aboutsummaryrefslogtreecommitdiffstats
path: root/sys
diff options
context:
space:
mode:
authorPaul Chaignon <paul.chaignon@gmail.com>2023-05-02 23:34:59 +0200
committerAleksandr Nogikh <nogikh@google.com>2023-08-25 14:18:37 +0000
commit3c29a5fa10a3ca45b251e02c4153a75f45fa8f1c (patch)
treec3c3496c6b4b99154624984b26b1e937667eec0f /sys
parent68630e0937d7a9a6c6e965613731576f9f325e92 (diff)
sys/linux: support CO-RE info in PROG_LOAD command
Commit [1] upstream added support via the bpf(2) PROG_LOAD command to load BTF CO-RE relocation data. This commit adds basic support for loading the same data in syzkaller. As usual with BTF, we are pretty limited in what we can efficiently describe :-( 1 - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fbd94c7afcf9 Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
Diffstat (limited to 'sys')
-rw-r--r--sys/linux/bpf.txt14
-rw-r--r--sys/linux/bpf.txt.const14
-rw-r--r--sys/linux/test/bpf_cgroup2
-rw-r--r--sys/linux/test/btf_id4
4 files changed, 30 insertions, 4 deletions
diff --git a/sys/linux/bpf.txt b/sys/linux/bpf.txt
index 35e1a0e5c..c321b38c8 100644
--- a/sys/linux/bpf.txt
+++ b/sys/linux/bpf.txt
@@ -198,6 +198,7 @@ bpf_batch_flags = BPF_F_LOCK
define BPF_LINE_INFO_SIZE sizeof(struct bpf_line_info)
define BPF_FUNC_INFO_SIZE sizeof(struct bpf_func_info)
+define BPF_CORE_RELO_SIZE sizeof(struct bpf_core_relo)
type bpf_prog_t[TYPE, ATTACH_TYPE, BTF_ID, PROG_FD] {
type TYPE
@@ -221,8 +222,10 @@ type bpf_prog_t[TYPE, ATTACH_TYPE, BTF_ID, PROG_FD] {
line_info_cnt len[line_info, int32]
attach_btf_id BTF_ID
attach_prog_fd PROG_FD
- pad const[0, int32]
+ core_relo_cnt len[core_relos, int32]
fd_array ptr64[in, array[fd_bpf_map], opt]
+ core_relos ptr64[in, array[bpf_core_relo], opt]
+ core_relo_rec_size const[BPF_CORE_RELO_SIZE, int32]
}
type bpf_prog bpf_prog_t[flags[bpf_prog_type, int32], flags[bpf_attach_type, int32], bpf_btf_id[opt], fd_bpf_prog[opt]]
@@ -244,6 +247,14 @@ bpf_line_info {
line_col int32
}
+bpf_core_relo {
+# This is instruction index, so should not be too large.
+ insn_off int32[0:5]
+ type_id btf_type_id
+ access_str_off btf_opt_name_off
+ kind flags[bpf_core_relo_kind, int32]
+}
+
bpf_instructions [
raw array[bpf_insn]
framed bpf_framed_program
@@ -872,3 +883,4 @@ bpf_prog_test_run_flags = BPF_F_TEST_RUN_ON_CPU, BPF_F_TEST_XDP_LIVE_FRAMES
bpf_prog_query_attach_type = BPF_CGROUP_INET_INGRESS, BPF_CGROUP_INET_EGRESS, BPF_CGROUP_INET_SOCK_CREATE, BPF_CGROUP_SOCK_OPS, BPF_CGROUP_DEVICE, BPF_CGROUP_INET4_BIND, BPF_CGROUP_INET4_CONNECT, BPF_CGROUP_INET4_POST_BIND, BPF_CGROUP_INET6_BIND, BPF_CGROUP_INET6_CONNECT, BPF_CGROUP_INET6_POST_BIND, BPF_CGROUP_UDP4_SENDMSG, BPF_CGROUP_UDP6_SENDMSG, BPF_LIRC_MODE2, BPF_CGROUP_SYSCTL, BPF_FLOW_DISSECTOR, BPF_CGROUP_UDP4_RECVMSG, BPF_CGROUP_UDP6_RECVMSG, BPF_CGROUP_GETSOCKOPT, BPF_CGROUP_SETSOCKOPT, BPF_CGROUP_INET4_GETPEERNAME, BPF_CGROUP_INET4_GETSOCKNAME, BPF_CGROUP_INET6_GETPEERNAME, BPF_CGROUP_INET6_GETSOCKNAME, BPF_CGROUP_INET_SOCK_RELEASE, BPF_SK_LOOKUP, BPF_LSM_CGROUP, BPF_SK_MSG_VERDICT, BPF_SK_SKB_STREAM_PARSER, BPF_SK_SKB_STREAM_VERDICT, BPF_SK_SKB_VERDICT
bpf_open_flags = BPF_F_RDONLY, BPF_F_WRONLY
bpf_stat_types = BPF_STATS_RUN_TIME
+bpf_core_relo_kind = BPF_CORE_FIELD_BYTE_OFFSET, BPF_CORE_FIELD_BYTE_SIZE, BPF_CORE_FIELD_EXISTS, BPF_CORE_FIELD_SIGNED, BPF_CORE_FIELD_LSHIFT_U64, BPF_CORE_FIELD_RSHIFT_U64, BPF_CORE_TYPE_ID_LOCAL, BPF_CORE_TYPE_ID_TARGET, BPF_CORE_TYPE_EXISTS, BPF_CORE_TYPE_SIZE, BPF_CORE_ENUMVAL_EXISTS, BPF_CORE_ENUMVAL_VALUE, BPF_CORE_TYPE_MATCHES
diff --git a/sys/linux/bpf.txt.const b/sys/linux/bpf.txt.const
index 6d68cdbba..176faccfa 100644
--- a/sys/linux/bpf.txt.const
+++ b/sys/linux/bpf.txt.const
@@ -35,6 +35,20 @@ BPF_CGROUP_UDP4_RECVMSG = 19
BPF_CGROUP_UDP4_SENDMSG = 14
BPF_CGROUP_UDP6_RECVMSG = 20
BPF_CGROUP_UDP6_SENDMSG = 15
+BPF_CORE_ENUMVAL_EXISTS = 10
+BPF_CORE_ENUMVAL_VALUE = 11
+BPF_CORE_FIELD_BYTE_OFFSET = 0
+BPF_CORE_FIELD_BYTE_SIZE = 1
+BPF_CORE_FIELD_EXISTS = 2
+BPF_CORE_FIELD_LSHIFT_U64 = 4
+BPF_CORE_FIELD_RSHIFT_U64 = 5
+BPF_CORE_FIELD_SIGNED = 3
+BPF_CORE_RELO_SIZE = 16
+BPF_CORE_TYPE_EXISTS = 8
+BPF_CORE_TYPE_ID_LOCAL = 6
+BPF_CORE_TYPE_ID_TARGET = 7
+BPF_CORE_TYPE_MATCHES = 12
+BPF_CORE_TYPE_SIZE = 9
BPF_DIV0 = 3
BPF_DW0 = 3
BPF_ENABLE_STATS = 32
diff --git a/sys/linux/test/bpf_cgroup b/sys/linux/test/bpf_cgroup
index ad848e3fb..4ff19075d 100644
--- a/sys/linux/test/bpf_cgroup
+++ b/sys/linux/test/bpf_cgroup
@@ -6,7 +6,7 @@ r1 = write$tcp_congestion(r0, &AUTO='reno\x00', AUTO)
# Now, load a BPF_PROG_TYPE_CGROUP_SYSCTL that simply returns 0, which will block all writes to /proc/sys
-r2 = bpf$PROG_LOAD(AUTO, &AUTO={0x17, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, [], {AUTO, AUTO, AUTO, AUTO}}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
+r2 = bpf$PROG_LOAD(AUTO, &AUTO={0x17, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, [], {AUTO, AUTO, AUTO, AUTO}}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x9c)
r3 = openat(0xffffffffffffff9c, &AUTO='./cgroup\x00', 0x0, 0x0)
diff --git a/sys/linux/test/btf_id b/sys/linux/test/btf_id
index dde131829..d20fa7925 100644
--- a/sys/linux/test/btf_id
+++ b/sys/linux/test/btf_id
@@ -4,7 +4,7 @@ r0 = syz_btf_id_by_name$bpf_lsm(&AUTO='bpf_lsm_path_mkdir\x00')
# Load the bpf program.
-r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &AUTO=@bpf_lsm={0x1d, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, [], {AUTO, AUTO, AUTO, AUTO}}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0}, 0x90)
+r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &AUTO=@bpf_lsm={0x1d, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, [], {AUTO, AUTO, AUTO, AUTO}}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x9c)
# Attach the bpf program to the lsm hook.
@@ -14,6 +14,6 @@ r2 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &AUTO={AUTO, r1}, 0x10)
r3 = syz_btf_id_by_name$bpf_lsm(&AUTO='bpf_lsm_path_mkdir\x00')
-r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &AUTO=@bpf_lsm={0x1d, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, [], {AUTO, AUTO, AUTO, AUTO}}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0}, 0x90)
+r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &AUTO=@bpf_lsm={0x1d, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, [], {AUTO, AUTO, AUTO, AUTO}}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x9c)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN_UNNAMED(0x11, &AUTO={AUTO, r4}, 0x10)
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-11 21:56:10 +0000