// SPDX-License-Identifier: GPL-2.0
/*
 * Test that the flow_dissector program can be updated with a single
 * syscall by attaching a new program that replaces the existing one.
 *
 * Corner case - the same program cannot be attached twice.
 */

#define _GNU_SOURCE
#include <errno.h>
#include <fcntl.h>
#include <sched.h>
#include <stdbool.h>
#include <unistd.h>

#include <linux/bpf.h>
#include <bpf/bpf.h>

#include "test_progs.h"

static bool is_attached(int netns)
{
        __u32 cnt;
        int err;

        err = bpf_prog_query(netns, BPF_FLOW_DISSECTOR, 0, NULL, NULL, &cnt);
        if (CHECK_FAIL(err)) {
                perror("bpf_prog_query");
                return true; /* fail-safe */
        }

        return cnt > 0;
}

static int load_prog(void)
{
        struct bpf_insn prog[] = {
                BPF_MOV64_IMM(BPF_REG_0, BPF_OK),
                BPF_EXIT_INSN(),
        };
        int fd;

        fd = bpf_load_program(BPF_PROG_TYPE_FLOW_DISSECTOR, prog,
                              ARRAY_SIZE(prog), "GPL", 0, NULL, 0);
        if (CHECK_FAIL(fd < 0))
                perror("bpf_load_program");

        return fd;
}

static void do_flow_dissector_reattach(void)
{
        int prog_fd[2] = { -1, -1 };
        int err;

        prog_fd[0] = load_prog();
        if (prog_fd[0] < 0)
                return;

        prog_fd[1] = load_prog();
        if (prog_fd[1] < 0)
                goto out_close;

        err = bpf_prog_attach(prog_fd[0], 0, BPF_FLOW_DISSECTOR, 0);
        if (CHECK_FAIL(err)) {
                perror("bpf_prog_attach-0");
                goto out_close;
        }

        /* Expect success when attaching a different program */
        err = bpf_prog_attach(prog_fd[1], 0, BPF_FLOW_DISSECTOR, 0);
        if (CHECK_FAIL(err)) {
                perror("bpf_prog_attach-1");
                goto out_detach;
        }

        /* Expect failure when attaching the same program twice */
        err = bpf_prog_attach(prog_fd[1], 0, BPF_FLOW_DISSECTOR, 0);
        if (CHECK_FAIL(!err || errno != EINVAL))
                perror("bpf_prog_attach-2");

out_detach:
        err = bpf_prog_detach(0, BPF_FLOW_DISSECTOR);
        if (CHECK_FAIL(err))
                perror("bpf_prog_detach");

out_close:
        close(prog_fd[1]);
        close(prog_fd[0]);
}

void test_flow_dissector_reattach(void)
{
        int init_net, self_net, err;

        self_net = open("/proc/self/ns/net", O_RDONLY);
        if (CHECK_FAIL(self_net < 0)) {
                perror("open(/proc/self/ns/net");
                return;
        }

        init_net = open("/proc/1/ns/net", O_RDONLY);
        if (CHECK_FAIL(init_net < 0)) {
                perror("open(/proc/1/ns/net)");
                goto out_close;
        }

        err = setns(init_net, CLONE_NEWNET);
        if (CHECK_FAIL(err)) {
                perror("setns(/proc/1/ns/net)");
                goto out_close;
        }

        if (is_attached(init_net)) {
                test__skip();
                printf("Can't test with flow dissector attached to init_net\n");
                goto out_setns;
        }

        /* First run tests in root network namespace */
        do_flow_dissector_reattach();

        /* Then repeat tests in a non-root namespace */
        err = unshare(CLONE_NEWNET);
        if (CHECK_FAIL(err)) {
                perror("unshare(CLONE_NEWNET)");
                goto out_setns;
        }
        do_flow_dissector_reattach();

out_setns:
        /* Move back to netns we started in. */
        err = setns(self_net, CLONE_NEWNET);
        if (CHECK_FAIL(err))
                perror("setns(/proc/self/ns/net)");

out_close:
        close(init_net);
        close(self_net);
}