1 // SPDX-License-Identifier: GPL-2.0 2 3 #include "vmlinux.h" 4 #include "bpf_experimental.h" 5 #include <bpf/bpf_helpers.h> 6 #include "bpf_misc.h" 7 #include "../bpf_testmod/bpf_testmod_kfunc.h" 8 9 char _license[] SEC("license") = "GPL"; 10 11 SEC("raw_tp/sys_enter") 12 __success 13 int iter_next_trusted(const void *ctx) 14 { 15 struct task_struct *cur_task = bpf_get_current_task_btf(); 16 struct bpf_iter_task_vma vma_it; 17 struct vm_area_struct *vma_ptr; 18 19 bpf_iter_task_vma_new(&vma_it, cur_task, 0); 20 21 vma_ptr = bpf_iter_task_vma_next(&vma_it); 22 if (vma_ptr == NULL) 23 goto out; 24 25 bpf_kfunc_trusted_vma_test(vma_ptr); 26 out: 27 bpf_iter_task_vma_destroy(&vma_it); 28 return 0; 29 } 30 31 SEC("raw_tp/sys_enter") 32 __failure __msg("Possibly NULL pointer passed to trusted arg0") 33 int iter_next_trusted_or_null(const void *ctx) 34 { 35 struct task_struct *cur_task = bpf_get_current_task_btf(); 36 struct bpf_iter_task_vma vma_it; 37 struct vm_area_struct *vma_ptr; 38 39 bpf_iter_task_vma_new(&vma_it, cur_task, 0); 40 41 vma_ptr = bpf_iter_task_vma_next(&vma_it); 42 43 bpf_kfunc_trusted_vma_test(vma_ptr); 44 45 bpf_iter_task_vma_destroy(&vma_it); 46 return 0; 47 } 48 49 SEC("raw_tp/sys_enter") 50 __success 51 int iter_next_rcu(const void *ctx) 52 { 53 struct task_struct *cur_task = bpf_get_current_task_btf(); 54 struct bpf_iter_task task_it; 55 struct task_struct *task_ptr; 56 57 bpf_iter_task_new(&task_it, cur_task, 0); 58 59 task_ptr = bpf_iter_task_next(&task_it); 60 if (task_ptr == NULL) 61 goto out; 62 63 bpf_kfunc_rcu_task_test(task_ptr); 64 out: 65 bpf_iter_task_destroy(&task_it); 66 return 0; 67 } 68 69 SEC("raw_tp/sys_enter") 70 __failure __msg("Possibly NULL pointer passed to trusted arg0") 71 int iter_next_rcu_or_null(const void *ctx) 72 { 73 struct task_struct *cur_task = bpf_get_current_task_btf(); 74 struct bpf_iter_task task_it; 75 struct task_struct *task_ptr; 76 77 bpf_iter_task_new(&task_it, cur_task, 0); 78 79 task_ptr = bpf_iter_task_next(&task_it); 80 81 bpf_kfunc_rcu_task_test(task_ptr); 82 83 bpf_iter_task_destroy(&task_it); 84 return 0; 85 } 86 87 SEC("raw_tp/sys_enter") 88 __failure __msg("R1 must be referenced or trusted") 89 int iter_next_rcu_not_trusted(const void *ctx) 90 { 91 struct task_struct *cur_task = bpf_get_current_task_btf(); 92 struct bpf_iter_task task_it; 93 struct task_struct *task_ptr; 94 95 bpf_iter_task_new(&task_it, cur_task, 0); 96 97 task_ptr = bpf_iter_task_next(&task_it); 98 if (task_ptr == NULL) 99 goto out; 100 101 bpf_kfunc_trusted_task_test(task_ptr); 102 out: 103 bpf_iter_task_destroy(&task_it); 104 return 0; 105 } 106 107 SEC("raw_tp/sys_enter") 108 __failure __msg("R1 cannot write into rdonly_mem") 109 /* Message should not be 'R1 cannot write into rdonly_trusted_mem' */ 110 int iter_next_ptr_mem_not_trusted(const void *ctx) 111 { 112 struct bpf_iter_num num_it; 113 int *num_ptr; 114 115 bpf_iter_num_new(&num_it, 0, 10); 116 117 num_ptr = bpf_iter_num_next(&num_it); 118 if (num_ptr == NULL) 119 goto out; 120 121 bpf_kfunc_trusted_num_test(num_ptr); 122 out: 123 bpf_iter_num_destroy(&num_it); 124 return 0; 125 } 126