1*04accf79SKumar Kartikeya Dwivedi // SPDX-License-Identifier: GPL-2.0 2*04accf79SKumar Kartikeya Dwivedi #include <vmlinux.h> 3*04accf79SKumar Kartikeya Dwivedi #include <bpf/bpf_tracing.h> 4*04accf79SKumar Kartikeya Dwivedi #include <bpf/bpf_helpers.h> 5*04accf79SKumar Kartikeya Dwivedi #include <bpf/bpf_core_read.h> 6*04accf79SKumar Kartikeya Dwivedi 7*04accf79SKumar Kartikeya Dwivedi struct map_value { 8*04accf79SKumar Kartikeya Dwivedi char buf[8]; 9*04accf79SKumar Kartikeya Dwivedi struct prog_test_ref_kfunc __kptr *unref_ptr; 10*04accf79SKumar Kartikeya Dwivedi struct prog_test_ref_kfunc __kptr_ref *ref_ptr; 11*04accf79SKumar Kartikeya Dwivedi struct prog_test_member __kptr_ref *ref_memb_ptr; 12*04accf79SKumar Kartikeya Dwivedi }; 13*04accf79SKumar Kartikeya Dwivedi 14*04accf79SKumar Kartikeya Dwivedi struct array_map { 15*04accf79SKumar Kartikeya Dwivedi __uint(type, BPF_MAP_TYPE_ARRAY); 16*04accf79SKumar Kartikeya Dwivedi __type(key, int); 17*04accf79SKumar Kartikeya Dwivedi __type(value, struct map_value); 18*04accf79SKumar Kartikeya Dwivedi __uint(max_entries, 1); 19*04accf79SKumar Kartikeya Dwivedi } array_map SEC(".maps"); 20*04accf79SKumar Kartikeya Dwivedi 21*04accf79SKumar Kartikeya Dwivedi extern struct prog_test_ref_kfunc *bpf_kfunc_call_test_acquire(unsigned long *sp) __ksym; 22*04accf79SKumar Kartikeya Dwivedi extern struct prog_test_ref_kfunc * 23*04accf79SKumar Kartikeya Dwivedi bpf_kfunc_call_test_kptr_get(struct prog_test_ref_kfunc **p, int a, int b) __ksym; 24*04accf79SKumar Kartikeya Dwivedi 25*04accf79SKumar Kartikeya Dwivedi SEC("?tc") 26*04accf79SKumar Kartikeya Dwivedi int size_not_bpf_dw(struct __sk_buff *ctx) 27*04accf79SKumar Kartikeya Dwivedi { 28*04accf79SKumar Kartikeya Dwivedi struct map_value *v; 29*04accf79SKumar Kartikeya Dwivedi int key = 0; 30*04accf79SKumar Kartikeya Dwivedi 31*04accf79SKumar Kartikeya Dwivedi v = bpf_map_lookup_elem(&array_map, &key); 32*04accf79SKumar Kartikeya Dwivedi if (!v) 33*04accf79SKumar Kartikeya Dwivedi return 0; 34*04accf79SKumar Kartikeya Dwivedi 35*04accf79SKumar Kartikeya Dwivedi *(u32 *)&v->unref_ptr = 0; 36*04accf79SKumar Kartikeya Dwivedi return 0; 37*04accf79SKumar Kartikeya Dwivedi } 38*04accf79SKumar Kartikeya Dwivedi 39*04accf79SKumar Kartikeya Dwivedi SEC("?tc") 40*04accf79SKumar Kartikeya Dwivedi int non_const_var_off(struct __sk_buff *ctx) 41*04accf79SKumar Kartikeya Dwivedi { 42*04accf79SKumar Kartikeya Dwivedi struct map_value *v; 43*04accf79SKumar Kartikeya Dwivedi int key = 0, id; 44*04accf79SKumar Kartikeya Dwivedi 45*04accf79SKumar Kartikeya Dwivedi v = bpf_map_lookup_elem(&array_map, &key); 46*04accf79SKumar Kartikeya Dwivedi if (!v) 47*04accf79SKumar Kartikeya Dwivedi return 0; 48*04accf79SKumar Kartikeya Dwivedi 49*04accf79SKumar Kartikeya Dwivedi id = ctx->protocol; 50*04accf79SKumar Kartikeya Dwivedi if (id < 4 || id > 12) 51*04accf79SKumar Kartikeya Dwivedi return 0; 52*04accf79SKumar Kartikeya Dwivedi *(u64 *)((void *)v + id) = 0; 53*04accf79SKumar Kartikeya Dwivedi 54*04accf79SKumar Kartikeya Dwivedi return 0; 55*04accf79SKumar Kartikeya Dwivedi } 56*04accf79SKumar Kartikeya Dwivedi 57*04accf79SKumar Kartikeya Dwivedi SEC("?tc") 58*04accf79SKumar Kartikeya Dwivedi int non_const_var_off_kptr_xchg(struct __sk_buff *ctx) 59*04accf79SKumar Kartikeya Dwivedi { 60*04accf79SKumar Kartikeya Dwivedi struct map_value *v; 61*04accf79SKumar Kartikeya Dwivedi int key = 0, id; 62*04accf79SKumar Kartikeya Dwivedi 63*04accf79SKumar Kartikeya Dwivedi v = bpf_map_lookup_elem(&array_map, &key); 64*04accf79SKumar Kartikeya Dwivedi if (!v) 65*04accf79SKumar Kartikeya Dwivedi return 0; 66*04accf79SKumar Kartikeya Dwivedi 67*04accf79SKumar Kartikeya Dwivedi id = ctx->protocol; 68*04accf79SKumar Kartikeya Dwivedi if (id < 4 || id > 12) 69*04accf79SKumar Kartikeya Dwivedi return 0; 70*04accf79SKumar Kartikeya Dwivedi bpf_kptr_xchg((void *)v + id, NULL); 71*04accf79SKumar Kartikeya Dwivedi 72*04accf79SKumar Kartikeya Dwivedi return 0; 73*04accf79SKumar Kartikeya Dwivedi } 74*04accf79SKumar Kartikeya Dwivedi 75*04accf79SKumar Kartikeya Dwivedi SEC("?tc") 76*04accf79SKumar Kartikeya Dwivedi int misaligned_access_write(struct __sk_buff *ctx) 77*04accf79SKumar Kartikeya Dwivedi { 78*04accf79SKumar Kartikeya Dwivedi struct map_value *v; 79*04accf79SKumar Kartikeya Dwivedi int key = 0; 80*04accf79SKumar Kartikeya Dwivedi 81*04accf79SKumar Kartikeya Dwivedi v = bpf_map_lookup_elem(&array_map, &key); 82*04accf79SKumar Kartikeya Dwivedi if (!v) 83*04accf79SKumar Kartikeya Dwivedi return 0; 84*04accf79SKumar Kartikeya Dwivedi 85*04accf79SKumar Kartikeya Dwivedi *(void **)((void *)v + 7) = NULL; 86*04accf79SKumar Kartikeya Dwivedi 87*04accf79SKumar Kartikeya Dwivedi return 0; 88*04accf79SKumar Kartikeya Dwivedi } 89*04accf79SKumar Kartikeya Dwivedi 90*04accf79SKumar Kartikeya Dwivedi SEC("?tc") 91*04accf79SKumar Kartikeya Dwivedi int misaligned_access_read(struct __sk_buff *ctx) 92*04accf79SKumar Kartikeya Dwivedi { 93*04accf79SKumar Kartikeya Dwivedi struct map_value *v; 94*04accf79SKumar Kartikeya Dwivedi int key = 0; 95*04accf79SKumar Kartikeya Dwivedi 96*04accf79SKumar Kartikeya Dwivedi v = bpf_map_lookup_elem(&array_map, &key); 97*04accf79SKumar Kartikeya Dwivedi if (!v) 98*04accf79SKumar Kartikeya Dwivedi return 0; 99*04accf79SKumar Kartikeya Dwivedi 100*04accf79SKumar Kartikeya Dwivedi return *(u64 *)((void *)v + 1); 101*04accf79SKumar Kartikeya Dwivedi } 102*04accf79SKumar Kartikeya Dwivedi 103*04accf79SKumar Kartikeya Dwivedi SEC("?tc") 104*04accf79SKumar Kartikeya Dwivedi int reject_var_off_store(struct __sk_buff *ctx) 105*04accf79SKumar Kartikeya Dwivedi { 106*04accf79SKumar Kartikeya Dwivedi struct prog_test_ref_kfunc *unref_ptr; 107*04accf79SKumar Kartikeya Dwivedi struct map_value *v; 108*04accf79SKumar Kartikeya Dwivedi int key = 0, id; 109*04accf79SKumar Kartikeya Dwivedi 110*04accf79SKumar Kartikeya Dwivedi v = bpf_map_lookup_elem(&array_map, &key); 111*04accf79SKumar Kartikeya Dwivedi if (!v) 112*04accf79SKumar Kartikeya Dwivedi return 0; 113*04accf79SKumar Kartikeya Dwivedi 114*04accf79SKumar Kartikeya Dwivedi unref_ptr = v->unref_ptr; 115*04accf79SKumar Kartikeya Dwivedi if (!unref_ptr) 116*04accf79SKumar Kartikeya Dwivedi return 0; 117*04accf79SKumar Kartikeya Dwivedi id = ctx->protocol; 118*04accf79SKumar Kartikeya Dwivedi if (id < 4 || id > 12) 119*04accf79SKumar Kartikeya Dwivedi return 0; 120*04accf79SKumar Kartikeya Dwivedi unref_ptr += id; 121*04accf79SKumar Kartikeya Dwivedi v->unref_ptr = unref_ptr; 122*04accf79SKumar Kartikeya Dwivedi 123*04accf79SKumar Kartikeya Dwivedi return 0; 124*04accf79SKumar Kartikeya Dwivedi } 125*04accf79SKumar Kartikeya Dwivedi 126*04accf79SKumar Kartikeya Dwivedi SEC("?tc") 127*04accf79SKumar Kartikeya Dwivedi int reject_bad_type_match(struct __sk_buff *ctx) 128*04accf79SKumar Kartikeya Dwivedi { 129*04accf79SKumar Kartikeya Dwivedi struct prog_test_ref_kfunc *unref_ptr; 130*04accf79SKumar Kartikeya Dwivedi struct map_value *v; 131*04accf79SKumar Kartikeya Dwivedi int key = 0; 132*04accf79SKumar Kartikeya Dwivedi 133*04accf79SKumar Kartikeya Dwivedi v = bpf_map_lookup_elem(&array_map, &key); 134*04accf79SKumar Kartikeya Dwivedi if (!v) 135*04accf79SKumar Kartikeya Dwivedi return 0; 136*04accf79SKumar Kartikeya Dwivedi 137*04accf79SKumar Kartikeya Dwivedi unref_ptr = v->unref_ptr; 138*04accf79SKumar Kartikeya Dwivedi if (!unref_ptr) 139*04accf79SKumar Kartikeya Dwivedi return 0; 140*04accf79SKumar Kartikeya Dwivedi unref_ptr = (void *)unref_ptr + 4; 141*04accf79SKumar Kartikeya Dwivedi v->unref_ptr = unref_ptr; 142*04accf79SKumar Kartikeya Dwivedi 143*04accf79SKumar Kartikeya Dwivedi return 0; 144*04accf79SKumar Kartikeya Dwivedi } 145*04accf79SKumar Kartikeya Dwivedi 146*04accf79SKumar Kartikeya Dwivedi SEC("?tc") 147*04accf79SKumar Kartikeya Dwivedi int marked_as_untrusted_or_null(struct __sk_buff *ctx) 148*04accf79SKumar Kartikeya Dwivedi { 149*04accf79SKumar Kartikeya Dwivedi struct map_value *v; 150*04accf79SKumar Kartikeya Dwivedi int key = 0; 151*04accf79SKumar Kartikeya Dwivedi 152*04accf79SKumar Kartikeya Dwivedi v = bpf_map_lookup_elem(&array_map, &key); 153*04accf79SKumar Kartikeya Dwivedi if (!v) 154*04accf79SKumar Kartikeya Dwivedi return 0; 155*04accf79SKumar Kartikeya Dwivedi 156*04accf79SKumar Kartikeya Dwivedi bpf_this_cpu_ptr(v->unref_ptr); 157*04accf79SKumar Kartikeya Dwivedi return 0; 158*04accf79SKumar Kartikeya Dwivedi } 159*04accf79SKumar Kartikeya Dwivedi 160*04accf79SKumar Kartikeya Dwivedi SEC("?tc") 161*04accf79SKumar Kartikeya Dwivedi int correct_btf_id_check_size(struct __sk_buff *ctx) 162*04accf79SKumar Kartikeya Dwivedi { 163*04accf79SKumar Kartikeya Dwivedi struct prog_test_ref_kfunc *p; 164*04accf79SKumar Kartikeya Dwivedi struct map_value *v; 165*04accf79SKumar Kartikeya Dwivedi int key = 0; 166*04accf79SKumar Kartikeya Dwivedi 167*04accf79SKumar Kartikeya Dwivedi v = bpf_map_lookup_elem(&array_map, &key); 168*04accf79SKumar Kartikeya Dwivedi if (!v) 169*04accf79SKumar Kartikeya Dwivedi return 0; 170*04accf79SKumar Kartikeya Dwivedi 171*04accf79SKumar Kartikeya Dwivedi p = v->unref_ptr; 172*04accf79SKumar Kartikeya Dwivedi if (!p) 173*04accf79SKumar Kartikeya Dwivedi return 0; 174*04accf79SKumar Kartikeya Dwivedi return *(int *)((void *)p + bpf_core_type_size(struct prog_test_ref_kfunc)); 175*04accf79SKumar Kartikeya Dwivedi } 176*04accf79SKumar Kartikeya Dwivedi 177*04accf79SKumar Kartikeya Dwivedi SEC("?tc") 178*04accf79SKumar Kartikeya Dwivedi int inherit_untrusted_on_walk(struct __sk_buff *ctx) 179*04accf79SKumar Kartikeya Dwivedi { 180*04accf79SKumar Kartikeya Dwivedi struct prog_test_ref_kfunc *unref_ptr; 181*04accf79SKumar Kartikeya Dwivedi struct map_value *v; 182*04accf79SKumar Kartikeya Dwivedi int key = 0; 183*04accf79SKumar Kartikeya Dwivedi 184*04accf79SKumar Kartikeya Dwivedi v = bpf_map_lookup_elem(&array_map, &key); 185*04accf79SKumar Kartikeya Dwivedi if (!v) 186*04accf79SKumar Kartikeya Dwivedi return 0; 187*04accf79SKumar Kartikeya Dwivedi 188*04accf79SKumar Kartikeya Dwivedi unref_ptr = v->unref_ptr; 189*04accf79SKumar Kartikeya Dwivedi if (!unref_ptr) 190*04accf79SKumar Kartikeya Dwivedi return 0; 191*04accf79SKumar Kartikeya Dwivedi unref_ptr = unref_ptr->next; 192*04accf79SKumar Kartikeya Dwivedi bpf_this_cpu_ptr(unref_ptr); 193*04accf79SKumar Kartikeya Dwivedi return 0; 194*04accf79SKumar Kartikeya Dwivedi } 195*04accf79SKumar Kartikeya Dwivedi 196*04accf79SKumar Kartikeya Dwivedi SEC("?tc") 197*04accf79SKumar Kartikeya Dwivedi int reject_kptr_xchg_on_unref(struct __sk_buff *ctx) 198*04accf79SKumar Kartikeya Dwivedi { 199*04accf79SKumar Kartikeya Dwivedi struct map_value *v; 200*04accf79SKumar Kartikeya Dwivedi int key = 0; 201*04accf79SKumar Kartikeya Dwivedi 202*04accf79SKumar Kartikeya Dwivedi v = bpf_map_lookup_elem(&array_map, &key); 203*04accf79SKumar Kartikeya Dwivedi if (!v) 204*04accf79SKumar Kartikeya Dwivedi return 0; 205*04accf79SKumar Kartikeya Dwivedi 206*04accf79SKumar Kartikeya Dwivedi bpf_kptr_xchg(&v->unref_ptr, NULL); 207*04accf79SKumar Kartikeya Dwivedi return 0; 208*04accf79SKumar Kartikeya Dwivedi } 209*04accf79SKumar Kartikeya Dwivedi 210*04accf79SKumar Kartikeya Dwivedi SEC("?tc") 211*04accf79SKumar Kartikeya Dwivedi int reject_kptr_get_no_map_val(struct __sk_buff *ctx) 212*04accf79SKumar Kartikeya Dwivedi { 213*04accf79SKumar Kartikeya Dwivedi bpf_kfunc_call_test_kptr_get((void *)&ctx, 0, 0); 214*04accf79SKumar Kartikeya Dwivedi return 0; 215*04accf79SKumar Kartikeya Dwivedi } 216*04accf79SKumar Kartikeya Dwivedi 217*04accf79SKumar Kartikeya Dwivedi SEC("?tc") 218*04accf79SKumar Kartikeya Dwivedi int reject_kptr_get_no_null_map_val(struct __sk_buff *ctx) 219*04accf79SKumar Kartikeya Dwivedi { 220*04accf79SKumar Kartikeya Dwivedi bpf_kfunc_call_test_kptr_get(bpf_map_lookup_elem(&array_map, &(int){0}), 0, 0); 221*04accf79SKumar Kartikeya Dwivedi return 0; 222*04accf79SKumar Kartikeya Dwivedi } 223*04accf79SKumar Kartikeya Dwivedi 224*04accf79SKumar Kartikeya Dwivedi SEC("?tc") 225*04accf79SKumar Kartikeya Dwivedi int reject_kptr_get_no_kptr(struct __sk_buff *ctx) 226*04accf79SKumar Kartikeya Dwivedi { 227*04accf79SKumar Kartikeya Dwivedi struct map_value *v; 228*04accf79SKumar Kartikeya Dwivedi int key = 0; 229*04accf79SKumar Kartikeya Dwivedi 230*04accf79SKumar Kartikeya Dwivedi v = bpf_map_lookup_elem(&array_map, &key); 231*04accf79SKumar Kartikeya Dwivedi if (!v) 232*04accf79SKumar Kartikeya Dwivedi return 0; 233*04accf79SKumar Kartikeya Dwivedi 234*04accf79SKumar Kartikeya Dwivedi bpf_kfunc_call_test_kptr_get((void *)v, 0, 0); 235*04accf79SKumar Kartikeya Dwivedi return 0; 236*04accf79SKumar Kartikeya Dwivedi } 237*04accf79SKumar Kartikeya Dwivedi 238*04accf79SKumar Kartikeya Dwivedi SEC("?tc") 239*04accf79SKumar Kartikeya Dwivedi int reject_kptr_get_on_unref(struct __sk_buff *ctx) 240*04accf79SKumar Kartikeya Dwivedi { 241*04accf79SKumar Kartikeya Dwivedi struct map_value *v; 242*04accf79SKumar Kartikeya Dwivedi int key = 0; 243*04accf79SKumar Kartikeya Dwivedi 244*04accf79SKumar Kartikeya Dwivedi v = bpf_map_lookup_elem(&array_map, &key); 245*04accf79SKumar Kartikeya Dwivedi if (!v) 246*04accf79SKumar Kartikeya Dwivedi return 0; 247*04accf79SKumar Kartikeya Dwivedi 248*04accf79SKumar Kartikeya Dwivedi bpf_kfunc_call_test_kptr_get(&v->unref_ptr, 0, 0); 249*04accf79SKumar Kartikeya Dwivedi return 0; 250*04accf79SKumar Kartikeya Dwivedi } 251*04accf79SKumar Kartikeya Dwivedi 252*04accf79SKumar Kartikeya Dwivedi SEC("?tc") 253*04accf79SKumar Kartikeya Dwivedi int reject_kptr_get_bad_type_match(struct __sk_buff *ctx) 254*04accf79SKumar Kartikeya Dwivedi { 255*04accf79SKumar Kartikeya Dwivedi struct map_value *v; 256*04accf79SKumar Kartikeya Dwivedi int key = 0; 257*04accf79SKumar Kartikeya Dwivedi 258*04accf79SKumar Kartikeya Dwivedi v = bpf_map_lookup_elem(&array_map, &key); 259*04accf79SKumar Kartikeya Dwivedi if (!v) 260*04accf79SKumar Kartikeya Dwivedi return 0; 261*04accf79SKumar Kartikeya Dwivedi 262*04accf79SKumar Kartikeya Dwivedi bpf_kfunc_call_test_kptr_get((void *)&v->ref_memb_ptr, 0, 0); 263*04accf79SKumar Kartikeya Dwivedi return 0; 264*04accf79SKumar Kartikeya Dwivedi } 265*04accf79SKumar Kartikeya Dwivedi 266*04accf79SKumar Kartikeya Dwivedi SEC("?tc") 267*04accf79SKumar Kartikeya Dwivedi int mark_ref_as_untrusted_or_null(struct __sk_buff *ctx) 268*04accf79SKumar Kartikeya Dwivedi { 269*04accf79SKumar Kartikeya Dwivedi struct map_value *v; 270*04accf79SKumar Kartikeya Dwivedi int key = 0; 271*04accf79SKumar Kartikeya Dwivedi 272*04accf79SKumar Kartikeya Dwivedi v = bpf_map_lookup_elem(&array_map, &key); 273*04accf79SKumar Kartikeya Dwivedi if (!v) 274*04accf79SKumar Kartikeya Dwivedi return 0; 275*04accf79SKumar Kartikeya Dwivedi 276*04accf79SKumar Kartikeya Dwivedi bpf_this_cpu_ptr(v->ref_ptr); 277*04accf79SKumar Kartikeya Dwivedi return 0; 278*04accf79SKumar Kartikeya Dwivedi } 279*04accf79SKumar Kartikeya Dwivedi 280*04accf79SKumar Kartikeya Dwivedi SEC("?tc") 281*04accf79SKumar Kartikeya Dwivedi int reject_untrusted_store_to_ref(struct __sk_buff *ctx) 282*04accf79SKumar Kartikeya Dwivedi { 283*04accf79SKumar Kartikeya Dwivedi struct prog_test_ref_kfunc *p; 284*04accf79SKumar Kartikeya Dwivedi struct map_value *v; 285*04accf79SKumar Kartikeya Dwivedi int key = 0; 286*04accf79SKumar Kartikeya Dwivedi 287*04accf79SKumar Kartikeya Dwivedi v = bpf_map_lookup_elem(&array_map, &key); 288*04accf79SKumar Kartikeya Dwivedi if (!v) 289*04accf79SKumar Kartikeya Dwivedi return 0; 290*04accf79SKumar Kartikeya Dwivedi 291*04accf79SKumar Kartikeya Dwivedi p = v->ref_ptr; 292*04accf79SKumar Kartikeya Dwivedi if (!p) 293*04accf79SKumar Kartikeya Dwivedi return 0; 294*04accf79SKumar Kartikeya Dwivedi /* Checkmate, clang */ 295*04accf79SKumar Kartikeya Dwivedi *(struct prog_test_ref_kfunc * volatile *)&v->ref_ptr = p; 296*04accf79SKumar Kartikeya Dwivedi return 0; 297*04accf79SKumar Kartikeya Dwivedi } 298*04accf79SKumar Kartikeya Dwivedi 299*04accf79SKumar Kartikeya Dwivedi SEC("?tc") 300*04accf79SKumar Kartikeya Dwivedi int reject_untrusted_xchg(struct __sk_buff *ctx) 301*04accf79SKumar Kartikeya Dwivedi { 302*04accf79SKumar Kartikeya Dwivedi struct prog_test_ref_kfunc *p; 303*04accf79SKumar Kartikeya Dwivedi struct map_value *v; 304*04accf79SKumar Kartikeya Dwivedi int key = 0; 305*04accf79SKumar Kartikeya Dwivedi 306*04accf79SKumar Kartikeya Dwivedi v = bpf_map_lookup_elem(&array_map, &key); 307*04accf79SKumar Kartikeya Dwivedi if (!v) 308*04accf79SKumar Kartikeya Dwivedi return 0; 309*04accf79SKumar Kartikeya Dwivedi 310*04accf79SKumar Kartikeya Dwivedi p = v->ref_ptr; 311*04accf79SKumar Kartikeya Dwivedi if (!p) 312*04accf79SKumar Kartikeya Dwivedi return 0; 313*04accf79SKumar Kartikeya Dwivedi bpf_kptr_xchg(&v->ref_ptr, p); 314*04accf79SKumar Kartikeya Dwivedi return 0; 315*04accf79SKumar Kartikeya Dwivedi } 316*04accf79SKumar Kartikeya Dwivedi 317*04accf79SKumar Kartikeya Dwivedi SEC("?tc") 318*04accf79SKumar Kartikeya Dwivedi int reject_bad_type_xchg(struct __sk_buff *ctx) 319*04accf79SKumar Kartikeya Dwivedi { 320*04accf79SKumar Kartikeya Dwivedi struct prog_test_ref_kfunc *ref_ptr; 321*04accf79SKumar Kartikeya Dwivedi struct map_value *v; 322*04accf79SKumar Kartikeya Dwivedi int key = 0; 323*04accf79SKumar Kartikeya Dwivedi 324*04accf79SKumar Kartikeya Dwivedi v = bpf_map_lookup_elem(&array_map, &key); 325*04accf79SKumar Kartikeya Dwivedi if (!v) 326*04accf79SKumar Kartikeya Dwivedi return 0; 327*04accf79SKumar Kartikeya Dwivedi 328*04accf79SKumar Kartikeya Dwivedi ref_ptr = bpf_kfunc_call_test_acquire(&(unsigned long){0}); 329*04accf79SKumar Kartikeya Dwivedi if (!ref_ptr) 330*04accf79SKumar Kartikeya Dwivedi return 0; 331*04accf79SKumar Kartikeya Dwivedi bpf_kptr_xchg(&v->ref_memb_ptr, ref_ptr); 332*04accf79SKumar Kartikeya Dwivedi return 0; 333*04accf79SKumar Kartikeya Dwivedi } 334*04accf79SKumar Kartikeya Dwivedi 335*04accf79SKumar Kartikeya Dwivedi SEC("?tc") 336*04accf79SKumar Kartikeya Dwivedi int reject_member_of_ref_xchg(struct __sk_buff *ctx) 337*04accf79SKumar Kartikeya Dwivedi { 338*04accf79SKumar Kartikeya Dwivedi struct prog_test_ref_kfunc *ref_ptr; 339*04accf79SKumar Kartikeya Dwivedi struct map_value *v; 340*04accf79SKumar Kartikeya Dwivedi int key = 0; 341*04accf79SKumar Kartikeya Dwivedi 342*04accf79SKumar Kartikeya Dwivedi v = bpf_map_lookup_elem(&array_map, &key); 343*04accf79SKumar Kartikeya Dwivedi if (!v) 344*04accf79SKumar Kartikeya Dwivedi return 0; 345*04accf79SKumar Kartikeya Dwivedi 346*04accf79SKumar Kartikeya Dwivedi ref_ptr = bpf_kfunc_call_test_acquire(&(unsigned long){0}); 347*04accf79SKumar Kartikeya Dwivedi if (!ref_ptr) 348*04accf79SKumar Kartikeya Dwivedi return 0; 349*04accf79SKumar Kartikeya Dwivedi bpf_kptr_xchg(&v->ref_memb_ptr, &ref_ptr->memb); 350*04accf79SKumar Kartikeya Dwivedi return 0; 351*04accf79SKumar Kartikeya Dwivedi } 352*04accf79SKumar Kartikeya Dwivedi 353*04accf79SKumar Kartikeya Dwivedi SEC("?syscall") 354*04accf79SKumar Kartikeya Dwivedi int reject_indirect_helper_access(struct __sk_buff *ctx) 355*04accf79SKumar Kartikeya Dwivedi { 356*04accf79SKumar Kartikeya Dwivedi struct map_value *v; 357*04accf79SKumar Kartikeya Dwivedi int key = 0; 358*04accf79SKumar Kartikeya Dwivedi 359*04accf79SKumar Kartikeya Dwivedi v = bpf_map_lookup_elem(&array_map, &key); 360*04accf79SKumar Kartikeya Dwivedi if (!v) 361*04accf79SKumar Kartikeya Dwivedi return 0; 362*04accf79SKumar Kartikeya Dwivedi 363*04accf79SKumar Kartikeya Dwivedi bpf_get_current_comm(v, sizeof(v->buf) + 1); 364*04accf79SKumar Kartikeya Dwivedi return 0; 365*04accf79SKumar Kartikeya Dwivedi } 366*04accf79SKumar Kartikeya Dwivedi 367*04accf79SKumar Kartikeya Dwivedi __noinline 368*04accf79SKumar Kartikeya Dwivedi int write_func(int *p) 369*04accf79SKumar Kartikeya Dwivedi { 370*04accf79SKumar Kartikeya Dwivedi return p ? *p = 42 : 0; 371*04accf79SKumar Kartikeya Dwivedi } 372*04accf79SKumar Kartikeya Dwivedi 373*04accf79SKumar Kartikeya Dwivedi SEC("?tc") 374*04accf79SKumar Kartikeya Dwivedi int reject_indirect_global_func_access(struct __sk_buff *ctx) 375*04accf79SKumar Kartikeya Dwivedi { 376*04accf79SKumar Kartikeya Dwivedi struct map_value *v; 377*04accf79SKumar Kartikeya Dwivedi int key = 0; 378*04accf79SKumar Kartikeya Dwivedi 379*04accf79SKumar Kartikeya Dwivedi v = bpf_map_lookup_elem(&array_map, &key); 380*04accf79SKumar Kartikeya Dwivedi if (!v) 381*04accf79SKumar Kartikeya Dwivedi return 0; 382*04accf79SKumar Kartikeya Dwivedi 383*04accf79SKumar Kartikeya Dwivedi return write_func((void *)v + 5); 384*04accf79SKumar Kartikeya Dwivedi } 385*04accf79SKumar Kartikeya Dwivedi 386*04accf79SKumar Kartikeya Dwivedi SEC("?tc") 387*04accf79SKumar Kartikeya Dwivedi int kptr_xchg_ref_state(struct __sk_buff *ctx) 388*04accf79SKumar Kartikeya Dwivedi { 389*04accf79SKumar Kartikeya Dwivedi struct prog_test_ref_kfunc *p; 390*04accf79SKumar Kartikeya Dwivedi struct map_value *v; 391*04accf79SKumar Kartikeya Dwivedi int key = 0; 392*04accf79SKumar Kartikeya Dwivedi 393*04accf79SKumar Kartikeya Dwivedi v = bpf_map_lookup_elem(&array_map, &key); 394*04accf79SKumar Kartikeya Dwivedi if (!v) 395*04accf79SKumar Kartikeya Dwivedi return 0; 396*04accf79SKumar Kartikeya Dwivedi 397*04accf79SKumar Kartikeya Dwivedi p = bpf_kfunc_call_test_acquire(&(unsigned long){0}); 398*04accf79SKumar Kartikeya Dwivedi if (!p) 399*04accf79SKumar Kartikeya Dwivedi return 0; 400*04accf79SKumar Kartikeya Dwivedi bpf_kptr_xchg(&v->ref_ptr, p); 401*04accf79SKumar Kartikeya Dwivedi return 0; 402*04accf79SKumar Kartikeya Dwivedi } 403*04accf79SKumar Kartikeya Dwivedi 404*04accf79SKumar Kartikeya Dwivedi SEC("?tc") 405*04accf79SKumar Kartikeya Dwivedi int kptr_get_ref_state(struct __sk_buff *ctx) 406*04accf79SKumar Kartikeya Dwivedi { 407*04accf79SKumar Kartikeya Dwivedi struct map_value *v; 408*04accf79SKumar Kartikeya Dwivedi int key = 0; 409*04accf79SKumar Kartikeya Dwivedi 410*04accf79SKumar Kartikeya Dwivedi v = bpf_map_lookup_elem(&array_map, &key); 411*04accf79SKumar Kartikeya Dwivedi if (!v) 412*04accf79SKumar Kartikeya Dwivedi return 0; 413*04accf79SKumar Kartikeya Dwivedi 414*04accf79SKumar Kartikeya Dwivedi bpf_kfunc_call_test_kptr_get(&v->ref_ptr, 0, 0); 415*04accf79SKumar Kartikeya Dwivedi return 0; 416*04accf79SKumar Kartikeya Dwivedi } 417*04accf79SKumar Kartikeya Dwivedi 418*04accf79SKumar Kartikeya Dwivedi char _license[] SEC("license") = "GPL"; 419