bpf/progs/test_kfunc_dynptr_param.c

b94fa9f9SRoberto Sassu// SPDX-License-Identifier: GPL-2.0
b94fa9f9SRoberto Sassu
b94fa9f9SRoberto Sassu/*
b94fa9f9SRoberto Sassu * Copyright (C) 2022 Huawei Technologies Duesseldorf GmbH
b94fa9f9SRoberto Sassu *
b94fa9f9SRoberto Sassu * Author: Roberto Sassu <roberto.sassu@huawei.com>
b94fa9f9SRoberto Sassu */
b94fa9f9SRoberto Sassu
b94fa9f9SRoberto Sassu#include "vmlinux.h"
b94fa9f9SRoberto Sassu#include <errno.h>
b94fa9f9SRoberto Sassu#include <bpf/bpf_helpers.h>
b94fa9f9SRoberto Sassu#include <bpf/bpf_tracing.h>
8032cad1SJoanne Koong#include "bpf_misc.h"
b94fa9f9SRoberto Sassu
b94fa9f9SRoberto Sassuextern struct bpf_key *bpf_lookup_system_key(__u64 id) __ksym;
b94fa9f9SRoberto Sassuextern void bpf_key_put(struct bpf_key *key) __ksym;
b94fa9f9SRoberto Sassuextern int bpf_verify_pkcs7_signature(struct bpf_dynptr *data_ptr,
b94fa9f9SRoberto Sassu				      struct bpf_dynptr *sig_ptr,
b94fa9f9SRoberto Sassu				      struct bpf_key *trusted_keyring) __ksym;
b94fa9f9SRoberto Sassu
b94fa9f9SRoberto Sassustruct {
b94fa9f9SRoberto Sassu	__uint(type, BPF_MAP_TYPE_RINGBUF);
8032cad1SJoanne Koong	__uint(max_entries, 4096);
b94fa9f9SRoberto Sassu} ringbuf SEC(".maps");
b94fa9f9SRoberto Sassu
b94fa9f9SRoberto Sassustruct {
b94fa9f9SRoberto Sassu	__uint(type, BPF_MAP_TYPE_ARRAY);
b94fa9f9SRoberto Sassu	__uint(max_entries, 1);
b94fa9f9SRoberto Sassu	__type(key, __u32);
b94fa9f9SRoberto Sassu	__type(value, __u32);
b94fa9f9SRoberto Sassu} array_map SEC(".maps");
b94fa9f9SRoberto Sassu
b94fa9f9SRoberto Sassuint err, pid;
b94fa9f9SRoberto Sassu
b94fa9f9SRoberto Sassuchar _license[] SEC("license") = "GPL";
b94fa9f9SRoberto Sassu
b94fa9f9SRoberto SassuSEC("?lsm.s/bpf")
8032cad1SJoanne Koong__failure __msg("cannot pass in dynptr at an offset=-8")
b94fa9f9SRoberto Sassuint BPF_PROG(not_valid_dynptr, int cmd, union bpf_attr *attr, unsigned int size)
b94fa9f9SRoberto Sassu{
b94fa9f9SRoberto Sassu	unsigned long val;
b94fa9f9SRoberto Sassu
b94fa9f9SRoberto Sassu	return bpf_verify_pkcs7_signature((struct bpf_dynptr *)&val,
b94fa9f9SRoberto Sassu					  (struct bpf_dynptr *)&val, NULL);
b94fa9f9SRoberto Sassu}
b94fa9f9SRoberto Sassu
b94fa9f9SRoberto SassuSEC("?lsm.s/bpf")
8032cad1SJoanne Koong__failure __msg("arg#0 expected pointer to stack or dynptr_ptr")
b94fa9f9SRoberto Sassuint BPF_PROG(not_ptr_to_stack, int cmd, union bpf_attr *attr, unsigned int size)
b94fa9f9SRoberto Sassu{
*ec97a76fSDave Marchevsky	unsigned long val = 0;
b94fa9f9SRoberto Sassu
b94fa9f9SRoberto Sassu	return bpf_verify_pkcs7_signature((struct bpf_dynptr *)val,
b94fa9f9SRoberto Sassu					  (struct bpf_dynptr *)val, NULL);
b94fa9f9SRoberto Sassu}
b94fa9f9SRoberto Sassu
b94fa9f9SRoberto SassuSEC("lsm.s/bpf")
b94fa9f9SRoberto Sassuint BPF_PROG(dynptr_data_null, int cmd, union bpf_attr *attr, unsigned int size)
b94fa9f9SRoberto Sassu{
b94fa9f9SRoberto Sassu	struct bpf_key *trusted_keyring;
b94fa9f9SRoberto Sassu	struct bpf_dynptr ptr;
b94fa9f9SRoberto Sassu	__u32 *value;
b94fa9f9SRoberto Sassu	int ret, zero = 0;
b94fa9f9SRoberto Sassu
b94fa9f9SRoberto Sassu	if (bpf_get_current_pid_tgid() >> 32 != pid)
b94fa9f9SRoberto Sassu		return 0;
b94fa9f9SRoberto Sassu
b94fa9f9SRoberto Sassu	value = bpf_map_lookup_elem(&array_map, &zero);
b94fa9f9SRoberto Sassu	if (!value)
b94fa9f9SRoberto Sassu		return 0;
b94fa9f9SRoberto Sassu
b94fa9f9SRoberto Sassu	/* Pass invalid flags. */
b94fa9f9SRoberto Sassu	ret = bpf_dynptr_from_mem(value, sizeof(*value), ((__u64)~0ULL), &ptr);
b94fa9f9SRoberto Sassu	if (ret != -EINVAL)
b94fa9f9SRoberto Sassu		return 0;
b94fa9f9SRoberto Sassu
b94fa9f9SRoberto Sassu	trusted_keyring = bpf_lookup_system_key(0);
b94fa9f9SRoberto Sassu	if (!trusted_keyring)
b94fa9f9SRoberto Sassu		return 0;
b94fa9f9SRoberto Sassu
b94fa9f9SRoberto Sassu	err = bpf_verify_pkcs7_signature(&ptr, &ptr, trusted_keyring);
b94fa9f9SRoberto Sassu
b94fa9f9SRoberto Sassu	bpf_key_put(trusted_keyring);
b94fa9f9SRoberto Sassu
b94fa9f9SRoberto Sassu	return 0;
b94fa9f9SRoberto Sassu}