bpf/verifier/cgroup_skb.c

0001 {
0002     "direct packet read test#1 for CGROUP_SKB",
0003     .insns = {
0004     BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0005             offsetof(struct __sk_buff, data)),
0006     BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0007             offsetof(struct __sk_buff, data_end)),
0008     BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_1,
0009             offsetof(struct __sk_buff, len)),
0010     BPF_LDX_MEM(BPF_W, BPF_REG_5, BPF_REG_1,
0011             offsetof(struct __sk_buff, pkt_type)),
0012     BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1,
0013             offsetof(struct __sk_buff, mark)),
0014     BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_6,
0015             offsetof(struct __sk_buff, mark)),
0016     BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_1,
0017             offsetof(struct __sk_buff, queue_mapping)),
0018     BPF_LDX_MEM(BPF_W, BPF_REG_8, BPF_REG_1,
0019             offsetof(struct __sk_buff, protocol)),
0020     BPF_LDX_MEM(BPF_W, BPF_REG_9, BPF_REG_1,
0021             offsetof(struct __sk_buff, vlan_present)),
0022     BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
0023     BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
0024     BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1),
0025     BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0),
0026     BPF_MOV64_IMM(BPF_REG_0, 0),
0027     BPF_EXIT_INSN(),
0028     },
0029     .result = ACCEPT,
0030     .result_unpriv = REJECT,
0031     .errstr_unpriv = "invalid bpf_context access off=76 size=4",
0032     .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
0033 },
0034 {
0035     "direct packet read test#2 for CGROUP_SKB",
0036     .insns = {
0037     BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_1,
0038             offsetof(struct __sk_buff, vlan_tci)),
0039     BPF_LDX_MEM(BPF_W, BPF_REG_5, BPF_REG_1,
0040             offsetof(struct __sk_buff, vlan_proto)),
0041     BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1,
0042             offsetof(struct __sk_buff, priority)),
0043     BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_6,
0044             offsetof(struct __sk_buff, priority)),
0045     BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_1,
0046             offsetof(struct __sk_buff, ingress_ifindex)),
0047     BPF_LDX_MEM(BPF_W, BPF_REG_8, BPF_REG_1,
0048             offsetof(struct __sk_buff, tc_index)),
0049     BPF_LDX_MEM(BPF_W, BPF_REG_9, BPF_REG_1,
0050             offsetof(struct __sk_buff, hash)),
0051     BPF_MOV64_IMM(BPF_REG_0, 0),
0052     BPF_EXIT_INSN(),
0053     },
0054     .result = ACCEPT,
0055     .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
0056 },
0057 {
0058     "direct packet read test#3 for CGROUP_SKB",
0059     .insns = {
0060     BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_1,
0061             offsetof(struct __sk_buff, cb[0])),
0062     BPF_LDX_MEM(BPF_W, BPF_REG_5, BPF_REG_1,
0063             offsetof(struct __sk_buff, cb[1])),
0064     BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1,
0065             offsetof(struct __sk_buff, cb[2])),
0066     BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_1,
0067             offsetof(struct __sk_buff, cb[3])),
0068     BPF_LDX_MEM(BPF_W, BPF_REG_8, BPF_REG_1,
0069             offsetof(struct __sk_buff, cb[4])),
0070     BPF_LDX_MEM(BPF_W, BPF_REG_9, BPF_REG_1,
0071             offsetof(struct __sk_buff, napi_id)),
0072     BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_4,
0073             offsetof(struct __sk_buff, cb[0])),
0074     BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_5,
0075             offsetof(struct __sk_buff, cb[1])),
0076     BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_6,
0077             offsetof(struct __sk_buff, cb[2])),
0078     BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_7,
0079             offsetof(struct __sk_buff, cb[3])),
0080     BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_8,
0081             offsetof(struct __sk_buff, cb[4])),
0082     BPF_MOV64_IMM(BPF_REG_0, 0),
0083     BPF_EXIT_INSN(),
0084     },
0085     .result = ACCEPT,
0086     .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
0087 },
0088 {
0089     "direct packet read test#4 for CGROUP_SKB",
0090     .insns = {
0091     BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0092             offsetof(struct __sk_buff, family)),
0093     BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0094             offsetof(struct __sk_buff, remote_ip4)),
0095     BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_1,
0096             offsetof(struct __sk_buff, local_ip4)),
0097     BPF_LDX_MEM(BPF_W, BPF_REG_5, BPF_REG_1,
0098             offsetof(struct __sk_buff, remote_ip6[0])),
0099     BPF_LDX_MEM(BPF_W, BPF_REG_5, BPF_REG_1,
0100             offsetof(struct __sk_buff, remote_ip6[1])),
0101     BPF_LDX_MEM(BPF_W, BPF_REG_5, BPF_REG_1,
0102             offsetof(struct __sk_buff, remote_ip6[2])),
0103     BPF_LDX_MEM(BPF_W, BPF_REG_5, BPF_REG_1,
0104             offsetof(struct __sk_buff, remote_ip6[3])),
0105     BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1,
0106             offsetof(struct __sk_buff, local_ip6[0])),
0107     BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1,
0108             offsetof(struct __sk_buff, local_ip6[1])),
0109     BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1,
0110             offsetof(struct __sk_buff, local_ip6[2])),
0111     BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1,
0112             offsetof(struct __sk_buff, local_ip6[3])),
0113     BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_1,
0114             offsetof(struct __sk_buff, remote_port)),
0115     BPF_LDX_MEM(BPF_W, BPF_REG_8, BPF_REG_1,
0116             offsetof(struct __sk_buff, local_port)),
0117     BPF_MOV64_IMM(BPF_REG_0, 0),
0118     BPF_EXIT_INSN(),
0119     },
0120     .result = ACCEPT,
0121     .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
0122 },
0123 {
0124     "invalid access of tc_classid for CGROUP_SKB",
0125     .insns = {
0126     BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
0127             offsetof(struct __sk_buff, tc_classid)),
0128     BPF_MOV64_IMM(BPF_REG_0, 0),
0129     BPF_EXIT_INSN(),
0130     },
0131     .result = REJECT,
0132     .errstr = "invalid bpf_context access",
0133     .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
0134 },
0135 {
0136     "invalid access of data_meta for CGROUP_SKB",
0137     .insns = {
0138     BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
0139             offsetof(struct __sk_buff, data_meta)),
0140     BPF_MOV64_IMM(BPF_REG_0, 0),
0141     BPF_EXIT_INSN(),
0142     },
0143     .result = REJECT,
0144     .errstr = "invalid bpf_context access",
0145     .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
0146 },
0147 {
0148     "invalid access of flow_keys for CGROUP_SKB",
0149     .insns = {
0150     BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
0151             offsetof(struct __sk_buff, flow_keys)),
0152     BPF_MOV64_IMM(BPF_REG_0, 0),
0153     BPF_EXIT_INSN(),
0154     },
0155     .result = REJECT,
0156     .errstr = "invalid bpf_context access",
0157     .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
0158 },
0159 {
0160     "invalid write access to napi_id for CGROUP_SKB",
0161     .insns = {
0162     BPF_LDX_MEM(BPF_W, BPF_REG_9, BPF_REG_1,
0163             offsetof(struct __sk_buff, napi_id)),
0164     BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_9,
0165             offsetof(struct __sk_buff, napi_id)),
0166     BPF_MOV64_IMM(BPF_REG_0, 0),
0167     BPF_EXIT_INSN(),
0168     },
0169     .result = REJECT,
0170     .errstr = "invalid bpf_context access",
0171     .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
0172 },
0173 {
0174     "write tstamp from CGROUP_SKB",
0175     .insns = {
0176     BPF_MOV64_IMM(BPF_REG_0, 0),
0177     BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0,
0178             offsetof(struct __sk_buff, tstamp)),
0179     BPF_MOV64_IMM(BPF_REG_0, 0),
0180     BPF_EXIT_INSN(),
0181     },
0182     .result = ACCEPT,
0183     .result_unpriv = REJECT,
0184     .errstr_unpriv = "invalid bpf_context access off=152 size=8",
0185     .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
0186 },
0187 {
0188     "read tstamp from CGROUP_SKB",
0189     .insns = {
0190     BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1,
0191             offsetof(struct __sk_buff, tstamp)),
0192     BPF_MOV64_IMM(BPF_REG_0, 0),
0193     BPF_EXIT_INSN(),
0194     },
0195     .result = ACCEPT,
0196     .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
0197 },