blob: d4d0f1610853a8ac25ab631e5a0c424164390e57 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
// SPDX-License-Identifier: GPL-2.0
/* Copyright 2026 Google LLC */
#include <vmlinux.h>
#include <bpf/bpf_helpers.h>
#include "bpf_misc.h"
struct bpf_ws_lock;
struct bpf_ws_lock *bpf_wakeup_sources_read_lock(void) __ksym;
void bpf_wakeup_sources_read_unlock(struct bpf_ws_lock *lock) __ksym;
void *bpf_wakeup_sources_get_head(void) __ksym;
SEC("syscall")
__failure __msg("BPF_EXIT instruction in main prog would lead to reference leak")
int wakeup_source_lock_no_unlock(void *ctx)
{
struct bpf_ws_lock *lock;
lock = bpf_wakeup_sources_read_lock();
if (!lock)
return 0;
return 0;
}
SEC("syscall")
__failure __msg("access beyond struct")
int wakeup_source_access_lock_fields(void *ctx)
{
struct bpf_ws_lock *lock;
int val;
lock = bpf_wakeup_sources_read_lock();
if (!lock)
return 0;
val = *(int *)lock;
bpf_wakeup_sources_read_unlock(lock);
return val;
}
SEC("syscall")
__failure __msg("release kfunc bpf_wakeup_sources_read_unlock expects referenced PTR_TO_BTF_ID passed to R1")
int wakeup_source_unlock_no_lock(void *ctx)
{
struct bpf_ws_lock *lock = (void *)0x1;
bpf_wakeup_sources_read_unlock(lock);
return 0;
}
SEC("syscall")
__failure __msg("Possibly NULL pointer passed to trusted")
int wakeup_source_unlock_null(void *ctx)
{
bpf_wakeup_sources_read_unlock(NULL);
return 0;
}
SEC("syscall")
__failure __msg("R0 invalid mem access 'scalar'")
int wakeup_source_unsafe_dereference(void *ctx)
{
struct list_head *head = bpf_wakeup_sources_get_head();
if (head->next)
return 1;
return 0;
}
char _license[] SEC("license") = "GPL";
|
