tools/testing/selftests/bpf/progs/test_pkt_access.c

   1 // SPDX-License-Identifier: GPL-2.0-only
   2 /* Copyright (c) 2017 Facebook
   3  */
   4 #include <stddef.h>
   5 #include <string.h>
   6 #include <linux/bpf.h>
   7 #include <linux/if_ether.h>
   8 #include <linux/if_packet.h>
   9 #include <linux/ip.h>
  10 #include <linux/ipv6.h>
  11 #include <linux/in.h>
  12 #include <linux/tcp.h>
  13 #include <linux/pkt_cls.h>
  14 #include <bpf/bpf_helpers.h>
  15 #include <bpf/bpf_endian.h>
  16
  17 #define barrier() __asm__ __volatile__("": : :"memory")
  18 int _version SEC("version") = 1;
  19
  20 /* llvm will optimize both subprograms into exactly the same BPF assembly
  21  *
  22  * Disassembly of section .text:
  23  *
  24  * 0000000000000000 test_pkt_access_subprog1:
  25  * ;    return skb->len * 2;
  26  *        0:    61 10 00 00 00 00 00 00 r0 = *(u32 *)(r1 + 0)
  27  *        1:    64 00 00 00 01 00 00 00 w0 <<= 1
  28  *        2:    95 00 00 00 00 00 00 00 exit
  29  *
  30  * 0000000000000018 test_pkt_access_subprog2:
  31  * ;    return skb->len * val;
  32  *        3:    61 10 00 00 00 00 00 00 r0 = *(u32 *)(r1 + 0)
  33  *        4:    64 00 00 00 01 00 00 00 w0 <<= 1
  34  *        5:    95 00 00 00 00 00 00 00 exit
  35  *
  36  * Which makes it an interesting test for BTF-enabled verifier.
  37  */
  38 static __attribute__ ((noinline))
  39 int test_pkt_access_subprog1(volatile struct __sk_buff *skb)
  40 {
  41         return skb->len * 2;
  42 }
  43
  44 static __attribute__ ((noinline))
  45 int test_pkt_access_subprog2(int val, volatile struct __sk_buff *skb)
  46 {
  47         return skb->len * val;
  48 }
  49
  50 #define MAX_STACK (512 - 2 * 32)
  51
  52 __attribute__ ((noinline))
  53 int get_skb_len(struct __sk_buff *skb)
  54 {
  55         volatile char buf[MAX_STACK] = {};
  56
  57         return skb->len;
  58 }
  59
  60 __attribute__ ((noinline))
  61 int get_constant(long val)
  62 {
  63         return val - 122;
  64 }
  65
  66 int get_skb_ifindex(int, struct __sk_buff *skb, int);
  67
  68 __attribute__ ((noinline))
  69 int test_pkt_access_subprog3(int val, struct __sk_buff *skb)
  70 {
  71         return get_skb_len(skb) * get_skb_ifindex(val, skb, get_constant(123));
  72 }
  73
  74 __attribute__ ((noinline))
  75 int get_skb_ifindex(int val, struct __sk_buff *skb, int var)
  76 {
  77         volatile char buf[MAX_STACK] = {};
  78
  79         return skb->ifindex * val * var;
  80 }
  81
  82 __attribute__ ((noinline))
  83 int test_pkt_write_access_subprog(struct __sk_buff *skb, __u32 off)
  84 {
  85         void *data = (void *)(long)skb->data;
  86         void *data_end = (void *)(long)skb->data_end;
  87         struct tcphdr *tcp = NULL;
  88
  89         if (off > sizeof(struct ethhdr) + sizeof(struct ipv6hdr))
  90                 return -1;
  91
  92         tcp = data + off;
  93         if (tcp + 1 > data_end)
  94                 return -1;
  95         /* make modification to the packet data */
  96         tcp->check++;
  97         return 0;
  98 }
  99
 100 SEC("classifier/test_pkt_access")
 101 int test_pkt_access(struct __sk_buff *skb)
 102 {
 103         void *data_end = (void *)(long)skb->data_end;
 104         void *data = (void *)(long)skb->data;
 105         struct ethhdr *eth = (struct ethhdr *)(data);
 106         struct tcphdr *tcp = NULL;
 107         __u8 proto = 255;
 108         __u64 ihl_len;
 109
 110         if (eth + 1 > data_end)
 111                 return TC_ACT_SHOT;
 112
 113         if (eth->h_proto == bpf_htons(ETH_P_IP)) {
 114                 struct iphdr *iph = (struct iphdr *)(eth + 1);
 115
 116                 if (iph + 1 > data_end)
 117                         return TC_ACT_SHOT;
 118                 ihl_len = iph->ihl * 4;
 119                 proto = iph->protocol;
 120                 tcp = (struct tcphdr *)((void *)(iph) + ihl_len);
 121         } else if (eth->h_proto == bpf_htons(ETH_P_IPV6)) {
 122                 struct ipv6hdr *ip6h = (struct ipv6hdr *)(eth + 1);
 123
 124                 if (ip6h + 1 > data_end)
 125                         return TC_ACT_SHOT;
 126                 ihl_len = sizeof(*ip6h);
 127                 proto = ip6h->nexthdr;
 128                 tcp = (struct tcphdr *)((void *)(ip6h) + ihl_len);
 129         }
 130
 131         if (test_pkt_access_subprog1(skb) != skb->len * 2)
 132                 return TC_ACT_SHOT;
 133         if (test_pkt_access_subprog2(2, skb) != skb->len * 2)
 134                 return TC_ACT_SHOT;
 135         if (test_pkt_access_subprog3(3, skb) != skb->len * 3 * skb->ifindex)
 136                 return TC_ACT_SHOT;
 137         if (tcp) {
 138                 if (test_pkt_write_access_subprog(skb, (void *)tcp - data))
 139                         return TC_ACT_SHOT;
 140                 if (((void *)(tcp) + 20) > data_end || proto != 6)
 141                         return TC_ACT_SHOT;
 142                 barrier(); /* to force ordering of checks */
 143                 if (((void *)(tcp) + 18) > data_end)
 144                         return TC_ACT_SHOT;
 145                 if (tcp->urg_ptr == 123)
 146                         return TC_ACT_OK;
 147         }
 148
 149         return TC_ACT_UNSPEC;
 150 }