1 // SPDX-License-Identifier: GPL-2.0 2 /* Converted from tools/testing/selftests/bpf/verifier/cgroup_skb.c */ 3 4 #include <linux/bpf.h> 5 #include <bpf/bpf_helpers.h> 6 #include "bpf_misc.h" 7 8 SEC("cgroup/skb") 9 __description("direct packet read test#1 for CGROUP_SKB") 10 __success __failure_unpriv 11 __msg_unpriv("invalid bpf_context access off=76 size=4") 12 __retval(0) 13 __naked void test_1_for_cgroup_skb(void) 14 { 15 asm volatile (" \ 16 r2 = *(u32*)(r1 + %[__sk_buff_data]); \ 17 r3 = *(u32*)(r1 + %[__sk_buff_data_end]); \ 18 r4 = *(u32*)(r1 + %[__sk_buff_len]); \ 19 r5 = *(u32*)(r1 + %[__sk_buff_pkt_type]); \ 20 r6 = *(u32*)(r1 + %[__sk_buff_mark]); \ 21 *(u32*)(r1 + %[__sk_buff_mark]) = r6; \ 22 r7 = *(u32*)(r1 + %[__sk_buff_queue_mapping]); \ 23 r8 = *(u32*)(r1 + %[__sk_buff_protocol]); \ 24 r9 = *(u32*)(r1 + %[__sk_buff_vlan_present]); \ 25 r0 = r2; \ 26 r0 += 8; \ 27 if r0 > r3 goto l0_%=; \ 28 r0 = *(u8*)(r2 + 0); \ 29 l0_%=: r0 = 0; \ 30 exit; \ 31 " : 32 : __imm_const(__sk_buff_data, offsetof(struct __sk_buff, data)), 33 __imm_const(__sk_buff_data_end, offsetof(struct __sk_buff, data_end)), 34 __imm_const(__sk_buff_len, offsetof(struct __sk_buff, len)), 35 __imm_const(__sk_buff_mark, offsetof(struct __sk_buff, mark)), 36 __imm_const(__sk_buff_pkt_type, offsetof(struct __sk_buff, pkt_type)), 37 __imm_const(__sk_buff_protocol, offsetof(struct __sk_buff, protocol)), 38 __imm_const(__sk_buff_queue_mapping, offsetof(struct __sk_buff, queue_mapping)), 39 __imm_const(__sk_buff_vlan_present, offsetof(struct __sk_buff, vlan_present)) 40 : __clobber_all); 41 } 42 43 SEC("cgroup/skb") 44 __description("direct packet read test#2 for CGROUP_SKB") 45 __success __success_unpriv __retval(0) 46 __naked void test_2_for_cgroup_skb(void) 47 { 48 asm volatile (" \ 49 r4 = *(u32*)(r1 + %[__sk_buff_vlan_tci]); \ 50 r5 = *(u32*)(r1 + %[__sk_buff_vlan_proto]); \ 51 r6 = *(u32*)(r1 + %[__sk_buff_priority]); \ 52 *(u32*)(r1 + %[__sk_buff_priority]) = r6; \ 53 r7 = *(u32*)(r1 + %[__sk_buff_ingress_ifindex]);\ 54 r8 = *(u32*)(r1 + %[__sk_buff_tc_index]); \ 55 r9 = *(u32*)(r1 + %[__sk_buff_hash]); \ 56 r0 = 0; \ 57 exit; \ 58 " : 59 : __imm_const(__sk_buff_hash, offsetof(struct __sk_buff, hash)), 60 __imm_const(__sk_buff_ingress_ifindex, offsetof(struct __sk_buff, ingress_ifindex)), 61 __imm_const(__sk_buff_priority, offsetof(struct __sk_buff, priority)), 62 __imm_const(__sk_buff_tc_index, offsetof(struct __sk_buff, tc_index)), 63 __imm_const(__sk_buff_vlan_proto, offsetof(struct __sk_buff, vlan_proto)), 64 __imm_const(__sk_buff_vlan_tci, offsetof(struct __sk_buff, vlan_tci)) 65 : __clobber_all); 66 } 67 68 SEC("cgroup/skb") 69 __description("direct packet read test#3 for CGROUP_SKB") 70 __success __success_unpriv __retval(0) 71 __naked void test_3_for_cgroup_skb(void) 72 { 73 asm volatile (" \ 74 r4 = *(u32*)(r1 + %[__sk_buff_cb_0]); \ 75 r5 = *(u32*)(r1 + %[__sk_buff_cb_1]); \ 76 r6 = *(u32*)(r1 + %[__sk_buff_cb_2]); \ 77 r7 = *(u32*)(r1 + %[__sk_buff_cb_3]); \ 78 r8 = *(u32*)(r1 + %[__sk_buff_cb_4]); \ 79 r9 = *(u32*)(r1 + %[__sk_buff_napi_id]); \ 80 *(u32*)(r1 + %[__sk_buff_cb_0]) = r4; \ 81 *(u32*)(r1 + %[__sk_buff_cb_1]) = r5; \ 82 *(u32*)(r1 + %[__sk_buff_cb_2]) = r6; \ 83 *(u32*)(r1 + %[__sk_buff_cb_3]) = r7; \ 84 *(u32*)(r1 + %[__sk_buff_cb_4]) = r8; \ 85 r0 = 0; \ 86 exit; \ 87 " : 88 : __imm_const(__sk_buff_cb_0, offsetof(struct __sk_buff, cb[0])), 89 __imm_const(__sk_buff_cb_1, offsetof(struct __sk_buff, cb[1])), 90 __imm_const(__sk_buff_cb_2, offsetof(struct __sk_buff, cb[2])), 91 __imm_const(__sk_buff_cb_3, offsetof(struct __sk_buff, cb[3])), 92 __imm_const(__sk_buff_cb_4, offsetof(struct __sk_buff, cb[4])), 93 __imm_const(__sk_buff_napi_id, offsetof(struct __sk_buff, napi_id)) 94 : __clobber_all); 95 } 96 97 SEC("cgroup/skb") 98 __description("direct packet read test#4 for CGROUP_SKB") 99 __success __success_unpriv __retval(0) 100 __naked void test_4_for_cgroup_skb(void) 101 { 102 asm volatile (" \ 103 r2 = *(u32*)(r1 + %[__sk_buff_family]); \ 104 r3 = *(u32*)(r1 + %[__sk_buff_remote_ip4]); \ 105 r4 = *(u32*)(r1 + %[__sk_buff_local_ip4]); \ 106 r5 = *(u32*)(r1 + %[__sk_buff_remote_ip6_0]); \ 107 r5 = *(u32*)(r1 + %[__sk_buff_remote_ip6_1]); \ 108 r5 = *(u32*)(r1 + %[__sk_buff_remote_ip6_2]); \ 109 r5 = *(u32*)(r1 + %[__sk_buff_remote_ip6_3]); \ 110 r6 = *(u32*)(r1 + %[__sk_buff_local_ip6_0]); \ 111 r6 = *(u32*)(r1 + %[__sk_buff_local_ip6_1]); \ 112 r6 = *(u32*)(r1 + %[__sk_buff_local_ip6_2]); \ 113 r6 = *(u32*)(r1 + %[__sk_buff_local_ip6_3]); \ 114 r7 = *(u32*)(r1 + %[__sk_buff_remote_port]); \ 115 r8 = *(u32*)(r1 + %[__sk_buff_local_port]); \ 116 r0 = 0; \ 117 exit; \ 118 " : 119 : __imm_const(__sk_buff_family, offsetof(struct __sk_buff, family)), 120 __imm_const(__sk_buff_local_ip4, offsetof(struct __sk_buff, local_ip4)), 121 __imm_const(__sk_buff_local_ip6_0, offsetof(struct __sk_buff, local_ip6[0])), 122 __imm_const(__sk_buff_local_ip6_1, offsetof(struct __sk_buff, local_ip6[1])), 123 __imm_const(__sk_buff_local_ip6_2, offsetof(struct __sk_buff, local_ip6[2])), 124 __imm_const(__sk_buff_local_ip6_3, offsetof(struct __sk_buff, local_ip6[3])), 125 __imm_const(__sk_buff_local_port, offsetof(struct __sk_buff, local_port)), 126 __imm_const(__sk_buff_remote_ip4, offsetof(struct __sk_buff, remote_ip4)), 127 __imm_const(__sk_buff_remote_ip6_0, offsetof(struct __sk_buff, remote_ip6[0])), 128 __imm_const(__sk_buff_remote_ip6_1, offsetof(struct __sk_buff, remote_ip6[1])), 129 __imm_const(__sk_buff_remote_ip6_2, offsetof(struct __sk_buff, remote_ip6[2])), 130 __imm_const(__sk_buff_remote_ip6_3, offsetof(struct __sk_buff, remote_ip6[3])), 131 __imm_const(__sk_buff_remote_port, offsetof(struct __sk_buff, remote_port)) 132 : __clobber_all); 133 } 134 135 SEC("cgroup/skb") 136 __description("invalid access of tc_classid for CGROUP_SKB") 137 __failure __msg("invalid bpf_context access") 138 __failure_unpriv 139 __naked void tc_classid_for_cgroup_skb(void) 140 { 141 asm volatile (" \ 142 r0 = *(u32*)(r1 + %[__sk_buff_tc_classid]); \ 143 r0 = 0; \ 144 exit; \ 145 " : 146 : __imm_const(__sk_buff_tc_classid, offsetof(struct __sk_buff, tc_classid)) 147 : __clobber_all); 148 } 149 150 SEC("cgroup/skb") 151 __description("invalid access of data_meta for CGROUP_SKB") 152 __failure __msg("invalid bpf_context access") 153 __failure_unpriv 154 __naked void data_meta_for_cgroup_skb(void) 155 { 156 asm volatile (" \ 157 r0 = *(u32*)(r1 + %[__sk_buff_data_meta]); \ 158 r0 = 0; \ 159 exit; \ 160 " : 161 : __imm_const(__sk_buff_data_meta, offsetof(struct __sk_buff, data_meta)) 162 : __clobber_all); 163 } 164 165 SEC("cgroup/skb") 166 __description("invalid access of flow_keys for CGROUP_SKB") 167 __failure __msg("invalid bpf_context access") 168 __failure_unpriv 169 __naked void flow_keys_for_cgroup_skb(void) 170 { 171 asm volatile (" \ 172 r0 = *(u32*)(r1 + %[__sk_buff_flow_keys]); \ 173 r0 = 0; \ 174 exit; \ 175 " : 176 : __imm_const(__sk_buff_flow_keys, offsetof(struct __sk_buff, flow_keys)) 177 : __clobber_all); 178 } 179 180 SEC("cgroup/skb") 181 __description("invalid write access to napi_id for CGROUP_SKB") 182 __failure __msg("invalid bpf_context access") 183 __failure_unpriv 184 __naked void napi_id_for_cgroup_skb(void) 185 { 186 asm volatile (" \ 187 r9 = *(u32*)(r1 + %[__sk_buff_napi_id]); \ 188 *(u32*)(r1 + %[__sk_buff_napi_id]) = r9; \ 189 r0 = 0; \ 190 exit; \ 191 " : 192 : __imm_const(__sk_buff_napi_id, offsetof(struct __sk_buff, napi_id)) 193 : __clobber_all); 194 } 195 196 SEC("cgroup/skb") 197 __description("write tstamp from CGROUP_SKB") 198 __success __failure_unpriv 199 __msg_unpriv("invalid bpf_context access off=152 size=8") 200 __retval(0) 201 __naked void write_tstamp_from_cgroup_skb(void) 202 { 203 asm volatile (" \ 204 r0 = 0; \ 205 *(u64*)(r1 + %[__sk_buff_tstamp]) = r0; \ 206 r0 = 0; \ 207 exit; \ 208 " : 209 : __imm_const(__sk_buff_tstamp, offsetof(struct __sk_buff, tstamp)) 210 : __clobber_all); 211 } 212 213 SEC("cgroup/skb") 214 __description("read tstamp from CGROUP_SKB") 215 __success __success_unpriv __retval(0) 216 __naked void read_tstamp_from_cgroup_skb(void) 217 { 218 asm volatile (" \ 219 r0 = *(u64*)(r1 + %[__sk_buff_tstamp]); \ 220 r0 = 0; \ 221 exit; \ 222 " : 223 : __imm_const(__sk_buff_tstamp, offsetof(struct __sk_buff, tstamp)) 224 : __clobber_all); 225 } 226 227 char _license[] SEC("license") = "GPL"; 228