1// SPDX-License-Identifier: GPL-2.0
2/* Copyright (c) 2022 Facebook */
3
4#include <string.h>
5#include <stdbool.h>
6#include <linux/bpf.h>
7#include <bpf/bpf_helpers.h>
8#include "bpf_misc.h"
9#include "bpf_kfuncs.h"
10#include "errno.h"
11
12char _license[] SEC("license") = "GPL";
13
14int pid, err, val;
15
16struct sample {
17	int pid;
18	int seq;
19	long value;
20	char comm[16];
21};
22
23struct {
24	__uint(type, BPF_MAP_TYPE_RINGBUF);
25	__uint(max_entries, 4096);
26} ringbuf SEC(".maps");
27
28struct {
29	__uint(type, BPF_MAP_TYPE_ARRAY);
30	__uint(max_entries, 1);
31	__type(key, __u32);
32	__type(value, __u32);
33} array_map SEC(".maps");
34
35SEC("?tp/syscalls/sys_enter_nanosleep")
36int test_read_write(void *ctx)
37{
38	char write_data[64] = "hello there, world!!";
39	char read_data[64] = {};
40	struct bpf_dynptr ptr;
41	int i;
42
43	if (bpf_get_current_pid_tgid() >> 32 != pid)
44		return 0;
45
46	bpf_ringbuf_reserve_dynptr(&ringbuf, sizeof(write_data), 0, &ptr);
47
48	/* Write data into the dynptr */
49	err = bpf_dynptr_write(&ptr, 0, write_data, sizeof(write_data), 0);
50
51	/* Read the data that was written into the dynptr */
52	err = err ?: bpf_dynptr_read(read_data, sizeof(read_data), &ptr, 0, 0);
53
54	/* Ensure the data we read matches the data we wrote */
55	for (i = 0; i < sizeof(read_data); i++) {
56		if (read_data[i] != write_data[i]) {
57			err = 1;
58			break;
59		}
60	}
61
62	bpf_ringbuf_discard_dynptr(&ptr, 0);
63	return 0;
64}
65
66SEC("?tp/syscalls/sys_enter_nanosleep")
67int test_dynptr_data(void *ctx)
68{
69	__u32 key = 0, val = 235, *map_val;
70	struct bpf_dynptr ptr;
71	__u32 map_val_size;
72	void *data;
73
74	map_val_size = sizeof(*map_val);
75
76	if (bpf_get_current_pid_tgid() >> 32 != pid)
77		return 0;
78
79	bpf_map_update_elem(&array_map, &key, &val, 0);
80
81	map_val = bpf_map_lookup_elem(&array_map, &key);
82	if (!map_val) {
83		err = 1;
84		return 0;
85	}
86
87	bpf_dynptr_from_mem(map_val, map_val_size, 0, &ptr);
88
89	/* Try getting a data slice that is out of range */
90	data = bpf_dynptr_data(&ptr, map_val_size + 1, 1);
91	if (data) {
92		err = 2;
93		return 0;
94	}
95
96	/* Try getting more bytes than available */
97	data = bpf_dynptr_data(&ptr, 0, map_val_size + 1);
98	if (data) {
99		err = 3;
100		return 0;
101	}
102
103	data = bpf_dynptr_data(&ptr, 0, sizeof(__u32));
104	if (!data) {
105		err = 4;
106		return 0;
107	}
108
109	*(__u32 *)data = 999;
110
111	err = bpf_probe_read_kernel(&val, sizeof(val), data);
112	if (err)
113		return 0;
114
115	if (val != *(int *)data)
116		err = 5;
117
118	return 0;
119}
120
121static int ringbuf_callback(__u32 index, void *data)
122{
123	struct sample *sample;
124
125	struct bpf_dynptr *ptr = (struct bpf_dynptr *)data;
126
127	sample = bpf_dynptr_data(ptr, 0, sizeof(*sample));
128	if (!sample)
129		err = 2;
130	else
131		sample->pid += index;
132
133	return 0;
134}
135
136SEC("?tp/syscalls/sys_enter_nanosleep")
137int test_ringbuf(void *ctx)
138{
139	struct bpf_dynptr ptr;
140	struct sample *sample;
141
142	if (bpf_get_current_pid_tgid() >> 32 != pid)
143		return 0;
144
145	val = 100;
146
147	/* check that you can reserve a dynamic size reservation */
148	err = bpf_ringbuf_reserve_dynptr(&ringbuf, val, 0, &ptr);
149
150	sample = err ? NULL : bpf_dynptr_data(&ptr, 0, sizeof(*sample));
151	if (!sample) {
152		err = 1;
153		goto done;
154	}
155
156	sample->pid = 10;
157
158	/* Can pass dynptr to callback functions */
159	bpf_loop(10, ringbuf_callback, &ptr, 0);
160
161	if (sample->pid != 55)
162		err = 2;
163
164done:
165	bpf_ringbuf_discard_dynptr(&ptr, 0);
166	return 0;
167}
168
169SEC("?cgroup_skb/egress")
170int test_skb_readonly(struct __sk_buff *skb)
171{
172	__u8 write_data[2] = {1, 2};
173	struct bpf_dynptr ptr;
174	int ret;
175
176	if (bpf_dynptr_from_skb(skb, 0, &ptr)) {
177		err = 1;
178		return 1;
179	}
180
181	/* since cgroup skbs are read only, writes should fail */
182	ret = bpf_dynptr_write(&ptr, 0, write_data, sizeof(write_data), 0);
183	if (ret != -EINVAL) {
184		err = 2;
185		return 1;
186	}
187
188	return 1;
189}
190
191SEC("?cgroup_skb/egress")
192int test_dynptr_skb_data(struct __sk_buff *skb)
193{
194	struct bpf_dynptr ptr;
195	__u64 *data;
196
197	if (bpf_dynptr_from_skb(skb, 0, &ptr)) {
198		err = 1;
199		return 1;
200	}
201
202	/* This should return NULL. Must use bpf_dynptr_slice API */
203	data = bpf_dynptr_data(&ptr, 0, 1);
204	if (data) {
205		err = 2;
206		return 1;
207	}
208
209	return 1;
210}
211
212SEC("tp/syscalls/sys_enter_nanosleep")
213int test_adjust(void *ctx)
214{
215	struct bpf_dynptr ptr;
216	__u32 bytes = 64;
217	__u32 off = 10;
218	__u32 trim = 15;
219
220	if (bpf_get_current_pid_tgid() >> 32 != pid)
221		return 0;
222
223	err = bpf_ringbuf_reserve_dynptr(&ringbuf, bytes, 0, &ptr);
224	if (err) {
225		err = 1;
226		goto done;
227	}
228
229	if (bpf_dynptr_size(&ptr) != bytes) {
230		err = 2;
231		goto done;
232	}
233
234	/* Advance the dynptr by off */
235	err = bpf_dynptr_adjust(&ptr, off, bpf_dynptr_size(&ptr));
236	if (err) {
237		err = 3;
238		goto done;
239	}
240
241	if (bpf_dynptr_size(&ptr) != bytes - off) {
242		err = 4;
243		goto done;
244	}
245
246	/* Trim the dynptr */
247	err = bpf_dynptr_adjust(&ptr, off, 15);
248	if (err) {
249		err = 5;
250		goto done;
251	}
252
253	/* Check that the size was adjusted correctly */
254	if (bpf_dynptr_size(&ptr) != trim - off) {
255		err = 6;
256		goto done;
257	}
258
259done:
260	bpf_ringbuf_discard_dynptr(&ptr, 0);
261	return 0;
262}
263
264SEC("tp/syscalls/sys_enter_nanosleep")
265int test_adjust_err(void *ctx)
266{
267	char write_data[45] = "hello there, world!!";
268	struct bpf_dynptr ptr;
269	__u32 size = 64;
270	__u32 off = 20;
271
272	if (bpf_get_current_pid_tgid() >> 32 != pid)
273		return 0;
274
275	if (bpf_ringbuf_reserve_dynptr(&ringbuf, size, 0, &ptr)) {
276		err = 1;
277		goto done;
278	}
279
280	/* Check that start can't be greater than end */
281	if (bpf_dynptr_adjust(&ptr, 5, 1) != -EINVAL) {
282		err = 2;
283		goto done;
284	}
285
286	/* Check that start can't be greater than size */
287	if (bpf_dynptr_adjust(&ptr, size + 1, size + 1) != -ERANGE) {
288		err = 3;
289		goto done;
290	}
291
292	/* Check that end can't be greater than size */
293	if (bpf_dynptr_adjust(&ptr, 0, size + 1) != -ERANGE) {
294		err = 4;
295		goto done;
296	}
297
298	if (bpf_dynptr_adjust(&ptr, off, size)) {
299		err = 5;
300		goto done;
301	}
302
303	/* Check that you can't write more bytes than available into the dynptr
304	 * after you've adjusted it
305	 */
306	if (bpf_dynptr_write(&ptr, 0, &write_data, sizeof(write_data), 0) != -E2BIG) {
307		err = 6;
308		goto done;
309	}
310
311	/* Check that even after adjusting, submitting/discarding
312	 * a ringbuf dynptr works
313	 */
314	bpf_ringbuf_submit_dynptr(&ptr, 0);
315	return 0;
316
317done:
318	bpf_ringbuf_discard_dynptr(&ptr, 0);
319	return 0;
320}
321
322SEC("tp/syscalls/sys_enter_nanosleep")
323int test_zero_size_dynptr(void *ctx)
324{
325	char write_data = 'x', read_data;
326	struct bpf_dynptr ptr;
327	__u32 size = 64;
328
329	if (bpf_get_current_pid_tgid() >> 32 != pid)
330		return 0;
331
332	if (bpf_ringbuf_reserve_dynptr(&ringbuf, size, 0, &ptr)) {
333		err = 1;
334		goto done;
335	}
336
337	/* After this, the dynptr has a size of 0 */
338	if (bpf_dynptr_adjust(&ptr, size, size)) {
339		err = 2;
340		goto done;
341	}
342
343	/* Test that reading + writing non-zero bytes is not ok */
344	if (bpf_dynptr_read(&read_data, sizeof(read_data), &ptr, 0, 0) != -E2BIG) {
345		err = 3;
346		goto done;
347	}
348
349	if (bpf_dynptr_write(&ptr, 0, &write_data, sizeof(write_data), 0) != -E2BIG) {
350		err = 4;
351		goto done;
352	}
353
354	/* Test that reading + writing 0 bytes from a 0-size dynptr is ok */
355	if (bpf_dynptr_read(&read_data, 0, &ptr, 0, 0)) {
356		err = 5;
357		goto done;
358	}
359
360	if (bpf_dynptr_write(&ptr, 0, &write_data, 0, 0)) {
361		err = 6;
362		goto done;
363	}
364
365	err = 0;
366
367done:
368	bpf_ringbuf_discard_dynptr(&ptr, 0);
369	return 0;
370}
371
372SEC("tp/syscalls/sys_enter_nanosleep")
373int test_dynptr_is_null(void *ctx)
374{
375	struct bpf_dynptr ptr1;
376	struct bpf_dynptr ptr2;
377	__u64 size = 4;
378
379	if (bpf_get_current_pid_tgid() >> 32 != pid)
380		return 0;
381
382	/* Pass in invalid flags, get back an invalid dynptr */
383	if (bpf_ringbuf_reserve_dynptr(&ringbuf, size, 123, &ptr1) != -EINVAL) {
384		err = 1;
385		goto exit_early;
386	}
387
388	/* Test that the invalid dynptr is null */
389	if (!bpf_dynptr_is_null(&ptr1)) {
390		err = 2;
391		goto exit_early;
392	}
393
394	/* Get a valid dynptr */
395	if (bpf_ringbuf_reserve_dynptr(&ringbuf, size, 0, &ptr2)) {
396		err = 3;
397		goto exit;
398	}
399
400	/* Test that the valid dynptr is not null */
401	if (bpf_dynptr_is_null(&ptr2)) {
402		err = 4;
403		goto exit;
404	}
405
406exit:
407	bpf_ringbuf_discard_dynptr(&ptr2, 0);
408exit_early:
409	bpf_ringbuf_discard_dynptr(&ptr1, 0);
410	return 0;
411}
412
413SEC("cgroup_skb/egress")
414int test_dynptr_is_rdonly(struct __sk_buff *skb)
415{
416	struct bpf_dynptr ptr1;
417	struct bpf_dynptr ptr2;
418	struct bpf_dynptr ptr3;
419
420	/* Pass in invalid flags, get back an invalid dynptr */
421	if (bpf_dynptr_from_skb(skb, 123, &ptr1) != -EINVAL) {
422		err = 1;
423		return 0;
424	}
425
426	/* Test that an invalid dynptr is_rdonly returns false */
427	if (bpf_dynptr_is_rdonly(&ptr1)) {
428		err = 2;
429		return 0;
430	}
431
432	/* Get a read-only dynptr */
433	if (bpf_dynptr_from_skb(skb, 0, &ptr2)) {
434		err = 3;
435		return 0;
436	}
437
438	/* Test that the dynptr is read-only */
439	if (!bpf_dynptr_is_rdonly(&ptr2)) {
440		err = 4;
441		return 0;
442	}
443
444	/* Get a read-writeable dynptr */
445	if (bpf_ringbuf_reserve_dynptr(&ringbuf, 64, 0, &ptr3)) {
446		err = 5;
447		goto done;
448	}
449
450	/* Test that the dynptr is read-only */
451	if (bpf_dynptr_is_rdonly(&ptr3)) {
452		err = 6;
453		goto done;
454	}
455
456done:
457	bpf_ringbuf_discard_dynptr(&ptr3, 0);
458	return 0;
459}
460
461SEC("cgroup_skb/egress")
462int test_dynptr_clone(struct __sk_buff *skb)
463{
464	struct bpf_dynptr ptr1;
465	struct bpf_dynptr ptr2;
466	__u32 off = 2, size;
467
468	/* Get a dynptr */
469	if (bpf_dynptr_from_skb(skb, 0, &ptr1)) {
470		err = 1;
471		return 0;
472	}
473
474	if (bpf_dynptr_adjust(&ptr1, off, bpf_dynptr_size(&ptr1))) {
475		err = 2;
476		return 0;
477	}
478
479	/* Clone the dynptr */
480	if (bpf_dynptr_clone(&ptr1, &ptr2)) {
481		err = 3;
482		return 0;
483	}
484
485	size = bpf_dynptr_size(&ptr1);
486
487	/* Check that the clone has the same size and rd-only */
488	if (bpf_dynptr_size(&ptr2) != size) {
489		err = 4;
490		return 0;
491	}
492
493	if (bpf_dynptr_is_rdonly(&ptr2) != bpf_dynptr_is_rdonly(&ptr1)) {
494		err = 5;
495		return 0;
496	}
497
498	/* Advance and trim the original dynptr */
499	bpf_dynptr_adjust(&ptr1, 5, 5);
500
501	/* Check that only original dynptr was affected, and the clone wasn't */
502	if (bpf_dynptr_size(&ptr2) != size) {
503		err = 6;
504		return 0;
505	}
506
507	return 0;
508}
509
510SEC("?cgroup_skb/egress")
511int test_dynptr_skb_no_buff(struct __sk_buff *skb)
512{
513	struct bpf_dynptr ptr;
514	__u64 *data;
515
516	if (bpf_dynptr_from_skb(skb, 0, &ptr)) {
517		err = 1;
518		return 1;
519	}
520
521	/* This may return NULL. SKB may require a buffer */
522	data = bpf_dynptr_slice(&ptr, 0, NULL, 1);
523
524	return !!data;
525}
526
527SEC("?cgroup_skb/egress")
528int test_dynptr_skb_strcmp(struct __sk_buff *skb)
529{
530	struct bpf_dynptr ptr;
531	char *data;
532
533	if (bpf_dynptr_from_skb(skb, 0, &ptr)) {
534		err = 1;
535		return 1;
536	}
537
538	/* This may return NULL. SKB may require a buffer */
539	data = bpf_dynptr_slice(&ptr, 0, NULL, 10);
540	if (data) {
541		bpf_strncmp(data, 10, "foo");
542		return 1;
543	}
544
545	return 1;
546}
547