diff options
| author | Paul Chaignon <paul.chaignon@gmail.com> | 2024-09-05 00:20:49 +0200 |
|---|---|---|
| committer | Aleksandr Nogikh <nogikh@google.com> | 2024-09-09 11:43:00 +0000 |
| commit | 490591b3427f073e99d02e66d247074895f6a87a (patch) | |
| tree | 6271421fe59d2a7751ecb08843ea1a4296840b3e /sys/linux/test | |
| parent | c0c363f4114061f288c0d36086b4ed64622d5275 (diff) | |
sys/linux: cover BPF tokens
The new BPF_TOKEN_CREATE bpf(2) command was introduced in commit [1]
upstream. This command takes a BPF filesystem fd and returns a BPF
token [2]. This token can then be passed to commands BPF_PROG_LOAD,
BPF_MAP_CREATE, and BPF_BTF_LOAD and the kernel will use it to check if
the operation is allowed. What operations a token allows is defined by
the mount options of the BPF filesystem.
No flags are currently supported for the BPF_TOKEN_CREATE command.
The fd should point to the BPF filesystem, but we don't have a specific
resource for this yet so just point to a generic fd. This command also
doesn't add support for the new mount options.
1 - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35f96de04127
2 - https://lwn.net/Articles/947173/
Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
Diffstat (limited to 'sys/linux/test')
| -rw-r--r-- | sys/linux/test/bpf_cgroup | 2 | ||||
| -rw-r--r-- | sys/linux/test/bpf_helpers | 18 | ||||
| -rw-r--r-- | sys/linux/test/btf_id | 4 |
3 files changed, 12 insertions, 12 deletions
diff --git a/sys/linux/test/bpf_cgroup b/sys/linux/test/bpf_cgroup index 1e480b46a..0c31e3442 100644 --- a/sys/linux/test/bpf_cgroup +++ b/sys/linux/test/bpf_cgroup @@ -6,7 +6,7 @@ r1 = write$tcp_congestion(r0, &AUTO='reno\x00', AUTO) # Now, load a BPF_PROG_TYPE_CGROUP_SYSCTL that simply returns 0, which will block all writes to /proc/sys -r2 = bpf$PROG_LOAD(AUTO, &AUTO={0x17, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, [], AUTO}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0) +r2 = bpf$PROG_LOAD(AUTO, &AUTO={0x17, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, [], AUTO}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value=AUTO}, 0xa0) r3 = openat(0xffffffffffffff9c, &AUTO='./cgroup\x00', 0x0, 0x0) diff --git a/sys/linux/test/bpf_helpers b/sys/linux/test/bpf_helpers index 99addd454..0ff7e4c0d 100644 --- a/sys/linux/test/bpf_helpers +++ b/sys/linux/test/bpf_helpers @@ -1,32 +1,32 @@ # bpf_trace_printk -r1 = bpf$PROG_LOAD(AUTO, &AUTO={0x3, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, [@printk={@d=AUTO, AUTO, AUTO, AUTO, AUTO, {AUTO, AUTO, AUTO, AUTO, AUTO, AUTO, 0x1234}, AUTO}], AUTO}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0) +r1 = bpf$PROG_LOAD(AUTO, &AUTO={0x3, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, [@printk={@d=AUTO, AUTO, AUTO, AUTO, AUTO, {AUTO, AUTO, AUTO, AUTO, AUTO, AUTO, 0x1234}, AUTO}], AUTO}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value=AUTO}, 0xa0) # bpf_snprintf -r1 = bpf$MAP_CREATE_CONST_STR(AUTO, &AUTO={AUTO, AUTO, AUTO, AUTO, AUTO, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x0, 0x0, 0x0, 0x0, AUTO, @void, @value=AUTO}, 0x48) +r1 = bpf$MAP_CREATE_CONST_STR(AUTO, &AUTO={AUTO, AUTO, AUTO, AUTO, AUTO, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x0, 0x0, 0x0, 0x0, AUTO, @void, @value=AUTO, @void, @value=AUTO}, 0x48) r2 = bpf$MAP_UPDATE_CONST_STR(AUTO, &AUTO={{r1, r1}, &AUTO=0x0, &AUTO='%-010d \x00', AUTO}, 0x1c) r3 = bpf$BPF_MAP_CONST_STR_FREEZE(AUTO, &AUTO={r1, r1}, 0x4) -r4 = bpf$PROG_LOAD(AUTO, &AUTO={0x3, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, [@snprintf={AUTO, AUTO, {AUTO, AUTO, AUTO, AUTO, AUTO, AUTO, 0x1234}, AUTO, AUTO, AUTO, AUTO, AUTO, AUTO, {AUTO, AUTO, AUTO, AUTO, r1, AUTO, AUTO, AUTO, AUTO}, AUTO, AUTO}], AUTO}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0) +r4 = bpf$PROG_LOAD(AUTO, &AUTO={0x3, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, [@snprintf={AUTO, AUTO, {AUTO, AUTO, AUTO, AUTO, AUTO, AUTO, 0x1234}, AUTO, AUTO, AUTO, AUTO, AUTO, AUTO, {AUTO, AUTO, AUTO, AUTO, r1, AUTO, AUTO, AUTO, AUTO}, AUTO, AUTO}], AUTO}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value=AUTO}, 0xa0) # bpf_tail_call -r10 = bpf$MAP_CREATE_TAIL_CALL(AUTO, &AUTO={AUTO, AUTO, AUTO, AUTO, AUTO, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x0, 0x0, 0x0, 0x0, AUTO, @void, @value=AUTO}, 0x48) +r10 = bpf$MAP_CREATE_TAIL_CALL(AUTO, &AUTO={AUTO, AUTO, AUTO, AUTO, AUTO, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x0, 0x0, 0x0, 0x0, AUTO, @void, @value=AUTO, @void, @value=AUTO}, 0x48) r11 = bpf$MAP_UPDATE_ELEM_TAIL_CALL(AUTO, &AUTO={{r10, r10}, &AUTO=0x0, &AUTO=r4, AUTO}, 0x1c) -r4 = bpf$PROG_LOAD(AUTO, &AUTO={0x3, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, [@tail_call={{AUTO, AUTO, AUTO, AUTO, r10, AUTO, AUTO, AUTO, AUTO}, AUTO, AUTO, AUTO}], AUTO}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0) +r4 = bpf$PROG_LOAD(AUTO, &AUTO={0x3, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, [@tail_call={{AUTO, AUTO, AUTO, AUTO, r10, AUTO, AUTO, AUTO, AUTO}, AUTO, AUTO, AUTO}], AUTO}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value=AUTO}, 0xa0) # bpf_ringbuf_reserve and bpf_ringbuf_submit -r1 = bpf$MAP_CREATE_RINGBUF(AUTO, &AUTO={AUTO, AUTO, AUTO, 0x40000, AUTO, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x0, 0x0, 0x0, 0x0, AUTO, @void, @value=AUTO}, 0x48) +r1 = bpf$MAP_CREATE_RINGBUF(AUTO, &AUTO={AUTO, AUTO, AUTO, 0x40000, AUTO, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x0, 0x0, 0x0, 0x0, AUTO, @void, @value=AUTO, @void, @value=AUTO}, 0x48) -r2 = bpf$PROG_LOAD(AUTO, &AUTO={0x3, AUTO, &AUTO=@ringbuf={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, {{AUTO, AUTO, AUTO, AUTO, r1, AUTO, AUTO, AUTO, AUTO}, AUTO, AUTO, AUTO, AUTO}, AUTO, [], {AUTO, {AUTO, AUTO, AUTO, AUTO, AUTO, AUTO, 0x1}, {AUTO, AUTO, AUTO, 0x84}, AUTO}, AUTO}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0) +r2 = bpf$PROG_LOAD(AUTO, &AUTO={0x3, AUTO, &AUTO=@ringbuf={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, {{AUTO, AUTO, AUTO, AUTO, r1, AUTO, AUTO, AUTO, AUTO}, AUTO, AUTO, AUTO, AUTO}, AUTO, [], {AUTO, {AUTO, AUTO, AUTO, AUTO, AUTO, AUTO, 0x1}, {AUTO, AUTO, AUTO, 0x84}, AUTO}, AUTO}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value=AUTO}, 0xa0) # bpf_ringbuf_query -r3 = bpf$PROG_LOAD(AUTO, &AUTO={0x3, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, [@ringbuf_query={{AUTO, AUTO, AUTO, AUTO, r1, AUTO, AUTO, AUTO, AUTO}, AUTO, AUTO}], AUTO}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0) +r3 = bpf$PROG_LOAD(AUTO, &AUTO={0x3, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, [@ringbuf_query={{AUTO, AUTO, AUTO, AUTO, r1, AUTO, AUTO, AUTO, AUTO}, AUTO, AUTO}], AUTO}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value=AUTO}, 0xa0) # bpf_ringbuf_output -r3 = bpf$PROG_LOAD(AUTO, &AUTO={0x3, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, [@ringbuf_output={{AUTO, AUTO, AUTO, AUTO, r1, AUTO, AUTO, AUTO, AUTO}, {AUTO, AUTO, AUTO, AUTO, AUTO, AUTO, 0x1234}, AUTO, AUTO, AUTO, AUTO, {AUTO, AUTO, AUTO, AUTO, AUTO, AUTO, 0x2}, AUTO}], AUTO}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0) +r3 = bpf$PROG_LOAD(AUTO, &AUTO={0x3, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, [@ringbuf_output={{AUTO, AUTO, AUTO, AUTO, r1, AUTO, AUTO, AUTO, AUTO}, {AUTO, AUTO, AUTO, AUTO, AUTO, AUTO, 0x1234}, AUTO, AUTO, AUTO, AUTO, {AUTO, AUTO, AUTO, AUTO, AUTO, AUTO, 0x2}, AUTO}], AUTO}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value=AUTO}, 0xa0) diff --git a/sys/linux/test/btf_id b/sys/linux/test/btf_id index a3588bf32..6692f533d 100644 --- a/sys/linux/test/btf_id +++ b/sys/linux/test/btf_id @@ -4,7 +4,7 @@ r0 = syz_btf_id_by_name$bpf_lsm(&AUTO='bpf_lsm_path_mkdir\x00') # Load the bpf program. -r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &AUTO=@bpf_lsm={0x1d, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, [], AUTO}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0) +r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &AUTO=@bpf_lsm={0x1d, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, [], AUTO}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value=AUTO}, 0xa0) # Attach the bpf program to the lsm hook. @@ -14,6 +14,6 @@ r2 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &AUTO={AUTO, r1}, 0x10) r3 = syz_btf_id_by_name$bpf_lsm(&AUTO='bpf_lsm_path_mkdir\x00') -r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &AUTO=@bpf_lsm={0x1d, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, [], AUTO}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0) +r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &AUTO=@bpf_lsm={0x1d, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, [], AUTO}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value=AUTO}, 0xa0) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &AUTO={AUTO, r4}, 0x10) |