1*a58475a9SEduard Zingerman // SPDX-License-Identifier: GPL-2.0
2*a58475a9SEduard Zingerman /* Converted from tools/testing/selftests/bpf/verifier/ctx_sk_msg.c */
3*a58475a9SEduard Zingerman
4*a58475a9SEduard Zingerman #include <linux/bpf.h>
5*a58475a9SEduard Zingerman #include <bpf/bpf_helpers.h>
6*a58475a9SEduard Zingerman #include "bpf_misc.h"
7*a58475a9SEduard Zingerman
8*a58475a9SEduard Zingerman SEC("sk_msg")
9*a58475a9SEduard Zingerman __description("valid access family in SK_MSG")
10*a58475a9SEduard Zingerman __success
access_family_in_sk_msg(void)11*a58475a9SEduard Zingerman __naked void access_family_in_sk_msg(void)
12*a58475a9SEduard Zingerman {
13*a58475a9SEduard Zingerman asm volatile (" \
14*a58475a9SEduard Zingerman r0 = *(u32*)(r1 + %[sk_msg_md_family]); \
15*a58475a9SEduard Zingerman exit; \
16*a58475a9SEduard Zingerman " :
17*a58475a9SEduard Zingerman : __imm_const(sk_msg_md_family, offsetof(struct sk_msg_md, family))
18*a58475a9SEduard Zingerman : __clobber_all);
19*a58475a9SEduard Zingerman }
20*a58475a9SEduard Zingerman
21*a58475a9SEduard Zingerman SEC("sk_msg")
22*a58475a9SEduard Zingerman __description("valid access remote_ip4 in SK_MSG")
23*a58475a9SEduard Zingerman __success
remote_ip4_in_sk_msg(void)24*a58475a9SEduard Zingerman __naked void remote_ip4_in_sk_msg(void)
25*a58475a9SEduard Zingerman {
26*a58475a9SEduard Zingerman asm volatile (" \
27*a58475a9SEduard Zingerman r0 = *(u32*)(r1 + %[sk_msg_md_remote_ip4]); \
28*a58475a9SEduard Zingerman exit; \
29*a58475a9SEduard Zingerman " :
30*a58475a9SEduard Zingerman : __imm_const(sk_msg_md_remote_ip4, offsetof(struct sk_msg_md, remote_ip4))
31*a58475a9SEduard Zingerman : __clobber_all);
32*a58475a9SEduard Zingerman }
33*a58475a9SEduard Zingerman
34*a58475a9SEduard Zingerman SEC("sk_msg")
35*a58475a9SEduard Zingerman __description("valid access local_ip4 in SK_MSG")
36*a58475a9SEduard Zingerman __success
local_ip4_in_sk_msg(void)37*a58475a9SEduard Zingerman __naked void local_ip4_in_sk_msg(void)
38*a58475a9SEduard Zingerman {
39*a58475a9SEduard Zingerman asm volatile (" \
40*a58475a9SEduard Zingerman r0 = *(u32*)(r1 + %[sk_msg_md_local_ip4]); \
41*a58475a9SEduard Zingerman exit; \
42*a58475a9SEduard Zingerman " :
43*a58475a9SEduard Zingerman : __imm_const(sk_msg_md_local_ip4, offsetof(struct sk_msg_md, local_ip4))
44*a58475a9SEduard Zingerman : __clobber_all);
45*a58475a9SEduard Zingerman }
46*a58475a9SEduard Zingerman
47*a58475a9SEduard Zingerman SEC("sk_msg")
48*a58475a9SEduard Zingerman __description("valid access remote_port in SK_MSG")
49*a58475a9SEduard Zingerman __success
remote_port_in_sk_msg(void)50*a58475a9SEduard Zingerman __naked void remote_port_in_sk_msg(void)
51*a58475a9SEduard Zingerman {
52*a58475a9SEduard Zingerman asm volatile (" \
53*a58475a9SEduard Zingerman r0 = *(u32*)(r1 + %[sk_msg_md_remote_port]); \
54*a58475a9SEduard Zingerman exit; \
55*a58475a9SEduard Zingerman " :
56*a58475a9SEduard Zingerman : __imm_const(sk_msg_md_remote_port, offsetof(struct sk_msg_md, remote_port))
57*a58475a9SEduard Zingerman : __clobber_all);
58*a58475a9SEduard Zingerman }
59*a58475a9SEduard Zingerman
60*a58475a9SEduard Zingerman SEC("sk_msg")
61*a58475a9SEduard Zingerman __description("valid access local_port in SK_MSG")
62*a58475a9SEduard Zingerman __success
local_port_in_sk_msg(void)63*a58475a9SEduard Zingerman __naked void local_port_in_sk_msg(void)
64*a58475a9SEduard Zingerman {
65*a58475a9SEduard Zingerman asm volatile (" \
66*a58475a9SEduard Zingerman r0 = *(u32*)(r1 + %[sk_msg_md_local_port]); \
67*a58475a9SEduard Zingerman exit; \
68*a58475a9SEduard Zingerman " :
69*a58475a9SEduard Zingerman : __imm_const(sk_msg_md_local_port, offsetof(struct sk_msg_md, local_port))
70*a58475a9SEduard Zingerman : __clobber_all);
71*a58475a9SEduard Zingerman }
72*a58475a9SEduard Zingerman
73*a58475a9SEduard Zingerman SEC("sk_skb")
74*a58475a9SEduard Zingerman __description("valid access remote_ip6 in SK_MSG")
75*a58475a9SEduard Zingerman __success
remote_ip6_in_sk_msg(void)76*a58475a9SEduard Zingerman __naked void remote_ip6_in_sk_msg(void)
77*a58475a9SEduard Zingerman {
78*a58475a9SEduard Zingerman asm volatile (" \
79*a58475a9SEduard Zingerman r0 = *(u32*)(r1 + %[sk_msg_md_remote_ip6_0]); \
80*a58475a9SEduard Zingerman r0 = *(u32*)(r1 + %[sk_msg_md_remote_ip6_1]); \
81*a58475a9SEduard Zingerman r0 = *(u32*)(r1 + %[sk_msg_md_remote_ip6_2]); \
82*a58475a9SEduard Zingerman r0 = *(u32*)(r1 + %[sk_msg_md_remote_ip6_3]); \
83*a58475a9SEduard Zingerman exit; \
84*a58475a9SEduard Zingerman " :
85*a58475a9SEduard Zingerman : __imm_const(sk_msg_md_remote_ip6_0, offsetof(struct sk_msg_md, remote_ip6[0])),
86*a58475a9SEduard Zingerman __imm_const(sk_msg_md_remote_ip6_1, offsetof(struct sk_msg_md, remote_ip6[1])),
87*a58475a9SEduard Zingerman __imm_const(sk_msg_md_remote_ip6_2, offsetof(struct sk_msg_md, remote_ip6[2])),
88*a58475a9SEduard Zingerman __imm_const(sk_msg_md_remote_ip6_3, offsetof(struct sk_msg_md, remote_ip6[3]))
89*a58475a9SEduard Zingerman : __clobber_all);
90*a58475a9SEduard Zingerman }
91*a58475a9SEduard Zingerman
92*a58475a9SEduard Zingerman SEC("sk_skb")
93*a58475a9SEduard Zingerman __description("valid access local_ip6 in SK_MSG")
94*a58475a9SEduard Zingerman __success
local_ip6_in_sk_msg(void)95*a58475a9SEduard Zingerman __naked void local_ip6_in_sk_msg(void)
96*a58475a9SEduard Zingerman {
97*a58475a9SEduard Zingerman asm volatile (" \
98*a58475a9SEduard Zingerman r0 = *(u32*)(r1 + %[sk_msg_md_local_ip6_0]); \
99*a58475a9SEduard Zingerman r0 = *(u32*)(r1 + %[sk_msg_md_local_ip6_1]); \
100*a58475a9SEduard Zingerman r0 = *(u32*)(r1 + %[sk_msg_md_local_ip6_2]); \
101*a58475a9SEduard Zingerman r0 = *(u32*)(r1 + %[sk_msg_md_local_ip6_3]); \
102*a58475a9SEduard Zingerman exit; \
103*a58475a9SEduard Zingerman " :
104*a58475a9SEduard Zingerman : __imm_const(sk_msg_md_local_ip6_0, offsetof(struct sk_msg_md, local_ip6[0])),
105*a58475a9SEduard Zingerman __imm_const(sk_msg_md_local_ip6_1, offsetof(struct sk_msg_md, local_ip6[1])),
106*a58475a9SEduard Zingerman __imm_const(sk_msg_md_local_ip6_2, offsetof(struct sk_msg_md, local_ip6[2])),
107*a58475a9SEduard Zingerman __imm_const(sk_msg_md_local_ip6_3, offsetof(struct sk_msg_md, local_ip6[3]))
108*a58475a9SEduard Zingerman : __clobber_all);
109*a58475a9SEduard Zingerman }
110*a58475a9SEduard Zingerman
111*a58475a9SEduard Zingerman SEC("sk_msg")
112*a58475a9SEduard Zingerman __description("valid access size in SK_MSG")
113*a58475a9SEduard Zingerman __success
access_size_in_sk_msg(void)114*a58475a9SEduard Zingerman __naked void access_size_in_sk_msg(void)
115*a58475a9SEduard Zingerman {
116*a58475a9SEduard Zingerman asm volatile (" \
117*a58475a9SEduard Zingerman r0 = *(u32*)(r1 + %[sk_msg_md_size]); \
118*a58475a9SEduard Zingerman exit; \
119*a58475a9SEduard Zingerman " :
120*a58475a9SEduard Zingerman : __imm_const(sk_msg_md_size, offsetof(struct sk_msg_md, size))
121*a58475a9SEduard Zingerman : __clobber_all);
122*a58475a9SEduard Zingerman }
123*a58475a9SEduard Zingerman
124*a58475a9SEduard Zingerman SEC("sk_msg")
125*a58475a9SEduard Zingerman __description("invalid 64B read of size in SK_MSG")
126*a58475a9SEduard Zingerman __failure __msg("invalid bpf_context access")
__flag(BPF_F_ANY_ALIGNMENT)127*a58475a9SEduard Zingerman __flag(BPF_F_ANY_ALIGNMENT)
128*a58475a9SEduard Zingerman __naked void of_size_in_sk_msg(void)
129*a58475a9SEduard Zingerman {
130*a58475a9SEduard Zingerman asm volatile (" \
131*a58475a9SEduard Zingerman r2 = *(u64*)(r1 + %[sk_msg_md_size]); \
132*a58475a9SEduard Zingerman exit; \
133*a58475a9SEduard Zingerman " :
134*a58475a9SEduard Zingerman : __imm_const(sk_msg_md_size, offsetof(struct sk_msg_md, size))
135*a58475a9SEduard Zingerman : __clobber_all);
136*a58475a9SEduard Zingerman }
137*a58475a9SEduard Zingerman
138*a58475a9SEduard Zingerman SEC("sk_msg")
139*a58475a9SEduard Zingerman __description("invalid read past end of SK_MSG")
140*a58475a9SEduard Zingerman __failure __msg("invalid bpf_context access")
past_end_of_sk_msg(void)141*a58475a9SEduard Zingerman __naked void past_end_of_sk_msg(void)
142*a58475a9SEduard Zingerman {
143*a58475a9SEduard Zingerman asm volatile (" \
144*a58475a9SEduard Zingerman r2 = *(u32*)(r1 + %[__imm_0]); \
145*a58475a9SEduard Zingerman exit; \
146*a58475a9SEduard Zingerman " :
147*a58475a9SEduard Zingerman : __imm_const(__imm_0, offsetof(struct sk_msg_md, size) + 4)
148*a58475a9SEduard Zingerman : __clobber_all);
149*a58475a9SEduard Zingerman }
150*a58475a9SEduard Zingerman
151*a58475a9SEduard Zingerman SEC("sk_msg")
152*a58475a9SEduard Zingerman __description("invalid read offset in SK_MSG")
153*a58475a9SEduard Zingerman __failure __msg("invalid bpf_context access")
__flag(BPF_F_ANY_ALIGNMENT)154*a58475a9SEduard Zingerman __flag(BPF_F_ANY_ALIGNMENT)
155*a58475a9SEduard Zingerman __naked void read_offset_in_sk_msg(void)
156*a58475a9SEduard Zingerman {
157*a58475a9SEduard Zingerman asm volatile (" \
158*a58475a9SEduard Zingerman r2 = *(u32*)(r1 + %[__imm_0]); \
159*a58475a9SEduard Zingerman exit; \
160*a58475a9SEduard Zingerman " :
161*a58475a9SEduard Zingerman : __imm_const(__imm_0, offsetof(struct sk_msg_md, family) + 1)
162*a58475a9SEduard Zingerman : __clobber_all);
163*a58475a9SEduard Zingerman }
164*a58475a9SEduard Zingerman
165*a58475a9SEduard Zingerman SEC("sk_msg")
166*a58475a9SEduard Zingerman __description("direct packet read for SK_MSG")
167*a58475a9SEduard Zingerman __success
packet_read_for_sk_msg(void)168*a58475a9SEduard Zingerman __naked void packet_read_for_sk_msg(void)
169*a58475a9SEduard Zingerman {
170*a58475a9SEduard Zingerman asm volatile (" \
171*a58475a9SEduard Zingerman r2 = *(u64*)(r1 + %[sk_msg_md_data]); \
172*a58475a9SEduard Zingerman r3 = *(u64*)(r1 + %[sk_msg_md_data_end]); \
173*a58475a9SEduard Zingerman r0 = r2; \
174*a58475a9SEduard Zingerman r0 += 8; \
175*a58475a9SEduard Zingerman if r0 > r3 goto l0_%=; \
176*a58475a9SEduard Zingerman r0 = *(u8*)(r2 + 0); \
177*a58475a9SEduard Zingerman l0_%=: r0 = 0; \
178*a58475a9SEduard Zingerman exit; \
179*a58475a9SEduard Zingerman " :
180*a58475a9SEduard Zingerman : __imm_const(sk_msg_md_data, offsetof(struct sk_msg_md, data)),
181*a58475a9SEduard Zingerman __imm_const(sk_msg_md_data_end, offsetof(struct sk_msg_md, data_end))
182*a58475a9SEduard Zingerman : __clobber_all);
183*a58475a9SEduard Zingerman }
184*a58475a9SEduard Zingerman
185*a58475a9SEduard Zingerman SEC("sk_msg")
186*a58475a9SEduard Zingerman __description("direct packet write for SK_MSG")
187*a58475a9SEduard Zingerman __success
packet_write_for_sk_msg(void)188*a58475a9SEduard Zingerman __naked void packet_write_for_sk_msg(void)
189*a58475a9SEduard Zingerman {
190*a58475a9SEduard Zingerman asm volatile (" \
191*a58475a9SEduard Zingerman r2 = *(u64*)(r1 + %[sk_msg_md_data]); \
192*a58475a9SEduard Zingerman r3 = *(u64*)(r1 + %[sk_msg_md_data_end]); \
193*a58475a9SEduard Zingerman r0 = r2; \
194*a58475a9SEduard Zingerman r0 += 8; \
195*a58475a9SEduard Zingerman if r0 > r3 goto l0_%=; \
196*a58475a9SEduard Zingerman *(u8*)(r2 + 0) = r2; \
197*a58475a9SEduard Zingerman l0_%=: r0 = 0; \
198*a58475a9SEduard Zingerman exit; \
199*a58475a9SEduard Zingerman " :
200*a58475a9SEduard Zingerman : __imm_const(sk_msg_md_data, offsetof(struct sk_msg_md, data)),
201*a58475a9SEduard Zingerman __imm_const(sk_msg_md_data_end, offsetof(struct sk_msg_md, data_end))
202*a58475a9SEduard Zingerman : __clobber_all);
203*a58475a9SEduard Zingerman }
204*a58475a9SEduard Zingerman
205*a58475a9SEduard Zingerman SEC("sk_msg")
206*a58475a9SEduard Zingerman __description("overlapping checks for direct packet access SK_MSG")
207*a58475a9SEduard Zingerman __success
direct_packet_access_sk_msg(void)208*a58475a9SEduard Zingerman __naked void direct_packet_access_sk_msg(void)
209*a58475a9SEduard Zingerman {
210*a58475a9SEduard Zingerman asm volatile (" \
211*a58475a9SEduard Zingerman r2 = *(u64*)(r1 + %[sk_msg_md_data]); \
212*a58475a9SEduard Zingerman r3 = *(u64*)(r1 + %[sk_msg_md_data_end]); \
213*a58475a9SEduard Zingerman r0 = r2; \
214*a58475a9SEduard Zingerman r0 += 8; \
215*a58475a9SEduard Zingerman if r0 > r3 goto l0_%=; \
216*a58475a9SEduard Zingerman r1 = r2; \
217*a58475a9SEduard Zingerman r1 += 6; \
218*a58475a9SEduard Zingerman if r1 > r3 goto l0_%=; \
219*a58475a9SEduard Zingerman r0 = *(u16*)(r2 + 6); \
220*a58475a9SEduard Zingerman l0_%=: r0 = 0; \
221*a58475a9SEduard Zingerman exit; \
222*a58475a9SEduard Zingerman " :
223*a58475a9SEduard Zingerman : __imm_const(sk_msg_md_data, offsetof(struct sk_msg_md, data)),
224*a58475a9SEduard Zingerman __imm_const(sk_msg_md_data_end, offsetof(struct sk_msg_md, data_end))
225*a58475a9SEduard Zingerman : __clobber_all);
226*a58475a9SEduard Zingerman }
227*a58475a9SEduard Zingerman
228*a58475a9SEduard Zingerman char _license[] SEC("license") = "GPL";
229