1
2
3
4
5
6
7
8
9
10
11
12
13#include <endian.h>
14#include <asm/types.h>
15#include <linux/types.h>
16#include <stdint.h>
17#include <stdio.h>
18#include <stdlib.h>
19#include <unistd.h>
20#include <errno.h>
21#include <string.h>
22#include <stddef.h>
23#include <stdbool.h>
24#include <sched.h>
25#include <limits.h>
26#include <assert.h>
27
28#include <sys/capability.h>
29
30#include <linux/unistd.h>
31#include <linux/filter.h>
32#include <linux/bpf_perf_event.h>
33#include <linux/bpf.h>
34#include <linux/if_ether.h>
35#include <linux/btf.h>
36
37#include <bpf/bpf.h>
38#include <bpf/libbpf.h>
39
40#ifdef HAVE_GENHDR
41# include "autoconf.h"
42#else
43# if defined(__i386) || defined(__x86_64) || defined(__s390x__) || defined(__aarch64__)
44# define CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS 1
45# endif
46#endif
47#include "bpf_rlimit.h"
48#include "bpf_rand.h"
49#include "bpf_util.h"
50#include "test_btf.h"
51#include "../../../include/linux/filter.h"
52
53#define MAX_INSNS BPF_MAXINSNS
54#define MAX_TEST_INSNS 1000000
55#define MAX_FIXUPS 8
56#define MAX_NR_MAPS 19
57#define MAX_TEST_RUNS 8
58#define POINTER_VALUE 0xcafe4all
59#define TEST_DATA_LEN 64
60
61#define F_NEEDS_EFFICIENT_UNALIGNED_ACCESS (1 << 0)
62#define F_LOAD_WITH_STRICT_ALIGNMENT (1 << 1)
63
64#define UNPRIV_SYSCTL "kernel/unprivileged_bpf_disabled"
65static bool unpriv_disabled = false;
66static int skips;
67static bool verbose = false;
68
69struct bpf_test {
70 const char *descr;
71 struct bpf_insn insns[MAX_INSNS];
72 struct bpf_insn *fill_insns;
73 int fixup_map_hash_8b[MAX_FIXUPS];
74 int fixup_map_hash_48b[MAX_FIXUPS];
75 int fixup_map_hash_16b[MAX_FIXUPS];
76 int fixup_map_array_48b[MAX_FIXUPS];
77 int fixup_map_sockmap[MAX_FIXUPS];
78 int fixup_map_sockhash[MAX_FIXUPS];
79 int fixup_map_xskmap[MAX_FIXUPS];
80 int fixup_map_stacktrace[MAX_FIXUPS];
81 int fixup_prog1[MAX_FIXUPS];
82 int fixup_prog2[MAX_FIXUPS];
83 int fixup_map_in_map[MAX_FIXUPS];
84 int fixup_cgroup_storage[MAX_FIXUPS];
85 int fixup_percpu_cgroup_storage[MAX_FIXUPS];
86 int fixup_map_spin_lock[MAX_FIXUPS];
87 int fixup_map_array_ro[MAX_FIXUPS];
88 int fixup_map_array_wo[MAX_FIXUPS];
89 int fixup_map_array_small[MAX_FIXUPS];
90 int fixup_sk_storage_map[MAX_FIXUPS];
91 int fixup_map_event_output[MAX_FIXUPS];
92 const char *errstr;
93 const char *errstr_unpriv;
94 uint32_t insn_processed;
95 int prog_len;
96 enum {
97 UNDEF,
98 ACCEPT,
99 REJECT,
100 VERBOSE_ACCEPT,
101 } result, result_unpriv;
102 enum bpf_prog_type prog_type;
103 uint8_t flags;
104 void (*fill_helper)(struct bpf_test *self);
105 uint8_t runs;
106#define bpf_testdata_struct_t \
107 struct { \
108 uint32_t retval, retval_unpriv; \
109 union { \
110 __u8 data[TEST_DATA_LEN]; \
111 __u64 data64[TEST_DATA_LEN / 8]; \
112 }; \
113 }
114 union {
115 bpf_testdata_struct_t;
116 bpf_testdata_struct_t retvals[MAX_TEST_RUNS];
117 };
118 enum bpf_attach_type expected_attach_type;
119};
120
121
122
123
124#define MAX_ENTRIES 11
125
126struct test_val {
127 unsigned int index;
128 int foo[MAX_ENTRIES];
129};
130
131struct other_val {
132 long long foo;
133 long long bar;
134};
135
136static void bpf_fill_ld_abs_vlan_push_pop(struct bpf_test *self)
137{
138
139#define PUSH_CNT 51
140
141 unsigned int len = (1 << 15) - PUSH_CNT * 2 * 5 * 6;
142 struct bpf_insn *insn = self->fill_insns;
143 int i = 0, j, k = 0;
144
145 insn[i++] = BPF_MOV64_REG(BPF_REG_6, BPF_REG_1);
146loop:
147 for (j = 0; j < PUSH_CNT; j++) {
148 insn[i++] = BPF_LD_ABS(BPF_B, 0);
149
150 insn[i] = BPF_JMP32_IMM(BPF_JNE, BPF_REG_0, 0x34, len - i - 3);
151 i++;
152 insn[i++] = BPF_MOV64_REG(BPF_REG_1, BPF_REG_6);
153 insn[i++] = BPF_MOV64_IMM(BPF_REG_2, 1);
154 insn[i++] = BPF_MOV64_IMM(BPF_REG_3, 2);
155 insn[i++] = BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
156 BPF_FUNC_skb_vlan_push),
157 insn[i] = BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, len - i - 3);
158 i++;
159 }
160
161 for (j = 0; j < PUSH_CNT; j++) {
162 insn[i++] = BPF_LD_ABS(BPF_B, 0);
163 insn[i] = BPF_JMP32_IMM(BPF_JNE, BPF_REG_0, 0x34, len - i - 3);
164 i++;
165 insn[i++] = BPF_MOV64_REG(BPF_REG_1, BPF_REG_6);
166 insn[i++] = BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
167 BPF_FUNC_skb_vlan_pop),
168 insn[i] = BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, len - i - 3);
169 i++;
170 }
171 if (++k < 5)
172 goto loop;
173
174 for (; i < len - 3; i++)
175 insn[i] = BPF_ALU64_IMM(BPF_MOV, BPF_REG_0, 0xbef);
176 insn[len - 3] = BPF_JMP_A(1);
177
178 insn[len - 2] = BPF_MOV32_IMM(BPF_REG_0, 0);
179 insn[len - 1] = BPF_EXIT_INSN();
180 self->prog_len = len;
181}
182
183static void bpf_fill_jump_around_ld_abs(struct bpf_test *self)
184{
185 struct bpf_insn *insn = self->fill_insns;
186
187
188
189
190
191
192 unsigned int len = (1 << 15) / 7;
193 int i = 0;
194
195 insn[i++] = BPF_MOV64_REG(BPF_REG_6, BPF_REG_1);
196 insn[i++] = BPF_LD_ABS(BPF_B, 0);
197 insn[i] = BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 10, len - i - 2);
198 i++;
199 while (i < len - 1)
200 insn[i++] = BPF_LD_ABS(BPF_B, 1);
201 insn[i] = BPF_EXIT_INSN();
202 self->prog_len = i + 1;
203}
204
205static void bpf_fill_rand_ld_dw(struct bpf_test *self)
206{
207 struct bpf_insn *insn = self->fill_insns;
208 uint64_t res = 0;
209 int i = 0;
210
211 insn[i++] = BPF_MOV32_IMM(BPF_REG_0, 0);
212 while (i < self->retval) {
213 uint64_t val = bpf_semi_rand_get();
214 struct bpf_insn tmp[2] = { BPF_LD_IMM64(BPF_REG_1, val) };
215
216 res ^= val;
217 insn[i++] = tmp[0];
218 insn[i++] = tmp[1];
219 insn[i++] = BPF_ALU64_REG(BPF_XOR, BPF_REG_0, BPF_REG_1);
220 }
221 insn[i++] = BPF_MOV64_REG(BPF_REG_1, BPF_REG_0);
222 insn[i++] = BPF_ALU64_IMM(BPF_RSH, BPF_REG_1, 32);
223 insn[i++] = BPF_ALU64_REG(BPF_XOR, BPF_REG_0, BPF_REG_1);
224 insn[i] = BPF_EXIT_INSN();
225 self->prog_len = i + 1;
226 res ^= (res >> 32);
227 self->retval = (uint32_t)res;
228}
229
230#define MAX_JMP_SEQ 8192
231
232
233static void bpf_fill_scale1(struct bpf_test *self)
234{
235 struct bpf_insn *insn = self->fill_insns;
236 int i = 0, k = 0;
237
238 insn[i++] = BPF_MOV64_REG(BPF_REG_6, BPF_REG_1);
239
240 while (k++ < MAX_JMP_SEQ) {
241 insn[i++] = BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
242 BPF_FUNC_get_prandom_u32);
243 insn[i++] = BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, bpf_semi_rand_get(), 2);
244 insn[i++] = BPF_MOV64_REG(BPF_REG_1, BPF_REG_10);
245 insn[i++] = BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_6,
246 -8 * (k % 64 + 1));
247 }
248
249
250
251 while (i < MAX_TEST_INSNS - MAX_JMP_SEQ * 4)
252 insn[i++] = BPF_ALU64_IMM(BPF_MOV, BPF_REG_0, 42);
253 insn[i] = BPF_EXIT_INSN();
254 self->prog_len = i + 1;
255 self->retval = 42;
256}
257
258
259static void bpf_fill_scale2(struct bpf_test *self)
260{
261 struct bpf_insn *insn = self->fill_insns;
262 int i = 0, k = 0;
263
264#define FUNC_NEST 7
265 for (k = 0; k < FUNC_NEST; k++) {
266 insn[i++] = BPF_CALL_REL(1);
267 insn[i++] = BPF_EXIT_INSN();
268 }
269 insn[i++] = BPF_MOV64_REG(BPF_REG_6, BPF_REG_1);
270
271 k = 0;
272 while (k++ < MAX_JMP_SEQ) {
273 insn[i++] = BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
274 BPF_FUNC_get_prandom_u32);
275 insn[i++] = BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, bpf_semi_rand_get(), 2);
276 insn[i++] = BPF_MOV64_REG(BPF_REG_1, BPF_REG_10);
277 insn[i++] = BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_6,
278 -8 * (k % (64 - 4 * FUNC_NEST) + 1));
279 }
280 while (i < MAX_TEST_INSNS - MAX_JMP_SEQ * 4)
281 insn[i++] = BPF_ALU64_IMM(BPF_MOV, BPF_REG_0, 42);
282 insn[i] = BPF_EXIT_INSN();
283 self->prog_len = i + 1;
284 self->retval = 42;
285}
286
287static void bpf_fill_scale(struct bpf_test *self)
288{
289 switch (self->retval) {
290 case 1:
291 return bpf_fill_scale1(self);
292 case 2:
293 return bpf_fill_scale2(self);
294 default:
295 self->prog_len = 0;
296 break;
297 }
298}
299
300
301#define BPF_SK_LOOKUP(func) \
302 \
303 BPF_MOV64_IMM(BPF_REG_2, 0), \
304 BPF_STX_MEM(BPF_W, BPF_REG_10, BPF_REG_2, -8), \
305 BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -16), \
306 BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -24), \
307 BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -32), \
308 BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -40), \
309 BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -48), \
310 \
311 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), \
312 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -48), \
313 BPF_MOV64_IMM(BPF_REG_3, sizeof(struct bpf_sock_tuple)), \
314 BPF_MOV64_IMM(BPF_REG_4, 0), \
315 BPF_MOV64_IMM(BPF_REG_5, 0), \
316 BPF_EMIT_CALL(BPF_FUNC_ ## func)
317
318
319
320
321
322#define BPF_DIRECT_PKT_R2 \
323 BPF_MOV64_IMM(BPF_REG_0, 0), \
324 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, \
325 offsetof(struct __sk_buff, data)), \
326 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, \
327 offsetof(struct __sk_buff, data_end)), \
328 BPF_MOV64_REG(BPF_REG_4, BPF_REG_2), \
329 BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, 8), \
330 BPF_JMP_REG(BPF_JLE, BPF_REG_4, BPF_REG_3, 1), \
331 BPF_EXIT_INSN()
332
333
334
335
336#define BPF_RAND_UEXT_R7 \
337 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, \
338 BPF_FUNC_get_prandom_u32), \
339 BPF_MOV64_REG(BPF_REG_7, BPF_REG_0), \
340 BPF_ALU64_IMM(BPF_LSH, BPF_REG_7, 33), \
341 BPF_ALU64_IMM(BPF_RSH, BPF_REG_7, 33)
342
343
344
345
346#define BPF_RAND_SEXT_R7 \
347 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, \
348 BPF_FUNC_get_prandom_u32), \
349 BPF_MOV64_REG(BPF_REG_7, BPF_REG_0), \
350 BPF_ALU64_IMM(BPF_OR, BPF_REG_7, 0x80000000), \
351 BPF_ALU64_IMM(BPF_LSH, BPF_REG_7, 32), \
352 BPF_ALU64_IMM(BPF_ARSH, BPF_REG_7, 32)
353
354static struct bpf_test tests[] = {
355#define FILL_ARRAY
356#include <verifier/tests.h>
357#undef FILL_ARRAY
358};
359
360static int probe_filter_length(const struct bpf_insn *fp)
361{
362 int len;
363
364 for (len = MAX_INSNS - 1; len > 0; --len)
365 if (fp[len].code != 0 || fp[len].imm != 0)
366 break;
367 return len + 1;
368}
369
370static bool skip_unsupported_map(enum bpf_map_type map_type)
371{
372 if (!bpf_probe_map_type(map_type, 0)) {
373 printf("SKIP (unsupported map type %d)\n", map_type);
374 skips++;
375 return true;
376 }
377 return false;
378}
379
380static int __create_map(uint32_t type, uint32_t size_key,
381 uint32_t size_value, uint32_t max_elem,
382 uint32_t extra_flags)
383{
384 int fd;
385
386 fd = bpf_create_map(type, size_key, size_value, max_elem,
387 (type == BPF_MAP_TYPE_HASH ?
388 BPF_F_NO_PREALLOC : 0) | extra_flags);
389 if (fd < 0) {
390 if (skip_unsupported_map(type))
391 return -1;
392 printf("Failed to create hash map '%s'!\n", strerror(errno));
393 }
394
395 return fd;
396}
397
398static int create_map(uint32_t type, uint32_t size_key,
399 uint32_t size_value, uint32_t max_elem)
400{
401 return __create_map(type, size_key, size_value, max_elem, 0);
402}
403
404static void update_map(int fd, int index)
405{
406 struct test_val value = {
407 .index = (6 + 1) * sizeof(int),
408 .foo[6] = 0xabcdef12,
409 };
410
411 assert(!bpf_map_update_elem(fd, &index, &value, 0));
412}
413
414static int create_prog_dummy_simple(enum bpf_prog_type prog_type, int ret)
415{
416 struct bpf_insn prog[] = {
417 BPF_MOV64_IMM(BPF_REG_0, ret),
418 BPF_EXIT_INSN(),
419 };
420
421 return bpf_load_program(prog_type, prog,
422 ARRAY_SIZE(prog), "GPL", 0, NULL, 0);
423}
424
425static int create_prog_dummy_loop(enum bpf_prog_type prog_type, int mfd,
426 int idx, int ret)
427{
428 struct bpf_insn prog[] = {
429 BPF_MOV64_IMM(BPF_REG_3, idx),
430 BPF_LD_MAP_FD(BPF_REG_2, mfd),
431 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
432 BPF_FUNC_tail_call),
433 BPF_MOV64_IMM(BPF_REG_0, ret),
434 BPF_EXIT_INSN(),
435 };
436
437 return bpf_load_program(prog_type, prog,
438 ARRAY_SIZE(prog), "GPL", 0, NULL, 0);
439}
440
441static int create_prog_array(enum bpf_prog_type prog_type, uint32_t max_elem,
442 int p1key, int p2key, int p3key)
443{
444 int mfd, p1fd, p2fd, p3fd;
445
446 mfd = bpf_create_map(BPF_MAP_TYPE_PROG_ARRAY, sizeof(int),
447 sizeof(int), max_elem, 0);
448 if (mfd < 0) {
449 if (skip_unsupported_map(BPF_MAP_TYPE_PROG_ARRAY))
450 return -1;
451 printf("Failed to create prog array '%s'!\n", strerror(errno));
452 return -1;
453 }
454
455 p1fd = create_prog_dummy_simple(prog_type, 42);
456 p2fd = create_prog_dummy_loop(prog_type, mfd, p2key, 41);
457 p3fd = create_prog_dummy_simple(prog_type, 24);
458 if (p1fd < 0 || p2fd < 0 || p3fd < 0)
459 goto err;
460 if (bpf_map_update_elem(mfd, &p1key, &p1fd, BPF_ANY) < 0)
461 goto err;
462 if (bpf_map_update_elem(mfd, &p2key, &p2fd, BPF_ANY) < 0)
463 goto err;
464 if (bpf_map_update_elem(mfd, &p3key, &p3fd, BPF_ANY) < 0) {
465err:
466 close(mfd);
467 mfd = -1;
468 }
469 close(p3fd);
470 close(p2fd);
471 close(p1fd);
472 return mfd;
473}
474
475static int create_map_in_map(void)
476{
477 int inner_map_fd, outer_map_fd;
478
479 inner_map_fd = bpf_create_map(BPF_MAP_TYPE_ARRAY, sizeof(int),
480 sizeof(int), 1, 0);
481 if (inner_map_fd < 0) {
482 if (skip_unsupported_map(BPF_MAP_TYPE_ARRAY))
483 return -1;
484 printf("Failed to create array '%s'!\n", strerror(errno));
485 return inner_map_fd;
486 }
487
488 outer_map_fd = bpf_create_map_in_map(BPF_MAP_TYPE_ARRAY_OF_MAPS, NULL,
489 sizeof(int), inner_map_fd, 1, 0);
490 if (outer_map_fd < 0) {
491 if (skip_unsupported_map(BPF_MAP_TYPE_ARRAY_OF_MAPS))
492 return -1;
493 printf("Failed to create array of maps '%s'!\n",
494 strerror(errno));
495 }
496
497 close(inner_map_fd);
498
499 return outer_map_fd;
500}
501
502static int create_cgroup_storage(bool percpu)
503{
504 enum bpf_map_type type = percpu ? BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE :
505 BPF_MAP_TYPE_CGROUP_STORAGE;
506 int fd;
507
508 fd = bpf_create_map(type, sizeof(struct bpf_cgroup_storage_key),
509 TEST_DATA_LEN, 0, 0);
510 if (fd < 0) {
511 if (skip_unsupported_map(type))
512 return -1;
513 printf("Failed to create cgroup storage '%s'!\n",
514 strerror(errno));
515 }
516
517 return fd;
518}
519
520
521
522
523
524
525
526
527
528static const char btf_str_sec[] = "\0bpf_spin_lock\0val\0cnt\0l";
529static __u32 btf_raw_types[] = {
530
531 BTF_TYPE_INT_ENC(0, BTF_INT_SIGNED, 0, 32, 4),
532
533 BTF_TYPE_ENC(1, BTF_INFO_ENC(BTF_KIND_STRUCT, 0, 1), 4),
534 BTF_MEMBER_ENC(15, 1, 0),
535
536 BTF_TYPE_ENC(15, BTF_INFO_ENC(BTF_KIND_STRUCT, 0, 2), 8),
537 BTF_MEMBER_ENC(19, 1, 0),
538 BTF_MEMBER_ENC(23, 2, 32),
539};
540
541static int load_btf(void)
542{
543 struct btf_header hdr = {
544 .magic = BTF_MAGIC,
545 .version = BTF_VERSION,
546 .hdr_len = sizeof(struct btf_header),
547 .type_len = sizeof(btf_raw_types),
548 .str_off = sizeof(btf_raw_types),
549 .str_len = sizeof(btf_str_sec),
550 };
551 void *ptr, *raw_btf;
552 int btf_fd;
553
554 ptr = raw_btf = malloc(sizeof(hdr) + sizeof(btf_raw_types) +
555 sizeof(btf_str_sec));
556
557 memcpy(ptr, &hdr, sizeof(hdr));
558 ptr += sizeof(hdr);
559 memcpy(ptr, btf_raw_types, hdr.type_len);
560 ptr += hdr.type_len;
561 memcpy(ptr, btf_str_sec, hdr.str_len);
562 ptr += hdr.str_len;
563
564 btf_fd = bpf_load_btf(raw_btf, ptr - raw_btf, 0, 0, 0);
565 free(raw_btf);
566 if (btf_fd < 0)
567 return -1;
568 return btf_fd;
569}
570
571static int create_map_spin_lock(void)
572{
573 struct bpf_create_map_attr attr = {
574 .name = "test_map",
575 .map_type = BPF_MAP_TYPE_ARRAY,
576 .key_size = 4,
577 .value_size = 8,
578 .max_entries = 1,
579 .btf_key_type_id = 1,
580 .btf_value_type_id = 3,
581 };
582 int fd, btf_fd;
583
584 btf_fd = load_btf();
585 if (btf_fd < 0)
586 return -1;
587 attr.btf_fd = btf_fd;
588 fd = bpf_create_map_xattr(&attr);
589 if (fd < 0)
590 printf("Failed to create map with spin_lock\n");
591 return fd;
592}
593
594static int create_sk_storage_map(void)
595{
596 struct bpf_create_map_attr attr = {
597 .name = "test_map",
598 .map_type = BPF_MAP_TYPE_SK_STORAGE,
599 .key_size = 4,
600 .value_size = 8,
601 .max_entries = 0,
602 .map_flags = BPF_F_NO_PREALLOC,
603 .btf_key_type_id = 1,
604 .btf_value_type_id = 3,
605 };
606 int fd, btf_fd;
607
608 btf_fd = load_btf();
609 if (btf_fd < 0)
610 return -1;
611 attr.btf_fd = btf_fd;
612 fd = bpf_create_map_xattr(&attr);
613 close(attr.btf_fd);
614 if (fd < 0)
615 printf("Failed to create sk_storage_map\n");
616 return fd;
617}
618
619static char bpf_vlog[UINT_MAX >> 8];
620
621static void do_test_fixup(struct bpf_test *test, enum bpf_prog_type prog_type,
622 struct bpf_insn *prog, int *map_fds)
623{
624 int *fixup_map_hash_8b = test->fixup_map_hash_8b;
625 int *fixup_map_hash_48b = test->fixup_map_hash_48b;
626 int *fixup_map_hash_16b = test->fixup_map_hash_16b;
627 int *fixup_map_array_48b = test->fixup_map_array_48b;
628 int *fixup_map_sockmap = test->fixup_map_sockmap;
629 int *fixup_map_sockhash = test->fixup_map_sockhash;
630 int *fixup_map_xskmap = test->fixup_map_xskmap;
631 int *fixup_map_stacktrace = test->fixup_map_stacktrace;
632 int *fixup_prog1 = test->fixup_prog1;
633 int *fixup_prog2 = test->fixup_prog2;
634 int *fixup_map_in_map = test->fixup_map_in_map;
635 int *fixup_cgroup_storage = test->fixup_cgroup_storage;
636 int *fixup_percpu_cgroup_storage = test->fixup_percpu_cgroup_storage;
637 int *fixup_map_spin_lock = test->fixup_map_spin_lock;
638 int *fixup_map_array_ro = test->fixup_map_array_ro;
639 int *fixup_map_array_wo = test->fixup_map_array_wo;
640 int *fixup_map_array_small = test->fixup_map_array_small;
641 int *fixup_sk_storage_map = test->fixup_sk_storage_map;
642 int *fixup_map_event_output = test->fixup_map_event_output;
643
644 if (test->fill_helper) {
645 test->fill_insns = calloc(MAX_TEST_INSNS, sizeof(struct bpf_insn));
646 test->fill_helper(test);
647 }
648
649
650
651
652
653 if (*fixup_map_hash_8b) {
654 map_fds[0] = create_map(BPF_MAP_TYPE_HASH, sizeof(long long),
655 sizeof(long long), 1);
656 do {
657 prog[*fixup_map_hash_8b].imm = map_fds[0];
658 fixup_map_hash_8b++;
659 } while (*fixup_map_hash_8b);
660 }
661
662 if (*fixup_map_hash_48b) {
663 map_fds[1] = create_map(BPF_MAP_TYPE_HASH, sizeof(long long),
664 sizeof(struct test_val), 1);
665 do {
666 prog[*fixup_map_hash_48b].imm = map_fds[1];
667 fixup_map_hash_48b++;
668 } while (*fixup_map_hash_48b);
669 }
670
671 if (*fixup_map_hash_16b) {
672 map_fds[2] = create_map(BPF_MAP_TYPE_HASH, sizeof(long long),
673 sizeof(struct other_val), 1);
674 do {
675 prog[*fixup_map_hash_16b].imm = map_fds[2];
676 fixup_map_hash_16b++;
677 } while (*fixup_map_hash_16b);
678 }
679
680 if (*fixup_map_array_48b) {
681 map_fds[3] = create_map(BPF_MAP_TYPE_ARRAY, sizeof(int),
682 sizeof(struct test_val), 1);
683 update_map(map_fds[3], 0);
684 do {
685 prog[*fixup_map_array_48b].imm = map_fds[3];
686 fixup_map_array_48b++;
687 } while (*fixup_map_array_48b);
688 }
689
690 if (*fixup_prog1) {
691 map_fds[4] = create_prog_array(prog_type, 4, 0, 1, 2);
692 do {
693 prog[*fixup_prog1].imm = map_fds[4];
694 fixup_prog1++;
695 } while (*fixup_prog1);
696 }
697
698 if (*fixup_prog2) {
699 map_fds[5] = create_prog_array(prog_type, 8, 7, 1, 2);
700 do {
701 prog[*fixup_prog2].imm = map_fds[5];
702 fixup_prog2++;
703 } while (*fixup_prog2);
704 }
705
706 if (*fixup_map_in_map) {
707 map_fds[6] = create_map_in_map();
708 do {
709 prog[*fixup_map_in_map].imm = map_fds[6];
710 fixup_map_in_map++;
711 } while (*fixup_map_in_map);
712 }
713
714 if (*fixup_cgroup_storage) {
715 map_fds[7] = create_cgroup_storage(false);
716 do {
717 prog[*fixup_cgroup_storage].imm = map_fds[7];
718 fixup_cgroup_storage++;
719 } while (*fixup_cgroup_storage);
720 }
721
722 if (*fixup_percpu_cgroup_storage) {
723 map_fds[8] = create_cgroup_storage(true);
724 do {
725 prog[*fixup_percpu_cgroup_storage].imm = map_fds[8];
726 fixup_percpu_cgroup_storage++;
727 } while (*fixup_percpu_cgroup_storage);
728 }
729 if (*fixup_map_sockmap) {
730 map_fds[9] = create_map(BPF_MAP_TYPE_SOCKMAP, sizeof(int),
731 sizeof(int), 1);
732 do {
733 prog[*fixup_map_sockmap].imm = map_fds[9];
734 fixup_map_sockmap++;
735 } while (*fixup_map_sockmap);
736 }
737 if (*fixup_map_sockhash) {
738 map_fds[10] = create_map(BPF_MAP_TYPE_SOCKHASH, sizeof(int),
739 sizeof(int), 1);
740 do {
741 prog[*fixup_map_sockhash].imm = map_fds[10];
742 fixup_map_sockhash++;
743 } while (*fixup_map_sockhash);
744 }
745 if (*fixup_map_xskmap) {
746 map_fds[11] = create_map(BPF_MAP_TYPE_XSKMAP, sizeof(int),
747 sizeof(int), 1);
748 do {
749 prog[*fixup_map_xskmap].imm = map_fds[11];
750 fixup_map_xskmap++;
751 } while (*fixup_map_xskmap);
752 }
753 if (*fixup_map_stacktrace) {
754 map_fds[12] = create_map(BPF_MAP_TYPE_STACK_TRACE, sizeof(u32),
755 sizeof(u64), 1);
756 do {
757 prog[*fixup_map_stacktrace].imm = map_fds[12];
758 fixup_map_stacktrace++;
759 } while (*fixup_map_stacktrace);
760 }
761 if (*fixup_map_spin_lock) {
762 map_fds[13] = create_map_spin_lock();
763 do {
764 prog[*fixup_map_spin_lock].imm = map_fds[13];
765 fixup_map_spin_lock++;
766 } while (*fixup_map_spin_lock);
767 }
768 if (*fixup_map_array_ro) {
769 map_fds[14] = __create_map(BPF_MAP_TYPE_ARRAY, sizeof(int),
770 sizeof(struct test_val), 1,
771 BPF_F_RDONLY_PROG);
772 update_map(map_fds[14], 0);
773 do {
774 prog[*fixup_map_array_ro].imm = map_fds[14];
775 fixup_map_array_ro++;
776 } while (*fixup_map_array_ro);
777 }
778 if (*fixup_map_array_wo) {
779 map_fds[15] = __create_map(BPF_MAP_TYPE_ARRAY, sizeof(int),
780 sizeof(struct test_val), 1,
781 BPF_F_WRONLY_PROG);
782 update_map(map_fds[15], 0);
783 do {
784 prog[*fixup_map_array_wo].imm = map_fds[15];
785 fixup_map_array_wo++;
786 } while (*fixup_map_array_wo);
787 }
788 if (*fixup_map_array_small) {
789 map_fds[16] = __create_map(BPF_MAP_TYPE_ARRAY, sizeof(int),
790 1, 1, 0);
791 update_map(map_fds[16], 0);
792 do {
793 prog[*fixup_map_array_small].imm = map_fds[16];
794 fixup_map_array_small++;
795 } while (*fixup_map_array_small);
796 }
797 if (*fixup_sk_storage_map) {
798 map_fds[17] = create_sk_storage_map();
799 do {
800 prog[*fixup_sk_storage_map].imm = map_fds[17];
801 fixup_sk_storage_map++;
802 } while (*fixup_sk_storage_map);
803 }
804 if (*fixup_map_event_output) {
805 map_fds[18] = __create_map(BPF_MAP_TYPE_PERF_EVENT_ARRAY,
806 sizeof(int), sizeof(int), 1, 0);
807 do {
808 prog[*fixup_map_event_output].imm = map_fds[18];
809 fixup_map_event_output++;
810 } while (*fixup_map_event_output);
811 }
812}
813
814static int set_admin(bool admin)
815{
816 cap_t caps;
817 const cap_value_t cap_val = CAP_SYS_ADMIN;
818 int ret = -1;
819
820 caps = cap_get_proc();
821 if (!caps) {
822 perror("cap_get_proc");
823 return -1;
824 }
825 if (cap_set_flag(caps, CAP_EFFECTIVE, 1, &cap_val,
826 admin ? CAP_SET : CAP_CLEAR)) {
827 perror("cap_set_flag");
828 goto out;
829 }
830 if (cap_set_proc(caps)) {
831 perror("cap_set_proc");
832 goto out;
833 }
834 ret = 0;
835out:
836 if (cap_free(caps))
837 perror("cap_free");
838 return ret;
839}
840
841static int do_prog_test_run(int fd_prog, bool unpriv, uint32_t expected_val,
842 void *data, size_t size_data)
843{
844 __u8 tmp[TEST_DATA_LEN << 2];
845 __u32 size_tmp = sizeof(tmp);
846 uint32_t retval;
847 int err;
848
849 if (unpriv)
850 set_admin(true);
851 err = bpf_prog_test_run(fd_prog, 1, data, size_data,
852 tmp, &size_tmp, &retval, NULL);
853 if (unpriv)
854 set_admin(false);
855 if (err && errno != 524 && errno != EPERM) {
856 printf("Unexpected bpf_prog_test_run error ");
857 return err;
858 }
859 if (!err && retval != expected_val &&
860 expected_val != POINTER_VALUE) {
861 printf("FAIL retval %d != %d ", retval, expected_val);
862 return 1;
863 }
864
865 return 0;
866}
867
868static bool cmp_str_seq(const char *log, const char *exp)
869{
870 char needle[80];
871 const char *p, *q;
872 int len;
873
874 do {
875 p = strchr(exp, '\t');
876 if (!p)
877 p = exp + strlen(exp);
878
879 len = p - exp;
880 if (len >= sizeof(needle) || !len) {
881 printf("FAIL\nTestcase bug\n");
882 return false;
883 }
884 strncpy(needle, exp, len);
885 needle[len] = 0;
886 q = strstr(log, needle);
887 if (!q) {
888 printf("FAIL\nUnexpected verifier log in successful load!\n"
889 "EXP: %s\nRES:\n", needle);
890 return false;
891 }
892 log = q + len;
893 exp = p + 1;
894 } while (*p);
895 return true;
896}
897
898static void do_test_single(struct bpf_test *test, bool unpriv,
899 int *passes, int *errors)
900{
901 int fd_prog, expected_ret, alignment_prevented_execution;
902 int prog_len, prog_type = test->prog_type;
903 struct bpf_insn *prog = test->insns;
904 struct bpf_load_program_attr attr;
905 int run_errs, run_successes;
906 int map_fds[MAX_NR_MAPS];
907 const char *expected_err;
908 int fixup_skips;
909 __u32 pflags;
910 int i, err;
911
912 for (i = 0; i < MAX_NR_MAPS; i++)
913 map_fds[i] = -1;
914
915 if (!prog_type)
916 prog_type = BPF_PROG_TYPE_SOCKET_FILTER;
917 fixup_skips = skips;
918 do_test_fixup(test, prog_type, prog, map_fds);
919 if (test->fill_insns) {
920 prog = test->fill_insns;
921 prog_len = test->prog_len;
922 } else {
923 prog_len = probe_filter_length(prog);
924 }
925
926
927
928 if (fixup_skips != skips)
929 return;
930
931 pflags = BPF_F_TEST_RND_HI32;
932 if (test->flags & F_LOAD_WITH_STRICT_ALIGNMENT)
933 pflags |= BPF_F_STRICT_ALIGNMENT;
934 if (test->flags & F_NEEDS_EFFICIENT_UNALIGNED_ACCESS)
935 pflags |= BPF_F_ANY_ALIGNMENT;
936 if (test->flags & ~3)
937 pflags |= test->flags;
938
939 expected_ret = unpriv && test->result_unpriv != UNDEF ?
940 test->result_unpriv : test->result;
941 expected_err = unpriv && test->errstr_unpriv ?
942 test->errstr_unpriv : test->errstr;
943 memset(&attr, 0, sizeof(attr));
944 attr.prog_type = prog_type;
945 attr.expected_attach_type = test->expected_attach_type;
946 attr.insns = prog;
947 attr.insns_cnt = prog_len;
948 attr.license = "GPL";
949 attr.log_level = verbose || expected_ret == VERBOSE_ACCEPT ? 1 : 4;
950 attr.prog_flags = pflags;
951
952 fd_prog = bpf_load_program_xattr(&attr, bpf_vlog, sizeof(bpf_vlog));
953 if (fd_prog < 0 && !bpf_probe_prog_type(prog_type, 0)) {
954 printf("SKIP (unsupported program type %d)\n", prog_type);
955 skips++;
956 goto close_fds;
957 }
958
959 alignment_prevented_execution = 0;
960
961 if (expected_ret == ACCEPT || expected_ret == VERBOSE_ACCEPT) {
962 if (fd_prog < 0) {
963 printf("FAIL\nFailed to load prog '%s'!\n",
964 strerror(errno));
965 goto fail_log;
966 }
967#ifndef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
968 if (fd_prog >= 0 &&
969 (test->flags & F_NEEDS_EFFICIENT_UNALIGNED_ACCESS))
970 alignment_prevented_execution = 1;
971#endif
972 if (expected_ret == VERBOSE_ACCEPT && !cmp_str_seq(bpf_vlog, expected_err)) {
973 goto fail_log;
974 }
975 } else {
976 if (fd_prog >= 0) {
977 printf("FAIL\nUnexpected success to load!\n");
978 goto fail_log;
979 }
980 if (!expected_err || !strstr(bpf_vlog, expected_err)) {
981 printf("FAIL\nUnexpected error message!\n\tEXP: %s\n\tRES: %s\n",
982 expected_err, bpf_vlog);
983 goto fail_log;
984 }
985 }
986
987 if (test->insn_processed) {
988 uint32_t insn_processed;
989 char *proc;
990
991 proc = strstr(bpf_vlog, "processed ");
992 insn_processed = atoi(proc + 10);
993 if (test->insn_processed != insn_processed) {
994 printf("FAIL\nUnexpected insn_processed %u vs %u\n",
995 insn_processed, test->insn_processed);
996 goto fail_log;
997 }
998 }
999
1000 if (verbose)
1001 printf(", verifier log:\n%s", bpf_vlog);
1002
1003 run_errs = 0;
1004 run_successes = 0;
1005 if (!alignment_prevented_execution && fd_prog >= 0) {
1006 uint32_t expected_val;
1007 int i;
1008
1009 if (!test->runs)
1010 test->runs = 1;
1011
1012 for (i = 0; i < test->runs; i++) {
1013 if (unpriv && test->retvals[i].retval_unpriv)
1014 expected_val = test->retvals[i].retval_unpriv;
1015 else
1016 expected_val = test->retvals[i].retval;
1017
1018 err = do_prog_test_run(fd_prog, unpriv, expected_val,
1019 test->retvals[i].data,
1020 sizeof(test->retvals[i].data));
1021 if (err) {
1022 printf("(run %d/%d) ", i + 1, test->runs);
1023 run_errs++;
1024 } else {
1025 run_successes++;
1026 }
1027 }
1028 }
1029
1030 if (!run_errs) {
1031 (*passes)++;
1032 if (run_successes > 1)
1033 printf("%d cases ", run_successes);
1034 printf("OK");
1035 if (alignment_prevented_execution)
1036 printf(" (NOTE: not executed due to unknown alignment)");
1037 printf("\n");
1038 } else {
1039 printf("\n");
1040 goto fail_log;
1041 }
1042close_fds:
1043 if (test->fill_insns)
1044 free(test->fill_insns);
1045 close(fd_prog);
1046 for (i = 0; i < MAX_NR_MAPS; i++)
1047 close(map_fds[i]);
1048 sched_yield();
1049 return;
1050fail_log:
1051 (*errors)++;
1052 printf("%s", bpf_vlog);
1053 goto close_fds;
1054}
1055
1056static bool is_admin(void)
1057{
1058 cap_t caps;
1059 cap_flag_value_t sysadmin = CAP_CLEAR;
1060 const cap_value_t cap_val = CAP_SYS_ADMIN;
1061
1062#ifdef CAP_IS_SUPPORTED
1063 if (!CAP_IS_SUPPORTED(CAP_SETFCAP)) {
1064 perror("cap_get_flag");
1065 return false;
1066 }
1067#endif
1068 caps = cap_get_proc();
1069 if (!caps) {
1070 perror("cap_get_proc");
1071 return false;
1072 }
1073 if (cap_get_flag(caps, cap_val, CAP_EFFECTIVE, &sysadmin))
1074 perror("cap_get_flag");
1075 if (cap_free(caps))
1076 perror("cap_free");
1077 return (sysadmin == CAP_SET);
1078}
1079
1080static void get_unpriv_disabled()
1081{
1082 char buf[2];
1083 FILE *fd;
1084
1085 fd = fopen("/proc/sys/"UNPRIV_SYSCTL, "r");
1086 if (!fd) {
1087 perror("fopen /proc/sys/"UNPRIV_SYSCTL);
1088 unpriv_disabled = true;
1089 return;
1090 }
1091 if (fgets(buf, 2, fd) == buf && atoi(buf))
1092 unpriv_disabled = true;
1093 fclose(fd);
1094}
1095
1096static bool test_as_unpriv(struct bpf_test *test)
1097{
1098 return !test->prog_type ||
1099 test->prog_type == BPF_PROG_TYPE_SOCKET_FILTER ||
1100 test->prog_type == BPF_PROG_TYPE_CGROUP_SKB;
1101}
1102
1103static int do_test(bool unpriv, unsigned int from, unsigned int to)
1104{
1105 int i, passes = 0, errors = 0;
1106
1107 for (i = from; i < to; i++) {
1108 struct bpf_test *test = &tests[i];
1109
1110
1111
1112
1113 if (test_as_unpriv(test) && unpriv_disabled) {
1114 printf("#%d/u %s SKIP\n", i, test->descr);
1115 skips++;
1116 } else if (test_as_unpriv(test)) {
1117 if (!unpriv)
1118 set_admin(false);
1119 printf("#%d/u %s ", i, test->descr);
1120 do_test_single(test, true, &passes, &errors);
1121 if (!unpriv)
1122 set_admin(true);
1123 }
1124
1125 if (unpriv) {
1126 printf("#%d/p %s SKIP\n", i, test->descr);
1127 skips++;
1128 } else {
1129 printf("#%d/p %s ", i, test->descr);
1130 do_test_single(test, false, &passes, &errors);
1131 }
1132 }
1133
1134 printf("Summary: %d PASSED, %d SKIPPED, %d FAILED\n", passes,
1135 skips, errors);
1136 return errors ? EXIT_FAILURE : EXIT_SUCCESS;
1137}
1138
1139int main(int argc, char **argv)
1140{
1141 unsigned int from = 0, to = ARRAY_SIZE(tests);
1142 bool unpriv = !is_admin();
1143 int arg = 1;
1144
1145 if (argc > 1 && strcmp(argv[1], "-v") == 0) {
1146 arg++;
1147 verbose = true;
1148 argc--;
1149 }
1150
1151 if (argc == 3) {
1152 unsigned int l = atoi(argv[arg]);
1153 unsigned int u = atoi(argv[arg + 1]);
1154
1155 if (l < to && u < to) {
1156 from = l;
1157 to = u + 1;
1158 }
1159 } else if (argc == 2) {
1160 unsigned int t = atoi(argv[arg]);
1161
1162 if (t < to) {
1163 from = t;
1164 to = t + 1;
1165 }
1166 }
1167
1168 get_unpriv_disabled();
1169 if (unpriv && unpriv_disabled) {
1170 printf("Cannot run as unprivileged user with sysctl %s.\n",
1171 UNPRIV_SYSCTL);
1172 return EXIT_FAILURE;
1173 }
1174
1175 bpf_semi_rand_init();
1176 return do_test(unpriv, from, to);
1177}
1178
