Line data Source code
1 : /* SPDX-License-Identifier: GPL-2.0-only */
2 : /*
3 : * Copyright (c) 2023 Meta Platforms, Inc. and affiliates.
4 : */
5 :
6 : #include "bpfilter/cgen/stub.h"
7 :
8 : #include <linux/bpf.h>
9 : #include <linux/bpf_common.h>
10 : #include <linux/icmpv6.h>
11 : #include <linux/if_ether.h>
12 : #include <linux/in.h> // NOLINT
13 : #include <linux/in6.h>
14 : #include <linux/ip.h>
15 : #include <linux/ipv6.h>
16 : #include <linux/tcp.h>
17 : #include <linux/udp.h>
18 :
19 : #include <endian.h>
20 : #include <stddef.h>
21 :
22 : #include "bpfilter/cgen/fixup.h"
23 : #include "bpfilter/cgen/jmp.h"
24 : #include "bpfilter/cgen/printer.h"
25 : #include "bpfilter/cgen/program.h"
26 : #include "bpfilter/cgen/swich.h"
27 : #include "core/flavor.h"
28 : #include "core/helper.h"
29 : #include "core/opts.h"
30 : #include "core/verdict.h"
31 :
32 : #include "external/filter.h"
33 :
34 : /**
35 : * Generate stub to create a dynptr.
36 : *
37 : * @param program Program to generate the stub for. Must not be NULL.
38 : * @param arg_reg Register where the first argument to the dynptr creation
39 : * function is located (SKB or xdp_md structure).
40 : * @param kfunc Name of the kfunc to use to create the dynamic pointer.
41 : * @return 0 on success, or negative errno value on error.
42 : */
43 0 : static int _bf_stub_make_ctx_dynptr(struct bf_program *program, int arg_reg,
44 : const char *kfunc)
45 : {
46 0 : bf_assert(program && kfunc);
47 :
48 : // Call bpf_dynptr_from_xxx()
49 0 : if (arg_reg != BPF_REG_1)
50 0 : EMIT(program, BPF_MOV64_IMM(BPF_REG_1, arg_reg));
51 0 : EMIT(program, BPF_MOV64_IMM(BPF_REG_2, 0));
52 0 : EMIT(program, BPF_MOV64_REG(BPF_REG_3, BPF_REG_10));
53 0 : EMIT(program, BPF_ALU64_IMM(BPF_ADD, BPF_REG_3, BF_PROG_CTX_OFF(dynptr)));
54 0 : EMIT_KFUNC_CALL(program, kfunc);
55 :
56 : // If the function call failed, quit the program
57 : {
58 0 : _cleanup_bf_jmpctx_ struct bf_jmpctx _ =
59 0 : bf_jmpctx_get(program, BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 0));
60 :
61 : // Update the error counter
62 0 : EMIT(program, BPF_MOV32_IMM(BPF_REG_1, program->num_counters - 1));
63 0 : EMIT(program, BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_10,
64 : BF_PROG_CTX_OFF(pkt_size)));
65 0 : EMIT_FIXUP_CALL(program, BF_FIXUP_FUNC_UPDATE_COUNTERS);
66 :
67 0 : if (bf_opts_is_verbose(BF_VERBOSE_BPF))
68 0 : EMIT_PRINT(program, "failed to create a new dynamic pointer");
69 :
70 0 : EMIT(program,
71 : BPF_MOV64_IMM(BPF_REG_0, program->runtime.ops->get_verdict(
72 : BF_VERDICT_ACCEPT)));
73 0 : EMIT(program, BPF_EXIT_INSN());
74 : }
75 :
76 0 : return 0;
77 : }
78 :
79 0 : int bf_stub_make_ctx_xdp_dynptr(struct bf_program *program, int md_reg)
80 : {
81 0 : bf_assert(program);
82 :
83 0 : return _bf_stub_make_ctx_dynptr(program, md_reg, "bpf_dynptr_from_xdp");
84 : }
85 :
86 0 : int bf_stub_make_ctx_skb_dynptr(struct bf_program *program, int skb_reg)
87 : {
88 0 : bf_assert(program);
89 :
90 0 : return _bf_stub_make_ctx_dynptr(program, skb_reg, "bpf_dynptr_from_skb");
91 : }
92 :
93 0 : int bf_stub_parse_l2_ethhdr(struct bf_program *program)
94 : {
95 0 : bf_assert(program);
96 :
97 : // Call bpf_dynptr_slice()
98 0 : EMIT(program, BPF_MOV64_REG(BPF_REG_1, BPF_REG_10));
99 0 : EMIT(program, BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, BF_PROG_CTX_OFF(dynptr)));
100 0 : EMIT(program, BPF_MOV64_IMM(BPF_REG_2, 0));
101 0 : EMIT(program, BPF_MOV64_REG(BPF_REG_3, BPF_REG_10));
102 0 : EMIT(program, BPF_ALU64_IMM(BPF_ADD, BPF_REG_3, BF_PROG_CTX_OFF(l2)));
103 0 : EMIT(program, BPF_MOV64_IMM(BPF_REG_4, sizeof(struct ethhdr)));
104 0 : EMIT_KFUNC_CALL(program, "bpf_dynptr_slice");
105 :
106 : // If the function call failed, quit the program
107 : {
108 0 : _cleanup_bf_jmpctx_ struct bf_jmpctx _ =
109 0 : bf_jmpctx_get(program, BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 0));
110 :
111 : // Update the error counter
112 0 : EMIT(program, BPF_MOV32_IMM(BPF_REG_1, program->num_counters - 1));
113 0 : EMIT(program, BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_10,
114 : BF_PROG_CTX_OFF(pkt_size)));
115 0 : EMIT_FIXUP_CALL(program, BF_FIXUP_FUNC_UPDATE_COUNTERS);
116 :
117 0 : if (bf_opts_is_verbose(BF_VERBOSE_BPF))
118 0 : EMIT_PRINT(program, "failed to create L2 dynamic pointer slice");
119 :
120 0 : EMIT(program,
121 : BPF_MOV64_IMM(BPF_REG_0, program->runtime.ops->get_verdict(
122 : BF_VERDICT_ACCEPT)));
123 0 : EMIT(program, BPF_EXIT_INSN());
124 : }
125 :
126 : // Store the L2 header address into the runtime context
127 0 : EMIT(program,
128 : BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, BF_PROG_CTX_OFF(l2_hdr)));
129 :
130 : // Store the L3 protocol ID in r7
131 0 : EMIT(program, BPF_LDX_MEM(BPF_H, BPF_REG_7, BPF_REG_0,
132 : offsetof(struct ethhdr, h_proto)));
133 :
134 : // Set bf_program_context.l3_offset
135 0 : EMIT(program, BPF_ST_MEM(BPF_W, BPF_REG_10, BF_PROG_CTX_OFF(l3_offset),
136 : sizeof(struct ethhdr)));
137 :
138 0 : return 0;
139 : }
140 :
141 0 : int bf_stub_parse_l3_hdr(struct bf_program *program)
142 : {
143 0 : _cleanup_bf_jmpctx_ struct bf_jmpctx _;
144 : int r;
145 :
146 0 : bf_assert(program);
147 :
148 : /* Store the size of the L3 protocol header in r4, depending on the protocol
149 : * ID stored in r7. If the protocol is not supported, we store 0 into r7
150 : * and we skip the instructions below. */
151 : {
152 0 : _cleanup_bf_swich_ struct bf_swich swich =
153 0 : bf_swich_get(program, BPF_REG_7);
154 :
155 0 : EMIT_SWICH_OPTION(&swich, htobe16(ETH_P_IP),
156 : BPF_MOV64_IMM(BPF_REG_4, sizeof(struct iphdr)));
157 0 : EMIT_SWICH_OPTION(&swich, htobe16(ETH_P_IPV6),
158 : BPF_MOV64_IMM(BPF_REG_4, sizeof(struct ipv6hdr)));
159 0 : EMIT_SWICH_DEFAULT(&swich, BPF_MOV64_IMM(BPF_REG_7, 0));
160 :
161 0 : r = bf_swich_generate(&swich);
162 0 : if (r)
163 : return r;
164 : }
165 0 : _ = bf_jmpctx_get(program, BPF_JMP_IMM(BPF_JEQ, BPF_REG_7, 0, 0));
166 :
167 : // Call bpf_dynptr_slice()
168 0 : EMIT(program, BPF_MOV64_REG(BPF_REG_1, BPF_REG_10));
169 0 : EMIT(program, BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, BF_PROG_CTX_OFF(dynptr)));
170 0 : EMIT(program,
171 : BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_10, BF_PROG_CTX_OFF(l3_offset)));
172 0 : EMIT(program, BPF_MOV64_REG(BPF_REG_3, BPF_REG_10));
173 0 : EMIT(program, BPF_ALU64_IMM(BPF_ADD, BPF_REG_3, BF_PROG_CTX_OFF(l2)));
174 0 : EMIT_KFUNC_CALL(program, "bpf_dynptr_slice");
175 :
176 : // If the function call failed, quit the program
177 : {
178 0 : _cleanup_bf_jmpctx_ struct bf_jmpctx _ =
179 0 : bf_jmpctx_get(program, BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 0));
180 :
181 : // Update the error counter
182 0 : EMIT(program, BPF_MOV32_IMM(BPF_REG_1, program->num_counters - 1));
183 0 : EMIT(program, BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_10,
184 : BF_PROG_CTX_OFF(pkt_size)));
185 0 : EMIT_FIXUP_CALL(program, BF_FIXUP_FUNC_UPDATE_COUNTERS);
186 :
187 0 : if (bf_opts_is_verbose(BF_VERBOSE_BPF))
188 0 : EMIT_PRINT(program, "failed to create L3 dynamic pointer slice");
189 :
190 0 : EMIT(program,
191 : BPF_MOV64_IMM(BPF_REG_0, program->runtime.ops->get_verdict(
192 : BF_VERDICT_ACCEPT)));
193 0 : EMIT(program, BPF_EXIT_INSN());
194 : }
195 :
196 : // Store the L3 header address into the runtime context
197 0 : EMIT(program,
198 : BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, BF_PROG_CTX_OFF(l3_hdr)));
199 :
200 : /* Unsupported L3 protocols have been filtered out at the beginning of this
201 : * function and would jump over the block below, so there is no need to
202 : * worry about them here. */
203 : {
204 0 : _cleanup_bf_swich_ struct bf_swich swich =
205 0 : bf_swich_get(program, BPF_REG_7);
206 :
207 0 : EMIT_SWICH_OPTION(&swich, htobe16(ETH_P_IP),
208 : BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 0),
209 : BPF_ALU64_IMM(BPF_AND, BPF_REG_1, 0x0f),
210 : BPF_ALU64_IMM(BPF_LSH, BPF_REG_1, 2),
211 : BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_10,
212 : BF_PROG_CTX_OFF(l3_offset)),
213 : BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_2),
214 : BPF_STX_MEM(BPF_W, BPF_REG_10, BPF_REG_1,
215 : BF_PROG_CTX_OFF(l4_offset)),
216 : BPF_LDX_MEM(BPF_B, BPF_REG_8, BPF_REG_0,
217 : offsetof(struct iphdr, protocol)));
218 0 : EMIT_SWICH_OPTION(&swich, htobe16(ETH_P_IPV6),
219 : BPF_MOV64_IMM(BPF_REG_1, sizeof(struct ipv6hdr)),
220 : BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_10,
221 : BF_PROG_CTX_OFF(l3_offset)),
222 : BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_2),
223 : BPF_STX_MEM(BPF_W, BPF_REG_10, BPF_REG_1,
224 : BF_PROG_CTX_OFF(l4_offset)),
225 : BPF_LDX_MEM(BPF_B, BPF_REG_8, BPF_REG_0,
226 : offsetof(struct ipv6hdr, nexthdr)));
227 :
228 0 : r = bf_swich_generate(&swich);
229 0 : if (r)
230 : return r;
231 : }
232 :
233 0 : return 0;
234 : }
235 :
236 0 : int bf_stub_parse_l4_hdr(struct bf_program *program)
237 : {
238 0 : _cleanup_bf_jmpctx_ struct bf_jmpctx _;
239 : int r;
240 :
241 0 : bf_assert(program);
242 :
243 : /* Parse the L4 protocol and handle unuspported protocol, similarly to
244 : * bf_stub_parse_l3_hdr() above. */
245 : {
246 0 : _cleanup_bf_swich_ struct bf_swich swich =
247 0 : bf_swich_get(program, BPF_REG_8);
248 :
249 0 : EMIT_SWICH_OPTION(&swich, IPPROTO_TCP,
250 : BPF_MOV64_IMM(BPF_REG_4, sizeof(struct tcphdr)));
251 0 : EMIT_SWICH_OPTION(&swich, IPPROTO_UDP,
252 : BPF_MOV64_IMM(BPF_REG_4, sizeof(struct udphdr)));
253 0 : EMIT_SWICH_OPTION(&swich, IPPROTO_ICMP,
254 : BPF_MOV64_IMM(BPF_REG_4, sizeof(struct udphdr)));
255 0 : EMIT_SWICH_OPTION(&swich, IPPROTO_ICMPV6,
256 : BPF_MOV64_IMM(BPF_REG_4, sizeof(struct icmp6hdr)));
257 0 : EMIT_SWICH_DEFAULT(&swich, BPF_MOV64_IMM(BPF_REG_8, 0));
258 :
259 0 : r = bf_swich_generate(&swich);
260 0 : if (r)
261 : return r;
262 : }
263 0 : _ = bf_jmpctx_get(program, BPF_JMP_IMM(BPF_JEQ, BPF_REG_8, 0, 0));
264 :
265 : // Call bpf_dynptr_slice()
266 0 : EMIT(program, BPF_MOV64_REG(BPF_REG_1, BPF_REG_10));
267 0 : EMIT(program, BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, BF_PROG_CTX_OFF(dynptr)));
268 0 : EMIT(program,
269 : BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_10, BF_PROG_CTX_OFF(l4_offset)));
270 0 : EMIT(program, BPF_MOV64_REG(BPF_REG_3, BPF_REG_10));
271 0 : EMIT(program, BPF_ALU64_IMM(BPF_ADD, BPF_REG_3, BF_PROG_CTX_OFF(l4)));
272 0 : EMIT_KFUNC_CALL(program, "bpf_dynptr_slice");
273 :
274 : // If the function call failed, quit the program
275 : {
276 0 : _cleanup_bf_jmpctx_ struct bf_jmpctx _ =
277 0 : bf_jmpctx_get(program, BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 0));
278 :
279 : // Update the error counter
280 0 : EMIT(program, BPF_MOV32_IMM(BPF_REG_1, program->num_counters - 1));
281 0 : EMIT(program, BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_10,
282 : BF_PROG_CTX_OFF(pkt_size)));
283 0 : EMIT_FIXUP_CALL(program, BF_FIXUP_FUNC_UPDATE_COUNTERS);
284 :
285 0 : if (bf_opts_is_verbose(BF_VERBOSE_BPF))
286 0 : EMIT_PRINT(program, "failed to create L4 dynamic pointer slice");
287 :
288 0 : EMIT(program,
289 : BPF_MOV64_IMM(BPF_REG_0, program->runtime.ops->get_verdict(
290 : BF_VERDICT_ACCEPT)));
291 0 : EMIT(program, BPF_EXIT_INSN());
292 : }
293 :
294 : // Store the L4 header address into the runtime context
295 0 : EMIT(program,
296 : BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, BF_PROG_CTX_OFF(l4_hdr)));
297 :
298 0 : return 0;
299 : }
|
