selftests/bpf: Add tests for kfunc returning a memory pointer

	WARN_ON_ONCE(1);

}

static int *__bpf_kfunc_call_test_get_mem(struct prog_test_ref_kfunc *p, const int size)

{

	if (size > 2 * sizeof(int))

		return NULL;

	return (int *)p;

}

noinline int *bpf_kfunc_call_test_get_rdwr_mem(struct prog_test_ref_kfunc *p, const int rdwr_buf_size)

{

	return __bpf_kfunc_call_test_get_mem(p, rdwr_buf_size);

}

noinline int *bpf_kfunc_call_test_get_rdonly_mem(struct prog_test_ref_kfunc *p, const int rdonly_buf_size)

{

	return __bpf_kfunc_call_test_get_mem(p, rdonly_buf_size);

}

/* the next 2 ones can't be really used for testing expect to ensure

 * that the verifier rejects the call.

 * Acquire functions must return struct pointers, so these ones are

 * failing.

 */

noinline int *bpf_kfunc_call_test_acq_rdonly_mem(struct prog_test_ref_kfunc *p, const int rdonly_buf_size)

{

	return __bpf_kfunc_call_test_get_mem(p, rdonly_buf_size);

}

noinline void bpf_kfunc_call_int_mem_release(int *p)

{

}

noinline struct prog_test_ref_kfunc *

bpf_kfunc_call_test_kptr_get(struct prog_test_ref_kfunc **pp, int a, int b)

{

BTF_ID_FLAGS(func, bpf_kfunc_call_test_release, KF_RELEASE)

BTF_ID_FLAGS(func, bpf_kfunc_call_memb_release, KF_RELEASE)

BTF_ID_FLAGS(func, bpf_kfunc_call_memb1_release, KF_RELEASE)

BTF_ID_FLAGS(func, bpf_kfunc_call_test_get_rdwr_mem, KF_RET_NULL)

BTF_ID_FLAGS(func, bpf_kfunc_call_test_get_rdonly_mem, KF_RET_NULL)

BTF_ID_FLAGS(func, bpf_kfunc_call_test_acq_rdonly_mem, KF_ACQUIRE | KF_RET_NULL)

BTF_ID_FLAGS(func, bpf_kfunc_call_int_mem_release, KF_RELEASE)

BTF_ID_FLAGS(func, bpf_kfunc_call_test_kptr_get, KF_ACQUIRE | KF_RET_NULL | KF_KPTR_GET)

BTF_ID_FLAGS(func, bpf_kfunc_call_test_pass_ctx)

BTF_ID_FLAGS(func, bpf_kfunc_call_test_pass1)

#define SYSCALL_TEST(name, retval) __BPF_TEST_SUCCESS(name, retval, syscall_test)

#define SYSCALL_NULL_CTX_TEST(name, retval) __BPF_TEST_SUCCESS(name, retval, syscall_null_ctx_test)

#define TC_FAIL(name, retval, error_msg) __BPF_TEST_FAIL(name, retval, tc_test, error_msg)

#define SYSCALL_NULL_CTX_FAIL(name, retval, error_msg) \

	__BPF_TEST_FAIL(name, retval, syscall_null_ctx_test, error_msg)

	 */

	SYSCALL_NULL_CTX_FAIL(kfunc_syscall_test_fail, -EINVAL, "processed 4 insns"),

	SYSCALL_NULL_CTX_FAIL(kfunc_syscall_test_null_fail, -EINVAL, "processed 4 insns"),

	TC_FAIL(kfunc_call_test_get_mem_fail_rdonly, 0, "R0 cannot write into rdonly_mem"),

	TC_FAIL(kfunc_call_test_get_mem_fail_use_after_free, 0, "invalid mem access 'scalar'"),

	TC_FAIL(kfunc_call_test_get_mem_fail_oob, 0, "min value is outside of the allowed memory range"),

	TC_FAIL(kfunc_call_test_get_mem_fail_not_const, 0, "is not a const"),

	TC_FAIL(kfunc_call_test_mem_acquire_fail, 0, "acquire kernel function does not return PTR_TO_BTF_ID"),

	/* success cases */

	TC_TEST(kfunc_call_test1, 12),

	TC_TEST(kfunc_call_test2, 3),

	TC_TEST(kfunc_call_test_ref_btf_id, 0),

	TC_TEST(kfunc_call_test_get_mem, 42),

	SYSCALL_TEST(kfunc_syscall_test, 0),

	SYSCALL_NULL_CTX_TEST(kfunc_syscall_test_null, 0),

};

#include <vmlinux.h>

#include <bpf/bpf_helpers.h>

extern struct prog_test_ref_kfunc *bpf_kfunc_call_test_acquire(unsigned long *sp) __ksym;

extern void bpf_kfunc_call_test_release(struct prog_test_ref_kfunc *p) __ksym;

extern void bpf_kfunc_call_test_mem_len_pass1(void *mem, int len) __ksym;

extern int *bpf_kfunc_call_test_get_rdwr_mem(struct prog_test_ref_kfunc *p, const int rdwr_buf_size) __ksym;

extern int *bpf_kfunc_call_test_get_rdonly_mem(struct prog_test_ref_kfunc *p, const int rdonly_buf_size) __ksym;

extern int *bpf_kfunc_call_test_acq_rdonly_mem(struct prog_test_ref_kfunc *p, const int rdonly_buf_size) __ksym;

extern void bpf_kfunc_call_int_mem_release(int *p) __ksym;

struct syscall_test_args {

	__u8 data[16];

	return 0;

}

SEC("?tc")

int kfunc_call_test_get_mem_fail_rdonly(struct __sk_buff *skb)

{

	struct prog_test_ref_kfunc *pt;

	unsigned long s = 0;

	int *p = NULL;

	int ret = 0;

	pt = bpf_kfunc_call_test_acquire(&s);

	if (pt) {

		p = bpf_kfunc_call_test_get_rdonly_mem(pt, 2 * sizeof(int));

		if (p)

			p[0] = 42; /* this is a read-only buffer, so -EACCES */

		else

			ret = -1;

		bpf_kfunc_call_test_release(pt);

	}

	return ret;

}

SEC("?tc")

int kfunc_call_test_get_mem_fail_use_after_free(struct __sk_buff *skb)

{

	struct prog_test_ref_kfunc *pt;

	unsigned long s = 0;

	int *p = NULL;

	int ret = 0;

	pt = bpf_kfunc_call_test_acquire(&s);

	if (pt) {

		p = bpf_kfunc_call_test_get_rdwr_mem(pt, 2 * sizeof(int));

		if (p) {

			p[0] = 42;

			ret = p[1]; /* 108 */

		} else {

			ret = -1;

		}

		bpf_kfunc_call_test_release(pt);

	}

	if (p)

		ret = p[0]; /* p is not valid anymore */

	return ret;

}

SEC("?tc")

int kfunc_call_test_get_mem_fail_oob(struct __sk_buff *skb)

{

	struct prog_test_ref_kfunc *pt;

	unsigned long s = 0;

	int *p = NULL;

	int ret = 0;

	pt = bpf_kfunc_call_test_acquire(&s);

	if (pt) {

		p = bpf_kfunc_call_test_get_rdonly_mem(pt, 2 * sizeof(int));

		if (p)

			ret = p[2 * sizeof(int)]; /* oob access, so -EACCES */

		else

			ret = -1;

		bpf_kfunc_call_test_release(pt);

	}

	return ret;

}

int not_const_size = 2 * sizeof(int);

SEC("?tc")

int kfunc_call_test_get_mem_fail_not_const(struct __sk_buff *skb)

{

	struct prog_test_ref_kfunc *pt;

	unsigned long s = 0;

	int *p = NULL;

	int ret = 0;

	pt = bpf_kfunc_call_test_acquire(&s);

	if (pt) {

		p = bpf_kfunc_call_test_get_rdonly_mem(pt, not_const_size); /* non const size, -EINVAL */

		if (p)

			ret = p[0];

		else

			ret = -1;

		bpf_kfunc_call_test_release(pt);

	}

	return ret;

}

SEC("?tc")

int kfunc_call_test_mem_acquire_fail(struct __sk_buff *skb)

{

	struct prog_test_ref_kfunc *pt;

	unsigned long s = 0;

	int *p = NULL;

	int ret = 0;

	pt = bpf_kfunc_call_test_acquire(&s);

	if (pt) {

		/* we are failing on this one, because we are not acquiring a PTR_TO_BTF_ID (a struct ptr) */

		p = bpf_kfunc_call_test_acq_rdonly_mem(pt, 2 * sizeof(int));

		if (p)

			ret = p[0];

		else

			ret = -1;

		bpf_kfunc_call_int_mem_release(p);

		bpf_kfunc_call_test_release(pt);

	}

	return ret;

}

char _license[] SEC("license") = "GPL";

extern void bpf_kfunc_call_test_pass2(struct prog_test_pass2 *p) __ksym;

extern void bpf_kfunc_call_test_mem_len_pass1(void *mem, int len) __ksym;

extern void bpf_kfunc_call_test_mem_len_fail2(__u64 *mem, int len) __ksym;

extern int *bpf_kfunc_call_test_get_rdwr_mem(struct prog_test_ref_kfunc *p, const int rdwr_buf_size) __ksym;

extern int *bpf_kfunc_call_test_get_rdonly_mem(struct prog_test_ref_kfunc *p, const int rdonly_buf_size) __ksym;

SEC("tc")

int kfunc_call_test2(struct __sk_buff *skb)

	return 0;

}

SEC("tc")

int kfunc_call_test_get_mem(struct __sk_buff *skb)

{

	struct prog_test_ref_kfunc *pt;

	unsigned long s = 0;

	int *p = NULL;

	int ret = 0;

	pt = bpf_kfunc_call_test_acquire(&s);

	if (pt) {

		p = bpf_kfunc_call_test_get_rdwr_mem(pt, 2 * sizeof(int));

		if (p) {

			p[0] = 42;

			ret = p[1]; /* 108 */

		} else {

			ret = -1;

		}

		if (ret >= 0) {

			p = bpf_kfunc_call_test_get_rdonly_mem(pt, 2 * sizeof(int));

			if (p)

				ret = p[0]; /* 42 */

			else

				ret = -1;

		}

		bpf_kfunc_call_test_release(pt);

	}

	return ret;

}

char _license[] SEC("license") = "GPL";