive u32, and zero-extend it into 64-bit.
332 */
333#define BPF_RAND_UEXT_R7 \
334 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, \
335 BPF_FUNC_get_prandom_u32), \
336 BPF_MOV64_REG(BPF_REG_7, BPF_REG_0), \
337 BPF_ALU64_IMM(BPF_LSH, BPF_REG_7, 33), \
338 BPF_ALU64_IMM(BPF_RSH, BPF_REG_7, 33)
339
340/* BPF_RAND_SEXT_R7 contains 5 instructions, it initializes R7 into a random
341 * negative u32, and sign-extend it into 64-bit.
342 */
343#define BPF_RAND_SEXT_R7 \
344 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, \
345 BPF_FUNC_get_prandom_u32), \
346 BPF_MOV64_REG(BPF_REG_7, BPF_REG_0), \
347 BPF_ALU64_IMM(BPF_OR, BPF_REG_7, 0x80000000), \
348 BPF_ALU64_IMM(BPF_LSH, BPF_REG_7, 32), \
349 BPF_ALU64_IMM(BPF_ARSH, BPF_REG_7, 32)
350
351static struct bpf_test tests[] = {
352#define FILL_ARRAY
353#include <verifier/tests.h>
354#undef FILL_ARRAY
355};
356
357static int probe_filter_length(const struct bpf_insn *fp)
358{
359 int len;
360
361 for (len = MAX_INSNS - 1; len > 0; --len)
362 if (fp[len].code != 0 || fp[len].imm != 0)
363 break;
364 return len + 1;
365}
366
367static bool skip_unsupported_map(enum bpf_map_type map_type)
368{
369 if (!bpf_probe_map_type(map_type, 0)) {
370 printf("SKIP (unsupported map type %d)\n", map_type);
371 skips++;
372 return true;
373 }
374 return false;
375}
376
377static int __create_map(uint32_t type, uint32_t size_key,
378 uint32_t size_value, uint32_t max_elem,
379 uint32_t extra_flags)
380{
381 int fd;
382
383 fd = bpf_create_map(type, size_key, size_value, max_elem,
384 (type == BPF_MAP_TYPE_HASH ?
385 BPF_F_NO_PREALLOC : 0) | extra_flags);
386 if (fd < 0) {
387 if (skip_unsupported_map(type))
388 return -1;
389 printf("Failed to create hash map '%s'!\n", strerror(errno));
390 }
391
392 return fd;
393}
394
395static int create_map(uint32_t type, uint32_t size_key,
396 uint32_t size_value, uint32_t max_elem)
397{
398 return __create_map(type, size_key, size_value, max_elem, 0);
399}
400
401static void update_map(int fd, int index)
402{
403 struct test_val value = {
404 .index = (6 + 1) * sizeof(int),
405 .foo[6] = 0xabcdef12,
406 };
407
408 assert(!bpf_map_update_elem(fd, &index, &value, 0));
409}
410
411static int create_prog_dummy1(enum bpf_prog_type prog_type)
412{
413 struct bpf_insn prog[] = {
414 BPF_MOV64_IMM(BPF_REG_0, 42),
415 BPF_EXIT_INSN(),
416 };
417
418 return bpf_load_program(prog_type, prog,
419 ARRAY_SIZE(prog), "GPL", 0, NULL, 0);
420}
421
422static int create_prog_dummy2(enum bpf_prog_type prog_type, int mfd, int idx)
423{
424 struct bpf_insn prog[] = {
425 BPF_MOV64_IMM(BPF_REG_3, idx),
426 BPF_LD_MAP_FD(BPF_REG_2, mfd),
427 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
428 BPF_FUNC_tail_call),
429 BPF_MOV64_IMM(BPF_REG_0, 41),
430 BPF_EXIT_INSN(),
431 };
432
433 return bpf_load_program(prog_type, prog,
434 ARRAY_SIZE(prog), "GPL", 0, NULL, 0);
435}
436
437static int create_prog_array(enum bpf_prog_type prog_type, uint32_t max_elem,
438 int p1key)
439{
440 int p2key = 1;
441 int mfd, p1fd, p2fd;
442
443 mfd = bpf_create_map(BPF_MAP_TYPE_PROG_ARRAY, sizeof(int),
444 sizeof(int), max_elem, 0);
445 if (mfd < 0) {
446 if (skip_unsupported_map(BPF_MAP_TYPE_PROG_ARRAY))
447 return -1;
448 printf("Failed to create prog array '%s'!\n", strerror(errno));
449 return -1;
450 }
451
452 p1fd = create_prog_dummy1(prog_type);
453 p2fd = create_prog_dummy2(prog_type, mfd, p2key);
454 if (p1fd < 0 || p2fd < 0)
455 goto out;
456 if (bpf_map_update_elem(mfd, &p1key, &p1fd, BPF_ANY) < 0)
457 goto out;
458 if (bpf_map_update_elem(mfd, &p2key, &p2fd, BPF_ANY) < 0)
459 goto out;
460 close(p2fd);
461 close(p1fd);
462
463 return mfd;
464out:
465 close(p2fd);
466 close(p1fd);
467 close(mfd);
468 return -1;
469}
470
471static int create_map_in_map(void)
472{
473 int inner_map_fd, outer_map_fd;
474
475 inner_map_fd = bpf_create_map(BPF_MAP_TYPE_ARRAY, sizeof(int),
476 sizeof(int), 1, 0);
477 if (inner_map_fd < 0) {
478 if (skip_unsupported_map(BPF_MAP_TYPE_ARRAY))
479 return -1;
480 printf("Failed to create array '%s'!\n", strerror(errno));
481 return inner_map_fd;
482 }
483
484 outer_map_fd = bpf_create_map_in_map(BPF_MAP_TYPE_ARRAY_OF_MAPS, NULL,
485 sizeof(int), inner_map_fd, 1, 0);
486 if (outer_map_fd < 0) {
487 if (skip_unsupported_map(BPF_MAP_TYPE_ARRAY_OF_MAPS))
488 return -1;
489 printf("Failed to create array of maps '%s'!\n",
490 strerror(errno));
491 }
492
493 close(inner_map_fd);
494
495 return outer_map_fd;
496}
497
498static int create_cgroup_storage(bool percpu)
499{
500 enum bpf_map_type type = percpu ? BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE :
501 BPF_MAP_TYPE_CGROUP_STORAGE;
502 int fd;
503
504 fd = bpf_create_map(type, sizeof(struct bpf_cgroup_storage_key),
505 TEST_DATA_LEN, 0, 0);
506 if (fd < 0) {
507 if (skip_unsupported_map(type))
508 return -1;
509 printf("Failed to create cgroup storage '%s'!\n",
510 strerror(errno));
511 }
512
513 return fd;
514}
515
516/* struct bpf_spin_lock {
517 * int val;
518 * };
519 * struct val {
520 * int cnt;
521 * struct bpf_spin_lock l;
522 * };
523 */
524static const char btf_str_sec[] = "\0bpf_spin_lock\0val\0cnt\0l";
525static __u32 btf_raw_types[] = {
526 /* int */
527 BTF_TYPE_INT_ENC(0, BTF_INT_SIGNED, 0, 32, 4), /* [1] */
528 /* struct bpf_spin_lock */ /* [2] */
529 BTF_TYPE_ENC(1, BTF_INFO_ENC(BTF_KIND_STRUCT, 0, 1), 4),
530 BTF_MEMBER_ENC(15, 1, 0), /* int val; */
531 /* struct val */ /* [3] */
532 BTF_TYPE_ENC(15, BTF_INFO_ENC(BTF_KIND_STRUCT, 0, 2), 8),
533 BTF_MEMBER_ENC(19, 1, 0), /* int cnt; */
534 BTF_MEMBER_ENC(23, 2, 32),/* struct bpf_spin_lock l; */
535};
536
537static int load_btf(void)
538{
539 struct btf_header hdr = {
540 .magic = BTF_MAGIC,
541 .version = BTF_VERSION,
542 .hdr_len = sizeof(struct btf_header),
543 .type_len = sizeof(btf_raw_types),
544 .str_off = sizeof(btf_raw_types),
545 .str_len = sizeof(btf_str_sec),
546 };
547 void *ptr, *raw_btf;
548 int btf_fd;
549
550 ptr = raw_btf = malloc(sizeof(hdr) + sizeof(btf_raw_types) +
551 sizeof(btf_str_sec));
552
553 memcpy(ptr, &hdr, sizeof(hdr));
554 ptr += sizeof(hdr);
555 memcpy(ptr, btf_raw_types, hdr.type_len);
556 ptr += hdr.type_len;
557 memcpy(ptr, btf_str_sec, hdr.str_len);
558 ptr += hdr.str_len;
559
560 btf_fd = bpf_load_btf(raw_btf, ptr - raw_btf, 0, 0, 0);
561 free(raw_btf);
562 if (btf_fd < 0)
563 return -1;
564 return btf_fd;
565}
566
567static int create_map_spin_lock(void)
568{
569 struct bpf_create_map_attr attr = {
570 .name = "test_map",
571 .map_type = BPF_MAP_TYPE_ARRAY,
572 .key_size = 4,
573 .value_size = 8,
574 .max_entries = 1,
575 .btf_key_type_id = 1,
576 .btf_value_type_id = 3,
577 };
578 int fd, btf_fd;
579
580 btf_fd = load_btf();
581 if (btf_fd < 0)
582 return -1;
583 attr.btf_fd = btf_fd;
584 fd = bpf_create_map_xattr(&attr);
585 if (fd < 0)
586 printf("Failed to create map with spin_lock\n");
587 return fd;
588}
589
590static int create_sk_storage_map(void)
591{
592 struct bpf_create_map_attr attr = {
593 .name = "test_map",
594 .map_type = BPF_MAP_TYPE_SK_STORAGE,
595 .key_size = 4,
596 .value_size = 8,
597 .max_entries = 0,
598 .map_flags = BPF_F_NO_PREALLOC,
599 .btf_key_type_id = 1,
600 .btf_value_type_id = 3,
601 };
602 int fd, btf_fd;
603
604 btf_fd = load_btf();
605 if (btf_fd < 0)
606 return -1;
607 attr.btf_fd = btf_fd;
608 fd = bpf_create_map_xattr(&attr);
609 close(attr.btf_fd);
610 if (fd < 0)
611 printf("Failed to create sk_storage_map\n");
612 return fd;
613}
614
615static char bpf_vlog[UINT_MAX >> 8];
616
617static void do_test_fixup(struct bpf_test *test, enum bpf_prog_type prog_type,
618 struct bpf_insn *prog, int *map_fds)
619{
620 int *fixup_map_hash_8b = test->fixup_map_hash_8b;
621 int *fixup_map_hash_48b = test->fixup_map_hash_48b;
622 int *fixup_map_hash_16b = test->fixup_map_hash_16b;
623 int *fixup_map_array_48b = test->fixup_map_array_48b;
624 int *fixup_map_sockmap = test->fixup_map_sockmap;
625 int *fixup_map_sockhash = test->fixup_map_sockhash;
626 int *fixup_map_xskmap = test->fixup_map_xskmap;
627 int *fixup_map_stacktrace = test->fixup_map_stacktrace;
628 int *fixup_prog1 = test->fixup_prog1;
629 int *fixup_prog2 = test->fixup_prog2;
630 int *fixup_map_in_map = test->fixup_map_in_map;
631 int *fixup_cgroup_storage = test->fixup_cgroup_storage;
632 int *fixup_percpu_cgroup_storage = test->fixup_percpu_cgroup_storage;
633 int *fixup_map_spin_lock = test->fixup_map_spin_lock;
634 int *fixup_map_array_ro = test->fixup_map_array_ro;
635 int *fixup_map_array_wo = test->fixup_map_array_wo;
636 int *fixup_map_array_small = test->fixup_map_array_small;
637 int *fixup_sk_storage_map = test->fixup_sk_storage_map;
638 int *fixup_map_event_output = test->fixup_map_event_output;
639
640 if (test->fill_helper) {
641 test->fill_insns = calloc(MAX_TEST_INSNS, sizeof(struct bpf_insn));
642 test->fill_helper(test);
643 }
644
645 /* Allocating HTs with 1 elem is fine here, since we only test
646 * for verifier and not do a runtime lookup, so the only thing
647 * that really matters is value size in this case.
648 */
649 if (*fixup_map_hash_8b) {
650 map_fds[0] = create_map(BPF_MAP_TYPE_HASH, sizeof(long long),
651 sizeof(long long), 1);
652 do {
653 prog[*fixup_map_hash_8b].imm = map_fds[0];
654 fixup_map_hash_8b++;
655 } while (*fixup_map_hash_8b);
656 }
657
658 if (*fixup_map_hash_48b) {
659 map_fds[1] = create_map(BPF_MAP_TYPE_HASH, sizeof(long long),
660 sizeof(struct test_val), 1);
661 do {
662 prog[*fixup_map_hash_48b].imm = map_fds[1];
663 fixup_map_hash_48b++;
664 } while (*fixup_map_hash_48b);
665 }
666
667 if (*fixup_map_hash_16b) {
668 map_fds[2] = create_map(BPF_MAP_TYPE_HASH, sizeof(long long),
669 sizeof(struct other_val), 1);
670 do {
671 prog[*fixup_map_hash_16b].imm = map_fds[2];
672 fixup_map_hash_16b++;
673 } while (*fixup_map_hash_16b);
674 }
675
676 if (*fixup_map_array_48b) {
677 map_fds[3] = create_map(BPF_MAP_TYPE_ARRAY, sizeof(int),
678 sizeof(struct test_val), 1);
679 update_map(map_fds[3], 0);
680 do {
681 prog[*fixup_map_array_48b].imm = map_fds[3];
682 fixup_map_array_48b++;
683 } while (*fixup_map_array_48b);
684 }
685
686 if (*fixup_prog1) {
687 map_fds[4] = create_prog_array(prog_type, 4, 0);
688 do {
689 prog[*fixup_prog1].imm = map_fds[4];
690 fixup_prog1++;
691 } while (*fixup_prog1);
692 }
693
694 if (*fixup_prog2) {
695 map_fds[5] = create_prog_array(prog_type, 8, 7);
696 do {
697 prog[*fixup_prog2].imm = map_fds[5];
698 fixup_prog2++;
699 } while (*fixup_prog2);
700 }
701
702 if (*fixup_map_in_map) {
703 map_fds[6] = create_map_in_map();
704 do {
705 prog[*fixup_map_in_map].imm = map_fds[6];
706 fixup_map_in_map++;
707 } while (*fixup_map_in_map);
708 }
709
710 if (*fixup_cgroup_storage) {
711 map_fds[7] = create_cgroup_storage(false);
712 do {
713 prog[*fixup_cgroup_storage].imm = map_fds[7];
714 fixup_cgroup_storage++;
715 } while (*fixup_cgroup_storage);
716 }
717
718 if (*fixup_percpu_cgroup_storage) {
719 map_fds[8] = create_cgroup_storage(true);
720 do {
721 prog[*fixup_percpu_cgroup_storage].imm = map_fds[8];
722 fixup_percpu_cgroup_storage++;
723 } while (*fixup_percpu_cgroup_storage);
724 }
725 if (*fixup_map_sockmap) {
726 map_fds[9] = create_map(BPF_MAP_TYPE_SOCKMAP, sizeof(int),
727 sizeof(int), 1);
728 do {
729 prog[*fixup_map_sockmap].imm = map_fds[9];
730 fixup_map_sockmap++;
731 } while (*fixup_map_sockmap);
732 }
733 if (*fixup_map_sockhash) {
734 map_fds[10] = create_map(BPF_MAP_TYPE_SOCKHASH, sizeof(int),
735 sizeof(int), 1);
736 do {
737 prog[*fixup_map_sockhash].imm = map_fds[10];
738 fixup_map_sockhash++;
739 } while (*fixup_map_sockhash);
740 }
741 if (*fixup_map_xskmap) {
742 map_fds[11] = create_map(BPF_MAP_TYPE_XSKMAP, sizeof(int),
743 sizeof(int), 1);
744 do {
745 prog[*fixup_map_xskmap].imm = map_fds[11];
746 fixup_map_xskmap++;
747 } while (*fixup_map_xskmap);
748 }
749 if (*fixup_map_stacktrace) {
750 map_fds[12] = create_map(BPF_MAP_TYPE_STACK_TRACE, sizeof(u32),
751 sizeof(u64), 1);
752 do {
753 prog[*fixup_map_stacktrace].imm = map_fds[12];
754 fixup_map_stacktrace++;
755 } while (*fixup_map_stacktrace);
756 }
757 if (*fixup_map_spin_lock) {
758 map_fds[13] = create_map_spin_lock();
759 do {
760 prog[*fixup_map_spin_lock].imm = map_fds[13];
761 fixup_map_spin_lock++;
762 } while (*fixup_map_spin_lock);
763 }
764 if (*fixup_map_array_ro) {
765 map_fds[14] = __create_map(BPF_MAP_TYPE_ARRAY, sizeof(int),
766 sizeof(struct test_val), 1,
767 BPF_F_RDONLY_PROG);
768 update_map(map_fds[14], 0);
769 do {
770 prog[*fixup_map_array_ro].imm = map_fds[14];
771 fixup_map_array_ro++;
772 } while (*fixup_map_array_ro);
773 }
774 if (*fixup_map_array_wo) {
775 map_fds[15] = __create_map(BPF_MAP_TYPE_ARRAY, sizeof(int),
776 sizeof(struct test_val), 1,
777 BPF_F_WRONLY_PROG);
778 update_map(map_fds[15], 0);
779 do {
780 prog[*fixup_map_array_wo].imm = map_fds[15];
781 fixup_map_array_wo++;
782 } while (*fixup_map_array_wo);
783 }
784 if (*fixup_map_array_small) {
785 map_fds[16] = __create_map(BPF_MAP_TYPE_ARRAY, sizeof(int),
786 1, 1, 0);
787 update_map(map_fds[16], 0);
788 do {
789 prog[*fixup_map_array_small].imm = map_fds[16];
790 fixup_map_array_small++;
791 } while (*fixup_map_array_small);
792 }
793 if (*fixup_sk_storage_map) {
794 map_fds[17] = create_sk_storage_map();
795 do {
796 prog[*fixup_sk_storage_map].imm = map_fds[17];
797 fixup_sk_storage_map++;
798 } while (*fixup_sk_storage_map);
799 }
800 if (*fixup_map_event_output) {
801 map_fds[18] = __create_map(BPF_MAP_TYPE_PERF_EVENT_ARRAY,
802 sizeof(int), sizeof(int), 1, 0);
803 do {
804 prog[*fixup_map_event_output].imm = map_fds[18];
805 fixup_map_event_output++;
806 } while (*fixup_map_event_output);
807 }
808}
809
810static int set_admin(bool admin)
811{
812 cap_t caps;
813 const cap_value_t cap_val = CAP_SYS_ADMIN;
814 int ret = -1;
815
816 caps = cap_get_proc();
817 if (!caps) {
818 perror("cap_get_proc");
819 return -1;
820 }
821 if (cap_set_flag(caps, CAP_EFFECTIVE, 1, &cap_val,
822 admin ? CAP_SET : CAP_CLEAR)) {
823 perror("cap_set_flag");
824 goto out;
825 }
826 if (cap_set_proc(caps)) {
827 perror("cap_set_proc");
828 goto out;
829 }
830 ret = 0;
831out:
832 if (cap_free(caps))
833 perror("cap_free");
834 return ret;
835}
836
837static int do_prog_test_run(int fd_prog, bool unpriv, uint32_t expected_val,
838 void *data, size_t size_data)
839{
840 __u8 tmp[TEST_DATA_LEN << 2];
841 __u32 size_tmp = sizeof(tmp);
842 uint32_t retval;
843 int err;
844
845 if (unpriv)
846 set_admin(true);
847 err = bpf_prog_test_run(fd_prog, 1, data, size_data,
848 tmp, &size_tmp, &retval, NULL);
849 if (unpriv)
850 set_admin(false);
851 if (err && errno != 524/*ENOTSUPP*/ && errno != EPERM) {
852 printf("Unexpected bpf_prog_test_run error ");
853 return err;
854 }
855 if (!err && retval != expected_val &&
856 expected_val != POINTER_VALUE) {
857 printf("FAIL retval %d != %d ", retval, expected_val);
858 return 1;
859 }
860
861 return 0;
862}
863
864static bool cmp_str_seq(const char *log, const char *exp)
865{
866 char needle[80];
867 const char *p, *q;
868 int len;
869
870 do {
871 p = strchr(exp, '\t');
872 if (!p)
873 p = exp + strlen(exp);
874
875 len = p - exp;
876 if (len >= sizeof(needle) || !len) {
877 printf("FAIL\nTestcase bug\n");
878 return false;
879 }
880 strncpy(needle, exp, len);
881 needle[len] = 0;
882 q = strstr(log, needle);
883 if (!q) {
884 printf("FAIL\nUnexpected verifier log in successful load!\n"
885 "EXP: %s\nRES:\n", needle);
886 return false;
887 }
888 log = q + len;
889 exp = p + 1;
890 } while (*p);
891 return true;
892}
893
894static void do_test_single(struct bpf_test *test, bool unpriv,
895 int *passes, int *errors)
896{
897 int fd_prog, expected_ret, alignment_prevented_execution;
898 int prog_len, prog_type = test->prog_type;
899 struct bpf_insn *prog = test->insns;
900 struct bpf_load_program_attr attr;
901 int run_errs, run_successes;
902 int map_fds[MAX_NR_MAPS];
903 const char *expected_err;
904 int fixup_skips;
905 __u32 pflags;
906 int i, err;
907
908 for (i = 0; i < MAX_NR_MAPS; i++)
909 map_fds[i] = -1;
910
911 if (!prog_type)
912 prog_type = BPF_PROG_TYPE_SOCKET_FILTER;
913 fixup_skips = skips;
914 do_test_fixup(test, prog_type, prog, map_fds);
915 if (test->fill_insns) {
916 prog = test->fill_insns;
917 prog_len = test->prog_len;
918 } else {
919 prog_len = probe_filter_length(prog);
920 }
921 /* If there were some map skips during fixup due to missing bpf
922 * features, skip this test.
923 */
924 if (fixup_skips != skips)
925 return;
926
927 pflags = BPF_F_TEST_RND_HI32;
928 if (test->flags & F_LOAD_WITH_STRICT_ALIGNMENT)
929 pflags |= BPF_F_STRICT_ALIGNMENT;
930 if (test->flags & F_NEEDS_EFFICIENT_UNALIGNED_ACCESS)
931 pflags |= BPF_F_ANY_ALIGNMENT;
932 if (test->flags & ~3)
933 pflags |= test->flags;
934
935 expected_ret = unpriv && test->result_unpriv != UNDEF ?
936 test->result_unpriv : test->result;
937 expected_err = unpriv && test->errstr_unpriv ?
938 test->errstr_unpriv : test->errstr;
939 memset(&attr, 0, sizeof(attr));
940 attr.prog_type = prog_type;
941 attr.expected_attach_type = test->expected_attach_type;
942 attr.insns = prog;
943 attr.insns_cnt = prog_len;
944 attr.license = "GPL";
945 attr.log_level = verbose || expected_ret == VERBOSE_ACCEPT ? 1 : 4;
946 attr.prog_flags = pflags;
947
948 fd_prog = bpf_load_program_xattr(&attr, bpf_vlog, sizeof(bpf_vlog));
949 if (fd_prog < 0 && !bpf_probe_prog_type(prog_type, 0)) {
950 printf("SKIP (unsupported program type %d)\n", prog_type);
951 skips++;
952 goto close_fds;
953 }
954
955 alignment_prevented_execution = 0;
956
957 if (expected_ret == ACCEPT || expected_ret == VERBOSE_ACCEPT) {
958 if (fd_prog < 0) {
959 printf("FAIL\nFailed to load prog '%s'!\n",
960 strerror(errno));
961 goto fail_log;
962 }
963#ifndef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
964 if (fd_prog >= 0 &&
965 (test->flags & F_NEEDS_EFFICIENT_UNALIGNED_ACCESS))
966 alignment_prevented_execution = 1;
967#endif
968 if (expected_ret == VERBOSE_ACCEPT && !cmp_str_seq(bpf_vlog, expected_err)) {
969 goto fail_log;
970 }
971 } else {
972 if (fd_prog >= 0) {
973 printf("FAIL\nUnexpected success to load!\n");
974 goto fail_log;
975 }
976 if (!expected_err || !strstr(bpf_vlog, expected_err)) {
977 printf("FAIL\nUnexpected error message!\n\tEXP: %s\n\tRES: %s\n",
978 expected_err, bpf_vlog);
979 goto fail_log;
980 }
981 }
982
983 if (test->insn_processed) {
984 uint32_t insn_processed;
985 char *proc;
986
987 proc = strstr(bpf_vlog, "processed ");
988 insn_processed = atoi(proc + 10);
989 if (test->insn_processed != insn_processed) {
990 printf("FAIL\nUnexpected insn_processed %u vs %u\n",
991 insn_processed, test->insn_processed);
992 goto fail_log;
993 }
994 }
995
996 if (verbose)
997 printf(", verifier log:\n%s", bpf_vlog);
998
999 run_errs = 0;
1000 run_successes = 0;
1001 if (!alignment_prevented_execution && fd_prog >= 0) {
1002 uint32_t expected_val;
1003 int i;
1004
1005 if (!test->runs)
1006 test->runs = 1;
1007
1008 for (i = 0; i < test->runs; i++) {
1009 if (unpriv && test->retvals[i].retval_unpriv)
1010 expected_val = test->retvals[i].retval_unpriv;
1011 else
1012 expected_val = test->retvals[i].retval;
1013
1014 err = do_prog_test_run(fd_prog, unpriv, expected_val,
1015 test->retvals[i].data,
1016 sizeof(test->retvals[i].data));
1017 if (err) {
1018 printf("(run %d/%d) ", i + 1, test->runs);
1019 run_errs++;
1020 } else {
1021 run_successes++;
1022 }
1023 }
1024 }
1025
1026 if (!run_errs) {
1027 (*passes)++;
1028 if (run_successes > 1)
1029 printf("%d cases ", run_successes);
1030 printf("OK");
1031 if (alignment_prevented_execution)
1032 printf(" (NOTE: not executed due to unknown alignment)");
1033 printf("\n");
1034 } else {
1035 printf("\n");
1036 goto fail_log;
1037 }
1038close_fds:
1039 if (test->fill_insns)
1040 free(test->fill_insns);
1041 close(fd_prog);
1042 for (i = 0; i < MAX_NR_MAPS; i++)
1043 close(map_fds[i]);
1044 sched_yield();
1045 return;
1046fail_log:
1047 (*errors)++;
1048 printf("%s", bpf_vlog);
1049 goto close_fds;
1050}
1051
1052static bool is_admin(void)
1053{
1054 cap_t caps;
1055 cap_flag_value_t sysadmin = CAP_CLEAR;
1056 const cap_value_t cap_val = CAP_SYS_ADMIN;
1057
1058#ifdef CAP_IS_SUPPORTED
1059 if (!CAP_IS_SUPPORTED(CAP_SETFCAP)) {
1060 perror("cap_get_flag");
1061 return false;
1062 }
1063#endif
1064 caps = cap_get_proc();
1065 if (!caps) {
1066 perror("cap_get_proc");
1067 return false;
1068 }
1069 if (cap_get_flag(caps, cap_val, CAP_EFFECTIVE, &sysadmin))
1070 perror("cap_get_flag");
1071 if (cap_free(caps))
1072 perror("cap_free");
1073 return (sysadmin == CAP_SET);
1074}
1075
1076static void get_unpriv_disabled()
1077{
1078 char buf[2];
1079 FILE *fd;
1080
1081 fd = fopen("/proc/sys/"UNPRIV_SYSCTL, "r");
1082 if (!fd) {
1083 perror("fopen /proc/sys/"UNPRIV_SYSCTL);
1084 unpriv_disabled = true;
1085 return;
1086 }
1087 if (fgets(buf, 2, fd) == buf && atoi(buf))
1088 unpriv_disabled = true;
1089 fclose(fd);
1090}
1091
1092static bool test_as_unpriv(struct bpf_test *test)
1093{
1094 return !test->prog_type ||
1095 test->prog_type == BPF_PROG_TYPE_SOCKET_FILTER ||
1096 test->prog_type == BPF_PROG_TYPE_CGROUP_SKB;
1097}
1098
1099static int do_test(bool unpriv, unsigned int from, unsigned int to)
1100{
1101 int i, passes = 0, errors = 0;
1102
1103 for (i = from; i < to; i++) {
1104 struct bpf_test *test = &tests[i];
1105
1106 /* Program types that are not supported by non-root we
1107 * skip right away.
1108 */
1109 if (test_as_unpriv(test) && unpriv_disabled) {
1110 printf("#%d/u %s SKIP\n", i, test->descr);
1111 skips++;
1112 } else if (test_as_unpriv(test)) {
1113 if (!unpriv)
1114 set_admin(false);
1115 printf("#%d/u %s ", i, test->descr);
1116 do_test_single(test, true, &passes, &errors);
1117 if (!unpriv)
1118 set_admin(true);
1119 }
1120
1121 if (unpriv) {
1122 printf("#%d/p %s SKIP\n", i, test->descr);
1123 skips++;
1124 } else {
1125 printf("#%d/p %s ", i, test->descr);
1126 do_test_single(test, false, &passes, &errors);
1127 }
1128 }
1129
1130 printf("Summary: %d PASSED, %d SKIPPED, %d FAILED\n", passes,
1131 skips, errors);
1132 return errors ? EXIT_FAILURE : EXIT_SUCCESS;
1133}
1134
1135int main(int argc, char **argv)
1136{
1137 unsigned int from = 0, to = ARRAY_SIZE(tests);
1138 bool unpriv = !is_admin();
1139 int arg = 1;
1140
1141 if (argc > 1 && strcmp(argv[1], "-v") == 0) {
1142 arg++;
1143 verbose = true;
1144 argc--;
1145 }
1146
1147 if (argc == 3) {
1148 unsigned int l = atoi(argv[arg]);
1149 unsigned int u = atoi(argv[arg + 1]);
1150
1151 if (l < to && u < to) {
1152 from = l;
1153 to = u + 1;
1154 }
1155 } else if (argc == 2) {
1156 unsigned int t = atoi(argv[arg]);
1157
1158 if (t < to) {
1159 from = t;
1160 to = t + 1;
1161 }
1162 }
1163
1164 get_unpriv_disabled();
1165 if (unpriv && unpriv_disabled) {
1166 printf("Cannot run as unprivileged user with sysctl %s.\n",
1167 UNPRIV_SYSCTL);
1168 return EXIT_FAILURE;
1169 }
1170
1171 bpf_semi_rand_init();
1172 return do_test(unpriv, from, to);
1173}