From 77fb079dedee5c8c2fc0c2e3781769b5978ce4fe Mon Sep 17 00:00:00 2001
From: Paul Chaignon <paul.chaignon@gmail.com>
Date: Mon, 6 Nov 2023 20:21:56 +0100
Subject: sys/linux: describe call to BPF helper bpf_ringbuf_reserve

Describe a full call to bpf_ringbuf_reserve, using the map type created
in the previous commit. The test corresponds to this simple line:

     u64 *e;
     e = bpf_ringbuf_reserve(&rb, sizeof(*e), 0);
     [...]
     return e;

The pointer returned by bpf_ringbuf_reserve is kept in R9. The goal is
to keep it around so we can use it in other instructions later; several
other helpers take a pointer to ringbuf data as argument. There's of
course a risk that some instruction in between will clobber R9, but I
don't know another way. R9 is at least safe for calls (only R1--R5 get
clobbered).

We expect the program loading to fail with EINVAL because we never
release the reference to the ringbuf data. The verifier will therefore
reject the program with:

    0: R1=ctx(off=0,imm=0) R10=fp0
    0: (18) r0 = 0x0                      ; R0_w=0
    2: (18) r1 = 0xffff984e4b55da00       ; R1_w=map_ptr(off=0,ks=0,vs=0,imm=0)
    4: (b7) r2 = 20                       ; R2_w=20
    5: (b7) r3 = 0                        ; R3_w=0
    6: (85) call bpf_ringbuf_reserve#131  ; R0_w=ringbuf_mem_or_null(id=2,ref_obj_id=2,off=0,imm=0) refs=2
    7: (bf) r9 = r0                       ; R0_w=ringbuf_mem_or_null(id=2,ref_obj_id=2,off=0,imm=0)
                                            R9_w=ringbuf_mem_or_null(id=2,ref_obj_id=2,off=0,imm=0) refs=2
    8: (95) exit
    Unreleased reference id=2 alloc_insn=6

Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
---
 sys/linux/test/bpf_helpers | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'sys/linux/test')

diff --git a/sys/linux/test/bpf_helpers b/sys/linux/test/bpf_helpers
index 246e903b0..0bc1ce513 100644
--- a/sys/linux/test/bpf_helpers
+++ b/sys/linux/test/bpf_helpers
@@ -24,3 +24,5 @@ r4 = bpf$PROG_LOAD(AUTO, &AUTO={0x3, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AUT
 # Prepare, load, and execute a BPF program that calls ringbuf helpers
 
 r1 = bpf$MAP_CREATE_RINGBUF(AUTO, &AUTO={AUTO, AUTO, AUTO, 0x40000, AUTO, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x0, 0x0, 0x0, 0x0, AUTO}, 0x48)
+
+r2 = bpf$PROG_LOAD(AUTO, &AUTO={0x3, AUTO, &AUTO=@ringbuf={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, {{AUTO, AUTO, AUTO, AUTO, r1, AUTO, AUTO, AUTO, AUTO}, {AUTO, AUTO, AUTO, AUTO, AUTO, AUTO, AUTO}, {AUTO, AUTO, AUTO, AUTO, AUTO, AUTO, AUTO}, {AUTO, AUTO, AUTO, AUTO}, {AUTO, AUTO, AUTO, AUTO, AUTO, AUTO, AUTO}}, [], {AUTO, AUTO, AUTO, AUTO}}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000000000000000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0) # EINVAL
-- 
cgit mrf-deployment