xref: /linux/tools/testing/selftests/bpf/progs/task_work_fail.c (revision 07fdad3a93756b872da7b53647715c48d0f4a2d0) 
1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright (c) 2025 Meta Platforms, Inc. and affiliates. */
3 
4 #include <vmlinux.h>
5 #include <string.h>
6 #include <stdbool.h>
7 #include <bpf/bpf_helpers.h>
8 #include <bpf/bpf_tracing.h>
9 #include "bpf_misc.h"
10 
11 char _license[] SEC("license") = "GPL";
12 
13 const void *user_ptr = NULL;
14 
15 struct elem {
16 	char data[128];
17 	struct bpf_task_work tw;
18 };
19 
20 struct {
21 	__uint(type, BPF_MAP_TYPE_HASH);
22 	__uint(map_flags, BPF_F_NO_PREALLOC);
23 	__uint(max_entries, 1);
24 	__type(key, int);
25 	__type(value, struct elem);
26 } hmap SEC(".maps");
27 
28 struct {
29 	__uint(type, BPF_MAP_TYPE_ARRAY);
30 	__uint(max_entries, 1);
31 	__type(key, int);
32 	__type(value, struct elem);
33 } arrmap SEC(".maps");
34 
35 static int process_work(struct bpf_map *map, void *key, void *value)
36 {
37 	struct elem *work = value;
38 
39 	bpf_copy_from_user_str(work->data, sizeof(work->data), (const void *)user_ptr, 0);
40 	return 0;
41 }
42 
43 int key = 0;
44 
45 SEC("perf_event")
46 __failure __msg("doesn't match map pointer in R3")
47 int mismatch_map(struct pt_regs *args)
48 {
49 	struct elem *work;
50 	struct task_struct *task;
51 
52 	task = bpf_get_current_task_btf();
53 	work = bpf_map_lookup_elem(&arrmap, &key);
54 	if (!work)
55 		return 0;
56 	bpf_task_work_schedule_resume(task, &work->tw, &hmap, process_work, NULL);
57 	return 0;
58 }
59 
60 SEC("perf_event")
61 __failure __msg("arg#1 doesn't point to a map value")
62 int no_map_task_work(struct pt_regs *args)
63 {
64 	struct task_struct *task;
65 	struct bpf_task_work tw;
66 
67 	task = bpf_get_current_task_btf();
68 	bpf_task_work_schedule_resume(task, &tw, &hmap, process_work, NULL);
69 	return 0;
70 }
71 
72 SEC("perf_event")
73 __failure __msg("Possibly NULL pointer passed to trusted arg1")
74 int task_work_null(struct pt_regs *args)
75 {
76 	struct task_struct *task;
77 
78 	task = bpf_get_current_task_btf();
79 	bpf_task_work_schedule_resume(task, NULL, &hmap, process_work, NULL);
80 	return 0;
81 }
82 
83 SEC("perf_event")
84 __failure __msg("Possibly NULL pointer passed to trusted arg2")
85 int map_null(struct pt_regs *args)
86 {
87 	struct elem *work;
88 	struct task_struct *task;
89 
90 	task = bpf_get_current_task_btf();
91 	work = bpf_map_lookup_elem(&arrmap, &key);
92 	if (!work)
93 		return 0;
94 	bpf_task_work_schedule_resume(task, &work->tw, NULL, process_work, NULL);
95 	return 0;
96 }
97