direct_packet_access.c (21284B)
1{ 2 "pkt_end - pkt_start is allowed", 3 .insns = { 4 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 5 offsetof(struct __sk_buff, data_end)), 6 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 7 offsetof(struct __sk_buff, data)), 8 BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_2), 9 BPF_EXIT_INSN(), 10 }, 11 .result = ACCEPT, 12 .retval = TEST_DATA_LEN, 13 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 14}, 15{ 16 "direct packet access: test1", 17 .insns = { 18 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 19 offsetof(struct __sk_buff, data)), 20 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 21 offsetof(struct __sk_buff, data_end)), 22 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 23 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 24 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1), 25 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0), 26 BPF_MOV64_IMM(BPF_REG_0, 0), 27 BPF_EXIT_INSN(), 28 }, 29 .result = ACCEPT, 30 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 31}, 32{ 33 "direct packet access: test2", 34 .insns = { 35 BPF_MOV64_IMM(BPF_REG_0, 1), 36 BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_1, 37 offsetof(struct __sk_buff, data_end)), 38 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 39 offsetof(struct __sk_buff, data)), 40 BPF_MOV64_REG(BPF_REG_5, BPF_REG_3), 41 BPF_ALU64_IMM(BPF_ADD, BPF_REG_5, 14), 42 BPF_JMP_REG(BPF_JGT, BPF_REG_5, BPF_REG_4, 15), 43 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_3, 7), 44 BPF_LDX_MEM(BPF_B, BPF_REG_4, BPF_REG_3, 12), 45 BPF_ALU64_IMM(BPF_MUL, BPF_REG_4, 14), 46 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 47 offsetof(struct __sk_buff, data)), 48 BPF_ALU64_REG(BPF_ADD, BPF_REG_3, BPF_REG_4), 49 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 50 offsetof(struct __sk_buff, len)), 51 BPF_ALU64_IMM(BPF_LSH, BPF_REG_2, 49), 52 BPF_ALU64_IMM(BPF_RSH, BPF_REG_2, 49), 53 BPF_ALU64_REG(BPF_ADD, BPF_REG_3, BPF_REG_2), 54 BPF_MOV64_REG(BPF_REG_2, BPF_REG_3), 55 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, 8), 56 BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 57 offsetof(struct __sk_buff, data_end)), 58 BPF_JMP_REG(BPF_JGT, BPF_REG_2, BPF_REG_1, 1), 59 BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_3, 4), 60 BPF_MOV64_IMM(BPF_REG_0, 0), 61 BPF_EXIT_INSN(), 62 }, 63 .result = ACCEPT, 64 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 65}, 66{ 67 "direct packet access: test3", 68 .insns = { 69 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 70 offsetof(struct __sk_buff, data)), 71 BPF_MOV64_IMM(BPF_REG_0, 0), 72 BPF_EXIT_INSN(), 73 }, 74 .errstr = "invalid bpf_context access off=76", 75 .result = REJECT, 76 .prog_type = BPF_PROG_TYPE_SOCKET_FILTER, 77}, 78{ 79 "direct packet access: test4 (write)", 80 .insns = { 81 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 82 offsetof(struct __sk_buff, data)), 83 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 84 offsetof(struct __sk_buff, data_end)), 85 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 86 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 87 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1), 88 BPF_STX_MEM(BPF_B, BPF_REG_2, BPF_REG_2, 0), 89 BPF_MOV64_IMM(BPF_REG_0, 0), 90 BPF_EXIT_INSN(), 91 }, 92 .result = ACCEPT, 93 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 94}, 95{ 96 "direct packet access: test5 (pkt_end >= reg, good access)", 97 .insns = { 98 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 99 offsetof(struct __sk_buff, data)), 100 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 101 offsetof(struct __sk_buff, data_end)), 102 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 103 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 104 BPF_JMP_REG(BPF_JGE, BPF_REG_3, BPF_REG_0, 2), 105 BPF_MOV64_IMM(BPF_REG_0, 1), 106 BPF_EXIT_INSN(), 107 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0), 108 BPF_MOV64_IMM(BPF_REG_0, 0), 109 BPF_EXIT_INSN(), 110 }, 111 .result = ACCEPT, 112 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 113}, 114{ 115 "direct packet access: test6 (pkt_end >= reg, bad access)", 116 .insns = { 117 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 118 offsetof(struct __sk_buff, data)), 119 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 120 offsetof(struct __sk_buff, data_end)), 121 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 122 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 123 BPF_JMP_REG(BPF_JGE, BPF_REG_3, BPF_REG_0, 3), 124 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0), 125 BPF_MOV64_IMM(BPF_REG_0, 1), 126 BPF_EXIT_INSN(), 127 BPF_MOV64_IMM(BPF_REG_0, 0), 128 BPF_EXIT_INSN(), 129 }, 130 .errstr = "invalid access to packet", 131 .result = REJECT, 132 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 133}, 134{ 135 "direct packet access: test7 (pkt_end >= reg, both accesses)", 136 .insns = { 137 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 138 offsetof(struct __sk_buff, data)), 139 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 140 offsetof(struct __sk_buff, data_end)), 141 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 142 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 143 BPF_JMP_REG(BPF_JGE, BPF_REG_3, BPF_REG_0, 3), 144 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0), 145 BPF_MOV64_IMM(BPF_REG_0, 1), 146 BPF_EXIT_INSN(), 147 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0), 148 BPF_MOV64_IMM(BPF_REG_0, 0), 149 BPF_EXIT_INSN(), 150 }, 151 .errstr = "invalid access to packet", 152 .result = REJECT, 153 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 154}, 155{ 156 "direct packet access: test8 (double test, variant 1)", 157 .insns = { 158 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 159 offsetof(struct __sk_buff, data)), 160 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 161 offsetof(struct __sk_buff, data_end)), 162 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 163 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 164 BPF_JMP_REG(BPF_JGE, BPF_REG_3, BPF_REG_0, 4), 165 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1), 166 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0), 167 BPF_MOV64_IMM(BPF_REG_0, 1), 168 BPF_EXIT_INSN(), 169 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0), 170 BPF_MOV64_IMM(BPF_REG_0, 0), 171 BPF_EXIT_INSN(), 172 }, 173 .result = ACCEPT, 174 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 175}, 176{ 177 "direct packet access: test9 (double test, variant 2)", 178 .insns = { 179 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 180 offsetof(struct __sk_buff, data)), 181 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 182 offsetof(struct __sk_buff, data_end)), 183 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 184 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 185 BPF_JMP_REG(BPF_JGE, BPF_REG_3, BPF_REG_0, 2), 186 BPF_MOV64_IMM(BPF_REG_0, 1), 187 BPF_EXIT_INSN(), 188 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1), 189 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0), 190 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0), 191 BPF_MOV64_IMM(BPF_REG_0, 0), 192 BPF_EXIT_INSN(), 193 }, 194 .result = ACCEPT, 195 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 196}, 197{ 198 "direct packet access: test10 (write invalid)", 199 .insns = { 200 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 201 offsetof(struct __sk_buff, data)), 202 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 203 offsetof(struct __sk_buff, data_end)), 204 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 205 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 206 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 2), 207 BPF_MOV64_IMM(BPF_REG_0, 0), 208 BPF_EXIT_INSN(), 209 BPF_STX_MEM(BPF_B, BPF_REG_2, BPF_REG_2, 0), 210 BPF_MOV64_IMM(BPF_REG_0, 0), 211 BPF_EXIT_INSN(), 212 }, 213 .errstr = "invalid access to packet", 214 .result = REJECT, 215 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 216}, 217{ 218 "direct packet access: test11 (shift, good access)", 219 .insns = { 220 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 221 offsetof(struct __sk_buff, data)), 222 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 223 offsetof(struct __sk_buff, data_end)), 224 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 225 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 22), 226 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 8), 227 BPF_MOV64_IMM(BPF_REG_3, 144), 228 BPF_MOV64_REG(BPF_REG_5, BPF_REG_3), 229 BPF_ALU64_IMM(BPF_ADD, BPF_REG_5, 23), 230 BPF_ALU64_IMM(BPF_RSH, BPF_REG_5, 3), 231 BPF_MOV64_REG(BPF_REG_6, BPF_REG_2), 232 BPF_ALU64_REG(BPF_ADD, BPF_REG_6, BPF_REG_5), 233 BPF_MOV64_IMM(BPF_REG_0, 1), 234 BPF_EXIT_INSN(), 235 BPF_MOV64_IMM(BPF_REG_0, 0), 236 BPF_EXIT_INSN(), 237 }, 238 .result = ACCEPT, 239 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 240 .retval = 1, 241}, 242{ 243 "direct packet access: test12 (and, good access)", 244 .insns = { 245 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 246 offsetof(struct __sk_buff, data)), 247 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 248 offsetof(struct __sk_buff, data_end)), 249 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 250 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 22), 251 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 8), 252 BPF_MOV64_IMM(BPF_REG_3, 144), 253 BPF_MOV64_REG(BPF_REG_5, BPF_REG_3), 254 BPF_ALU64_IMM(BPF_ADD, BPF_REG_5, 23), 255 BPF_ALU64_IMM(BPF_AND, BPF_REG_5, 15), 256 BPF_MOV64_REG(BPF_REG_6, BPF_REG_2), 257 BPF_ALU64_REG(BPF_ADD, BPF_REG_6, BPF_REG_5), 258 BPF_MOV64_IMM(BPF_REG_0, 1), 259 BPF_EXIT_INSN(), 260 BPF_MOV64_IMM(BPF_REG_0, 0), 261 BPF_EXIT_INSN(), 262 }, 263 .result = ACCEPT, 264 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 265 .retval = 1, 266}, 267{ 268 "direct packet access: test13 (branches, good access)", 269 .insns = { 270 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 271 offsetof(struct __sk_buff, data)), 272 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 273 offsetof(struct __sk_buff, data_end)), 274 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 275 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 22), 276 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 13), 277 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 278 offsetof(struct __sk_buff, mark)), 279 BPF_MOV64_IMM(BPF_REG_4, 1), 280 BPF_JMP_REG(BPF_JGT, BPF_REG_3, BPF_REG_4, 2), 281 BPF_MOV64_IMM(BPF_REG_3, 14), 282 BPF_JMP_IMM(BPF_JA, 0, 0, 1), 283 BPF_MOV64_IMM(BPF_REG_3, 24), 284 BPF_MOV64_REG(BPF_REG_5, BPF_REG_3), 285 BPF_ALU64_IMM(BPF_ADD, BPF_REG_5, 23), 286 BPF_ALU64_IMM(BPF_AND, BPF_REG_5, 15), 287 BPF_MOV64_REG(BPF_REG_6, BPF_REG_2), 288 BPF_ALU64_REG(BPF_ADD, BPF_REG_6, BPF_REG_5), 289 BPF_MOV64_IMM(BPF_REG_0, 1), 290 BPF_EXIT_INSN(), 291 BPF_MOV64_IMM(BPF_REG_0, 0), 292 BPF_EXIT_INSN(), 293 }, 294 .result = ACCEPT, 295 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 296 .retval = 1, 297}, 298{ 299 "direct packet access: test14 (pkt_ptr += 0, CONST_IMM, good access)", 300 .insns = { 301 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 302 offsetof(struct __sk_buff, data)), 303 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 304 offsetof(struct __sk_buff, data_end)), 305 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 306 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 22), 307 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 7), 308 BPF_MOV64_IMM(BPF_REG_5, 12), 309 BPF_ALU64_IMM(BPF_RSH, BPF_REG_5, 4), 310 BPF_MOV64_REG(BPF_REG_6, BPF_REG_2), 311 BPF_ALU64_REG(BPF_ADD, BPF_REG_6, BPF_REG_5), 312 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_6, 0), 313 BPF_MOV64_IMM(BPF_REG_0, 1), 314 BPF_EXIT_INSN(), 315 BPF_MOV64_IMM(BPF_REG_0, 0), 316 BPF_EXIT_INSN(), 317 }, 318 .result = ACCEPT, 319 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 320 .retval = 1, 321}, 322{ 323 "direct packet access: test15 (spill with xadd)", 324 .insns = { 325 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 326 offsetof(struct __sk_buff, data)), 327 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 328 offsetof(struct __sk_buff, data_end)), 329 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 330 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 331 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 8), 332 BPF_MOV64_IMM(BPF_REG_5, 4096), 333 BPF_MOV64_REG(BPF_REG_4, BPF_REG_10), 334 BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, -8), 335 BPF_STX_MEM(BPF_DW, BPF_REG_4, BPF_REG_2, 0), 336 BPF_ATOMIC_OP(BPF_DW, BPF_ADD, BPF_REG_4, BPF_REG_5, 0), 337 BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_4, 0), 338 BPF_STX_MEM(BPF_W, BPF_REG_2, BPF_REG_5, 0), 339 BPF_MOV64_IMM(BPF_REG_0, 0), 340 BPF_EXIT_INSN(), 341 }, 342 .errstr = "R2 invalid mem access 'scalar'", 343 .result = REJECT, 344 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 345 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 346}, 347{ 348 "direct packet access: test16 (arith on data_end)", 349 .insns = { 350 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 351 offsetof(struct __sk_buff, data)), 352 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 353 offsetof(struct __sk_buff, data_end)), 354 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 355 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 356 BPF_ALU64_IMM(BPF_ADD, BPF_REG_3, 16), 357 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1), 358 BPF_STX_MEM(BPF_B, BPF_REG_2, BPF_REG_2, 0), 359 BPF_MOV64_IMM(BPF_REG_0, 0), 360 BPF_EXIT_INSN(), 361 }, 362 .errstr = "R3 pointer arithmetic on pkt_end", 363 .result = REJECT, 364 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 365}, 366{ 367 "direct packet access: test17 (pruning, alignment)", 368 .insns = { 369 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 370 offsetof(struct __sk_buff, data)), 371 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 372 offsetof(struct __sk_buff, data_end)), 373 BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_1, 374 offsetof(struct __sk_buff, mark)), 375 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 376 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 14), 377 BPF_JMP_IMM(BPF_JGT, BPF_REG_7, 1, 4), 378 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1), 379 BPF_STX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, -4), 380 BPF_MOV64_IMM(BPF_REG_0, 0), 381 BPF_EXIT_INSN(), 382 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 1), 383 BPF_JMP_A(-6), 384 }, 385 .errstr = "misaligned packet access off 2+(0x0; 0x0)+15+-4 size 4", 386 .result = REJECT, 387 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 388 .flags = F_LOAD_WITH_STRICT_ALIGNMENT, 389}, 390{ 391 "direct packet access: test18 (imm += pkt_ptr, 1)", 392 .insns = { 393 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 394 offsetof(struct __sk_buff, data)), 395 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 396 offsetof(struct __sk_buff, data_end)), 397 BPF_MOV64_IMM(BPF_REG_0, 8), 398 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_2), 399 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1), 400 BPF_STX_MEM(BPF_B, BPF_REG_2, BPF_REG_2, 0), 401 BPF_MOV64_IMM(BPF_REG_0, 0), 402 BPF_EXIT_INSN(), 403 }, 404 .result = ACCEPT, 405 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 406}, 407{ 408 "direct packet access: test19 (imm += pkt_ptr, 2)", 409 .insns = { 410 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 411 offsetof(struct __sk_buff, data)), 412 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 413 offsetof(struct __sk_buff, data_end)), 414 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 415 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 416 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 3), 417 BPF_MOV64_IMM(BPF_REG_4, 4), 418 BPF_ALU64_REG(BPF_ADD, BPF_REG_4, BPF_REG_2), 419 BPF_STX_MEM(BPF_B, BPF_REG_4, BPF_REG_4, 0), 420 BPF_MOV64_IMM(BPF_REG_0, 0), 421 BPF_EXIT_INSN(), 422 }, 423 .result = ACCEPT, 424 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 425}, 426{ 427 "direct packet access: test20 (x += pkt_ptr, 1)", 428 .insns = { 429 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 430 offsetof(struct __sk_buff, data)), 431 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 432 offsetof(struct __sk_buff, data_end)), 433 BPF_MOV64_IMM(BPF_REG_0, 0xffffffff), 434 BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -8), 435 BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_10, -8), 436 BPF_ALU64_IMM(BPF_AND, BPF_REG_0, 0x7fff), 437 BPF_MOV64_REG(BPF_REG_4, BPF_REG_0), 438 BPF_ALU64_REG(BPF_ADD, BPF_REG_4, BPF_REG_2), 439 BPF_MOV64_REG(BPF_REG_5, BPF_REG_4), 440 BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, 0x7fff - 1), 441 BPF_JMP_REG(BPF_JGT, BPF_REG_4, BPF_REG_3, 1), 442 BPF_STX_MEM(BPF_DW, BPF_REG_5, BPF_REG_4, 0), 443 BPF_MOV64_IMM(BPF_REG_0, 0), 444 BPF_EXIT_INSN(), 445 }, 446 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 447 .result = ACCEPT, 448 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 449}, 450{ 451 "direct packet access: test21 (x += pkt_ptr, 2)", 452 .insns = { 453 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 454 offsetof(struct __sk_buff, data)), 455 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 456 offsetof(struct __sk_buff, data_end)), 457 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 458 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 459 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 9), 460 BPF_MOV64_IMM(BPF_REG_4, 0xffffffff), 461 BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_4, -8), 462 BPF_LDX_MEM(BPF_DW, BPF_REG_4, BPF_REG_10, -8), 463 BPF_ALU64_IMM(BPF_AND, BPF_REG_4, 0x7fff), 464 BPF_ALU64_REG(BPF_ADD, BPF_REG_4, BPF_REG_2), 465 BPF_MOV64_REG(BPF_REG_5, BPF_REG_4), 466 BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, 0x7fff - 1), 467 BPF_JMP_REG(BPF_JGT, BPF_REG_4, BPF_REG_3, 1), 468 BPF_STX_MEM(BPF_DW, BPF_REG_5, BPF_REG_4, 0), 469 BPF_MOV64_IMM(BPF_REG_0, 0), 470 BPF_EXIT_INSN(), 471 }, 472 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 473 .result = ACCEPT, 474 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 475}, 476{ 477 "direct packet access: test22 (x += pkt_ptr, 3)", 478 .insns = { 479 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 480 offsetof(struct __sk_buff, data)), 481 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 482 offsetof(struct __sk_buff, data_end)), 483 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 484 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 485 BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -8), 486 BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_3, -16), 487 BPF_LDX_MEM(BPF_DW, BPF_REG_3, BPF_REG_10, -16), 488 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 11), 489 BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_10, -8), 490 BPF_MOV64_IMM(BPF_REG_4, 0xffffffff), 491 BPF_ATOMIC_OP(BPF_DW, BPF_ADD, BPF_REG_10, BPF_REG_4, -8), 492 BPF_LDX_MEM(BPF_DW, BPF_REG_4, BPF_REG_10, -8), 493 BPF_ALU64_IMM(BPF_RSH, BPF_REG_4, 49), 494 BPF_ALU64_REG(BPF_ADD, BPF_REG_4, BPF_REG_2), 495 BPF_MOV64_REG(BPF_REG_0, BPF_REG_4), 496 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 2), 497 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 2), 498 BPF_MOV64_IMM(BPF_REG_2, 1), 499 BPF_STX_MEM(BPF_H, BPF_REG_4, BPF_REG_2, 0), 500 BPF_MOV64_IMM(BPF_REG_0, 0), 501 BPF_EXIT_INSN(), 502 }, 503 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 504 .result = ACCEPT, 505 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 506}, 507{ 508 "direct packet access: test23 (x += pkt_ptr, 4)", 509 .insns = { 510 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 511 offsetof(struct __sk_buff, data)), 512 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 513 offsetof(struct __sk_buff, data_end)), 514 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 515 offsetof(struct __sk_buff, mark)), 516 BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -8), 517 BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_10, -8), 518 BPF_ALU64_IMM(BPF_AND, BPF_REG_0, 0xffff), 519 BPF_MOV64_REG(BPF_REG_4, BPF_REG_0), 520 BPF_MOV64_IMM(BPF_REG_0, 31), 521 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_4), 522 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_2), 523 BPF_MOV64_REG(BPF_REG_5, BPF_REG_0), 524 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 0xffff - 1), 525 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1), 526 BPF_STX_MEM(BPF_DW, BPF_REG_5, BPF_REG_0, 0), 527 BPF_MOV64_IMM(BPF_REG_0, 0), 528 BPF_EXIT_INSN(), 529 }, 530 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 531 .result = REJECT, 532 .errstr = "invalid access to packet, off=0 size=8, R5(id=2,off=0,r=0)", 533 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 534}, 535{ 536 "direct packet access: test24 (x += pkt_ptr, 5)", 537 .insns = { 538 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 539 offsetof(struct __sk_buff, data)), 540 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 541 offsetof(struct __sk_buff, data_end)), 542 BPF_MOV64_IMM(BPF_REG_0, 0xffffffff), 543 BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -8), 544 BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_10, -8), 545 BPF_ALU64_IMM(BPF_AND, BPF_REG_0, 0xff), 546 BPF_MOV64_REG(BPF_REG_4, BPF_REG_0), 547 BPF_MOV64_IMM(BPF_REG_0, 64), 548 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_4), 549 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_2), 550 BPF_MOV64_REG(BPF_REG_5, BPF_REG_0), 551 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 0x7fff - 1), 552 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1), 553 BPF_STX_MEM(BPF_DW, BPF_REG_5, BPF_REG_0, 0), 554 BPF_MOV64_IMM(BPF_REG_0, 0), 555 BPF_EXIT_INSN(), 556 }, 557 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 558 .result = ACCEPT, 559 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 560}, 561{ 562 "direct packet access: test25 (marking on <, good access)", 563 .insns = { 564 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 565 offsetof(struct __sk_buff, data)), 566 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 567 offsetof(struct __sk_buff, data_end)), 568 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 569 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 570 BPF_JMP_REG(BPF_JLT, BPF_REG_0, BPF_REG_3, 2), 571 BPF_MOV64_IMM(BPF_REG_0, 0), 572 BPF_EXIT_INSN(), 573 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0), 574 BPF_JMP_IMM(BPF_JA, 0, 0, -4), 575 }, 576 .result = ACCEPT, 577 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 578}, 579{ 580 "direct packet access: test26 (marking on <, bad access)", 581 .insns = { 582 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 583 offsetof(struct __sk_buff, data)), 584 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 585 offsetof(struct __sk_buff, data_end)), 586 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 587 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 588 BPF_JMP_REG(BPF_JLT, BPF_REG_0, BPF_REG_3, 3), 589 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0), 590 BPF_MOV64_IMM(BPF_REG_0, 0), 591 BPF_EXIT_INSN(), 592 BPF_JMP_IMM(BPF_JA, 0, 0, -3), 593 }, 594 .result = REJECT, 595 .errstr = "invalid access to packet", 596 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 597}, 598{ 599 "direct packet access: test27 (marking on <=, good access)", 600 .insns = { 601 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 602 offsetof(struct __sk_buff, data)), 603 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 604 offsetof(struct __sk_buff, data_end)), 605 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 606 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 607 BPF_JMP_REG(BPF_JLE, BPF_REG_3, BPF_REG_0, 1), 608 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0), 609 BPF_MOV64_IMM(BPF_REG_0, 1), 610 BPF_EXIT_INSN(), 611 }, 612 .result = ACCEPT, 613 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 614 .retval = 1, 615}, 616{ 617 "direct packet access: test28 (marking on <=, bad access)", 618 .insns = { 619 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 620 offsetof(struct __sk_buff, data)), 621 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 622 offsetof(struct __sk_buff, data_end)), 623 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 624 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 625 BPF_JMP_REG(BPF_JLE, BPF_REG_3, BPF_REG_0, 2), 626 BPF_MOV64_IMM(BPF_REG_0, 1), 627 BPF_EXIT_INSN(), 628 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0), 629 BPF_JMP_IMM(BPF_JA, 0, 0, -4), 630 }, 631 .result = REJECT, 632 .errstr = "invalid access to packet", 633 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 634}, 635{ 636 "direct packet access: test29 (reg > pkt_end in subprog)", 637 .insns = { 638 BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1, 639 offsetof(struct __sk_buff, data)), 640 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 641 offsetof(struct __sk_buff, data_end)), 642 BPF_MOV64_REG(BPF_REG_3, BPF_REG_6), 643 BPF_ALU64_IMM(BPF_ADD, BPF_REG_3, 8), 644 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 1, 0, 4), 645 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 1), 646 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_6, 0), 647 BPF_MOV64_IMM(BPF_REG_0, 0), 648 BPF_EXIT_INSN(), 649 BPF_MOV64_IMM(BPF_REG_0, 0), 650 BPF_JMP_REG(BPF_JGT, BPF_REG_3, BPF_REG_2, 1), 651 BPF_MOV64_IMM(BPF_REG_0, 1), 652 BPF_EXIT_INSN(), 653 }, 654 .result = ACCEPT, 655 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 656},