• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 {
2 	"valid access family in SK_MSG",
3 	.insns = {
4 	BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
5 		    offsetof(struct sk_msg_md, family)),
6 	BPF_EXIT_INSN(),
7 	},
8 	.result = ACCEPT,
9 	.prog_type = BPF_PROG_TYPE_SK_MSG,
10 },
11 {
12 	"valid access remote_ip4 in SK_MSG",
13 	.insns = {
14 	BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
15 		    offsetof(struct sk_msg_md, remote_ip4)),
16 	BPF_EXIT_INSN(),
17 	},
18 	.result = ACCEPT,
19 	.prog_type = BPF_PROG_TYPE_SK_MSG,
20 },
21 {
22 	"valid access local_ip4 in SK_MSG",
23 	.insns = {
24 	BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
25 		    offsetof(struct sk_msg_md, local_ip4)),
26 	BPF_EXIT_INSN(),
27 	},
28 	.result = ACCEPT,
29 	.prog_type = BPF_PROG_TYPE_SK_MSG,
30 },
31 {
32 	"valid access remote_port in SK_MSG",
33 	.insns = {
34 	BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
35 		    offsetof(struct sk_msg_md, remote_port)),
36 	BPF_EXIT_INSN(),
37 	},
38 	.result = ACCEPT,
39 	.prog_type = BPF_PROG_TYPE_SK_MSG,
40 },
41 {
42 	"valid access local_port in SK_MSG",
43 	.insns = {
44 	BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
45 		    offsetof(struct sk_msg_md, local_port)),
46 	BPF_EXIT_INSN(),
47 	},
48 	.result = ACCEPT,
49 	.prog_type = BPF_PROG_TYPE_SK_MSG,
50 },
51 {
52 	"valid access remote_ip6 in SK_MSG",
53 	.insns = {
54 	BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
55 		    offsetof(struct sk_msg_md, remote_ip6[0])),
56 	BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
57 		    offsetof(struct sk_msg_md, remote_ip6[1])),
58 	BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
59 		    offsetof(struct sk_msg_md, remote_ip6[2])),
60 	BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
61 		    offsetof(struct sk_msg_md, remote_ip6[3])),
62 	BPF_EXIT_INSN(),
63 	},
64 	.result = ACCEPT,
65 	.prog_type = BPF_PROG_TYPE_SK_SKB,
66 },
67 {
68 	"valid access local_ip6 in SK_MSG",
69 	.insns = {
70 	BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
71 		    offsetof(struct sk_msg_md, local_ip6[0])),
72 	BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
73 		    offsetof(struct sk_msg_md, local_ip6[1])),
74 	BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
75 		    offsetof(struct sk_msg_md, local_ip6[2])),
76 	BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
77 		    offsetof(struct sk_msg_md, local_ip6[3])),
78 	BPF_EXIT_INSN(),
79 	},
80 	.result = ACCEPT,
81 	.prog_type = BPF_PROG_TYPE_SK_SKB,
82 },
83 {
84 	"valid access size in SK_MSG",
85 	.insns = {
86 	BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
87 		    offsetof(struct sk_msg_md, size)),
88 	BPF_EXIT_INSN(),
89 	},
90 	.result = ACCEPT,
91 	.prog_type = BPF_PROG_TYPE_SK_MSG,
92 },
93 {
94 	"invalid 64B read of size in SK_MSG",
95 	.insns = {
96 	BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1,
97 		    offsetof(struct sk_msg_md, size)),
98 	BPF_EXIT_INSN(),
99 	},
100 	.errstr = "invalid bpf_context access",
101 	.result = REJECT,
102 	.prog_type = BPF_PROG_TYPE_SK_MSG,
103 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
104 },
105 {
106 	"invalid read past end of SK_MSG",
107 	.insns = {
108 	BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
109 		    offsetof(struct sk_msg_md, size) + 4),
110 	BPF_EXIT_INSN(),
111 	},
112 	.errstr = "invalid bpf_context access",
113 	.result = REJECT,
114 	.prog_type = BPF_PROG_TYPE_SK_MSG,
115 },
116 {
117 	"invalid read offset in SK_MSG",
118 	.insns = {
119 	BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
120 		    offsetof(struct sk_msg_md, family) + 1),
121 	BPF_EXIT_INSN(),
122 	},
123 	.errstr = "invalid bpf_context access",
124 	.result = REJECT,
125 	.prog_type = BPF_PROG_TYPE_SK_MSG,
126 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
127 },
128 {
129 	"direct packet read for SK_MSG",
130 	.insns = {
131 	BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1,
132 		    offsetof(struct sk_msg_md, data)),
133 	BPF_LDX_MEM(BPF_DW, BPF_REG_3, BPF_REG_1,
134 		    offsetof(struct sk_msg_md, data_end)),
135 	BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
136 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
137 	BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1),
138 	BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0),
139 	BPF_MOV64_IMM(BPF_REG_0, 0),
140 	BPF_EXIT_INSN(),
141 	},
142 	.result = ACCEPT,
143 	.prog_type = BPF_PROG_TYPE_SK_MSG,
144 },
145 {
146 	"direct packet write for SK_MSG",
147 	.insns = {
148 	BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1,
149 		    offsetof(struct sk_msg_md, data)),
150 	BPF_LDX_MEM(BPF_DW, BPF_REG_3, BPF_REG_1,
151 		    offsetof(struct sk_msg_md, data_end)),
152 	BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
153 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
154 	BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1),
155 	BPF_STX_MEM(BPF_B, BPF_REG_2, BPF_REG_2, 0),
156 	BPF_MOV64_IMM(BPF_REG_0, 0),
157 	BPF_EXIT_INSN(),
158 	},
159 	.result = ACCEPT,
160 	.prog_type = BPF_PROG_TYPE_SK_MSG,
161 },
162 {
163 	"overlapping checks for direct packet access SK_MSG",
164 	.insns = {
165 	BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1,
166 		    offsetof(struct sk_msg_md, data)),
167 	BPF_LDX_MEM(BPF_DW, BPF_REG_3, BPF_REG_1,
168 		    offsetof(struct sk_msg_md, data_end)),
169 	BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
170 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
171 	BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 4),
172 	BPF_MOV64_REG(BPF_REG_1, BPF_REG_2),
173 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 6),
174 	BPF_JMP_REG(BPF_JGT, BPF_REG_1, BPF_REG_3, 1),
175 	BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_2, 6),
176 	BPF_MOV64_IMM(BPF_REG_0, 0),
177 	BPF_EXIT_INSN(),
178 	},
179 	.result = ACCEPT,
180 	.prog_type = BPF_PROG_TYPE_SK_MSG,
181 },
182