xref: /linux/tools/testing/selftests/bpf/bpf_testmod/bpf_testmod.c (revision fcc79e1714e8c2b8e216dc3149812edd37884eef)
1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright (c) 2020 Facebook */
3 #include <linux/bpf.h>
4 #include <linux/btf.h>
5 #include <linux/btf_ids.h>
6 #include <linux/delay.h>
7 #include <linux/error-injection.h>
8 #include <linux/init.h>
9 #include <linux/module.h>
10 #include <linux/percpu-defs.h>
11 #include <linux/sysfs.h>
12 #include <linux/tracepoint.h>
13 #include <linux/net.h>
14 #include <linux/socket.h>
15 #include <linux/nsproxy.h>
16 #include <linux/inet.h>
17 #include <linux/in.h>
18 #include <linux/in6.h>
19 #include <linux/un.h>
20 #include <linux/filter.h>
21 #include <net/sock.h>
22 #include <linux/namei.h>
23 #include "bpf_testmod.h"
24 #include "bpf_testmod_kfunc.h"
25 
26 #define CREATE_TRACE_POINTS
27 #include "bpf_testmod-events.h"
28 
29 #define CONNECT_TIMEOUT_SEC 1
30 
31 typedef int (*func_proto_typedef)(long);
32 typedef int (*func_proto_typedef_nested1)(func_proto_typedef);
33 typedef int (*func_proto_typedef_nested2)(func_proto_typedef_nested1);
34 
35 DEFINE_PER_CPU(int, bpf_testmod_ksym_percpu) = 123;
36 long bpf_testmod_test_struct_arg_result;
37 static DEFINE_MUTEX(sock_lock);
38 static struct socket *sock;
39 
40 struct bpf_testmod_struct_arg_1 {
41 	int a;
42 };
43 struct bpf_testmod_struct_arg_2 {
44 	long a;
45 	long b;
46 };
47 
48 struct bpf_testmod_struct_arg_3 {
49 	int a;
50 	int b[];
51 };
52 
53 struct bpf_testmod_struct_arg_4 {
54 	u64 a;
55 	int b;
56 };
57 
58 struct bpf_testmod_struct_arg_5 {
59 	char a;
60 	short b;
61 	int c;
62 	long d;
63 };
64 
65 __bpf_hook_start();
66 
67 noinline int
68 bpf_testmod_test_struct_arg_1(struct bpf_testmod_struct_arg_2 a, int b, int c) {
69 	bpf_testmod_test_struct_arg_result = a.a + a.b  + b + c;
70 	return bpf_testmod_test_struct_arg_result;
71 }
72 
73 noinline int
74 bpf_testmod_test_struct_arg_2(int a, struct bpf_testmod_struct_arg_2 b, int c) {
75 	bpf_testmod_test_struct_arg_result = a + b.a + b.b + c;
76 	return bpf_testmod_test_struct_arg_result;
77 }
78 
79 noinline int
80 bpf_testmod_test_struct_arg_3(int a, int b, struct bpf_testmod_struct_arg_2 c) {
81 	bpf_testmod_test_struct_arg_result = a + b + c.a + c.b;
82 	return bpf_testmod_test_struct_arg_result;
83 }
84 
85 noinline int
86 bpf_testmod_test_struct_arg_4(struct bpf_testmod_struct_arg_1 a, int b,
87 			      int c, int d, struct bpf_testmod_struct_arg_2 e) {
88 	bpf_testmod_test_struct_arg_result = a.a + b + c + d + e.a + e.b;
89 	return bpf_testmod_test_struct_arg_result;
90 }
91 
92 noinline int
93 bpf_testmod_test_struct_arg_5(void) {
94 	bpf_testmod_test_struct_arg_result = 1;
95 	return bpf_testmod_test_struct_arg_result;
96 }
97 
98 noinline int
99 bpf_testmod_test_struct_arg_6(struct bpf_testmod_struct_arg_3 *a) {
100 	bpf_testmod_test_struct_arg_result = a->b[0];
101 	return bpf_testmod_test_struct_arg_result;
102 }
103 
104 noinline int
105 bpf_testmod_test_struct_arg_7(u64 a, void *b, short c, int d, void *e,
106 			      struct bpf_testmod_struct_arg_4 f)
107 {
108 	bpf_testmod_test_struct_arg_result = a + (long)b + c + d +
109 		(long)e + f.a + f.b;
110 	return bpf_testmod_test_struct_arg_result;
111 }
112 
113 noinline int
114 bpf_testmod_test_struct_arg_8(u64 a, void *b, short c, int d, void *e,
115 			      struct bpf_testmod_struct_arg_4 f, int g)
116 {
117 	bpf_testmod_test_struct_arg_result = a + (long)b + c + d +
118 		(long)e + f.a + f.b + g;
119 	return bpf_testmod_test_struct_arg_result;
120 }
121 
122 noinline int
123 bpf_testmod_test_struct_arg_9(u64 a, void *b, short c, int d, void *e, char f,
124 			      short g, struct bpf_testmod_struct_arg_5 h, long i)
125 {
126 	bpf_testmod_test_struct_arg_result = a + (long)b + c + d + (long)e +
127 		f + g + h.a + h.b + h.c + h.d + i;
128 	return bpf_testmod_test_struct_arg_result;
129 }
130 
131 noinline int
132 bpf_testmod_test_arg_ptr_to_struct(struct bpf_testmod_struct_arg_1 *a) {
133 	bpf_testmod_test_struct_arg_result = a->a;
134 	return bpf_testmod_test_struct_arg_result;
135 }
136 
137 __bpf_kfunc void
138 bpf_testmod_test_mod_kfunc(int i)
139 {
140 	*(int *)this_cpu_ptr(&bpf_testmod_ksym_percpu) = i;
141 }
142 
143 __bpf_kfunc int bpf_iter_testmod_seq_new(struct bpf_iter_testmod_seq *it, s64 value, int cnt)
144 {
145 	it->cnt = cnt;
146 
147 	if (cnt < 0)
148 		return -EINVAL;
149 
150 	it->value = value;
151 
152 	return 0;
153 }
154 
155 __bpf_kfunc s64 *bpf_iter_testmod_seq_next(struct bpf_iter_testmod_seq* it)
156 {
157 	if (it->cnt <= 0)
158 		return NULL;
159 
160 	it->cnt--;
161 
162 	return &it->value;
163 }
164 
165 __bpf_kfunc s64 bpf_iter_testmod_seq_value(int val, struct bpf_iter_testmod_seq* it__iter)
166 {
167 	if (it__iter->cnt < 0)
168 		return 0;
169 
170 	return val + it__iter->value;
171 }
172 
173 __bpf_kfunc void bpf_iter_testmod_seq_destroy(struct bpf_iter_testmod_seq *it)
174 {
175 	it->cnt = 0;
176 }
177 
178 __bpf_kfunc void bpf_kfunc_common_test(void)
179 {
180 }
181 
182 __bpf_kfunc void bpf_kfunc_dynptr_test(struct bpf_dynptr *ptr,
183 				       struct bpf_dynptr *ptr__nullable)
184 {
185 }
186 
187 __bpf_kfunc struct sk_buff *bpf_kfunc_nested_acquire_nonzero_offset_test(struct sk_buff_head *ptr)
188 {
189 	return NULL;
190 }
191 
192 __bpf_kfunc struct sk_buff *bpf_kfunc_nested_acquire_zero_offset_test(struct sock_common *ptr)
193 {
194 	return NULL;
195 }
196 
197 __bpf_kfunc void bpf_kfunc_nested_release_test(struct sk_buff *ptr)
198 {
199 }
200 
201 __bpf_kfunc void bpf_kfunc_trusted_vma_test(struct vm_area_struct *ptr)
202 {
203 }
204 
205 __bpf_kfunc void bpf_kfunc_trusted_task_test(struct task_struct *ptr)
206 {
207 }
208 
209 __bpf_kfunc void bpf_kfunc_trusted_num_test(int *ptr)
210 {
211 }
212 
213 __bpf_kfunc void bpf_kfunc_rcu_task_test(struct task_struct *ptr)
214 {
215 }
216 
217 __bpf_kfunc struct bpf_testmod_ctx *
218 bpf_testmod_ctx_create(int *err)
219 {
220 	struct bpf_testmod_ctx *ctx;
221 
222 	ctx = kzalloc(sizeof(*ctx), GFP_ATOMIC);
223 	if (!ctx) {
224 		*err = -ENOMEM;
225 		return NULL;
226 	}
227 	refcount_set(&ctx->usage, 1);
228 
229 	return ctx;
230 }
231 
232 static void testmod_free_cb(struct rcu_head *head)
233 {
234 	struct bpf_testmod_ctx *ctx;
235 
236 	ctx = container_of(head, struct bpf_testmod_ctx, rcu);
237 	kfree(ctx);
238 }
239 
240 __bpf_kfunc void bpf_testmod_ctx_release(struct bpf_testmod_ctx *ctx)
241 {
242 	if (!ctx)
243 		return;
244 	if (refcount_dec_and_test(&ctx->usage))
245 		call_rcu(&ctx->rcu, testmod_free_cb);
246 }
247 
248 static struct bpf_testmod_ops3 *st_ops3;
249 
250 static int bpf_testmod_test_3(void)
251 {
252 	return 0;
253 }
254 
255 static int bpf_testmod_test_4(void)
256 {
257 	return 0;
258 }
259 
260 static struct bpf_testmod_ops3 __bpf_testmod_ops3 = {
261 	.test_1 = bpf_testmod_test_3,
262 	.test_2 = bpf_testmod_test_4,
263 };
264 
265 static void bpf_testmod_test_struct_ops3(void)
266 {
267 	if (st_ops3)
268 		st_ops3->test_1();
269 }
270 
271 __bpf_kfunc void bpf_testmod_ops3_call_test_1(void)
272 {
273 	st_ops3->test_1();
274 }
275 
276 __bpf_kfunc void bpf_testmod_ops3_call_test_2(void)
277 {
278 	st_ops3->test_2();
279 }
280 
281 struct bpf_testmod_btf_type_tag_1 {
282 	int a;
283 };
284 
285 struct bpf_testmod_btf_type_tag_2 {
286 	struct bpf_testmod_btf_type_tag_1 __user *p;
287 };
288 
289 struct bpf_testmod_btf_type_tag_3 {
290 	struct bpf_testmod_btf_type_tag_1 __percpu *p;
291 };
292 
293 noinline int
294 bpf_testmod_test_btf_type_tag_user_1(struct bpf_testmod_btf_type_tag_1 __user *arg) {
295 	BTF_TYPE_EMIT(func_proto_typedef);
296 	BTF_TYPE_EMIT(func_proto_typedef_nested1);
297 	BTF_TYPE_EMIT(func_proto_typedef_nested2);
298 	return arg->a;
299 }
300 
301 noinline int
302 bpf_testmod_test_btf_type_tag_user_2(struct bpf_testmod_btf_type_tag_2 *arg) {
303 	return arg->p->a;
304 }
305 
306 noinline int
307 bpf_testmod_test_btf_type_tag_percpu_1(struct bpf_testmod_btf_type_tag_1 __percpu *arg) {
308 	return arg->a;
309 }
310 
311 noinline int
312 bpf_testmod_test_btf_type_tag_percpu_2(struct bpf_testmod_btf_type_tag_3 *arg) {
313 	return arg->p->a;
314 }
315 
316 noinline int bpf_testmod_loop_test(int n)
317 {
318 	/* Make sum volatile, so smart compilers, such as clang, will not
319 	 * optimize the code by removing the loop.
320 	 */
321 	volatile int sum = 0;
322 	int i;
323 
324 	/* the primary goal of this test is to test LBR. Create a lot of
325 	 * branches in the function, so we can catch it easily.
326 	 */
327 	for (i = 0; i < n; i++)
328 		sum += i;
329 	return sum;
330 }
331 
332 __weak noinline struct file *bpf_testmod_return_ptr(int arg)
333 {
334 	static struct file f = {};
335 
336 	switch (arg) {
337 	case 1: return (void *)EINVAL;		/* user addr */
338 	case 2: return (void *)0xcafe4a11;	/* user addr */
339 	case 3: return (void *)-EINVAL;		/* canonical, but invalid */
340 	case 4: return (void *)(1ull << 60);	/* non-canonical and invalid */
341 	case 5: return (void *)~(1ull << 30);	/* trigger extable */
342 	case 6: return &f;			/* valid addr */
343 	case 7: return (void *)((long)&f | 1);	/* kernel tricks */
344 #ifdef CONFIG_X86_64
345 	case 8: return (void *)VSYSCALL_ADDR;   /* vsyscall page address */
346 #endif
347 	default: return NULL;
348 	}
349 }
350 
351 noinline int bpf_testmod_fentry_test1(int a)
352 {
353 	return a + 1;
354 }
355 
356 noinline int bpf_testmod_fentry_test2(int a, u64 b)
357 {
358 	return a + b;
359 }
360 
361 noinline int bpf_testmod_fentry_test3(char a, int b, u64 c)
362 {
363 	return a + b + c;
364 }
365 
366 noinline int bpf_testmod_fentry_test7(u64 a, void *b, short c, int d,
367 				      void *e, char f, int g)
368 {
369 	return a + (long)b + c + d + (long)e + f + g;
370 }
371 
372 noinline int bpf_testmod_fentry_test11(u64 a, void *b, short c, int d,
373 				       void *e, char f, int g,
374 				       unsigned int h, long i, __u64 j,
375 				       unsigned long k)
376 {
377 	return a + (long)b + c + d + (long)e + f + g + h + i + j + k;
378 }
379 
380 int bpf_testmod_fentry_ok;
381 
382 noinline ssize_t
383 bpf_testmod_test_read(struct file *file, struct kobject *kobj,
384 		      struct bin_attribute *bin_attr,
385 		      char *buf, loff_t off, size_t len)
386 {
387 	struct bpf_testmod_test_read_ctx ctx = {
388 		.buf = buf,
389 		.off = off,
390 		.len = len,
391 	};
392 	struct bpf_testmod_struct_arg_1 struct_arg1 = {10}, struct_arg1_2 = {-1};
393 	struct bpf_testmod_struct_arg_2 struct_arg2 = {2, 3};
394 	struct bpf_testmod_struct_arg_3 *struct_arg3;
395 	struct bpf_testmod_struct_arg_4 struct_arg4 = {21, 22};
396 	struct bpf_testmod_struct_arg_5 struct_arg5 = {23, 24, 25, 26};
397 	int i = 1;
398 
399 	while (bpf_testmod_return_ptr(i))
400 		i++;
401 
402 	(void)bpf_testmod_test_struct_arg_1(struct_arg2, 1, 4);
403 	(void)bpf_testmod_test_struct_arg_2(1, struct_arg2, 4);
404 	(void)bpf_testmod_test_struct_arg_3(1, 4, struct_arg2);
405 	(void)bpf_testmod_test_struct_arg_4(struct_arg1, 1, 2, 3, struct_arg2);
406 	(void)bpf_testmod_test_struct_arg_5();
407 	(void)bpf_testmod_test_struct_arg_7(16, (void *)17, 18, 19,
408 					    (void *)20, struct_arg4);
409 	(void)bpf_testmod_test_struct_arg_8(16, (void *)17, 18, 19,
410 					    (void *)20, struct_arg4, 23);
411 	(void)bpf_testmod_test_struct_arg_9(16, (void *)17, 18, 19, (void *)20,
412 					    21, 22, struct_arg5, 27);
413 
414 	(void)bpf_testmod_test_arg_ptr_to_struct(&struct_arg1_2);
415 
416 	(void)trace_bpf_testmod_test_raw_tp_null(NULL);
417 
418 	bpf_testmod_test_struct_ops3();
419 
420 	struct_arg3 = kmalloc((sizeof(struct bpf_testmod_struct_arg_3) +
421 				sizeof(int)), GFP_KERNEL);
422 	if (struct_arg3 != NULL) {
423 		struct_arg3->b[0] = 1;
424 		(void)bpf_testmod_test_struct_arg_6(struct_arg3);
425 		kfree(struct_arg3);
426 	}
427 
428 	/* This is always true. Use the check to make sure the compiler
429 	 * doesn't remove bpf_testmod_loop_test.
430 	 */
431 	if (bpf_testmod_loop_test(101) > 100)
432 		trace_bpf_testmod_test_read(current, &ctx);
433 
434 	trace_bpf_testmod_test_nullable_bare(NULL);
435 
436 	/* Magic number to enable writable tp */
437 	if (len == 64) {
438 		struct bpf_testmod_test_writable_ctx writable = {
439 			.val = 1024,
440 		};
441 		trace_bpf_testmod_test_writable_bare(&writable);
442 		if (writable.early_ret)
443 			return snprintf(buf, len, "%d\n", writable.val);
444 	}
445 
446 	if (bpf_testmod_fentry_test1(1) != 2 ||
447 	    bpf_testmod_fentry_test2(2, 3) != 5 ||
448 	    bpf_testmod_fentry_test3(4, 5, 6) != 15 ||
449 	    bpf_testmod_fentry_test7(16, (void *)17, 18, 19, (void *)20,
450 			21, 22) != 133 ||
451 	    bpf_testmod_fentry_test11(16, (void *)17, 18, 19, (void *)20,
452 			21, 22, 23, 24, 25, 26) != 231)
453 		goto out;
454 
455 	bpf_testmod_fentry_ok = 1;
456 out:
457 	return -EIO; /* always fail */
458 }
459 EXPORT_SYMBOL(bpf_testmod_test_read);
460 ALLOW_ERROR_INJECTION(bpf_testmod_test_read, ERRNO);
461 
462 noinline ssize_t
463 bpf_testmod_test_write(struct file *file, struct kobject *kobj,
464 		      struct bin_attribute *bin_attr,
465 		      char *buf, loff_t off, size_t len)
466 {
467 	struct bpf_testmod_test_write_ctx ctx = {
468 		.buf = buf,
469 		.off = off,
470 		.len = len,
471 	};
472 
473 	trace_bpf_testmod_test_write_bare(current, &ctx);
474 
475 	return -EIO; /* always fail */
476 }
477 EXPORT_SYMBOL(bpf_testmod_test_write);
478 ALLOW_ERROR_INJECTION(bpf_testmod_test_write, ERRNO);
479 
480 noinline int bpf_fentry_shadow_test(int a)
481 {
482 	return a + 2;
483 }
484 EXPORT_SYMBOL_GPL(bpf_fentry_shadow_test);
485 
486 __bpf_hook_end();
487 
488 static struct bin_attribute bin_attr_bpf_testmod_file __ro_after_init = {
489 	.attr = { .name = "bpf_testmod", .mode = 0666, },
490 	.read = bpf_testmod_test_read,
491 	.write = bpf_testmod_test_write,
492 };
493 
494 /* bpf_testmod_uprobe sysfs attribute is so far enabled for x86_64 only,
495  * please see test_uretprobe_regs_change test
496  */
497 #ifdef __x86_64__
498 
499 static int
500 uprobe_ret_handler(struct uprobe_consumer *self, unsigned long func,
501 		   struct pt_regs *regs, __u64 *data)
502 
503 {
504 	regs->ax  = 0x12345678deadbeef;
505 	regs->cx  = 0x87654321feebdaed;
506 	regs->r11 = (u64) -1;
507 	return true;
508 }
509 
510 struct testmod_uprobe {
511 	struct path path;
512 	struct uprobe *uprobe;
513 	struct uprobe_consumer consumer;
514 };
515 
516 static DEFINE_MUTEX(testmod_uprobe_mutex);
517 
518 static struct testmod_uprobe uprobe = {
519 	.consumer.ret_handler = uprobe_ret_handler,
520 };
521 
522 static int testmod_register_uprobe(loff_t offset)
523 {
524 	int err = -EBUSY;
525 
526 	if (uprobe.uprobe)
527 		return -EBUSY;
528 
529 	mutex_lock(&testmod_uprobe_mutex);
530 
531 	if (uprobe.uprobe)
532 		goto out;
533 
534 	err = kern_path("/proc/self/exe", LOOKUP_FOLLOW, &uprobe.path);
535 	if (err)
536 		goto out;
537 
538 	uprobe.uprobe = uprobe_register(d_real_inode(uprobe.path.dentry),
539 					offset, 0, &uprobe.consumer);
540 	if (IS_ERR(uprobe.uprobe)) {
541 		err = PTR_ERR(uprobe.uprobe);
542 		path_put(&uprobe.path);
543 		uprobe.uprobe = NULL;
544 	}
545 out:
546 	mutex_unlock(&testmod_uprobe_mutex);
547 	return err;
548 }
549 
550 static void testmod_unregister_uprobe(void)
551 {
552 	mutex_lock(&testmod_uprobe_mutex);
553 
554 	if (uprobe.uprobe) {
555 		uprobe_unregister_nosync(uprobe.uprobe, &uprobe.consumer);
556 		uprobe_unregister_sync();
557 		path_put(&uprobe.path);
558 		uprobe.uprobe = NULL;
559 	}
560 
561 	mutex_unlock(&testmod_uprobe_mutex);
562 }
563 
564 static ssize_t
565 bpf_testmod_uprobe_write(struct file *file, struct kobject *kobj,
566 			 struct bin_attribute *bin_attr,
567 			 char *buf, loff_t off, size_t len)
568 {
569 	unsigned long offset = 0;
570 	int err = 0;
571 
572 	if (kstrtoul(buf, 0, &offset))
573 		return -EINVAL;
574 
575 	if (offset)
576 		err = testmod_register_uprobe(offset);
577 	else
578 		testmod_unregister_uprobe();
579 
580 	return err ?: strlen(buf);
581 }
582 
583 static struct bin_attribute bin_attr_bpf_testmod_uprobe_file __ro_after_init = {
584 	.attr = { .name = "bpf_testmod_uprobe", .mode = 0666, },
585 	.write = bpf_testmod_uprobe_write,
586 };
587 
588 static int register_bpf_testmod_uprobe(void)
589 {
590 	return sysfs_create_bin_file(kernel_kobj, &bin_attr_bpf_testmod_uprobe_file);
591 }
592 
593 static void unregister_bpf_testmod_uprobe(void)
594 {
595 	testmod_unregister_uprobe();
596 	sysfs_remove_bin_file(kernel_kobj, &bin_attr_bpf_testmod_uprobe_file);
597 }
598 
599 #else
600 static int register_bpf_testmod_uprobe(void)
601 {
602 	return 0;
603 }
604 
605 static void unregister_bpf_testmod_uprobe(void) { }
606 #endif
607 
608 BTF_KFUNCS_START(bpf_testmod_common_kfunc_ids)
609 BTF_ID_FLAGS(func, bpf_iter_testmod_seq_new, KF_ITER_NEW)
610 BTF_ID_FLAGS(func, bpf_iter_testmod_seq_next, KF_ITER_NEXT | KF_RET_NULL)
611 BTF_ID_FLAGS(func, bpf_iter_testmod_seq_destroy, KF_ITER_DESTROY)
612 BTF_ID_FLAGS(func, bpf_iter_testmod_seq_value)
613 BTF_ID_FLAGS(func, bpf_kfunc_common_test)
614 BTF_ID_FLAGS(func, bpf_kfunc_dynptr_test)
615 BTF_ID_FLAGS(func, bpf_kfunc_nested_acquire_nonzero_offset_test, KF_ACQUIRE)
616 BTF_ID_FLAGS(func, bpf_kfunc_nested_acquire_zero_offset_test, KF_ACQUIRE)
617 BTF_ID_FLAGS(func, bpf_kfunc_nested_release_test, KF_RELEASE)
618 BTF_ID_FLAGS(func, bpf_kfunc_trusted_vma_test, KF_TRUSTED_ARGS)
619 BTF_ID_FLAGS(func, bpf_kfunc_trusted_task_test, KF_TRUSTED_ARGS)
620 BTF_ID_FLAGS(func, bpf_kfunc_trusted_num_test, KF_TRUSTED_ARGS)
621 BTF_ID_FLAGS(func, bpf_kfunc_rcu_task_test, KF_RCU)
622 BTF_ID_FLAGS(func, bpf_testmod_ctx_create, KF_ACQUIRE | KF_RET_NULL)
623 BTF_ID_FLAGS(func, bpf_testmod_ctx_release, KF_RELEASE)
624 BTF_ID_FLAGS(func, bpf_testmod_ops3_call_test_1)
625 BTF_ID_FLAGS(func, bpf_testmod_ops3_call_test_2)
626 BTF_KFUNCS_END(bpf_testmod_common_kfunc_ids)
627 
628 BTF_ID_LIST(bpf_testmod_dtor_ids)
629 BTF_ID(struct, bpf_testmod_ctx)
630 BTF_ID(func, bpf_testmod_ctx_release)
631 
632 static const struct btf_kfunc_id_set bpf_testmod_common_kfunc_set = {
633 	.owner = THIS_MODULE,
634 	.set   = &bpf_testmod_common_kfunc_ids,
635 };
636 
637 __bpf_kfunc u64 bpf_kfunc_call_test1(struct sock *sk, u32 a, u64 b, u32 c, u64 d)
638 {
639 	return a + b + c + d;
640 }
641 
642 __bpf_kfunc int bpf_kfunc_call_test2(struct sock *sk, u32 a, u32 b)
643 {
644 	return a + b;
645 }
646 
647 __bpf_kfunc struct sock *bpf_kfunc_call_test3(struct sock *sk)
648 {
649 	return sk;
650 }
651 
652 __bpf_kfunc long noinline bpf_kfunc_call_test4(signed char a, short b, int c, long d)
653 {
654 	/* Provoke the compiler to assume that the caller has sign-extended a,
655 	 * b and c on platforms where this is required (e.g. s390x).
656 	 */
657 	return (long)a + (long)b + (long)c + d;
658 }
659 
660 static struct prog_test_ref_kfunc prog_test_struct = {
661 	.a = 42,
662 	.b = 108,
663 	.next = &prog_test_struct,
664 	.cnt = REFCOUNT_INIT(1),
665 };
666 
667 __bpf_kfunc struct prog_test_ref_kfunc *
668 bpf_kfunc_call_test_acquire(unsigned long *scalar_ptr)
669 {
670 	refcount_inc(&prog_test_struct.cnt);
671 	return &prog_test_struct;
672 }
673 
674 __bpf_kfunc void bpf_kfunc_call_test_offset(struct prog_test_ref_kfunc *p)
675 {
676 	WARN_ON_ONCE(1);
677 }
678 
679 __bpf_kfunc struct prog_test_member *
680 bpf_kfunc_call_memb_acquire(void)
681 {
682 	WARN_ON_ONCE(1);
683 	return NULL;
684 }
685 
686 __bpf_kfunc void bpf_kfunc_call_memb1_release(struct prog_test_member1 *p)
687 {
688 	WARN_ON_ONCE(1);
689 }
690 
691 static int *__bpf_kfunc_call_test_get_mem(struct prog_test_ref_kfunc *p, const int size)
692 {
693 	if (size > 2 * sizeof(int))
694 		return NULL;
695 
696 	return (int *)p;
697 }
698 
699 __bpf_kfunc int *bpf_kfunc_call_test_get_rdwr_mem(struct prog_test_ref_kfunc *p,
700 						  const int rdwr_buf_size)
701 {
702 	return __bpf_kfunc_call_test_get_mem(p, rdwr_buf_size);
703 }
704 
705 __bpf_kfunc int *bpf_kfunc_call_test_get_rdonly_mem(struct prog_test_ref_kfunc *p,
706 						    const int rdonly_buf_size)
707 {
708 	return __bpf_kfunc_call_test_get_mem(p, rdonly_buf_size);
709 }
710 
711 /* the next 2 ones can't be really used for testing expect to ensure
712  * that the verifier rejects the call.
713  * Acquire functions must return struct pointers, so these ones are
714  * failing.
715  */
716 __bpf_kfunc int *bpf_kfunc_call_test_acq_rdonly_mem(struct prog_test_ref_kfunc *p,
717 						    const int rdonly_buf_size)
718 {
719 	return __bpf_kfunc_call_test_get_mem(p, rdonly_buf_size);
720 }
721 
722 __bpf_kfunc void bpf_kfunc_call_int_mem_release(int *p)
723 {
724 }
725 
726 __bpf_kfunc void bpf_kfunc_call_test_pass_ctx(struct __sk_buff *skb)
727 {
728 }
729 
730 __bpf_kfunc void bpf_kfunc_call_test_pass1(struct prog_test_pass1 *p)
731 {
732 }
733 
734 __bpf_kfunc void bpf_kfunc_call_test_pass2(struct prog_test_pass2 *p)
735 {
736 }
737 
738 __bpf_kfunc void bpf_kfunc_call_test_fail1(struct prog_test_fail1 *p)
739 {
740 }
741 
742 __bpf_kfunc void bpf_kfunc_call_test_fail2(struct prog_test_fail2 *p)
743 {
744 }
745 
746 __bpf_kfunc void bpf_kfunc_call_test_fail3(struct prog_test_fail3 *p)
747 {
748 }
749 
750 __bpf_kfunc void bpf_kfunc_call_test_mem_len_pass1(void *mem, int mem__sz)
751 {
752 }
753 
754 __bpf_kfunc void bpf_kfunc_call_test_mem_len_fail1(void *mem, int len)
755 {
756 }
757 
758 __bpf_kfunc void bpf_kfunc_call_test_mem_len_fail2(u64 *mem, int len)
759 {
760 }
761 
762 __bpf_kfunc void bpf_kfunc_call_test_ref(struct prog_test_ref_kfunc *p)
763 {
764 	/* p != NULL, but p->cnt could be 0 */
765 }
766 
767 __bpf_kfunc void bpf_kfunc_call_test_destructive(void)
768 {
769 }
770 
771 __bpf_kfunc static u32 bpf_kfunc_call_test_static_unused_arg(u32 arg, u32 unused)
772 {
773 	return arg;
774 }
775 
776 __bpf_kfunc void bpf_kfunc_call_test_sleepable(void)
777 {
778 }
779 
780 __bpf_kfunc int bpf_kfunc_init_sock(struct init_sock_args *args)
781 {
782 	int proto;
783 	int err;
784 
785 	mutex_lock(&sock_lock);
786 
787 	if (sock) {
788 		pr_err("%s called without releasing old sock", __func__);
789 		err = -EPERM;
790 		goto out;
791 	}
792 
793 	switch (args->af) {
794 	case AF_INET:
795 	case AF_INET6:
796 		proto = args->type == SOCK_STREAM ? IPPROTO_TCP : IPPROTO_UDP;
797 		break;
798 	case AF_UNIX:
799 		proto = PF_UNIX;
800 		break;
801 	default:
802 		pr_err("invalid address family %d\n", args->af);
803 		err = -EINVAL;
804 		goto out;
805 	}
806 
807 	err = sock_create_kern(current->nsproxy->net_ns, args->af, args->type,
808 			       proto, &sock);
809 
810 	if (!err)
811 		/* Set timeout for call to kernel_connect() to prevent it from hanging,
812 		 * and consider the connection attempt failed if it returns
813 		 * -EINPROGRESS.
814 		 */
815 		sock->sk->sk_sndtimeo = CONNECT_TIMEOUT_SEC * HZ;
816 out:
817 	mutex_unlock(&sock_lock);
818 
819 	return err;
820 }
821 
822 __bpf_kfunc void bpf_kfunc_close_sock(void)
823 {
824 	mutex_lock(&sock_lock);
825 
826 	if (sock) {
827 		sock_release(sock);
828 		sock = NULL;
829 	}
830 
831 	mutex_unlock(&sock_lock);
832 }
833 
834 __bpf_kfunc int bpf_kfunc_call_kernel_connect(struct addr_args *args)
835 {
836 	int err;
837 
838 	if (args->addrlen > sizeof(args->addr))
839 		return -EINVAL;
840 
841 	mutex_lock(&sock_lock);
842 
843 	if (!sock) {
844 		pr_err("%s called without initializing sock", __func__);
845 		err = -EPERM;
846 		goto out;
847 	}
848 
849 	err = kernel_connect(sock, (struct sockaddr *)&args->addr,
850 			     args->addrlen, 0);
851 out:
852 	mutex_unlock(&sock_lock);
853 
854 	return err;
855 }
856 
857 __bpf_kfunc int bpf_kfunc_call_kernel_bind(struct addr_args *args)
858 {
859 	int err;
860 
861 	if (args->addrlen > sizeof(args->addr))
862 		return -EINVAL;
863 
864 	mutex_lock(&sock_lock);
865 
866 	if (!sock) {
867 		pr_err("%s called without initializing sock", __func__);
868 		err = -EPERM;
869 		goto out;
870 	}
871 
872 	err = kernel_bind(sock, (struct sockaddr *)&args->addr, args->addrlen);
873 out:
874 	mutex_unlock(&sock_lock);
875 
876 	return err;
877 }
878 
879 __bpf_kfunc int bpf_kfunc_call_kernel_listen(void)
880 {
881 	int err;
882 
883 	mutex_lock(&sock_lock);
884 
885 	if (!sock) {
886 		pr_err("%s called without initializing sock", __func__);
887 		err = -EPERM;
888 		goto out;
889 	}
890 
891 	err = kernel_listen(sock, 128);
892 out:
893 	mutex_unlock(&sock_lock);
894 
895 	return err;
896 }
897 
898 __bpf_kfunc int bpf_kfunc_call_kernel_sendmsg(struct sendmsg_args *args)
899 {
900 	struct msghdr msg = {
901 		.msg_name	= &args->addr.addr,
902 		.msg_namelen	= args->addr.addrlen,
903 	};
904 	struct kvec iov;
905 	int err;
906 
907 	if (args->addr.addrlen > sizeof(args->addr.addr) ||
908 	    args->msglen > sizeof(args->msg))
909 		return -EINVAL;
910 
911 	iov.iov_base = args->msg;
912 	iov.iov_len  = args->msglen;
913 
914 	mutex_lock(&sock_lock);
915 
916 	if (!sock) {
917 		pr_err("%s called without initializing sock", __func__);
918 		err = -EPERM;
919 		goto out;
920 	}
921 
922 	err = kernel_sendmsg(sock, &msg, &iov, 1, args->msglen);
923 	args->addr.addrlen = msg.msg_namelen;
924 out:
925 	mutex_unlock(&sock_lock);
926 
927 	return err;
928 }
929 
930 __bpf_kfunc int bpf_kfunc_call_sock_sendmsg(struct sendmsg_args *args)
931 {
932 	struct msghdr msg = {
933 		.msg_name	= &args->addr.addr,
934 		.msg_namelen	= args->addr.addrlen,
935 	};
936 	struct kvec iov;
937 	int err;
938 
939 	if (args->addr.addrlen > sizeof(args->addr.addr) ||
940 	    args->msglen > sizeof(args->msg))
941 		return -EINVAL;
942 
943 	iov.iov_base = args->msg;
944 	iov.iov_len  = args->msglen;
945 
946 	iov_iter_kvec(&msg.msg_iter, ITER_SOURCE, &iov, 1, args->msglen);
947 	mutex_lock(&sock_lock);
948 
949 	if (!sock) {
950 		pr_err("%s called without initializing sock", __func__);
951 		err = -EPERM;
952 		goto out;
953 	}
954 
955 	err = sock_sendmsg(sock, &msg);
956 	args->addr.addrlen = msg.msg_namelen;
957 out:
958 	mutex_unlock(&sock_lock);
959 
960 	return err;
961 }
962 
963 __bpf_kfunc int bpf_kfunc_call_kernel_getsockname(struct addr_args *args)
964 {
965 	int err;
966 
967 	mutex_lock(&sock_lock);
968 
969 	if (!sock) {
970 		pr_err("%s called without initializing sock", __func__);
971 		err = -EPERM;
972 		goto out;
973 	}
974 
975 	err = kernel_getsockname(sock, (struct sockaddr *)&args->addr);
976 	if (err < 0)
977 		goto out;
978 
979 	args->addrlen = err;
980 	err = 0;
981 out:
982 	mutex_unlock(&sock_lock);
983 
984 	return err;
985 }
986 
987 __bpf_kfunc int bpf_kfunc_call_kernel_getpeername(struct addr_args *args)
988 {
989 	int err;
990 
991 	mutex_lock(&sock_lock);
992 
993 	if (!sock) {
994 		pr_err("%s called without initializing sock", __func__);
995 		err = -EPERM;
996 		goto out;
997 	}
998 
999 	err = kernel_getpeername(sock, (struct sockaddr *)&args->addr);
1000 	if (err < 0)
1001 		goto out;
1002 
1003 	args->addrlen = err;
1004 	err = 0;
1005 out:
1006 	mutex_unlock(&sock_lock);
1007 
1008 	return err;
1009 }
1010 
1011 static DEFINE_MUTEX(st_ops_mutex);
1012 static struct bpf_testmod_st_ops *st_ops;
1013 
1014 __bpf_kfunc int bpf_kfunc_st_ops_test_prologue(struct st_ops_args *args)
1015 {
1016 	int ret = -1;
1017 
1018 	mutex_lock(&st_ops_mutex);
1019 	if (st_ops && st_ops->test_prologue)
1020 		ret = st_ops->test_prologue(args);
1021 	mutex_unlock(&st_ops_mutex);
1022 
1023 	return ret;
1024 }
1025 
1026 __bpf_kfunc int bpf_kfunc_st_ops_test_epilogue(struct st_ops_args *args)
1027 {
1028 	int ret = -1;
1029 
1030 	mutex_lock(&st_ops_mutex);
1031 	if (st_ops && st_ops->test_epilogue)
1032 		ret = st_ops->test_epilogue(args);
1033 	mutex_unlock(&st_ops_mutex);
1034 
1035 	return ret;
1036 }
1037 
1038 __bpf_kfunc int bpf_kfunc_st_ops_test_pro_epilogue(struct st_ops_args *args)
1039 {
1040 	int ret = -1;
1041 
1042 	mutex_lock(&st_ops_mutex);
1043 	if (st_ops && st_ops->test_pro_epilogue)
1044 		ret = st_ops->test_pro_epilogue(args);
1045 	mutex_unlock(&st_ops_mutex);
1046 
1047 	return ret;
1048 }
1049 
1050 __bpf_kfunc int bpf_kfunc_st_ops_inc10(struct st_ops_args *args)
1051 {
1052 	args->a += 10;
1053 	return args->a;
1054 }
1055 
1056 BTF_KFUNCS_START(bpf_testmod_check_kfunc_ids)
1057 BTF_ID_FLAGS(func, bpf_testmod_test_mod_kfunc)
1058 BTF_ID_FLAGS(func, bpf_kfunc_call_test1)
1059 BTF_ID_FLAGS(func, bpf_kfunc_call_test2)
1060 BTF_ID_FLAGS(func, bpf_kfunc_call_test3)
1061 BTF_ID_FLAGS(func, bpf_kfunc_call_test4)
1062 BTF_ID_FLAGS(func, bpf_kfunc_call_test_mem_len_pass1)
1063 BTF_ID_FLAGS(func, bpf_kfunc_call_test_mem_len_fail1)
1064 BTF_ID_FLAGS(func, bpf_kfunc_call_test_mem_len_fail2)
1065 BTF_ID_FLAGS(func, bpf_kfunc_call_test_acquire, KF_ACQUIRE | KF_RET_NULL)
1066 BTF_ID_FLAGS(func, bpf_kfunc_call_memb_acquire, KF_ACQUIRE | KF_RET_NULL)
1067 BTF_ID_FLAGS(func, bpf_kfunc_call_memb1_release, KF_RELEASE)
1068 BTF_ID_FLAGS(func, bpf_kfunc_call_test_get_rdwr_mem, KF_RET_NULL)
1069 BTF_ID_FLAGS(func, bpf_kfunc_call_test_get_rdonly_mem, KF_RET_NULL)
1070 BTF_ID_FLAGS(func, bpf_kfunc_call_test_acq_rdonly_mem, KF_ACQUIRE | KF_RET_NULL)
1071 BTF_ID_FLAGS(func, bpf_kfunc_call_int_mem_release, KF_RELEASE)
1072 BTF_ID_FLAGS(func, bpf_kfunc_call_test_pass_ctx)
1073 BTF_ID_FLAGS(func, bpf_kfunc_call_test_pass1)
1074 BTF_ID_FLAGS(func, bpf_kfunc_call_test_pass2)
1075 BTF_ID_FLAGS(func, bpf_kfunc_call_test_fail1)
1076 BTF_ID_FLAGS(func, bpf_kfunc_call_test_fail2)
1077 BTF_ID_FLAGS(func, bpf_kfunc_call_test_fail3)
1078 BTF_ID_FLAGS(func, bpf_kfunc_call_test_ref, KF_TRUSTED_ARGS | KF_RCU)
1079 BTF_ID_FLAGS(func, bpf_kfunc_call_test_destructive, KF_DESTRUCTIVE)
1080 BTF_ID_FLAGS(func, bpf_kfunc_call_test_static_unused_arg)
1081 BTF_ID_FLAGS(func, bpf_kfunc_call_test_offset)
1082 BTF_ID_FLAGS(func, bpf_kfunc_call_test_sleepable, KF_SLEEPABLE)
1083 BTF_ID_FLAGS(func, bpf_kfunc_init_sock, KF_SLEEPABLE)
1084 BTF_ID_FLAGS(func, bpf_kfunc_close_sock, KF_SLEEPABLE)
1085 BTF_ID_FLAGS(func, bpf_kfunc_call_kernel_connect, KF_SLEEPABLE)
1086 BTF_ID_FLAGS(func, bpf_kfunc_call_kernel_bind, KF_SLEEPABLE)
1087 BTF_ID_FLAGS(func, bpf_kfunc_call_kernel_listen, KF_SLEEPABLE)
1088 BTF_ID_FLAGS(func, bpf_kfunc_call_kernel_sendmsg, KF_SLEEPABLE)
1089 BTF_ID_FLAGS(func, bpf_kfunc_call_sock_sendmsg, KF_SLEEPABLE)
1090 BTF_ID_FLAGS(func, bpf_kfunc_call_kernel_getsockname, KF_SLEEPABLE)
1091 BTF_ID_FLAGS(func, bpf_kfunc_call_kernel_getpeername, KF_SLEEPABLE)
1092 BTF_ID_FLAGS(func, bpf_kfunc_st_ops_test_prologue, KF_TRUSTED_ARGS | KF_SLEEPABLE)
1093 BTF_ID_FLAGS(func, bpf_kfunc_st_ops_test_epilogue, KF_TRUSTED_ARGS | KF_SLEEPABLE)
1094 BTF_ID_FLAGS(func, bpf_kfunc_st_ops_test_pro_epilogue, KF_TRUSTED_ARGS | KF_SLEEPABLE)
1095 BTF_ID_FLAGS(func, bpf_kfunc_st_ops_inc10, KF_TRUSTED_ARGS)
1096 BTF_KFUNCS_END(bpf_testmod_check_kfunc_ids)
1097 
1098 static int bpf_testmod_ops_init(struct btf *btf)
1099 {
1100 	return 0;
1101 }
1102 
1103 static bool bpf_testmod_ops_is_valid_access(int off, int size,
1104 					    enum bpf_access_type type,
1105 					    const struct bpf_prog *prog,
1106 					    struct bpf_insn_access_aux *info)
1107 {
1108 	return bpf_tracing_btf_ctx_access(off, size, type, prog, info);
1109 }
1110 
1111 static int bpf_testmod_ops_init_member(const struct btf_type *t,
1112 				       const struct btf_member *member,
1113 				       void *kdata, const void *udata)
1114 {
1115 	if (member->offset == offsetof(struct bpf_testmod_ops, data) * 8) {
1116 		/* For data fields, this function has to copy it and return
1117 		 * 1 to indicate that the data has been handled by the
1118 		 * struct_ops type, or the verifier will reject the map if
1119 		 * the value of the data field is not zero.
1120 		 */
1121 		((struct bpf_testmod_ops *)kdata)->data = ((struct bpf_testmod_ops *)udata)->data;
1122 		return 1;
1123 	}
1124 	return 0;
1125 }
1126 
1127 static const struct btf_kfunc_id_set bpf_testmod_kfunc_set = {
1128 	.owner = THIS_MODULE,
1129 	.set   = &bpf_testmod_check_kfunc_ids,
1130 };
1131 
1132 static const struct bpf_verifier_ops bpf_testmod_verifier_ops = {
1133 	.is_valid_access = bpf_testmod_ops_is_valid_access,
1134 };
1135 
1136 static const struct bpf_verifier_ops bpf_testmod_verifier_ops3 = {
1137 	.is_valid_access = bpf_testmod_ops_is_valid_access,
1138 };
1139 
1140 static int bpf_dummy_reg(void *kdata, struct bpf_link *link)
1141 {
1142 	struct bpf_testmod_ops *ops = kdata;
1143 
1144 	if (ops->test_1)
1145 		ops->test_1();
1146 	/* Some test cases (ex. struct_ops_maybe_null) may not have test_2
1147 	 * initialized, so we need to check for NULL.
1148 	 */
1149 	if (ops->test_2)
1150 		ops->test_2(4, ops->data);
1151 
1152 	return 0;
1153 }
1154 
1155 static void bpf_dummy_unreg(void *kdata, struct bpf_link *link)
1156 {
1157 }
1158 
1159 static int bpf_testmod_test_1(void)
1160 {
1161 	return 0;
1162 }
1163 
1164 static void bpf_testmod_test_2(int a, int b)
1165 {
1166 }
1167 
1168 static int bpf_testmod_tramp(int value)
1169 {
1170 	return 0;
1171 }
1172 
1173 static int bpf_testmod_ops__test_maybe_null(int dummy,
1174 					    struct task_struct *task__nullable)
1175 {
1176 	return 0;
1177 }
1178 
1179 static struct bpf_testmod_ops __bpf_testmod_ops = {
1180 	.test_1 = bpf_testmod_test_1,
1181 	.test_2 = bpf_testmod_test_2,
1182 	.test_maybe_null = bpf_testmod_ops__test_maybe_null,
1183 };
1184 
1185 struct bpf_struct_ops bpf_bpf_testmod_ops = {
1186 	.verifier_ops = &bpf_testmod_verifier_ops,
1187 	.init = bpf_testmod_ops_init,
1188 	.init_member = bpf_testmod_ops_init_member,
1189 	.reg = bpf_dummy_reg,
1190 	.unreg = bpf_dummy_unreg,
1191 	.cfi_stubs = &__bpf_testmod_ops,
1192 	.name = "bpf_testmod_ops",
1193 	.owner = THIS_MODULE,
1194 };
1195 
1196 static int bpf_dummy_reg2(void *kdata, struct bpf_link *link)
1197 {
1198 	struct bpf_testmod_ops2 *ops = kdata;
1199 
1200 	ops->test_1();
1201 	return 0;
1202 }
1203 
1204 static struct bpf_testmod_ops2 __bpf_testmod_ops2 = {
1205 	.test_1 = bpf_testmod_test_1,
1206 };
1207 
1208 struct bpf_struct_ops bpf_testmod_ops2 = {
1209 	.verifier_ops = &bpf_testmod_verifier_ops,
1210 	.init = bpf_testmod_ops_init,
1211 	.init_member = bpf_testmod_ops_init_member,
1212 	.reg = bpf_dummy_reg2,
1213 	.unreg = bpf_dummy_unreg,
1214 	.cfi_stubs = &__bpf_testmod_ops2,
1215 	.name = "bpf_testmod_ops2",
1216 	.owner = THIS_MODULE,
1217 };
1218 
1219 static int st_ops3_reg(void *kdata, struct bpf_link *link)
1220 {
1221 	int err = 0;
1222 
1223 	mutex_lock(&st_ops_mutex);
1224 	if (st_ops3) {
1225 		pr_err("st_ops has already been registered\n");
1226 		err = -EEXIST;
1227 		goto unlock;
1228 	}
1229 	st_ops3 = kdata;
1230 
1231 unlock:
1232 	mutex_unlock(&st_ops_mutex);
1233 	return err;
1234 }
1235 
1236 static void st_ops3_unreg(void *kdata, struct bpf_link *link)
1237 {
1238 	mutex_lock(&st_ops_mutex);
1239 	st_ops3 = NULL;
1240 	mutex_unlock(&st_ops_mutex);
1241 }
1242 
1243 static void test_1_recursion_detected(struct bpf_prog *prog)
1244 {
1245 	struct bpf_prog_stats *stats;
1246 
1247 	stats = this_cpu_ptr(prog->stats);
1248 	printk("bpf_testmod: oh no, recursing into test_1, recursion_misses %llu",
1249 	       u64_stats_read(&stats->misses));
1250 }
1251 
1252 static int st_ops3_check_member(const struct btf_type *t,
1253 				const struct btf_member *member,
1254 				const struct bpf_prog *prog)
1255 {
1256 	u32 moff = __btf_member_bit_offset(t, member) / 8;
1257 
1258 	switch (moff) {
1259 	case offsetof(struct bpf_testmod_ops3, test_1):
1260 		prog->aux->priv_stack_requested = true;
1261 		prog->aux->recursion_detected = test_1_recursion_detected;
1262 		fallthrough;
1263 	default:
1264 		break;
1265 	}
1266 	return 0;
1267 }
1268 
1269 struct bpf_struct_ops bpf_testmod_ops3 = {
1270 	.verifier_ops = &bpf_testmod_verifier_ops3,
1271 	.init = bpf_testmod_ops_init,
1272 	.init_member = bpf_testmod_ops_init_member,
1273 	.reg = st_ops3_reg,
1274 	.unreg = st_ops3_unreg,
1275 	.check_member = st_ops3_check_member,
1276 	.cfi_stubs = &__bpf_testmod_ops3,
1277 	.name = "bpf_testmod_ops3",
1278 	.owner = THIS_MODULE,
1279 };
1280 
1281 static int bpf_test_mod_st_ops__test_prologue(struct st_ops_args *args)
1282 {
1283 	return 0;
1284 }
1285 
1286 static int bpf_test_mod_st_ops__test_epilogue(struct st_ops_args *args)
1287 {
1288 	return 0;
1289 }
1290 
1291 static int bpf_test_mod_st_ops__test_pro_epilogue(struct st_ops_args *args)
1292 {
1293 	return 0;
1294 }
1295 
1296 static int st_ops_gen_prologue(struct bpf_insn *insn_buf, bool direct_write,
1297 			       const struct bpf_prog *prog)
1298 {
1299 	struct bpf_insn *insn = insn_buf;
1300 
1301 	if (strcmp(prog->aux->attach_func_name, "test_prologue") &&
1302 	    strcmp(prog->aux->attach_func_name, "test_pro_epilogue"))
1303 		return 0;
1304 
1305 	/* r6 = r1[0]; // r6 will be "struct st_ops *args". r1 is "u64 *ctx".
1306 	 * r7 = r6->a;
1307 	 * r7 += 1000;
1308 	 * r6->a = r7;
1309 	 */
1310 	*insn++ = BPF_LDX_MEM(BPF_DW, BPF_REG_6, BPF_REG_1, 0);
1311 	*insn++ = BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_6, offsetof(struct st_ops_args, a));
1312 	*insn++ = BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, 1000);
1313 	*insn++ = BPF_STX_MEM(BPF_DW, BPF_REG_6, BPF_REG_7, offsetof(struct st_ops_args, a));
1314 	*insn++ = prog->insnsi[0];
1315 
1316 	return insn - insn_buf;
1317 }
1318 
1319 static int st_ops_gen_epilogue(struct bpf_insn *insn_buf, const struct bpf_prog *prog,
1320 			       s16 ctx_stack_off)
1321 {
1322 	struct bpf_insn *insn = insn_buf;
1323 
1324 	if (strcmp(prog->aux->attach_func_name, "test_epilogue") &&
1325 	    strcmp(prog->aux->attach_func_name, "test_pro_epilogue"))
1326 		return 0;
1327 
1328 	/* r1 = stack[ctx_stack_off]; // r1 will be "u64 *ctx"
1329 	 * r1 = r1[0]; // r1 will be "struct st_ops *args"
1330 	 * r6 = r1->a;
1331 	 * r6 += 10000;
1332 	 * r1->a = r6;
1333 	 * r0 = r6;
1334 	 * r0 *= 2;
1335 	 * BPF_EXIT;
1336 	 */
1337 	*insn++ = BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_FP, ctx_stack_off);
1338 	*insn++ = BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, 0);
1339 	*insn++ = BPF_LDX_MEM(BPF_DW, BPF_REG_6, BPF_REG_1, offsetof(struct st_ops_args, a));
1340 	*insn++ = BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, 10000);
1341 	*insn++ = BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_6, offsetof(struct st_ops_args, a));
1342 	*insn++ = BPF_MOV64_REG(BPF_REG_0, BPF_REG_6);
1343 	*insn++ = BPF_ALU64_IMM(BPF_MUL, BPF_REG_0, 2);
1344 	*insn++ = BPF_EXIT_INSN();
1345 
1346 	return insn - insn_buf;
1347 }
1348 
1349 static int st_ops_btf_struct_access(struct bpf_verifier_log *log,
1350 				    const struct bpf_reg_state *reg,
1351 				    int off, int size)
1352 {
1353 	if (off < 0 || off + size > sizeof(struct st_ops_args))
1354 		return -EACCES;
1355 	return 0;
1356 }
1357 
1358 static const struct bpf_verifier_ops st_ops_verifier_ops = {
1359 	.is_valid_access = bpf_testmod_ops_is_valid_access,
1360 	.btf_struct_access = st_ops_btf_struct_access,
1361 	.gen_prologue = st_ops_gen_prologue,
1362 	.gen_epilogue = st_ops_gen_epilogue,
1363 	.get_func_proto = bpf_base_func_proto,
1364 };
1365 
1366 static struct bpf_testmod_st_ops st_ops_cfi_stubs = {
1367 	.test_prologue = bpf_test_mod_st_ops__test_prologue,
1368 	.test_epilogue = bpf_test_mod_st_ops__test_epilogue,
1369 	.test_pro_epilogue = bpf_test_mod_st_ops__test_pro_epilogue,
1370 };
1371 
1372 static int st_ops_reg(void *kdata, struct bpf_link *link)
1373 {
1374 	int err = 0;
1375 
1376 	mutex_lock(&st_ops_mutex);
1377 	if (st_ops) {
1378 		pr_err("st_ops has already been registered\n");
1379 		err = -EEXIST;
1380 		goto unlock;
1381 	}
1382 	st_ops = kdata;
1383 
1384 unlock:
1385 	mutex_unlock(&st_ops_mutex);
1386 	return err;
1387 }
1388 
1389 static void st_ops_unreg(void *kdata, struct bpf_link *link)
1390 {
1391 	mutex_lock(&st_ops_mutex);
1392 	st_ops = NULL;
1393 	mutex_unlock(&st_ops_mutex);
1394 }
1395 
1396 static int st_ops_init(struct btf *btf)
1397 {
1398 	return 0;
1399 }
1400 
1401 static int st_ops_init_member(const struct btf_type *t,
1402 			      const struct btf_member *member,
1403 			      void *kdata, const void *udata)
1404 {
1405 	return 0;
1406 }
1407 
1408 static struct bpf_struct_ops testmod_st_ops = {
1409 	.verifier_ops = &st_ops_verifier_ops,
1410 	.init = st_ops_init,
1411 	.init_member = st_ops_init_member,
1412 	.reg = st_ops_reg,
1413 	.unreg = st_ops_unreg,
1414 	.cfi_stubs = &st_ops_cfi_stubs,
1415 	.name = "bpf_testmod_st_ops",
1416 	.owner = THIS_MODULE,
1417 };
1418 
1419 extern int bpf_fentry_test1(int a);
1420 
1421 static int bpf_testmod_init(void)
1422 {
1423 	const struct btf_id_dtor_kfunc bpf_testmod_dtors[] = {
1424 		{
1425 			.btf_id		= bpf_testmod_dtor_ids[0],
1426 			.kfunc_btf_id	= bpf_testmod_dtor_ids[1]
1427 		},
1428 	};
1429 	void **tramp;
1430 	int ret;
1431 
1432 	ret = register_btf_kfunc_id_set(BPF_PROG_TYPE_UNSPEC, &bpf_testmod_common_kfunc_set);
1433 	ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_SCHED_CLS, &bpf_testmod_kfunc_set);
1434 	ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_TRACING, &bpf_testmod_kfunc_set);
1435 	ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_SYSCALL, &bpf_testmod_kfunc_set);
1436 	ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_STRUCT_OPS, &bpf_testmod_kfunc_set);
1437 	ret = ret ?: register_bpf_struct_ops(&bpf_bpf_testmod_ops, bpf_testmod_ops);
1438 	ret = ret ?: register_bpf_struct_ops(&bpf_testmod_ops2, bpf_testmod_ops2);
1439 	ret = ret ?: register_bpf_struct_ops(&bpf_testmod_ops3, bpf_testmod_ops3);
1440 	ret = ret ?: register_bpf_struct_ops(&testmod_st_ops, bpf_testmod_st_ops);
1441 	ret = ret ?: register_btf_id_dtor_kfuncs(bpf_testmod_dtors,
1442 						 ARRAY_SIZE(bpf_testmod_dtors),
1443 						 THIS_MODULE);
1444 	if (ret < 0)
1445 		return ret;
1446 	if (bpf_fentry_test1(0) < 0)
1447 		return -EINVAL;
1448 	sock = NULL;
1449 	mutex_init(&sock_lock);
1450 	ret = sysfs_create_bin_file(kernel_kobj, &bin_attr_bpf_testmod_file);
1451 	if (ret < 0)
1452 		return ret;
1453 	ret = register_bpf_testmod_uprobe();
1454 	if (ret < 0)
1455 		return ret;
1456 
1457 	/* Ensure nothing is between tramp_1..tramp_40 */
1458 	BUILD_BUG_ON(offsetof(struct bpf_testmod_ops, tramp_1) + 40 * sizeof(long) !=
1459 		     offsetofend(struct bpf_testmod_ops, tramp_40));
1460 	tramp = (void **)&__bpf_testmod_ops.tramp_1;
1461 	while (tramp <= (void **)&__bpf_testmod_ops.tramp_40)
1462 		*tramp++ = bpf_testmod_tramp;
1463 
1464 	return 0;
1465 }
1466 
1467 static void bpf_testmod_exit(void)
1468 {
1469         /* Need to wait for all references to be dropped because
1470          * bpf_kfunc_call_test_release() which currently resides in kernel can
1471          * be called after bpf_testmod is unloaded. Once release function is
1472          * moved into the module this wait can be removed.
1473          */
1474 	while (refcount_read(&prog_test_struct.cnt) > 1)
1475 		msleep(20);
1476 
1477 	bpf_kfunc_close_sock();
1478 	sysfs_remove_bin_file(kernel_kobj, &bin_attr_bpf_testmod_file);
1479 	unregister_bpf_testmod_uprobe();
1480 }
1481 
1482 module_init(bpf_testmod_init);
1483 module_exit(bpf_testmod_exit);
1484 
1485 MODULE_AUTHOR("Andrii Nakryiko");
1486 MODULE_DESCRIPTION("BPF selftests module");
1487 MODULE_LICENSE("Dual BSD/GPL");
1488