1 // SPDX-License-Identifier: GPL-2.0-only
2 /* Copyright (c) 2017 Facebook
6 #include <linux/btf_ids.h>
7 #include <linux/slab.h>
8 #include <linux/init.h>
9 #include <linux/vmalloc.h>
10 #include <linux/etherdevice.h>
11 #include <linux/filter.h>
12 #include <linux/rcupdate_trace.h>
13 #include <linux/sched/signal.h>
14 #include <net/bpf_sk_storage.h>
17 #include <net/net_namespace.h>
18 #include <net/page_pool/helpers.h>
19 #include <linux/error-injection.h>
20 #include <linux/smp.h>
21 #include <linux/sock_diag.h>
22 #include <linux/netfilter.h>
23 #include <net/netdev_rx_queue.h>
25 #include <net/netfilter/nf_bpf_link.h>
27 #define CREATE_TRACE_POINTS
28 #include <trace/events/bpf_test_run.h>
30 struct bpf_test_timer {
31 enum { NO_PREEMPT, NO_MIGRATE } mode;
33 u64 time_start, time_spent;
36 static void bpf_test_timer_enter(struct bpf_test_timer *t)
40 if (t->mode == NO_PREEMPT)
45 t->time_start = ktime_get_ns();
48 static void bpf_test_timer_leave(struct bpf_test_timer *t)
53 if (t->mode == NO_PREEMPT)
60 static bool bpf_test_timer_continue(struct bpf_test_timer *t, int iterations,
61 u32 repeat, int *err, u32 *duration)
67 t->time_spent += ktime_get_ns() - t->time_start;
68 do_div(t->time_spent, t->i);
69 *duration = t->time_spent > U32_MAX ? U32_MAX : (u32)t->time_spent;
74 if (signal_pending(current)) {
75 /* During iteration: we've been cancelled, abort. */
81 /* During iteration: we need to reschedule between runs. */
82 t->time_spent += ktime_get_ns() - t->time_start;
83 bpf_test_timer_leave(t);
85 bpf_test_timer_enter(t);
88 /* Do another round. */
96 /* We put this struct at the head of each page with a context and frame
97 * initialised when the page is allocated, so we don't have to do this on each
98 * repetition of the test run.
100 struct xdp_page_head {
101 struct xdp_buff orig_ctx;
104 /* ::data_hard_start starts here */
105 DECLARE_FLEX_ARRAY(struct xdp_frame, frame);
106 DECLARE_FLEX_ARRAY(u8, data);
110 struct xdp_test_data {
111 struct xdp_buff *orig_ctx;
112 struct xdp_rxq_info rxq;
113 struct net_device *dev;
114 struct page_pool *pp;
115 struct xdp_frame **frames;
116 struct sk_buff **skbs;
117 struct xdp_mem_info mem;
122 /* tools/testing/selftests/bpf/prog_tests/xdp_do_redirect.c:%MAX_PKT_SIZE
123 * must be updated accordingly this gets changed, otherwise BPF selftests
126 #define TEST_XDP_FRAME_SIZE (PAGE_SIZE - sizeof(struct xdp_page_head))
127 #define TEST_XDP_MAX_BATCH 256
129 static void xdp_test_run_init_page(struct page *page, void *arg)
131 struct xdp_page_head *head = phys_to_virt(page_to_phys(page));
132 struct xdp_buff *new_ctx, *orig_ctx;
133 u32 headroom = XDP_PACKET_HEADROOM;
134 struct xdp_test_data *xdp = arg;
135 size_t frm_len, meta_len;
136 struct xdp_frame *frm;
139 orig_ctx = xdp->orig_ctx;
140 frm_len = orig_ctx->data_end - orig_ctx->data_meta;
141 meta_len = orig_ctx->data - orig_ctx->data_meta;
142 headroom -= meta_len;
144 new_ctx = &head->ctx;
147 memcpy(data + headroom, orig_ctx->data_meta, frm_len);
149 xdp_init_buff(new_ctx, TEST_XDP_FRAME_SIZE, &xdp->rxq);
150 xdp_prepare_buff(new_ctx, data, headroom, frm_len, true);
151 new_ctx->data = new_ctx->data_meta + meta_len;
153 xdp_update_frame_from_buff(new_ctx, frm);
154 frm->mem = new_ctx->rxq->mem;
156 memcpy(&head->orig_ctx, new_ctx, sizeof(head->orig_ctx));
159 static int xdp_test_run_setup(struct xdp_test_data *xdp, struct xdp_buff *orig_ctx)
161 struct page_pool *pp;
163 struct page_pool_params pp_params = {
166 .pool_size = xdp->batch_size,
168 .init_callback = xdp_test_run_init_page,
172 xdp->frames = kvmalloc_array(xdp->batch_size, sizeof(void *), GFP_KERNEL);
176 xdp->skbs = kvmalloc_array(xdp->batch_size, sizeof(void *), GFP_KERNEL);
180 pp = page_pool_create(&pp_params);
186 /* will copy 'mem.id' into pp->xdp_mem_id */
187 err = xdp_reg_mem_model(&xdp->mem, MEM_TYPE_PAGE_POOL, pp);
193 /* We create a 'fake' RXQ referencing the original dev, but with an
194 * xdp_mem_info pointing to our page_pool
196 xdp_rxq_info_reg(&xdp->rxq, orig_ctx->rxq->dev, 0, 0);
197 xdp->rxq.mem.type = MEM_TYPE_PAGE_POOL;
198 xdp->rxq.mem.id = pp->xdp_mem_id;
199 xdp->dev = orig_ctx->rxq->dev;
200 xdp->orig_ctx = orig_ctx;
205 page_pool_destroy(pp);
213 static void xdp_test_run_teardown(struct xdp_test_data *xdp)
215 xdp_unreg_mem_model(&xdp->mem);
216 page_pool_destroy(xdp->pp);
221 static bool frame_was_changed(const struct xdp_page_head *head)
223 /* xdp_scrub_frame() zeroes the data pointer, flags is the last field,
224 * i.e. has the highest chances to be overwritten. If those two are
225 * untouched, it's most likely safe to skip the context reset.
227 return head->frame->data != head->orig_ctx.data ||
228 head->frame->flags != head->orig_ctx.flags;
231 static bool ctx_was_changed(struct xdp_page_head *head)
233 return head->orig_ctx.data != head->ctx.data ||
234 head->orig_ctx.data_meta != head->ctx.data_meta ||
235 head->orig_ctx.data_end != head->ctx.data_end;
238 static void reset_ctx(struct xdp_page_head *head)
240 if (likely(!frame_was_changed(head) && !ctx_was_changed(head)))
243 head->ctx.data = head->orig_ctx.data;
244 head->ctx.data_meta = head->orig_ctx.data_meta;
245 head->ctx.data_end = head->orig_ctx.data_end;
246 xdp_update_frame_from_buff(&head->ctx, head->frame);
249 static int xdp_recv_frames(struct xdp_frame **frames, int nframes,
250 struct sk_buff **skbs,
251 struct net_device *dev)
253 gfp_t gfp = __GFP_ZERO | GFP_ATOMIC;
257 n = kmem_cache_alloc_bulk(skbuff_cache, gfp, nframes, (void **)skbs);
258 if (unlikely(n == 0)) {
259 for (i = 0; i < nframes; i++)
260 xdp_return_frame(frames[i]);
264 for (i = 0; i < nframes; i++) {
265 struct xdp_frame *xdpf = frames[i];
266 struct sk_buff *skb = skbs[i];
268 skb = __xdp_build_skb_from_frame(xdpf, skb, dev);
270 xdp_return_frame(xdpf);
274 list_add_tail(&skb->list, &list);
276 netif_receive_skb_list(&list);
281 static int xdp_test_run_batch(struct xdp_test_data *xdp, struct bpf_prog *prog,
284 struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info);
285 int err = 0, act, ret, i, nframes = 0, batch_sz;
286 struct xdp_frame **frames = xdp->frames;
287 struct xdp_page_head *head;
288 struct xdp_frame *frm;
289 bool redirect = false;
290 struct xdp_buff *ctx;
293 batch_sz = min_t(u32, repeat, xdp->batch_size);
296 xdp_set_return_frame_no_direct();
298 for (i = 0; i < batch_sz; i++) {
299 page = page_pool_dev_alloc_pages(xdp->pp);
305 head = phys_to_virt(page_to_phys(page));
311 act = bpf_prog_run_xdp(prog, ctx);
313 /* if program changed pkt bounds we need to update the xdp_frame */
314 if (unlikely(ctx_was_changed(head))) {
315 ret = xdp_update_frame_from_buff(ctx, frm);
317 xdp_return_buff(ctx);
324 /* we can't do a real XDP_TX since we're not in the
325 * driver, so turn it into a REDIRECT back to the same
328 ri->tgt_index = xdp->dev->ifindex;
329 ri->map_id = INT_MAX;
330 ri->map_type = BPF_MAP_TYPE_UNSPEC;
334 ret = xdp_do_redirect_frame(xdp->dev, ctx, frm, prog);
336 xdp_return_buff(ctx);
339 frames[nframes++] = frm;
342 bpf_warn_invalid_xdp_action(NULL, prog, act);
345 xdp_return_buff(ctx);
354 ret = xdp_recv_frames(frames, nframes, xdp->skbs, xdp->dev);
359 xdp_clear_return_frame_no_direct();
364 static int bpf_test_run_xdp_live(struct bpf_prog *prog, struct xdp_buff *ctx,
365 u32 repeat, u32 batch_size, u32 *time)
368 struct xdp_test_data xdp = { .batch_size = batch_size };
369 struct bpf_test_timer t = { .mode = NO_MIGRATE };
375 ret = xdp_test_run_setup(&xdp, ctx);
379 bpf_test_timer_enter(&t);
382 ret = xdp_test_run_batch(&xdp, prog, repeat - t.i);
383 if (unlikely(ret < 0))
385 } while (bpf_test_timer_continue(&t, xdp.frame_cnt, repeat, &ret, time));
386 bpf_test_timer_leave(&t);
388 xdp_test_run_teardown(&xdp);
392 static int bpf_test_run(struct bpf_prog *prog, void *ctx, u32 repeat,
393 u32 *retval, u32 *time, bool xdp)
395 struct bpf_prog_array_item item = {.prog = prog};
396 struct bpf_run_ctx *old_ctx;
397 struct bpf_cg_run_ctx run_ctx;
398 struct bpf_test_timer t = { NO_MIGRATE };
399 enum bpf_cgroup_storage_type stype;
402 for_each_cgroup_storage_type(stype) {
403 item.cgroup_storage[stype] = bpf_cgroup_storage_alloc(prog, stype);
404 if (IS_ERR(item.cgroup_storage[stype])) {
405 item.cgroup_storage[stype] = NULL;
406 for_each_cgroup_storage_type(stype)
407 bpf_cgroup_storage_free(item.cgroup_storage[stype]);
415 bpf_test_timer_enter(&t);
416 old_ctx = bpf_set_run_ctx(&run_ctx.run_ctx);
418 run_ctx.prog_item = &item;
421 *retval = bpf_prog_run_xdp(prog, ctx);
423 *retval = bpf_prog_run(prog, ctx);
425 } while (bpf_test_timer_continue(&t, 1, repeat, &ret, time));
426 bpf_reset_run_ctx(old_ctx);
427 bpf_test_timer_leave(&t);
429 for_each_cgroup_storage_type(stype)
430 bpf_cgroup_storage_free(item.cgroup_storage[stype]);
435 static int bpf_test_finish(const union bpf_attr *kattr,
436 union bpf_attr __user *uattr, const void *data,
437 struct skb_shared_info *sinfo, u32 size,
438 u32 retval, u32 duration)
440 void __user *data_out = u64_to_user_ptr(kattr->test.data_out);
442 u32 copy_size = size;
444 /* Clamp copy if the user has provided a size hint, but copy the full
445 * buffer if not to retain old behaviour.
447 if (kattr->test.data_size_out &&
448 copy_size > kattr->test.data_size_out) {
449 copy_size = kattr->test.data_size_out;
454 int len = sinfo ? copy_size - sinfo->xdp_frags_size : copy_size;
461 if (copy_to_user(data_out, data, len))
468 for (i = 0; i < sinfo->nr_frags; i++) {
469 skb_frag_t *frag = &sinfo->frags[i];
471 if (offset >= copy_size) {
476 data_len = min_t(u32, copy_size - offset,
477 skb_frag_size(frag));
479 if (copy_to_user(data_out + offset,
480 skb_frag_address(frag),
489 if (copy_to_user(&uattr->test.data_size_out, &size, sizeof(size)))
491 if (copy_to_user(&uattr->test.retval, &retval, sizeof(retval)))
493 if (copy_to_user(&uattr->test.duration, &duration, sizeof(duration)))
498 trace_bpf_test_finish(&err);
502 /* Integer types of various sizes and pointer combinations cover variety of
503 * architecture dependent calling conventions. 7+ can be supported in the
506 __bpf_kfunc_start_defs();
508 __bpf_kfunc int bpf_fentry_test1(int a)
512 EXPORT_SYMBOL_GPL(bpf_fentry_test1);
514 int noinline bpf_fentry_test2(int a, u64 b)
519 int noinline bpf_fentry_test3(char a, int b, u64 c)
524 int noinline bpf_fentry_test4(void *a, char b, int c, u64 d)
526 return (long)a + b + c + d;
529 int noinline bpf_fentry_test5(u64 a, void *b, short c, int d, u64 e)
531 return a + (long)b + c + d + e;
534 int noinline bpf_fentry_test6(u64 a, void *b, short c, int d, void *e, u64 f)
536 return a + (long)b + c + d + (long)e + f;
539 struct bpf_fentry_test_t {
540 struct bpf_fentry_test_t *a;
543 int noinline bpf_fentry_test7(struct bpf_fentry_test_t *arg)
545 asm volatile ("": "+r"(arg));
549 int noinline bpf_fentry_test8(struct bpf_fentry_test_t *arg)
554 __bpf_kfunc u32 bpf_fentry_test9(u32 *a)
559 void noinline bpf_fentry_test_sinfo(struct skb_shared_info *sinfo)
563 __bpf_kfunc int bpf_modify_return_test(int a, int *b)
569 __bpf_kfunc int bpf_modify_return_test2(int a, int *b, short c, int d,
570 void *e, char f, int g)
573 return a + *b + c + d + (long)e + f + g;
576 int noinline bpf_fentry_shadow_test(int a)
581 struct prog_test_member1 {
585 struct prog_test_member {
586 struct prog_test_member1 m;
590 struct prog_test_ref_kfunc {
593 struct prog_test_member memb;
594 struct prog_test_ref_kfunc *next;
598 __bpf_kfunc void bpf_kfunc_call_test_release(struct prog_test_ref_kfunc *p)
600 refcount_dec(&p->cnt);
603 __bpf_kfunc void bpf_kfunc_call_test_release_dtor(void *p)
605 bpf_kfunc_call_test_release(p);
607 CFI_NOSEAL(bpf_kfunc_call_test_release_dtor);
609 __bpf_kfunc void bpf_kfunc_call_memb_release(struct prog_test_member *p)
613 __bpf_kfunc void bpf_kfunc_call_memb_release_dtor(void *p)
616 CFI_NOSEAL(bpf_kfunc_call_memb_release_dtor);
618 __bpf_kfunc_end_defs();
620 BTF_SET8_START(bpf_test_modify_return_ids)
621 BTF_ID_FLAGS(func, bpf_modify_return_test)
622 BTF_ID_FLAGS(func, bpf_modify_return_test2)
623 BTF_ID_FLAGS(func, bpf_fentry_test1, KF_SLEEPABLE)
624 BTF_SET8_END(bpf_test_modify_return_ids)
626 static const struct btf_kfunc_id_set bpf_test_modify_return_set = {
627 .owner = THIS_MODULE,
628 .set = &bpf_test_modify_return_ids,
631 BTF_SET8_START(test_sk_check_kfunc_ids)
632 BTF_ID_FLAGS(func, bpf_kfunc_call_test_release, KF_RELEASE)
633 BTF_ID_FLAGS(func, bpf_kfunc_call_memb_release, KF_RELEASE)
634 BTF_SET8_END(test_sk_check_kfunc_ids)
636 static void *bpf_test_init(const union bpf_attr *kattr, u32 user_size,
637 u32 size, u32 headroom, u32 tailroom)
639 void __user *data_in = u64_to_user_ptr(kattr->test.data_in);
642 if (size < ETH_HLEN || size > PAGE_SIZE - headroom - tailroom)
643 return ERR_PTR(-EINVAL);
645 if (user_size > size)
646 return ERR_PTR(-EMSGSIZE);
648 size = SKB_DATA_ALIGN(size);
649 data = kzalloc(size + headroom + tailroom, GFP_USER);
651 return ERR_PTR(-ENOMEM);
653 if (copy_from_user(data + headroom, data_in, user_size)) {
655 return ERR_PTR(-EFAULT);
661 int bpf_prog_test_run_tracing(struct bpf_prog *prog,
662 const union bpf_attr *kattr,
663 union bpf_attr __user *uattr)
665 struct bpf_fentry_test_t arg = {};
666 u16 side_effect = 0, ret = 0;
667 int b = 2, err = -EFAULT;
670 if (kattr->test.flags || kattr->test.cpu || kattr->test.batch_size)
673 switch (prog->expected_attach_type) {
674 case BPF_TRACE_FENTRY:
675 case BPF_TRACE_FEXIT:
676 if (bpf_fentry_test1(1) != 2 ||
677 bpf_fentry_test2(2, 3) != 5 ||
678 bpf_fentry_test3(4, 5, 6) != 15 ||
679 bpf_fentry_test4((void *)7, 8, 9, 10) != 34 ||
680 bpf_fentry_test5(11, (void *)12, 13, 14, 15) != 65 ||
681 bpf_fentry_test6(16, (void *)17, 18, 19, (void *)20, 21) != 111 ||
682 bpf_fentry_test7((struct bpf_fentry_test_t *)0) != 0 ||
683 bpf_fentry_test8(&arg) != 0 ||
684 bpf_fentry_test9(&retval) != 0)
687 case BPF_MODIFY_RETURN:
688 ret = bpf_modify_return_test(1, &b);
692 ret += bpf_modify_return_test2(1, &b, 3, 4, (void *)5, 6, 7);
700 retval = ((u32)side_effect << 16) | ret;
701 if (copy_to_user(&uattr->test.retval, &retval, sizeof(retval)))
706 trace_bpf_test_finish(&err);
710 struct bpf_raw_tp_test_run_info {
711 struct bpf_prog *prog;
717 __bpf_prog_test_run_raw_tp(void *data)
719 struct bpf_raw_tp_test_run_info *info = data;
722 info->retval = bpf_prog_run(info->prog, info->ctx);
726 int bpf_prog_test_run_raw_tp(struct bpf_prog *prog,
727 const union bpf_attr *kattr,
728 union bpf_attr __user *uattr)
730 void __user *ctx_in = u64_to_user_ptr(kattr->test.ctx_in);
731 __u32 ctx_size_in = kattr->test.ctx_size_in;
732 struct bpf_raw_tp_test_run_info info;
733 int cpu = kattr->test.cpu, err = 0;
736 /* doesn't support data_in/out, ctx_out, duration, or repeat */
737 if (kattr->test.data_in || kattr->test.data_out ||
738 kattr->test.ctx_out || kattr->test.duration ||
739 kattr->test.repeat || kattr->test.batch_size)
742 if (ctx_size_in < prog->aux->max_ctx_offset ||
743 ctx_size_in > MAX_BPF_FUNC_ARGS * sizeof(u64))
746 if ((kattr->test.flags & BPF_F_TEST_RUN_ON_CPU) == 0 && cpu != 0)
750 info.ctx = memdup_user(ctx_in, ctx_size_in);
751 if (IS_ERR(info.ctx))
752 return PTR_ERR(info.ctx);
759 current_cpu = get_cpu();
760 if ((kattr->test.flags & BPF_F_TEST_RUN_ON_CPU) == 0 ||
761 cpu == current_cpu) {
762 __bpf_prog_test_run_raw_tp(&info);
763 } else if (cpu >= nr_cpu_ids || !cpu_online(cpu)) {
764 /* smp_call_function_single() also checks cpu_online()
765 * after csd_lock(). However, since cpu is from user
766 * space, let's do an extra quick check to filter out
767 * invalid value before smp_call_function_single().
771 err = smp_call_function_single(cpu, __bpf_prog_test_run_raw_tp,
777 copy_to_user(&uattr->test.retval, &info.retval, sizeof(u32)))
784 static void *bpf_ctx_init(const union bpf_attr *kattr, u32 max_size)
786 void __user *data_in = u64_to_user_ptr(kattr->test.ctx_in);
787 void __user *data_out = u64_to_user_ptr(kattr->test.ctx_out);
788 u32 size = kattr->test.ctx_size_in;
792 if (!data_in && !data_out)
795 data = kzalloc(max_size, GFP_USER);
797 return ERR_PTR(-ENOMEM);
800 err = bpf_check_uarg_tail_zero(USER_BPFPTR(data_in), max_size, size);
806 size = min_t(u32, max_size, size);
807 if (copy_from_user(data, data_in, size)) {
809 return ERR_PTR(-EFAULT);
815 static int bpf_ctx_finish(const union bpf_attr *kattr,
816 union bpf_attr __user *uattr, const void *data,
819 void __user *data_out = u64_to_user_ptr(kattr->test.ctx_out);
821 u32 copy_size = size;
823 if (!data || !data_out)
826 if (copy_size > kattr->test.ctx_size_out) {
827 copy_size = kattr->test.ctx_size_out;
831 if (copy_to_user(data_out, data, copy_size))
833 if (copy_to_user(&uattr->test.ctx_size_out, &size, sizeof(size)))
842 * range_is_zero - test whether buffer is initialized
843 * @buf: buffer to check
844 * @from: check from this position
845 * @to: check up until (excluding) this position
847 * This function returns true if the there is a non-zero byte
848 * in the buf in the range [from,to).
850 static inline bool range_is_zero(void *buf, size_t from, size_t to)
852 return !memchr_inv((u8 *)buf + from, 0, to - from);
855 static int convert___skb_to_skb(struct sk_buff *skb, struct __sk_buff *__skb)
857 struct qdisc_skb_cb *cb = (struct qdisc_skb_cb *)skb->cb;
862 /* make sure the fields we don't use are zeroed */
863 if (!range_is_zero(__skb, 0, offsetof(struct __sk_buff, mark)))
866 /* mark is allowed */
868 if (!range_is_zero(__skb, offsetofend(struct __sk_buff, mark),
869 offsetof(struct __sk_buff, priority)))
872 /* priority is allowed */
873 /* ingress_ifindex is allowed */
874 /* ifindex is allowed */
876 if (!range_is_zero(__skb, offsetofend(struct __sk_buff, ifindex),
877 offsetof(struct __sk_buff, cb)))
882 if (!range_is_zero(__skb, offsetofend(struct __sk_buff, cb),
883 offsetof(struct __sk_buff, tstamp)))
886 /* tstamp is allowed */
887 /* wire_len is allowed */
888 /* gso_segs is allowed */
890 if (!range_is_zero(__skb, offsetofend(struct __sk_buff, gso_segs),
891 offsetof(struct __sk_buff, gso_size)))
894 /* gso_size is allowed */
896 if (!range_is_zero(__skb, offsetofend(struct __sk_buff, gso_size),
897 offsetof(struct __sk_buff, hwtstamp)))
900 /* hwtstamp is allowed */
902 if (!range_is_zero(__skb, offsetofend(struct __sk_buff, hwtstamp),
903 sizeof(struct __sk_buff)))
906 skb->mark = __skb->mark;
907 skb->priority = __skb->priority;
908 skb->skb_iif = __skb->ingress_ifindex;
909 skb->tstamp = __skb->tstamp;
910 memcpy(&cb->data, __skb->cb, QDISC_CB_PRIV_LEN);
912 if (__skb->wire_len == 0) {
913 cb->pkt_len = skb->len;
915 if (__skb->wire_len < skb->len ||
916 __skb->wire_len > GSO_LEGACY_MAX_SIZE)
918 cb->pkt_len = __skb->wire_len;
921 if (__skb->gso_segs > GSO_MAX_SEGS)
923 skb_shinfo(skb)->gso_segs = __skb->gso_segs;
924 skb_shinfo(skb)->gso_size = __skb->gso_size;
925 skb_shinfo(skb)->hwtstamps.hwtstamp = __skb->hwtstamp;
930 static void convert_skb_to___skb(struct sk_buff *skb, struct __sk_buff *__skb)
932 struct qdisc_skb_cb *cb = (struct qdisc_skb_cb *)skb->cb;
937 __skb->mark = skb->mark;
938 __skb->priority = skb->priority;
939 __skb->ingress_ifindex = skb->skb_iif;
940 __skb->ifindex = skb->dev->ifindex;
941 __skb->tstamp = skb->tstamp;
942 memcpy(__skb->cb, &cb->data, QDISC_CB_PRIV_LEN);
943 __skb->wire_len = cb->pkt_len;
944 __skb->gso_segs = skb_shinfo(skb)->gso_segs;
945 __skb->hwtstamp = skb_shinfo(skb)->hwtstamps.hwtstamp;
948 static struct proto bpf_dummy_proto = {
950 .owner = THIS_MODULE,
951 .obj_size = sizeof(struct sock),
954 int bpf_prog_test_run_skb(struct bpf_prog *prog, const union bpf_attr *kattr,
955 union bpf_attr __user *uattr)
957 bool is_l2 = false, is_direct_pkt_access = false;
958 struct net *net = current->nsproxy->net_ns;
959 struct net_device *dev = net->loopback_dev;
960 u32 size = kattr->test.data_size_in;
961 u32 repeat = kattr->test.repeat;
962 struct __sk_buff *ctx = NULL;
963 u32 retval, duration;
964 int hh_len = ETH_HLEN;
970 if (kattr->test.flags || kattr->test.cpu || kattr->test.batch_size)
973 data = bpf_test_init(kattr, kattr->test.data_size_in,
974 size, NET_SKB_PAD + NET_IP_ALIGN,
975 SKB_DATA_ALIGN(sizeof(struct skb_shared_info)));
977 return PTR_ERR(data);
979 ctx = bpf_ctx_init(kattr, sizeof(struct __sk_buff));
985 switch (prog->type) {
986 case BPF_PROG_TYPE_SCHED_CLS:
987 case BPF_PROG_TYPE_SCHED_ACT:
990 case BPF_PROG_TYPE_LWT_IN:
991 case BPF_PROG_TYPE_LWT_OUT:
992 case BPF_PROG_TYPE_LWT_XMIT:
993 is_direct_pkt_access = true;
999 sk = sk_alloc(net, AF_UNSPEC, GFP_USER, &bpf_dummy_proto, 1);
1005 sock_init_data(NULL, sk);
1007 skb = slab_build_skb(data);
1016 skb_reserve(skb, NET_SKB_PAD + NET_IP_ALIGN);
1017 __skb_put(skb, size);
1018 if (ctx && ctx->ifindex > 1) {
1019 dev = dev_get_by_index(net, ctx->ifindex);
1025 skb->protocol = eth_type_trans(skb, dev);
1026 skb_reset_network_header(skb);
1028 switch (skb->protocol) {
1029 case htons(ETH_P_IP):
1030 sk->sk_family = AF_INET;
1031 if (sizeof(struct iphdr) <= skb_headlen(skb)) {
1032 sk->sk_rcv_saddr = ip_hdr(skb)->saddr;
1033 sk->sk_daddr = ip_hdr(skb)->daddr;
1036 #if IS_ENABLED(CONFIG_IPV6)
1037 case htons(ETH_P_IPV6):
1038 sk->sk_family = AF_INET6;
1039 if (sizeof(struct ipv6hdr) <= skb_headlen(skb)) {
1040 sk->sk_v6_rcv_saddr = ipv6_hdr(skb)->saddr;
1041 sk->sk_v6_daddr = ipv6_hdr(skb)->daddr;
1050 __skb_push(skb, hh_len);
1051 if (is_direct_pkt_access)
1052 bpf_compute_data_pointers(skb);
1053 ret = convert___skb_to_skb(skb, ctx);
1056 ret = bpf_test_run(prog, skb, repeat, &retval, &duration, false);
1060 if (skb_headroom(skb) < hh_len) {
1061 int nhead = HH_DATA_ALIGN(hh_len - skb_headroom(skb));
1063 if (pskb_expand_head(skb, nhead, 0, GFP_USER)) {
1068 memset(__skb_push(skb, hh_len), 0, hh_len);
1070 convert_skb_to___skb(skb, ctx);
1073 /* bpf program can never convert linear skb to non-linear */
1074 if (WARN_ON_ONCE(skb_is_nonlinear(skb)))
1075 size = skb_headlen(skb);
1076 ret = bpf_test_finish(kattr, uattr, skb->data, NULL, size, retval,
1079 ret = bpf_ctx_finish(kattr, uattr, ctx,
1080 sizeof(struct __sk_buff));
1082 if (dev && dev != net->loopback_dev)
1090 static int xdp_convert_md_to_buff(struct xdp_md *xdp_md, struct xdp_buff *xdp)
1092 unsigned int ingress_ifindex, rx_queue_index;
1093 struct netdev_rx_queue *rxqueue;
1094 struct net_device *device;
1099 if (xdp_md->egress_ifindex != 0)
1102 ingress_ifindex = xdp_md->ingress_ifindex;
1103 rx_queue_index = xdp_md->rx_queue_index;
1105 if (!ingress_ifindex && rx_queue_index)
1108 if (ingress_ifindex) {
1109 device = dev_get_by_index(current->nsproxy->net_ns,
1114 if (rx_queue_index >= device->real_num_rx_queues)
1117 rxqueue = __netif_get_rx_queue(device, rx_queue_index);
1119 if (!xdp_rxq_info_is_reg(&rxqueue->xdp_rxq))
1122 xdp->rxq = &rxqueue->xdp_rxq;
1123 /* The device is now tracked in the xdp->rxq for later
1128 xdp->data = xdp->data_meta + xdp_md->data;
1136 static void xdp_convert_buff_to_md(struct xdp_buff *xdp, struct xdp_md *xdp_md)
1141 xdp_md->data = xdp->data - xdp->data_meta;
1142 xdp_md->data_end = xdp->data_end - xdp->data_meta;
1144 if (xdp_md->ingress_ifindex)
1145 dev_put(xdp->rxq->dev);
1148 int bpf_prog_test_run_xdp(struct bpf_prog *prog, const union bpf_attr *kattr,
1149 union bpf_attr __user *uattr)
1151 bool do_live = (kattr->test.flags & BPF_F_TEST_XDP_LIVE_FRAMES);
1152 u32 tailroom = SKB_DATA_ALIGN(sizeof(struct skb_shared_info));
1153 u32 batch_size = kattr->test.batch_size;
1154 u32 retval = 0, duration, max_data_sz;
1155 u32 size = kattr->test.data_size_in;
1156 u32 headroom = XDP_PACKET_HEADROOM;
1157 u32 repeat = kattr->test.repeat;
1158 struct netdev_rx_queue *rxqueue;
1159 struct skb_shared_info *sinfo;
1160 struct xdp_buff xdp = {};
1161 int i, ret = -EINVAL;
1165 if (prog->expected_attach_type == BPF_XDP_DEVMAP ||
1166 prog->expected_attach_type == BPF_XDP_CPUMAP)
1169 if (kattr->test.flags & ~BPF_F_TEST_XDP_LIVE_FRAMES)
1172 if (bpf_prog_is_dev_bound(prog->aux))
1177 batch_size = NAPI_POLL_WEIGHT;
1178 else if (batch_size > TEST_XDP_MAX_BATCH)
1181 headroom += sizeof(struct xdp_page_head);
1182 } else if (batch_size) {
1186 ctx = bpf_ctx_init(kattr, sizeof(struct xdp_md));
1188 return PTR_ERR(ctx);
1191 /* There can't be user provided data before the meta data */
1192 if (ctx->data_meta || ctx->data_end != size ||
1193 ctx->data > ctx->data_end ||
1194 unlikely(xdp_metalen_invalid(ctx->data)) ||
1195 (do_live && (kattr->test.data_out || kattr->test.ctx_out)))
1197 /* Meta data is allocated from the headroom */
1198 headroom -= ctx->data;
1201 max_data_sz = 4096 - headroom - tailroom;
1202 if (size > max_data_sz) {
1203 /* disallow live data mode for jumbo frames */
1209 data = bpf_test_init(kattr, size, max_data_sz, headroom, tailroom);
1211 ret = PTR_ERR(data);
1215 rxqueue = __netif_get_rx_queue(current->nsproxy->net_ns->loopback_dev, 0);
1216 rxqueue->xdp_rxq.frag_size = headroom + max_data_sz + tailroom;
1217 xdp_init_buff(&xdp, rxqueue->xdp_rxq.frag_size, &rxqueue->xdp_rxq);
1218 xdp_prepare_buff(&xdp, data, headroom, size, true);
1219 sinfo = xdp_get_shared_info_from_buff(&xdp);
1221 ret = xdp_convert_md_to_buff(ctx, &xdp);
1225 if (unlikely(kattr->test.data_size_in > size)) {
1226 void __user *data_in = u64_to_user_ptr(kattr->test.data_in);
1228 while (size < kattr->test.data_size_in) {
1233 if (sinfo->nr_frags == MAX_SKB_FRAGS) {
1238 page = alloc_page(GFP_KERNEL);
1244 frag = &sinfo->frags[sinfo->nr_frags++];
1246 data_len = min_t(u32, kattr->test.data_size_in - size,
1248 skb_frag_fill_page_desc(frag, page, 0, data_len);
1250 if (copy_from_user(page_address(page), data_in + size,
1255 sinfo->xdp_frags_size += data_len;
1258 xdp_buff_set_frags_flag(&xdp);
1262 bpf_prog_change_xdp(NULL, prog);
1265 ret = bpf_test_run_xdp_live(prog, &xdp, repeat, batch_size, &duration);
1267 ret = bpf_test_run(prog, &xdp, repeat, &retval, &duration, true);
1268 /* We convert the xdp_buff back to an xdp_md before checking the return
1269 * code so the reference count of any held netdevice will be decremented
1270 * even if the test run failed.
1272 xdp_convert_buff_to_md(&xdp, ctx);
1276 size = xdp.data_end - xdp.data_meta + sinfo->xdp_frags_size;
1277 ret = bpf_test_finish(kattr, uattr, xdp.data_meta, sinfo, size,
1280 ret = bpf_ctx_finish(kattr, uattr, ctx,
1281 sizeof(struct xdp_md));
1285 bpf_prog_change_xdp(prog, NULL);
1287 for (i = 0; i < sinfo->nr_frags; i++)
1288 __free_page(skb_frag_page(&sinfo->frags[i]));
1295 static int verify_user_bpf_flow_keys(struct bpf_flow_keys *ctx)
1297 /* make sure the fields we don't use are zeroed */
1298 if (!range_is_zero(ctx, 0, offsetof(struct bpf_flow_keys, flags)))
1301 /* flags is allowed */
1303 if (!range_is_zero(ctx, offsetofend(struct bpf_flow_keys, flags),
1304 sizeof(struct bpf_flow_keys)))
1310 int bpf_prog_test_run_flow_dissector(struct bpf_prog *prog,
1311 const union bpf_attr *kattr,
1312 union bpf_attr __user *uattr)
1314 struct bpf_test_timer t = { NO_PREEMPT };
1315 u32 size = kattr->test.data_size_in;
1316 struct bpf_flow_dissector ctx = {};
1317 u32 repeat = kattr->test.repeat;
1318 struct bpf_flow_keys *user_ctx;
1319 struct bpf_flow_keys flow_keys;
1320 const struct ethhdr *eth;
1321 unsigned int flags = 0;
1322 u32 retval, duration;
1326 if (kattr->test.flags || kattr->test.cpu || kattr->test.batch_size)
1329 if (size < ETH_HLEN)
1332 data = bpf_test_init(kattr, kattr->test.data_size_in, size, 0, 0);
1334 return PTR_ERR(data);
1336 eth = (struct ethhdr *)data;
1341 user_ctx = bpf_ctx_init(kattr, sizeof(struct bpf_flow_keys));
1342 if (IS_ERR(user_ctx)) {
1344 return PTR_ERR(user_ctx);
1347 ret = verify_user_bpf_flow_keys(user_ctx);
1350 flags = user_ctx->flags;
1353 ctx.flow_keys = &flow_keys;
1355 ctx.data_end = (__u8 *)data + size;
1357 bpf_test_timer_enter(&t);
1359 retval = bpf_flow_dissect(prog, &ctx, eth->h_proto, ETH_HLEN,
1361 } while (bpf_test_timer_continue(&t, 1, repeat, &ret, &duration));
1362 bpf_test_timer_leave(&t);
1367 ret = bpf_test_finish(kattr, uattr, &flow_keys, NULL,
1368 sizeof(flow_keys), retval, duration);
1370 ret = bpf_ctx_finish(kattr, uattr, user_ctx,
1371 sizeof(struct bpf_flow_keys));
1379 int bpf_prog_test_run_sk_lookup(struct bpf_prog *prog, const union bpf_attr *kattr,
1380 union bpf_attr __user *uattr)
1382 struct bpf_test_timer t = { NO_PREEMPT };
1383 struct bpf_prog_array *progs = NULL;
1384 struct bpf_sk_lookup_kern ctx = {};
1385 u32 repeat = kattr->test.repeat;
1386 struct bpf_sk_lookup *user_ctx;
1387 u32 retval, duration;
1390 if (kattr->test.flags || kattr->test.cpu || kattr->test.batch_size)
1393 if (kattr->test.data_in || kattr->test.data_size_in || kattr->test.data_out ||
1394 kattr->test.data_size_out)
1400 user_ctx = bpf_ctx_init(kattr, sizeof(*user_ctx));
1401 if (IS_ERR(user_ctx))
1402 return PTR_ERR(user_ctx);
1410 if (!range_is_zero(user_ctx, offsetofend(typeof(*user_ctx), local_port), sizeof(*user_ctx)))
1413 if (user_ctx->local_port > U16_MAX) {
1418 ctx.family = (u16)user_ctx->family;
1419 ctx.protocol = (u16)user_ctx->protocol;
1420 ctx.dport = (u16)user_ctx->local_port;
1421 ctx.sport = user_ctx->remote_port;
1423 switch (ctx.family) {
1425 ctx.v4.daddr = (__force __be32)user_ctx->local_ip4;
1426 ctx.v4.saddr = (__force __be32)user_ctx->remote_ip4;
1429 #if IS_ENABLED(CONFIG_IPV6)
1431 ctx.v6.daddr = (struct in6_addr *)user_ctx->local_ip6;
1432 ctx.v6.saddr = (struct in6_addr *)user_ctx->remote_ip6;
1437 ret = -EAFNOSUPPORT;
1441 progs = bpf_prog_array_alloc(1, GFP_KERNEL);
1447 progs->items[0].prog = prog;
1449 bpf_test_timer_enter(&t);
1451 ctx.selected_sk = NULL;
1452 retval = BPF_PROG_SK_LOOKUP_RUN_ARRAY(progs, ctx, bpf_prog_run);
1453 } while (bpf_test_timer_continue(&t, 1, repeat, &ret, &duration));
1454 bpf_test_timer_leave(&t);
1459 user_ctx->cookie = 0;
1460 if (ctx.selected_sk) {
1461 if (ctx.selected_sk->sk_reuseport && !ctx.no_reuseport) {
1466 user_ctx->cookie = sock_gen_cookie(ctx.selected_sk);
1469 ret = bpf_test_finish(kattr, uattr, NULL, NULL, 0, retval, duration);
1471 ret = bpf_ctx_finish(kattr, uattr, user_ctx, sizeof(*user_ctx));
1474 bpf_prog_array_free(progs);
1479 int bpf_prog_test_run_syscall(struct bpf_prog *prog,
1480 const union bpf_attr *kattr,
1481 union bpf_attr __user *uattr)
1483 void __user *ctx_in = u64_to_user_ptr(kattr->test.ctx_in);
1484 __u32 ctx_size_in = kattr->test.ctx_size_in;
1489 /* doesn't support data_in/out, ctx_out, duration, or repeat or flags */
1490 if (kattr->test.data_in || kattr->test.data_out ||
1491 kattr->test.ctx_out || kattr->test.duration ||
1492 kattr->test.repeat || kattr->test.flags ||
1493 kattr->test.batch_size)
1496 if (ctx_size_in < prog->aux->max_ctx_offset ||
1497 ctx_size_in > U16_MAX)
1501 ctx = memdup_user(ctx_in, ctx_size_in);
1503 return PTR_ERR(ctx);
1506 rcu_read_lock_trace();
1507 retval = bpf_prog_run_pin_on_cpu(prog, ctx);
1508 rcu_read_unlock_trace();
1510 if (copy_to_user(&uattr->test.retval, &retval, sizeof(u32))) {
1515 if (copy_to_user(ctx_in, ctx, ctx_size_in))
1522 static int verify_and_copy_hook_state(struct nf_hook_state *state,
1523 const struct nf_hook_state *user,
1524 struct net_device *dev)
1526 if (user->in || user->out)
1529 if (user->net || user->sk || user->okfn)
1535 switch (state->hook) {
1536 case NF_INET_PRE_ROUTING:
1539 case NF_INET_LOCAL_IN:
1542 case NF_INET_FORWARD:
1546 case NF_INET_LOCAL_OUT:
1549 case NF_INET_POST_ROUTING:
1559 state->pf = user->pf;
1560 state->hook = user->hook;
1565 static __be16 nfproto_eth(int nfproto)
1569 return htons(ETH_P_IP);
1574 return htons(ETH_P_IPV6);
1577 int bpf_prog_test_run_nf(struct bpf_prog *prog,
1578 const union bpf_attr *kattr,
1579 union bpf_attr __user *uattr)
1581 struct net *net = current->nsproxy->net_ns;
1582 struct net_device *dev = net->loopback_dev;
1583 struct nf_hook_state *user_ctx, hook_state = {
1585 .hook = NF_INET_LOCAL_OUT,
1587 u32 size = kattr->test.data_size_in;
1588 u32 repeat = kattr->test.repeat;
1589 struct bpf_nf_ctx ctx = {
1590 .state = &hook_state,
1592 struct sk_buff *skb = NULL;
1593 u32 retval, duration;
1597 if (kattr->test.flags || kattr->test.cpu || kattr->test.batch_size)
1600 if (size < sizeof(struct iphdr))
1603 data = bpf_test_init(kattr, kattr->test.data_size_in, size,
1604 NET_SKB_PAD + NET_IP_ALIGN,
1605 SKB_DATA_ALIGN(sizeof(struct skb_shared_info)));
1607 return PTR_ERR(data);
1612 user_ctx = bpf_ctx_init(kattr, sizeof(struct nf_hook_state));
1613 if (IS_ERR(user_ctx)) {
1615 return PTR_ERR(user_ctx);
1619 ret = verify_and_copy_hook_state(&hook_state, user_ctx, dev);
1624 skb = slab_build_skb(data);
1630 data = NULL; /* data released via kfree_skb */
1632 skb_reserve(skb, NET_SKB_PAD + NET_IP_ALIGN);
1633 __skb_put(skb, size);
1637 if (hook_state.hook != NF_INET_LOCAL_OUT) {
1638 if (size < ETH_HLEN + sizeof(struct iphdr))
1641 skb->protocol = eth_type_trans(skb, dev);
1642 switch (skb->protocol) {
1643 case htons(ETH_P_IP):
1644 if (hook_state.pf == NFPROTO_IPV4)
1647 case htons(ETH_P_IPV6):
1648 if (size < ETH_HLEN + sizeof(struct ipv6hdr))
1650 if (hook_state.pf == NFPROTO_IPV6)
1658 skb_reset_network_header(skb);
1660 skb->protocol = nfproto_eth(hook_state.pf);
1665 ret = bpf_test_run(prog, &ctx, repeat, &retval, &duration, false);
1669 ret = bpf_test_finish(kattr, uattr, NULL, NULL, 0, retval, duration);
1678 static const struct btf_kfunc_id_set bpf_prog_test_kfunc_set = {
1679 .owner = THIS_MODULE,
1680 .set = &test_sk_check_kfunc_ids,
1683 BTF_ID_LIST(bpf_prog_test_dtor_kfunc_ids)
1684 BTF_ID(struct, prog_test_ref_kfunc)
1685 BTF_ID(func, bpf_kfunc_call_test_release_dtor)
1686 BTF_ID(struct, prog_test_member)
1687 BTF_ID(func, bpf_kfunc_call_memb_release_dtor)
1689 static int __init bpf_prog_test_run_init(void)
1691 const struct btf_id_dtor_kfunc bpf_prog_test_dtor_kfunc[] = {
1693 .btf_id = bpf_prog_test_dtor_kfunc_ids[0],
1694 .kfunc_btf_id = bpf_prog_test_dtor_kfunc_ids[1]
1697 .btf_id = bpf_prog_test_dtor_kfunc_ids[2],
1698 .kfunc_btf_id = bpf_prog_test_dtor_kfunc_ids[3],
1703 ret = register_btf_fmodret_id_set(&bpf_test_modify_return_set);
1704 ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_SCHED_CLS, &bpf_prog_test_kfunc_set);
1705 ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_TRACING, &bpf_prog_test_kfunc_set);
1706 ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_SYSCALL, &bpf_prog_test_kfunc_set);
1707 return ret ?: register_btf_id_dtor_kfuncs(bpf_prog_test_dtor_kfunc,
1708 ARRAY_SIZE(bpf_prog_test_dtor_kfunc),
1711 late_initcall(bpf_prog_test_run_init);
projects / releases.git / blob