linux/samples/bpf/test_probe_write_user_kern.c

/* Copyright (c) 2016 Sargun Dhillon <sargun@sargun.me>
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of version 2 of the GNU General Public
 * License as published by the Free Software Foundation.
 */
#include <linux/skbuff.h>
#include <linux/netdevice.h>
#include <uapi/linux/bpf.h>
#include <linux/version.h>
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h>

struct bpf_map_def SEC("maps") dnat_map = {
	.type = BPF_MAP_TYPE_HASH,
	.key_size = sizeof(struct sockaddr_in),
	.value_size = sizeof(struct sockaddr_in),
	.max_entries = 256,
};

/* kprobe is NOT a stable ABI
 * kernel functions can be removed, renamed or completely change semantics.
 * Number of arguments and their positions can change, etc.
 * In such case this bpf+kprobe example will no longer be meaningful
 *
 * This example sits on a syscall, and the syscall ABI is relatively stable
 * of course, across platforms, and over time, the ABI may change.
 */
SEC("kprobe/sys_connect")
int bpf_prog1(struct pt_regs *ctx)
{
	struct sockaddr_in new_addr, orig_addr = {};
	struct sockaddr_in *mapped_addr;
	void *sockaddr_arg = (void *)PT_REGS_PARM2(ctx);
	int sockaddr_len = (int)PT_REGS_PARM3(ctx);

	if (sockaddr_len > sizeof(orig_addr))
		return 0;

	if (bpf_probe_read_user(&orig_addr, sizeof(orig_addr), sockaddr_arg) != 0)
		return 0;

	mapped_addr = bpf_map_lookup_elem(&dnat_map, &orig_addr);
	if (mapped_addr != NULL) {
		memcpy(&new_addr, mapped_addr, sizeof(new_addr));
		bpf_probe_write_user(sockaddr_arg, &new_addr,
				     sizeof(new_addr));
	}
	return 0;
}

char _license[] SEC("license") = "GPL";
u32 _version SEC("version") = LINUX_VERSION_CODE;
samples/bpf: Add test/example of using bpf_probe_write_user bpf helper This example shows using a kprobe to act as a dnat mechanism to divert traffic for arbitrary endpoints. It rewrite the arguments to a syscall while they're still in userspace, and before the syscall has a chance to copy the argument into kernel space. Although this is an example, it also acts as a test because the mapped address is 255.255.255.255:555 -> real address, and that's not a legal address to connect to. If the helper is broken, the example will fail on the intermediate steps, as well as the final step to verify the rewrite of userspace memory succeeded. Signed-off-by: Sargun Dhillon <sargun@sargun.me> Cc: Alexei Starovoitov <ast@kernel.org> Cc: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2016-07-25 05:55:02 -07:00			`/* Copyright (c) 2016 Sargun Dhillon <sargun@sargun.me>`
			`*`
			`* This program is free software; you can redistribute it and/or`
			`* modify it under the terms of version 2 of the GNU General Public`
			`* License as published by the Free Software Foundation.`
			`*/`
			`#include <linux/skbuff.h>`
			`#include <linux/netdevice.h>`
			`#include <uapi/linux/bpf.h>`
			`#include <linux/version.h>`
samples/bpf: Use consistent include paths for libbpf Fix all files in samples/bpf to include libbpf header files with the bpf/ prefix, to be consistent with external users of the library. Also ensure that all includes of exported libbpf header files (those that are exported on 'make install' of the library) use bracketed includes instead of quoted. To make sure no new files are introduced that doesn't include the bpf/ prefix in its include, remove tools/lib/bpf from the include path entirely, and use tools/lib instead. Fixes: 6910d7d3867a ("selftests/bpf: Ensure bpf_helper_defs.h are taken from selftests dir") Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Acked-by: Jesper Dangaard Brouer <brouer@redhat.com> Acked-by: Andrii Nakryiko <andriin@fb.com> Link: https://lore.kernel.org/bpf/157952560911.1683545.8795966751309534150.stgit@toke.dk 2020-01-20 14:06:49 +01:00			`#include <bpf/bpf_helpers.h>`
			`#include <bpf/bpf_tracing.h>`
samples/bpf: Add test/example of using bpf_probe_write_user bpf helper This example shows using a kprobe to act as a dnat mechanism to divert traffic for arbitrary endpoints. It rewrite the arguments to a syscall while they're still in userspace, and before the syscall has a chance to copy the argument into kernel space. Although this is an example, it also acts as a test because the mapped address is 255.255.255.255:555 -> real address, and that's not a legal address to connect to. If the helper is broken, the example will fail on the intermediate steps, as well as the final step to verify the rewrite of userspace memory succeeded. Signed-off-by: Sargun Dhillon <sargun@sargun.me> Cc: Alexei Starovoitov <ast@kernel.org> Cc: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2016-07-25 05:55:02 -07:00
			`struct bpf_map_def SEC("maps") dnat_map = {`
			`.type = BPF_MAP_TYPE_HASH,`
			`.key_size = sizeof(struct sockaddr_in),`
			`.value_size = sizeof(struct sockaddr_in),`
			`.max_entries = 256,`
			`};`

			`/* kprobe is NOT a stable ABI`
			`* kernel functions can be removed, renamed or completely change semantics.`
			`* Number of arguments and their positions can change, etc.`
			`* In such case this bpf+kprobe example will no longer be meaningful`
			`*`
			`* This example sits on a syscall, and the syscall ABI is relatively stable`
			`* of course, across platforms, and over time, the ABI may change.`
			`*/`
			`SEC("kprobe/sys_connect")`
			`int bpf_prog1(struct pt_regs *ctx)`
			`{`
			`struct sockaddr_in new_addr, orig_addr = {};`
			`struct sockaddr_in *mapped_addr;`
			`void sockaddr_arg = (void )PT_REGS_PARM2(ctx);`
			`int sockaddr_len = (int)PT_REGS_PARM3(ctx);`

			`if (sockaddr_len > sizeof(orig_addr))`
			`return 0;`

bpf, samples: Use bpf_probe_read_user where appropriate Use bpf_probe_read_user() helper instead of bpf_probe_read() for samples that attach to kprobes probing on user addresses. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Acked-by: Andrii Nakryiko <andriin@fb.com> Link: https://lore.kernel.org/bpf/5b0144b3f8e031ec5e2438bd7de8d7877e63bf2f.1572649915.git.daniel@iogearbox.net 2019-11-02 00:18:01 +01:00			`if (bpf_probe_read_user(&orig_addr, sizeof(orig_addr), sockaddr_arg) != 0)`
samples/bpf: Add test/example of using bpf_probe_write_user bpf helper This example shows using a kprobe to act as a dnat mechanism to divert traffic for arbitrary endpoints. It rewrite the arguments to a syscall while they're still in userspace, and before the syscall has a chance to copy the argument into kernel space. Although this is an example, it also acts as a test because the mapped address is 255.255.255.255:555 -> real address, and that's not a legal address to connect to. If the helper is broken, the example will fail on the intermediate steps, as well as the final step to verify the rewrite of userspace memory succeeded. Signed-off-by: Sargun Dhillon <sargun@sargun.me> Cc: Alexei Starovoitov <ast@kernel.org> Cc: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2016-07-25 05:55:02 -07:00			`return 0;`

			`mapped_addr = bpf_map_lookup_elem(&dnat_map, &orig_addr);`
			`if (mapped_addr != NULL) {`
			`memcpy(&new_addr, mapped_addr, sizeof(new_addr));`
			`bpf_probe_write_user(sockaddr_arg, &new_addr,`
			`sizeof(new_addr));`
			`}`
			`return 0;`
			`}`

			`char _license[] SEC("license") = "GPL";`
			`u32 _version SEC("version") = LINUX_VERSION_CODE;`