ebpf-samples.db

{"gitRepoUrl": "https://github.com/vbpf/ebpf-samples.git", "commitId": "bd5009255d9aa6bdccb3f7057126fa005456aaab", "humanFuncDescription": [{"filePath": "src/tail_call_bad.c", "funcName": "caller", "startLine": 24, "endLine": 32, "description": "bpf_tail_call(ctx, &map, 0) helper function triggers a \"tail call\", i.e it jump into another eBPF program.\n                      The program attempts to jump into a program referenced at index=0 in map and passes a pointer to the context named ctx given input to the function.This program will return error because the map is of type BPF_MAP_TYPE_ARRAY. When the map is of type BPF_MAP_TYPE_PROG_ARRAY i.e a prog array, the program will not retrun any error", "author": "Utkalika Satapathy", "authorEmail": "utkalika.satapathy01@gmail.com", "date": "14.02.2023"}, {"filePath": "src/tail_call_bad.c", "funcName": "callee", "startLine": 34, "endLine": 38, "description": "The function callee takes a pointer to ctx of type struct xdp_mdp as input.\n                      And it returns constant 42", "author": "Utkalika Satapathy", "authorEmail": "utkalika.satapathy01@gmail.com", "date": "17.02.2023"}, {"filePath": "src/tail_call.c", "funcName": "callee", "startLine": 33, "endLine": 37, "description": "This is a callee function location which returns 42", "author": "Utkalika Satapathy", "authorEmail": "utkalika.satapathy01@gmail.com", "date": "14.02.2023"}, {"filePath": "src/exposeptr2.c", "funcName": "func", "startLine": 29, "endLine": 36, "description": "Program defines structure ebpf_map of type bpf_map_def having\n                      elements type, key_size, value_size, max_entries, map_flags, \n                      inner_map_idx and numa_node of size 32 units each. \n                      exposeptr2_func() takes as input a structure pointer ctx of \n                      type ctx. It then initializes a variable 'value' of size 32 as\n                      0. Then it uses helper function ebpf_map_update_elem() to update\n                      the value of entry associated to ctx pointer\n                      in map with 'value' and return 0 on successful update, else\n                      return negative value. Here it returns  negative value as the \n                      helper function should fail verification since it stores a\n                      pointer in shared memory, thus exposing it to user-mode apps.", "author": "Neha Chowdhary", "authorEmail": "nehaniket79@gmail.com", "date": "06.02.2023"}, {"filePath": "src/map_in_map.c", "funcName": "func", "startLine": 35, "endLine": 49, "description": "Program defines two variables: 'uint32_t' of type unsigned int \n                      and 'uint64_t'of type unsigned long. Program defines structure \n                      ebpf_map of type bpf_map_def having elements type, key_size, \n                      value_size, max_entries, map_flags, inner_map_idx and numa_node \n                      of type uint32_t each. It defines two macros 'BPF_MAP_TYPE_ARRAY'\n                      as 2 and 'BPF_MAP_TYPE_ARRAY_OF_MAPS' as 12. Helper function \n                      bpf_map_lookup_elem() is used to look up outer_key and the result\n                      is stored in a variable 'nolocal_lru_map'. If this is 1, i.e. \n                      outer_map lookup is successful, then we use the same helper to look \n                      for inner_key using nolocal_lru_map and the result is stored in ret. \n                      If ret is true, function returns 0. Else ret is updated to value \n                      obtained on calling inner_key with inner_map via bpf_map_lookup_elem() \n                      and then function returns 0.", "author": "Neha Chowdhary", "authorEmail": "nehaniket79@gmail.com", "date": "06.02.2023"}, {"filePath": "src/mapunderflow.c", "funcName": "func", "startLine": 29, "endLine": 38, "description": "Function tries to update the value of a key in a eBPF array.\n                      Program defines structure ebpf_map of type bpf_map_def having\n                      elements type, key_size, value_size, max_entries, map_flags, \n                      inner_map_idx and numa_node of size 32 units each. It also \n                      defines a macro BPF_MAP_TYPE_ARRAY of value 2. mapunderflow_func()\n                      defines two variables: 'key' of type integer having value -1 and \n                      'value' of size 64 having value 0. Then it uses \n                      ebpf_map_update_elem() helper function to update the map with \n                      value as 0 and key as -1. This will fail verification since it\n                      tries to write before the start of the array, or past the end \n                      if -1 is interpreted as unsigned. Function returns negative \n                      value on completion.", "author": "Neha Chowdhary", "authorEmail": "nehaniket79@gmail.com", "date": "06.02.2023"}, {"filePath": "src/wronghelper.c", "funcName": "func", "startLine": 29, "endLine": 37, "description": "The function func() takes ctx of type void* as input parameter.\n                      bpf_sock_map_update(ctx, &map, &key, 0) adds an entry to a map referencing sockets as the flag is 0 i.e. BPF_NOEXIST. \n                      The ctx is used as a new value for the entry associated to key. \n                      The function will fail because the type of the ctx is not struct bpf_sock_ops.", "author": "Utkalika Satapathy", "authorEmail": "utkalika.satapathy01@gmail.com", "date": "14.02.2023"}, {"filePath": "src/stackok.c", "funcName": "func", "startLine": 8, "endLine": 19, "description": "An array of 256 bytes is initialized to 0.\n                      A random value of 8 bytes is generated using get_prandom_u32() and stored in rand32 variable. \n                      The index is set to rand32 value which is in the interval [0,255].\n                      The array element at the specified index is returned.", "author": "Utkalika Satapathy", "authorEmail": "utkalika.satapathy01@gmail.com", "date": "14.02.2023"}, {"filePath": "src/badhelpercall.c", "funcName": "func", "startLine": 8, "endLine": 15, "description": "badhelpercall_func() defines a character array 'buffer' of size 1.\n                      It then calls the buffer for size 20 although it has\n                      been defined above as size 16. Thus this will give\n                      an error on calling ebpf_get_current_comm() helper\n                      function with buffer and 20 as arguments.", "author": "Neha Chowdhary", "authorEmail": "nehaniket79@gmail.com", "date": "02.02.2023"}, {"filePath": "src/badrelo.c", "funcName": "func", "startLine": 31, "endLine": 38, "description": "Program defines structure bpf_map having elements type, key_size,\n                      value_size, max_entries, map_flags, inner_map_idx and numa_node of \n                      size 32 units each. badrelo_func() takes a pointer ctx of type struct ctx \n                      as input. It creates a structure of type bpf_map 'map2' and calls the \n                      helper function bpf_map_update_elem() on map2. It returns an error \n                      because bpf_map_update_elem is defined in the program with respect\n                      to the structure map not map2. bpf_map() is an element of type\n                      BPF_MAP_TYPE_ARRAY. Function returns -1 because bpf_map_update_elem\n                      is unsuccessful.", "author": "Neha Chowdhary", "authorEmail": "nehaniket79@gmail.com", "date": "06.02.2023"}, {"filePath": "src/exposeptr.c", "funcName": "func", "startLine": 29, "endLine": 36, "description": "Program defines structure ebpf_map of type bpf_map_def having elements type, key_size, value_size, max_entries, map_flags, inner_map_idx and numa_node of size 32 units each. exposeptr_func() takes as input a structure pointer ctx  of type ctx. It then initializes a variable 'key' of size 32 with value 0. Then it uses  helper function ebpf_map_update_elem() to update the value of entry associated to key in map with ctx pointer. It returns 0 on successful update, else returns negative value. Here it will not get loaded as the helper function should fail verification since it stores a  pointer in shared memory, thus exposing it to user-mode apps.", "author": "Neha Chowdhary", "authorEmail": "nehaniket79@gmail.com", "date": "06.02.2023"}, {"filePath": "src/mapvalue-overrun.c", "funcName": "func", "startLine": 26, "endLine": 39, "description": "Program defines two variables: 'uint32_t' of type unsigned int \n                      and 'uint64_t'of type unsigned long. Program also defines \n                      structure ebpf_map of type bpf_map_def having elements type,\n                      key_size, value_size, max_entries, map_flags, inner_map_idx\n                      and numa_node of type uint32_t each. It also defines a macro\n                      BPF_MAP_TYPE_ARRAY of value 2. mapvalue-overrun_func() defines\n                      a key of type uint32_t having value 1. It uses helper function\n                      bpf_map_lookup_elem() to look up entry associate with key in\n                      map and stores the result in ptr pointer of type 'uint64_t'.\n                      If the entry is not found (i.e. ptr=0), function returns 0. Else\n                      ptr is stored in variable 'i' of type uint64_t' and the function\n                      returns typecast value of i with respect to type uint32_t.", "author": "Neha Chowdhary", "authorEmail": "nehaniket79@gmail.com", "date": "06.02.2023"}, {"filePath": "src/twostackvars.c", "funcName": "func", "startLine": 10, "endLine": 46, "description": "The function func() takes the pointer to struct ctx as input parameter.\n                      An integer array of size 16 is declared named stack_buffer.\n                      An integer random value is generated of type uint32_t is generated using get_prandom_u32()\n                      If the random value is non-zero, the first half of stack_buffer with index [0-7] is filled with random values.\n                      The index variable is initalized with a value which is modulo 8 of rand32 variable i.e. any value from [0-7] is assigned to index.\n                      The pointer ptr points to the address of that index in the stack_buffer.\n                      Else if the random value is 0, the integer pointer stack_buffer2 points to the second half of the array stack_buffer[8].\n                      The second half of the array is filled with random interger values whereas the first half values are unknown.\n                      And the pointer ptr points to the first location of second half array of stack_buffer.\n                      The function func finally returns the value pointed by ptr in the array.", "author": "Utkalika Satapathy", "authorEmail": "utkalika.satapathy01@gmail.com", "date": "14.02.2023"}, {"filePath": "src/byteswap.c", "funcName": "func", "startLine": 8, "endLine": 26, "description": "byteswap_func() takes as input a structure pointer ctx of type ctx.\n                      A random number is generated and stored in variable 'rand32'. Then\n                      this rand32 is compared with various hexadecimal values and according\n                      to the results of the comparison, a value is stored in register 'r0'.\n                      If rand32 is 0x001, value stored in r0 is 'le64 r0' and so on. If all\n                      the comparisons fail, 'be16 r0' is stored in r0 by default. Function\n                      returns 0 on completion.", "author": "Neha Chowdhary", "authorEmail": "nehaniket79@gmail.com", "date": "06.02.2023"}, {"filePath": "src/ctxoffset.c", "funcName": "func", "startLine": 29, "endLine": 38, "description": "ctxoffset_func() takes as input a void pointer of type ctx.\n                      It initializes a variable 'key' of size 32 with value 1.\n                      Then it typecasts the ctx pointer to character and adds\n                      8 bits to it. It then uses helper function\n                      bpf_sock_map_update() to update the socket map using\n                      this ctx pointer which will give an error as 'ctx + 8' is\n                      an invalid pointer. Function will not pass verifier and \n                      will not get loaded.", "author": "Neha Chowdhary", "authorEmail": "nehaniket79@gmail.com", "date": "06.02.2023"}, {"filePath": "src/mapoverflow.c", "funcName": "func", "startLine": 29, "endLine": 37, "description": "Function tries to update the value of a key in a eBPF array.Program defines two variables: 'uint32_t' of type unsigned int \n                      and 'uint64_t'of type unsigned long. Program defines structure ebpf_map of type bpf_map_def having elements type, key_size, \n                      value_size, max_entries, map_flags, inner_map_idx and numa_node of type uint32_t each. It also defines a macro BPF_MAP_TYPE_ARRAY \n                      of value 2. mapoverflow_func() defines two variables: 'key' of type  uint32_t having value 10 and 'value' of type uint64_t having value 0. Then it uses ebpf_map_update_elem() helper function to update the map with value as 0 and key as 10. This will fail  verification since it tries to write past the size of the   array. Function will return negative value on completion.", "author": "Neha Chowdhary", "authorEmail": "nehaniket79@gmail.com", "date": "06.02.2023"}, {"filePath": "src/packet_overflow.c", "funcName": "read_write_packet_start", "startLine": 18, "endLine": 27, "description": "struct xdp_md is an user-accessible metadata for the XDP packet hook.\n                      This is used as an input parameter of the function read_write_packet_start(), to access the packet contents via the XDP context.\n                      The packet contents are between ctx->data and ctx->data_end.\n                      It checks packet bounds i.e if the start of the packet is greater than the end of the packet, it returns 1 i.e. error in retrieving the packet contents.\n                      Else, it reads the integer content of the packet, increases the value by 1, and writes back to the packet.\n                      On successfully writing the value in the packet it returns 0.", "author": "Utkalika Satapathy", "authorEmail": "utkalika.satapathy01@gmail.com", "date": ""}, {"filePath": "src/badmapptr.c", "funcName": "test_repro", "startLine": 28, "endLine": 40, "description": "Program defines structure bpf_map_def_t of type bpf_map_def\n                      having elements type, key_size, value_size, max_entries,\n                      map_flags, inner_map_idx and numa_node of size 32 units\n                      each. badmapptr_test_repro() defines a key of value 1. A test map\n                      of type bpf_map_def_t is defined. Two values 'map + 1' and 'key'\n                      are passed in ebpf_map_lookup_elem which will return value\n                      in 'value'. If value!=0, then function returns 1 else 0.", "author": "Neha Chowdhary", "authorEmail": "nehaniket79@gmail.com", "date": "02.02.2023"}, {"filePath": "src/nullmapref.c", "funcName": "test_repro", "startLine": 28, "endLine": 40, "description": "This function updates a value for key==1 in test_map.\n                      Program defines variable 'uint32_t' of type unsigned int\n                      and a structure _bpf_map_def of type bpf_map_def having \n                      elements type, key_size, value_size, max_entries, map_flags,\n                      inner_map_idx and numa_node of type uint32_t each. Function\n                      nullmapref_test_repro() takes as input a void pointer ctx. It\n                      defines a variable key of type uint32_t with value 1. Then it\n                      calls helper function ebpf_map_lookup_elem() to look for entry\n                      associated to key in test_map and store the result in variable\n                      'value' of type uint32_t. ebpf_map_lookup_elem can return NULL\n                      if not found, so this unchecked dereference should fail \n                      verification. Then we update 'value' to 1. Function returns 0\n                      on completion.", "author": "Neha Chowdhary", "authorEmail": "nehaniket79@gmail.com", "date": "06.02.2023"}, {"filePath": "src/loop.c", "funcName": "foo", "startLine": 13, "endLine": 31, "description": "Function writes 1 in each element of an array of size ARRAY_LENGTH and \n                      then returns the sum of elements of the array. Hence, in absence of errors,\n                      the code should return ARRAY_LENGTH.Program defines a structure test_md\n                      having two elements data_start and data_end of type uint8_t. uint8_t \n                      is defined earlier in the program  as variable type unsigned char. It\n                      also defines a macro ARRAY_LENGTH of value 40. foo() takes as input a \n                      pointer ctx of type struct test_md. It has two variables named index\n                      and cumul initialized as 0. It also defines an array of length \n                      ARRAY_LENGTH (i.e. 40) initialized as 0. Then the function runs a for \n                      loop over index = (0 to size of array) to check whether the difference \n                      of data_start and data_end is greater than value in 'index'. If yes it \n                      sets array at index value 'index' as 1. Finally it runs a for loop from\n                      index = (0 to array size) and calculates the sum of all the elements.\n                      Function returns this sum which is stored in 'cumul' on completion.", "author": "Neha Chowdhary", "authorEmail": "nehaniket79@gmail.com", "date": "06.02.2023"}, {"filePath": "src/ringbuf_uninit.c", "funcName": "test", "startLine": 24, "endLine": 32, "description": " ebpf_map is a structure which stores following fields: type, key_size, value_size, max_entries, map_flags, inner_map_idx, numa_node.\n                       ring_buffer is a eBPF ring buffer type map that contains upto 256*1024 entries.\n                       bpf_ringbuf_output(&ring_buffer, &test, sizeof(test), 0) copies 8 bytes (i.e. sizeof(test)) from variable test into a ring buffer\n                       ring_buffer. It will return 0 on successfully copying the data else returns 1 on failure.", "author": "Utkalika Satapathy", "authorEmail": "utkalika.satapathy01@gmail.com", "date": ""}, {"filePath": "src/packet_access.c", "funcName": "test_packet_access", "startLine": 18, "endLine": 58, "description": "The function checks whether the compiler generated assembly matches the handcrafted one.\n                      A structure xdp_md is created to store data, data_end, data_meta, _1, _2, _3 of type uint32_t\n                      This struct xdp_md is passed as argument to the function.\n                      A random number is generated and saved in rand32 variable.\n                      a offset is calulated and it is checked whether the data plus the offset is less than the data_end or not,\n                      if it is less than data_end, 1 is returned and ptr value is updated to offset+data i.e. points to the next data.\n                      Else the compiler executes a set of assembly as it is.", "author": "Utkalika Satapathy", "authorEmail": "utkalika.satapathy01@gmail.com", "date": "02.02.2023"}]}