1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright (c) 2023 Meta Platforms, Inc. and affiliates. */
3 
4 #include <vmlinux.h>
5 #include <bpf/bpf_tracing.h>
6 #include <bpf/bpf_helpers.h>
7 #include "bpf_misc.h"
8 
9 #include "nested_trust_common.h"
10 
11 char _license[] SEC("license") = "GPL";
12 
13 struct {
14 	__uint(type, BPF_MAP_TYPE_SK_STORAGE);
15 	__uint(map_flags, BPF_F_NO_PREALLOC);
16 	__type(key, int);
17 	__type(value, u64);
18 } sk_storage_map SEC(".maps");
19 
20 /* Prototype for all of the program trace events below:
21  *
22  * TRACE_EVENT(task_newtask,
23  *         TP_PROTO(struct task_struct *p, u64 clone_flags)
24  */
25 
26 SEC("tp_btf/task_newtask")
27 __failure __msg("R2 must be")
BPF_PROG(test_invalid_nested_user_cpus,struct task_struct * task,u64 clone_flags)28 int BPF_PROG(test_invalid_nested_user_cpus, struct task_struct *task, u64 clone_flags)
29 {
30 	bpf_cpumask_test_cpu(0, task->user_cpus_ptr);
31 	return 0;
32 }
33 
34 SEC("tp_btf/task_newtask")
35 __failure __msg("R1 must have zero offset when passed to release func or trusted arg to kfunc")
BPF_PROG(test_invalid_nested_offset,struct task_struct * task,u64 clone_flags)36 int BPF_PROG(test_invalid_nested_offset, struct task_struct *task, u64 clone_flags)
37 {
38 	bpf_cpumask_first_zero(&task->cpus_mask);
39 	return 0;
40 }
41 
42 /* Although R2 is of type sk_buff but sock_common is expected, we will hit untrusted ptr first. */
43 SEC("tp_btf/tcp_probe")
44 __failure __msg("R2 type=untrusted_ptr_ expected=ptr_, trusted_ptr_, rcu_ptr_")
BPF_PROG(test_invalid_skb_field,struct sock * sk,struct sk_buff * skb)45 int BPF_PROG(test_invalid_skb_field, struct sock *sk, struct sk_buff *skb)
46 {
47 	bpf_sk_storage_get(&sk_storage_map, skb->next, 0, 0);
48 	return 0;
49 }
50