Loading...
1// SPDX-License-Identifier: GPL-2.0
2/* Copyright (c) 2021 Facebook */
3#include <vmlinux.h>
4#include <bpf/bpf_helpers.h>
5#include "../bpf_testmod/bpf_testmod_kfunc.h"
6
7struct syscall_test_args {
8 __u8 data[16];
9 size_t size;
10};
11
12SEC("?syscall")
13int kfunc_syscall_test_fail(struct syscall_test_args *args)
14{
15 bpf_kfunc_call_test_mem_len_pass1(&args->data, sizeof(*args) + 1);
16
17 return 0;
18}
19
20SEC("?syscall")
21int kfunc_syscall_test_null_fail(struct syscall_test_args *args)
22{
23 /* Must be called with args as a NULL pointer
24 * we do not check for it to have the verifier consider that
25 * the pointer might not be null, and so we can load it.
26 *
27 * So the following can not be added:
28 *
29 * if (args)
30 * return -22;
31 */
32
33 bpf_kfunc_call_test_mem_len_pass1(args, sizeof(*args));
34
35 return 0;
36}
37
38SEC("?tc")
39int kfunc_call_test_get_mem_fail_rdonly(struct __sk_buff *skb)
40{
41 struct prog_test_ref_kfunc *pt;
42 unsigned long s = 0;
43 int *p = NULL;
44 int ret = 0;
45
46 pt = bpf_kfunc_call_test_acquire(&s);
47 if (pt) {
48 p = bpf_kfunc_call_test_get_rdonly_mem(pt, 2 * sizeof(int));
49 if (p)
50 p[0] = 42; /* this is a read-only buffer, so -EACCES */
51 else
52 ret = -1;
53
54 bpf_kfunc_call_test_release(pt);
55 }
56 return ret;
57}
58
59SEC("?tc")
60int kfunc_call_test_get_mem_fail_use_after_free(struct __sk_buff *skb)
61{
62 struct prog_test_ref_kfunc *pt;
63 unsigned long s = 0;
64 int *p = NULL;
65 int ret = 0;
66
67 pt = bpf_kfunc_call_test_acquire(&s);
68 if (pt) {
69 p = bpf_kfunc_call_test_get_rdwr_mem(pt, 2 * sizeof(int));
70 if (p) {
71 p[0] = 42;
72 ret = p[1]; /* 108 */
73 } else {
74 ret = -1;
75 }
76
77 bpf_kfunc_call_test_release(pt);
78 }
79 if (p)
80 ret = p[0]; /* p is not valid anymore */
81
82 return ret;
83}
84
85SEC("?tc")
86int kfunc_call_test_get_mem_fail_oob(struct __sk_buff *skb)
87{
88 struct prog_test_ref_kfunc *pt;
89 unsigned long s = 0;
90 int *p = NULL;
91 int ret = 0;
92
93 pt = bpf_kfunc_call_test_acquire(&s);
94 if (pt) {
95 p = bpf_kfunc_call_test_get_rdonly_mem(pt, 2 * sizeof(int));
96 if (p)
97 ret = p[2 * sizeof(int)]; /* oob access, so -EACCES */
98 else
99 ret = -1;
100
101 bpf_kfunc_call_test_release(pt);
102 }
103 return ret;
104}
105
106int not_const_size = 2 * sizeof(int);
107
108SEC("?tc")
109int kfunc_call_test_get_mem_fail_not_const(struct __sk_buff *skb)
110{
111 struct prog_test_ref_kfunc *pt;
112 unsigned long s = 0;
113 int *p = NULL;
114 int ret = 0;
115
116 pt = bpf_kfunc_call_test_acquire(&s);
117 if (pt) {
118 p = bpf_kfunc_call_test_get_rdonly_mem(pt, not_const_size); /* non const size, -EINVAL */
119 if (p)
120 ret = p[0];
121 else
122 ret = -1;
123
124 bpf_kfunc_call_test_release(pt);
125 }
126 return ret;
127}
128
129SEC("?tc")
130int kfunc_call_test_mem_acquire_fail(struct __sk_buff *skb)
131{
132 struct prog_test_ref_kfunc *pt;
133 unsigned long s = 0;
134 int *p = NULL;
135 int ret = 0;
136
137 pt = bpf_kfunc_call_test_acquire(&s);
138 if (pt) {
139 /* we are failing on this one, because we are not acquiring a PTR_TO_BTF_ID (a struct ptr) */
140 p = bpf_kfunc_call_test_acq_rdonly_mem(pt, 2 * sizeof(int));
141 if (p)
142 ret = p[0];
143 else
144 ret = -1;
145
146 bpf_kfunc_call_int_mem_release(p);
147
148 bpf_kfunc_call_test_release(pt);
149 }
150 return ret;
151}
152
153SEC("?tc")
154int kfunc_call_test_pointer_arg_type_mismatch(struct __sk_buff *skb)
155{
156 bpf_kfunc_call_test_pass_ctx((void *)10);
157 return 0;
158}
159
160char _license[] SEC("license") = "GPL";
1// SPDX-License-Identifier: GPL-2.0
2/* Copyright (c) 2021 Facebook */
3#include <vmlinux.h>
4#include <bpf/bpf_helpers.h>
5
6extern struct prog_test_ref_kfunc *bpf_kfunc_call_test_acquire(unsigned long *sp) __ksym;
7extern void bpf_kfunc_call_test_release(struct prog_test_ref_kfunc *p) __ksym;
8extern void bpf_kfunc_call_test_mem_len_pass1(void *mem, int len) __ksym;
9extern int *bpf_kfunc_call_test_get_rdwr_mem(struct prog_test_ref_kfunc *p, const int rdwr_buf_size) __ksym;
10extern int *bpf_kfunc_call_test_get_rdonly_mem(struct prog_test_ref_kfunc *p, const int rdonly_buf_size) __ksym;
11extern int *bpf_kfunc_call_test_acq_rdonly_mem(struct prog_test_ref_kfunc *p, const int rdonly_buf_size) __ksym;
12extern void bpf_kfunc_call_int_mem_release(int *p) __ksym;
13
14struct syscall_test_args {
15 __u8 data[16];
16 size_t size;
17};
18
19SEC("?syscall")
20int kfunc_syscall_test_fail(struct syscall_test_args *args)
21{
22 bpf_kfunc_call_test_mem_len_pass1(&args->data, sizeof(*args) + 1);
23
24 return 0;
25}
26
27SEC("?syscall")
28int kfunc_syscall_test_null_fail(struct syscall_test_args *args)
29{
30 /* Must be called with args as a NULL pointer
31 * we do not check for it to have the verifier consider that
32 * the pointer might not be null, and so we can load it.
33 *
34 * So the following can not be added:
35 *
36 * if (args)
37 * return -22;
38 */
39
40 bpf_kfunc_call_test_mem_len_pass1(args, sizeof(*args));
41
42 return 0;
43}
44
45SEC("?tc")
46int kfunc_call_test_get_mem_fail_rdonly(struct __sk_buff *skb)
47{
48 struct prog_test_ref_kfunc *pt;
49 unsigned long s = 0;
50 int *p = NULL;
51 int ret = 0;
52
53 pt = bpf_kfunc_call_test_acquire(&s);
54 if (pt) {
55 p = bpf_kfunc_call_test_get_rdonly_mem(pt, 2 * sizeof(int));
56 if (p)
57 p[0] = 42; /* this is a read-only buffer, so -EACCES */
58 else
59 ret = -1;
60
61 bpf_kfunc_call_test_release(pt);
62 }
63 return ret;
64}
65
66SEC("?tc")
67int kfunc_call_test_get_mem_fail_use_after_free(struct __sk_buff *skb)
68{
69 struct prog_test_ref_kfunc *pt;
70 unsigned long s = 0;
71 int *p = NULL;
72 int ret = 0;
73
74 pt = bpf_kfunc_call_test_acquire(&s);
75 if (pt) {
76 p = bpf_kfunc_call_test_get_rdwr_mem(pt, 2 * sizeof(int));
77 if (p) {
78 p[0] = 42;
79 ret = p[1]; /* 108 */
80 } else {
81 ret = -1;
82 }
83
84 bpf_kfunc_call_test_release(pt);
85 }
86 if (p)
87 ret = p[0]; /* p is not valid anymore */
88
89 return ret;
90}
91
92SEC("?tc")
93int kfunc_call_test_get_mem_fail_oob(struct __sk_buff *skb)
94{
95 struct prog_test_ref_kfunc *pt;
96 unsigned long s = 0;
97 int *p = NULL;
98 int ret = 0;
99
100 pt = bpf_kfunc_call_test_acquire(&s);
101 if (pt) {
102 p = bpf_kfunc_call_test_get_rdonly_mem(pt, 2 * sizeof(int));
103 if (p)
104 ret = p[2 * sizeof(int)]; /* oob access, so -EACCES */
105 else
106 ret = -1;
107
108 bpf_kfunc_call_test_release(pt);
109 }
110 return ret;
111}
112
113int not_const_size = 2 * sizeof(int);
114
115SEC("?tc")
116int kfunc_call_test_get_mem_fail_not_const(struct __sk_buff *skb)
117{
118 struct prog_test_ref_kfunc *pt;
119 unsigned long s = 0;
120 int *p = NULL;
121 int ret = 0;
122
123 pt = bpf_kfunc_call_test_acquire(&s);
124 if (pt) {
125 p = bpf_kfunc_call_test_get_rdonly_mem(pt, not_const_size); /* non const size, -EINVAL */
126 if (p)
127 ret = p[0];
128 else
129 ret = -1;
130
131 bpf_kfunc_call_test_release(pt);
132 }
133 return ret;
134}
135
136SEC("?tc")
137int kfunc_call_test_mem_acquire_fail(struct __sk_buff *skb)
138{
139 struct prog_test_ref_kfunc *pt;
140 unsigned long s = 0;
141 int *p = NULL;
142 int ret = 0;
143
144 pt = bpf_kfunc_call_test_acquire(&s);
145 if (pt) {
146 /* we are failing on this one, because we are not acquiring a PTR_TO_BTF_ID (a struct ptr) */
147 p = bpf_kfunc_call_test_acq_rdonly_mem(pt, 2 * sizeof(int));
148 if (p)
149 ret = p[0];
150 else
151 ret = -1;
152
153 bpf_kfunc_call_int_mem_release(p);
154
155 bpf_kfunc_call_test_release(pt);
156 }
157 return ret;
158}
159
160char _license[] SEC("license") = "GPL";