1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0-only
2*4882a593Smuzhiyun /*
3*4882a593Smuzhiyun * Testsuite for eBPF verifier
4*4882a593Smuzhiyun *
5*4882a593Smuzhiyun * Copyright (c) 2014 PLUMgrid, http://plumgrid.com
6*4882a593Smuzhiyun * Copyright (c) 2017 Facebook
7*4882a593Smuzhiyun * Copyright (c) 2018 Covalent IO, Inc. http://covalent.io
8*4882a593Smuzhiyun */
9*4882a593Smuzhiyun
10*4882a593Smuzhiyun #include <endian.h>
11*4882a593Smuzhiyun #include <asm/types.h>
12*4882a593Smuzhiyun #include <linux/types.h>
13*4882a593Smuzhiyun #include <stdint.h>
14*4882a593Smuzhiyun #include <stdio.h>
15*4882a593Smuzhiyun #include <stdlib.h>
16*4882a593Smuzhiyun #include <unistd.h>
17*4882a593Smuzhiyun #include <errno.h>
18*4882a593Smuzhiyun #include <string.h>
19*4882a593Smuzhiyun #include <stddef.h>
20*4882a593Smuzhiyun #include <stdbool.h>
21*4882a593Smuzhiyun #include <sched.h>
22*4882a593Smuzhiyun #include <limits.h>
23*4882a593Smuzhiyun #include <assert.h>
24*4882a593Smuzhiyun
25*4882a593Smuzhiyun #include <sys/capability.h>
26*4882a593Smuzhiyun
27*4882a593Smuzhiyun #include <linux/unistd.h>
28*4882a593Smuzhiyun #include <linux/filter.h>
29*4882a593Smuzhiyun #include <linux/bpf_perf_event.h>
30*4882a593Smuzhiyun #include <linux/bpf.h>
31*4882a593Smuzhiyun #include <linux/if_ether.h>
32*4882a593Smuzhiyun #include <linux/btf.h>
33*4882a593Smuzhiyun
34*4882a593Smuzhiyun #include <bpf/bpf.h>
35*4882a593Smuzhiyun #include <bpf/libbpf.h>
36*4882a593Smuzhiyun
37*4882a593Smuzhiyun #ifdef HAVE_GENHDR
38*4882a593Smuzhiyun # include "autoconf.h"
39*4882a593Smuzhiyun #else
40*4882a593Smuzhiyun # if defined(__i386) || defined(__x86_64) || defined(__s390x__) || defined(__aarch64__)
41*4882a593Smuzhiyun # define CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS 1
42*4882a593Smuzhiyun # endif
43*4882a593Smuzhiyun #endif
44*4882a593Smuzhiyun #include "bpf_rlimit.h"
45*4882a593Smuzhiyun #include "bpf_rand.h"
46*4882a593Smuzhiyun #include "bpf_util.h"
47*4882a593Smuzhiyun #include "test_btf.h"
48*4882a593Smuzhiyun #include "../../../include/linux/filter.h"
49*4882a593Smuzhiyun
50*4882a593Smuzhiyun #define MAX_INSNS BPF_MAXINSNS
51*4882a593Smuzhiyun #define MAX_TEST_INSNS 1000000
52*4882a593Smuzhiyun #define MAX_FIXUPS 8
53*4882a593Smuzhiyun #define MAX_NR_MAPS 20
54*4882a593Smuzhiyun #define MAX_TEST_RUNS 8
55*4882a593Smuzhiyun #define POINTER_VALUE 0xcafe4all
56*4882a593Smuzhiyun #define TEST_DATA_LEN 64
57*4882a593Smuzhiyun
58*4882a593Smuzhiyun #define F_NEEDS_EFFICIENT_UNALIGNED_ACCESS (1 << 0)
59*4882a593Smuzhiyun #define F_LOAD_WITH_STRICT_ALIGNMENT (1 << 1)
60*4882a593Smuzhiyun
61*4882a593Smuzhiyun #define UNPRIV_SYSCTL "kernel/unprivileged_bpf_disabled"
62*4882a593Smuzhiyun static bool unpriv_disabled = false;
63*4882a593Smuzhiyun static int skips;
64*4882a593Smuzhiyun static bool verbose = false;
65*4882a593Smuzhiyun
66*4882a593Smuzhiyun struct bpf_test {
67*4882a593Smuzhiyun const char *descr;
68*4882a593Smuzhiyun struct bpf_insn insns[MAX_INSNS];
69*4882a593Smuzhiyun struct bpf_insn *fill_insns;
70*4882a593Smuzhiyun int fixup_map_hash_8b[MAX_FIXUPS];
71*4882a593Smuzhiyun int fixup_map_hash_48b[MAX_FIXUPS];
72*4882a593Smuzhiyun int fixup_map_hash_16b[MAX_FIXUPS];
73*4882a593Smuzhiyun int fixup_map_array_48b[MAX_FIXUPS];
74*4882a593Smuzhiyun int fixup_map_sockmap[MAX_FIXUPS];
75*4882a593Smuzhiyun int fixup_map_sockhash[MAX_FIXUPS];
76*4882a593Smuzhiyun int fixup_map_xskmap[MAX_FIXUPS];
77*4882a593Smuzhiyun int fixup_map_stacktrace[MAX_FIXUPS];
78*4882a593Smuzhiyun int fixup_prog1[MAX_FIXUPS];
79*4882a593Smuzhiyun int fixup_prog2[MAX_FIXUPS];
80*4882a593Smuzhiyun int fixup_map_in_map[MAX_FIXUPS];
81*4882a593Smuzhiyun int fixup_cgroup_storage[MAX_FIXUPS];
82*4882a593Smuzhiyun int fixup_percpu_cgroup_storage[MAX_FIXUPS];
83*4882a593Smuzhiyun int fixup_map_spin_lock[MAX_FIXUPS];
84*4882a593Smuzhiyun int fixup_map_array_ro[MAX_FIXUPS];
85*4882a593Smuzhiyun int fixup_map_array_wo[MAX_FIXUPS];
86*4882a593Smuzhiyun int fixup_map_array_small[MAX_FIXUPS];
87*4882a593Smuzhiyun int fixup_sk_storage_map[MAX_FIXUPS];
88*4882a593Smuzhiyun int fixup_map_event_output[MAX_FIXUPS];
89*4882a593Smuzhiyun int fixup_map_reuseport_array[MAX_FIXUPS];
90*4882a593Smuzhiyun const char *errstr;
91*4882a593Smuzhiyun const char *errstr_unpriv;
92*4882a593Smuzhiyun uint32_t insn_processed;
93*4882a593Smuzhiyun int prog_len;
94*4882a593Smuzhiyun enum {
95*4882a593Smuzhiyun UNDEF,
96*4882a593Smuzhiyun ACCEPT,
97*4882a593Smuzhiyun REJECT,
98*4882a593Smuzhiyun VERBOSE_ACCEPT,
99*4882a593Smuzhiyun } result, result_unpriv;
100*4882a593Smuzhiyun enum bpf_prog_type prog_type;
101*4882a593Smuzhiyun uint8_t flags;
102*4882a593Smuzhiyun void (*fill_helper)(struct bpf_test *self);
103*4882a593Smuzhiyun int runs;
104*4882a593Smuzhiyun #define bpf_testdata_struct_t \
105*4882a593Smuzhiyun struct { \
106*4882a593Smuzhiyun uint32_t retval, retval_unpriv; \
107*4882a593Smuzhiyun union { \
108*4882a593Smuzhiyun __u8 data[TEST_DATA_LEN]; \
109*4882a593Smuzhiyun __u64 data64[TEST_DATA_LEN / 8]; \
110*4882a593Smuzhiyun }; \
111*4882a593Smuzhiyun }
112*4882a593Smuzhiyun union {
113*4882a593Smuzhiyun bpf_testdata_struct_t;
114*4882a593Smuzhiyun bpf_testdata_struct_t retvals[MAX_TEST_RUNS];
115*4882a593Smuzhiyun };
116*4882a593Smuzhiyun enum bpf_attach_type expected_attach_type;
117*4882a593Smuzhiyun const char *kfunc;
118*4882a593Smuzhiyun };
119*4882a593Smuzhiyun
120*4882a593Smuzhiyun /* Note we want this to be 64 bit aligned so that the end of our array is
121*4882a593Smuzhiyun * actually the end of the structure.
122*4882a593Smuzhiyun */
123*4882a593Smuzhiyun #define MAX_ENTRIES 11
124*4882a593Smuzhiyun
125*4882a593Smuzhiyun struct test_val {
126*4882a593Smuzhiyun unsigned int index;
127*4882a593Smuzhiyun int foo[MAX_ENTRIES];
128*4882a593Smuzhiyun };
129*4882a593Smuzhiyun
130*4882a593Smuzhiyun struct other_val {
131*4882a593Smuzhiyun long long foo;
132*4882a593Smuzhiyun long long bar;
133*4882a593Smuzhiyun };
134*4882a593Smuzhiyun
bpf_fill_ld_abs_vlan_push_pop(struct bpf_test * self)135*4882a593Smuzhiyun static void bpf_fill_ld_abs_vlan_push_pop(struct bpf_test *self)
136*4882a593Smuzhiyun {
137*4882a593Smuzhiyun /* test: {skb->data[0], vlan_push} x 51 + {skb->data[0], vlan_pop} x 51 */
138*4882a593Smuzhiyun #define PUSH_CNT 51
139*4882a593Smuzhiyun /* jump range is limited to 16 bit. PUSH_CNT of ld_abs needs room */
140*4882a593Smuzhiyun unsigned int len = (1 << 15) - PUSH_CNT * 2 * 5 * 6;
141*4882a593Smuzhiyun struct bpf_insn *insn = self->fill_insns;
142*4882a593Smuzhiyun int i = 0, j, k = 0;
143*4882a593Smuzhiyun
144*4882a593Smuzhiyun insn[i++] = BPF_MOV64_REG(BPF_REG_6, BPF_REG_1);
145*4882a593Smuzhiyun loop:
146*4882a593Smuzhiyun for (j = 0; j < PUSH_CNT; j++) {
147*4882a593Smuzhiyun insn[i++] = BPF_LD_ABS(BPF_B, 0);
148*4882a593Smuzhiyun /* jump to error label */
149*4882a593Smuzhiyun insn[i] = BPF_JMP32_IMM(BPF_JNE, BPF_REG_0, 0x34, len - i - 3);
150*4882a593Smuzhiyun i++;
151*4882a593Smuzhiyun insn[i++] = BPF_MOV64_REG(BPF_REG_1, BPF_REG_6);
152*4882a593Smuzhiyun insn[i++] = BPF_MOV64_IMM(BPF_REG_2, 1);
153*4882a593Smuzhiyun insn[i++] = BPF_MOV64_IMM(BPF_REG_3, 2);
154*4882a593Smuzhiyun insn[i++] = BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
155*4882a593Smuzhiyun BPF_FUNC_skb_vlan_push),
156*4882a593Smuzhiyun insn[i] = BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, len - i - 3);
157*4882a593Smuzhiyun i++;
158*4882a593Smuzhiyun }
159*4882a593Smuzhiyun
160*4882a593Smuzhiyun for (j = 0; j < PUSH_CNT; j++) {
161*4882a593Smuzhiyun insn[i++] = BPF_LD_ABS(BPF_B, 0);
162*4882a593Smuzhiyun insn[i] = BPF_JMP32_IMM(BPF_JNE, BPF_REG_0, 0x34, len - i - 3);
163*4882a593Smuzhiyun i++;
164*4882a593Smuzhiyun insn[i++] = BPF_MOV64_REG(BPF_REG_1, BPF_REG_6);
165*4882a593Smuzhiyun insn[i++] = BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
166*4882a593Smuzhiyun BPF_FUNC_skb_vlan_pop),
167*4882a593Smuzhiyun insn[i] = BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, len - i - 3);
168*4882a593Smuzhiyun i++;
169*4882a593Smuzhiyun }
170*4882a593Smuzhiyun if (++k < 5)
171*4882a593Smuzhiyun goto loop;
172*4882a593Smuzhiyun
173*4882a593Smuzhiyun for (; i < len - 3; i++)
174*4882a593Smuzhiyun insn[i] = BPF_ALU64_IMM(BPF_MOV, BPF_REG_0, 0xbef);
175*4882a593Smuzhiyun insn[len - 3] = BPF_JMP_A(1);
176*4882a593Smuzhiyun /* error label */
177*4882a593Smuzhiyun insn[len - 2] = BPF_MOV32_IMM(BPF_REG_0, 0);
178*4882a593Smuzhiyun insn[len - 1] = BPF_EXIT_INSN();
179*4882a593Smuzhiyun self->prog_len = len;
180*4882a593Smuzhiyun }
181*4882a593Smuzhiyun
bpf_fill_jump_around_ld_abs(struct bpf_test * self)182*4882a593Smuzhiyun static void bpf_fill_jump_around_ld_abs(struct bpf_test *self)
183*4882a593Smuzhiyun {
184*4882a593Smuzhiyun struct bpf_insn *insn = self->fill_insns;
185*4882a593Smuzhiyun /* jump range is limited to 16 bit. every ld_abs is replaced by 6 insns,
186*4882a593Smuzhiyun * but on arches like arm, ppc etc, there will be one BPF_ZEXT inserted
187*4882a593Smuzhiyun * to extend the error value of the inlined ld_abs sequence which then
188*4882a593Smuzhiyun * contains 7 insns. so, set the dividend to 7 so the testcase could
189*4882a593Smuzhiyun * work on all arches.
190*4882a593Smuzhiyun */
191*4882a593Smuzhiyun unsigned int len = (1 << 15) / 7;
192*4882a593Smuzhiyun int i = 0;
193*4882a593Smuzhiyun
194*4882a593Smuzhiyun insn[i++] = BPF_MOV64_REG(BPF_REG_6, BPF_REG_1);
195*4882a593Smuzhiyun insn[i++] = BPF_LD_ABS(BPF_B, 0);
196*4882a593Smuzhiyun insn[i] = BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 10, len - i - 2);
197*4882a593Smuzhiyun i++;
198*4882a593Smuzhiyun while (i < len - 1)
199*4882a593Smuzhiyun insn[i++] = BPF_LD_ABS(BPF_B, 1);
200*4882a593Smuzhiyun insn[i] = BPF_EXIT_INSN();
201*4882a593Smuzhiyun self->prog_len = i + 1;
202*4882a593Smuzhiyun }
203*4882a593Smuzhiyun
bpf_fill_rand_ld_dw(struct bpf_test * self)204*4882a593Smuzhiyun static void bpf_fill_rand_ld_dw(struct bpf_test *self)
205*4882a593Smuzhiyun {
206*4882a593Smuzhiyun struct bpf_insn *insn = self->fill_insns;
207*4882a593Smuzhiyun uint64_t res = 0;
208*4882a593Smuzhiyun int i = 0;
209*4882a593Smuzhiyun
210*4882a593Smuzhiyun insn[i++] = BPF_MOV32_IMM(BPF_REG_0, 0);
211*4882a593Smuzhiyun while (i < self->retval) {
212*4882a593Smuzhiyun uint64_t val = bpf_semi_rand_get();
213*4882a593Smuzhiyun struct bpf_insn tmp[2] = { BPF_LD_IMM64(BPF_REG_1, val) };
214*4882a593Smuzhiyun
215*4882a593Smuzhiyun res ^= val;
216*4882a593Smuzhiyun insn[i++] = tmp[0];
217*4882a593Smuzhiyun insn[i++] = tmp[1];
218*4882a593Smuzhiyun insn[i++] = BPF_ALU64_REG(BPF_XOR, BPF_REG_0, BPF_REG_1);
219*4882a593Smuzhiyun }
220*4882a593Smuzhiyun insn[i++] = BPF_MOV64_REG(BPF_REG_1, BPF_REG_0);
221*4882a593Smuzhiyun insn[i++] = BPF_ALU64_IMM(BPF_RSH, BPF_REG_1, 32);
222*4882a593Smuzhiyun insn[i++] = BPF_ALU64_REG(BPF_XOR, BPF_REG_0, BPF_REG_1);
223*4882a593Smuzhiyun insn[i] = BPF_EXIT_INSN();
224*4882a593Smuzhiyun self->prog_len = i + 1;
225*4882a593Smuzhiyun res ^= (res >> 32);
226*4882a593Smuzhiyun self->retval = (uint32_t)res;
227*4882a593Smuzhiyun }
228*4882a593Smuzhiyun
229*4882a593Smuzhiyun #define MAX_JMP_SEQ 8192
230*4882a593Smuzhiyun
231*4882a593Smuzhiyun /* test the sequence of 8k jumps */
bpf_fill_scale1(struct bpf_test * self)232*4882a593Smuzhiyun static void bpf_fill_scale1(struct bpf_test *self)
233*4882a593Smuzhiyun {
234*4882a593Smuzhiyun struct bpf_insn *insn = self->fill_insns;
235*4882a593Smuzhiyun int i = 0, k = 0;
236*4882a593Smuzhiyun
237*4882a593Smuzhiyun insn[i++] = BPF_MOV64_REG(BPF_REG_6, BPF_REG_1);
238*4882a593Smuzhiyun /* test to check that the long sequence of jumps is acceptable */
239*4882a593Smuzhiyun while (k++ < MAX_JMP_SEQ) {
240*4882a593Smuzhiyun insn[i++] = BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
241*4882a593Smuzhiyun BPF_FUNC_get_prandom_u32);
242*4882a593Smuzhiyun insn[i++] = BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, bpf_semi_rand_get(), 2);
243*4882a593Smuzhiyun insn[i++] = BPF_MOV64_REG(BPF_REG_1, BPF_REG_10);
244*4882a593Smuzhiyun insn[i++] = BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_6,
245*4882a593Smuzhiyun -8 * (k % 64 + 1));
246*4882a593Smuzhiyun }
247*4882a593Smuzhiyun /* is_state_visited() doesn't allocate state for pruning for every jump.
248*4882a593Smuzhiyun * Hence multiply jmps by 4 to accommodate that heuristic
249*4882a593Smuzhiyun */
250*4882a593Smuzhiyun while (i < MAX_TEST_INSNS - MAX_JMP_SEQ * 4)
251*4882a593Smuzhiyun insn[i++] = BPF_ALU64_IMM(BPF_MOV, BPF_REG_0, 42);
252*4882a593Smuzhiyun insn[i] = BPF_EXIT_INSN();
253*4882a593Smuzhiyun self->prog_len = i + 1;
254*4882a593Smuzhiyun self->retval = 42;
255*4882a593Smuzhiyun }
256*4882a593Smuzhiyun
257*4882a593Smuzhiyun /* test the sequence of 8k jumps in inner most function (function depth 8)*/
bpf_fill_scale2(struct bpf_test * self)258*4882a593Smuzhiyun static void bpf_fill_scale2(struct bpf_test *self)
259*4882a593Smuzhiyun {
260*4882a593Smuzhiyun struct bpf_insn *insn = self->fill_insns;
261*4882a593Smuzhiyun int i = 0, k = 0;
262*4882a593Smuzhiyun
263*4882a593Smuzhiyun #define FUNC_NEST 7
264*4882a593Smuzhiyun for (k = 0; k < FUNC_NEST; k++) {
265*4882a593Smuzhiyun insn[i++] = BPF_CALL_REL(1);
266*4882a593Smuzhiyun insn[i++] = BPF_EXIT_INSN();
267*4882a593Smuzhiyun }
268*4882a593Smuzhiyun insn[i++] = BPF_MOV64_REG(BPF_REG_6, BPF_REG_1);
269*4882a593Smuzhiyun /* test to check that the long sequence of jumps is acceptable */
270*4882a593Smuzhiyun k = 0;
271*4882a593Smuzhiyun while (k++ < MAX_JMP_SEQ) {
272*4882a593Smuzhiyun insn[i++] = BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
273*4882a593Smuzhiyun BPF_FUNC_get_prandom_u32);
274*4882a593Smuzhiyun insn[i++] = BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, bpf_semi_rand_get(), 2);
275*4882a593Smuzhiyun insn[i++] = BPF_MOV64_REG(BPF_REG_1, BPF_REG_10);
276*4882a593Smuzhiyun insn[i++] = BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_6,
277*4882a593Smuzhiyun -8 * (k % (64 - 4 * FUNC_NEST) + 1));
278*4882a593Smuzhiyun }
279*4882a593Smuzhiyun while (i < MAX_TEST_INSNS - MAX_JMP_SEQ * 4)
280*4882a593Smuzhiyun insn[i++] = BPF_ALU64_IMM(BPF_MOV, BPF_REG_0, 42);
281*4882a593Smuzhiyun insn[i] = BPF_EXIT_INSN();
282*4882a593Smuzhiyun self->prog_len = i + 1;
283*4882a593Smuzhiyun self->retval = 42;
284*4882a593Smuzhiyun }
285*4882a593Smuzhiyun
bpf_fill_scale(struct bpf_test * self)286*4882a593Smuzhiyun static void bpf_fill_scale(struct bpf_test *self)
287*4882a593Smuzhiyun {
288*4882a593Smuzhiyun switch (self->retval) {
289*4882a593Smuzhiyun case 1:
290*4882a593Smuzhiyun return bpf_fill_scale1(self);
291*4882a593Smuzhiyun case 2:
292*4882a593Smuzhiyun return bpf_fill_scale2(self);
293*4882a593Smuzhiyun default:
294*4882a593Smuzhiyun self->prog_len = 0;
295*4882a593Smuzhiyun break;
296*4882a593Smuzhiyun }
297*4882a593Smuzhiyun }
298*4882a593Smuzhiyun
299*4882a593Smuzhiyun /* BPF_SK_LOOKUP contains 13 instructions, if you need to fix up maps */
300*4882a593Smuzhiyun #define BPF_SK_LOOKUP(func) \
301*4882a593Smuzhiyun /* struct bpf_sock_tuple tuple = {} */ \
302*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_2, 0), \
303*4882a593Smuzhiyun BPF_STX_MEM(BPF_W, BPF_REG_10, BPF_REG_2, -8), \
304*4882a593Smuzhiyun BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -16), \
305*4882a593Smuzhiyun BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -24), \
306*4882a593Smuzhiyun BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -32), \
307*4882a593Smuzhiyun BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -40), \
308*4882a593Smuzhiyun BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -48), \
309*4882a593Smuzhiyun /* sk = func(ctx, &tuple, sizeof tuple, 0, 0) */ \
310*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), \
311*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -48), \
312*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_3, sizeof(struct bpf_sock_tuple)), \
313*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_4, 0), \
314*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_5, 0), \
315*4882a593Smuzhiyun BPF_EMIT_CALL(BPF_FUNC_ ## func)
316*4882a593Smuzhiyun
317*4882a593Smuzhiyun /* BPF_DIRECT_PKT_R2 contains 7 instructions, it initializes default return
318*4882a593Smuzhiyun * value into 0 and does necessary preparation for direct packet access
319*4882a593Smuzhiyun * through r2. The allowed access range is 8 bytes.
320*4882a593Smuzhiyun */
321*4882a593Smuzhiyun #define BPF_DIRECT_PKT_R2 \
322*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 0), \
323*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, \
324*4882a593Smuzhiyun offsetof(struct __sk_buff, data)), \
325*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, \
326*4882a593Smuzhiyun offsetof(struct __sk_buff, data_end)), \
327*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_4, BPF_REG_2), \
328*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, 8), \
329*4882a593Smuzhiyun BPF_JMP_REG(BPF_JLE, BPF_REG_4, BPF_REG_3, 1), \
330*4882a593Smuzhiyun BPF_EXIT_INSN()
331*4882a593Smuzhiyun
332*4882a593Smuzhiyun /* BPF_RAND_UEXT_R7 contains 4 instructions, it initializes R7 into a random
333*4882a593Smuzhiyun * positive u32, and zero-extend it into 64-bit.
334*4882a593Smuzhiyun */
335*4882a593Smuzhiyun #define BPF_RAND_UEXT_R7 \
336*4882a593Smuzhiyun BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, \
337*4882a593Smuzhiyun BPF_FUNC_get_prandom_u32), \
338*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_7, BPF_REG_0), \
339*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_LSH, BPF_REG_7, 33), \
340*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_RSH, BPF_REG_7, 33)
341*4882a593Smuzhiyun
342*4882a593Smuzhiyun /* BPF_RAND_SEXT_R7 contains 5 instructions, it initializes R7 into a random
343*4882a593Smuzhiyun * negative u32, and sign-extend it into 64-bit.
344*4882a593Smuzhiyun */
345*4882a593Smuzhiyun #define BPF_RAND_SEXT_R7 \
346*4882a593Smuzhiyun BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, \
347*4882a593Smuzhiyun BPF_FUNC_get_prandom_u32), \
348*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_7, BPF_REG_0), \
349*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_OR, BPF_REG_7, 0x80000000), \
350*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_LSH, BPF_REG_7, 32), \
351*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ARSH, BPF_REG_7, 32)
352*4882a593Smuzhiyun
353*4882a593Smuzhiyun static struct bpf_test tests[] = {
354*4882a593Smuzhiyun #define FILL_ARRAY
355*4882a593Smuzhiyun #include <verifier/tests.h>
356*4882a593Smuzhiyun #undef FILL_ARRAY
357*4882a593Smuzhiyun };
358*4882a593Smuzhiyun
probe_filter_length(const struct bpf_insn * fp)359*4882a593Smuzhiyun static int probe_filter_length(const struct bpf_insn *fp)
360*4882a593Smuzhiyun {
361*4882a593Smuzhiyun int len;
362*4882a593Smuzhiyun
363*4882a593Smuzhiyun for (len = MAX_INSNS - 1; len > 0; --len)
364*4882a593Smuzhiyun if (fp[len].code != 0 || fp[len].imm != 0)
365*4882a593Smuzhiyun break;
366*4882a593Smuzhiyun return len + 1;
367*4882a593Smuzhiyun }
368*4882a593Smuzhiyun
skip_unsupported_map(enum bpf_map_type map_type)369*4882a593Smuzhiyun static bool skip_unsupported_map(enum bpf_map_type map_type)
370*4882a593Smuzhiyun {
371*4882a593Smuzhiyun if (!bpf_probe_map_type(map_type, 0)) {
372*4882a593Smuzhiyun printf("SKIP (unsupported map type %d)\n", map_type);
373*4882a593Smuzhiyun skips++;
374*4882a593Smuzhiyun return true;
375*4882a593Smuzhiyun }
376*4882a593Smuzhiyun return false;
377*4882a593Smuzhiyun }
378*4882a593Smuzhiyun
__create_map(uint32_t type,uint32_t size_key,uint32_t size_value,uint32_t max_elem,uint32_t extra_flags)379*4882a593Smuzhiyun static int __create_map(uint32_t type, uint32_t size_key,
380*4882a593Smuzhiyun uint32_t size_value, uint32_t max_elem,
381*4882a593Smuzhiyun uint32_t extra_flags)
382*4882a593Smuzhiyun {
383*4882a593Smuzhiyun int fd;
384*4882a593Smuzhiyun
385*4882a593Smuzhiyun fd = bpf_create_map(type, size_key, size_value, max_elem,
386*4882a593Smuzhiyun (type == BPF_MAP_TYPE_HASH ?
387*4882a593Smuzhiyun BPF_F_NO_PREALLOC : 0) | extra_flags);
388*4882a593Smuzhiyun if (fd < 0) {
389*4882a593Smuzhiyun if (skip_unsupported_map(type))
390*4882a593Smuzhiyun return -1;
391*4882a593Smuzhiyun printf("Failed to create hash map '%s'!\n", strerror(errno));
392*4882a593Smuzhiyun }
393*4882a593Smuzhiyun
394*4882a593Smuzhiyun return fd;
395*4882a593Smuzhiyun }
396*4882a593Smuzhiyun
create_map(uint32_t type,uint32_t size_key,uint32_t size_value,uint32_t max_elem)397*4882a593Smuzhiyun static int create_map(uint32_t type, uint32_t size_key,
398*4882a593Smuzhiyun uint32_t size_value, uint32_t max_elem)
399*4882a593Smuzhiyun {
400*4882a593Smuzhiyun return __create_map(type, size_key, size_value, max_elem, 0);
401*4882a593Smuzhiyun }
402*4882a593Smuzhiyun
update_map(int fd,int index)403*4882a593Smuzhiyun static void update_map(int fd, int index)
404*4882a593Smuzhiyun {
405*4882a593Smuzhiyun struct test_val value = {
406*4882a593Smuzhiyun .index = (6 + 1) * sizeof(int),
407*4882a593Smuzhiyun .foo[6] = 0xabcdef12,
408*4882a593Smuzhiyun };
409*4882a593Smuzhiyun
410*4882a593Smuzhiyun assert(!bpf_map_update_elem(fd, &index, &value, 0));
411*4882a593Smuzhiyun }
412*4882a593Smuzhiyun
create_prog_dummy_simple(enum bpf_prog_type prog_type,int ret)413*4882a593Smuzhiyun static int create_prog_dummy_simple(enum bpf_prog_type prog_type, int ret)
414*4882a593Smuzhiyun {
415*4882a593Smuzhiyun struct bpf_insn prog[] = {
416*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, ret),
417*4882a593Smuzhiyun BPF_EXIT_INSN(),
418*4882a593Smuzhiyun };
419*4882a593Smuzhiyun
420*4882a593Smuzhiyun return bpf_load_program(prog_type, prog,
421*4882a593Smuzhiyun ARRAY_SIZE(prog), "GPL", 0, NULL, 0);
422*4882a593Smuzhiyun }
423*4882a593Smuzhiyun
create_prog_dummy_loop(enum bpf_prog_type prog_type,int mfd,int idx,int ret)424*4882a593Smuzhiyun static int create_prog_dummy_loop(enum bpf_prog_type prog_type, int mfd,
425*4882a593Smuzhiyun int idx, int ret)
426*4882a593Smuzhiyun {
427*4882a593Smuzhiyun struct bpf_insn prog[] = {
428*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_3, idx),
429*4882a593Smuzhiyun BPF_LD_MAP_FD(BPF_REG_2, mfd),
430*4882a593Smuzhiyun BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
431*4882a593Smuzhiyun BPF_FUNC_tail_call),
432*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, ret),
433*4882a593Smuzhiyun BPF_EXIT_INSN(),
434*4882a593Smuzhiyun };
435*4882a593Smuzhiyun
436*4882a593Smuzhiyun return bpf_load_program(prog_type, prog,
437*4882a593Smuzhiyun ARRAY_SIZE(prog), "GPL", 0, NULL, 0);
438*4882a593Smuzhiyun }
439*4882a593Smuzhiyun
create_prog_array(enum bpf_prog_type prog_type,uint32_t max_elem,int p1key,int p2key,int p3key)440*4882a593Smuzhiyun static int create_prog_array(enum bpf_prog_type prog_type, uint32_t max_elem,
441*4882a593Smuzhiyun int p1key, int p2key, int p3key)
442*4882a593Smuzhiyun {
443*4882a593Smuzhiyun int mfd, p1fd, p2fd, p3fd;
444*4882a593Smuzhiyun
445*4882a593Smuzhiyun mfd = bpf_create_map(BPF_MAP_TYPE_PROG_ARRAY, sizeof(int),
446*4882a593Smuzhiyun sizeof(int), max_elem, 0);
447*4882a593Smuzhiyun if (mfd < 0) {
448*4882a593Smuzhiyun if (skip_unsupported_map(BPF_MAP_TYPE_PROG_ARRAY))
449*4882a593Smuzhiyun return -1;
450*4882a593Smuzhiyun printf("Failed to create prog array '%s'!\n", strerror(errno));
451*4882a593Smuzhiyun return -1;
452*4882a593Smuzhiyun }
453*4882a593Smuzhiyun
454*4882a593Smuzhiyun p1fd = create_prog_dummy_simple(prog_type, 42);
455*4882a593Smuzhiyun p2fd = create_prog_dummy_loop(prog_type, mfd, p2key, 41);
456*4882a593Smuzhiyun p3fd = create_prog_dummy_simple(prog_type, 24);
457*4882a593Smuzhiyun if (p1fd < 0 || p2fd < 0 || p3fd < 0)
458*4882a593Smuzhiyun goto err;
459*4882a593Smuzhiyun if (bpf_map_update_elem(mfd, &p1key, &p1fd, BPF_ANY) < 0)
460*4882a593Smuzhiyun goto err;
461*4882a593Smuzhiyun if (bpf_map_update_elem(mfd, &p2key, &p2fd, BPF_ANY) < 0)
462*4882a593Smuzhiyun goto err;
463*4882a593Smuzhiyun if (bpf_map_update_elem(mfd, &p3key, &p3fd, BPF_ANY) < 0) {
464*4882a593Smuzhiyun err:
465*4882a593Smuzhiyun close(mfd);
466*4882a593Smuzhiyun mfd = -1;
467*4882a593Smuzhiyun }
468*4882a593Smuzhiyun close(p3fd);
469*4882a593Smuzhiyun close(p2fd);
470*4882a593Smuzhiyun close(p1fd);
471*4882a593Smuzhiyun return mfd;
472*4882a593Smuzhiyun }
473*4882a593Smuzhiyun
create_map_in_map(void)474*4882a593Smuzhiyun static int create_map_in_map(void)
475*4882a593Smuzhiyun {
476*4882a593Smuzhiyun int inner_map_fd, outer_map_fd;
477*4882a593Smuzhiyun
478*4882a593Smuzhiyun inner_map_fd = bpf_create_map(BPF_MAP_TYPE_ARRAY, sizeof(int),
479*4882a593Smuzhiyun sizeof(int), 1, 0);
480*4882a593Smuzhiyun if (inner_map_fd < 0) {
481*4882a593Smuzhiyun if (skip_unsupported_map(BPF_MAP_TYPE_ARRAY))
482*4882a593Smuzhiyun return -1;
483*4882a593Smuzhiyun printf("Failed to create array '%s'!\n", strerror(errno));
484*4882a593Smuzhiyun return inner_map_fd;
485*4882a593Smuzhiyun }
486*4882a593Smuzhiyun
487*4882a593Smuzhiyun outer_map_fd = bpf_create_map_in_map(BPF_MAP_TYPE_ARRAY_OF_MAPS, NULL,
488*4882a593Smuzhiyun sizeof(int), inner_map_fd, 1, 0);
489*4882a593Smuzhiyun if (outer_map_fd < 0) {
490*4882a593Smuzhiyun if (skip_unsupported_map(BPF_MAP_TYPE_ARRAY_OF_MAPS))
491*4882a593Smuzhiyun return -1;
492*4882a593Smuzhiyun printf("Failed to create array of maps '%s'!\n",
493*4882a593Smuzhiyun strerror(errno));
494*4882a593Smuzhiyun }
495*4882a593Smuzhiyun
496*4882a593Smuzhiyun close(inner_map_fd);
497*4882a593Smuzhiyun
498*4882a593Smuzhiyun return outer_map_fd;
499*4882a593Smuzhiyun }
500*4882a593Smuzhiyun
create_cgroup_storage(bool percpu)501*4882a593Smuzhiyun static int create_cgroup_storage(bool percpu)
502*4882a593Smuzhiyun {
503*4882a593Smuzhiyun enum bpf_map_type type = percpu ? BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE :
504*4882a593Smuzhiyun BPF_MAP_TYPE_CGROUP_STORAGE;
505*4882a593Smuzhiyun int fd;
506*4882a593Smuzhiyun
507*4882a593Smuzhiyun fd = bpf_create_map(type, sizeof(struct bpf_cgroup_storage_key),
508*4882a593Smuzhiyun TEST_DATA_LEN, 0, 0);
509*4882a593Smuzhiyun if (fd < 0) {
510*4882a593Smuzhiyun if (skip_unsupported_map(type))
511*4882a593Smuzhiyun return -1;
512*4882a593Smuzhiyun printf("Failed to create cgroup storage '%s'!\n",
513*4882a593Smuzhiyun strerror(errno));
514*4882a593Smuzhiyun }
515*4882a593Smuzhiyun
516*4882a593Smuzhiyun return fd;
517*4882a593Smuzhiyun }
518*4882a593Smuzhiyun
519*4882a593Smuzhiyun /* struct bpf_spin_lock {
520*4882a593Smuzhiyun * int val;
521*4882a593Smuzhiyun * };
522*4882a593Smuzhiyun * struct val {
523*4882a593Smuzhiyun * int cnt;
524*4882a593Smuzhiyun * struct bpf_spin_lock l;
525*4882a593Smuzhiyun * };
526*4882a593Smuzhiyun */
527*4882a593Smuzhiyun static const char btf_str_sec[] = "\0bpf_spin_lock\0val\0cnt\0l";
528*4882a593Smuzhiyun static __u32 btf_raw_types[] = {
529*4882a593Smuzhiyun /* int */
530*4882a593Smuzhiyun BTF_TYPE_INT_ENC(0, BTF_INT_SIGNED, 0, 32, 4), /* [1] */
531*4882a593Smuzhiyun /* struct bpf_spin_lock */ /* [2] */
532*4882a593Smuzhiyun BTF_TYPE_ENC(1, BTF_INFO_ENC(BTF_KIND_STRUCT, 0, 1), 4),
533*4882a593Smuzhiyun BTF_MEMBER_ENC(15, 1, 0), /* int val; */
534*4882a593Smuzhiyun /* struct val */ /* [3] */
535*4882a593Smuzhiyun BTF_TYPE_ENC(15, BTF_INFO_ENC(BTF_KIND_STRUCT, 0, 2), 8),
536*4882a593Smuzhiyun BTF_MEMBER_ENC(19, 1, 0), /* int cnt; */
537*4882a593Smuzhiyun BTF_MEMBER_ENC(23, 2, 32),/* struct bpf_spin_lock l; */
538*4882a593Smuzhiyun };
539*4882a593Smuzhiyun
load_btf(void)540*4882a593Smuzhiyun static int load_btf(void)
541*4882a593Smuzhiyun {
542*4882a593Smuzhiyun struct btf_header hdr = {
543*4882a593Smuzhiyun .magic = BTF_MAGIC,
544*4882a593Smuzhiyun .version = BTF_VERSION,
545*4882a593Smuzhiyun .hdr_len = sizeof(struct btf_header),
546*4882a593Smuzhiyun .type_len = sizeof(btf_raw_types),
547*4882a593Smuzhiyun .str_off = sizeof(btf_raw_types),
548*4882a593Smuzhiyun .str_len = sizeof(btf_str_sec),
549*4882a593Smuzhiyun };
550*4882a593Smuzhiyun void *ptr, *raw_btf;
551*4882a593Smuzhiyun int btf_fd;
552*4882a593Smuzhiyun
553*4882a593Smuzhiyun ptr = raw_btf = malloc(sizeof(hdr) + sizeof(btf_raw_types) +
554*4882a593Smuzhiyun sizeof(btf_str_sec));
555*4882a593Smuzhiyun
556*4882a593Smuzhiyun memcpy(ptr, &hdr, sizeof(hdr));
557*4882a593Smuzhiyun ptr += sizeof(hdr);
558*4882a593Smuzhiyun memcpy(ptr, btf_raw_types, hdr.type_len);
559*4882a593Smuzhiyun ptr += hdr.type_len;
560*4882a593Smuzhiyun memcpy(ptr, btf_str_sec, hdr.str_len);
561*4882a593Smuzhiyun ptr += hdr.str_len;
562*4882a593Smuzhiyun
563*4882a593Smuzhiyun btf_fd = bpf_load_btf(raw_btf, ptr - raw_btf, 0, 0, 0);
564*4882a593Smuzhiyun free(raw_btf);
565*4882a593Smuzhiyun if (btf_fd < 0)
566*4882a593Smuzhiyun return -1;
567*4882a593Smuzhiyun return btf_fd;
568*4882a593Smuzhiyun }
569*4882a593Smuzhiyun
create_map_spin_lock(void)570*4882a593Smuzhiyun static int create_map_spin_lock(void)
571*4882a593Smuzhiyun {
572*4882a593Smuzhiyun struct bpf_create_map_attr attr = {
573*4882a593Smuzhiyun .name = "test_map",
574*4882a593Smuzhiyun .map_type = BPF_MAP_TYPE_ARRAY,
575*4882a593Smuzhiyun .key_size = 4,
576*4882a593Smuzhiyun .value_size = 8,
577*4882a593Smuzhiyun .max_entries = 1,
578*4882a593Smuzhiyun .btf_key_type_id = 1,
579*4882a593Smuzhiyun .btf_value_type_id = 3,
580*4882a593Smuzhiyun };
581*4882a593Smuzhiyun int fd, btf_fd;
582*4882a593Smuzhiyun
583*4882a593Smuzhiyun btf_fd = load_btf();
584*4882a593Smuzhiyun if (btf_fd < 0)
585*4882a593Smuzhiyun return -1;
586*4882a593Smuzhiyun attr.btf_fd = btf_fd;
587*4882a593Smuzhiyun fd = bpf_create_map_xattr(&attr);
588*4882a593Smuzhiyun if (fd < 0)
589*4882a593Smuzhiyun printf("Failed to create map with spin_lock\n");
590*4882a593Smuzhiyun return fd;
591*4882a593Smuzhiyun }
592*4882a593Smuzhiyun
create_sk_storage_map(void)593*4882a593Smuzhiyun static int create_sk_storage_map(void)
594*4882a593Smuzhiyun {
595*4882a593Smuzhiyun struct bpf_create_map_attr attr = {
596*4882a593Smuzhiyun .name = "test_map",
597*4882a593Smuzhiyun .map_type = BPF_MAP_TYPE_SK_STORAGE,
598*4882a593Smuzhiyun .key_size = 4,
599*4882a593Smuzhiyun .value_size = 8,
600*4882a593Smuzhiyun .max_entries = 0,
601*4882a593Smuzhiyun .map_flags = BPF_F_NO_PREALLOC,
602*4882a593Smuzhiyun .btf_key_type_id = 1,
603*4882a593Smuzhiyun .btf_value_type_id = 3,
604*4882a593Smuzhiyun };
605*4882a593Smuzhiyun int fd, btf_fd;
606*4882a593Smuzhiyun
607*4882a593Smuzhiyun btf_fd = load_btf();
608*4882a593Smuzhiyun if (btf_fd < 0)
609*4882a593Smuzhiyun return -1;
610*4882a593Smuzhiyun attr.btf_fd = btf_fd;
611*4882a593Smuzhiyun fd = bpf_create_map_xattr(&attr);
612*4882a593Smuzhiyun close(attr.btf_fd);
613*4882a593Smuzhiyun if (fd < 0)
614*4882a593Smuzhiyun printf("Failed to create sk_storage_map\n");
615*4882a593Smuzhiyun return fd;
616*4882a593Smuzhiyun }
617*4882a593Smuzhiyun
618*4882a593Smuzhiyun static char bpf_vlog[UINT_MAX >> 8];
619*4882a593Smuzhiyun
do_test_fixup(struct bpf_test * test,enum bpf_prog_type prog_type,struct bpf_insn * prog,int * map_fds)620*4882a593Smuzhiyun static void do_test_fixup(struct bpf_test *test, enum bpf_prog_type prog_type,
621*4882a593Smuzhiyun struct bpf_insn *prog, int *map_fds)
622*4882a593Smuzhiyun {
623*4882a593Smuzhiyun int *fixup_map_hash_8b = test->fixup_map_hash_8b;
624*4882a593Smuzhiyun int *fixup_map_hash_48b = test->fixup_map_hash_48b;
625*4882a593Smuzhiyun int *fixup_map_hash_16b = test->fixup_map_hash_16b;
626*4882a593Smuzhiyun int *fixup_map_array_48b = test->fixup_map_array_48b;
627*4882a593Smuzhiyun int *fixup_map_sockmap = test->fixup_map_sockmap;
628*4882a593Smuzhiyun int *fixup_map_sockhash = test->fixup_map_sockhash;
629*4882a593Smuzhiyun int *fixup_map_xskmap = test->fixup_map_xskmap;
630*4882a593Smuzhiyun int *fixup_map_stacktrace = test->fixup_map_stacktrace;
631*4882a593Smuzhiyun int *fixup_prog1 = test->fixup_prog1;
632*4882a593Smuzhiyun int *fixup_prog2 = test->fixup_prog2;
633*4882a593Smuzhiyun int *fixup_map_in_map = test->fixup_map_in_map;
634*4882a593Smuzhiyun int *fixup_cgroup_storage = test->fixup_cgroup_storage;
635*4882a593Smuzhiyun int *fixup_percpu_cgroup_storage = test->fixup_percpu_cgroup_storage;
636*4882a593Smuzhiyun int *fixup_map_spin_lock = test->fixup_map_spin_lock;
637*4882a593Smuzhiyun int *fixup_map_array_ro = test->fixup_map_array_ro;
638*4882a593Smuzhiyun int *fixup_map_array_wo = test->fixup_map_array_wo;
639*4882a593Smuzhiyun int *fixup_map_array_small = test->fixup_map_array_small;
640*4882a593Smuzhiyun int *fixup_sk_storage_map = test->fixup_sk_storage_map;
641*4882a593Smuzhiyun int *fixup_map_event_output = test->fixup_map_event_output;
642*4882a593Smuzhiyun int *fixup_map_reuseport_array = test->fixup_map_reuseport_array;
643*4882a593Smuzhiyun
644*4882a593Smuzhiyun if (test->fill_helper) {
645*4882a593Smuzhiyun test->fill_insns = calloc(MAX_TEST_INSNS, sizeof(struct bpf_insn));
646*4882a593Smuzhiyun test->fill_helper(test);
647*4882a593Smuzhiyun }
648*4882a593Smuzhiyun
649*4882a593Smuzhiyun /* Allocating HTs with 1 elem is fine here, since we only test
650*4882a593Smuzhiyun * for verifier and not do a runtime lookup, so the only thing
651*4882a593Smuzhiyun * that really matters is value size in this case.
652*4882a593Smuzhiyun */
653*4882a593Smuzhiyun if (*fixup_map_hash_8b) {
654*4882a593Smuzhiyun map_fds[0] = create_map(BPF_MAP_TYPE_HASH, sizeof(long long),
655*4882a593Smuzhiyun sizeof(long long), 1);
656*4882a593Smuzhiyun do {
657*4882a593Smuzhiyun prog[*fixup_map_hash_8b].imm = map_fds[0];
658*4882a593Smuzhiyun fixup_map_hash_8b++;
659*4882a593Smuzhiyun } while (*fixup_map_hash_8b);
660*4882a593Smuzhiyun }
661*4882a593Smuzhiyun
662*4882a593Smuzhiyun if (*fixup_map_hash_48b) {
663*4882a593Smuzhiyun map_fds[1] = create_map(BPF_MAP_TYPE_HASH, sizeof(long long),
664*4882a593Smuzhiyun sizeof(struct test_val), 1);
665*4882a593Smuzhiyun do {
666*4882a593Smuzhiyun prog[*fixup_map_hash_48b].imm = map_fds[1];
667*4882a593Smuzhiyun fixup_map_hash_48b++;
668*4882a593Smuzhiyun } while (*fixup_map_hash_48b);
669*4882a593Smuzhiyun }
670*4882a593Smuzhiyun
671*4882a593Smuzhiyun if (*fixup_map_hash_16b) {
672*4882a593Smuzhiyun map_fds[2] = create_map(BPF_MAP_TYPE_HASH, sizeof(long long),
673*4882a593Smuzhiyun sizeof(struct other_val), 1);
674*4882a593Smuzhiyun do {
675*4882a593Smuzhiyun prog[*fixup_map_hash_16b].imm = map_fds[2];
676*4882a593Smuzhiyun fixup_map_hash_16b++;
677*4882a593Smuzhiyun } while (*fixup_map_hash_16b);
678*4882a593Smuzhiyun }
679*4882a593Smuzhiyun
680*4882a593Smuzhiyun if (*fixup_map_array_48b) {
681*4882a593Smuzhiyun map_fds[3] = create_map(BPF_MAP_TYPE_ARRAY, sizeof(int),
682*4882a593Smuzhiyun sizeof(struct test_val), 1);
683*4882a593Smuzhiyun update_map(map_fds[3], 0);
684*4882a593Smuzhiyun do {
685*4882a593Smuzhiyun prog[*fixup_map_array_48b].imm = map_fds[3];
686*4882a593Smuzhiyun fixup_map_array_48b++;
687*4882a593Smuzhiyun } while (*fixup_map_array_48b);
688*4882a593Smuzhiyun }
689*4882a593Smuzhiyun
690*4882a593Smuzhiyun if (*fixup_prog1) {
691*4882a593Smuzhiyun map_fds[4] = create_prog_array(prog_type, 4, 0, 1, 2);
692*4882a593Smuzhiyun do {
693*4882a593Smuzhiyun prog[*fixup_prog1].imm = map_fds[4];
694*4882a593Smuzhiyun fixup_prog1++;
695*4882a593Smuzhiyun } while (*fixup_prog1);
696*4882a593Smuzhiyun }
697*4882a593Smuzhiyun
698*4882a593Smuzhiyun if (*fixup_prog2) {
699*4882a593Smuzhiyun map_fds[5] = create_prog_array(prog_type, 8, 7, 1, 2);
700*4882a593Smuzhiyun do {
701*4882a593Smuzhiyun prog[*fixup_prog2].imm = map_fds[5];
702*4882a593Smuzhiyun fixup_prog2++;
703*4882a593Smuzhiyun } while (*fixup_prog2);
704*4882a593Smuzhiyun }
705*4882a593Smuzhiyun
706*4882a593Smuzhiyun if (*fixup_map_in_map) {
707*4882a593Smuzhiyun map_fds[6] = create_map_in_map();
708*4882a593Smuzhiyun do {
709*4882a593Smuzhiyun prog[*fixup_map_in_map].imm = map_fds[6];
710*4882a593Smuzhiyun fixup_map_in_map++;
711*4882a593Smuzhiyun } while (*fixup_map_in_map);
712*4882a593Smuzhiyun }
713*4882a593Smuzhiyun
714*4882a593Smuzhiyun if (*fixup_cgroup_storage) {
715*4882a593Smuzhiyun map_fds[7] = create_cgroup_storage(false);
716*4882a593Smuzhiyun do {
717*4882a593Smuzhiyun prog[*fixup_cgroup_storage].imm = map_fds[7];
718*4882a593Smuzhiyun fixup_cgroup_storage++;
719*4882a593Smuzhiyun } while (*fixup_cgroup_storage);
720*4882a593Smuzhiyun }
721*4882a593Smuzhiyun
722*4882a593Smuzhiyun if (*fixup_percpu_cgroup_storage) {
723*4882a593Smuzhiyun map_fds[8] = create_cgroup_storage(true);
724*4882a593Smuzhiyun do {
725*4882a593Smuzhiyun prog[*fixup_percpu_cgroup_storage].imm = map_fds[8];
726*4882a593Smuzhiyun fixup_percpu_cgroup_storage++;
727*4882a593Smuzhiyun } while (*fixup_percpu_cgroup_storage);
728*4882a593Smuzhiyun }
729*4882a593Smuzhiyun if (*fixup_map_sockmap) {
730*4882a593Smuzhiyun map_fds[9] = create_map(BPF_MAP_TYPE_SOCKMAP, sizeof(int),
731*4882a593Smuzhiyun sizeof(int), 1);
732*4882a593Smuzhiyun do {
733*4882a593Smuzhiyun prog[*fixup_map_sockmap].imm = map_fds[9];
734*4882a593Smuzhiyun fixup_map_sockmap++;
735*4882a593Smuzhiyun } while (*fixup_map_sockmap);
736*4882a593Smuzhiyun }
737*4882a593Smuzhiyun if (*fixup_map_sockhash) {
738*4882a593Smuzhiyun map_fds[10] = create_map(BPF_MAP_TYPE_SOCKHASH, sizeof(int),
739*4882a593Smuzhiyun sizeof(int), 1);
740*4882a593Smuzhiyun do {
741*4882a593Smuzhiyun prog[*fixup_map_sockhash].imm = map_fds[10];
742*4882a593Smuzhiyun fixup_map_sockhash++;
743*4882a593Smuzhiyun } while (*fixup_map_sockhash);
744*4882a593Smuzhiyun }
745*4882a593Smuzhiyun if (*fixup_map_xskmap) {
746*4882a593Smuzhiyun map_fds[11] = create_map(BPF_MAP_TYPE_XSKMAP, sizeof(int),
747*4882a593Smuzhiyun sizeof(int), 1);
748*4882a593Smuzhiyun do {
749*4882a593Smuzhiyun prog[*fixup_map_xskmap].imm = map_fds[11];
750*4882a593Smuzhiyun fixup_map_xskmap++;
751*4882a593Smuzhiyun } while (*fixup_map_xskmap);
752*4882a593Smuzhiyun }
753*4882a593Smuzhiyun if (*fixup_map_stacktrace) {
754*4882a593Smuzhiyun map_fds[12] = create_map(BPF_MAP_TYPE_STACK_TRACE, sizeof(u32),
755*4882a593Smuzhiyun sizeof(u64), 1);
756*4882a593Smuzhiyun do {
757*4882a593Smuzhiyun prog[*fixup_map_stacktrace].imm = map_fds[12];
758*4882a593Smuzhiyun fixup_map_stacktrace++;
759*4882a593Smuzhiyun } while (*fixup_map_stacktrace);
760*4882a593Smuzhiyun }
761*4882a593Smuzhiyun if (*fixup_map_spin_lock) {
762*4882a593Smuzhiyun map_fds[13] = create_map_spin_lock();
763*4882a593Smuzhiyun do {
764*4882a593Smuzhiyun prog[*fixup_map_spin_lock].imm = map_fds[13];
765*4882a593Smuzhiyun fixup_map_spin_lock++;
766*4882a593Smuzhiyun } while (*fixup_map_spin_lock);
767*4882a593Smuzhiyun }
768*4882a593Smuzhiyun if (*fixup_map_array_ro) {
769*4882a593Smuzhiyun map_fds[14] = __create_map(BPF_MAP_TYPE_ARRAY, sizeof(int),
770*4882a593Smuzhiyun sizeof(struct test_val), 1,
771*4882a593Smuzhiyun BPF_F_RDONLY_PROG);
772*4882a593Smuzhiyun update_map(map_fds[14], 0);
773*4882a593Smuzhiyun do {
774*4882a593Smuzhiyun prog[*fixup_map_array_ro].imm = map_fds[14];
775*4882a593Smuzhiyun fixup_map_array_ro++;
776*4882a593Smuzhiyun } while (*fixup_map_array_ro);
777*4882a593Smuzhiyun }
778*4882a593Smuzhiyun if (*fixup_map_array_wo) {
779*4882a593Smuzhiyun map_fds[15] = __create_map(BPF_MAP_TYPE_ARRAY, sizeof(int),
780*4882a593Smuzhiyun sizeof(struct test_val), 1,
781*4882a593Smuzhiyun BPF_F_WRONLY_PROG);
782*4882a593Smuzhiyun update_map(map_fds[15], 0);
783*4882a593Smuzhiyun do {
784*4882a593Smuzhiyun prog[*fixup_map_array_wo].imm = map_fds[15];
785*4882a593Smuzhiyun fixup_map_array_wo++;
786*4882a593Smuzhiyun } while (*fixup_map_array_wo);
787*4882a593Smuzhiyun }
788*4882a593Smuzhiyun if (*fixup_map_array_small) {
789*4882a593Smuzhiyun map_fds[16] = __create_map(BPF_MAP_TYPE_ARRAY, sizeof(int),
790*4882a593Smuzhiyun 1, 1, 0);
791*4882a593Smuzhiyun update_map(map_fds[16], 0);
792*4882a593Smuzhiyun do {
793*4882a593Smuzhiyun prog[*fixup_map_array_small].imm = map_fds[16];
794*4882a593Smuzhiyun fixup_map_array_small++;
795*4882a593Smuzhiyun } while (*fixup_map_array_small);
796*4882a593Smuzhiyun }
797*4882a593Smuzhiyun if (*fixup_sk_storage_map) {
798*4882a593Smuzhiyun map_fds[17] = create_sk_storage_map();
799*4882a593Smuzhiyun do {
800*4882a593Smuzhiyun prog[*fixup_sk_storage_map].imm = map_fds[17];
801*4882a593Smuzhiyun fixup_sk_storage_map++;
802*4882a593Smuzhiyun } while (*fixup_sk_storage_map);
803*4882a593Smuzhiyun }
804*4882a593Smuzhiyun if (*fixup_map_event_output) {
805*4882a593Smuzhiyun map_fds[18] = __create_map(BPF_MAP_TYPE_PERF_EVENT_ARRAY,
806*4882a593Smuzhiyun sizeof(int), sizeof(int), 1, 0);
807*4882a593Smuzhiyun do {
808*4882a593Smuzhiyun prog[*fixup_map_event_output].imm = map_fds[18];
809*4882a593Smuzhiyun fixup_map_event_output++;
810*4882a593Smuzhiyun } while (*fixup_map_event_output);
811*4882a593Smuzhiyun }
812*4882a593Smuzhiyun if (*fixup_map_reuseport_array) {
813*4882a593Smuzhiyun map_fds[19] = __create_map(BPF_MAP_TYPE_REUSEPORT_SOCKARRAY,
814*4882a593Smuzhiyun sizeof(u32), sizeof(u64), 1, 0);
815*4882a593Smuzhiyun do {
816*4882a593Smuzhiyun prog[*fixup_map_reuseport_array].imm = map_fds[19];
817*4882a593Smuzhiyun fixup_map_reuseport_array++;
818*4882a593Smuzhiyun } while (*fixup_map_reuseport_array);
819*4882a593Smuzhiyun }
820*4882a593Smuzhiyun }
821*4882a593Smuzhiyun
822*4882a593Smuzhiyun struct libcap {
823*4882a593Smuzhiyun struct __user_cap_header_struct hdr;
824*4882a593Smuzhiyun struct __user_cap_data_struct data[2];
825*4882a593Smuzhiyun };
826*4882a593Smuzhiyun
set_admin(bool admin)827*4882a593Smuzhiyun static int set_admin(bool admin)
828*4882a593Smuzhiyun {
829*4882a593Smuzhiyun cap_t caps;
830*4882a593Smuzhiyun /* need CAP_BPF, CAP_NET_ADMIN, CAP_PERFMON to load progs */
831*4882a593Smuzhiyun const cap_value_t cap_net_admin = CAP_NET_ADMIN;
832*4882a593Smuzhiyun const cap_value_t cap_sys_admin = CAP_SYS_ADMIN;
833*4882a593Smuzhiyun struct libcap *cap;
834*4882a593Smuzhiyun int ret = -1;
835*4882a593Smuzhiyun
836*4882a593Smuzhiyun caps = cap_get_proc();
837*4882a593Smuzhiyun if (!caps) {
838*4882a593Smuzhiyun perror("cap_get_proc");
839*4882a593Smuzhiyun return -1;
840*4882a593Smuzhiyun }
841*4882a593Smuzhiyun cap = (struct libcap *)caps;
842*4882a593Smuzhiyun if (cap_set_flag(caps, CAP_EFFECTIVE, 1, &cap_sys_admin, CAP_CLEAR)) {
843*4882a593Smuzhiyun perror("cap_set_flag clear admin");
844*4882a593Smuzhiyun goto out;
845*4882a593Smuzhiyun }
846*4882a593Smuzhiyun if (cap_set_flag(caps, CAP_EFFECTIVE, 1, &cap_net_admin,
847*4882a593Smuzhiyun admin ? CAP_SET : CAP_CLEAR)) {
848*4882a593Smuzhiyun perror("cap_set_flag set_or_clear net");
849*4882a593Smuzhiyun goto out;
850*4882a593Smuzhiyun }
851*4882a593Smuzhiyun /* libcap is likely old and simply ignores CAP_BPF and CAP_PERFMON,
852*4882a593Smuzhiyun * so update effective bits manually
853*4882a593Smuzhiyun */
854*4882a593Smuzhiyun if (admin) {
855*4882a593Smuzhiyun cap->data[1].effective |= 1 << (38 /* CAP_PERFMON */ - 32);
856*4882a593Smuzhiyun cap->data[1].effective |= 1 << (39 /* CAP_BPF */ - 32);
857*4882a593Smuzhiyun } else {
858*4882a593Smuzhiyun cap->data[1].effective &= ~(1 << (38 - 32));
859*4882a593Smuzhiyun cap->data[1].effective &= ~(1 << (39 - 32));
860*4882a593Smuzhiyun }
861*4882a593Smuzhiyun if (cap_set_proc(caps)) {
862*4882a593Smuzhiyun perror("cap_set_proc");
863*4882a593Smuzhiyun goto out;
864*4882a593Smuzhiyun }
865*4882a593Smuzhiyun ret = 0;
866*4882a593Smuzhiyun out:
867*4882a593Smuzhiyun if (cap_free(caps))
868*4882a593Smuzhiyun perror("cap_free");
869*4882a593Smuzhiyun return ret;
870*4882a593Smuzhiyun }
871*4882a593Smuzhiyun
do_prog_test_run(int fd_prog,bool unpriv,uint32_t expected_val,void * data,size_t size_data)872*4882a593Smuzhiyun static int do_prog_test_run(int fd_prog, bool unpriv, uint32_t expected_val,
873*4882a593Smuzhiyun void *data, size_t size_data)
874*4882a593Smuzhiyun {
875*4882a593Smuzhiyun __u8 tmp[TEST_DATA_LEN << 2];
876*4882a593Smuzhiyun __u32 size_tmp = sizeof(tmp);
877*4882a593Smuzhiyun uint32_t retval;
878*4882a593Smuzhiyun int err;
879*4882a593Smuzhiyun
880*4882a593Smuzhiyun if (unpriv)
881*4882a593Smuzhiyun set_admin(true);
882*4882a593Smuzhiyun err = bpf_prog_test_run(fd_prog, 1, data, size_data,
883*4882a593Smuzhiyun tmp, &size_tmp, &retval, NULL);
884*4882a593Smuzhiyun if (unpriv)
885*4882a593Smuzhiyun set_admin(false);
886*4882a593Smuzhiyun if (err && errno != 524/*ENOTSUPP*/ && errno != EPERM) {
887*4882a593Smuzhiyun printf("Unexpected bpf_prog_test_run error ");
888*4882a593Smuzhiyun return err;
889*4882a593Smuzhiyun }
890*4882a593Smuzhiyun if (!err && retval != expected_val &&
891*4882a593Smuzhiyun expected_val != POINTER_VALUE) {
892*4882a593Smuzhiyun printf("FAIL retval %d != %d ", retval, expected_val);
893*4882a593Smuzhiyun return 1;
894*4882a593Smuzhiyun }
895*4882a593Smuzhiyun
896*4882a593Smuzhiyun return 0;
897*4882a593Smuzhiyun }
898*4882a593Smuzhiyun
cmp_str_seq(const char * log,const char * exp)899*4882a593Smuzhiyun static bool cmp_str_seq(const char *log, const char *exp)
900*4882a593Smuzhiyun {
901*4882a593Smuzhiyun char needle[80];
902*4882a593Smuzhiyun const char *p, *q;
903*4882a593Smuzhiyun int len;
904*4882a593Smuzhiyun
905*4882a593Smuzhiyun do {
906*4882a593Smuzhiyun p = strchr(exp, '\t');
907*4882a593Smuzhiyun if (!p)
908*4882a593Smuzhiyun p = exp + strlen(exp);
909*4882a593Smuzhiyun
910*4882a593Smuzhiyun len = p - exp;
911*4882a593Smuzhiyun if (len >= sizeof(needle) || !len) {
912*4882a593Smuzhiyun printf("FAIL\nTestcase bug\n");
913*4882a593Smuzhiyun return false;
914*4882a593Smuzhiyun }
915*4882a593Smuzhiyun strncpy(needle, exp, len);
916*4882a593Smuzhiyun needle[len] = 0;
917*4882a593Smuzhiyun q = strstr(log, needle);
918*4882a593Smuzhiyun if (!q) {
919*4882a593Smuzhiyun printf("FAIL\nUnexpected verifier log in successful load!\n"
920*4882a593Smuzhiyun "EXP: %s\nRES:\n", needle);
921*4882a593Smuzhiyun return false;
922*4882a593Smuzhiyun }
923*4882a593Smuzhiyun log = q + len;
924*4882a593Smuzhiyun exp = p + 1;
925*4882a593Smuzhiyun } while (*p);
926*4882a593Smuzhiyun return true;
927*4882a593Smuzhiyun }
928*4882a593Smuzhiyun
do_test_single(struct bpf_test * test,bool unpriv,int * passes,int * errors)929*4882a593Smuzhiyun static void do_test_single(struct bpf_test *test, bool unpriv,
930*4882a593Smuzhiyun int *passes, int *errors)
931*4882a593Smuzhiyun {
932*4882a593Smuzhiyun int fd_prog, expected_ret, alignment_prevented_execution;
933*4882a593Smuzhiyun int prog_len, prog_type = test->prog_type;
934*4882a593Smuzhiyun struct bpf_insn *prog = test->insns;
935*4882a593Smuzhiyun struct bpf_load_program_attr attr;
936*4882a593Smuzhiyun int run_errs, run_successes;
937*4882a593Smuzhiyun int map_fds[MAX_NR_MAPS];
938*4882a593Smuzhiyun const char *expected_err;
939*4882a593Smuzhiyun int fixup_skips;
940*4882a593Smuzhiyun __u32 pflags;
941*4882a593Smuzhiyun int i, err;
942*4882a593Smuzhiyun
943*4882a593Smuzhiyun for (i = 0; i < MAX_NR_MAPS; i++)
944*4882a593Smuzhiyun map_fds[i] = -1;
945*4882a593Smuzhiyun
946*4882a593Smuzhiyun if (!prog_type)
947*4882a593Smuzhiyun prog_type = BPF_PROG_TYPE_SOCKET_FILTER;
948*4882a593Smuzhiyun fixup_skips = skips;
949*4882a593Smuzhiyun do_test_fixup(test, prog_type, prog, map_fds);
950*4882a593Smuzhiyun if (test->fill_insns) {
951*4882a593Smuzhiyun prog = test->fill_insns;
952*4882a593Smuzhiyun prog_len = test->prog_len;
953*4882a593Smuzhiyun } else {
954*4882a593Smuzhiyun prog_len = probe_filter_length(prog);
955*4882a593Smuzhiyun }
956*4882a593Smuzhiyun /* If there were some map skips during fixup due to missing bpf
957*4882a593Smuzhiyun * features, skip this test.
958*4882a593Smuzhiyun */
959*4882a593Smuzhiyun if (fixup_skips != skips)
960*4882a593Smuzhiyun return;
961*4882a593Smuzhiyun
962*4882a593Smuzhiyun pflags = BPF_F_TEST_RND_HI32;
963*4882a593Smuzhiyun if (test->flags & F_LOAD_WITH_STRICT_ALIGNMENT)
964*4882a593Smuzhiyun pflags |= BPF_F_STRICT_ALIGNMENT;
965*4882a593Smuzhiyun if (test->flags & F_NEEDS_EFFICIENT_UNALIGNED_ACCESS)
966*4882a593Smuzhiyun pflags |= BPF_F_ANY_ALIGNMENT;
967*4882a593Smuzhiyun if (test->flags & ~3)
968*4882a593Smuzhiyun pflags |= test->flags;
969*4882a593Smuzhiyun
970*4882a593Smuzhiyun expected_ret = unpriv && test->result_unpriv != UNDEF ?
971*4882a593Smuzhiyun test->result_unpriv : test->result;
972*4882a593Smuzhiyun expected_err = unpriv && test->errstr_unpriv ?
973*4882a593Smuzhiyun test->errstr_unpriv : test->errstr;
974*4882a593Smuzhiyun memset(&attr, 0, sizeof(attr));
975*4882a593Smuzhiyun attr.prog_type = prog_type;
976*4882a593Smuzhiyun attr.expected_attach_type = test->expected_attach_type;
977*4882a593Smuzhiyun attr.insns = prog;
978*4882a593Smuzhiyun attr.insns_cnt = prog_len;
979*4882a593Smuzhiyun attr.license = "GPL";
980*4882a593Smuzhiyun if (verbose)
981*4882a593Smuzhiyun attr.log_level = 1;
982*4882a593Smuzhiyun else if (expected_ret == VERBOSE_ACCEPT)
983*4882a593Smuzhiyun attr.log_level = 2;
984*4882a593Smuzhiyun else
985*4882a593Smuzhiyun attr.log_level = 4;
986*4882a593Smuzhiyun attr.prog_flags = pflags;
987*4882a593Smuzhiyun
988*4882a593Smuzhiyun if (prog_type == BPF_PROG_TYPE_TRACING && test->kfunc) {
989*4882a593Smuzhiyun attr.attach_btf_id = libbpf_find_vmlinux_btf_id(test->kfunc,
990*4882a593Smuzhiyun attr.expected_attach_type);
991*4882a593Smuzhiyun if (attr.attach_btf_id < 0) {
992*4882a593Smuzhiyun printf("FAIL\nFailed to find BTF ID for '%s'!\n",
993*4882a593Smuzhiyun test->kfunc);
994*4882a593Smuzhiyun (*errors)++;
995*4882a593Smuzhiyun return;
996*4882a593Smuzhiyun }
997*4882a593Smuzhiyun }
998*4882a593Smuzhiyun
999*4882a593Smuzhiyun fd_prog = bpf_load_program_xattr(&attr, bpf_vlog, sizeof(bpf_vlog));
1000*4882a593Smuzhiyun
1001*4882a593Smuzhiyun /* BPF_PROG_TYPE_TRACING requires more setup and
1002*4882a593Smuzhiyun * bpf_probe_prog_type won't give correct answer
1003*4882a593Smuzhiyun */
1004*4882a593Smuzhiyun if (fd_prog < 0 && prog_type != BPF_PROG_TYPE_TRACING &&
1005*4882a593Smuzhiyun !bpf_probe_prog_type(prog_type, 0)) {
1006*4882a593Smuzhiyun printf("SKIP (unsupported program type %d)\n", prog_type);
1007*4882a593Smuzhiyun skips++;
1008*4882a593Smuzhiyun goto close_fds;
1009*4882a593Smuzhiyun }
1010*4882a593Smuzhiyun
1011*4882a593Smuzhiyun alignment_prevented_execution = 0;
1012*4882a593Smuzhiyun
1013*4882a593Smuzhiyun if (expected_ret == ACCEPT || expected_ret == VERBOSE_ACCEPT) {
1014*4882a593Smuzhiyun if (fd_prog < 0) {
1015*4882a593Smuzhiyun printf("FAIL\nFailed to load prog '%s'!\n",
1016*4882a593Smuzhiyun strerror(errno));
1017*4882a593Smuzhiyun goto fail_log;
1018*4882a593Smuzhiyun }
1019*4882a593Smuzhiyun #ifndef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
1020*4882a593Smuzhiyun if (fd_prog >= 0 &&
1021*4882a593Smuzhiyun (test->flags & F_NEEDS_EFFICIENT_UNALIGNED_ACCESS))
1022*4882a593Smuzhiyun alignment_prevented_execution = 1;
1023*4882a593Smuzhiyun #endif
1024*4882a593Smuzhiyun if (expected_ret == VERBOSE_ACCEPT && !cmp_str_seq(bpf_vlog, expected_err)) {
1025*4882a593Smuzhiyun goto fail_log;
1026*4882a593Smuzhiyun }
1027*4882a593Smuzhiyun } else {
1028*4882a593Smuzhiyun if (fd_prog >= 0) {
1029*4882a593Smuzhiyun printf("FAIL\nUnexpected success to load!\n");
1030*4882a593Smuzhiyun goto fail_log;
1031*4882a593Smuzhiyun }
1032*4882a593Smuzhiyun if (!expected_err || !strstr(bpf_vlog, expected_err)) {
1033*4882a593Smuzhiyun printf("FAIL\nUnexpected error message!\n\tEXP: %s\n\tRES: %s\n",
1034*4882a593Smuzhiyun expected_err, bpf_vlog);
1035*4882a593Smuzhiyun goto fail_log;
1036*4882a593Smuzhiyun }
1037*4882a593Smuzhiyun }
1038*4882a593Smuzhiyun
1039*4882a593Smuzhiyun if (!unpriv && test->insn_processed) {
1040*4882a593Smuzhiyun uint32_t insn_processed;
1041*4882a593Smuzhiyun char *proc;
1042*4882a593Smuzhiyun
1043*4882a593Smuzhiyun proc = strstr(bpf_vlog, "processed ");
1044*4882a593Smuzhiyun insn_processed = atoi(proc + 10);
1045*4882a593Smuzhiyun if (test->insn_processed != insn_processed) {
1046*4882a593Smuzhiyun printf("FAIL\nUnexpected insn_processed %u vs %u\n",
1047*4882a593Smuzhiyun insn_processed, test->insn_processed);
1048*4882a593Smuzhiyun goto fail_log;
1049*4882a593Smuzhiyun }
1050*4882a593Smuzhiyun }
1051*4882a593Smuzhiyun
1052*4882a593Smuzhiyun if (verbose)
1053*4882a593Smuzhiyun printf(", verifier log:\n%s", bpf_vlog);
1054*4882a593Smuzhiyun
1055*4882a593Smuzhiyun run_errs = 0;
1056*4882a593Smuzhiyun run_successes = 0;
1057*4882a593Smuzhiyun if (!alignment_prevented_execution && fd_prog >= 0 && test->runs >= 0) {
1058*4882a593Smuzhiyun uint32_t expected_val;
1059*4882a593Smuzhiyun int i;
1060*4882a593Smuzhiyun
1061*4882a593Smuzhiyun if (!test->runs)
1062*4882a593Smuzhiyun test->runs = 1;
1063*4882a593Smuzhiyun
1064*4882a593Smuzhiyun for (i = 0; i < test->runs; i++) {
1065*4882a593Smuzhiyun if (unpriv && test->retvals[i].retval_unpriv)
1066*4882a593Smuzhiyun expected_val = test->retvals[i].retval_unpriv;
1067*4882a593Smuzhiyun else
1068*4882a593Smuzhiyun expected_val = test->retvals[i].retval;
1069*4882a593Smuzhiyun
1070*4882a593Smuzhiyun err = do_prog_test_run(fd_prog, unpriv, expected_val,
1071*4882a593Smuzhiyun test->retvals[i].data,
1072*4882a593Smuzhiyun sizeof(test->retvals[i].data));
1073*4882a593Smuzhiyun if (err) {
1074*4882a593Smuzhiyun printf("(run %d/%d) ", i + 1, test->runs);
1075*4882a593Smuzhiyun run_errs++;
1076*4882a593Smuzhiyun } else {
1077*4882a593Smuzhiyun run_successes++;
1078*4882a593Smuzhiyun }
1079*4882a593Smuzhiyun }
1080*4882a593Smuzhiyun }
1081*4882a593Smuzhiyun
1082*4882a593Smuzhiyun if (!run_errs) {
1083*4882a593Smuzhiyun (*passes)++;
1084*4882a593Smuzhiyun if (run_successes > 1)
1085*4882a593Smuzhiyun printf("%d cases ", run_successes);
1086*4882a593Smuzhiyun printf("OK");
1087*4882a593Smuzhiyun if (alignment_prevented_execution)
1088*4882a593Smuzhiyun printf(" (NOTE: not executed due to unknown alignment)");
1089*4882a593Smuzhiyun printf("\n");
1090*4882a593Smuzhiyun } else {
1091*4882a593Smuzhiyun printf("\n");
1092*4882a593Smuzhiyun goto fail_log;
1093*4882a593Smuzhiyun }
1094*4882a593Smuzhiyun close_fds:
1095*4882a593Smuzhiyun if (test->fill_insns)
1096*4882a593Smuzhiyun free(test->fill_insns);
1097*4882a593Smuzhiyun close(fd_prog);
1098*4882a593Smuzhiyun for (i = 0; i < MAX_NR_MAPS; i++)
1099*4882a593Smuzhiyun close(map_fds[i]);
1100*4882a593Smuzhiyun sched_yield();
1101*4882a593Smuzhiyun return;
1102*4882a593Smuzhiyun fail_log:
1103*4882a593Smuzhiyun (*errors)++;
1104*4882a593Smuzhiyun printf("%s", bpf_vlog);
1105*4882a593Smuzhiyun goto close_fds;
1106*4882a593Smuzhiyun }
1107*4882a593Smuzhiyun
is_admin(void)1108*4882a593Smuzhiyun static bool is_admin(void)
1109*4882a593Smuzhiyun {
1110*4882a593Smuzhiyun cap_flag_value_t net_priv = CAP_CLEAR;
1111*4882a593Smuzhiyun bool perfmon_priv = false;
1112*4882a593Smuzhiyun bool bpf_priv = false;
1113*4882a593Smuzhiyun struct libcap *cap;
1114*4882a593Smuzhiyun cap_t caps;
1115*4882a593Smuzhiyun
1116*4882a593Smuzhiyun #ifdef CAP_IS_SUPPORTED
1117*4882a593Smuzhiyun if (!CAP_IS_SUPPORTED(CAP_SETFCAP)) {
1118*4882a593Smuzhiyun perror("cap_get_flag");
1119*4882a593Smuzhiyun return false;
1120*4882a593Smuzhiyun }
1121*4882a593Smuzhiyun #endif
1122*4882a593Smuzhiyun caps = cap_get_proc();
1123*4882a593Smuzhiyun if (!caps) {
1124*4882a593Smuzhiyun perror("cap_get_proc");
1125*4882a593Smuzhiyun return false;
1126*4882a593Smuzhiyun }
1127*4882a593Smuzhiyun cap = (struct libcap *)caps;
1128*4882a593Smuzhiyun bpf_priv = cap->data[1].effective & (1 << (39/* CAP_BPF */ - 32));
1129*4882a593Smuzhiyun perfmon_priv = cap->data[1].effective & (1 << (38/* CAP_PERFMON */ - 32));
1130*4882a593Smuzhiyun if (cap_get_flag(caps, CAP_NET_ADMIN, CAP_EFFECTIVE, &net_priv))
1131*4882a593Smuzhiyun perror("cap_get_flag NET");
1132*4882a593Smuzhiyun if (cap_free(caps))
1133*4882a593Smuzhiyun perror("cap_free");
1134*4882a593Smuzhiyun return bpf_priv && perfmon_priv && net_priv == CAP_SET;
1135*4882a593Smuzhiyun }
1136*4882a593Smuzhiyun
get_unpriv_disabled()1137*4882a593Smuzhiyun static void get_unpriv_disabled()
1138*4882a593Smuzhiyun {
1139*4882a593Smuzhiyun char buf[2];
1140*4882a593Smuzhiyun FILE *fd;
1141*4882a593Smuzhiyun
1142*4882a593Smuzhiyun fd = fopen("/proc/sys/"UNPRIV_SYSCTL, "r");
1143*4882a593Smuzhiyun if (!fd) {
1144*4882a593Smuzhiyun perror("fopen /proc/sys/"UNPRIV_SYSCTL);
1145*4882a593Smuzhiyun unpriv_disabled = true;
1146*4882a593Smuzhiyun return;
1147*4882a593Smuzhiyun }
1148*4882a593Smuzhiyun if (fgets(buf, 2, fd) == buf && atoi(buf))
1149*4882a593Smuzhiyun unpriv_disabled = true;
1150*4882a593Smuzhiyun fclose(fd);
1151*4882a593Smuzhiyun }
1152*4882a593Smuzhiyun
test_as_unpriv(struct bpf_test * test)1153*4882a593Smuzhiyun static bool test_as_unpriv(struct bpf_test *test)
1154*4882a593Smuzhiyun {
1155*4882a593Smuzhiyun return !test->prog_type ||
1156*4882a593Smuzhiyun test->prog_type == BPF_PROG_TYPE_SOCKET_FILTER ||
1157*4882a593Smuzhiyun test->prog_type == BPF_PROG_TYPE_CGROUP_SKB;
1158*4882a593Smuzhiyun }
1159*4882a593Smuzhiyun
do_test(bool unpriv,unsigned int from,unsigned int to)1160*4882a593Smuzhiyun static int do_test(bool unpriv, unsigned int from, unsigned int to)
1161*4882a593Smuzhiyun {
1162*4882a593Smuzhiyun int i, passes = 0, errors = 0;
1163*4882a593Smuzhiyun
1164*4882a593Smuzhiyun for (i = from; i < to; i++) {
1165*4882a593Smuzhiyun struct bpf_test *test = &tests[i];
1166*4882a593Smuzhiyun
1167*4882a593Smuzhiyun /* Program types that are not supported by non-root we
1168*4882a593Smuzhiyun * skip right away.
1169*4882a593Smuzhiyun */
1170*4882a593Smuzhiyun if (test_as_unpriv(test) && unpriv_disabled) {
1171*4882a593Smuzhiyun printf("#%d/u %s SKIP\n", i, test->descr);
1172*4882a593Smuzhiyun skips++;
1173*4882a593Smuzhiyun } else if (test_as_unpriv(test)) {
1174*4882a593Smuzhiyun if (!unpriv)
1175*4882a593Smuzhiyun set_admin(false);
1176*4882a593Smuzhiyun printf("#%d/u %s ", i, test->descr);
1177*4882a593Smuzhiyun do_test_single(test, true, &passes, &errors);
1178*4882a593Smuzhiyun if (!unpriv)
1179*4882a593Smuzhiyun set_admin(true);
1180*4882a593Smuzhiyun }
1181*4882a593Smuzhiyun
1182*4882a593Smuzhiyun if (unpriv) {
1183*4882a593Smuzhiyun printf("#%d/p %s SKIP\n", i, test->descr);
1184*4882a593Smuzhiyun skips++;
1185*4882a593Smuzhiyun } else {
1186*4882a593Smuzhiyun printf("#%d/p %s ", i, test->descr);
1187*4882a593Smuzhiyun do_test_single(test, false, &passes, &errors);
1188*4882a593Smuzhiyun }
1189*4882a593Smuzhiyun }
1190*4882a593Smuzhiyun
1191*4882a593Smuzhiyun printf("Summary: %d PASSED, %d SKIPPED, %d FAILED\n", passes,
1192*4882a593Smuzhiyun skips, errors);
1193*4882a593Smuzhiyun return errors ? EXIT_FAILURE : EXIT_SUCCESS;
1194*4882a593Smuzhiyun }
1195*4882a593Smuzhiyun
main(int argc,char ** argv)1196*4882a593Smuzhiyun int main(int argc, char **argv)
1197*4882a593Smuzhiyun {
1198*4882a593Smuzhiyun unsigned int from = 0, to = ARRAY_SIZE(tests);
1199*4882a593Smuzhiyun bool unpriv = !is_admin();
1200*4882a593Smuzhiyun int arg = 1;
1201*4882a593Smuzhiyun
1202*4882a593Smuzhiyun if (argc > 1 && strcmp(argv[1], "-v") == 0) {
1203*4882a593Smuzhiyun arg++;
1204*4882a593Smuzhiyun verbose = true;
1205*4882a593Smuzhiyun argc--;
1206*4882a593Smuzhiyun }
1207*4882a593Smuzhiyun
1208*4882a593Smuzhiyun if (argc == 3) {
1209*4882a593Smuzhiyun unsigned int l = atoi(argv[arg]);
1210*4882a593Smuzhiyun unsigned int u = atoi(argv[arg + 1]);
1211*4882a593Smuzhiyun
1212*4882a593Smuzhiyun if (l < to && u < to) {
1213*4882a593Smuzhiyun from = l;
1214*4882a593Smuzhiyun to = u + 1;
1215*4882a593Smuzhiyun }
1216*4882a593Smuzhiyun } else if (argc == 2) {
1217*4882a593Smuzhiyun unsigned int t = atoi(argv[arg]);
1218*4882a593Smuzhiyun
1219*4882a593Smuzhiyun if (t < to) {
1220*4882a593Smuzhiyun from = t;
1221*4882a593Smuzhiyun to = t + 1;
1222*4882a593Smuzhiyun }
1223*4882a593Smuzhiyun }
1224*4882a593Smuzhiyun
1225*4882a593Smuzhiyun get_unpriv_disabled();
1226*4882a593Smuzhiyun if (unpriv && unpriv_disabled) {
1227*4882a593Smuzhiyun printf("Cannot run as unprivileged user with sysctl %s.\n",
1228*4882a593Smuzhiyun UNPRIV_SYSCTL);
1229*4882a593Smuzhiyun return EXIT_FAILURE;
1230*4882a593Smuzhiyun }
1231*4882a593Smuzhiyun
1232*4882a593Smuzhiyun bpf_semi_rand_init();
1233*4882a593Smuzhiyun return do_test(unpriv, from, to);
1234*4882a593Smuzhiyun }
1235