1 // SPDX-License-Identifier: GPL-2.0
2 
3 #include <limits.h>
4 #include <stdio.h>
5 #include <string.h>
6 #include <ctype.h>
7 #include <regex.h>
8 #include <test_progs.h>
9 
10 #include "bpf/btf.h"
11 #include "bpf_util.h"
12 #include "linux/filter.h"
13 #include "disasm.h"
14 
15 #define MAX_PROG_TEXT_SZ (32 * 1024)
16 
17 /* The code in this file serves the sole purpose of executing test cases
18  * specified in the test_cases array. Each test case specifies a program
19  * type, context field offset, and disassembly patterns that correspond
20  * to read and write instructions generated by
21  * verifier.c:convert_ctx_access() for accessing that field.
22  *
23  * For each test case, up to three programs are created:
24  * - One that uses BPF_LDX_MEM to read the context field.
25  * - One that uses BPF_STX_MEM to write to the context field.
26  * - One that uses BPF_ST_MEM to write to the context field.
27  *
28  * The disassembly of each program is then compared with the pattern
29  * specified in the test case.
30  */
31 struct test_case {
32 	char *name;
33 	enum bpf_prog_type prog_type;
34 	enum bpf_attach_type expected_attach_type;
35 	int field_offset;
36 	int field_sz;
37 	/* Program generated for BPF_ST_MEM uses value 42 by default,
38 	 * this field allows to specify custom value.
39 	 */
40 	struct {
41 		bool use;
42 		int value;
43 	} st_value;
44 	/* Pattern for BPF_LDX_MEM(field_sz, dst, ctx, field_offset) */
45 	char *read;
46 	/* Pattern for BPF_STX_MEM(field_sz, ctx, src, field_offset) and
47 	 *             BPF_ST_MEM (field_sz, ctx, src, field_offset)
48 	 */
49 	char *write;
50 	/* Pattern for BPF_ST_MEM(field_sz, ctx, src, field_offset),
51 	 * takes priority over `write`.
52 	 */
53 	char *write_st;
54 	/* Pattern for BPF_STX_MEM (field_sz, ctx, src, field_offset),
55 	 * takes priority over `write`.
56 	 */
57 	char *write_stx;
58 };
59 
60 #define N(_prog_type, type, field, name_extra...)	\
61 	.name = #_prog_type "." #field name_extra,	\
62 	.prog_type = BPF_PROG_TYPE_##_prog_type,	\
63 	.field_offset = offsetof(type, field),		\
64 	.field_sz = sizeof(typeof(((type *)NULL)->field))
65 
66 static struct test_case test_cases[] = {
67 /* Sign extension on s390 changes the pattern */
68 #if defined(__x86_64__) || defined(__aarch64__)
69 	{
70 		N(SCHED_CLS, struct __sk_buff, tstamp),
71 		.read  = "r11 = *(u8 *)($ctx + sk_buff::__mono_tc_offset);"
72 			 "w11 &= 3;"
73 			 "if w11 != 0x3 goto pc+2;"
74 			 "$dst = 0;"
75 			 "goto pc+1;"
76 			 "$dst = *(u64 *)($ctx + sk_buff::tstamp);",
77 		.write = "r11 = *(u8 *)($ctx + sk_buff::__mono_tc_offset);"
78 			 "if w11 & 0x2 goto pc+1;"
79 			 "goto pc+2;"
80 			 "w11 &= -2;"
81 			 "*(u8 *)($ctx + sk_buff::__mono_tc_offset) = r11;"
82 			 "*(u64 *)($ctx + sk_buff::tstamp) = $src;",
83 	},
84 #endif
85 	{
86 		N(SCHED_CLS, struct __sk_buff, priority),
87 		.read  = "$dst = *(u32 *)($ctx + sk_buff::priority);",
88 		.write = "*(u32 *)($ctx + sk_buff::priority) = $src;",
89 	},
90 	{
91 		N(SCHED_CLS, struct __sk_buff, mark),
92 		.read  = "$dst = *(u32 *)($ctx + sk_buff::mark);",
93 		.write = "*(u32 *)($ctx + sk_buff::mark) = $src;",
94 	},
95 	{
96 		N(SCHED_CLS, struct __sk_buff, cb[0]),
97 		.read  = "$dst = *(u32 *)($ctx + $(sk_buff::cb + qdisc_skb_cb::data));",
98 		.write = "*(u32 *)($ctx + $(sk_buff::cb + qdisc_skb_cb::data)) = $src;",
99 	},
100 	{
101 		N(SCHED_CLS, struct __sk_buff, tc_classid),
102 		.read  = "$dst = *(u16 *)($ctx + $(sk_buff::cb + qdisc_skb_cb::tc_classid));",
103 		.write = "*(u16 *)($ctx + $(sk_buff::cb + qdisc_skb_cb::tc_classid)) = $src;",
104 	},
105 	{
106 		N(SCHED_CLS, struct __sk_buff, tc_index),
107 		.read  = "$dst = *(u16 *)($ctx + sk_buff::tc_index);",
108 		.write = "*(u16 *)($ctx + sk_buff::tc_index) = $src;",
109 	},
110 	{
111 		N(SCHED_CLS, struct __sk_buff, queue_mapping),
112 		.read      = "$dst = *(u16 *)($ctx + sk_buff::queue_mapping);",
113 		.write_stx = "if $src >= 0xffff goto pc+1;"
114 			     "*(u16 *)($ctx + sk_buff::queue_mapping) = $src;",
115 		.write_st  = "*(u16 *)($ctx + sk_buff::queue_mapping) = $src;",
116 	},
117 	{
118 		/* This is a corner case in filter.c:bpf_convert_ctx_access() */
119 		N(SCHED_CLS, struct __sk_buff, queue_mapping, ".ushrt_max"),
120 		.st_value = { true, USHRT_MAX },
121 		.write_st = "goto pc+0;",
122 	},
123 	{
124 		N(CGROUP_SOCK, struct bpf_sock, bound_dev_if),
125 		.read  = "$dst = *(u32 *)($ctx + sock_common::skc_bound_dev_if);",
126 		.write = "*(u32 *)($ctx + sock_common::skc_bound_dev_if) = $src;",
127 	},
128 	{
129 		N(CGROUP_SOCK, struct bpf_sock, mark),
130 		.read  = "$dst = *(u32 *)($ctx + sock::sk_mark);",
131 		.write = "*(u32 *)($ctx + sock::sk_mark) = $src;",
132 	},
133 	{
134 		N(CGROUP_SOCK, struct bpf_sock, priority),
135 		.read  = "$dst = *(u32 *)($ctx + sock::sk_priority);",
136 		.write = "*(u32 *)($ctx + sock::sk_priority) = $src;",
137 	},
138 	{
139 		N(SOCK_OPS, struct bpf_sock_ops, replylong[0]),
140 		.read  = "$dst = *(u32 *)($ctx + bpf_sock_ops_kern::replylong);",
141 		.write = "*(u32 *)($ctx + bpf_sock_ops_kern::replylong) = $src;",
142 	},
143 	{
144 		N(CGROUP_SYSCTL, struct bpf_sysctl, file_pos),
145 #if __BYTE_ORDER == __LITTLE_ENDIAN
146 		.read  = "$dst = *(u64 *)($ctx + bpf_sysctl_kern::ppos);"
147 			 "$dst = *(u32 *)($dst +0);",
148 		.write = "*(u64 *)($ctx + bpf_sysctl_kern::tmp_reg) = r9;"
149 			 "r9 = *(u64 *)($ctx + bpf_sysctl_kern::ppos);"
150 			 "*(u32 *)(r9 +0) = $src;"
151 			 "r9 = *(u64 *)($ctx + bpf_sysctl_kern::tmp_reg);",
152 #else
153 		.read  = "$dst = *(u64 *)($ctx + bpf_sysctl_kern::ppos);"
154 			 "$dst = *(u32 *)($dst +4);",
155 		.write = "*(u64 *)($ctx + bpf_sysctl_kern::tmp_reg) = r9;"
156 			 "r9 = *(u64 *)($ctx + bpf_sysctl_kern::ppos);"
157 			 "*(u32 *)(r9 +4) = $src;"
158 			 "r9 = *(u64 *)($ctx + bpf_sysctl_kern::tmp_reg);",
159 #endif
160 	},
161 	{
162 		N(CGROUP_SOCKOPT, struct bpf_sockopt, sk),
163 		.read  = "$dst = *(u64 *)($ctx + bpf_sockopt_kern::sk);",
164 		.expected_attach_type = BPF_CGROUP_GETSOCKOPT,
165 	},
166 	{
167 		N(CGROUP_SOCKOPT, struct bpf_sockopt, level),
168 		.read  = "$dst = *(u32 *)($ctx + bpf_sockopt_kern::level);",
169 		.write = "*(u32 *)($ctx + bpf_sockopt_kern::level) = $src;",
170 		.expected_attach_type = BPF_CGROUP_SETSOCKOPT,
171 	},
172 	{
173 		N(CGROUP_SOCKOPT, struct bpf_sockopt, optname),
174 		.read  = "$dst = *(u32 *)($ctx + bpf_sockopt_kern::optname);",
175 		.write = "*(u32 *)($ctx + bpf_sockopt_kern::optname) = $src;",
176 		.expected_attach_type = BPF_CGROUP_SETSOCKOPT,
177 	},
178 	{
179 		N(CGROUP_SOCKOPT, struct bpf_sockopt, optlen),
180 		.read  = "$dst = *(u32 *)($ctx + bpf_sockopt_kern::optlen);",
181 		.write = "*(u32 *)($ctx + bpf_sockopt_kern::optlen) = $src;",
182 		.expected_attach_type = BPF_CGROUP_SETSOCKOPT,
183 	},
184 	{
185 		N(CGROUP_SOCKOPT, struct bpf_sockopt, retval),
186 		.read  = "$dst = *(u64 *)($ctx + bpf_sockopt_kern::current_task);"
187 			 "$dst = *(u64 *)($dst + task_struct::bpf_ctx);"
188 			 "$dst = *(u32 *)($dst + bpf_cg_run_ctx::retval);",
189 		.write = "*(u64 *)($ctx + bpf_sockopt_kern::tmp_reg) = r9;"
190 			 "r9 = *(u64 *)($ctx + bpf_sockopt_kern::current_task);"
191 			 "r9 = *(u64 *)(r9 + task_struct::bpf_ctx);"
192 			 "*(u32 *)(r9 + bpf_cg_run_ctx::retval) = $src;"
193 			 "r9 = *(u64 *)($ctx + bpf_sockopt_kern::tmp_reg);",
194 		.expected_attach_type = BPF_CGROUP_GETSOCKOPT,
195 	},
196 	{
197 		N(CGROUP_SOCKOPT, struct bpf_sockopt, optval),
198 		.read  = "$dst = *(u64 *)($ctx + bpf_sockopt_kern::optval);",
199 		.expected_attach_type = BPF_CGROUP_GETSOCKOPT,
200 	},
201 	{
202 		N(CGROUP_SOCKOPT, struct bpf_sockopt, optval_end),
203 		.read  = "$dst = *(u64 *)($ctx + bpf_sockopt_kern::optval_end);",
204 		.expected_attach_type = BPF_CGROUP_GETSOCKOPT,
205 	},
206 };
207 
208 #undef N
209 
210 static regex_t *ident_regex;
211 static regex_t *field_regex;
212 
skip_space(char * str)213 static char *skip_space(char *str)
214 {
215 	while (*str && isspace(*str))
216 		++str;
217 	return str;
218 }
219 
skip_space_and_semi(char * str)220 static char *skip_space_and_semi(char *str)
221 {
222 	while (*str && (isspace(*str) || *str == ';'))
223 		++str;
224 	return str;
225 }
226 
match_str(char * str,char * prefix)227 static char *match_str(char *str, char *prefix)
228 {
229 	while (*str && *prefix && *str == *prefix) {
230 		++str;
231 		++prefix;
232 	}
233 	if (*prefix)
234 		return NULL;
235 	return str;
236 }
237 
match_number(char * str,int num)238 static char *match_number(char *str, int num)
239 {
240 	char *next;
241 	int snum = strtol(str, &next, 10);
242 
243 	if (next - str == 0 || num != snum)
244 		return NULL;
245 
246 	return next;
247 }
248 
find_field_offset_aux(struct btf * btf,int btf_id,char * field_name,int off)249 static int find_field_offset_aux(struct btf *btf, int btf_id, char *field_name, int off)
250 {
251 	const struct btf_type *type = btf__type_by_id(btf, btf_id);
252 	const struct btf_member *m;
253 	__u16 mnum;
254 	int i;
255 
256 	if (!type) {
257 		PRINT_FAIL("Can't find btf_type for id %d\n", btf_id);
258 		return -1;
259 	}
260 
261 	if (!btf_is_struct(type) && !btf_is_union(type)) {
262 		PRINT_FAIL("BTF id %d is not struct or union\n", btf_id);
263 		return -1;
264 	}
265 
266 	m = btf_members(type);
267 	mnum = btf_vlen(type);
268 
269 	for (i = 0; i < mnum; ++i, ++m) {
270 		const char *mname = btf__name_by_offset(btf, m->name_off);
271 
272 		if (strcmp(mname, "") == 0) {
273 			int msize = find_field_offset_aux(btf, m->type, field_name,
274 							  off + m->offset);
275 			if (msize >= 0)
276 				return msize;
277 		}
278 
279 		if (strcmp(mname, field_name))
280 			continue;
281 
282 		return (off + m->offset) / 8;
283 	}
284 
285 	return -1;
286 }
287 
find_field_offset(struct btf * btf,char * pattern,regmatch_t * matches)288 static int find_field_offset(struct btf *btf, char *pattern, regmatch_t *matches)
289 {
290 	int type_sz  = matches[1].rm_eo - matches[1].rm_so;
291 	int field_sz = matches[2].rm_eo - matches[2].rm_so;
292 	char *type   = pattern + matches[1].rm_so;
293 	char *field  = pattern + matches[2].rm_so;
294 	char field_str[128] = {};
295 	char type_str[128] = {};
296 	int btf_id, field_offset;
297 
298 	if (type_sz >= sizeof(type_str)) {
299 		PRINT_FAIL("Malformed pattern: type ident is too long: %d\n", type_sz);
300 		return -1;
301 	}
302 
303 	if (field_sz >= sizeof(field_str)) {
304 		PRINT_FAIL("Malformed pattern: field ident is too long: %d\n", field_sz);
305 		return -1;
306 	}
307 
308 	strncpy(type_str, type, type_sz);
309 	strncpy(field_str, field, field_sz);
310 	btf_id = btf__find_by_name(btf, type_str);
311 	if (btf_id < 0) {
312 		PRINT_FAIL("No BTF info for type %s\n", type_str);
313 		return -1;
314 	}
315 
316 	field_offset = find_field_offset_aux(btf, btf_id, field_str, 0);
317 	if (field_offset < 0) {
318 		PRINT_FAIL("No BTF info for field %s::%s\n", type_str, field_str);
319 		return -1;
320 	}
321 
322 	return field_offset;
323 }
324 
compile_regex(char * pat)325 static regex_t *compile_regex(char *pat)
326 {
327 	regex_t *re;
328 	int err;
329 
330 	re = malloc(sizeof(regex_t));
331 	if (!re) {
332 		PRINT_FAIL("Can't alloc regex\n");
333 		return NULL;
334 	}
335 
336 	err = regcomp(re, pat, REG_EXTENDED);
337 	if (err) {
338 		char errbuf[512];
339 
340 		regerror(err, re, errbuf, sizeof(errbuf));
341 		PRINT_FAIL("Can't compile regex: %s\n", errbuf);
342 		free(re);
343 		return NULL;
344 	}
345 
346 	return re;
347 }
348 
free_regex(regex_t * re)349 static void free_regex(regex_t *re)
350 {
351 	if (!re)
352 		return;
353 
354 	regfree(re);
355 	free(re);
356 }
357 
max_line_len(char * str)358 static u32 max_line_len(char *str)
359 {
360 	u32 max_line = 0;
361 	char *next = str;
362 
363 	while (next) {
364 		next = strchr(str, '\n');
365 		if (next) {
366 			max_line = max_t(u32, max_line, (next - str));
367 			str = next + 1;
368 		} else {
369 			max_line = max_t(u32, max_line, strlen(str));
370 		}
371 	}
372 
373 	return min(max_line, 60u);
374 }
375 
376 /* Print strings `pattern_origin` and `text_origin` side by side,
377  * assume `pattern_pos` and `text_pos` designate location within
378  * corresponding origin string where match diverges.
379  * The output should look like:
380  *
381  *   Can't match disassembly(left) with pattern(right):
382  *   r2 = *(u64 *)(r1 +0)  ;  $dst = *(u64 *)($ctx + bpf_sockopt_kern::sk1)
383  *                     ^                             ^
384  *   r0 = 0                ;
385  *   exit                  ;
386  */
print_match_error(FILE * out,char * pattern_origin,char * text_origin,char * pattern_pos,char * text_pos)387 static void print_match_error(FILE *out,
388 			      char *pattern_origin, char *text_origin,
389 			      char *pattern_pos, char *text_pos)
390 {
391 	char *pattern = pattern_origin;
392 	char *text = text_origin;
393 	int middle = max_line_len(text) + 2;
394 
395 	fprintf(out, "Can't match disassembly(left) with pattern(right):\n");
396 	while (*pattern || *text) {
397 		int column = 0;
398 		int mark1 = -1;
399 		int mark2 = -1;
400 
401 		/* Print one line from text */
402 		while (*text && *text != '\n') {
403 			if (text == text_pos)
404 				mark1 = column;
405 			fputc(*text, out);
406 			++text;
407 			++column;
408 		}
409 		if (text == text_pos)
410 			mark1 = column;
411 
412 		/* Pad to the middle */
413 		while (column < middle) {
414 			fputc(' ', out);
415 			++column;
416 		}
417 		fputs(";  ", out);
418 		column += 3;
419 
420 		/* Print one line from pattern, pattern lines are terminated by ';' */
421 		while (*pattern && *pattern != ';') {
422 			if (pattern == pattern_pos)
423 				mark2 = column;
424 			fputc(*pattern, out);
425 			++pattern;
426 			++column;
427 		}
428 		if (pattern == pattern_pos)
429 			mark2 = column;
430 
431 		fputc('\n', out);
432 		if (*pattern)
433 			++pattern;
434 		if (*text)
435 			++text;
436 
437 		/* If pattern and text diverge at this line, print an
438 		 * additional line with '^' marks, highlighting
439 		 * positions where match fails.
440 		 */
441 		if (mark1 > 0 || mark2 > 0) {
442 			for (column = 0; column <= max(mark1, mark2); ++column) {
443 				if (column == mark1 || column == mark2)
444 					fputc('^', out);
445 				else
446 					fputc(' ', out);
447 			}
448 			fputc('\n', out);
449 		}
450 	}
451 }
452 
453 /* Test if `text` matches `pattern`. Pattern consists of the following elements:
454  *
455  * - Field offset references:
456  *
457  *     <type>::<field>
458  *
459  *   When such reference is encountered BTF is used to compute numerical
460  *   value for the offset of <field> in <type>. The `text` is expected to
461  *   contain matching numerical value.
462  *
463  * - Field groups:
464  *
465  *     $(<type>::<field> [+ <type>::<field>]*)
466  *
467  *   Allows to specify an offset that is a sum of multiple field offsets.
468  *   The `text` is expected to contain matching numerical value.
469  *
470  * - Variable references, e.g. `$src`, `$dst`, `$ctx`.
471  *   These are substitutions specified in `reg_map` array.
472  *   If a substring of pattern is equal to `reg_map[i][0]` the `text` is
473  *   expected to contain `reg_map[i][1]` in the matching position.
474  *
475  * - Whitespace is ignored, ';' counts as whitespace for `pattern`.
476  *
477  * - Any other characters, `pattern` and `text` should match one-to-one.
478  *
479  * Example of a pattern:
480  *
481  *                    __________ fields group ________________
482  *                   '                                        '
483  *   *(u16 *)($ctx + $(sk_buff::cb + qdisc_skb_cb::tc_classid)) = $src;
484  *            ^^^^                   '______________________'
485  *     variable reference             field offset reference
486  */
match_pattern(struct btf * btf,char * pattern,char * text,char * reg_map[][2])487 static bool match_pattern(struct btf *btf, char *pattern, char *text, char *reg_map[][2])
488 {
489 	char *pattern_origin = pattern;
490 	char *text_origin = text;
491 	regmatch_t matches[3];
492 
493 _continue:
494 	while (*pattern) {
495 		if (!*text)
496 			goto err;
497 
498 		/* Skip whitespace */
499 		if (isspace(*pattern) || *pattern == ';') {
500 			if (!isspace(*text) && text != text_origin && isalnum(text[-1]))
501 				goto err;
502 			pattern = skip_space_and_semi(pattern);
503 			text = skip_space(text);
504 			continue;
505 		}
506 
507 		/* Check for variable references */
508 		for (int i = 0; reg_map[i][0]; ++i) {
509 			char *pattern_next, *text_next;
510 
511 			pattern_next = match_str(pattern, reg_map[i][0]);
512 			if (!pattern_next)
513 				continue;
514 
515 			text_next = match_str(text, reg_map[i][1]);
516 			if (!text_next)
517 				goto err;
518 
519 			pattern = pattern_next;
520 			text = text_next;
521 			goto _continue;
522 		}
523 
524 		/* Match field group:
525 		 *   $(sk_buff::cb + qdisc_skb_cb::tc_classid)
526 		 */
527 		if (strncmp(pattern, "$(", 2) == 0) {
528 			char *group_start = pattern, *text_next;
529 			int acc_offset = 0;
530 
531 			pattern += 2;
532 
533 			for (;;) {
534 				int field_offset;
535 
536 				pattern = skip_space(pattern);
537 				if (!*pattern) {
538 					PRINT_FAIL("Unexpected end of pattern\n");
539 					goto err;
540 				}
541 
542 				if (*pattern == ')') {
543 					++pattern;
544 					break;
545 				}
546 
547 				if (*pattern == '+') {
548 					++pattern;
549 					continue;
550 				}
551 
552 				printf("pattern: %s\n", pattern);
553 				if (regexec(field_regex, pattern, 3, matches, 0) != 0) {
554 					PRINT_FAIL("Field reference expected\n");
555 					goto err;
556 				}
557 
558 				field_offset = find_field_offset(btf, pattern, matches);
559 				if (field_offset < 0)
560 					goto err;
561 
562 				pattern += matches[0].rm_eo;
563 				acc_offset += field_offset;
564 			}
565 
566 			text_next = match_number(text, acc_offset);
567 			if (!text_next) {
568 				PRINT_FAIL("No match for group offset %.*s (%d)\n",
569 					   (int)(pattern - group_start),
570 					   group_start,
571 					   acc_offset);
572 				goto err;
573 			}
574 			text = text_next;
575 		}
576 
577 		/* Match field reference:
578 		 *   sk_buff::cb
579 		 */
580 		if (regexec(field_regex, pattern, 3, matches, 0) == 0) {
581 			int field_offset;
582 			char *text_next;
583 
584 			field_offset = find_field_offset(btf, pattern, matches);
585 			if (field_offset < 0)
586 				goto err;
587 
588 			text_next = match_number(text, field_offset);
589 			if (!text_next) {
590 				PRINT_FAIL("No match for field offset %.*s (%d)\n",
591 					   (int)matches[0].rm_eo, pattern, field_offset);
592 				goto err;
593 			}
594 
595 			pattern += matches[0].rm_eo;
596 			text = text_next;
597 			continue;
598 		}
599 
600 		/* If pattern points to identifier not followed by '::'
601 		 * skip the identifier to avoid n^2 application of the
602 		 * field reference rule.
603 		 */
604 		if (regexec(ident_regex, pattern, 1, matches, 0) == 0) {
605 			if (strncmp(pattern, text, matches[0].rm_eo) != 0)
606 				goto err;
607 
608 			pattern += matches[0].rm_eo;
609 			text += matches[0].rm_eo;
610 			continue;
611 		}
612 
613 		/* Match literally */
614 		if (*pattern != *text)
615 			goto err;
616 
617 		++pattern;
618 		++text;
619 	}
620 
621 	return true;
622 
623 err:
624 	test__fail();
625 	print_match_error(stdout, pattern_origin, text_origin, pattern, text);
626 	return false;
627 }
628 
629 /* Request BPF program instructions after all rewrites are applied,
630  * e.g. verifier.c:convert_ctx_access() is done.
631  */
get_xlated_program(int fd_prog,struct bpf_insn ** buf,__u32 * cnt)632 static int get_xlated_program(int fd_prog, struct bpf_insn **buf, __u32 *cnt)
633 {
634 	struct bpf_prog_info info = {};
635 	__u32 info_len = sizeof(info);
636 	__u32 xlated_prog_len;
637 	__u32 buf_element_size = sizeof(struct bpf_insn);
638 
639 	if (bpf_prog_get_info_by_fd(fd_prog, &info, &info_len)) {
640 		perror("bpf_prog_get_info_by_fd failed");
641 		return -1;
642 	}
643 
644 	xlated_prog_len = info.xlated_prog_len;
645 	if (xlated_prog_len % buf_element_size) {
646 		printf("Program length %d is not multiple of %d\n",
647 		       xlated_prog_len, buf_element_size);
648 		return -1;
649 	}
650 
651 	*cnt = xlated_prog_len / buf_element_size;
652 	*buf = calloc(*cnt, buf_element_size);
653 	if (!buf) {
654 		perror("can't allocate xlated program buffer");
655 		return -ENOMEM;
656 	}
657 
658 	bzero(&info, sizeof(info));
659 	info.xlated_prog_len = xlated_prog_len;
660 	info.xlated_prog_insns = (__u64)(unsigned long)*buf;
661 	if (bpf_prog_get_info_by_fd(fd_prog, &info, &info_len)) {
662 		perror("second bpf_prog_get_info_by_fd failed");
663 		goto out_free_buf;
664 	}
665 
666 	return 0;
667 
668 out_free_buf:
669 	free(*buf);
670 	return -1;
671 }
672 
print_insn(void * private_data,const char * fmt,...)673 static void print_insn(void *private_data, const char *fmt, ...)
674 {
675 	va_list args;
676 
677 	va_start(args, fmt);
678 	vfprintf((FILE *)private_data, fmt, args);
679 	va_end(args);
680 }
681 
682 /* Disassemble instructions to a stream */
print_xlated(FILE * out,struct bpf_insn * insn,__u32 len)683 static void print_xlated(FILE *out, struct bpf_insn *insn, __u32 len)
684 {
685 	const struct bpf_insn_cbs cbs = {
686 		.cb_print	= print_insn,
687 		.cb_call	= NULL,
688 		.cb_imm		= NULL,
689 		.private_data	= out,
690 	};
691 	bool double_insn = false;
692 	int i;
693 
694 	for (i = 0; i < len; i++) {
695 		if (double_insn) {
696 			double_insn = false;
697 			continue;
698 		}
699 
700 		double_insn = insn[i].code == (BPF_LD | BPF_IMM | BPF_DW);
701 		print_bpf_insn(&cbs, insn + i, true);
702 	}
703 }
704 
705 /* We share code with kernel BPF disassembler, it adds '(FF) ' prefix
706  * for each instruction (FF stands for instruction `code` byte).
707  * This function removes the prefix inplace for each line in `str`.
708  */
remove_insn_prefix(char * str,int size)709 static void remove_insn_prefix(char *str, int size)
710 {
711 	const int prefix_size = 5;
712 
713 	int write_pos = 0, read_pos = prefix_size;
714 	int len = strlen(str);
715 	char c;
716 
717 	size = min(size, len);
718 
719 	while (read_pos < size) {
720 		c = str[read_pos++];
721 		if (c == 0)
722 			break;
723 		str[write_pos++] = c;
724 		if (c == '\n')
725 			read_pos += prefix_size;
726 	}
727 	str[write_pos] = 0;
728 }
729 
730 struct prog_info {
731 	char *prog_kind;
732 	enum bpf_prog_type prog_type;
733 	enum bpf_attach_type expected_attach_type;
734 	struct bpf_insn *prog;
735 	u32 prog_len;
736 };
737 
match_program(struct btf * btf,struct prog_info * pinfo,char * pattern,char * reg_map[][2],bool skip_first_insn)738 static void match_program(struct btf *btf,
739 			  struct prog_info *pinfo,
740 			  char *pattern,
741 			  char *reg_map[][2],
742 			  bool skip_first_insn)
743 {
744 	struct bpf_insn *buf = NULL;
745 	int err = 0, prog_fd = 0;
746 	FILE *prog_out = NULL;
747 	char *text = NULL;
748 	__u32 cnt = 0;
749 
750 	text = calloc(MAX_PROG_TEXT_SZ, 1);
751 	if (!text) {
752 		PRINT_FAIL("Can't allocate %d bytes\n", MAX_PROG_TEXT_SZ);
753 		goto out;
754 	}
755 
756 	// TODO: log level
757 	LIBBPF_OPTS(bpf_prog_load_opts, opts);
758 	opts.log_buf = text;
759 	opts.log_size = MAX_PROG_TEXT_SZ;
760 	opts.log_level = 1 | 2 | 4;
761 	opts.expected_attach_type = pinfo->expected_attach_type;
762 
763 	prog_fd = bpf_prog_load(pinfo->prog_type, NULL, "GPL",
764 				pinfo->prog, pinfo->prog_len, &opts);
765 	if (prog_fd < 0) {
766 		PRINT_FAIL("Can't load program, errno %d (%s), verifier log:\n%s\n",
767 			   errno, strerror(errno), text);
768 		goto out;
769 	}
770 
771 	memset(text, 0, MAX_PROG_TEXT_SZ);
772 
773 	err = get_xlated_program(prog_fd, &buf, &cnt);
774 	if (err) {
775 		PRINT_FAIL("Can't load back BPF program\n");
776 		goto out;
777 	}
778 
779 	prog_out = fmemopen(text, MAX_PROG_TEXT_SZ - 1, "w");
780 	if (!prog_out) {
781 		PRINT_FAIL("Can't open memory stream\n");
782 		goto out;
783 	}
784 	if (skip_first_insn)
785 		print_xlated(prog_out, buf + 1, cnt - 1);
786 	else
787 		print_xlated(prog_out, buf, cnt);
788 	fclose(prog_out);
789 	remove_insn_prefix(text, MAX_PROG_TEXT_SZ);
790 
791 	ASSERT_TRUE(match_pattern(btf, pattern, text, reg_map),
792 		    pinfo->prog_kind);
793 
794 out:
795 	if (prog_fd)
796 		close(prog_fd);
797 	free(buf);
798 	free(text);
799 }
800 
run_one_testcase(struct btf * btf,struct test_case * test)801 static void run_one_testcase(struct btf *btf, struct test_case *test)
802 {
803 	struct prog_info pinfo = {};
804 	int bpf_sz;
805 
806 	if (!test__start_subtest(test->name))
807 		return;
808 
809 	switch (test->field_sz) {
810 	case 8:
811 		bpf_sz = BPF_DW;
812 		break;
813 	case 4:
814 		bpf_sz = BPF_W;
815 		break;
816 	case 2:
817 		bpf_sz = BPF_H;
818 		break;
819 	case 1:
820 		bpf_sz = BPF_B;
821 		break;
822 	default:
823 		PRINT_FAIL("Unexpected field size: %d, want 8,4,2 or 1\n", test->field_sz);
824 		return;
825 	}
826 
827 	pinfo.prog_type = test->prog_type;
828 	pinfo.expected_attach_type = test->expected_attach_type;
829 
830 	if (test->read) {
831 		struct bpf_insn ldx_prog[] = {
832 			BPF_LDX_MEM(bpf_sz, BPF_REG_2, BPF_REG_1, test->field_offset),
833 			BPF_MOV64_IMM(BPF_REG_0, 0),
834 			BPF_EXIT_INSN(),
835 		};
836 		char *reg_map[][2] = {
837 			{ "$ctx", "r1" },
838 			{ "$dst", "r2" },
839 			{}
840 		};
841 
842 		pinfo.prog_kind = "LDX";
843 		pinfo.prog = ldx_prog;
844 		pinfo.prog_len = ARRAY_SIZE(ldx_prog);
845 		match_program(btf, &pinfo, test->read, reg_map, false);
846 	}
847 
848 	if (test->write || test->write_st || test->write_stx) {
849 		struct bpf_insn stx_prog[] = {
850 			BPF_MOV64_IMM(BPF_REG_2, 0),
851 			BPF_STX_MEM(bpf_sz, BPF_REG_1, BPF_REG_2, test->field_offset),
852 			BPF_MOV64_IMM(BPF_REG_0, 0),
853 			BPF_EXIT_INSN(),
854 		};
855 		char *stx_reg_map[][2] = {
856 			{ "$ctx", "r1" },
857 			{ "$src", "r2" },
858 			{}
859 		};
860 		struct bpf_insn st_prog[] = {
861 			BPF_ST_MEM(bpf_sz, BPF_REG_1, test->field_offset,
862 				   test->st_value.use ? test->st_value.value : 42),
863 			BPF_MOV64_IMM(BPF_REG_0, 0),
864 			BPF_EXIT_INSN(),
865 		};
866 		char *st_reg_map[][2] = {
867 			{ "$ctx", "r1" },
868 			{ "$src", "42" },
869 			{}
870 		};
871 
872 		if (test->write || test->write_stx) {
873 			char *pattern = test->write_stx ? test->write_stx : test->write;
874 
875 			pinfo.prog_kind = "STX";
876 			pinfo.prog = stx_prog;
877 			pinfo.prog_len = ARRAY_SIZE(stx_prog);
878 			match_program(btf, &pinfo, pattern, stx_reg_map, true);
879 		}
880 
881 		if (test->write || test->write_st) {
882 			char *pattern = test->write_st ? test->write_st : test->write;
883 
884 			pinfo.prog_kind = "ST";
885 			pinfo.prog = st_prog;
886 			pinfo.prog_len = ARRAY_SIZE(st_prog);
887 			match_program(btf, &pinfo, pattern, st_reg_map, false);
888 		}
889 	}
890 
891 	test__end_subtest();
892 }
893 
test_ctx_rewrite(void)894 void test_ctx_rewrite(void)
895 {
896 	struct btf *btf;
897 	int i;
898 
899 	field_regex = compile_regex("^([[:alpha:]_][[:alnum:]_]+)::([[:alpha:]_][[:alnum:]_]+)");
900 	ident_regex = compile_regex("^[[:alpha:]_][[:alnum:]_]+");
901 	if (!field_regex || !ident_regex)
902 		return;
903 
904 	btf = btf__load_vmlinux_btf();
905 	if (!btf) {
906 		PRINT_FAIL("Can't load vmlinux BTF, errno %d (%s)\n", errno, strerror(errno));
907 		goto out;
908 	}
909 
910 	for (i = 0; i < ARRAY_SIZE(test_cases); ++i)
911 		run_one_testcase(btf, &test_cases[i]);
912 
913 out:
914 	btf__free(btf);
915 	free_regex(field_regex);
916 	free_regex(ident_regex);
917 }
918