140f2fbd5SJakub Kicinski { 240f2fbd5SJakub Kicinski "access skb fields ok", 340f2fbd5SJakub Kicinski .insns = { 440f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 540f2fbd5SJakub Kicinski offsetof(struct __sk_buff, len)), 640f2fbd5SJakub Kicinski BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 1), 740f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 840f2fbd5SJakub Kicinski offsetof(struct __sk_buff, mark)), 940f2fbd5SJakub Kicinski BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 1), 1040f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 1140f2fbd5SJakub Kicinski offsetof(struct __sk_buff, pkt_type)), 1240f2fbd5SJakub Kicinski BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 1), 1340f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 1440f2fbd5SJakub Kicinski offsetof(struct __sk_buff, queue_mapping)), 1540f2fbd5SJakub Kicinski BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 0), 1640f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 1740f2fbd5SJakub Kicinski offsetof(struct __sk_buff, protocol)), 1840f2fbd5SJakub Kicinski BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 0), 1940f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 2040f2fbd5SJakub Kicinski offsetof(struct __sk_buff, vlan_present)), 2140f2fbd5SJakub Kicinski BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 0), 2240f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 2340f2fbd5SJakub Kicinski offsetof(struct __sk_buff, vlan_tci)), 2440f2fbd5SJakub Kicinski BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 0), 2540f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 2640f2fbd5SJakub Kicinski offsetof(struct __sk_buff, napi_id)), 2740f2fbd5SJakub Kicinski BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 0), 2840f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 2940f2fbd5SJakub Kicinski }, 3040f2fbd5SJakub Kicinski .result = ACCEPT, 3140f2fbd5SJakub Kicinski }, 3240f2fbd5SJakub Kicinski { 3340f2fbd5SJakub Kicinski "access skb fields bad1", 3440f2fbd5SJakub Kicinski .insns = { 3540f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, -4), 3640f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 3740f2fbd5SJakub Kicinski }, 3840f2fbd5SJakub Kicinski .errstr = "invalid bpf_context access", 3940f2fbd5SJakub Kicinski .result = REJECT, 4040f2fbd5SJakub Kicinski }, 4140f2fbd5SJakub Kicinski { 4240f2fbd5SJakub Kicinski "access skb fields bad2", 4340f2fbd5SJakub Kicinski .insns = { 4440f2fbd5SJakub Kicinski BPF_JMP_IMM(BPF_JGE, BPF_REG_1, 0, 9), 4540f2fbd5SJakub Kicinski BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), 4640f2fbd5SJakub Kicinski BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 4740f2fbd5SJakub Kicinski BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 4840f2fbd5SJakub Kicinski BPF_LD_MAP_FD(BPF_REG_1, 0), 4940f2fbd5SJakub Kicinski BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 5040f2fbd5SJakub Kicinski BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 5140f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 5240f2fbd5SJakub Kicinski BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), 5340f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 5440f2fbd5SJakub Kicinski offsetof(struct __sk_buff, pkt_type)), 5540f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 5640f2fbd5SJakub Kicinski }, 5740f2fbd5SJakub Kicinski .fixup_map_hash_8b = { 4 }, 5840f2fbd5SJakub Kicinski .errstr = "different pointers", 5940f2fbd5SJakub Kicinski .errstr_unpriv = "R1 pointer comparison", 6040f2fbd5SJakub Kicinski .result = REJECT, 6140f2fbd5SJakub Kicinski }, 6240f2fbd5SJakub Kicinski { 6340f2fbd5SJakub Kicinski "access skb fields bad3", 6440f2fbd5SJakub Kicinski .insns = { 6540f2fbd5SJakub Kicinski BPF_JMP_IMM(BPF_JGE, BPF_REG_1, 0, 2), 6640f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 6740f2fbd5SJakub Kicinski offsetof(struct __sk_buff, pkt_type)), 6840f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 6940f2fbd5SJakub Kicinski BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), 7040f2fbd5SJakub Kicinski BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 7140f2fbd5SJakub Kicinski BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 7240f2fbd5SJakub Kicinski BPF_LD_MAP_FD(BPF_REG_1, 0), 7340f2fbd5SJakub Kicinski BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 7440f2fbd5SJakub Kicinski BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 7540f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 7640f2fbd5SJakub Kicinski BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), 7740f2fbd5SJakub Kicinski BPF_JMP_IMM(BPF_JA, 0, 0, -12), 7840f2fbd5SJakub Kicinski }, 7940f2fbd5SJakub Kicinski .fixup_map_hash_8b = { 6 }, 8040f2fbd5SJakub Kicinski .errstr = "different pointers", 8140f2fbd5SJakub Kicinski .errstr_unpriv = "R1 pointer comparison", 8240f2fbd5SJakub Kicinski .result = REJECT, 8340f2fbd5SJakub Kicinski }, 8440f2fbd5SJakub Kicinski { 8540f2fbd5SJakub Kicinski "access skb fields bad4", 8640f2fbd5SJakub Kicinski .insns = { 8740f2fbd5SJakub Kicinski BPF_JMP_IMM(BPF_JGE, BPF_REG_1, 0, 3), 8840f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 8940f2fbd5SJakub Kicinski offsetof(struct __sk_buff, len)), 9040f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 9140f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 9240f2fbd5SJakub Kicinski BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), 9340f2fbd5SJakub Kicinski BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 9440f2fbd5SJakub Kicinski BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 9540f2fbd5SJakub Kicinski BPF_LD_MAP_FD(BPF_REG_1, 0), 9640f2fbd5SJakub Kicinski BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 9740f2fbd5SJakub Kicinski BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 9840f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 9940f2fbd5SJakub Kicinski BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), 10040f2fbd5SJakub Kicinski BPF_JMP_IMM(BPF_JA, 0, 0, -13), 10140f2fbd5SJakub Kicinski }, 10240f2fbd5SJakub Kicinski .fixup_map_hash_8b = { 7 }, 10340f2fbd5SJakub Kicinski .errstr = "different pointers", 10440f2fbd5SJakub Kicinski .errstr_unpriv = "R1 pointer comparison", 10540f2fbd5SJakub Kicinski .result = REJECT, 10640f2fbd5SJakub Kicinski }, 10740f2fbd5SJakub Kicinski { 10840f2fbd5SJakub Kicinski "invalid access __sk_buff family", 10940f2fbd5SJakub Kicinski .insns = { 11040f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 11140f2fbd5SJakub Kicinski offsetof(struct __sk_buff, family)), 11240f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 11340f2fbd5SJakub Kicinski }, 11440f2fbd5SJakub Kicinski .errstr = "invalid bpf_context access", 11540f2fbd5SJakub Kicinski .result = REJECT, 11640f2fbd5SJakub Kicinski }, 11740f2fbd5SJakub Kicinski { 11840f2fbd5SJakub Kicinski "invalid access __sk_buff remote_ip4", 11940f2fbd5SJakub Kicinski .insns = { 12040f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 12140f2fbd5SJakub Kicinski offsetof(struct __sk_buff, remote_ip4)), 12240f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 12340f2fbd5SJakub Kicinski }, 12440f2fbd5SJakub Kicinski .errstr = "invalid bpf_context access", 12540f2fbd5SJakub Kicinski .result = REJECT, 12640f2fbd5SJakub Kicinski }, 12740f2fbd5SJakub Kicinski { 12840f2fbd5SJakub Kicinski "invalid access __sk_buff local_ip4", 12940f2fbd5SJakub Kicinski .insns = { 13040f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 13140f2fbd5SJakub Kicinski offsetof(struct __sk_buff, local_ip4)), 13240f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 13340f2fbd5SJakub Kicinski }, 13440f2fbd5SJakub Kicinski .errstr = "invalid bpf_context access", 13540f2fbd5SJakub Kicinski .result = REJECT, 13640f2fbd5SJakub Kicinski }, 13740f2fbd5SJakub Kicinski { 13840f2fbd5SJakub Kicinski "invalid access __sk_buff remote_ip6", 13940f2fbd5SJakub Kicinski .insns = { 14040f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 14140f2fbd5SJakub Kicinski offsetof(struct __sk_buff, remote_ip6)), 14240f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 14340f2fbd5SJakub Kicinski }, 14440f2fbd5SJakub Kicinski .errstr = "invalid bpf_context access", 14540f2fbd5SJakub Kicinski .result = REJECT, 14640f2fbd5SJakub Kicinski }, 14740f2fbd5SJakub Kicinski { 14840f2fbd5SJakub Kicinski "invalid access __sk_buff local_ip6", 14940f2fbd5SJakub Kicinski .insns = { 15040f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 15140f2fbd5SJakub Kicinski offsetof(struct __sk_buff, local_ip6)), 15240f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 15340f2fbd5SJakub Kicinski }, 15440f2fbd5SJakub Kicinski .errstr = "invalid bpf_context access", 15540f2fbd5SJakub Kicinski .result = REJECT, 15640f2fbd5SJakub Kicinski }, 15740f2fbd5SJakub Kicinski { 15840f2fbd5SJakub Kicinski "invalid access __sk_buff remote_port", 15940f2fbd5SJakub Kicinski .insns = { 16040f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 16140f2fbd5SJakub Kicinski offsetof(struct __sk_buff, remote_port)), 16240f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 16340f2fbd5SJakub Kicinski }, 16440f2fbd5SJakub Kicinski .errstr = "invalid bpf_context access", 16540f2fbd5SJakub Kicinski .result = REJECT, 16640f2fbd5SJakub Kicinski }, 16740f2fbd5SJakub Kicinski { 16840f2fbd5SJakub Kicinski "invalid access __sk_buff remote_port", 16940f2fbd5SJakub Kicinski .insns = { 17040f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 17140f2fbd5SJakub Kicinski offsetof(struct __sk_buff, local_port)), 17240f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 17340f2fbd5SJakub Kicinski }, 17440f2fbd5SJakub Kicinski .errstr = "invalid bpf_context access", 17540f2fbd5SJakub Kicinski .result = REJECT, 17640f2fbd5SJakub Kicinski }, 17740f2fbd5SJakub Kicinski { 17840f2fbd5SJakub Kicinski "valid access __sk_buff family", 17940f2fbd5SJakub Kicinski .insns = { 18040f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 18140f2fbd5SJakub Kicinski offsetof(struct __sk_buff, family)), 18240f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 18340f2fbd5SJakub Kicinski }, 18440f2fbd5SJakub Kicinski .result = ACCEPT, 18540f2fbd5SJakub Kicinski .prog_type = BPF_PROG_TYPE_SK_SKB, 18640f2fbd5SJakub Kicinski }, 18740f2fbd5SJakub Kicinski { 18840f2fbd5SJakub Kicinski "valid access __sk_buff remote_ip4", 18940f2fbd5SJakub Kicinski .insns = { 19040f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 19140f2fbd5SJakub Kicinski offsetof(struct __sk_buff, remote_ip4)), 19240f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 19340f2fbd5SJakub Kicinski }, 19440f2fbd5SJakub Kicinski .result = ACCEPT, 19540f2fbd5SJakub Kicinski .prog_type = BPF_PROG_TYPE_SK_SKB, 19640f2fbd5SJakub Kicinski }, 19740f2fbd5SJakub Kicinski { 19840f2fbd5SJakub Kicinski "valid access __sk_buff local_ip4", 19940f2fbd5SJakub Kicinski .insns = { 20040f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 20140f2fbd5SJakub Kicinski offsetof(struct __sk_buff, local_ip4)), 20240f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 20340f2fbd5SJakub Kicinski }, 20440f2fbd5SJakub Kicinski .result = ACCEPT, 20540f2fbd5SJakub Kicinski .prog_type = BPF_PROG_TYPE_SK_SKB, 20640f2fbd5SJakub Kicinski }, 20740f2fbd5SJakub Kicinski { 20840f2fbd5SJakub Kicinski "valid access __sk_buff remote_ip6", 20940f2fbd5SJakub Kicinski .insns = { 21040f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 21140f2fbd5SJakub Kicinski offsetof(struct __sk_buff, remote_ip6[0])), 21240f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 21340f2fbd5SJakub Kicinski offsetof(struct __sk_buff, remote_ip6[1])), 21440f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 21540f2fbd5SJakub Kicinski offsetof(struct __sk_buff, remote_ip6[2])), 21640f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 21740f2fbd5SJakub Kicinski offsetof(struct __sk_buff, remote_ip6[3])), 21840f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 21940f2fbd5SJakub Kicinski }, 22040f2fbd5SJakub Kicinski .result = ACCEPT, 22140f2fbd5SJakub Kicinski .prog_type = BPF_PROG_TYPE_SK_SKB, 22240f2fbd5SJakub Kicinski }, 22340f2fbd5SJakub Kicinski { 22440f2fbd5SJakub Kicinski "valid access __sk_buff local_ip6", 22540f2fbd5SJakub Kicinski .insns = { 22640f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 22740f2fbd5SJakub Kicinski offsetof(struct __sk_buff, local_ip6[0])), 22840f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 22940f2fbd5SJakub Kicinski offsetof(struct __sk_buff, local_ip6[1])), 23040f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 23140f2fbd5SJakub Kicinski offsetof(struct __sk_buff, local_ip6[2])), 23240f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 23340f2fbd5SJakub Kicinski offsetof(struct __sk_buff, local_ip6[3])), 23440f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 23540f2fbd5SJakub Kicinski }, 23640f2fbd5SJakub Kicinski .result = ACCEPT, 23740f2fbd5SJakub Kicinski .prog_type = BPF_PROG_TYPE_SK_SKB, 23840f2fbd5SJakub Kicinski }, 23940f2fbd5SJakub Kicinski { 24040f2fbd5SJakub Kicinski "valid access __sk_buff remote_port", 24140f2fbd5SJakub Kicinski .insns = { 24240f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 24340f2fbd5SJakub Kicinski offsetof(struct __sk_buff, remote_port)), 24440f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 24540f2fbd5SJakub Kicinski }, 24640f2fbd5SJakub Kicinski .result = ACCEPT, 24740f2fbd5SJakub Kicinski .prog_type = BPF_PROG_TYPE_SK_SKB, 24840f2fbd5SJakub Kicinski }, 24940f2fbd5SJakub Kicinski { 25040f2fbd5SJakub Kicinski "valid access __sk_buff remote_port", 25140f2fbd5SJakub Kicinski .insns = { 25240f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 25340f2fbd5SJakub Kicinski offsetof(struct __sk_buff, local_port)), 25440f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 25540f2fbd5SJakub Kicinski }, 25640f2fbd5SJakub Kicinski .result = ACCEPT, 25740f2fbd5SJakub Kicinski .prog_type = BPF_PROG_TYPE_SK_SKB, 25840f2fbd5SJakub Kicinski }, 25940f2fbd5SJakub Kicinski { 26040f2fbd5SJakub Kicinski "invalid access of tc_classid for SK_SKB", 26140f2fbd5SJakub Kicinski .insns = { 26240f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 26340f2fbd5SJakub Kicinski offsetof(struct __sk_buff, tc_classid)), 26440f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 26540f2fbd5SJakub Kicinski }, 26640f2fbd5SJakub Kicinski .result = REJECT, 26740f2fbd5SJakub Kicinski .prog_type = BPF_PROG_TYPE_SK_SKB, 26840f2fbd5SJakub Kicinski .errstr = "invalid bpf_context access", 26940f2fbd5SJakub Kicinski }, 27040f2fbd5SJakub Kicinski { 27140f2fbd5SJakub Kicinski "invalid access of skb->mark for SK_SKB", 27240f2fbd5SJakub Kicinski .insns = { 27340f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 27440f2fbd5SJakub Kicinski offsetof(struct __sk_buff, mark)), 27540f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 27640f2fbd5SJakub Kicinski }, 27740f2fbd5SJakub Kicinski .result = REJECT, 27840f2fbd5SJakub Kicinski .prog_type = BPF_PROG_TYPE_SK_SKB, 27940f2fbd5SJakub Kicinski .errstr = "invalid bpf_context access", 28040f2fbd5SJakub Kicinski }, 28140f2fbd5SJakub Kicinski { 28240f2fbd5SJakub Kicinski "check skb->mark is not writeable by SK_SKB", 28340f2fbd5SJakub Kicinski .insns = { 28440f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 28540f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 28640f2fbd5SJakub Kicinski offsetof(struct __sk_buff, mark)), 28740f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 28840f2fbd5SJakub Kicinski }, 28940f2fbd5SJakub Kicinski .result = REJECT, 29040f2fbd5SJakub Kicinski .prog_type = BPF_PROG_TYPE_SK_SKB, 29140f2fbd5SJakub Kicinski .errstr = "invalid bpf_context access", 29240f2fbd5SJakub Kicinski }, 29340f2fbd5SJakub Kicinski { 29440f2fbd5SJakub Kicinski "check skb->tc_index is writeable by SK_SKB", 29540f2fbd5SJakub Kicinski .insns = { 29640f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 29740f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 29840f2fbd5SJakub Kicinski offsetof(struct __sk_buff, tc_index)), 29940f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 30040f2fbd5SJakub Kicinski }, 30140f2fbd5SJakub Kicinski .result = ACCEPT, 30240f2fbd5SJakub Kicinski .prog_type = BPF_PROG_TYPE_SK_SKB, 30340f2fbd5SJakub Kicinski }, 30440f2fbd5SJakub Kicinski { 30540f2fbd5SJakub Kicinski "check skb->priority is writeable by SK_SKB", 30640f2fbd5SJakub Kicinski .insns = { 30740f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 30840f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 30940f2fbd5SJakub Kicinski offsetof(struct __sk_buff, priority)), 31040f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 31140f2fbd5SJakub Kicinski }, 31240f2fbd5SJakub Kicinski .result = ACCEPT, 31340f2fbd5SJakub Kicinski .prog_type = BPF_PROG_TYPE_SK_SKB, 31440f2fbd5SJakub Kicinski }, 31540f2fbd5SJakub Kicinski { 31640f2fbd5SJakub Kicinski "direct packet read for SK_SKB", 31740f2fbd5SJakub Kicinski .insns = { 31840f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 31940f2fbd5SJakub Kicinski offsetof(struct __sk_buff, data)), 32040f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 32140f2fbd5SJakub Kicinski offsetof(struct __sk_buff, data_end)), 32240f2fbd5SJakub Kicinski BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 32340f2fbd5SJakub Kicinski BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 32440f2fbd5SJakub Kicinski BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1), 32540f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0), 32640f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 32740f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 32840f2fbd5SJakub Kicinski }, 32940f2fbd5SJakub Kicinski .result = ACCEPT, 33040f2fbd5SJakub Kicinski .prog_type = BPF_PROG_TYPE_SK_SKB, 33140f2fbd5SJakub Kicinski }, 33240f2fbd5SJakub Kicinski { 33340f2fbd5SJakub Kicinski "direct packet write for SK_SKB", 33440f2fbd5SJakub Kicinski .insns = { 33540f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 33640f2fbd5SJakub Kicinski offsetof(struct __sk_buff, data)), 33740f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 33840f2fbd5SJakub Kicinski offsetof(struct __sk_buff, data_end)), 33940f2fbd5SJakub Kicinski BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 34040f2fbd5SJakub Kicinski BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 34140f2fbd5SJakub Kicinski BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1), 34240f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_B, BPF_REG_2, BPF_REG_2, 0), 34340f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 34440f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 34540f2fbd5SJakub Kicinski }, 34640f2fbd5SJakub Kicinski .result = ACCEPT, 34740f2fbd5SJakub Kicinski .prog_type = BPF_PROG_TYPE_SK_SKB, 34840f2fbd5SJakub Kicinski }, 34940f2fbd5SJakub Kicinski { 35040f2fbd5SJakub Kicinski "overlapping checks for direct packet access SK_SKB", 35140f2fbd5SJakub Kicinski .insns = { 35240f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 35340f2fbd5SJakub Kicinski offsetof(struct __sk_buff, data)), 35440f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 35540f2fbd5SJakub Kicinski offsetof(struct __sk_buff, data_end)), 35640f2fbd5SJakub Kicinski BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 35740f2fbd5SJakub Kicinski BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 35840f2fbd5SJakub Kicinski BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 4), 35940f2fbd5SJakub Kicinski BPF_MOV64_REG(BPF_REG_1, BPF_REG_2), 36040f2fbd5SJakub Kicinski BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 6), 36140f2fbd5SJakub Kicinski BPF_JMP_REG(BPF_JGT, BPF_REG_1, BPF_REG_3, 1), 36240f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_2, 6), 36340f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 36440f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 36540f2fbd5SJakub Kicinski }, 36640f2fbd5SJakub Kicinski .result = ACCEPT, 36740f2fbd5SJakub Kicinski .prog_type = BPF_PROG_TYPE_SK_SKB, 36840f2fbd5SJakub Kicinski }, 36940f2fbd5SJakub Kicinski { 37040f2fbd5SJakub Kicinski "check skb->mark is not writeable by sockets", 37140f2fbd5SJakub Kicinski .insns = { 37240f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 37340f2fbd5SJakub Kicinski offsetof(struct __sk_buff, mark)), 37440f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 37540f2fbd5SJakub Kicinski }, 37640f2fbd5SJakub Kicinski .errstr = "invalid bpf_context access", 37740f2fbd5SJakub Kicinski .errstr_unpriv = "R1 leaks addr", 37840f2fbd5SJakub Kicinski .result = REJECT, 37940f2fbd5SJakub Kicinski }, 38040f2fbd5SJakub Kicinski { 38140f2fbd5SJakub Kicinski "check skb->tc_index is not writeable by sockets", 38240f2fbd5SJakub Kicinski .insns = { 38340f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 38440f2fbd5SJakub Kicinski offsetof(struct __sk_buff, tc_index)), 38540f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 38640f2fbd5SJakub Kicinski }, 38740f2fbd5SJakub Kicinski .errstr = "invalid bpf_context access", 38840f2fbd5SJakub Kicinski .errstr_unpriv = "R1 leaks addr", 38940f2fbd5SJakub Kicinski .result = REJECT, 39040f2fbd5SJakub Kicinski }, 39140f2fbd5SJakub Kicinski { 39240f2fbd5SJakub Kicinski "check cb access: byte", 39340f2fbd5SJakub Kicinski .insns = { 39440f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 39540f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 39640f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[0])), 39740f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 39840f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[0]) + 1), 39940f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 40040f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[0]) + 2), 40140f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 40240f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[0]) + 3), 40340f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 40440f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[1])), 40540f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 40640f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[1]) + 1), 40740f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 40840f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[1]) + 2), 40940f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 41040f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[1]) + 3), 41140f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 41240f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[2])), 41340f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 41440f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[2]) + 1), 41540f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 41640f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[2]) + 2), 41740f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 41840f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[2]) + 3), 41940f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 42040f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[3])), 42140f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 42240f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[3]) + 1), 42340f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 42440f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[3]) + 2), 42540f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 42640f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[3]) + 3), 42740f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 42840f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[4])), 42940f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 43040f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[4]) + 1), 43140f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 43240f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[4]) + 2), 43340f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 43440f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[4]) + 3), 43540f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 43640f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[0])), 43740f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 43840f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[0]) + 1), 43940f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 44040f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[0]) + 2), 44140f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 44240f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[0]) + 3), 44340f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 44440f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[1])), 44540f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 44640f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[1]) + 1), 44740f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 44840f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[1]) + 2), 44940f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 45040f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[1]) + 3), 45140f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 45240f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[2])), 45340f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 45440f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[2]) + 1), 45540f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 45640f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[2]) + 2), 45740f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 45840f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[2]) + 3), 45940f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 46040f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[3])), 46140f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 46240f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[3]) + 1), 46340f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 46440f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[3]) + 2), 46540f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 46640f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[3]) + 3), 46740f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 46840f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[4])), 46940f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 47040f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[4]) + 1), 47140f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 47240f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[4]) + 2), 47340f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 47440f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[4]) + 3), 47540f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 47640f2fbd5SJakub Kicinski }, 47740f2fbd5SJakub Kicinski .result = ACCEPT, 47840f2fbd5SJakub Kicinski }, 47940f2fbd5SJakub Kicinski { 48040f2fbd5SJakub Kicinski "__sk_buff->hash, offset 0, byte store not permitted", 48140f2fbd5SJakub Kicinski .insns = { 48240f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 48340f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 48440f2fbd5SJakub Kicinski offsetof(struct __sk_buff, hash)), 48540f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 48640f2fbd5SJakub Kicinski }, 48740f2fbd5SJakub Kicinski .errstr = "invalid bpf_context access", 48840f2fbd5SJakub Kicinski .result = REJECT, 48940f2fbd5SJakub Kicinski }, 49040f2fbd5SJakub Kicinski { 49140f2fbd5SJakub Kicinski "__sk_buff->tc_index, offset 3, byte store not permitted", 49240f2fbd5SJakub Kicinski .insns = { 49340f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 49440f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 49540f2fbd5SJakub Kicinski offsetof(struct __sk_buff, tc_index) + 3), 49640f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 49740f2fbd5SJakub Kicinski }, 49840f2fbd5SJakub Kicinski .errstr = "invalid bpf_context access", 49940f2fbd5SJakub Kicinski .result = REJECT, 50040f2fbd5SJakub Kicinski }, 50140f2fbd5SJakub Kicinski { 50240f2fbd5SJakub Kicinski "check skb->hash byte load permitted", 50340f2fbd5SJakub Kicinski .insns = { 50440f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 50506fca841SIlya Leoshkevich #if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ 50640f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 50740f2fbd5SJakub Kicinski offsetof(struct __sk_buff, hash)), 50840f2fbd5SJakub Kicinski #else 50940f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 51040f2fbd5SJakub Kicinski offsetof(struct __sk_buff, hash) + 3), 51140f2fbd5SJakub Kicinski #endif 51240f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 51340f2fbd5SJakub Kicinski }, 51440f2fbd5SJakub Kicinski .result = ACCEPT, 51540f2fbd5SJakub Kicinski }, 51640f2fbd5SJakub Kicinski { 51740f2fbd5SJakub Kicinski "check skb->hash byte load permitted 1", 51840f2fbd5SJakub Kicinski .insns = { 51940f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 52040f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 52140f2fbd5SJakub Kicinski offsetof(struct __sk_buff, hash) + 1), 52240f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 52340f2fbd5SJakub Kicinski }, 52440f2fbd5SJakub Kicinski .result = ACCEPT, 52540f2fbd5SJakub Kicinski }, 52640f2fbd5SJakub Kicinski { 52740f2fbd5SJakub Kicinski "check skb->hash byte load permitted 2", 52840f2fbd5SJakub Kicinski .insns = { 52940f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 53040f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 53140f2fbd5SJakub Kicinski offsetof(struct __sk_buff, hash) + 2), 53240f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 53340f2fbd5SJakub Kicinski }, 53440f2fbd5SJakub Kicinski .result = ACCEPT, 53540f2fbd5SJakub Kicinski }, 53640f2fbd5SJakub Kicinski { 53740f2fbd5SJakub Kicinski "check skb->hash byte load permitted 3", 53840f2fbd5SJakub Kicinski .insns = { 53940f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 54006fca841SIlya Leoshkevich #if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ 54140f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 54240f2fbd5SJakub Kicinski offsetof(struct __sk_buff, hash) + 3), 54340f2fbd5SJakub Kicinski #else 54440f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 54540f2fbd5SJakub Kicinski offsetof(struct __sk_buff, hash)), 54640f2fbd5SJakub Kicinski #endif 54740f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 54840f2fbd5SJakub Kicinski }, 54940f2fbd5SJakub Kicinski .result = ACCEPT, 55040f2fbd5SJakub Kicinski }, 55140f2fbd5SJakub Kicinski { 55240f2fbd5SJakub Kicinski "check cb access: byte, wrong type", 55340f2fbd5SJakub Kicinski .insns = { 55440f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 55540f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 55640f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[0])), 55740f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 55840f2fbd5SJakub Kicinski }, 55940f2fbd5SJakub Kicinski .errstr = "invalid bpf_context access", 56040f2fbd5SJakub Kicinski .result = REJECT, 56140f2fbd5SJakub Kicinski .prog_type = BPF_PROG_TYPE_CGROUP_SOCK, 56240f2fbd5SJakub Kicinski }, 56340f2fbd5SJakub Kicinski { 56440f2fbd5SJakub Kicinski "check cb access: half", 56540f2fbd5SJakub Kicinski .insns = { 56640f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 56740f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 56840f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[0])), 56940f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 57040f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[0]) + 2), 57140f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 57240f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[1])), 57340f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 57440f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[1]) + 2), 57540f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 57640f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[2])), 57740f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 57840f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[2]) + 2), 57940f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 58040f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[3])), 58140f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 58240f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[3]) + 2), 58340f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 58440f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[4])), 58540f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 58640f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[4]) + 2), 58740f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 58840f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[0])), 58940f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 59040f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[0]) + 2), 59140f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 59240f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[1])), 59340f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 59440f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[1]) + 2), 59540f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 59640f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[2])), 59740f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 59840f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[2]) + 2), 59940f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 60040f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[3])), 60140f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 60240f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[3]) + 2), 60340f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 60440f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[4])), 60540f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 60640f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[4]) + 2), 60740f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 60840f2fbd5SJakub Kicinski }, 60940f2fbd5SJakub Kicinski .result = ACCEPT, 61040f2fbd5SJakub Kicinski }, 61140f2fbd5SJakub Kicinski { 61240f2fbd5SJakub Kicinski "check cb access: half, unaligned", 61340f2fbd5SJakub Kicinski .insns = { 61440f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 61540f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 61640f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[0]) + 1), 61740f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 61840f2fbd5SJakub Kicinski }, 61940f2fbd5SJakub Kicinski .errstr = "misaligned context access", 62040f2fbd5SJakub Kicinski .result = REJECT, 62140f2fbd5SJakub Kicinski .flags = F_LOAD_WITH_STRICT_ALIGNMENT, 62240f2fbd5SJakub Kicinski }, 62340f2fbd5SJakub Kicinski { 62440f2fbd5SJakub Kicinski "check __sk_buff->hash, offset 0, half store not permitted", 62540f2fbd5SJakub Kicinski .insns = { 62640f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 62740f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 62840f2fbd5SJakub Kicinski offsetof(struct __sk_buff, hash)), 62940f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 63040f2fbd5SJakub Kicinski }, 63140f2fbd5SJakub Kicinski .errstr = "invalid bpf_context access", 63240f2fbd5SJakub Kicinski .result = REJECT, 63340f2fbd5SJakub Kicinski }, 63440f2fbd5SJakub Kicinski { 63540f2fbd5SJakub Kicinski "check __sk_buff->tc_index, offset 2, half store not permitted", 63640f2fbd5SJakub Kicinski .insns = { 63740f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 63840f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 63940f2fbd5SJakub Kicinski offsetof(struct __sk_buff, tc_index) + 2), 64040f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 64140f2fbd5SJakub Kicinski }, 64240f2fbd5SJakub Kicinski .errstr = "invalid bpf_context access", 64340f2fbd5SJakub Kicinski .result = REJECT, 64440f2fbd5SJakub Kicinski }, 64540f2fbd5SJakub Kicinski { 64640f2fbd5SJakub Kicinski "check skb->hash half load permitted", 64740f2fbd5SJakub Kicinski .insns = { 64840f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 64906fca841SIlya Leoshkevich #if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ 65040f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 65140f2fbd5SJakub Kicinski offsetof(struct __sk_buff, hash)), 65240f2fbd5SJakub Kicinski #else 65340f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 65440f2fbd5SJakub Kicinski offsetof(struct __sk_buff, hash) + 2), 65540f2fbd5SJakub Kicinski #endif 65640f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 65740f2fbd5SJakub Kicinski }, 65840f2fbd5SJakub Kicinski .result = ACCEPT, 65940f2fbd5SJakub Kicinski }, 66040f2fbd5SJakub Kicinski { 66140f2fbd5SJakub Kicinski "check skb->hash half load permitted 2", 66240f2fbd5SJakub Kicinski .insns = { 66340f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 66406fca841SIlya Leoshkevich #if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ 66540f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 66640f2fbd5SJakub Kicinski offsetof(struct __sk_buff, hash) + 2), 66740f2fbd5SJakub Kicinski #else 66840f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 66940f2fbd5SJakub Kicinski offsetof(struct __sk_buff, hash)), 67040f2fbd5SJakub Kicinski #endif 67140f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 67240f2fbd5SJakub Kicinski }, 67340f2fbd5SJakub Kicinski .result = ACCEPT, 67440f2fbd5SJakub Kicinski }, 67540f2fbd5SJakub Kicinski { 67640f2fbd5SJakub Kicinski "check skb->hash half load not permitted, unaligned 1", 67740f2fbd5SJakub Kicinski .insns = { 67840f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 67906fca841SIlya Leoshkevich #if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ 68040f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 68140f2fbd5SJakub Kicinski offsetof(struct __sk_buff, hash) + 1), 68240f2fbd5SJakub Kicinski #else 68340f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 68440f2fbd5SJakub Kicinski offsetof(struct __sk_buff, hash) + 3), 68540f2fbd5SJakub Kicinski #endif 68640f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 68740f2fbd5SJakub Kicinski }, 68840f2fbd5SJakub Kicinski .errstr = "invalid bpf_context access", 68940f2fbd5SJakub Kicinski .result = REJECT, 690e2c6f50eSBjörn Töpel .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 69140f2fbd5SJakub Kicinski }, 69240f2fbd5SJakub Kicinski { 69340f2fbd5SJakub Kicinski "check skb->hash half load not permitted, unaligned 3", 69440f2fbd5SJakub Kicinski .insns = { 69540f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 69606fca841SIlya Leoshkevich #if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ 69740f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 69840f2fbd5SJakub Kicinski offsetof(struct __sk_buff, hash) + 3), 69940f2fbd5SJakub Kicinski #else 70040f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 70140f2fbd5SJakub Kicinski offsetof(struct __sk_buff, hash) + 1), 70240f2fbd5SJakub Kicinski #endif 70340f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 70440f2fbd5SJakub Kicinski }, 70540f2fbd5SJakub Kicinski .errstr = "invalid bpf_context access", 70640f2fbd5SJakub Kicinski .result = REJECT, 70740f2fbd5SJakub Kicinski .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 70840f2fbd5SJakub Kicinski }, 70940f2fbd5SJakub Kicinski { 71040f2fbd5SJakub Kicinski "check cb access: half, wrong type", 71140f2fbd5SJakub Kicinski .insns = { 71240f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 71340f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 71440f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[0])), 71540f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 71640f2fbd5SJakub Kicinski }, 71740f2fbd5SJakub Kicinski .errstr = "invalid bpf_context access", 71840f2fbd5SJakub Kicinski .result = REJECT, 71940f2fbd5SJakub Kicinski .prog_type = BPF_PROG_TYPE_CGROUP_SOCK, 72040f2fbd5SJakub Kicinski }, 72140f2fbd5SJakub Kicinski { 72240f2fbd5SJakub Kicinski "check cb access: word", 72340f2fbd5SJakub Kicinski .insns = { 72440f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 72540f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 72640f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[0])), 72740f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 72840f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[1])), 72940f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 73040f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[2])), 73140f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 73240f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[3])), 73340f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 73440f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[4])), 73540f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 73640f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[0])), 73740f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 73840f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[1])), 73940f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 74040f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[2])), 74140f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 74240f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[3])), 74340f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 74440f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[4])), 74540f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 74640f2fbd5SJakub Kicinski }, 74740f2fbd5SJakub Kicinski .result = ACCEPT, 74840f2fbd5SJakub Kicinski }, 74940f2fbd5SJakub Kicinski { 75040f2fbd5SJakub Kicinski "check cb access: word, unaligned 1", 75140f2fbd5SJakub Kicinski .insns = { 75240f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 75340f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 75440f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[0]) + 2), 75540f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 75640f2fbd5SJakub Kicinski }, 75740f2fbd5SJakub Kicinski .errstr = "misaligned context access", 75840f2fbd5SJakub Kicinski .result = REJECT, 75940f2fbd5SJakub Kicinski .flags = F_LOAD_WITH_STRICT_ALIGNMENT, 76040f2fbd5SJakub Kicinski }, 76140f2fbd5SJakub Kicinski { 76240f2fbd5SJakub Kicinski "check cb access: word, unaligned 2", 76340f2fbd5SJakub Kicinski .insns = { 76440f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 76540f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 76640f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[4]) + 1), 76740f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 76840f2fbd5SJakub Kicinski }, 76940f2fbd5SJakub Kicinski .errstr = "misaligned context access", 77040f2fbd5SJakub Kicinski .result = REJECT, 77140f2fbd5SJakub Kicinski .flags = F_LOAD_WITH_STRICT_ALIGNMENT, 77240f2fbd5SJakub Kicinski }, 77340f2fbd5SJakub Kicinski { 77440f2fbd5SJakub Kicinski "check cb access: word, unaligned 3", 77540f2fbd5SJakub Kicinski .insns = { 77640f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 77740f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 77840f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[4]) + 2), 77940f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 78040f2fbd5SJakub Kicinski }, 78140f2fbd5SJakub Kicinski .errstr = "misaligned context access", 78240f2fbd5SJakub Kicinski .result = REJECT, 78340f2fbd5SJakub Kicinski .flags = F_LOAD_WITH_STRICT_ALIGNMENT, 78440f2fbd5SJakub Kicinski }, 78540f2fbd5SJakub Kicinski { 78640f2fbd5SJakub Kicinski "check cb access: word, unaligned 4", 78740f2fbd5SJakub Kicinski .insns = { 78840f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 78940f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 79040f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[4]) + 3), 79140f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 79240f2fbd5SJakub Kicinski }, 79340f2fbd5SJakub Kicinski .errstr = "misaligned context access", 79440f2fbd5SJakub Kicinski .result = REJECT, 79540f2fbd5SJakub Kicinski .flags = F_LOAD_WITH_STRICT_ALIGNMENT, 79640f2fbd5SJakub Kicinski }, 79740f2fbd5SJakub Kicinski { 79840f2fbd5SJakub Kicinski "check cb access: double", 79940f2fbd5SJakub Kicinski .insns = { 80040f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 80140f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 80240f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[0])), 80340f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 80440f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[2])), 80540f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 80640f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[0])), 80740f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 80840f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[2])), 80940f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 81040f2fbd5SJakub Kicinski }, 81140f2fbd5SJakub Kicinski .result = ACCEPT, 81240f2fbd5SJakub Kicinski }, 81340f2fbd5SJakub Kicinski { 81440f2fbd5SJakub Kicinski "check cb access: double, unaligned 1", 81540f2fbd5SJakub Kicinski .insns = { 81640f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 81740f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 81840f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[1])), 81940f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 82040f2fbd5SJakub Kicinski }, 82140f2fbd5SJakub Kicinski .errstr = "misaligned context access", 82240f2fbd5SJakub Kicinski .result = REJECT, 82340f2fbd5SJakub Kicinski .flags = F_LOAD_WITH_STRICT_ALIGNMENT, 82440f2fbd5SJakub Kicinski }, 82540f2fbd5SJakub Kicinski { 82640f2fbd5SJakub Kicinski "check cb access: double, unaligned 2", 82740f2fbd5SJakub Kicinski .insns = { 82840f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 82940f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 83040f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[3])), 83140f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 83240f2fbd5SJakub Kicinski }, 83340f2fbd5SJakub Kicinski .errstr = "misaligned context access", 83440f2fbd5SJakub Kicinski .result = REJECT, 83540f2fbd5SJakub Kicinski .flags = F_LOAD_WITH_STRICT_ALIGNMENT, 83640f2fbd5SJakub Kicinski }, 83740f2fbd5SJakub Kicinski { 83840f2fbd5SJakub Kicinski "check cb access: double, oob 1", 83940f2fbd5SJakub Kicinski .insns = { 84040f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 84140f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 84240f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[4])), 84340f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 84440f2fbd5SJakub Kicinski }, 84540f2fbd5SJakub Kicinski .errstr = "invalid bpf_context access", 84640f2fbd5SJakub Kicinski .result = REJECT, 84740f2fbd5SJakub Kicinski }, 84840f2fbd5SJakub Kicinski { 84940f2fbd5SJakub Kicinski "check cb access: double, oob 2", 85040f2fbd5SJakub Kicinski .insns = { 85140f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 85240f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 85340f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[4])), 85440f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 85540f2fbd5SJakub Kicinski }, 85640f2fbd5SJakub Kicinski .errstr = "invalid bpf_context access", 85740f2fbd5SJakub Kicinski .result = REJECT, 85840f2fbd5SJakub Kicinski }, 85940f2fbd5SJakub Kicinski { 86040f2fbd5SJakub Kicinski "check __sk_buff->ifindex dw store not permitted", 86140f2fbd5SJakub Kicinski .insns = { 86240f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 86340f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 86440f2fbd5SJakub Kicinski offsetof(struct __sk_buff, ifindex)), 86540f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 86640f2fbd5SJakub Kicinski }, 86740f2fbd5SJakub Kicinski .errstr = "invalid bpf_context access", 86840f2fbd5SJakub Kicinski .result = REJECT, 86940f2fbd5SJakub Kicinski }, 87040f2fbd5SJakub Kicinski { 87140f2fbd5SJakub Kicinski "check __sk_buff->ifindex dw load not permitted", 87240f2fbd5SJakub Kicinski .insns = { 87340f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 87440f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 87540f2fbd5SJakub Kicinski offsetof(struct __sk_buff, ifindex)), 87640f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 87740f2fbd5SJakub Kicinski }, 87840f2fbd5SJakub Kicinski .errstr = "invalid bpf_context access", 87940f2fbd5SJakub Kicinski .result = REJECT, 88040f2fbd5SJakub Kicinski }, 88140f2fbd5SJakub Kicinski { 88240f2fbd5SJakub Kicinski "check cb access: double, wrong type", 88340f2fbd5SJakub Kicinski .insns = { 88440f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 88540f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 88640f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[0])), 88740f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 88840f2fbd5SJakub Kicinski }, 88940f2fbd5SJakub Kicinski .errstr = "invalid bpf_context access", 89040f2fbd5SJakub Kicinski .result = REJECT, 89140f2fbd5SJakub Kicinski .prog_type = BPF_PROG_TYPE_CGROUP_SOCK, 89240f2fbd5SJakub Kicinski }, 89340f2fbd5SJakub Kicinski { 89440f2fbd5SJakub Kicinski "check out of range skb->cb access", 89540f2fbd5SJakub Kicinski .insns = { 89640f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 89740f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[0]) + 256), 89840f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 89940f2fbd5SJakub Kicinski }, 90040f2fbd5SJakub Kicinski .errstr = "invalid bpf_context access", 90140f2fbd5SJakub Kicinski .errstr_unpriv = "", 90240f2fbd5SJakub Kicinski .result = REJECT, 90340f2fbd5SJakub Kicinski .prog_type = BPF_PROG_TYPE_SCHED_ACT, 90440f2fbd5SJakub Kicinski }, 90540f2fbd5SJakub Kicinski { 90640f2fbd5SJakub Kicinski "write skb fields from socket prog", 90740f2fbd5SJakub Kicinski .insns = { 90840f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 90940f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[4])), 91040f2fbd5SJakub Kicinski BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 1), 91140f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 91240f2fbd5SJakub Kicinski offsetof(struct __sk_buff, mark)), 91340f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 91440f2fbd5SJakub Kicinski offsetof(struct __sk_buff, tc_index)), 91540f2fbd5SJakub Kicinski BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 1), 91640f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 91740f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[0])), 91840f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 91940f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[2])), 92040f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 92140f2fbd5SJakub Kicinski }, 92240f2fbd5SJakub Kicinski .result = ACCEPT, 92340f2fbd5SJakub Kicinski .errstr_unpriv = "R1 leaks addr", 92440f2fbd5SJakub Kicinski .result_unpriv = REJECT, 92540f2fbd5SJakub Kicinski }, 92640f2fbd5SJakub Kicinski { 92740f2fbd5SJakub Kicinski "write skb fields from tc_cls_act prog", 92840f2fbd5SJakub Kicinski .insns = { 92940f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 93040f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[0])), 93140f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 93240f2fbd5SJakub Kicinski offsetof(struct __sk_buff, mark)), 93340f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 93440f2fbd5SJakub Kicinski offsetof(struct __sk_buff, tc_index)), 93540f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 93640f2fbd5SJakub Kicinski offsetof(struct __sk_buff, tc_index)), 93740f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 93840f2fbd5SJakub Kicinski offsetof(struct __sk_buff, cb[3])), 93940f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 94040f2fbd5SJakub Kicinski offsetof(struct __sk_buff, tstamp)), 94140f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 94240f2fbd5SJakub Kicinski offsetof(struct __sk_buff, tstamp)), 94340f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 94440f2fbd5SJakub Kicinski }, 94540f2fbd5SJakub Kicinski .errstr_unpriv = "", 94640f2fbd5SJakub Kicinski .result_unpriv = REJECT, 94740f2fbd5SJakub Kicinski .result = ACCEPT, 94840f2fbd5SJakub Kicinski .prog_type = BPF_PROG_TYPE_SCHED_CLS, 94940f2fbd5SJakub Kicinski }, 95040f2fbd5SJakub Kicinski { 95140f2fbd5SJakub Kicinski "check skb->data half load not permitted", 95240f2fbd5SJakub Kicinski .insns = { 95340f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 95406fca841SIlya Leoshkevich #if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ 95540f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 95640f2fbd5SJakub Kicinski offsetof(struct __sk_buff, data)), 95740f2fbd5SJakub Kicinski #else 95840f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 95940f2fbd5SJakub Kicinski offsetof(struct __sk_buff, data) + 2), 96040f2fbd5SJakub Kicinski #endif 96140f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 96240f2fbd5SJakub Kicinski }, 96340f2fbd5SJakub Kicinski .result = REJECT, 96440f2fbd5SJakub Kicinski .errstr = "invalid bpf_context access", 96540f2fbd5SJakub Kicinski }, 96640f2fbd5SJakub Kicinski { 96740f2fbd5SJakub Kicinski "read gso_segs from CGROUP_SKB", 96840f2fbd5SJakub Kicinski .insns = { 96940f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 97040f2fbd5SJakub Kicinski offsetof(struct __sk_buff, gso_segs)), 97140f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 97240f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 97340f2fbd5SJakub Kicinski }, 97440f2fbd5SJakub Kicinski .result = ACCEPT, 97540f2fbd5SJakub Kicinski .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 97640f2fbd5SJakub Kicinski }, 97740f2fbd5SJakub Kicinski { 978be69483bSEric Dumazet "read gso_segs from CGROUP_SKB", 979be69483bSEric Dumazet .insns = { 980be69483bSEric Dumazet BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 981be69483bSEric Dumazet offsetof(struct __sk_buff, gso_segs)), 982be69483bSEric Dumazet BPF_MOV64_IMM(BPF_REG_0, 0), 983be69483bSEric Dumazet BPF_EXIT_INSN(), 984be69483bSEric Dumazet }, 985be69483bSEric Dumazet .result = ACCEPT, 986be69483bSEric Dumazet .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 987be69483bSEric Dumazet }, 988be69483bSEric Dumazet { 98940f2fbd5SJakub Kicinski "write gso_segs from CGROUP_SKB", 99040f2fbd5SJakub Kicinski .insns = { 99140f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 99240f2fbd5SJakub Kicinski BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 99340f2fbd5SJakub Kicinski offsetof(struct __sk_buff, gso_segs)), 99440f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 99540f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 99640f2fbd5SJakub Kicinski }, 99740f2fbd5SJakub Kicinski .result = REJECT, 99840f2fbd5SJakub Kicinski .result_unpriv = REJECT, 99940f2fbd5SJakub Kicinski .errstr = "invalid bpf_context access off=164 size=4", 100040f2fbd5SJakub Kicinski .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 100140f2fbd5SJakub Kicinski }, 100240f2fbd5SJakub Kicinski { 100340f2fbd5SJakub Kicinski "read gso_segs from CLS", 100440f2fbd5SJakub Kicinski .insns = { 100540f2fbd5SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 100640f2fbd5SJakub Kicinski offsetof(struct __sk_buff, gso_segs)), 100740f2fbd5SJakub Kicinski BPF_MOV64_IMM(BPF_REG_0, 0), 100840f2fbd5SJakub Kicinski BPF_EXIT_INSN(), 100940f2fbd5SJakub Kicinski }, 101040f2fbd5SJakub Kicinski .result = ACCEPT, 101140f2fbd5SJakub Kicinski .prog_type = BPF_PROG_TYPE_SCHED_CLS, 101240f2fbd5SJakub Kicinski }, 101348729226SJakub Kicinski { 101462511ceaSWillem de Bruijn "read gso_size from CGROUP_SKB", 101562511ceaSWillem de Bruijn .insns = { 101662511ceaSWillem de Bruijn BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 101762511ceaSWillem de Bruijn offsetof(struct __sk_buff, gso_size)), 101862511ceaSWillem de Bruijn BPF_MOV64_IMM(BPF_REG_0, 0), 101962511ceaSWillem de Bruijn BPF_EXIT_INSN(), 102062511ceaSWillem de Bruijn }, 102162511ceaSWillem de Bruijn .result = ACCEPT, 102262511ceaSWillem de Bruijn .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 102362511ceaSWillem de Bruijn }, 102462511ceaSWillem de Bruijn { 102562511ceaSWillem de Bruijn "read gso_size from CGROUP_SKB", 102662511ceaSWillem de Bruijn .insns = { 102762511ceaSWillem de Bruijn BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 102862511ceaSWillem de Bruijn offsetof(struct __sk_buff, gso_size)), 102962511ceaSWillem de Bruijn BPF_MOV64_IMM(BPF_REG_0, 0), 103062511ceaSWillem de Bruijn BPF_EXIT_INSN(), 103162511ceaSWillem de Bruijn }, 103262511ceaSWillem de Bruijn .result = ACCEPT, 103362511ceaSWillem de Bruijn .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 103462511ceaSWillem de Bruijn }, 103562511ceaSWillem de Bruijn { 103662511ceaSWillem de Bruijn "write gso_size from CGROUP_SKB", 103762511ceaSWillem de Bruijn .insns = { 103862511ceaSWillem de Bruijn BPF_MOV64_IMM(BPF_REG_0, 0), 103962511ceaSWillem de Bruijn BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 104062511ceaSWillem de Bruijn offsetof(struct __sk_buff, gso_size)), 104162511ceaSWillem de Bruijn BPF_MOV64_IMM(BPF_REG_0, 0), 104262511ceaSWillem de Bruijn BPF_EXIT_INSN(), 104362511ceaSWillem de Bruijn }, 104462511ceaSWillem de Bruijn .result = REJECT, 104562511ceaSWillem de Bruijn .result_unpriv = REJECT, 104662511ceaSWillem de Bruijn .errstr = "invalid bpf_context access off=176 size=4", 104762511ceaSWillem de Bruijn .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 104862511ceaSWillem de Bruijn }, 104962511ceaSWillem de Bruijn { 105062511ceaSWillem de Bruijn "read gso_size from CLS", 105162511ceaSWillem de Bruijn .insns = { 105262511ceaSWillem de Bruijn BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 105362511ceaSWillem de Bruijn offsetof(struct __sk_buff, gso_size)), 105462511ceaSWillem de Bruijn BPF_MOV64_IMM(BPF_REG_0, 0), 105562511ceaSWillem de Bruijn BPF_EXIT_INSN(), 105662511ceaSWillem de Bruijn }, 105762511ceaSWillem de Bruijn .result = ACCEPT, 105862511ceaSWillem de Bruijn .prog_type = BPF_PROG_TYPE_SCHED_CLS, 105962511ceaSWillem de Bruijn }, 106062511ceaSWillem de Bruijn { 10613384c7c7SVadim Fedorenko "padding after gso_size is not accessible", 10623384c7c7SVadim Fedorenko .insns = { 10633384c7c7SVadim Fedorenko BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 10643384c7c7SVadim Fedorenko offsetofend(struct __sk_buff, gso_size)), 10653384c7c7SVadim Fedorenko BPF_MOV64_IMM(BPF_REG_0, 0), 10663384c7c7SVadim Fedorenko BPF_EXIT_INSN(), 10673384c7c7SVadim Fedorenko }, 10683384c7c7SVadim Fedorenko .result = REJECT, 10693384c7c7SVadim Fedorenko .result_unpriv = REJECT, 10703384c7c7SVadim Fedorenko .errstr = "invalid bpf_context access off=180 size=4", 10713384c7c7SVadim Fedorenko .prog_type = BPF_PROG_TYPE_SCHED_CLS, 10723384c7c7SVadim Fedorenko }, 10733384c7c7SVadim Fedorenko { 10743384c7c7SVadim Fedorenko "read hwtstamp from CGROUP_SKB", 10753384c7c7SVadim Fedorenko .insns = { 10763384c7c7SVadim Fedorenko BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 10773384c7c7SVadim Fedorenko offsetof(struct __sk_buff, hwtstamp)), 10783384c7c7SVadim Fedorenko BPF_MOV64_IMM(BPF_REG_0, 0), 10793384c7c7SVadim Fedorenko BPF_EXIT_INSN(), 10803384c7c7SVadim Fedorenko }, 10813384c7c7SVadim Fedorenko .result = ACCEPT, 10823384c7c7SVadim Fedorenko .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 10833384c7c7SVadim Fedorenko }, 10843384c7c7SVadim Fedorenko { 10853384c7c7SVadim Fedorenko "read hwtstamp from CGROUP_SKB", 10863384c7c7SVadim Fedorenko .insns = { 10873384c7c7SVadim Fedorenko BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, 10883384c7c7SVadim Fedorenko offsetof(struct __sk_buff, hwtstamp)), 10893384c7c7SVadim Fedorenko BPF_MOV64_IMM(BPF_REG_0, 0), 10903384c7c7SVadim Fedorenko BPF_EXIT_INSN(), 10913384c7c7SVadim Fedorenko }, 10923384c7c7SVadim Fedorenko .result = ACCEPT, 10933384c7c7SVadim Fedorenko .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 10943384c7c7SVadim Fedorenko }, 10953384c7c7SVadim Fedorenko { 10963384c7c7SVadim Fedorenko "write hwtstamp from CGROUP_SKB", 10973384c7c7SVadim Fedorenko .insns = { 10983384c7c7SVadim Fedorenko BPF_MOV64_IMM(BPF_REG_0, 0), 10993384c7c7SVadim Fedorenko BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 11003384c7c7SVadim Fedorenko offsetof(struct __sk_buff, hwtstamp)), 11013384c7c7SVadim Fedorenko BPF_MOV64_IMM(BPF_REG_0, 0), 11023384c7c7SVadim Fedorenko BPF_EXIT_INSN(), 11033384c7c7SVadim Fedorenko }, 11043384c7c7SVadim Fedorenko .result = REJECT, 11053384c7c7SVadim Fedorenko .result_unpriv = REJECT, 11063384c7c7SVadim Fedorenko .errstr = "invalid bpf_context access off=184 size=8", 11073384c7c7SVadim Fedorenko .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 11083384c7c7SVadim Fedorenko }, 11093384c7c7SVadim Fedorenko { 11103384c7c7SVadim Fedorenko "read hwtstamp from CLS", 11113384c7c7SVadim Fedorenko .insns = { 11123384c7c7SVadim Fedorenko BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 11133384c7c7SVadim Fedorenko offsetof(struct __sk_buff, hwtstamp)), 11143384c7c7SVadim Fedorenko BPF_MOV64_IMM(BPF_REG_0, 0), 11153384c7c7SVadim Fedorenko BPF_EXIT_INSN(), 11163384c7c7SVadim Fedorenko }, 11173384c7c7SVadim Fedorenko .result = ACCEPT, 11183384c7c7SVadim Fedorenko .prog_type = BPF_PROG_TYPE_SCHED_CLS, 11193384c7c7SVadim Fedorenko }, 11203384c7c7SVadim Fedorenko { 112148729226SJakub Kicinski "check wire_len is not readable by sockets", 112248729226SJakub Kicinski .insns = { 112348729226SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 112448729226SJakub Kicinski offsetof(struct __sk_buff, wire_len)), 112548729226SJakub Kicinski BPF_EXIT_INSN(), 112648729226SJakub Kicinski }, 112748729226SJakub Kicinski .errstr = "invalid bpf_context access", 112848729226SJakub Kicinski .result = REJECT, 112948729226SJakub Kicinski }, 113048729226SJakub Kicinski { 113148729226SJakub Kicinski "check wire_len is readable by tc classifier", 113248729226SJakub Kicinski .insns = { 113348729226SJakub Kicinski BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 113448729226SJakub Kicinski offsetof(struct __sk_buff, wire_len)), 113548729226SJakub Kicinski BPF_EXIT_INSN(), 113648729226SJakub Kicinski }, 113748729226SJakub Kicinski .prog_type = BPF_PROG_TYPE_SCHED_CLS, 113848729226SJakub Kicinski .result = ACCEPT, 113948729226SJakub Kicinski }, 114048729226SJakub Kicinski { 114148729226SJakub Kicinski "check wire_len is not writable by tc classifier", 114248729226SJakub Kicinski .insns = { 114348729226SJakub Kicinski BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 114448729226SJakub Kicinski offsetof(struct __sk_buff, wire_len)), 114548729226SJakub Kicinski BPF_EXIT_INSN(), 114648729226SJakub Kicinski }, 114748729226SJakub Kicinski .prog_type = BPF_PROG_TYPE_SCHED_CLS, 114848729226SJakub Kicinski .errstr = "invalid bpf_context access", 114948729226SJakub Kicinski .errstr_unpriv = "R1 leaks addr", 115048729226SJakub Kicinski .result = REJECT, 115148729226SJakub Kicinski }, 1152cb62d340SAlexei Starovoitov { 1153cb62d340SAlexei Starovoitov "pkt > pkt_end taken check", 1154cb62d340SAlexei Starovoitov .insns = { 1155cb62d340SAlexei Starovoitov BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, // 0. r2 = *(u32 *)(r1 + data_end) 1156cb62d340SAlexei Starovoitov offsetof(struct __sk_buff, data_end)), 1157cb62d340SAlexei Starovoitov BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_1, // 1. r4 = *(u32 *)(r1 + data) 1158cb62d340SAlexei Starovoitov offsetof(struct __sk_buff, data)), 1159cb62d340SAlexei Starovoitov BPF_MOV64_REG(BPF_REG_3, BPF_REG_4), // 2. r3 = r4 1160cb62d340SAlexei Starovoitov BPF_ALU64_IMM(BPF_ADD, BPF_REG_3, 42), // 3. r3 += 42 1161cb62d340SAlexei Starovoitov BPF_MOV64_IMM(BPF_REG_1, 0), // 4. r1 = 0 1162cb62d340SAlexei Starovoitov BPF_JMP_REG(BPF_JGT, BPF_REG_3, BPF_REG_2, 2), // 5. if r3 > r2 goto 8 1163cb62d340SAlexei Starovoitov BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, 14), // 6. r4 += 14 1164cb62d340SAlexei Starovoitov BPF_MOV64_REG(BPF_REG_1, BPF_REG_4), // 7. r1 = r4 1165cb62d340SAlexei Starovoitov BPF_JMP_REG(BPF_JGT, BPF_REG_3, BPF_REG_2, 1), // 8. if r3 > r2 goto 10 1166cb62d340SAlexei Starovoitov BPF_LDX_MEM(BPF_H, BPF_REG_2, BPF_REG_1, 9), // 9. r2 = *(u8 *)(r1 + 9) 1167cb62d340SAlexei Starovoitov BPF_MOV64_IMM(BPF_REG_0, 0), // 10. r0 = 0 1168cb62d340SAlexei Starovoitov BPF_EXIT_INSN(), // 11. exit 1169cb62d340SAlexei Starovoitov }, 1170cb62d340SAlexei Starovoitov .result = ACCEPT, 1171cb62d340SAlexei Starovoitov .prog_type = BPF_PROG_TYPE_SK_SKB, 1172*ce1f289fSBjörn Töpel .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 1173cb62d340SAlexei Starovoitov }, 1174cb62d340SAlexei Starovoitov { 1175cb62d340SAlexei Starovoitov "pkt_end < pkt taken check", 1176cb62d340SAlexei Starovoitov .insns = { 1177cb62d340SAlexei Starovoitov BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, // 0. r2 = *(u32 *)(r1 + data_end) 1178cb62d340SAlexei Starovoitov offsetof(struct __sk_buff, data_end)), 1179cb62d340SAlexei Starovoitov BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_1, // 1. r4 = *(u32 *)(r1 + data) 1180cb62d340SAlexei Starovoitov offsetof(struct __sk_buff, data)), 1181cb62d340SAlexei Starovoitov BPF_MOV64_REG(BPF_REG_3, BPF_REG_4), // 2. r3 = r4 1182cb62d340SAlexei Starovoitov BPF_ALU64_IMM(BPF_ADD, BPF_REG_3, 42), // 3. r3 += 42 1183cb62d340SAlexei Starovoitov BPF_MOV64_IMM(BPF_REG_1, 0), // 4. r1 = 0 1184cb62d340SAlexei Starovoitov BPF_JMP_REG(BPF_JGT, BPF_REG_3, BPF_REG_2, 2), // 5. if r3 > r2 goto 8 1185cb62d340SAlexei Starovoitov BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, 14), // 6. r4 += 14 1186cb62d340SAlexei Starovoitov BPF_MOV64_REG(BPF_REG_1, BPF_REG_4), // 7. r1 = r4 1187cb62d340SAlexei Starovoitov BPF_JMP_REG(BPF_JLT, BPF_REG_2, BPF_REG_3, 1), // 8. if r2 < r3 goto 10 1188cb62d340SAlexei Starovoitov BPF_LDX_MEM(BPF_H, BPF_REG_2, BPF_REG_1, 9), // 9. r2 = *(u8 *)(r1 + 9) 1189cb62d340SAlexei Starovoitov BPF_MOV64_IMM(BPF_REG_0, 0), // 10. r0 = 0 1190cb62d340SAlexei Starovoitov BPF_EXIT_INSN(), // 11. exit 1191cb62d340SAlexei Starovoitov }, 1192cb62d340SAlexei Starovoitov .result = ACCEPT, 1193cb62d340SAlexei Starovoitov .prog_type = BPF_PROG_TYPE_SK_SKB, 1194*ce1f289fSBjörn Töpel .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 1195cb62d340SAlexei Starovoitov }, 1196