1 // SPDX-License-Identifier: GPL-2.0 2 /* Copyright (c) 2020 Facebook */ 3 #include <linux/bpf.h> 4 #include <linux/btf.h> 5 #include <linux/btf_ids.h> 6 #include <linux/delay.h> 7 #include <linux/error-injection.h> 8 #include <linux/init.h> 9 #include <linux/module.h> 10 #include <linux/percpu-defs.h> 11 #include <linux/sysfs.h> 12 #include <linux/tracepoint.h> 13 #include <linux/net.h> 14 #include <linux/socket.h> 15 #include <linux/nsproxy.h> 16 #include <linux/inet.h> 17 #include <linux/in.h> 18 #include <linux/in6.h> 19 #include <linux/un.h> 20 #include <linux/filter.h> 21 #include <net/sock.h> 22 #include <linux/namei.h> 23 #include "bpf_testmod.h" 24 #include "bpf_testmod_kfunc.h" 25 26 #define CREATE_TRACE_POINTS 27 #include "bpf_testmod-events.h" 28 29 #define CONNECT_TIMEOUT_SEC 1 30 31 typedef int (*func_proto_typedef)(long); 32 typedef int (*func_proto_typedef_nested1)(func_proto_typedef); 33 typedef int (*func_proto_typedef_nested2)(func_proto_typedef_nested1); 34 35 DEFINE_PER_CPU(int, bpf_testmod_ksym_percpu) = 123; 36 long bpf_testmod_test_struct_arg_result; 37 static DEFINE_MUTEX(sock_lock); 38 static struct socket *sock; 39 40 struct bpf_testmod_struct_arg_1 { 41 int a; 42 }; 43 struct bpf_testmod_struct_arg_2 { 44 long a; 45 long b; 46 }; 47 48 struct bpf_testmod_struct_arg_3 { 49 int a; 50 int b[]; 51 }; 52 53 struct bpf_testmod_struct_arg_4 { 54 u64 a; 55 int b; 56 }; 57 58 struct bpf_testmod_struct_arg_5 { 59 char a; 60 short b; 61 int c; 62 long d; 63 }; 64 65 union bpf_testmod_union_arg_1 { 66 char a; 67 short b; 68 struct bpf_testmod_struct_arg_1 arg; 69 }; 70 71 union bpf_testmod_union_arg_2 { 72 int a; 73 long b; 74 struct bpf_testmod_struct_arg_2 arg; 75 }; 76 77 __bpf_hook_start(); 78 79 noinline int 80 bpf_testmod_test_struct_arg_1(struct bpf_testmod_struct_arg_2 a, int b, int c) { 81 bpf_testmod_test_struct_arg_result = a.a + a.b + b + c; 82 return bpf_testmod_test_struct_arg_result; 83 } 84 85 noinline int 86 bpf_testmod_test_struct_arg_2(int a, struct bpf_testmod_struct_arg_2 b, int c) { 87 bpf_testmod_test_struct_arg_result = a + b.a + b.b + c; 88 return bpf_testmod_test_struct_arg_result; 89 } 90 91 noinline int 92 bpf_testmod_test_struct_arg_3(int a, int b, struct bpf_testmod_struct_arg_2 c) { 93 bpf_testmod_test_struct_arg_result = a + b + c.a + c.b; 94 return bpf_testmod_test_struct_arg_result; 95 } 96 97 noinline int 98 bpf_testmod_test_struct_arg_4(struct bpf_testmod_struct_arg_1 a, int b, 99 int c, int d, struct bpf_testmod_struct_arg_2 e) { 100 bpf_testmod_test_struct_arg_result = a.a + b + c + d + e.a + e.b; 101 return bpf_testmod_test_struct_arg_result; 102 } 103 104 noinline int 105 bpf_testmod_test_struct_arg_5(void) { 106 bpf_testmod_test_struct_arg_result = 1; 107 return bpf_testmod_test_struct_arg_result; 108 } 109 110 noinline int 111 bpf_testmod_test_struct_arg_6(struct bpf_testmod_struct_arg_3 *a) { 112 bpf_testmod_test_struct_arg_result = a->b[0]; 113 return bpf_testmod_test_struct_arg_result; 114 } 115 116 noinline int 117 bpf_testmod_test_struct_arg_7(u64 a, void *b, short c, int d, void *e, 118 struct bpf_testmod_struct_arg_4 f) 119 { 120 bpf_testmod_test_struct_arg_result = a + (long)b + c + d + 121 (long)e + f.a + f.b; 122 return bpf_testmod_test_struct_arg_result; 123 } 124 125 noinline int 126 bpf_testmod_test_struct_arg_8(u64 a, void *b, short c, int d, void *e, 127 struct bpf_testmod_struct_arg_4 f, int g) 128 { 129 bpf_testmod_test_struct_arg_result = a + (long)b + c + d + 130 (long)e + f.a + f.b + g; 131 return bpf_testmod_test_struct_arg_result; 132 } 133 134 noinline int 135 bpf_testmod_test_struct_arg_9(u64 a, void *b, short c, int d, void *e, char f, 136 short g, struct bpf_testmod_struct_arg_5 h, long i) 137 { 138 bpf_testmod_test_struct_arg_result = a + (long)b + c + d + (long)e + 139 f + g + h.a + h.b + h.c + h.d + i; 140 return bpf_testmod_test_struct_arg_result; 141 } 142 143 noinline int 144 bpf_testmod_test_union_arg_1(union bpf_testmod_union_arg_1 a, int b, int c) 145 { 146 bpf_testmod_test_struct_arg_result = a.arg.a + b + c; 147 return bpf_testmod_test_struct_arg_result; 148 } 149 150 noinline int 151 bpf_testmod_test_union_arg_2(int a, union bpf_testmod_union_arg_2 b) 152 { 153 bpf_testmod_test_struct_arg_result = a + b.arg.a + b.arg.b; 154 return bpf_testmod_test_struct_arg_result; 155 } 156 157 noinline int 158 bpf_testmod_test_arg_ptr_to_struct(struct bpf_testmod_struct_arg_1 *a) { 159 bpf_testmod_test_struct_arg_result = a->a; 160 return bpf_testmod_test_struct_arg_result; 161 } 162 163 __weak noinline void bpf_testmod_looooooooooooooooooooooooooooooong_name(void) 164 { 165 } 166 167 __bpf_kfunc void 168 bpf_testmod_test_mod_kfunc(int i) 169 { 170 *(int *)this_cpu_ptr(&bpf_testmod_ksym_percpu) = i; 171 } 172 173 __bpf_kfunc int bpf_iter_testmod_seq_new(struct bpf_iter_testmod_seq *it, s64 value, int cnt) 174 { 175 it->cnt = cnt; 176 177 if (cnt < 0) 178 return -EINVAL; 179 180 it->value = value; 181 182 return 0; 183 } 184 185 __bpf_kfunc s64 *bpf_iter_testmod_seq_next(struct bpf_iter_testmod_seq* it) 186 { 187 if (it->cnt <= 0) 188 return NULL; 189 190 it->cnt--; 191 192 return &it->value; 193 } 194 195 __bpf_kfunc s64 bpf_iter_testmod_seq_value(int val, struct bpf_iter_testmod_seq* it__iter) 196 { 197 if (it__iter->cnt < 0) 198 return 0; 199 200 return val + it__iter->value; 201 } 202 203 __bpf_kfunc void bpf_iter_testmod_seq_destroy(struct bpf_iter_testmod_seq *it) 204 { 205 it->cnt = 0; 206 } 207 208 __bpf_kfunc void bpf_kfunc_common_test(void) 209 { 210 } 211 212 __bpf_kfunc void bpf_kfunc_dynptr_test(struct bpf_dynptr *ptr, 213 struct bpf_dynptr *ptr__nullable) 214 { 215 } 216 217 __bpf_kfunc struct sk_buff *bpf_kfunc_nested_acquire_nonzero_offset_test(struct sk_buff_head *ptr) 218 { 219 return NULL; 220 } 221 222 __bpf_kfunc struct sk_buff *bpf_kfunc_nested_acquire_zero_offset_test(struct sock_common *ptr) 223 { 224 return NULL; 225 } 226 227 __bpf_kfunc void bpf_kfunc_nested_release_test(struct sk_buff *ptr) 228 { 229 } 230 231 __bpf_kfunc void bpf_kfunc_trusted_vma_test(struct vm_area_struct *ptr) 232 { 233 } 234 235 __bpf_kfunc void bpf_kfunc_trusted_task_test(struct task_struct *ptr) 236 { 237 } 238 239 __bpf_kfunc void bpf_kfunc_trusted_num_test(int *ptr) 240 { 241 } 242 243 __bpf_kfunc void bpf_kfunc_rcu_task_test(struct task_struct *ptr) 244 { 245 } 246 247 __bpf_kfunc struct task_struct *bpf_kfunc_ret_rcu_test(void) 248 { 249 return NULL; 250 } 251 252 __bpf_kfunc int *bpf_kfunc_ret_rcu_test_nostruct(int rdonly_buf_size) 253 { 254 return NULL; 255 } 256 257 __bpf_kfunc struct bpf_testmod_ctx * 258 bpf_testmod_ctx_create(int *err) 259 { 260 struct bpf_testmod_ctx *ctx; 261 262 ctx = kzalloc(sizeof(*ctx), GFP_ATOMIC); 263 if (!ctx) { 264 *err = -ENOMEM; 265 return NULL; 266 } 267 refcount_set(&ctx->usage, 1); 268 269 return ctx; 270 } 271 272 static void testmod_free_cb(struct rcu_head *head) 273 { 274 struct bpf_testmod_ctx *ctx; 275 276 ctx = container_of(head, struct bpf_testmod_ctx, rcu); 277 kfree(ctx); 278 } 279 280 __bpf_kfunc void bpf_testmod_ctx_release(struct bpf_testmod_ctx *ctx) 281 { 282 if (!ctx) 283 return; 284 if (refcount_dec_and_test(&ctx->usage)) 285 call_rcu(&ctx->rcu, testmod_free_cb); 286 } 287 288 __bpf_kfunc void bpf_testmod_ctx_release_dtor(void *ctx) 289 { 290 bpf_testmod_ctx_release(ctx); 291 } 292 CFI_NOSEAL(bpf_testmod_ctx_release_dtor); 293 294 static struct bpf_testmod_ops3 *st_ops3; 295 296 static int bpf_testmod_test_3(void) 297 { 298 return 0; 299 } 300 301 static int bpf_testmod_test_4(void) 302 { 303 return 0; 304 } 305 306 static struct bpf_testmod_ops3 __bpf_testmod_ops3 = { 307 .test_1 = bpf_testmod_test_3, 308 .test_2 = bpf_testmod_test_4, 309 }; 310 311 static void bpf_testmod_test_struct_ops3(void) 312 { 313 if (st_ops3) 314 st_ops3->test_1(); 315 } 316 317 __bpf_kfunc void bpf_testmod_ops3_call_test_1(void) 318 { 319 st_ops3->test_1(); 320 } 321 322 __bpf_kfunc void bpf_testmod_ops3_call_test_2(void) 323 { 324 st_ops3->test_2(); 325 } 326 327 struct bpf_testmod_btf_type_tag_1 { 328 int a; 329 }; 330 331 struct bpf_testmod_btf_type_tag_2 { 332 struct bpf_testmod_btf_type_tag_1 __user *p; 333 }; 334 335 struct bpf_testmod_btf_type_tag_3 { 336 struct bpf_testmod_btf_type_tag_1 __percpu *p; 337 }; 338 339 noinline int 340 bpf_testmod_test_btf_type_tag_user_1(struct bpf_testmod_btf_type_tag_1 __user *arg) { 341 BTF_TYPE_EMIT(func_proto_typedef); 342 BTF_TYPE_EMIT(func_proto_typedef_nested1); 343 BTF_TYPE_EMIT(func_proto_typedef_nested2); 344 return arg->a; 345 } 346 347 noinline int 348 bpf_testmod_test_btf_type_tag_user_2(struct bpf_testmod_btf_type_tag_2 *arg) { 349 return arg->p->a; 350 } 351 352 noinline int 353 bpf_testmod_test_btf_type_tag_percpu_1(struct bpf_testmod_btf_type_tag_1 __percpu *arg) { 354 return arg->a; 355 } 356 357 noinline int 358 bpf_testmod_test_btf_type_tag_percpu_2(struct bpf_testmod_btf_type_tag_3 *arg) { 359 return arg->p->a; 360 } 361 362 noinline int bpf_testmod_loop_test(int n) 363 { 364 /* Make sum volatile, so smart compilers, such as clang, will not 365 * optimize the code by removing the loop. 366 */ 367 volatile int sum = 0; 368 int i; 369 370 /* the primary goal of this test is to test LBR. Create a lot of 371 * branches in the function, so we can catch it easily. 372 */ 373 for (i = 0; i < n; i++) 374 sum += i; 375 return sum; 376 } 377 378 __weak noinline struct file *bpf_testmod_return_ptr(int arg) 379 { 380 static struct file f = {}; 381 382 switch (arg) { 383 case 1: return (void *)EINVAL; /* user addr */ 384 case 2: return (void *)0xcafe4a11; /* user addr */ 385 case 3: return (void *)-EINVAL; /* canonical, but invalid */ 386 case 4: return (void *)(1ull << 60); /* non-canonical and invalid */ 387 case 5: return (void *)~(1ull << 30); /* trigger extable */ 388 case 6: return &f; /* valid addr */ 389 case 7: return (void *)((long)&f | 1); /* kernel tricks */ 390 #ifdef CONFIG_X86_64 391 case 8: return (void *)VSYSCALL_ADDR; /* vsyscall page address */ 392 #endif 393 default: return NULL; 394 } 395 } 396 397 noinline int bpf_testmod_fentry_test1(int a) 398 { 399 return a + 1; 400 } 401 402 noinline int bpf_testmod_fentry_test2(int a, u64 b) 403 { 404 return a + b; 405 } 406 407 noinline int bpf_testmod_fentry_test3(char a, int b, u64 c) 408 { 409 return a + b + c; 410 } 411 412 noinline int bpf_testmod_fentry_test7(u64 a, void *b, short c, int d, 413 void *e, char f, int g) 414 { 415 return a + (long)b + c + d + (long)e + f + g; 416 } 417 418 noinline int bpf_testmod_fentry_test11(u64 a, void *b, short c, int d, 419 void *e, char f, int g, 420 unsigned int h, long i, __u64 j, 421 unsigned long k) 422 { 423 return a + (long)b + c + d + (long)e + f + g + h + i + j + k; 424 } 425 426 noinline void bpf_testmod_stacktrace_test(void) 427 { 428 /* used for stacktrace test as attach function */ 429 asm volatile (""); 430 } 431 432 noinline void bpf_testmod_stacktrace_test_3(void) 433 { 434 bpf_testmod_stacktrace_test(); 435 asm volatile (""); 436 } 437 438 noinline void bpf_testmod_stacktrace_test_2(void) 439 { 440 bpf_testmod_stacktrace_test_3(); 441 asm volatile (""); 442 } 443 444 noinline void bpf_testmod_stacktrace_test_1(void) 445 { 446 bpf_testmod_stacktrace_test_2(); 447 asm volatile (""); 448 } 449 450 int bpf_testmod_fentry_ok; 451 452 noinline ssize_t 453 bpf_testmod_test_read(struct file *file, struct kobject *kobj, 454 const struct bin_attribute *bin_attr, 455 char *buf, loff_t off, size_t len) 456 { 457 struct bpf_testmod_test_read_ctx ctx = { 458 .buf = buf, 459 .off = off, 460 .len = len, 461 }; 462 struct bpf_testmod_struct_arg_1 struct_arg1 = {10}, struct_arg1_2 = {-1}; 463 struct bpf_testmod_struct_arg_2 struct_arg2 = {2, 3}; 464 struct bpf_testmod_struct_arg_3 *struct_arg3; 465 struct bpf_testmod_struct_arg_4 struct_arg4 = {21, 22}; 466 struct bpf_testmod_struct_arg_5 struct_arg5 = {23, 24, 25, 26}; 467 union bpf_testmod_union_arg_1 union_arg1 = { .arg = {1} }; 468 union bpf_testmod_union_arg_2 union_arg2 = { .arg = {2, 3} }; 469 int i = 1; 470 471 while (bpf_testmod_return_ptr(i)) 472 i++; 473 474 (void)bpf_testmod_test_struct_arg_1(struct_arg2, 1, 4); 475 (void)bpf_testmod_test_struct_arg_2(1, struct_arg2, 4); 476 (void)bpf_testmod_test_struct_arg_3(1, 4, struct_arg2); 477 (void)bpf_testmod_test_struct_arg_4(struct_arg1, 1, 2, 3, struct_arg2); 478 (void)bpf_testmod_test_struct_arg_5(); 479 (void)bpf_testmod_test_struct_arg_7(16, (void *)17, 18, 19, 480 (void *)20, struct_arg4); 481 (void)bpf_testmod_test_struct_arg_8(16, (void *)17, 18, 19, 482 (void *)20, struct_arg4, 23); 483 (void)bpf_testmod_test_struct_arg_9(16, (void *)17, 18, 19, (void *)20, 484 21, 22, struct_arg5, 27); 485 486 (void)bpf_testmod_test_union_arg_1(union_arg1, 4, 5); 487 (void)bpf_testmod_test_union_arg_2(6, union_arg2); 488 489 (void)bpf_testmod_test_arg_ptr_to_struct(&struct_arg1_2); 490 491 (void)trace_bpf_testmod_test_raw_tp_null_tp(NULL); 492 493 bpf_testmod_test_struct_ops3(); 494 495 struct_arg3 = kmalloc((sizeof(struct bpf_testmod_struct_arg_3) + 496 sizeof(int)), GFP_KERNEL); 497 if (struct_arg3 != NULL) { 498 struct_arg3->b[0] = 1; 499 (void)bpf_testmod_test_struct_arg_6(struct_arg3); 500 kfree(struct_arg3); 501 } 502 503 /* This is always true. Use the check to make sure the compiler 504 * doesn't remove bpf_testmod_loop_test. 505 */ 506 if (bpf_testmod_loop_test(101) > 100) 507 trace_bpf_testmod_test_read(current, &ctx); 508 509 trace_bpf_testmod_test_nullable_bare_tp(NULL); 510 511 /* Magic number to enable writable tp */ 512 if (len == 64) { 513 struct bpf_testmod_test_writable_ctx writable = { 514 .val = 1024, 515 }; 516 trace_bpf_testmod_test_writable_bare_tp(&writable); 517 if (writable.early_ret) 518 return snprintf(buf, len, "%d\n", writable.val); 519 } 520 521 if (bpf_testmod_fentry_test1(1) != 2 || 522 bpf_testmod_fentry_test2(2, 3) != 5 || 523 bpf_testmod_fentry_test3(4, 5, 6) != 15 || 524 bpf_testmod_fentry_test7(16, (void *)17, 18, 19, (void *)20, 525 21, 22) != 133 || 526 bpf_testmod_fentry_test11(16, (void *)17, 18, 19, (void *)20, 527 21, 22, 23, 24, 25, 26) != 231) 528 goto out; 529 530 bpf_testmod_stacktrace_test_1(); 531 532 bpf_testmod_fentry_ok = 1; 533 out: 534 return -EIO; /* always fail */ 535 } 536 EXPORT_SYMBOL(bpf_testmod_test_read); 537 ALLOW_ERROR_INJECTION(bpf_testmod_test_read, ERRNO); 538 539 noinline ssize_t 540 bpf_testmod_test_write(struct file *file, struct kobject *kobj, 541 const struct bin_attribute *bin_attr, 542 char *buf, loff_t off, size_t len) 543 { 544 struct bpf_testmod_test_write_ctx ctx = { 545 .buf = buf, 546 .off = off, 547 .len = len, 548 }; 549 550 trace_bpf_testmod_test_write_bare_tp(current, &ctx); 551 552 return -EIO; /* always fail */ 553 } 554 EXPORT_SYMBOL(bpf_testmod_test_write); 555 ALLOW_ERROR_INJECTION(bpf_testmod_test_write, ERRNO); 556 557 noinline int bpf_fentry_shadow_test(int a) 558 { 559 return a + 2; 560 } 561 EXPORT_SYMBOL_GPL(bpf_fentry_shadow_test); 562 563 __bpf_hook_end(); 564 565 static struct bin_attribute bin_attr_bpf_testmod_file __ro_after_init = { 566 .attr = { .name = "bpf_testmod", .mode = 0666, }, 567 .read = bpf_testmod_test_read, 568 .write = bpf_testmod_test_write, 569 }; 570 571 /* bpf_testmod_uprobe sysfs attribute is so far enabled for x86_64 only, 572 * please see test_uretprobe_regs_change test 573 */ 574 #ifdef __x86_64__ 575 576 static int 577 uprobe_handler(struct uprobe_consumer *self, struct pt_regs *regs, __u64 *data) 578 { 579 regs->cx = 0x87654321feebdaed; 580 return 0; 581 } 582 583 static int 584 uprobe_ret_handler(struct uprobe_consumer *self, unsigned long func, 585 struct pt_regs *regs, __u64 *data) 586 587 { 588 regs->ax = 0x12345678deadbeef; 589 regs->r11 = (u64) -1; 590 return 0; 591 } 592 593 struct testmod_uprobe { 594 struct path path; 595 struct uprobe *uprobe; 596 struct uprobe_consumer consumer; 597 }; 598 599 static DEFINE_MUTEX(testmod_uprobe_mutex); 600 601 static struct testmod_uprobe uprobe = { 602 .consumer.handler = uprobe_handler, 603 .consumer.ret_handler = uprobe_ret_handler, 604 }; 605 606 static int testmod_register_uprobe(loff_t offset) 607 { 608 int err = -EBUSY; 609 610 if (uprobe.uprobe) 611 return -EBUSY; 612 613 mutex_lock(&testmod_uprobe_mutex); 614 615 if (uprobe.uprobe) 616 goto out; 617 618 err = kern_path("/proc/self/exe", LOOKUP_FOLLOW, &uprobe.path); 619 if (err) 620 goto out; 621 622 uprobe.uprobe = uprobe_register(d_real_inode(uprobe.path.dentry), 623 offset, 0, &uprobe.consumer); 624 if (IS_ERR(uprobe.uprobe)) { 625 err = PTR_ERR(uprobe.uprobe); 626 path_put(&uprobe.path); 627 uprobe.uprobe = NULL; 628 } 629 out: 630 mutex_unlock(&testmod_uprobe_mutex); 631 return err; 632 } 633 634 static void testmod_unregister_uprobe(void) 635 { 636 mutex_lock(&testmod_uprobe_mutex); 637 638 if (uprobe.uprobe) { 639 uprobe_unregister_nosync(uprobe.uprobe, &uprobe.consumer); 640 uprobe_unregister_sync(); 641 path_put(&uprobe.path); 642 uprobe.uprobe = NULL; 643 } 644 645 mutex_unlock(&testmod_uprobe_mutex); 646 } 647 648 static ssize_t 649 bpf_testmod_uprobe_write(struct file *file, struct kobject *kobj, 650 const struct bin_attribute *bin_attr, 651 char *buf, loff_t off, size_t len) 652 { 653 unsigned long offset = 0; 654 int err = 0; 655 656 if (kstrtoul(buf, 0, &offset)) 657 return -EINVAL; 658 659 if (offset) 660 err = testmod_register_uprobe(offset); 661 else 662 testmod_unregister_uprobe(); 663 664 return err ?: strlen(buf); 665 } 666 667 static struct bin_attribute bin_attr_bpf_testmod_uprobe_file __ro_after_init = { 668 .attr = { .name = "bpf_testmod_uprobe", .mode = 0666, }, 669 .write = bpf_testmod_uprobe_write, 670 }; 671 672 static int register_bpf_testmod_uprobe(void) 673 { 674 return sysfs_create_bin_file(kernel_kobj, &bin_attr_bpf_testmod_uprobe_file); 675 } 676 677 static void unregister_bpf_testmod_uprobe(void) 678 { 679 testmod_unregister_uprobe(); 680 sysfs_remove_bin_file(kernel_kobj, &bin_attr_bpf_testmod_uprobe_file); 681 } 682 683 #else 684 static int register_bpf_testmod_uprobe(void) 685 { 686 return 0; 687 } 688 689 static void unregister_bpf_testmod_uprobe(void) { } 690 #endif 691 692 BTF_KFUNCS_START(bpf_testmod_common_kfunc_ids) 693 BTF_ID_FLAGS(func, bpf_iter_testmod_seq_new, KF_ITER_NEW) 694 BTF_ID_FLAGS(func, bpf_iter_testmod_seq_next, KF_ITER_NEXT | KF_RET_NULL) 695 BTF_ID_FLAGS(func, bpf_iter_testmod_seq_destroy, KF_ITER_DESTROY) 696 BTF_ID_FLAGS(func, bpf_iter_testmod_seq_value) 697 BTF_ID_FLAGS(func, bpf_kfunc_common_test) 698 BTF_ID_FLAGS(func, bpf_kfunc_dynptr_test) 699 BTF_ID_FLAGS(func, bpf_kfunc_nested_acquire_nonzero_offset_test, KF_ACQUIRE) 700 BTF_ID_FLAGS(func, bpf_kfunc_nested_acquire_zero_offset_test, KF_ACQUIRE) 701 BTF_ID_FLAGS(func, bpf_kfunc_nested_release_test, KF_RELEASE) 702 BTF_ID_FLAGS(func, bpf_kfunc_trusted_vma_test) 703 BTF_ID_FLAGS(func, bpf_kfunc_trusted_task_test) 704 BTF_ID_FLAGS(func, bpf_kfunc_trusted_num_test) 705 BTF_ID_FLAGS(func, bpf_kfunc_rcu_task_test, KF_RCU) 706 BTF_ID_FLAGS(func, bpf_kfunc_ret_rcu_test, KF_RET_NULL | KF_RCU_PROTECTED) 707 BTF_ID_FLAGS(func, bpf_kfunc_ret_rcu_test_nostruct, KF_RET_NULL | KF_RCU_PROTECTED) 708 BTF_ID_FLAGS(func, bpf_testmod_ctx_create, KF_ACQUIRE | KF_RET_NULL) 709 BTF_ID_FLAGS(func, bpf_testmod_ctx_release, KF_RELEASE) 710 BTF_ID_FLAGS(func, bpf_testmod_ops3_call_test_1) 711 BTF_ID_FLAGS(func, bpf_testmod_ops3_call_test_2) 712 BTF_KFUNCS_END(bpf_testmod_common_kfunc_ids) 713 714 BTF_ID_LIST(bpf_testmod_dtor_ids) 715 BTF_ID(struct, bpf_testmod_ctx) 716 BTF_ID(func, bpf_testmod_ctx_release_dtor) 717 718 static const struct btf_kfunc_id_set bpf_testmod_common_kfunc_set = { 719 .owner = THIS_MODULE, 720 .set = &bpf_testmod_common_kfunc_ids, 721 }; 722 723 __bpf_kfunc u64 bpf_kfunc_call_test1(struct sock *sk, u32 a, u64 b, u32 c, u64 d) 724 { 725 return a + b + c + d; 726 } 727 728 __bpf_kfunc int bpf_kfunc_call_test2(struct sock *sk, u32 a, u32 b) 729 { 730 return a + b; 731 } 732 733 __bpf_kfunc struct sock *bpf_kfunc_call_test3(struct sock *sk) 734 { 735 return sk; 736 } 737 738 __bpf_kfunc long noinline bpf_kfunc_call_test4(signed char a, short b, int c, long d) 739 { 740 /* Provoke the compiler to assume that the caller has sign-extended a, 741 * b and c on platforms where this is required (e.g. s390x). 742 */ 743 return (long)a + (long)b + (long)c + d; 744 } 745 746 static struct prog_test_ref_kfunc prog_test_struct = { 747 .a = 42, 748 .b = 108, 749 .next = &prog_test_struct, 750 .cnt = REFCOUNT_INIT(1), 751 }; 752 753 __bpf_kfunc struct prog_test_ref_kfunc * 754 bpf_kfunc_call_test_acquire(unsigned long *scalar_ptr) 755 { 756 refcount_inc(&prog_test_struct.cnt); 757 return &prog_test_struct; 758 } 759 760 __bpf_kfunc void bpf_kfunc_call_test_offset(struct prog_test_ref_kfunc *p) 761 { 762 WARN_ON_ONCE(1); 763 } 764 765 __bpf_kfunc struct prog_test_member * 766 bpf_kfunc_call_memb_acquire(void) 767 { 768 WARN_ON_ONCE(1); 769 return NULL; 770 } 771 772 __bpf_kfunc void bpf_kfunc_call_memb1_release(struct prog_test_member1 *p) 773 { 774 WARN_ON_ONCE(1); 775 } 776 777 static int *__bpf_kfunc_call_test_get_mem(struct prog_test_ref_kfunc *p, const int size) 778 { 779 if (size > 2 * sizeof(int)) 780 return NULL; 781 782 return (int *)p; 783 } 784 785 __bpf_kfunc int *bpf_kfunc_call_test_get_rdwr_mem(struct prog_test_ref_kfunc *p, 786 const int rdwr_buf_size) 787 { 788 return __bpf_kfunc_call_test_get_mem(p, rdwr_buf_size); 789 } 790 791 __bpf_kfunc int *bpf_kfunc_call_test_get_rdonly_mem(struct prog_test_ref_kfunc *p, 792 const int rdonly_buf_size) 793 { 794 return __bpf_kfunc_call_test_get_mem(p, rdonly_buf_size); 795 } 796 797 /* the next 2 ones can't be really used for testing expect to ensure 798 * that the verifier rejects the call. 799 * Acquire functions must return struct pointers, so these ones are 800 * failing. 801 */ 802 __bpf_kfunc int *bpf_kfunc_call_test_acq_rdonly_mem(struct prog_test_ref_kfunc *p, 803 const int rdonly_buf_size) 804 { 805 return __bpf_kfunc_call_test_get_mem(p, rdonly_buf_size); 806 } 807 808 __bpf_kfunc void bpf_kfunc_call_int_mem_release(int *p) 809 { 810 } 811 812 __bpf_kfunc void bpf_kfunc_call_test_pass_ctx(struct __sk_buff *skb) 813 { 814 } 815 816 __bpf_kfunc void bpf_kfunc_call_test_pass1(struct prog_test_pass1 *p) 817 { 818 } 819 820 __bpf_kfunc void bpf_kfunc_call_test_pass2(struct prog_test_pass2 *p) 821 { 822 } 823 824 __bpf_kfunc void bpf_kfunc_call_test_fail1(struct prog_test_fail1 *p) 825 { 826 } 827 828 __bpf_kfunc void bpf_kfunc_call_test_fail2(struct prog_test_fail2 *p) 829 { 830 } 831 832 __bpf_kfunc void bpf_kfunc_call_test_fail3(struct prog_test_fail3 *p) 833 { 834 } 835 836 __bpf_kfunc void bpf_kfunc_call_test_mem_len_pass1(void *mem, int mem__sz) 837 { 838 } 839 840 __bpf_kfunc void bpf_kfunc_call_test_mem_len_fail1(void *mem, int len) 841 { 842 } 843 844 __bpf_kfunc void bpf_kfunc_call_test_mem_len_fail2(u64 *mem, int len) 845 { 846 } 847 848 __bpf_kfunc void bpf_kfunc_call_test_ref(struct prog_test_ref_kfunc *p) 849 { 850 /* p != NULL, but p->cnt could be 0 */ 851 } 852 853 __bpf_kfunc void bpf_kfunc_call_test_destructive(void) 854 { 855 } 856 857 __bpf_kfunc static u32 bpf_kfunc_call_test_static_unused_arg(u32 arg, u32 unused) 858 { 859 return arg; 860 } 861 862 __bpf_kfunc void bpf_kfunc_call_test_sleepable(void) 863 { 864 } 865 866 __bpf_kfunc int bpf_kfunc_init_sock(struct init_sock_args *args) 867 { 868 int proto; 869 int err; 870 871 mutex_lock(&sock_lock); 872 873 if (sock) { 874 pr_err("%s called without releasing old sock", __func__); 875 err = -EPERM; 876 goto out; 877 } 878 879 switch (args->af) { 880 case AF_INET: 881 case AF_INET6: 882 proto = args->type == SOCK_STREAM ? IPPROTO_TCP : IPPROTO_UDP; 883 break; 884 case AF_UNIX: 885 proto = PF_UNIX; 886 break; 887 default: 888 pr_err("invalid address family %d\n", args->af); 889 err = -EINVAL; 890 goto out; 891 } 892 893 err = sock_create_kern(current->nsproxy->net_ns, args->af, args->type, 894 proto, &sock); 895 896 if (!err) 897 /* Set timeout for call to kernel_connect() to prevent it from hanging, 898 * and consider the connection attempt failed if it returns 899 * -EINPROGRESS. 900 */ 901 sock->sk->sk_sndtimeo = CONNECT_TIMEOUT_SEC * HZ; 902 out: 903 mutex_unlock(&sock_lock); 904 905 return err; 906 } 907 908 __bpf_kfunc void bpf_kfunc_close_sock(void) 909 { 910 mutex_lock(&sock_lock); 911 912 if (sock) { 913 sock_release(sock); 914 sock = NULL; 915 } 916 917 mutex_unlock(&sock_lock); 918 } 919 920 __bpf_kfunc int bpf_kfunc_call_kernel_connect(struct addr_args *args) 921 { 922 int err; 923 924 if (args->addrlen > sizeof(args->addr)) 925 return -EINVAL; 926 927 mutex_lock(&sock_lock); 928 929 if (!sock) { 930 pr_err("%s called without initializing sock", __func__); 931 err = -EPERM; 932 goto out; 933 } 934 935 err = kernel_connect(sock, (struct sockaddr_unsized *)&args->addr, 936 args->addrlen, 0); 937 out: 938 mutex_unlock(&sock_lock); 939 940 return err; 941 } 942 943 __bpf_kfunc int bpf_kfunc_call_kernel_bind(struct addr_args *args) 944 { 945 int err; 946 947 if (args->addrlen > sizeof(args->addr)) 948 return -EINVAL; 949 950 mutex_lock(&sock_lock); 951 952 if (!sock) { 953 pr_err("%s called without initializing sock", __func__); 954 err = -EPERM; 955 goto out; 956 } 957 958 err = kernel_bind(sock, (struct sockaddr_unsized *)&args->addr, args->addrlen); 959 out: 960 mutex_unlock(&sock_lock); 961 962 return err; 963 } 964 965 __bpf_kfunc int bpf_kfunc_call_kernel_listen(void) 966 { 967 int err; 968 969 mutex_lock(&sock_lock); 970 971 if (!sock) { 972 pr_err("%s called without initializing sock", __func__); 973 err = -EPERM; 974 goto out; 975 } 976 977 err = kernel_listen(sock, 128); 978 out: 979 mutex_unlock(&sock_lock); 980 981 return err; 982 } 983 984 __bpf_kfunc int bpf_kfunc_call_kernel_sendmsg(struct sendmsg_args *args) 985 { 986 struct msghdr msg = { 987 .msg_name = &args->addr.addr, 988 .msg_namelen = args->addr.addrlen, 989 }; 990 struct kvec iov; 991 int err; 992 993 if (args->addr.addrlen > sizeof(args->addr.addr) || 994 args->msglen > sizeof(args->msg)) 995 return -EINVAL; 996 997 iov.iov_base = args->msg; 998 iov.iov_len = args->msglen; 999 1000 mutex_lock(&sock_lock); 1001 1002 if (!sock) { 1003 pr_err("%s called without initializing sock", __func__); 1004 err = -EPERM; 1005 goto out; 1006 } 1007 1008 err = kernel_sendmsg(sock, &msg, &iov, 1, args->msglen); 1009 args->addr.addrlen = msg.msg_namelen; 1010 out: 1011 mutex_unlock(&sock_lock); 1012 1013 return err; 1014 } 1015 1016 __bpf_kfunc int bpf_kfunc_call_sock_sendmsg(struct sendmsg_args *args) 1017 { 1018 struct msghdr msg = { 1019 .msg_name = &args->addr.addr, 1020 .msg_namelen = args->addr.addrlen, 1021 }; 1022 struct kvec iov; 1023 int err; 1024 1025 if (args->addr.addrlen > sizeof(args->addr.addr) || 1026 args->msglen > sizeof(args->msg)) 1027 return -EINVAL; 1028 1029 iov.iov_base = args->msg; 1030 iov.iov_len = args->msglen; 1031 1032 iov_iter_kvec(&msg.msg_iter, ITER_SOURCE, &iov, 1, args->msglen); 1033 mutex_lock(&sock_lock); 1034 1035 if (!sock) { 1036 pr_err("%s called without initializing sock", __func__); 1037 err = -EPERM; 1038 goto out; 1039 } 1040 1041 err = sock_sendmsg(sock, &msg); 1042 args->addr.addrlen = msg.msg_namelen; 1043 out: 1044 mutex_unlock(&sock_lock); 1045 1046 return err; 1047 } 1048 1049 __bpf_kfunc int bpf_kfunc_call_kernel_getsockname(struct addr_args *args) 1050 { 1051 int err; 1052 1053 mutex_lock(&sock_lock); 1054 1055 if (!sock) { 1056 pr_err("%s called without initializing sock", __func__); 1057 err = -EPERM; 1058 goto out; 1059 } 1060 1061 err = kernel_getsockname(sock, (struct sockaddr *)&args->addr); 1062 if (err < 0) 1063 goto out; 1064 1065 args->addrlen = err; 1066 err = 0; 1067 out: 1068 mutex_unlock(&sock_lock); 1069 1070 return err; 1071 } 1072 1073 __bpf_kfunc int bpf_kfunc_call_kernel_getpeername(struct addr_args *args) 1074 { 1075 int err; 1076 1077 mutex_lock(&sock_lock); 1078 1079 if (!sock) { 1080 pr_err("%s called without initializing sock", __func__); 1081 err = -EPERM; 1082 goto out; 1083 } 1084 1085 err = kernel_getpeername(sock, (struct sockaddr *)&args->addr); 1086 if (err < 0) 1087 goto out; 1088 1089 args->addrlen = err; 1090 err = 0; 1091 out: 1092 mutex_unlock(&sock_lock); 1093 1094 return err; 1095 } 1096 1097 static DEFINE_MUTEX(st_ops_mutex); 1098 static struct bpf_testmod_st_ops *st_ops; 1099 1100 __bpf_kfunc int bpf_kfunc_st_ops_test_prologue(struct st_ops_args *args) 1101 { 1102 int ret = -1; 1103 1104 mutex_lock(&st_ops_mutex); 1105 if (st_ops && st_ops->test_prologue) 1106 ret = st_ops->test_prologue(args); 1107 mutex_unlock(&st_ops_mutex); 1108 1109 return ret; 1110 } 1111 1112 __bpf_kfunc int bpf_kfunc_st_ops_test_epilogue(struct st_ops_args *args) 1113 { 1114 int ret = -1; 1115 1116 mutex_lock(&st_ops_mutex); 1117 if (st_ops && st_ops->test_epilogue) 1118 ret = st_ops->test_epilogue(args); 1119 mutex_unlock(&st_ops_mutex); 1120 1121 return ret; 1122 } 1123 1124 __bpf_kfunc int bpf_kfunc_st_ops_test_pro_epilogue(struct st_ops_args *args) 1125 { 1126 int ret = -1; 1127 1128 mutex_lock(&st_ops_mutex); 1129 if (st_ops && st_ops->test_pro_epilogue) 1130 ret = st_ops->test_pro_epilogue(args); 1131 mutex_unlock(&st_ops_mutex); 1132 1133 return ret; 1134 } 1135 1136 __bpf_kfunc int bpf_kfunc_st_ops_inc10(struct st_ops_args *args) 1137 { 1138 args->a += 10; 1139 return args->a; 1140 } 1141 1142 __bpf_kfunc int bpf_kfunc_multi_st_ops_test_1(struct st_ops_args *args, u32 id); 1143 __bpf_kfunc int bpf_kfunc_multi_st_ops_test_1_impl(struct st_ops_args *args, void *aux_prog); 1144 1145 BTF_KFUNCS_START(bpf_testmod_check_kfunc_ids) 1146 BTF_ID_FLAGS(func, bpf_testmod_test_mod_kfunc) 1147 BTF_ID_FLAGS(func, bpf_kfunc_call_test1) 1148 BTF_ID_FLAGS(func, bpf_kfunc_call_test2) 1149 BTF_ID_FLAGS(func, bpf_kfunc_call_test3) 1150 BTF_ID_FLAGS(func, bpf_kfunc_call_test4) 1151 BTF_ID_FLAGS(func, bpf_kfunc_call_test_mem_len_pass1) 1152 BTF_ID_FLAGS(func, bpf_kfunc_call_test_mem_len_fail1) 1153 BTF_ID_FLAGS(func, bpf_kfunc_call_test_mem_len_fail2) 1154 BTF_ID_FLAGS(func, bpf_kfunc_call_test_acquire, KF_ACQUIRE | KF_RET_NULL) 1155 BTF_ID_FLAGS(func, bpf_kfunc_call_memb_acquire, KF_ACQUIRE | KF_RET_NULL) 1156 BTF_ID_FLAGS(func, bpf_kfunc_call_memb1_release, KF_RELEASE) 1157 BTF_ID_FLAGS(func, bpf_kfunc_call_test_get_rdwr_mem, KF_RET_NULL) 1158 BTF_ID_FLAGS(func, bpf_kfunc_call_test_get_rdonly_mem, KF_RET_NULL) 1159 BTF_ID_FLAGS(func, bpf_kfunc_call_test_acq_rdonly_mem, KF_ACQUIRE | KF_RET_NULL) 1160 BTF_ID_FLAGS(func, bpf_kfunc_call_int_mem_release, KF_RELEASE) 1161 BTF_ID_FLAGS(func, bpf_kfunc_call_test_pass_ctx) 1162 BTF_ID_FLAGS(func, bpf_kfunc_call_test_pass1) 1163 BTF_ID_FLAGS(func, bpf_kfunc_call_test_pass2) 1164 BTF_ID_FLAGS(func, bpf_kfunc_call_test_fail1) 1165 BTF_ID_FLAGS(func, bpf_kfunc_call_test_fail2) 1166 BTF_ID_FLAGS(func, bpf_kfunc_call_test_fail3) 1167 BTF_ID_FLAGS(func, bpf_kfunc_call_test_ref, KF_RCU) 1168 BTF_ID_FLAGS(func, bpf_kfunc_call_test_destructive, KF_DESTRUCTIVE) 1169 BTF_ID_FLAGS(func, bpf_kfunc_call_test_static_unused_arg) 1170 BTF_ID_FLAGS(func, bpf_kfunc_call_test_offset) 1171 BTF_ID_FLAGS(func, bpf_kfunc_call_test_sleepable, KF_SLEEPABLE) 1172 BTF_ID_FLAGS(func, bpf_kfunc_init_sock, KF_SLEEPABLE) 1173 BTF_ID_FLAGS(func, bpf_kfunc_close_sock, KF_SLEEPABLE) 1174 BTF_ID_FLAGS(func, bpf_kfunc_call_kernel_connect, KF_SLEEPABLE) 1175 BTF_ID_FLAGS(func, bpf_kfunc_call_kernel_bind, KF_SLEEPABLE) 1176 BTF_ID_FLAGS(func, bpf_kfunc_call_kernel_listen, KF_SLEEPABLE) 1177 BTF_ID_FLAGS(func, bpf_kfunc_call_kernel_sendmsg, KF_SLEEPABLE) 1178 BTF_ID_FLAGS(func, bpf_kfunc_call_sock_sendmsg, KF_SLEEPABLE) 1179 BTF_ID_FLAGS(func, bpf_kfunc_call_kernel_getsockname, KF_SLEEPABLE) 1180 BTF_ID_FLAGS(func, bpf_kfunc_call_kernel_getpeername, KF_SLEEPABLE) 1181 BTF_ID_FLAGS(func, bpf_kfunc_st_ops_test_prologue, KF_SLEEPABLE) 1182 BTF_ID_FLAGS(func, bpf_kfunc_st_ops_test_epilogue, KF_SLEEPABLE) 1183 BTF_ID_FLAGS(func, bpf_kfunc_st_ops_test_pro_epilogue, KF_SLEEPABLE) 1184 BTF_ID_FLAGS(func, bpf_kfunc_st_ops_inc10) 1185 BTF_ID_FLAGS(func, bpf_kfunc_multi_st_ops_test_1) 1186 BTF_ID_FLAGS(func, bpf_kfunc_multi_st_ops_test_1_impl) 1187 BTF_KFUNCS_END(bpf_testmod_check_kfunc_ids) 1188 1189 static int bpf_testmod_ops_init(struct btf *btf) 1190 { 1191 return 0; 1192 } 1193 1194 static bool bpf_testmod_ops_is_valid_access(int off, int size, 1195 enum bpf_access_type type, 1196 const struct bpf_prog *prog, 1197 struct bpf_insn_access_aux *info) 1198 { 1199 return bpf_tracing_btf_ctx_access(off, size, type, prog, info); 1200 } 1201 1202 static int bpf_testmod_ops_init_member(const struct btf_type *t, 1203 const struct btf_member *member, 1204 void *kdata, const void *udata) 1205 { 1206 if (member->offset == offsetof(struct bpf_testmod_ops, data) * 8) { 1207 /* For data fields, this function has to copy it and return 1208 * 1 to indicate that the data has been handled by the 1209 * struct_ops type, or the verifier will reject the map if 1210 * the value of the data field is not zero. 1211 */ 1212 ((struct bpf_testmod_ops *)kdata)->data = ((struct bpf_testmod_ops *)udata)->data; 1213 return 1; 1214 } 1215 return 0; 1216 } 1217 1218 static const struct btf_kfunc_id_set bpf_testmod_kfunc_set = { 1219 .owner = THIS_MODULE, 1220 .set = &bpf_testmod_check_kfunc_ids, 1221 }; 1222 1223 static const struct bpf_verifier_ops bpf_testmod_verifier_ops = { 1224 .get_func_proto = bpf_base_func_proto, 1225 .is_valid_access = bpf_testmod_ops_is_valid_access, 1226 }; 1227 1228 static const struct bpf_verifier_ops bpf_testmod_verifier_ops3 = { 1229 .is_valid_access = bpf_testmod_ops_is_valid_access, 1230 }; 1231 1232 static int bpf_dummy_reg(void *kdata, struct bpf_link *link) 1233 { 1234 struct bpf_testmod_ops *ops = kdata; 1235 1236 if (ops->test_1) 1237 ops->test_1(); 1238 /* Some test cases (ex. struct_ops_maybe_null) may not have test_2 1239 * initialized, so we need to check for NULL. 1240 */ 1241 if (ops->test_2) 1242 ops->test_2(4, ops->data); 1243 1244 return 0; 1245 } 1246 1247 static void bpf_dummy_unreg(void *kdata, struct bpf_link *link) 1248 { 1249 } 1250 1251 static int bpf_testmod_test_1(void) 1252 { 1253 return 0; 1254 } 1255 1256 static void bpf_testmod_test_2(int a, int b) 1257 { 1258 } 1259 1260 static int bpf_testmod_tramp(int value) 1261 { 1262 return 0; 1263 } 1264 1265 static int bpf_testmod_ops__test_maybe_null(int dummy, 1266 struct task_struct *task__nullable) 1267 { 1268 return 0; 1269 } 1270 1271 static int bpf_testmod_ops__test_refcounted(int dummy, 1272 struct task_struct *task__ref) 1273 { 1274 return 0; 1275 } 1276 1277 static struct task_struct * 1278 bpf_testmod_ops__test_return_ref_kptr(int dummy, struct task_struct *task__ref, 1279 struct cgroup *cgrp) 1280 { 1281 return NULL; 1282 } 1283 1284 static struct bpf_testmod_ops __bpf_testmod_ops = { 1285 .test_1 = bpf_testmod_test_1, 1286 .test_2 = bpf_testmod_test_2, 1287 .test_maybe_null = bpf_testmod_ops__test_maybe_null, 1288 .test_refcounted = bpf_testmod_ops__test_refcounted, 1289 .test_return_ref_kptr = bpf_testmod_ops__test_return_ref_kptr, 1290 }; 1291 1292 struct bpf_struct_ops bpf_bpf_testmod_ops = { 1293 .verifier_ops = &bpf_testmod_verifier_ops, 1294 .init = bpf_testmod_ops_init, 1295 .init_member = bpf_testmod_ops_init_member, 1296 .reg = bpf_dummy_reg, 1297 .unreg = bpf_dummy_unreg, 1298 .cfi_stubs = &__bpf_testmod_ops, 1299 .name = "bpf_testmod_ops", 1300 .owner = THIS_MODULE, 1301 }; 1302 1303 static int bpf_dummy_reg2(void *kdata, struct bpf_link *link) 1304 { 1305 struct bpf_testmod_ops2 *ops = kdata; 1306 1307 ops->test_1(); 1308 return 0; 1309 } 1310 1311 static struct bpf_testmod_ops2 __bpf_testmod_ops2 = { 1312 .test_1 = bpf_testmod_test_1, 1313 }; 1314 1315 struct bpf_struct_ops bpf_testmod_ops2 = { 1316 .verifier_ops = &bpf_testmod_verifier_ops, 1317 .init = bpf_testmod_ops_init, 1318 .init_member = bpf_testmod_ops_init_member, 1319 .reg = bpf_dummy_reg2, 1320 .unreg = bpf_dummy_unreg, 1321 .cfi_stubs = &__bpf_testmod_ops2, 1322 .name = "bpf_testmod_ops2", 1323 .owner = THIS_MODULE, 1324 }; 1325 1326 static int st_ops3_reg(void *kdata, struct bpf_link *link) 1327 { 1328 int err = 0; 1329 1330 mutex_lock(&st_ops_mutex); 1331 if (st_ops3) { 1332 pr_err("st_ops has already been registered\n"); 1333 err = -EEXIST; 1334 goto unlock; 1335 } 1336 st_ops3 = kdata; 1337 1338 unlock: 1339 mutex_unlock(&st_ops_mutex); 1340 return err; 1341 } 1342 1343 static void st_ops3_unreg(void *kdata, struct bpf_link *link) 1344 { 1345 mutex_lock(&st_ops_mutex); 1346 st_ops3 = NULL; 1347 mutex_unlock(&st_ops_mutex); 1348 } 1349 1350 static void test_1_recursion_detected(struct bpf_prog *prog) 1351 { 1352 struct bpf_prog_stats *stats; 1353 1354 stats = this_cpu_ptr(prog->stats); 1355 printk("bpf_testmod: oh no, recursing into test_1, recursion_misses %llu", 1356 u64_stats_read(&stats->misses)); 1357 } 1358 1359 static int st_ops3_check_member(const struct btf_type *t, 1360 const struct btf_member *member, 1361 const struct bpf_prog *prog) 1362 { 1363 u32 moff = __btf_member_bit_offset(t, member) / 8; 1364 1365 switch (moff) { 1366 case offsetof(struct bpf_testmod_ops3, test_1): 1367 prog->aux->priv_stack_requested = true; 1368 prog->aux->recursion_detected = test_1_recursion_detected; 1369 fallthrough; 1370 default: 1371 break; 1372 } 1373 return 0; 1374 } 1375 1376 struct bpf_struct_ops bpf_testmod_ops3 = { 1377 .verifier_ops = &bpf_testmod_verifier_ops3, 1378 .init = bpf_testmod_ops_init, 1379 .init_member = bpf_testmod_ops_init_member, 1380 .reg = st_ops3_reg, 1381 .unreg = st_ops3_unreg, 1382 .check_member = st_ops3_check_member, 1383 .cfi_stubs = &__bpf_testmod_ops3, 1384 .name = "bpf_testmod_ops3", 1385 .owner = THIS_MODULE, 1386 }; 1387 1388 static int bpf_test_mod_st_ops__test_prologue(struct st_ops_args *args) 1389 { 1390 return 0; 1391 } 1392 1393 static int bpf_test_mod_st_ops__test_epilogue(struct st_ops_args *args) 1394 { 1395 return 0; 1396 } 1397 1398 static int bpf_test_mod_st_ops__test_pro_epilogue(struct st_ops_args *args) 1399 { 1400 return 0; 1401 } 1402 1403 static int bpf_cgroup_from_id_id; 1404 static int bpf_cgroup_release_id; 1405 1406 static int st_ops_gen_prologue_with_kfunc(struct bpf_insn *insn_buf, bool direct_write, 1407 const struct bpf_prog *prog) 1408 { 1409 struct bpf_insn *insn = insn_buf; 1410 1411 /* r8 = r1; // r8 will be "u64 *ctx". 1412 * r1 = 0; 1413 * r0 = bpf_cgroup_from_id(r1); 1414 * if r0 != 0 goto pc+5; 1415 * r6 = r8[0]; // r6 will be "struct st_ops *args". 1416 * r7 = r6->a; 1417 * r7 += 1000; 1418 * r6->a = r7; 1419 * goto pc+2; 1420 * r1 = r0; 1421 * bpf_cgroup_release(r1); 1422 * r1 = r8; 1423 */ 1424 *insn++ = BPF_MOV64_REG(BPF_REG_8, BPF_REG_1); 1425 *insn++ = BPF_MOV64_IMM(BPF_REG_1, 0); 1426 *insn++ = BPF_CALL_KFUNC(0, bpf_cgroup_from_id_id); 1427 *insn++ = BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 5); 1428 *insn++ = BPF_LDX_MEM(BPF_DW, BPF_REG_6, BPF_REG_8, 0); 1429 *insn++ = BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_6, offsetof(struct st_ops_args, a)); 1430 *insn++ = BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, 1000); 1431 *insn++ = BPF_STX_MEM(BPF_DW, BPF_REG_6, BPF_REG_7, offsetof(struct st_ops_args, a)); 1432 *insn++ = BPF_JMP_IMM(BPF_JA, 0, 0, 2); 1433 *insn++ = BPF_MOV64_REG(BPF_REG_1, BPF_REG_0); 1434 *insn++ = BPF_CALL_KFUNC(0, bpf_cgroup_release_id); 1435 *insn++ = BPF_MOV64_REG(BPF_REG_1, BPF_REG_8); 1436 *insn++ = prog->insnsi[0]; 1437 1438 return insn - insn_buf; 1439 } 1440 1441 static int st_ops_gen_epilogue_with_kfunc(struct bpf_insn *insn_buf, const struct bpf_prog *prog, 1442 s16 ctx_stack_off) 1443 { 1444 struct bpf_insn *insn = insn_buf; 1445 1446 /* r1 = 0; 1447 * r6 = 0; 1448 * r0 = bpf_cgroup_from_id(r1); 1449 * if r0 != 0 goto pc+6; 1450 * r1 = stack[ctx_stack_off]; // r1 will be "u64 *ctx" 1451 * r1 = r1[0]; // r1 will be "struct st_ops *args" 1452 * r6 = r1->a; 1453 * r6 += 10000; 1454 * r1->a = r6; 1455 * goto pc+2 1456 * r1 = r0; 1457 * bpf_cgroup_release(r1); 1458 * r0 = r6; 1459 * r0 *= 2; 1460 * BPF_EXIT; 1461 */ 1462 *insn++ = BPF_MOV64_IMM(BPF_REG_1, 0); 1463 *insn++ = BPF_MOV64_IMM(BPF_REG_6, 0); 1464 *insn++ = BPF_CALL_KFUNC(0, bpf_cgroup_from_id_id); 1465 *insn++ = BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 6); 1466 *insn++ = BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_FP, ctx_stack_off); 1467 *insn++ = BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, 0); 1468 *insn++ = BPF_LDX_MEM(BPF_DW, BPF_REG_6, BPF_REG_1, offsetof(struct st_ops_args, a)); 1469 *insn++ = BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, 10000); 1470 *insn++ = BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_6, offsetof(struct st_ops_args, a)); 1471 *insn++ = BPF_JMP_IMM(BPF_JA, 0, 0, 2); 1472 *insn++ = BPF_MOV64_REG(BPF_REG_1, BPF_REG_0); 1473 *insn++ = BPF_CALL_KFUNC(0, bpf_cgroup_release_id); 1474 *insn++ = BPF_MOV64_REG(BPF_REG_0, BPF_REG_6); 1475 *insn++ = BPF_ALU64_IMM(BPF_MUL, BPF_REG_0, 2); 1476 *insn++ = BPF_EXIT_INSN(); 1477 1478 return insn - insn_buf; 1479 } 1480 1481 #define KFUNC_PRO_EPI_PREFIX "test_kfunc_" 1482 static int st_ops_gen_prologue(struct bpf_insn *insn_buf, bool direct_write, 1483 const struct bpf_prog *prog) 1484 { 1485 struct bpf_insn *insn = insn_buf; 1486 1487 if (strcmp(prog->aux->attach_func_name, "test_prologue") && 1488 strcmp(prog->aux->attach_func_name, "test_pro_epilogue")) 1489 return 0; 1490 1491 if (!strncmp(prog->aux->name, KFUNC_PRO_EPI_PREFIX, strlen(KFUNC_PRO_EPI_PREFIX))) 1492 return st_ops_gen_prologue_with_kfunc(insn_buf, direct_write, prog); 1493 1494 /* r6 = r1[0]; // r6 will be "struct st_ops *args". r1 is "u64 *ctx". 1495 * r7 = r6->a; 1496 * r7 += 1000; 1497 * r6->a = r7; 1498 */ 1499 *insn++ = BPF_LDX_MEM(BPF_DW, BPF_REG_6, BPF_REG_1, 0); 1500 *insn++ = BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_6, offsetof(struct st_ops_args, a)); 1501 *insn++ = BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, 1000); 1502 *insn++ = BPF_STX_MEM(BPF_DW, BPF_REG_6, BPF_REG_7, offsetof(struct st_ops_args, a)); 1503 *insn++ = prog->insnsi[0]; 1504 1505 return insn - insn_buf; 1506 } 1507 1508 static int st_ops_gen_epilogue(struct bpf_insn *insn_buf, const struct bpf_prog *prog, 1509 s16 ctx_stack_off) 1510 { 1511 struct bpf_insn *insn = insn_buf; 1512 1513 if (strcmp(prog->aux->attach_func_name, "test_epilogue") && 1514 strcmp(prog->aux->attach_func_name, "test_pro_epilogue")) 1515 return 0; 1516 1517 if (!strncmp(prog->aux->name, KFUNC_PRO_EPI_PREFIX, strlen(KFUNC_PRO_EPI_PREFIX))) 1518 return st_ops_gen_epilogue_with_kfunc(insn_buf, prog, ctx_stack_off); 1519 1520 /* r1 = stack[ctx_stack_off]; // r1 will be "u64 *ctx" 1521 * r1 = r1[0]; // r1 will be "struct st_ops *args" 1522 * r6 = r1->a; 1523 * r6 += 10000; 1524 * r1->a = r6; 1525 * r0 = r6; 1526 * r0 *= 2; 1527 * BPF_EXIT; 1528 */ 1529 *insn++ = BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_FP, ctx_stack_off); 1530 *insn++ = BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, 0); 1531 *insn++ = BPF_LDX_MEM(BPF_DW, BPF_REG_6, BPF_REG_1, offsetof(struct st_ops_args, a)); 1532 *insn++ = BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, 10000); 1533 *insn++ = BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_6, offsetof(struct st_ops_args, a)); 1534 *insn++ = BPF_MOV64_REG(BPF_REG_0, BPF_REG_6); 1535 *insn++ = BPF_ALU64_IMM(BPF_MUL, BPF_REG_0, 2); 1536 *insn++ = BPF_EXIT_INSN(); 1537 1538 return insn - insn_buf; 1539 } 1540 1541 static int st_ops_btf_struct_access(struct bpf_verifier_log *log, 1542 const struct bpf_reg_state *reg, 1543 int off, int size) 1544 { 1545 if (off < 0 || off + size > sizeof(struct st_ops_args)) 1546 return -EACCES; 1547 return 0; 1548 } 1549 1550 static const struct bpf_verifier_ops st_ops_verifier_ops = { 1551 .is_valid_access = bpf_testmod_ops_is_valid_access, 1552 .btf_struct_access = st_ops_btf_struct_access, 1553 .gen_prologue = st_ops_gen_prologue, 1554 .gen_epilogue = st_ops_gen_epilogue, 1555 .get_func_proto = bpf_base_func_proto, 1556 }; 1557 1558 static struct bpf_testmod_st_ops st_ops_cfi_stubs = { 1559 .test_prologue = bpf_test_mod_st_ops__test_prologue, 1560 .test_epilogue = bpf_test_mod_st_ops__test_epilogue, 1561 .test_pro_epilogue = bpf_test_mod_st_ops__test_pro_epilogue, 1562 }; 1563 1564 static int st_ops_reg(void *kdata, struct bpf_link *link) 1565 { 1566 int err = 0; 1567 1568 mutex_lock(&st_ops_mutex); 1569 if (st_ops) { 1570 pr_err("st_ops has already been registered\n"); 1571 err = -EEXIST; 1572 goto unlock; 1573 } 1574 st_ops = kdata; 1575 1576 unlock: 1577 mutex_unlock(&st_ops_mutex); 1578 return err; 1579 } 1580 1581 static void st_ops_unreg(void *kdata, struct bpf_link *link) 1582 { 1583 mutex_lock(&st_ops_mutex); 1584 st_ops = NULL; 1585 mutex_unlock(&st_ops_mutex); 1586 } 1587 1588 static int st_ops_init(struct btf *btf) 1589 { 1590 struct btf *kfunc_btf; 1591 1592 bpf_cgroup_from_id_id = bpf_find_btf_id("bpf_cgroup_from_id", BTF_KIND_FUNC, &kfunc_btf); 1593 bpf_cgroup_release_id = bpf_find_btf_id("bpf_cgroup_release", BTF_KIND_FUNC, &kfunc_btf); 1594 if (bpf_cgroup_from_id_id < 0 || bpf_cgroup_release_id < 0) 1595 return -EINVAL; 1596 1597 return 0; 1598 } 1599 1600 static int st_ops_init_member(const struct btf_type *t, 1601 const struct btf_member *member, 1602 void *kdata, const void *udata) 1603 { 1604 return 0; 1605 } 1606 1607 static struct bpf_struct_ops testmod_st_ops = { 1608 .verifier_ops = &st_ops_verifier_ops, 1609 .init = st_ops_init, 1610 .init_member = st_ops_init_member, 1611 .reg = st_ops_reg, 1612 .unreg = st_ops_unreg, 1613 .cfi_stubs = &st_ops_cfi_stubs, 1614 .name = "bpf_testmod_st_ops", 1615 .owner = THIS_MODULE, 1616 }; 1617 1618 struct hlist_head multi_st_ops_list; 1619 static DEFINE_SPINLOCK(multi_st_ops_lock); 1620 1621 static int multi_st_ops_init(struct btf *btf) 1622 { 1623 spin_lock_init(&multi_st_ops_lock); 1624 INIT_HLIST_HEAD(&multi_st_ops_list); 1625 1626 return 0; 1627 } 1628 1629 static int multi_st_ops_init_member(const struct btf_type *t, 1630 const struct btf_member *member, 1631 void *kdata, const void *udata) 1632 { 1633 return 0; 1634 } 1635 1636 static struct bpf_testmod_multi_st_ops *multi_st_ops_find_nolock(u32 id) 1637 { 1638 struct bpf_testmod_multi_st_ops *st_ops; 1639 1640 hlist_for_each_entry(st_ops, &multi_st_ops_list, node) { 1641 if (st_ops->id == id) 1642 return st_ops; 1643 } 1644 1645 return NULL; 1646 } 1647 1648 /* Call test_1() of the struct_ops map identified by the id */ 1649 int bpf_kfunc_multi_st_ops_test_1(struct st_ops_args *args, u32 id) 1650 { 1651 struct bpf_testmod_multi_st_ops *st_ops; 1652 unsigned long flags; 1653 int ret = -1; 1654 1655 spin_lock_irqsave(&multi_st_ops_lock, flags); 1656 st_ops = multi_st_ops_find_nolock(id); 1657 if (st_ops) 1658 ret = st_ops->test_1(args); 1659 spin_unlock_irqrestore(&multi_st_ops_lock, flags); 1660 1661 return ret; 1662 } 1663 1664 /* Call test_1() of the associated struct_ops map */ 1665 int bpf_kfunc_multi_st_ops_test_1_impl(struct st_ops_args *args, void *aux__prog) 1666 { 1667 struct bpf_prog_aux *prog_aux = (struct bpf_prog_aux *)aux__prog; 1668 struct bpf_testmod_multi_st_ops *st_ops; 1669 int ret = -1; 1670 1671 st_ops = (struct bpf_testmod_multi_st_ops *)bpf_prog_get_assoc_struct_ops(prog_aux); 1672 if (st_ops) 1673 ret = st_ops->test_1(args); 1674 1675 return ret; 1676 } 1677 1678 static int multi_st_ops_reg(void *kdata, struct bpf_link *link) 1679 { 1680 struct bpf_testmod_multi_st_ops *st_ops = 1681 (struct bpf_testmod_multi_st_ops *)kdata; 1682 unsigned long flags; 1683 int err = 0; 1684 u32 id; 1685 1686 if (!st_ops->test_1) 1687 return -EINVAL; 1688 1689 id = bpf_struct_ops_id(kdata); 1690 1691 spin_lock_irqsave(&multi_st_ops_lock, flags); 1692 if (multi_st_ops_find_nolock(id)) { 1693 pr_err("multi_st_ops(id:%d) has already been registered\n", id); 1694 err = -EEXIST; 1695 goto unlock; 1696 } 1697 1698 st_ops->id = id; 1699 hlist_add_head(&st_ops->node, &multi_st_ops_list); 1700 unlock: 1701 spin_unlock_irqrestore(&multi_st_ops_lock, flags); 1702 1703 return err; 1704 } 1705 1706 static void multi_st_ops_unreg(void *kdata, struct bpf_link *link) 1707 { 1708 struct bpf_testmod_multi_st_ops *st_ops; 1709 unsigned long flags; 1710 u32 id; 1711 1712 id = bpf_struct_ops_id(kdata); 1713 1714 spin_lock_irqsave(&multi_st_ops_lock, flags); 1715 st_ops = multi_st_ops_find_nolock(id); 1716 if (st_ops) 1717 hlist_del(&st_ops->node); 1718 spin_unlock_irqrestore(&multi_st_ops_lock, flags); 1719 } 1720 1721 static int bpf_testmod_multi_st_ops__test_1(struct st_ops_args *args) 1722 { 1723 return 0; 1724 } 1725 1726 static struct bpf_testmod_multi_st_ops multi_st_ops_cfi_stubs = { 1727 .test_1 = bpf_testmod_multi_st_ops__test_1, 1728 }; 1729 1730 struct bpf_struct_ops testmod_multi_st_ops = { 1731 .verifier_ops = &bpf_testmod_verifier_ops, 1732 .init = multi_st_ops_init, 1733 .init_member = multi_st_ops_init_member, 1734 .reg = multi_st_ops_reg, 1735 .unreg = multi_st_ops_unreg, 1736 .cfi_stubs = &multi_st_ops_cfi_stubs, 1737 .name = "bpf_testmod_multi_st_ops", 1738 .owner = THIS_MODULE, 1739 }; 1740 1741 extern int bpf_fentry_test1(int a); 1742 1743 static int bpf_testmod_init(void) 1744 { 1745 const struct btf_id_dtor_kfunc bpf_testmod_dtors[] = { 1746 { 1747 .btf_id = bpf_testmod_dtor_ids[0], 1748 .kfunc_btf_id = bpf_testmod_dtor_ids[1] 1749 }, 1750 }; 1751 void **tramp; 1752 int ret; 1753 1754 ret = register_btf_kfunc_id_set(BPF_PROG_TYPE_UNSPEC, &bpf_testmod_common_kfunc_set); 1755 ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_SCHED_CLS, &bpf_testmod_kfunc_set); 1756 ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_TRACING, &bpf_testmod_kfunc_set); 1757 ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_SYSCALL, &bpf_testmod_kfunc_set); 1758 ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_STRUCT_OPS, &bpf_testmod_kfunc_set); 1759 ret = ret ?: register_bpf_struct_ops(&bpf_bpf_testmod_ops, bpf_testmod_ops); 1760 ret = ret ?: register_bpf_struct_ops(&bpf_testmod_ops2, bpf_testmod_ops2); 1761 ret = ret ?: register_bpf_struct_ops(&bpf_testmod_ops3, bpf_testmod_ops3); 1762 ret = ret ?: register_bpf_struct_ops(&testmod_st_ops, bpf_testmod_st_ops); 1763 ret = ret ?: register_bpf_struct_ops(&testmod_multi_st_ops, bpf_testmod_multi_st_ops); 1764 ret = ret ?: register_btf_id_dtor_kfuncs(bpf_testmod_dtors, 1765 ARRAY_SIZE(bpf_testmod_dtors), 1766 THIS_MODULE); 1767 if (ret < 0) 1768 return ret; 1769 if (bpf_fentry_test1(0) < 0) 1770 return -EINVAL; 1771 sock = NULL; 1772 mutex_init(&sock_lock); 1773 ret = sysfs_create_bin_file(kernel_kobj, &bin_attr_bpf_testmod_file); 1774 if (ret < 0) 1775 return ret; 1776 ret = register_bpf_testmod_uprobe(); 1777 if (ret < 0) 1778 return ret; 1779 1780 /* Ensure nothing is between tramp_1..tramp_40 */ 1781 BUILD_BUG_ON(offsetof(struct bpf_testmod_ops, tramp_1) + 40 * sizeof(long) != 1782 offsetofend(struct bpf_testmod_ops, tramp_40)); 1783 tramp = (void **)&__bpf_testmod_ops.tramp_1; 1784 while (tramp <= (void **)&__bpf_testmod_ops.tramp_40) 1785 *tramp++ = bpf_testmod_tramp; 1786 1787 return 0; 1788 } 1789 1790 static void bpf_testmod_exit(void) 1791 { 1792 /* Need to wait for all references to be dropped because 1793 * bpf_kfunc_call_test_release() which currently resides in kernel can 1794 * be called after bpf_testmod is unloaded. Once release function is 1795 * moved into the module this wait can be removed. 1796 */ 1797 while (refcount_read(&prog_test_struct.cnt) > 1) 1798 msleep(20); 1799 1800 bpf_kfunc_close_sock(); 1801 sysfs_remove_bin_file(kernel_kobj, &bin_attr_bpf_testmod_file); 1802 unregister_bpf_testmod_uprobe(); 1803 } 1804 1805 module_init(bpf_testmod_init); 1806 module_exit(bpf_testmod_exit); 1807 1808 MODULE_AUTHOR("Andrii Nakryiko"); 1809 MODULE_DESCRIPTION("BPF selftests module"); 1810 MODULE_LICENSE("Dual BSD/GPL"); 1811