tools/testing/selftests/bpf/progs/test_sk_lookup_kern.c

   1 /* SPDX-License-Identifier: GPL-2.0 */
   2 // Copyright (c) 2018 Covalent IO, Inc. http://covalent.io
   3
   4 #include <stddef.h>
   5 #include <stdbool.h>
   6 #include <string.h>
   7 #include <linux/bpf.h>
   8 #include <linux/if_ether.h>
   9 #include <linux/in.h>
  10 #include <linux/ip.h>
  11 #include <linux/ipv6.h>
  12 #include <linux/pkt_cls.h>
  13 #include <linux/tcp.h>
  14 #include <sys/socket.h>
  15 #include "bpf_helpers.h"
  16 #include "bpf_endian.h"
  17
  18 int _version SEC("version") = 1;
  19 char _license[] SEC("license") = "GPL";
  20
  21 /* Fill 'tuple' with L3 info, and attempt to find L4. On fail, return NULL. */
  22 static struct bpf_sock_tuple *get_tuple(void *data, __u64 nh_off,
  23                                         void *data_end, __u16 eth_proto,
  24                                         bool *ipv4)
  25 {
  26         struct bpf_sock_tuple *result;
  27         __u8 proto = 0;
  28         __u64 ihl_len;
  29
  30         if (eth_proto == bpf_htons(ETH_P_IP)) {
  31                 struct iphdr *iph = (struct iphdr *)(data + nh_off);
  32
  33                 if (iph + 1 > data_end)
  34                         return NULL;
  35                 ihl_len = iph->ihl * 4;
  36                 proto = iph->protocol;
  37                 *ipv4 = true;
  38                 result = (struct bpf_sock_tuple *)&iph->saddr;
  39         } else if (eth_proto == bpf_htons(ETH_P_IPV6)) {
  40                 struct ipv6hdr *ip6h = (struct ipv6hdr *)(data + nh_off);
  41
  42                 if (ip6h + 1 > data_end)
  43                         return NULL;
  44                 ihl_len = sizeof(*ip6h);
  45                 proto = ip6h->nexthdr;
  46                 *ipv4 = true;
  47                 result = (struct bpf_sock_tuple *)&ip6h->saddr;
  48         }
  49
  50         if (data + nh_off + ihl_len > data_end || proto != IPPROTO_TCP)
  51                 return NULL;
  52
  53         return result;
  54 }
  55
  56 SEC("sk_lookup_success")
  57 int bpf_sk_lookup_test0(struct __sk_buff *skb)
  58 {
  59         void *data_end = (void *)(long)skb->data_end;
  60         void *data = (void *)(long)skb->data;
  61         struct ethhdr *eth = (struct ethhdr *)(data);
  62         struct bpf_sock_tuple *tuple;
  63         struct bpf_sock *sk;
  64         size_t tuple_len;
  65         bool ipv4;
  66
  67         if (eth + 1 > data_end)
  68                 return TC_ACT_SHOT;
  69
  70         tuple = get_tuple(data, sizeof(*eth), data_end, eth->h_proto, &ipv4);
  71         if (!tuple || tuple + sizeof *tuple > data_end)
  72                 return TC_ACT_SHOT;
  73
  74         tuple_len = ipv4 ? sizeof(tuple->ipv4) : sizeof(tuple->ipv6);
  75         sk = bpf_sk_lookup_tcp(skb, tuple, tuple_len, BPF_F_CURRENT_NETNS, 0);
  76         if (sk)
  77                 bpf_sk_release(sk);
  78         return sk ? TC_ACT_OK : TC_ACT_UNSPEC;
  79 }
  80
  81 SEC("sk_lookup_success_simple")
  82 int bpf_sk_lookup_test1(struct __sk_buff *skb)
  83 {
  84         struct bpf_sock_tuple tuple = {};
  85         struct bpf_sock *sk;
  86
  87         sk = bpf_sk_lookup_tcp(skb, &tuple, sizeof(tuple), BPF_F_CURRENT_NETNS, 0);
  88         if (sk)
  89                 bpf_sk_release(sk);
  90         return 0;
  91 }
  92
  93 SEC("fail_use_after_free")
  94 int bpf_sk_lookup_uaf(struct __sk_buff *skb)
  95 {
  96         struct bpf_sock_tuple tuple = {};
  97         struct bpf_sock *sk;
  98         __u32 family = 0;
  99
 100         sk = bpf_sk_lookup_tcp(skb, &tuple, sizeof(tuple), BPF_F_CURRENT_NETNS, 0);
 101         if (sk) {
 102                 bpf_sk_release(sk);
 103                 family = sk->family;
 104         }
 105         return family;
 106 }
 107
 108 SEC("fail_modify_sk_pointer")
 109 int bpf_sk_lookup_modptr(struct __sk_buff *skb)
 110 {
 111         struct bpf_sock_tuple tuple = {};
 112         struct bpf_sock *sk;
 113         __u32 family;
 114
 115         sk = bpf_sk_lookup_tcp(skb, &tuple, sizeof(tuple), BPF_F_CURRENT_NETNS, 0);
 116         if (sk) {
 117                 sk += 1;
 118                 bpf_sk_release(sk);
 119         }
 120         return 0;
 121 }
 122
 123 SEC("fail_modify_sk_or_null_pointer")
 124 int bpf_sk_lookup_modptr_or_null(struct __sk_buff *skb)
 125 {
 126         struct bpf_sock_tuple tuple = {};
 127         struct bpf_sock *sk;
 128         __u32 family;
 129
 130         sk = bpf_sk_lookup_tcp(skb, &tuple, sizeof(tuple), BPF_F_CURRENT_NETNS, 0);
 131         sk += 1;
 132         if (sk)
 133                 bpf_sk_release(sk);
 134         return 0;
 135 }
 136
 137 SEC("fail_no_release")
 138 int bpf_sk_lookup_test2(struct __sk_buff *skb)
 139 {
 140         struct bpf_sock_tuple tuple = {};
 141
 142         bpf_sk_lookup_tcp(skb, &tuple, sizeof(tuple), BPF_F_CURRENT_NETNS, 0);
 143         return 0;
 144 }
 145
 146 SEC("fail_release_twice")
 147 int bpf_sk_lookup_test3(struct __sk_buff *skb)
 148 {
 149         struct bpf_sock_tuple tuple = {};
 150         struct bpf_sock *sk;
 151
 152         sk = bpf_sk_lookup_tcp(skb, &tuple, sizeof(tuple), BPF_F_CURRENT_NETNS, 0);
 153         bpf_sk_release(sk);
 154         bpf_sk_release(sk);
 155         return 0;
 156 }
 157
 158 SEC("fail_release_unchecked")
 159 int bpf_sk_lookup_test4(struct __sk_buff *skb)
 160 {
 161         struct bpf_sock_tuple tuple = {};
 162         struct bpf_sock *sk;
 163
 164         sk = bpf_sk_lookup_tcp(skb, &tuple, sizeof(tuple), BPF_F_CURRENT_NETNS, 0);
 165         bpf_sk_release(sk);
 166         return 0;
 167 }
 168
 169 void lookup_no_release(struct __sk_buff *skb)
 170 {
 171         struct bpf_sock_tuple tuple = {};
 172         bpf_sk_lookup_tcp(skb, &tuple, sizeof(tuple), BPF_F_CURRENT_NETNS, 0);
 173 }
 174
 175 SEC("fail_no_release_subcall")
 176 int bpf_sk_lookup_test5(struct __sk_buff *skb)
 177 {
 178         lookup_no_release(skb);
 179         return 0;
 180 }