0001 {
0002 "valid access family in SK_MSG",
0003 .insns = {
0004 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
0005 offsetof(struct sk_msg_md, family)),
0006 BPF_EXIT_INSN(),
0007 },
0008 .result = ACCEPT,
0009 .prog_type = BPF_PROG_TYPE_SK_MSG,
0010 },
0011 {
0012 "valid access remote_ip4 in SK_MSG",
0013 .insns = {
0014 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
0015 offsetof(struct sk_msg_md, remote_ip4)),
0016 BPF_EXIT_INSN(),
0017 },
0018 .result = ACCEPT,
0019 .prog_type = BPF_PROG_TYPE_SK_MSG,
0020 },
0021 {
0022 "valid access local_ip4 in SK_MSG",
0023 .insns = {
0024 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
0025 offsetof(struct sk_msg_md, local_ip4)),
0026 BPF_EXIT_INSN(),
0027 },
0028 .result = ACCEPT,
0029 .prog_type = BPF_PROG_TYPE_SK_MSG,
0030 },
0031 {
0032 "valid access remote_port in SK_MSG",
0033 .insns = {
0034 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
0035 offsetof(struct sk_msg_md, remote_port)),
0036 BPF_EXIT_INSN(),
0037 },
0038 .result = ACCEPT,
0039 .prog_type = BPF_PROG_TYPE_SK_MSG,
0040 },
0041 {
0042 "valid access local_port in SK_MSG",
0043 .insns = {
0044 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
0045 offsetof(struct sk_msg_md, local_port)),
0046 BPF_EXIT_INSN(),
0047 },
0048 .result = ACCEPT,
0049 .prog_type = BPF_PROG_TYPE_SK_MSG,
0050 },
0051 {
0052 "valid access remote_ip6 in SK_MSG",
0053 .insns = {
0054 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
0055 offsetof(struct sk_msg_md, remote_ip6[0])),
0056 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
0057 offsetof(struct sk_msg_md, remote_ip6[1])),
0058 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
0059 offsetof(struct sk_msg_md, remote_ip6[2])),
0060 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
0061 offsetof(struct sk_msg_md, remote_ip6[3])),
0062 BPF_EXIT_INSN(),
0063 },
0064 .result = ACCEPT,
0065 .prog_type = BPF_PROG_TYPE_SK_SKB,
0066 },
0067 {
0068 "valid access local_ip6 in SK_MSG",
0069 .insns = {
0070 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
0071 offsetof(struct sk_msg_md, local_ip6[0])),
0072 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
0073 offsetof(struct sk_msg_md, local_ip6[1])),
0074 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
0075 offsetof(struct sk_msg_md, local_ip6[2])),
0076 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
0077 offsetof(struct sk_msg_md, local_ip6[3])),
0078 BPF_EXIT_INSN(),
0079 },
0080 .result = ACCEPT,
0081 .prog_type = BPF_PROG_TYPE_SK_SKB,
0082 },
0083 {
0084 "valid access size in SK_MSG",
0085 .insns = {
0086 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
0087 offsetof(struct sk_msg_md, size)),
0088 BPF_EXIT_INSN(),
0089 },
0090 .result = ACCEPT,
0091 .prog_type = BPF_PROG_TYPE_SK_MSG,
0092 },
0093 {
0094 "invalid 64B read of size in SK_MSG",
0095 .insns = {
0096 BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1,
0097 offsetof(struct sk_msg_md, size)),
0098 BPF_EXIT_INSN(),
0099 },
0100 .errstr = "invalid bpf_context access",
0101 .result = REJECT,
0102 .prog_type = BPF_PROG_TYPE_SK_MSG,
0103 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
0104 },
0105 {
0106 "invalid read past end of SK_MSG",
0107 .insns = {
0108 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0109 offsetof(struct sk_msg_md, size) + 4),
0110 BPF_EXIT_INSN(),
0111 },
0112 .errstr = "invalid bpf_context access",
0113 .result = REJECT,
0114 .prog_type = BPF_PROG_TYPE_SK_MSG,
0115 },
0116 {
0117 "invalid read offset in SK_MSG",
0118 .insns = {
0119 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0120 offsetof(struct sk_msg_md, family) + 1),
0121 BPF_EXIT_INSN(),
0122 },
0123 .errstr = "invalid bpf_context access",
0124 .result = REJECT,
0125 .prog_type = BPF_PROG_TYPE_SK_MSG,
0126 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
0127 },
0128 {
0129 "direct packet read for SK_MSG",
0130 .insns = {
0131 BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1,
0132 offsetof(struct sk_msg_md, data)),
0133 BPF_LDX_MEM(BPF_DW, BPF_REG_3, BPF_REG_1,
0134 offsetof(struct sk_msg_md, data_end)),
0135 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
0136 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
0137 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1),
0138 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0),
0139 BPF_MOV64_IMM(BPF_REG_0, 0),
0140 BPF_EXIT_INSN(),
0141 },
0142 .result = ACCEPT,
0143 .prog_type = BPF_PROG_TYPE_SK_MSG,
0144 },
0145 {
0146 "direct packet write for SK_MSG",
0147 .insns = {
0148 BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1,
0149 offsetof(struct sk_msg_md, data)),
0150 BPF_LDX_MEM(BPF_DW, BPF_REG_3, BPF_REG_1,
0151 offsetof(struct sk_msg_md, data_end)),
0152 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
0153 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
0154 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1),
0155 BPF_STX_MEM(BPF_B, BPF_REG_2, BPF_REG_2, 0),
0156 BPF_MOV64_IMM(BPF_REG_0, 0),
0157 BPF_EXIT_INSN(),
0158 },
0159 .result = ACCEPT,
0160 .prog_type = BPF_PROG_TYPE_SK_MSG,
0161 },
0162 {
0163 "overlapping checks for direct packet access SK_MSG",
0164 .insns = {
0165 BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1,
0166 offsetof(struct sk_msg_md, data)),
0167 BPF_LDX_MEM(BPF_DW, BPF_REG_3, BPF_REG_1,
0168 offsetof(struct sk_msg_md, data_end)),
0169 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
0170 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
0171 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 4),
0172 BPF_MOV64_REG(BPF_REG_1, BPF_REG_2),
0173 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 6),
0174 BPF_JMP_REG(BPF_JGT, BPF_REG_1, BPF_REG_3, 1),
0175 BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_2, 6),
0176 BPF_MOV64_IMM(BPF_REG_0, 0),
0177 BPF_EXIT_INSN(),
0178 },
0179 .result = ACCEPT,
0180 .prog_type = BPF_PROG_TYPE_SK_MSG,
0181 },
