1 // SPDX-License-Identifier: GPL-2.0
3 #include <test_progs.h>
8 #include <asm/ptrace.h>
9 #include <linux/compiler.h>
10 #include <linux/stringify.h>
12 #include <sys/syscall.h>
13 #include <sys/prctl.h>
14 #include <asm/prctl.h>
15 #include "uprobe_syscall.skel.h"
16 #include "uprobe_syscall_executed.skel.h"
18 __naked unsigned long uretprobe_regs_trigger(void)
21 "movq $0xdeadbeef, %rax\n"
26 __naked void uretprobe_regs(struct pt_regs *before, struct pt_regs *after)
29 "movq %r15, 0(%rdi)\n"
30 "movq %r14, 8(%rdi)\n"
31 "movq %r13, 16(%rdi)\n"
32 "movq %r12, 24(%rdi)\n"
33 "movq %rbp, 32(%rdi)\n"
34 "movq %rbx, 40(%rdi)\n"
35 "movq %r11, 48(%rdi)\n"
36 "movq %r10, 56(%rdi)\n"
37 "movq %r9, 64(%rdi)\n"
38 "movq %r8, 72(%rdi)\n"
39 "movq %rax, 80(%rdi)\n"
40 "movq %rcx, 88(%rdi)\n"
41 "movq %rdx, 96(%rdi)\n"
42 "movq %rsi, 104(%rdi)\n"
43 "movq %rdi, 112(%rdi)\n"
44 "movq $0, 120(%rdi)\n" /* orig_rax */
45 "movq $0, 128(%rdi)\n" /* rip */
46 "movq $0, 136(%rdi)\n" /* cs */
49 "movq %rax, 144(%rdi)\n" /* eflags */
50 "movq %rsp, 152(%rdi)\n" /* rsp */
51 "movq $0, 160(%rdi)\n" /* ss */
53 /* save 2nd argument */
55 "call uretprobe_regs_trigger\n"
57 /* save return value and load 2nd argument pointer to rax */
59 "movq 8(%rsp), %rax\n"
61 "movq %r15, 0(%rax)\n"
62 "movq %r14, 8(%rax)\n"
63 "movq %r13, 16(%rax)\n"
64 "movq %r12, 24(%rax)\n"
65 "movq %rbp, 32(%rax)\n"
66 "movq %rbx, 40(%rax)\n"
67 "movq %r11, 48(%rax)\n"
68 "movq %r10, 56(%rax)\n"
69 "movq %r9, 64(%rax)\n"
70 "movq %r8, 72(%rax)\n"
71 "movq %rcx, 88(%rax)\n"
72 "movq %rdx, 96(%rax)\n"
73 "movq %rsi, 104(%rax)\n"
74 "movq %rdi, 112(%rax)\n"
75 "movq $0, 120(%rax)\n" /* orig_rax */
76 "movq $0, 128(%rax)\n" /* rip */
77 "movq $0, 136(%rax)\n" /* cs */
79 /* restore return value and 2nd argument */
83 "movq %rax, 80(%rsi)\n"
88 "movq %rax, 144(%rsi)\n" /* eflags */
89 "movq %rsp, 152(%rsi)\n" /* rsp */
90 "movq $0, 160(%rsi)\n" /* ss */
95 static void test_uretprobe_regs_equal(void)
97 struct uprobe_syscall *skel = NULL;
98 struct pt_regs before = {}, after = {};
99 unsigned long *pb = (unsigned long *) &before;
100 unsigned long *pa = (unsigned long *) &after;
105 skel = uprobe_syscall__open_and_load();
106 if (!ASSERT_OK_PTR(skel, "uprobe_syscall__open_and_load"))
109 err = uprobe_syscall__attach(skel);
110 if (!ASSERT_OK(err, "uprobe_syscall__attach"))
113 uretprobe_regs(&before, &after);
115 pp = (unsigned long *) &skel->bss->regs;
116 cnt = sizeof(before)/sizeof(*pb);
118 for (i = 0; i < cnt; i++) {
119 unsigned int offset = i * sizeof(unsigned long);
122 * Check register before and after uretprobe_regs_trigger call
123 * that triggers the uretprobe.
126 case offsetof(struct pt_regs, rax):
127 ASSERT_EQ(pa[i], 0xdeadbeef, "return value");
130 if (!ASSERT_EQ(pb[i], pa[i], "register before-after value check"))
131 fprintf(stdout, "failed register offset %u\n", offset);
135 * Check register seen from bpf program and register after
136 * uretprobe_regs_trigger call
140 * These values will be different (not set in uretprobe_regs),
143 case offsetof(struct pt_regs, orig_rax):
144 case offsetof(struct pt_regs, rip):
145 case offsetof(struct pt_regs, cs):
146 case offsetof(struct pt_regs, rsp):
147 case offsetof(struct pt_regs, ss):
150 if (!ASSERT_EQ(pp[i], pa[i], "register prog-after value check"))
151 fprintf(stdout, "failed register offset %u\n", offset);
156 uprobe_syscall__destroy(skel);
159 #define BPF_TESTMOD_UPROBE_TEST_FILE "/sys/kernel/bpf_testmod_uprobe"
161 static int write_bpf_testmod_uprobe(unsigned long offset)
167 n = sprintf(buf, "%lu", offset);
169 fd = open(BPF_TESTMOD_UPROBE_TEST_FILE, O_WRONLY);
173 ret = write(fd, buf, n);
175 return ret != n ? (int) ret : 0;
178 static void test_uretprobe_regs_change(void)
180 struct pt_regs before = {}, after = {};
181 unsigned long *pb = (unsigned long *) &before;
182 unsigned long *pa = (unsigned long *) &after;
183 unsigned long cnt = sizeof(before)/sizeof(*pb);
184 unsigned int i, err, offset;
186 offset = get_uprobe_offset(uretprobe_regs_trigger);
188 err = write_bpf_testmod_uprobe(offset);
189 if (!ASSERT_OK(err, "register_uprobe"))
192 uretprobe_regs(&before, &after);
194 err = write_bpf_testmod_uprobe(0);
195 if (!ASSERT_OK(err, "unregister_uprobe"))
198 for (i = 0; i < cnt; i++) {
199 unsigned int offset = i * sizeof(unsigned long);
202 case offsetof(struct pt_regs, rax):
203 ASSERT_EQ(pa[i], 0x12345678deadbeef, "rax");
205 case offsetof(struct pt_regs, rcx):
206 ASSERT_EQ(pa[i], 0x87654321feebdaed, "rcx");
208 case offsetof(struct pt_regs, r11):
209 ASSERT_EQ(pa[i], (__u64) -1, "r11");
212 if (!ASSERT_EQ(pa[i], pb[i], "register before-after value check"))
213 fprintf(stdout, "failed register offset %u\n", offset);
218 #ifndef __NR_uretprobe
219 #define __NR_uretprobe 335
222 __naked unsigned long uretprobe_syscall_call_1(void)
225 * Pretend we are uretprobe trampoline to trigger the return
226 * probe invocation in order to verify we get SIGILL.
232 "movq $" __stringify(__NR_uretprobe) ", %rax\n"
240 __naked unsigned long uretprobe_syscall_call(void)
243 "call uretprobe_syscall_call_1\n"
248 static void test_uretprobe_syscall_call(void)
250 LIBBPF_OPTS(bpf_uprobe_multi_opts, opts,
253 struct uprobe_syscall_executed *skel;
254 int pid, status, err, go[2], c;
256 if (!ASSERT_OK(pipe(go), "pipe"))
259 skel = uprobe_syscall_executed__open_and_load();
260 if (!ASSERT_OK_PTR(skel, "uprobe_syscall_executed__open_and_load"))
264 if (!ASSERT_GE(pid, 0, "fork"))
271 /* wait for parent's kick */
272 err = read(go[0], &c, 1);
276 uretprobe_syscall_call();
280 skel->links.test = bpf_program__attach_uprobe_multi(skel->progs.test, pid,
282 "uretprobe_syscall_call", &opts);
283 if (!ASSERT_OK_PTR(skel->links.test, "bpf_program__attach_uprobe_multi"))
288 err = waitpid(pid, &status, 0);
289 ASSERT_EQ(err, pid, "waitpid");
291 /* verify the child got killed with SIGILL */
292 ASSERT_EQ(WIFSIGNALED(status), 1, "WIFSIGNALED");
293 ASSERT_EQ(WTERMSIG(status), SIGILL, "WTERMSIG");
295 /* verify the uretprobe program wasn't called */
296 ASSERT_EQ(skel->bss->executed, 0, "executed");
299 uprobe_syscall_executed__destroy(skel);
305 * Borrowed from tools/testing/selftests/x86/test_shadow_stack.c.
307 * For use in inline enablement of shadow stack.
309 * The program can't return from the point where shadow stack gets enabled
310 * because there will be no address on the shadow stack. So it can't use
311 * syscall() for enablement, since it is a function.
313 * Based on code from nolibc.h. Keep a copy here because this can't pull
314 * in all of nolibc.h.
316 #define ARCH_PRCTL(arg1, arg2) \
319 register long _num asm("eax") = __NR_arch_prctl; \
320 register long _arg1 asm("rdi") = (long)(arg1); \
321 register long _arg2 asm("rsi") = (long)(arg2); \
326 : "r"(_arg1), "r"(_arg2), \
328 : "rcx", "r11", "memory", "cc" \
333 #ifndef ARCH_SHSTK_ENABLE
334 #define ARCH_SHSTK_ENABLE 0x5001
335 #define ARCH_SHSTK_DISABLE 0x5002
336 #define ARCH_SHSTK_SHSTK (1ULL << 0)
339 static void test_uretprobe_shadow_stack(void)
341 if (ARCH_PRCTL(ARCH_SHSTK_ENABLE, ARCH_SHSTK_SHSTK)) {
346 /* Run all of the uretprobe tests. */
347 test_uretprobe_regs_equal();
348 test_uretprobe_regs_change();
349 test_uretprobe_syscall_call();
351 ARCH_PRCTL(ARCH_SHSTK_DISABLE, ARCH_SHSTK_SHSTK);
354 static void test_uretprobe_regs_equal(void)
359 static void test_uretprobe_regs_change(void)
364 static void test_uretprobe_syscall_call(void)
369 static void test_uretprobe_shadow_stack(void)
375 void test_uprobe_syscall(void)
377 if (test__start_subtest("uretprobe_regs_equal"))
378 test_uretprobe_regs_equal();
379 if (test__start_subtest("uretprobe_regs_change"))
380 test_uretprobe_regs_change();
381 if (test__start_subtest("uretprobe_syscall_call"))
382 test_uretprobe_syscall_call();
383 if (test__start_subtest("uretprobe_shadow_stack"))
384 test_uretprobe_shadow_stack();