tools/testing/selftests/bpf/progs/mem_rdonly_untrusted.c

Source file repositories/reference/linux-study-clean/tools/testing/selftests/bpf/progs/mem_rdonly_untrusted.c

File Facts

System
Linux kernel
Corpus path
tools/testing/selftests/bpf/progs/mem_rdonly_untrusted.c
Extension
.c
Size
4116 bytes
Lines
230
Domain
Support Tooling And Documentation
Bucket
tools
Inferred role
Support Tooling And Documentation: implementation source
Status
source implementation candidate

Why This File Exists

Repository support layer: documentation, build tooling, samples, user-space helper tools, generated initramfs support, licenses, and validation utilities.

Dependency Surface

Detected Declarations

Annotated Snippet

// SPDX-License-Identifier: GPL-2.0

#include <vmlinux.h>
#include <bpf/bpf_core_read.h>
#include "bpf_misc.h"
#include "../test_kmods/bpf_testmod_kfunc.h"

SEC("tp_btf/sys_enter")
__success
__log_level(2)
__msg("r8 = *(u64 *)(r7 +0)          ; R7=ptr_nameidata(imm={{[0-9]+}}) R8=rdonly_untrusted_mem(sz=0)")
__msg("r9 = *(u8 *)(r8 +0)           ; R8=rdonly_untrusted_mem(sz=0) R9=scalar")
int btf_id_to_ptr_mem(void *ctx)
{
	struct task_struct *task;
	struct nameidata *idata;
	u64 ret, off;

	task = bpf_get_current_task_btf();
	idata = task->nameidata;
	off = bpf_core_field_offset(struct nameidata, pathname);
	/*
	 * asm block to have reliable match target for __msg, equivalent of:
	 *   ret = task->nameidata->pathname[0];
	 */
	asm volatile (
	"r7 = %[idata];"
	"r7 += %[off];"
	"r8 = *(u64 *)(r7 + 0);"
	"r9 = *(u8 *)(r8 + 0);"
	"%[ret] = r9;"
	: [ret]"=r"(ret)
	: [idata]"r"(idata),
	  [off]"r"(off)
	: "r7", "r8", "r9");
	return ret;
}

SEC("socket")
__success
__retval(0)
int ldx_is_ok_bad_addr(void *ctx)
{
	char *p;

	if (!bpf_core_enum_value_exists(enum bpf_features, BPF_FEAT_RDONLY_CAST_TO_VOID))
		return 42;

	p = bpf_rdonly_cast(0, 0);
	return p[0x7fff];
}

SEC("socket")
__success
__retval(1)
int ldx_is_ok_good_addr(void *ctx)
{
	int v, *p;

	v = 1;
	p = bpf_rdonly_cast(&v, 0);
	return *p;
}

SEC("socket")
__success
int offset_not_tracked(void *ctx)
{
	int *p, i, s;

	p = bpf_rdonly_cast(0, 0);
	s = 0;
	bpf_for(i, 0, 1000 * 1000 * 1000) {
		p++;
		s += *p;
	}
	return s;
}

SEC("socket")
__failure
__msg("cannot write into rdonly_untrusted_mem")
int stx_not_ok(void *ctx)
{
	int v, *p;

	v = 1;
	p = bpf_rdonly_cast(&v, 0);
	*p = 1;
	return 0;

Annotation

Implementation Notes