1 // SPDX-License-Identifier: GPL-2.0 2 /* Copyright (c) 2022 Facebook */ 3 4 #include <string.h> 5 #include <stdbool.h> 6 #include <linux/bpf.h> 7 #include <bpf/bpf_helpers.h> 8 #include "bpf_misc.h" 9 #include "bpf_kfuncs.h" 10 #include "errno.h" 11 12 char _license[] SEC("license") = "GPL"; 13 14 int pid, err, val; 15 16 struct sample { 17 int pid; 18 int seq; 19 long value; 20 char comm[16]; 21 }; 22 23 struct { 24 __uint(type, BPF_MAP_TYPE_RINGBUF); 25 __uint(max_entries, 4096); 26 } ringbuf SEC(".maps"); 27 28 struct { 29 __uint(type, BPF_MAP_TYPE_ARRAY); 30 __uint(max_entries, 1); 31 __type(key, __u32); 32 __type(value, __u32); 33 } array_map SEC(".maps"); 34 35 SEC("?tp/syscalls/sys_enter_nanosleep") 36 int test_read_write(void *ctx) 37 { 38 char write_data[64] = "hello there, world!!"; 39 char read_data[64] = {}; 40 struct bpf_dynptr ptr; 41 int i; 42 43 if (bpf_get_current_pid_tgid() >> 32 != pid) 44 return 0; 45 46 bpf_ringbuf_reserve_dynptr(&ringbuf, sizeof(write_data), 0, &ptr); 47 48 /* Write data into the dynptr */ 49 err = bpf_dynptr_write(&ptr, 0, write_data, sizeof(write_data), 0); 50 51 /* Read the data that was written into the dynptr */ 52 err = err ?: bpf_dynptr_read(read_data, sizeof(read_data), &ptr, 0, 0); 53 54 /* Ensure the data we read matches the data we wrote */ 55 for (i = 0; i < sizeof(read_data); i++) { 56 if (read_data[i] != write_data[i]) { 57 err = 1; 58 break; 59 } 60 } 61 62 bpf_ringbuf_discard_dynptr(&ptr, 0); 63 return 0; 64 } 65 66 SEC("?tp/syscalls/sys_enter_nanosleep") 67 int test_dynptr_data(void *ctx) 68 { 69 __u32 key = 0, val = 235, *map_val; 70 struct bpf_dynptr ptr; 71 __u32 map_val_size; 72 void *data; 73 74 map_val_size = sizeof(*map_val); 75 76 if (bpf_get_current_pid_tgid() >> 32 != pid) 77 return 0; 78 79 bpf_map_update_elem(&array_map, &key, &val, 0); 80 81 map_val = bpf_map_lookup_elem(&array_map, &key); 82 if (!map_val) { 83 err = 1; 84 return 0; 85 } 86 87 bpf_dynptr_from_mem(map_val, map_val_size, 0, &ptr); 88 89 /* Try getting a data slice that is out of range */ 90 data = bpf_dynptr_data(&ptr, map_val_size + 1, 1); 91 if (data) { 92 err = 2; 93 return 0; 94 } 95 96 /* Try getting more bytes than available */ 97 data = bpf_dynptr_data(&ptr, 0, map_val_size + 1); 98 if (data) { 99 err = 3; 100 return 0; 101 } 102 103 data = bpf_dynptr_data(&ptr, 0, sizeof(__u32)); 104 if (!data) { 105 err = 4; 106 return 0; 107 } 108 109 *(__u32 *)data = 999; 110 111 err = bpf_probe_read_kernel(&val, sizeof(val), data); 112 if (err) 113 return 0; 114 115 if (val != *(int *)data) 116 err = 5; 117 118 return 0; 119 } 120 121 static int ringbuf_callback(__u32 index, void *data) 122 { 123 struct sample *sample; 124 125 struct bpf_dynptr *ptr = (struct bpf_dynptr *)data; 126 127 sample = bpf_dynptr_data(ptr, 0, sizeof(*sample)); 128 if (!sample) 129 err = 2; 130 else 131 sample->pid += index; 132 133 return 0; 134 } 135 136 SEC("?tp/syscalls/sys_enter_nanosleep") 137 int test_ringbuf(void *ctx) 138 { 139 struct bpf_dynptr ptr; 140 struct sample *sample; 141 142 if (bpf_get_current_pid_tgid() >> 32 != pid) 143 return 0; 144 145 val = 100; 146 147 /* check that you can reserve a dynamic size reservation */ 148 err = bpf_ringbuf_reserve_dynptr(&ringbuf, val, 0, &ptr); 149 150 sample = err ? NULL : bpf_dynptr_data(&ptr, 0, sizeof(*sample)); 151 if (!sample) { 152 err = 1; 153 goto done; 154 } 155 156 sample->pid = 10; 157 158 /* Can pass dynptr to callback functions */ 159 bpf_loop(10, ringbuf_callback, &ptr, 0); 160 161 if (sample->pid != 55) 162 err = 2; 163 164 done: 165 bpf_ringbuf_discard_dynptr(&ptr, 0); 166 return 0; 167 } 168 169 SEC("?cgroup_skb/egress") 170 int test_skb_readonly(struct __sk_buff *skb) 171 { 172 __u8 write_data[2] = {1, 2}; 173 struct bpf_dynptr ptr; 174 int ret; 175 176 if (bpf_dynptr_from_skb(skb, 0, &ptr)) { 177 err = 1; 178 return 1; 179 } 180 181 /* since cgroup skbs are read only, writes should fail */ 182 ret = bpf_dynptr_write(&ptr, 0, write_data, sizeof(write_data), 0); 183 if (ret != -EINVAL) { 184 err = 2; 185 return 1; 186 } 187 188 return 1; 189 } 190 191 SEC("?cgroup_skb/egress") 192 int test_dynptr_skb_data(struct __sk_buff *skb) 193 { 194 struct bpf_dynptr ptr; 195 __u64 *data; 196 197 if (bpf_dynptr_from_skb(skb, 0, &ptr)) { 198 err = 1; 199 return 1; 200 } 201 202 /* This should return NULL. Must use bpf_dynptr_slice API */ 203 data = bpf_dynptr_data(&ptr, 0, 1); 204 if (data) { 205 err = 2; 206 return 1; 207 } 208 209 return 1; 210 } 211 212 SEC("tp/syscalls/sys_enter_nanosleep") 213 int test_adjust(void *ctx) 214 { 215 struct bpf_dynptr ptr; 216 __u32 bytes = 64; 217 __u32 off = 10; 218 __u32 trim = 15; 219 220 if (bpf_get_current_pid_tgid() >> 32 != pid) 221 return 0; 222 223 err = bpf_ringbuf_reserve_dynptr(&ringbuf, bytes, 0, &ptr); 224 if (err) { 225 err = 1; 226 goto done; 227 } 228 229 if (bpf_dynptr_size(&ptr) != bytes) { 230 err = 2; 231 goto done; 232 } 233 234 /* Advance the dynptr by off */ 235 err = bpf_dynptr_adjust(&ptr, off, bpf_dynptr_size(&ptr)); 236 if (err) { 237 err = 3; 238 goto done; 239 } 240 241 if (bpf_dynptr_size(&ptr) != bytes - off) { 242 err = 4; 243 goto done; 244 } 245 246 /* Trim the dynptr */ 247 err = bpf_dynptr_adjust(&ptr, off, 15); 248 if (err) { 249 err = 5; 250 goto done; 251 } 252 253 /* Check that the size was adjusted correctly */ 254 if (bpf_dynptr_size(&ptr) != trim - off) { 255 err = 6; 256 goto done; 257 } 258 259 done: 260 bpf_ringbuf_discard_dynptr(&ptr, 0); 261 return 0; 262 } 263 264 SEC("tp/syscalls/sys_enter_nanosleep") 265 int test_adjust_err(void *ctx) 266 { 267 char write_data[45] = "hello there, world!!"; 268 struct bpf_dynptr ptr; 269 __u32 size = 64; 270 __u32 off = 20; 271 272 if (bpf_get_current_pid_tgid() >> 32 != pid) 273 return 0; 274 275 if (bpf_ringbuf_reserve_dynptr(&ringbuf, size, 0, &ptr)) { 276 err = 1; 277 goto done; 278 } 279 280 /* Check that start can't be greater than end */ 281 if (bpf_dynptr_adjust(&ptr, 5, 1) != -EINVAL) { 282 err = 2; 283 goto done; 284 } 285 286 /* Check that start can't be greater than size */ 287 if (bpf_dynptr_adjust(&ptr, size + 1, size + 1) != -ERANGE) { 288 err = 3; 289 goto done; 290 } 291 292 /* Check that end can't be greater than size */ 293 if (bpf_dynptr_adjust(&ptr, 0, size + 1) != -ERANGE) { 294 err = 4; 295 goto done; 296 } 297 298 if (bpf_dynptr_adjust(&ptr, off, size)) { 299 err = 5; 300 goto done; 301 } 302 303 /* Check that you can't write more bytes than available into the dynptr 304 * after you've adjusted it 305 */ 306 if (bpf_dynptr_write(&ptr, 0, &write_data, sizeof(write_data), 0) != -E2BIG) { 307 err = 6; 308 goto done; 309 } 310 311 /* Check that even after adjusting, submitting/discarding 312 * a ringbuf dynptr works 313 */ 314 bpf_ringbuf_submit_dynptr(&ptr, 0); 315 return 0; 316 317 done: 318 bpf_ringbuf_discard_dynptr(&ptr, 0); 319 return 0; 320 } 321 322 SEC("tp/syscalls/sys_enter_nanosleep") 323 int test_zero_size_dynptr(void *ctx) 324 { 325 char write_data = 'x', read_data; 326 struct bpf_dynptr ptr; 327 __u32 size = 64; 328 329 if (bpf_get_current_pid_tgid() >> 32 != pid) 330 return 0; 331 332 if (bpf_ringbuf_reserve_dynptr(&ringbuf, size, 0, &ptr)) { 333 err = 1; 334 goto done; 335 } 336 337 /* After this, the dynptr has a size of 0 */ 338 if (bpf_dynptr_adjust(&ptr, size, size)) { 339 err = 2; 340 goto done; 341 } 342 343 /* Test that reading + writing non-zero bytes is not ok */ 344 if (bpf_dynptr_read(&read_data, sizeof(read_data), &ptr, 0, 0) != -E2BIG) { 345 err = 3; 346 goto done; 347 } 348 349 if (bpf_dynptr_write(&ptr, 0, &write_data, sizeof(write_data), 0) != -E2BIG) { 350 err = 4; 351 goto done; 352 } 353 354 /* Test that reading + writing 0 bytes from a 0-size dynptr is ok */ 355 if (bpf_dynptr_read(&read_data, 0, &ptr, 0, 0)) { 356 err = 5; 357 goto done; 358 } 359 360 if (bpf_dynptr_write(&ptr, 0, &write_data, 0, 0)) { 361 err = 6; 362 goto done; 363 } 364 365 err = 0; 366 367 done: 368 bpf_ringbuf_discard_dynptr(&ptr, 0); 369 return 0; 370 } 371 372 SEC("tp/syscalls/sys_enter_nanosleep") 373 int test_dynptr_is_null(void *ctx) 374 { 375 struct bpf_dynptr ptr1; 376 struct bpf_dynptr ptr2; 377 __u64 size = 4; 378 379 if (bpf_get_current_pid_tgid() >> 32 != pid) 380 return 0; 381 382 /* Pass in invalid flags, get back an invalid dynptr */ 383 if (bpf_ringbuf_reserve_dynptr(&ringbuf, size, 123, &ptr1) != -EINVAL) { 384 err = 1; 385 goto exit_early; 386 } 387 388 /* Test that the invalid dynptr is null */ 389 if (!bpf_dynptr_is_null(&ptr1)) { 390 err = 2; 391 goto exit_early; 392 } 393 394 /* Get a valid dynptr */ 395 if (bpf_ringbuf_reserve_dynptr(&ringbuf, size, 0, &ptr2)) { 396 err = 3; 397 goto exit; 398 } 399 400 /* Test that the valid dynptr is not null */ 401 if (bpf_dynptr_is_null(&ptr2)) { 402 err = 4; 403 goto exit; 404 } 405 406 exit: 407 bpf_ringbuf_discard_dynptr(&ptr2, 0); 408 exit_early: 409 bpf_ringbuf_discard_dynptr(&ptr1, 0); 410 return 0; 411 } 412 413 SEC("cgroup_skb/egress") 414 int test_dynptr_is_rdonly(struct __sk_buff *skb) 415 { 416 struct bpf_dynptr ptr1; 417 struct bpf_dynptr ptr2; 418 struct bpf_dynptr ptr3; 419 420 /* Pass in invalid flags, get back an invalid dynptr */ 421 if (bpf_dynptr_from_skb(skb, 123, &ptr1) != -EINVAL) { 422 err = 1; 423 return 0; 424 } 425 426 /* Test that an invalid dynptr is_rdonly returns false */ 427 if (bpf_dynptr_is_rdonly(&ptr1)) { 428 err = 2; 429 return 0; 430 } 431 432 /* Get a read-only dynptr */ 433 if (bpf_dynptr_from_skb(skb, 0, &ptr2)) { 434 err = 3; 435 return 0; 436 } 437 438 /* Test that the dynptr is read-only */ 439 if (!bpf_dynptr_is_rdonly(&ptr2)) { 440 err = 4; 441 return 0; 442 } 443 444 /* Get a read-writeable dynptr */ 445 if (bpf_ringbuf_reserve_dynptr(&ringbuf, 64, 0, &ptr3)) { 446 err = 5; 447 goto done; 448 } 449 450 /* Test that the dynptr is read-only */ 451 if (bpf_dynptr_is_rdonly(&ptr3)) { 452 err = 6; 453 goto done; 454 } 455 456 done: 457 bpf_ringbuf_discard_dynptr(&ptr3, 0); 458 return 0; 459 } 460 461 SEC("cgroup_skb/egress") 462 int test_dynptr_clone(struct __sk_buff *skb) 463 { 464 struct bpf_dynptr ptr1; 465 struct bpf_dynptr ptr2; 466 __u32 off = 2, size; 467 468 /* Get a dynptr */ 469 if (bpf_dynptr_from_skb(skb, 0, &ptr1)) { 470 err = 1; 471 return 0; 472 } 473 474 if (bpf_dynptr_adjust(&ptr1, off, bpf_dynptr_size(&ptr1))) { 475 err = 2; 476 return 0; 477 } 478 479 /* Clone the dynptr */ 480 if (bpf_dynptr_clone(&ptr1, &ptr2)) { 481 err = 3; 482 return 0; 483 } 484 485 size = bpf_dynptr_size(&ptr1); 486 487 /* Check that the clone has the same size and rd-only */ 488 if (bpf_dynptr_size(&ptr2) != size) { 489 err = 4; 490 return 0; 491 } 492 493 if (bpf_dynptr_is_rdonly(&ptr2) != bpf_dynptr_is_rdonly(&ptr1)) { 494 err = 5; 495 return 0; 496 } 497 498 /* Advance and trim the original dynptr */ 499 bpf_dynptr_adjust(&ptr1, 5, 5); 500 501 /* Check that only original dynptr was affected, and the clone wasn't */ 502 if (bpf_dynptr_size(&ptr2) != size) { 503 err = 6; 504 return 0; 505 } 506 507 return 0; 508 } 509 510 SEC("?cgroup_skb/egress") 511 int test_dynptr_skb_no_buff(struct __sk_buff *skb) 512 { 513 struct bpf_dynptr ptr; 514 __u64 *data; 515 516 if (bpf_dynptr_from_skb(skb, 0, &ptr)) { 517 err = 1; 518 return 1; 519 } 520 521 /* This may return NULL. SKB may require a buffer */ 522 data = bpf_dynptr_slice(&ptr, 0, NULL, 1); 523 524 return !!data; 525 } 526 527 SEC("?cgroup_skb/egress") 528 int test_dynptr_skb_strcmp(struct __sk_buff *skb) 529 { 530 struct bpf_dynptr ptr; 531 char *data; 532 533 if (bpf_dynptr_from_skb(skb, 0, &ptr)) { 534 err = 1; 535 return 1; 536 } 537 538 /* This may return NULL. SKB may require a buffer */ 539 data = bpf_dynptr_slice(&ptr, 0, NULL, 10); 540 if (data) { 541 bpf_strncmp(data, 10, "foo"); 542 return 1; 543 } 544 545 return 1; 546 } 547