1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Testsuite for eBPF verifier
4  *
5  * Copyright (c) 2014 PLUMgrid, http://plumgrid.com
6  * Copyright (c) 2017 Facebook
7  * Copyright (c) 2018 Covalent IO, Inc. http://covalent.io
8  */
9 
10 #include <endian.h>
11 #include <asm/types.h>
12 #include <linux/types.h>
13 #include <stdint.h>
14 #include <stdio.h>
15 #include <stdlib.h>
16 #include <unistd.h>
17 #include <errno.h>
18 #include <string.h>
19 #include <stddef.h>
20 #include <stdbool.h>
21 #include <sched.h>
22 #include <limits.h>
23 #include <assert.h>
24 
25 #include <sys/capability.h>
26 
27 #include <linux/unistd.h>
28 #include <linux/filter.h>
29 #include <linux/bpf_perf_event.h>
30 #include <linux/bpf.h>
31 #include <linux/if_ether.h>
32 #include <linux/btf.h>
33 
34 #include <bpf/bpf.h>
35 #include <bpf/libbpf.h>
36 
37 #ifdef HAVE_GENHDR
38 # include "autoconf.h"
39 #else
40 # if defined(__i386) || defined(__x86_64) || defined(__s390x__) || defined(__aarch64__)
41 #  define CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS 1
42 # endif
43 #endif
44 #include "bpf_rlimit.h"
45 #include "bpf_rand.h"
46 #include "bpf_util.h"
47 #include "test_btf.h"
48 #include "../../../include/linux/filter.h"
49 
50 #define MAX_INSNS	BPF_MAXINSNS
51 #define MAX_TEST_INSNS	1000000
52 #define MAX_FIXUPS	8
53 #define MAX_NR_MAPS	20
54 #define MAX_TEST_RUNS	8
55 #define POINTER_VALUE	0xcafe4all
56 #define TEST_DATA_LEN	64
57 
58 #define F_NEEDS_EFFICIENT_UNALIGNED_ACCESS	(1 << 0)
59 #define F_LOAD_WITH_STRICT_ALIGNMENT		(1 << 1)
60 
61 #define UNPRIV_SYSCTL "kernel/unprivileged_bpf_disabled"
62 static bool unpriv_disabled = false;
63 static int skips;
64 static bool verbose = false;
65 
66 struct bpf_test {
67 	const char *descr;
68 	struct bpf_insn	insns[MAX_INSNS];
69 	struct bpf_insn	*fill_insns;
70 	int fixup_map_hash_8b[MAX_FIXUPS];
71 	int fixup_map_hash_48b[MAX_FIXUPS];
72 	int fixup_map_hash_16b[MAX_FIXUPS];
73 	int fixup_map_array_48b[MAX_FIXUPS];
74 	int fixup_map_sockmap[MAX_FIXUPS];
75 	int fixup_map_sockhash[MAX_FIXUPS];
76 	int fixup_map_xskmap[MAX_FIXUPS];
77 	int fixup_map_stacktrace[MAX_FIXUPS];
78 	int fixup_prog1[MAX_FIXUPS];
79 	int fixup_prog2[MAX_FIXUPS];
80 	int fixup_map_in_map[MAX_FIXUPS];
81 	int fixup_cgroup_storage[MAX_FIXUPS];
82 	int fixup_percpu_cgroup_storage[MAX_FIXUPS];
83 	int fixup_map_spin_lock[MAX_FIXUPS];
84 	int fixup_map_array_ro[MAX_FIXUPS];
85 	int fixup_map_array_wo[MAX_FIXUPS];
86 	int fixup_map_array_small[MAX_FIXUPS];
87 	int fixup_sk_storage_map[MAX_FIXUPS];
88 	int fixup_map_event_output[MAX_FIXUPS];
89 	int fixup_map_reuseport_array[MAX_FIXUPS];
90 	const char *errstr;
91 	const char *errstr_unpriv;
92 	uint32_t insn_processed;
93 	int prog_len;
94 	enum {
95 		UNDEF,
96 		ACCEPT,
97 		REJECT,
98 		VERBOSE_ACCEPT,
99 	} result, result_unpriv;
100 	enum bpf_prog_type prog_type;
101 	uint8_t flags;
102 	void (*fill_helper)(struct bpf_test *self);
103 	uint8_t runs;
104 #define bpf_testdata_struct_t					\
105 	struct {						\
106 		uint32_t retval, retval_unpriv;			\
107 		union {						\
108 			__u8 data[TEST_DATA_LEN];		\
109 			__u64 data64[TEST_DATA_LEN / 8];	\
110 		};						\
111 	}
112 	union {
113 		bpf_testdata_struct_t;
114 		bpf_testdata_struct_t retvals[MAX_TEST_RUNS];
115 	};
116 	enum bpf_attach_type expected_attach_type;
117 	const char *kfunc;
118 };
119 
120 /* Note we want this to be 64 bit aligned so that the end of our array is
121  * actually the end of the structure.
122  */
123 #define MAX_ENTRIES 11
124 
125 struct test_val {
126 	unsigned int index;
127 	int foo[MAX_ENTRIES];
128 };
129 
130 struct other_val {
131 	long long foo;
132 	long long bar;
133 };
134 
bpf_fill_ld_abs_vlan_push_pop(struct bpf_test * self)135 static void bpf_fill_ld_abs_vlan_push_pop(struct bpf_test *self)
136 {
137 	/* test: {skb->data[0], vlan_push} x 51 + {skb->data[0], vlan_pop} x 51 */
138 #define PUSH_CNT 51
139 	/* jump range is limited to 16 bit. PUSH_CNT of ld_abs needs room */
140 	unsigned int len = (1 << 15) - PUSH_CNT * 2 * 5 * 6;
141 	struct bpf_insn *insn = self->fill_insns;
142 	int i = 0, j, k = 0;
143 
144 	insn[i++] = BPF_MOV64_REG(BPF_REG_6, BPF_REG_1);
145 loop:
146 	for (j = 0; j < PUSH_CNT; j++) {
147 		insn[i++] = BPF_LD_ABS(BPF_B, 0);
148 		/* jump to error label */
149 		insn[i] = BPF_JMP32_IMM(BPF_JNE, BPF_REG_0, 0x34, len - i - 3);
150 		i++;
151 		insn[i++] = BPF_MOV64_REG(BPF_REG_1, BPF_REG_6);
152 		insn[i++] = BPF_MOV64_IMM(BPF_REG_2, 1);
153 		insn[i++] = BPF_MOV64_IMM(BPF_REG_3, 2);
154 		insn[i++] = BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
155 					 BPF_FUNC_skb_vlan_push),
156 		insn[i] = BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, len - i - 3);
157 		i++;
158 	}
159 
160 	for (j = 0; j < PUSH_CNT; j++) {
161 		insn[i++] = BPF_LD_ABS(BPF_B, 0);
162 		insn[i] = BPF_JMP32_IMM(BPF_JNE, BPF_REG_0, 0x34, len - i - 3);
163 		i++;
164 		insn[i++] = BPF_MOV64_REG(BPF_REG_1, BPF_REG_6);
165 		insn[i++] = BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
166 					 BPF_FUNC_skb_vlan_pop),
167 		insn[i] = BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, len - i - 3);
168 		i++;
169 	}
170 	if (++k < 5)
171 		goto loop;
172 
173 	for (; i < len - 3; i++)
174 		insn[i] = BPF_ALU64_IMM(BPF_MOV, BPF_REG_0, 0xbef);
175 	insn[len - 3] = BPF_JMP_A(1);
176 	/* error label */
177 	insn[len - 2] = BPF_MOV32_IMM(BPF_REG_0, 0);
178 	insn[len - 1] = BPF_EXIT_INSN();
179 	self->prog_len = len;
180 }
181 
bpf_fill_jump_around_ld_abs(struct bpf_test * self)182 static void bpf_fill_jump_around_ld_abs(struct bpf_test *self)
183 {
184 	struct bpf_insn *insn = self->fill_insns;
185 	/* jump range is limited to 16 bit. every ld_abs is replaced by 6 insns,
186 	 * but on arches like arm, ppc etc, there will be one BPF_ZEXT inserted
187 	 * to extend the error value of the inlined ld_abs sequence which then
188 	 * contains 7 insns. so, set the dividend to 7 so the testcase could
189 	 * work on all arches.
190 	 */
191 	unsigned int len = (1 << 15) / 7;
192 	int i = 0;
193 
194 	insn[i++] = BPF_MOV64_REG(BPF_REG_6, BPF_REG_1);
195 	insn[i++] = BPF_LD_ABS(BPF_B, 0);
196 	insn[i] = BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 10, len - i - 2);
197 	i++;
198 	while (i < len - 1)
199 		insn[i++] = BPF_LD_ABS(BPF_B, 1);
200 	insn[i] = BPF_EXIT_INSN();
201 	self->prog_len = i + 1;
202 }
203 
bpf_fill_rand_ld_dw(struct bpf_test * self)204 static void bpf_fill_rand_ld_dw(struct bpf_test *self)
205 {
206 	struct bpf_insn *insn = self->fill_insns;
207 	uint64_t res = 0;
208 	int i = 0;
209 
210 	insn[i++] = BPF_MOV32_IMM(BPF_REG_0, 0);
211 	while (i < self->retval) {
212 		uint64_t val = bpf_semi_rand_get();
213 		struct bpf_insn tmp[2] = { BPF_LD_IMM64(BPF_REG_1, val) };
214 
215 		res ^= val;
216 		insn[i++] = tmp[0];
217 		insn[i++] = tmp[1];
218 		insn[i++] = BPF_ALU64_REG(BPF_XOR, BPF_REG_0, BPF_REG_1);
219 	}
220 	insn[i++] = BPF_MOV64_REG(BPF_REG_1, BPF_REG_0);
221 	insn[i++] = BPF_ALU64_IMM(BPF_RSH, BPF_REG_1, 32);
222 	insn[i++] = BPF_ALU64_REG(BPF_XOR, BPF_REG_0, BPF_REG_1);
223 	insn[i] = BPF_EXIT_INSN();
224 	self->prog_len = i + 1;
225 	res ^= (res >> 32);
226 	self->retval = (uint32_t)res;
227 }
228 
229 #define MAX_JMP_SEQ 8192
230 
231 /* test the sequence of 8k jumps */
bpf_fill_scale1(struct bpf_test * self)232 static void bpf_fill_scale1(struct bpf_test *self)
233 {
234 	struct bpf_insn *insn = self->fill_insns;
235 	int i = 0, k = 0;
236 
237 	insn[i++] = BPF_MOV64_REG(BPF_REG_6, BPF_REG_1);
238 	/* test to check that the long sequence of jumps is acceptable */
239 	while (k++ < MAX_JMP_SEQ) {
240 		insn[i++] = BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
241 					 BPF_FUNC_get_prandom_u32);
242 		insn[i++] = BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, bpf_semi_rand_get(), 2);
243 		insn[i++] = BPF_MOV64_REG(BPF_REG_1, BPF_REG_10);
244 		insn[i++] = BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_6,
245 					-8 * (k % 64 + 1));
246 	}
247 	/* is_state_visited() doesn't allocate state for pruning for every jump.
248 	 * Hence multiply jmps by 4 to accommodate that heuristic
249 	 */
250 	while (i < MAX_TEST_INSNS - MAX_JMP_SEQ * 4)
251 		insn[i++] = BPF_ALU64_IMM(BPF_MOV, BPF_REG_0, 42);
252 	insn[i] = BPF_EXIT_INSN();
253 	self->prog_len = i + 1;
254 	self->retval = 42;
255 }
256 
257 /* test the sequence of 8k jumps in inner most function (function depth 8)*/
bpf_fill_scale2(struct bpf_test * self)258 static void bpf_fill_scale2(struct bpf_test *self)
259 {
260 	struct bpf_insn *insn = self->fill_insns;
261 	int i = 0, k = 0;
262 
263 #define FUNC_NEST 7
264 	for (k = 0; k < FUNC_NEST; k++) {
265 		insn[i++] = BPF_CALL_REL(1);
266 		insn[i++] = BPF_EXIT_INSN();
267 	}
268 	insn[i++] = BPF_MOV64_REG(BPF_REG_6, BPF_REG_1);
269 	/* test to check that the long sequence of jumps is acceptable */
270 	k = 0;
271 	while (k++ < MAX_JMP_SEQ) {
272 		insn[i++] = BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
273 					 BPF_FUNC_get_prandom_u32);
274 		insn[i++] = BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, bpf_semi_rand_get(), 2);
275 		insn[i++] = BPF_MOV64_REG(BPF_REG_1, BPF_REG_10);
276 		insn[i++] = BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_6,
277 					-8 * (k % (64 - 4 * FUNC_NEST) + 1));
278 	}
279 	while (i < MAX_TEST_INSNS - MAX_JMP_SEQ * 4)
280 		insn[i++] = BPF_ALU64_IMM(BPF_MOV, BPF_REG_0, 42);
281 	insn[i] = BPF_EXIT_INSN();
282 	self->prog_len = i + 1;
283 	self->retval = 42;
284 }
285 
bpf_fill_scale(struct bpf_test * self)286 static void bpf_fill_scale(struct bpf_test *self)
287 {
288 	switch (self->retval) {
289 	case 1:
290 		return bpf_fill_scale1(self);
291 	case 2:
292 		return bpf_fill_scale2(self);
293 	default:
294 		self->prog_len = 0;
295 		break;
296 	}
297 }
298 
299 /* BPF_SK_LOOKUP contains 13 instructions, if you need to fix up maps */
300 #define BPF_SK_LOOKUP(func)						\
301 	/* struct bpf_sock_tuple tuple = {} */				\
302 	BPF_MOV64_IMM(BPF_REG_2, 0),					\
303 	BPF_STX_MEM(BPF_W, BPF_REG_10, BPF_REG_2, -8),			\
304 	BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -16),		\
305 	BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -24),		\
306 	BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -32),		\
307 	BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -40),		\
308 	BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -48),		\
309 	/* sk = func(ctx, &tuple, sizeof tuple, 0, 0) */		\
310 	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),				\
311 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -48),				\
312 	BPF_MOV64_IMM(BPF_REG_3, sizeof(struct bpf_sock_tuple)),	\
313 	BPF_MOV64_IMM(BPF_REG_4, 0),					\
314 	BPF_MOV64_IMM(BPF_REG_5, 0),					\
315 	BPF_EMIT_CALL(BPF_FUNC_ ## func)
316 
317 /* BPF_DIRECT_PKT_R2 contains 7 instructions, it initializes default return
318  * value into 0 and does necessary preparation for direct packet access
319  * through r2. The allowed access range is 8 bytes.
320  */
321 #define BPF_DIRECT_PKT_R2						\
322 	BPF_MOV64_IMM(BPF_REG_0, 0),					\
323 	BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,			\
324 		    offsetof(struct __sk_buff, data)),			\
325 	BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,			\
326 		    offsetof(struct __sk_buff, data_end)),		\
327 	BPF_MOV64_REG(BPF_REG_4, BPF_REG_2),				\
328 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, 8),				\
329 	BPF_JMP_REG(BPF_JLE, BPF_REG_4, BPF_REG_3, 1),			\
330 	BPF_EXIT_INSN()
331 
332 /* BPF_RAND_UEXT_R7 contains 4 instructions, it initializes R7 into a random
333  * positive u32, and zero-extend it into 64-bit.
334  */
335 #define BPF_RAND_UEXT_R7						\
336 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,			\
337 		     BPF_FUNC_get_prandom_u32),				\
338 	BPF_MOV64_REG(BPF_REG_7, BPF_REG_0),				\
339 	BPF_ALU64_IMM(BPF_LSH, BPF_REG_7, 33),				\
340 	BPF_ALU64_IMM(BPF_RSH, BPF_REG_7, 33)
341 
342 /* BPF_RAND_SEXT_R7 contains 5 instructions, it initializes R7 into a random
343  * negative u32, and sign-extend it into 64-bit.
344  */
345 #define BPF_RAND_SEXT_R7						\
346 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,			\
347 		     BPF_FUNC_get_prandom_u32),				\
348 	BPF_MOV64_REG(BPF_REG_7, BPF_REG_0),				\
349 	BPF_ALU64_IMM(BPF_OR, BPF_REG_7, 0x80000000),			\
350 	BPF_ALU64_IMM(BPF_LSH, BPF_REG_7, 32),				\
351 	BPF_ALU64_IMM(BPF_ARSH, BPF_REG_7, 32)
352 
353 static struct bpf_test tests[] = {
354 #define FILL_ARRAY
355 #include <verifier/tests.h>
356 #undef FILL_ARRAY
357 };
358 
probe_filter_length(const struct bpf_insn * fp)359 static int probe_filter_length(const struct bpf_insn *fp)
360 {
361 	int len;
362 
363 	for (len = MAX_INSNS - 1; len > 0; --len)
364 		if (fp[len].code != 0 || fp[len].imm != 0)
365 			break;
366 	return len + 1;
367 }
368 
skip_unsupported_map(enum bpf_map_type map_type)369 static bool skip_unsupported_map(enum bpf_map_type map_type)
370 {
371 	if (!bpf_probe_map_type(map_type, 0)) {
372 		printf("SKIP (unsupported map type %d)\n", map_type);
373 		skips++;
374 		return true;
375 	}
376 	return false;
377 }
378 
__create_map(uint32_t type,uint32_t size_key,uint32_t size_value,uint32_t max_elem,uint32_t extra_flags)379 static int __create_map(uint32_t type, uint32_t size_key,
380 			uint32_t size_value, uint32_t max_elem,
381 			uint32_t extra_flags)
382 {
383 	int fd;
384 
385 	fd = bpf_create_map(type, size_key, size_value, max_elem,
386 			    (type == BPF_MAP_TYPE_HASH ?
387 			     BPF_F_NO_PREALLOC : 0) | extra_flags);
388 	if (fd < 0) {
389 		if (skip_unsupported_map(type))
390 			return -1;
391 		printf("Failed to create hash map '%s'!\n", strerror(errno));
392 	}
393 
394 	return fd;
395 }
396 
create_map(uint32_t type,uint32_t size_key,uint32_t size_value,uint32_t max_elem)397 static int create_map(uint32_t type, uint32_t size_key,
398 		      uint32_t size_value, uint32_t max_elem)
399 {
400 	return __create_map(type, size_key, size_value, max_elem, 0);
401 }
402 
update_map(int fd,int index)403 static void update_map(int fd, int index)
404 {
405 	struct test_val value = {
406 		.index = (6 + 1) * sizeof(int),
407 		.foo[6] = 0xabcdef12,
408 	};
409 
410 	assert(!bpf_map_update_elem(fd, &index, &value, 0));
411 }
412 
create_prog_dummy_simple(enum bpf_prog_type prog_type,int ret)413 static int create_prog_dummy_simple(enum bpf_prog_type prog_type, int ret)
414 {
415 	struct bpf_insn prog[] = {
416 		BPF_MOV64_IMM(BPF_REG_0, ret),
417 		BPF_EXIT_INSN(),
418 	};
419 
420 	return bpf_load_program(prog_type, prog,
421 				ARRAY_SIZE(prog), "GPL", 0, NULL, 0);
422 }
423 
create_prog_dummy_loop(enum bpf_prog_type prog_type,int mfd,int idx,int ret)424 static int create_prog_dummy_loop(enum bpf_prog_type prog_type, int mfd,
425 				  int idx, int ret)
426 {
427 	struct bpf_insn prog[] = {
428 		BPF_MOV64_IMM(BPF_REG_3, idx),
429 		BPF_LD_MAP_FD(BPF_REG_2, mfd),
430 		BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
431 			     BPF_FUNC_tail_call),
432 		BPF_MOV64_IMM(BPF_REG_0, ret),
433 		BPF_EXIT_INSN(),
434 	};
435 
436 	return bpf_load_program(prog_type, prog,
437 				ARRAY_SIZE(prog), "GPL", 0, NULL, 0);
438 }
439 
create_prog_array(enum bpf_prog_type prog_type,uint32_t max_elem,int p1key,int p2key,int p3key)440 static int create_prog_array(enum bpf_prog_type prog_type, uint32_t max_elem,
441 			     int p1key, int p2key, int p3key)
442 {
443 	int mfd, p1fd, p2fd, p3fd;
444 
445 	mfd = bpf_create_map(BPF_MAP_TYPE_PROG_ARRAY, sizeof(int),
446 			     sizeof(int), max_elem, 0);
447 	if (mfd < 0) {
448 		if (skip_unsupported_map(BPF_MAP_TYPE_PROG_ARRAY))
449 			return -1;
450 		printf("Failed to create prog array '%s'!\n", strerror(errno));
451 		return -1;
452 	}
453 
454 	p1fd = create_prog_dummy_simple(prog_type, 42);
455 	p2fd = create_prog_dummy_loop(prog_type, mfd, p2key, 41);
456 	p3fd = create_prog_dummy_simple(prog_type, 24);
457 	if (p1fd < 0 || p2fd < 0 || p3fd < 0)
458 		goto err;
459 	if (bpf_map_update_elem(mfd, &p1key, &p1fd, BPF_ANY) < 0)
460 		goto err;
461 	if (bpf_map_update_elem(mfd, &p2key, &p2fd, BPF_ANY) < 0)
462 		goto err;
463 	if (bpf_map_update_elem(mfd, &p3key, &p3fd, BPF_ANY) < 0) {
464 err:
465 		close(mfd);
466 		mfd = -1;
467 	}
468 	close(p3fd);
469 	close(p2fd);
470 	close(p1fd);
471 	return mfd;
472 }
473 
create_map_in_map(void)474 static int create_map_in_map(void)
475 {
476 	int inner_map_fd, outer_map_fd;
477 
478 	inner_map_fd = bpf_create_map(BPF_MAP_TYPE_ARRAY, sizeof(int),
479 				      sizeof(int), 1, 0);
480 	if (inner_map_fd < 0) {
481 		if (skip_unsupported_map(BPF_MAP_TYPE_ARRAY))
482 			return -1;
483 		printf("Failed to create array '%s'!\n", strerror(errno));
484 		return inner_map_fd;
485 	}
486 
487 	outer_map_fd = bpf_create_map_in_map(BPF_MAP_TYPE_ARRAY_OF_MAPS, NULL,
488 					     sizeof(int), inner_map_fd, 1, 0);
489 	if (outer_map_fd < 0) {
490 		if (skip_unsupported_map(BPF_MAP_TYPE_ARRAY_OF_MAPS))
491 			return -1;
492 		printf("Failed to create array of maps '%s'!\n",
493 		       strerror(errno));
494 	}
495 
496 	close(inner_map_fd);
497 
498 	return outer_map_fd;
499 }
500 
create_cgroup_storage(bool percpu)501 static int create_cgroup_storage(bool percpu)
502 {
503 	enum bpf_map_type type = percpu ? BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE :
504 		BPF_MAP_TYPE_CGROUP_STORAGE;
505 	int fd;
506 
507 	fd = bpf_create_map(type, sizeof(struct bpf_cgroup_storage_key),
508 			    TEST_DATA_LEN, 0, 0);
509 	if (fd < 0) {
510 		if (skip_unsupported_map(type))
511 			return -1;
512 		printf("Failed to create cgroup storage '%s'!\n",
513 		       strerror(errno));
514 	}
515 
516 	return fd;
517 }
518 
519 /* struct bpf_spin_lock {
520  *   int val;
521  * };
522  * struct val {
523  *   int cnt;
524  *   struct bpf_spin_lock l;
525  * };
526  */
527 static const char btf_str_sec[] = "\0bpf_spin_lock\0val\0cnt\0l";
528 static __u32 btf_raw_types[] = {
529 	/* int */
530 	BTF_TYPE_INT_ENC(0, BTF_INT_SIGNED, 0, 32, 4),  /* [1] */
531 	/* struct bpf_spin_lock */                      /* [2] */
532 	BTF_TYPE_ENC(1, BTF_INFO_ENC(BTF_KIND_STRUCT, 0, 1), 4),
533 	BTF_MEMBER_ENC(15, 1, 0), /* int val; */
534 	/* struct val */                                /* [3] */
535 	BTF_TYPE_ENC(15, BTF_INFO_ENC(BTF_KIND_STRUCT, 0, 2), 8),
536 	BTF_MEMBER_ENC(19, 1, 0), /* int cnt; */
537 	BTF_MEMBER_ENC(23, 2, 32),/* struct bpf_spin_lock l; */
538 };
539 
load_btf(void)540 static int load_btf(void)
541 {
542 	struct btf_header hdr = {
543 		.magic = BTF_MAGIC,
544 		.version = BTF_VERSION,
545 		.hdr_len = sizeof(struct btf_header),
546 		.type_len = sizeof(btf_raw_types),
547 		.str_off = sizeof(btf_raw_types),
548 		.str_len = sizeof(btf_str_sec),
549 	};
550 	void *ptr, *raw_btf;
551 	int btf_fd;
552 
553 	ptr = raw_btf = malloc(sizeof(hdr) + sizeof(btf_raw_types) +
554 			       sizeof(btf_str_sec));
555 
556 	memcpy(ptr, &hdr, sizeof(hdr));
557 	ptr += sizeof(hdr);
558 	memcpy(ptr, btf_raw_types, hdr.type_len);
559 	ptr += hdr.type_len;
560 	memcpy(ptr, btf_str_sec, hdr.str_len);
561 	ptr += hdr.str_len;
562 
563 	btf_fd = bpf_load_btf(raw_btf, ptr - raw_btf, 0, 0, 0);
564 	free(raw_btf);
565 	if (btf_fd < 0)
566 		return -1;
567 	return btf_fd;
568 }
569 
create_map_spin_lock(void)570 static int create_map_spin_lock(void)
571 {
572 	struct bpf_create_map_attr attr = {
573 		.name = "test_map",
574 		.map_type = BPF_MAP_TYPE_ARRAY,
575 		.key_size = 4,
576 		.value_size = 8,
577 		.max_entries = 1,
578 		.btf_key_type_id = 1,
579 		.btf_value_type_id = 3,
580 	};
581 	int fd, btf_fd;
582 
583 	btf_fd = load_btf();
584 	if (btf_fd < 0)
585 		return -1;
586 	attr.btf_fd = btf_fd;
587 	fd = bpf_create_map_xattr(&attr);
588 	if (fd < 0)
589 		printf("Failed to create map with spin_lock\n");
590 	return fd;
591 }
592 
create_sk_storage_map(void)593 static int create_sk_storage_map(void)
594 {
595 	struct bpf_create_map_attr attr = {
596 		.name = "test_map",
597 		.map_type = BPF_MAP_TYPE_SK_STORAGE,
598 		.key_size = 4,
599 		.value_size = 8,
600 		.max_entries = 0,
601 		.map_flags = BPF_F_NO_PREALLOC,
602 		.btf_key_type_id = 1,
603 		.btf_value_type_id = 3,
604 	};
605 	int fd, btf_fd;
606 
607 	btf_fd = load_btf();
608 	if (btf_fd < 0)
609 		return -1;
610 	attr.btf_fd = btf_fd;
611 	fd = bpf_create_map_xattr(&attr);
612 	close(attr.btf_fd);
613 	if (fd < 0)
614 		printf("Failed to create sk_storage_map\n");
615 	return fd;
616 }
617 
618 static char bpf_vlog[UINT_MAX >> 8];
619 
do_test_fixup(struct bpf_test * test,enum bpf_prog_type prog_type,struct bpf_insn * prog,int * map_fds)620 static void do_test_fixup(struct bpf_test *test, enum bpf_prog_type prog_type,
621 			  struct bpf_insn *prog, int *map_fds)
622 {
623 	int *fixup_map_hash_8b = test->fixup_map_hash_8b;
624 	int *fixup_map_hash_48b = test->fixup_map_hash_48b;
625 	int *fixup_map_hash_16b = test->fixup_map_hash_16b;
626 	int *fixup_map_array_48b = test->fixup_map_array_48b;
627 	int *fixup_map_sockmap = test->fixup_map_sockmap;
628 	int *fixup_map_sockhash = test->fixup_map_sockhash;
629 	int *fixup_map_xskmap = test->fixup_map_xskmap;
630 	int *fixup_map_stacktrace = test->fixup_map_stacktrace;
631 	int *fixup_prog1 = test->fixup_prog1;
632 	int *fixup_prog2 = test->fixup_prog2;
633 	int *fixup_map_in_map = test->fixup_map_in_map;
634 	int *fixup_cgroup_storage = test->fixup_cgroup_storage;
635 	int *fixup_percpu_cgroup_storage = test->fixup_percpu_cgroup_storage;
636 	int *fixup_map_spin_lock = test->fixup_map_spin_lock;
637 	int *fixup_map_array_ro = test->fixup_map_array_ro;
638 	int *fixup_map_array_wo = test->fixup_map_array_wo;
639 	int *fixup_map_array_small = test->fixup_map_array_small;
640 	int *fixup_sk_storage_map = test->fixup_sk_storage_map;
641 	int *fixup_map_event_output = test->fixup_map_event_output;
642 	int *fixup_map_reuseport_array = test->fixup_map_reuseport_array;
643 
644 	if (test->fill_helper) {
645 		test->fill_insns = calloc(MAX_TEST_INSNS, sizeof(struct bpf_insn));
646 		test->fill_helper(test);
647 	}
648 
649 	/* Allocating HTs with 1 elem is fine here, since we only test
650 	 * for verifier and not do a runtime lookup, so the only thing
651 	 * that really matters is value size in this case.
652 	 */
653 	if (*fixup_map_hash_8b) {
654 		map_fds[0] = create_map(BPF_MAP_TYPE_HASH, sizeof(long long),
655 					sizeof(long long), 1);
656 		do {
657 			prog[*fixup_map_hash_8b].imm = map_fds[0];
658 			fixup_map_hash_8b++;
659 		} while (*fixup_map_hash_8b);
660 	}
661 
662 	if (*fixup_map_hash_48b) {
663 		map_fds[1] = create_map(BPF_MAP_TYPE_HASH, sizeof(long long),
664 					sizeof(struct test_val), 1);
665 		do {
666 			prog[*fixup_map_hash_48b].imm = map_fds[1];
667 			fixup_map_hash_48b++;
668 		} while (*fixup_map_hash_48b);
669 	}
670 
671 	if (*fixup_map_hash_16b) {
672 		map_fds[2] = create_map(BPF_MAP_TYPE_HASH, sizeof(long long),
673 					sizeof(struct other_val), 1);
674 		do {
675 			prog[*fixup_map_hash_16b].imm = map_fds[2];
676 			fixup_map_hash_16b++;
677 		} while (*fixup_map_hash_16b);
678 	}
679 
680 	if (*fixup_map_array_48b) {
681 		map_fds[3] = create_map(BPF_MAP_TYPE_ARRAY, sizeof(int),
682 					sizeof(struct test_val), 1);
683 		update_map(map_fds[3], 0);
684 		do {
685 			prog[*fixup_map_array_48b].imm = map_fds[3];
686 			fixup_map_array_48b++;
687 		} while (*fixup_map_array_48b);
688 	}
689 
690 	if (*fixup_prog1) {
691 		map_fds[4] = create_prog_array(prog_type, 4, 0, 1, 2);
692 		do {
693 			prog[*fixup_prog1].imm = map_fds[4];
694 			fixup_prog1++;
695 		} while (*fixup_prog1);
696 	}
697 
698 	if (*fixup_prog2) {
699 		map_fds[5] = create_prog_array(prog_type, 8, 7, 1, 2);
700 		do {
701 			prog[*fixup_prog2].imm = map_fds[5];
702 			fixup_prog2++;
703 		} while (*fixup_prog2);
704 	}
705 
706 	if (*fixup_map_in_map) {
707 		map_fds[6] = create_map_in_map();
708 		do {
709 			prog[*fixup_map_in_map].imm = map_fds[6];
710 			fixup_map_in_map++;
711 		} while (*fixup_map_in_map);
712 	}
713 
714 	if (*fixup_cgroup_storage) {
715 		map_fds[7] = create_cgroup_storage(false);
716 		do {
717 			prog[*fixup_cgroup_storage].imm = map_fds[7];
718 			fixup_cgroup_storage++;
719 		} while (*fixup_cgroup_storage);
720 	}
721 
722 	if (*fixup_percpu_cgroup_storage) {
723 		map_fds[8] = create_cgroup_storage(true);
724 		do {
725 			prog[*fixup_percpu_cgroup_storage].imm = map_fds[8];
726 			fixup_percpu_cgroup_storage++;
727 		} while (*fixup_percpu_cgroup_storage);
728 	}
729 	if (*fixup_map_sockmap) {
730 		map_fds[9] = create_map(BPF_MAP_TYPE_SOCKMAP, sizeof(int),
731 					sizeof(int), 1);
732 		do {
733 			prog[*fixup_map_sockmap].imm = map_fds[9];
734 			fixup_map_sockmap++;
735 		} while (*fixup_map_sockmap);
736 	}
737 	if (*fixup_map_sockhash) {
738 		map_fds[10] = create_map(BPF_MAP_TYPE_SOCKHASH, sizeof(int),
739 					sizeof(int), 1);
740 		do {
741 			prog[*fixup_map_sockhash].imm = map_fds[10];
742 			fixup_map_sockhash++;
743 		} while (*fixup_map_sockhash);
744 	}
745 	if (*fixup_map_xskmap) {
746 		map_fds[11] = create_map(BPF_MAP_TYPE_XSKMAP, sizeof(int),
747 					sizeof(int), 1);
748 		do {
749 			prog[*fixup_map_xskmap].imm = map_fds[11];
750 			fixup_map_xskmap++;
751 		} while (*fixup_map_xskmap);
752 	}
753 	if (*fixup_map_stacktrace) {
754 		map_fds[12] = create_map(BPF_MAP_TYPE_STACK_TRACE, sizeof(u32),
755 					 sizeof(u64), 1);
756 		do {
757 			prog[*fixup_map_stacktrace].imm = map_fds[12];
758 			fixup_map_stacktrace++;
759 		} while (*fixup_map_stacktrace);
760 	}
761 	if (*fixup_map_spin_lock) {
762 		map_fds[13] = create_map_spin_lock();
763 		do {
764 			prog[*fixup_map_spin_lock].imm = map_fds[13];
765 			fixup_map_spin_lock++;
766 		} while (*fixup_map_spin_lock);
767 	}
768 	if (*fixup_map_array_ro) {
769 		map_fds[14] = __create_map(BPF_MAP_TYPE_ARRAY, sizeof(int),
770 					   sizeof(struct test_val), 1,
771 					   BPF_F_RDONLY_PROG);
772 		update_map(map_fds[14], 0);
773 		do {
774 			prog[*fixup_map_array_ro].imm = map_fds[14];
775 			fixup_map_array_ro++;
776 		} while (*fixup_map_array_ro);
777 	}
778 	if (*fixup_map_array_wo) {
779 		map_fds[15] = __create_map(BPF_MAP_TYPE_ARRAY, sizeof(int),
780 					   sizeof(struct test_val), 1,
781 					   BPF_F_WRONLY_PROG);
782 		update_map(map_fds[15], 0);
783 		do {
784 			prog[*fixup_map_array_wo].imm = map_fds[15];
785 			fixup_map_array_wo++;
786 		} while (*fixup_map_array_wo);
787 	}
788 	if (*fixup_map_array_small) {
789 		map_fds[16] = __create_map(BPF_MAP_TYPE_ARRAY, sizeof(int),
790 					   1, 1, 0);
791 		update_map(map_fds[16], 0);
792 		do {
793 			prog[*fixup_map_array_small].imm = map_fds[16];
794 			fixup_map_array_small++;
795 		} while (*fixup_map_array_small);
796 	}
797 	if (*fixup_sk_storage_map) {
798 		map_fds[17] = create_sk_storage_map();
799 		do {
800 			prog[*fixup_sk_storage_map].imm = map_fds[17];
801 			fixup_sk_storage_map++;
802 		} while (*fixup_sk_storage_map);
803 	}
804 	if (*fixup_map_event_output) {
805 		map_fds[18] = __create_map(BPF_MAP_TYPE_PERF_EVENT_ARRAY,
806 					   sizeof(int), sizeof(int), 1, 0);
807 		do {
808 			prog[*fixup_map_event_output].imm = map_fds[18];
809 			fixup_map_event_output++;
810 		} while (*fixup_map_event_output);
811 	}
812 	if (*fixup_map_reuseport_array) {
813 		map_fds[19] = __create_map(BPF_MAP_TYPE_REUSEPORT_SOCKARRAY,
814 					   sizeof(u32), sizeof(u64), 1, 0);
815 		do {
816 			prog[*fixup_map_reuseport_array].imm = map_fds[19];
817 			fixup_map_reuseport_array++;
818 		} while (*fixup_map_reuseport_array);
819 	}
820 }
821 
822 struct libcap {
823 	struct __user_cap_header_struct hdr;
824 	struct __user_cap_data_struct data[2];
825 };
826 
set_admin(bool admin)827 static int set_admin(bool admin)
828 {
829 	cap_t caps;
830 	/* need CAP_BPF, CAP_NET_ADMIN, CAP_PERFMON to load progs */
831 	const cap_value_t cap_net_admin = CAP_NET_ADMIN;
832 	const cap_value_t cap_sys_admin = CAP_SYS_ADMIN;
833 	struct libcap *cap;
834 	int ret = -1;
835 
836 	caps = cap_get_proc();
837 	if (!caps) {
838 		perror("cap_get_proc");
839 		return -1;
840 	}
841 	cap = (struct libcap *)caps;
842 	if (cap_set_flag(caps, CAP_EFFECTIVE, 1, &cap_sys_admin, CAP_CLEAR)) {
843 		perror("cap_set_flag clear admin");
844 		goto out;
845 	}
846 	if (cap_set_flag(caps, CAP_EFFECTIVE, 1, &cap_net_admin,
847 				admin ? CAP_SET : CAP_CLEAR)) {
848 		perror("cap_set_flag set_or_clear net");
849 		goto out;
850 	}
851 	/* libcap is likely old and simply ignores CAP_BPF and CAP_PERFMON,
852 	 * so update effective bits manually
853 	 */
854 	if (admin) {
855 		cap->data[1].effective |= 1 << (38 /* CAP_PERFMON */ - 32);
856 		cap->data[1].effective |= 1 << (39 /* CAP_BPF */ - 32);
857 	} else {
858 		cap->data[1].effective &= ~(1 << (38 - 32));
859 		cap->data[1].effective &= ~(1 << (39 - 32));
860 	}
861 	if (cap_set_proc(caps)) {
862 		perror("cap_set_proc");
863 		goto out;
864 	}
865 	ret = 0;
866 out:
867 	if (cap_free(caps))
868 		perror("cap_free");
869 	return ret;
870 }
871 
do_prog_test_run(int fd_prog,bool unpriv,uint32_t expected_val,void * data,size_t size_data)872 static int do_prog_test_run(int fd_prog, bool unpriv, uint32_t expected_val,
873 			    void *data, size_t size_data)
874 {
875 	__u8 tmp[TEST_DATA_LEN << 2];
876 	__u32 size_tmp = sizeof(tmp);
877 	uint32_t retval;
878 	int err;
879 
880 	if (unpriv)
881 		set_admin(true);
882 	err = bpf_prog_test_run(fd_prog, 1, data, size_data,
883 				tmp, &size_tmp, &retval, NULL);
884 	if (unpriv)
885 		set_admin(false);
886 	if (err && errno != 524/*ENOTSUPP*/ && errno != EPERM) {
887 		printf("Unexpected bpf_prog_test_run error ");
888 		return err;
889 	}
890 	if (!err && retval != expected_val &&
891 	    expected_val != POINTER_VALUE) {
892 		printf("FAIL retval %d != %d ", retval, expected_val);
893 		return 1;
894 	}
895 
896 	return 0;
897 }
898 
cmp_str_seq(const char * log,const char * exp)899 static bool cmp_str_seq(const char *log, const char *exp)
900 {
901 	char needle[80];
902 	const char *p, *q;
903 	int len;
904 
905 	do {
906 		p = strchr(exp, '\t');
907 		if (!p)
908 			p = exp + strlen(exp);
909 
910 		len = p - exp;
911 		if (len >= sizeof(needle) || !len) {
912 			printf("FAIL\nTestcase bug\n");
913 			return false;
914 		}
915 		strncpy(needle, exp, len);
916 		needle[len] = 0;
917 		q = strstr(log, needle);
918 		if (!q) {
919 			printf("FAIL\nUnexpected verifier log in successful load!\n"
920 			       "EXP: %s\nRES:\n", needle);
921 			return false;
922 		}
923 		log = q + len;
924 		exp = p + 1;
925 	} while (*p);
926 	return true;
927 }
928 
do_test_single(struct bpf_test * test,bool unpriv,int * passes,int * errors)929 static void do_test_single(struct bpf_test *test, bool unpriv,
930 			   int *passes, int *errors)
931 {
932 	int fd_prog, expected_ret, alignment_prevented_execution;
933 	int prog_len, prog_type = test->prog_type;
934 	struct bpf_insn *prog = test->insns;
935 	struct bpf_load_program_attr attr;
936 	int run_errs, run_successes;
937 	int map_fds[MAX_NR_MAPS];
938 	const char *expected_err;
939 	int fixup_skips;
940 	__u32 pflags;
941 	int i, err;
942 
943 	for (i = 0; i < MAX_NR_MAPS; i++)
944 		map_fds[i] = -1;
945 
946 	if (!prog_type)
947 		prog_type = BPF_PROG_TYPE_SOCKET_FILTER;
948 	fixup_skips = skips;
949 	do_test_fixup(test, prog_type, prog, map_fds);
950 	if (test->fill_insns) {
951 		prog = test->fill_insns;
952 		prog_len = test->prog_len;
953 	} else {
954 		prog_len = probe_filter_length(prog);
955 	}
956 	/* If there were some map skips during fixup due to missing bpf
957 	 * features, skip this test.
958 	 */
959 	if (fixup_skips != skips)
960 		return;
961 
962 	pflags = BPF_F_TEST_RND_HI32;
963 	if (test->flags & F_LOAD_WITH_STRICT_ALIGNMENT)
964 		pflags |= BPF_F_STRICT_ALIGNMENT;
965 	if (test->flags & F_NEEDS_EFFICIENT_UNALIGNED_ACCESS)
966 		pflags |= BPF_F_ANY_ALIGNMENT;
967 	if (test->flags & ~3)
968 		pflags |= test->flags;
969 
970 	expected_ret = unpriv && test->result_unpriv != UNDEF ?
971 		       test->result_unpriv : test->result;
972 	expected_err = unpriv && test->errstr_unpriv ?
973 		       test->errstr_unpriv : test->errstr;
974 	memset(&attr, 0, sizeof(attr));
975 	attr.prog_type = prog_type;
976 	attr.expected_attach_type = test->expected_attach_type;
977 	attr.insns = prog;
978 	attr.insns_cnt = prog_len;
979 	attr.license = "GPL";
980 	if (verbose)
981 		attr.log_level = 1;
982 	else if (expected_ret == VERBOSE_ACCEPT)
983 		attr.log_level = 2;
984 	else
985 		attr.log_level = 4;
986 	attr.prog_flags = pflags;
987 
988 	if (prog_type == BPF_PROG_TYPE_TRACING && test->kfunc) {
989 		attr.attach_btf_id = libbpf_find_vmlinux_btf_id(test->kfunc,
990 						attr.expected_attach_type);
991 		if (attr.attach_btf_id < 0) {
992 			printf("FAIL\nFailed to find BTF ID for '%s'!\n",
993 				test->kfunc);
994 			(*errors)++;
995 			return;
996 		}
997 	}
998 
999 	fd_prog = bpf_load_program_xattr(&attr, bpf_vlog, sizeof(bpf_vlog));
1000 
1001 	/* BPF_PROG_TYPE_TRACING requires more setup and
1002 	 * bpf_probe_prog_type won't give correct answer
1003 	 */
1004 	if (fd_prog < 0 && prog_type != BPF_PROG_TYPE_TRACING &&
1005 	    !bpf_probe_prog_type(prog_type, 0)) {
1006 		printf("SKIP (unsupported program type %d)\n", prog_type);
1007 		skips++;
1008 		goto close_fds;
1009 	}
1010 
1011 	alignment_prevented_execution = 0;
1012 
1013 	if (expected_ret == ACCEPT || expected_ret == VERBOSE_ACCEPT) {
1014 		if (fd_prog < 0) {
1015 			printf("FAIL\nFailed to load prog '%s'!\n",
1016 			       strerror(errno));
1017 			goto fail_log;
1018 		}
1019 #ifndef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
1020 		if (fd_prog >= 0 &&
1021 		    (test->flags & F_NEEDS_EFFICIENT_UNALIGNED_ACCESS))
1022 			alignment_prevented_execution = 1;
1023 #endif
1024 		if (expected_ret == VERBOSE_ACCEPT && !cmp_str_seq(bpf_vlog, expected_err)) {
1025 			goto fail_log;
1026 		}
1027 	} else {
1028 		if (fd_prog >= 0) {
1029 			printf("FAIL\nUnexpected success to load!\n");
1030 			goto fail_log;
1031 		}
1032 		if (!expected_err || !strstr(bpf_vlog, expected_err)) {
1033 			printf("FAIL\nUnexpected error message!\n\tEXP: %s\n\tRES: %s\n",
1034 			      expected_err, bpf_vlog);
1035 			goto fail_log;
1036 		}
1037 	}
1038 
1039 	if (test->insn_processed) {
1040 		uint32_t insn_processed;
1041 		char *proc;
1042 
1043 		proc = strstr(bpf_vlog, "processed ");
1044 		insn_processed = atoi(proc + 10);
1045 		if (test->insn_processed != insn_processed) {
1046 			printf("FAIL\nUnexpected insn_processed %u vs %u\n",
1047 			       insn_processed, test->insn_processed);
1048 			goto fail_log;
1049 		}
1050 	}
1051 
1052 	if (verbose)
1053 		printf(", verifier log:\n%s", bpf_vlog);
1054 
1055 	run_errs = 0;
1056 	run_successes = 0;
1057 	if (!alignment_prevented_execution && fd_prog >= 0) {
1058 		uint32_t expected_val;
1059 		int i;
1060 
1061 		if (!test->runs)
1062 			test->runs = 1;
1063 
1064 		for (i = 0; i < test->runs; i++) {
1065 			if (unpriv && test->retvals[i].retval_unpriv)
1066 				expected_val = test->retvals[i].retval_unpriv;
1067 			else
1068 				expected_val = test->retvals[i].retval;
1069 
1070 			err = do_prog_test_run(fd_prog, unpriv, expected_val,
1071 					       test->retvals[i].data,
1072 					       sizeof(test->retvals[i].data));
1073 			if (err) {
1074 				printf("(run %d/%d) ", i + 1, test->runs);
1075 				run_errs++;
1076 			} else {
1077 				run_successes++;
1078 			}
1079 		}
1080 	}
1081 
1082 	if (!run_errs) {
1083 		(*passes)++;
1084 		if (run_successes > 1)
1085 			printf("%d cases ", run_successes);
1086 		printf("OK");
1087 		if (alignment_prevented_execution)
1088 			printf(" (NOTE: not executed due to unknown alignment)");
1089 		printf("\n");
1090 	} else {
1091 		printf("\n");
1092 		goto fail_log;
1093 	}
1094 close_fds:
1095 	if (test->fill_insns)
1096 		free(test->fill_insns);
1097 	close(fd_prog);
1098 	for (i = 0; i < MAX_NR_MAPS; i++)
1099 		close(map_fds[i]);
1100 	sched_yield();
1101 	return;
1102 fail_log:
1103 	(*errors)++;
1104 	printf("%s", bpf_vlog);
1105 	goto close_fds;
1106 }
1107 
is_admin(void)1108 static bool is_admin(void)
1109 {
1110 	cap_flag_value_t net_priv = CAP_CLEAR;
1111 	bool perfmon_priv = false;
1112 	bool bpf_priv = false;
1113 	struct libcap *cap;
1114 	cap_t caps;
1115 
1116 #ifdef CAP_IS_SUPPORTED
1117 	if (!CAP_IS_SUPPORTED(CAP_SETFCAP)) {
1118 		perror("cap_get_flag");
1119 		return false;
1120 	}
1121 #endif
1122 	caps = cap_get_proc();
1123 	if (!caps) {
1124 		perror("cap_get_proc");
1125 		return false;
1126 	}
1127 	cap = (struct libcap *)caps;
1128 	bpf_priv = cap->data[1].effective & (1 << (39/* CAP_BPF */ - 32));
1129 	perfmon_priv = cap->data[1].effective & (1 << (38/* CAP_PERFMON */ - 32));
1130 	if (cap_get_flag(caps, CAP_NET_ADMIN, CAP_EFFECTIVE, &net_priv))
1131 		perror("cap_get_flag NET");
1132 	if (cap_free(caps))
1133 		perror("cap_free");
1134 	return bpf_priv && perfmon_priv && net_priv == CAP_SET;
1135 }
1136 
get_unpriv_disabled()1137 static void get_unpriv_disabled()
1138 {
1139 	char buf[2];
1140 	FILE *fd;
1141 
1142 	fd = fopen("/proc/sys/"UNPRIV_SYSCTL, "r");
1143 	if (!fd) {
1144 		perror("fopen /proc/sys/"UNPRIV_SYSCTL);
1145 		unpriv_disabled = true;
1146 		return;
1147 	}
1148 	if (fgets(buf, 2, fd) == buf && atoi(buf))
1149 		unpriv_disabled = true;
1150 	fclose(fd);
1151 }
1152 
test_as_unpriv(struct bpf_test * test)1153 static bool test_as_unpriv(struct bpf_test *test)
1154 {
1155 	return !test->prog_type ||
1156 	       test->prog_type == BPF_PROG_TYPE_SOCKET_FILTER ||
1157 	       test->prog_type == BPF_PROG_TYPE_CGROUP_SKB;
1158 }
1159 
do_test(bool unpriv,unsigned int from,unsigned int to)1160 static int do_test(bool unpriv, unsigned int from, unsigned int to)
1161 {
1162 	int i, passes = 0, errors = 0;
1163 
1164 	for (i = from; i < to; i++) {
1165 		struct bpf_test *test = &tests[i];
1166 
1167 		/* Program types that are not supported by non-root we
1168 		 * skip right away.
1169 		 */
1170 		if (test_as_unpriv(test) && unpriv_disabled) {
1171 			printf("#%d/u %s SKIP\n", i, test->descr);
1172 			skips++;
1173 		} else if (test_as_unpriv(test)) {
1174 			if (!unpriv)
1175 				set_admin(false);
1176 			printf("#%d/u %s ", i, test->descr);
1177 			do_test_single(test, true, &passes, &errors);
1178 			if (!unpriv)
1179 				set_admin(true);
1180 		}
1181 
1182 		if (unpriv) {
1183 			printf("#%d/p %s SKIP\n", i, test->descr);
1184 			skips++;
1185 		} else {
1186 			printf("#%d/p %s ", i, test->descr);
1187 			do_test_single(test, false, &passes, &errors);
1188 		}
1189 	}
1190 
1191 	printf("Summary: %d PASSED, %d SKIPPED, %d FAILED\n", passes,
1192 	       skips, errors);
1193 	return errors ? EXIT_FAILURE : EXIT_SUCCESS;
1194 }
1195 
main(int argc,char ** argv)1196 int main(int argc, char **argv)
1197 {
1198 	unsigned int from = 0, to = ARRAY_SIZE(tests);
1199 	bool unpriv = !is_admin();
1200 	int arg = 1;
1201 
1202 	if (argc > 1 && strcmp(argv[1], "-v") == 0) {
1203 		arg++;
1204 		verbose = true;
1205 		argc--;
1206 	}
1207 
1208 	if (argc == 3) {
1209 		unsigned int l = atoi(argv[arg]);
1210 		unsigned int u = atoi(argv[arg + 1]);
1211 
1212 		if (l < to && u < to) {
1213 			from = l;
1214 			to   = u + 1;
1215 		}
1216 	} else if (argc == 2) {
1217 		unsigned int t = atoi(argv[arg]);
1218 
1219 		if (t < to) {
1220 			from = t;
1221 			to   = t + 1;
1222 		}
1223 	}
1224 
1225 	get_unpriv_disabled();
1226 	if (unpriv && unpriv_disabled) {
1227 		printf("Cannot run as unprivileged user with sysctl %s.\n",
1228 		       UNPRIV_SYSCTL);
1229 		return EXIT_FAILURE;
1230 	}
1231 
1232 	bpf_semi_rand_init();
1233 	return do_test(unpriv, from, to);
1234 }
1235