0001 {
0002 "pkt_end - pkt_start is allowed",
0003 .insns = {
0004 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
0005 offsetof(struct __sk_buff, data_end)),
0006 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0007 offsetof(struct __sk_buff, data)),
0008 BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_2),
0009 BPF_EXIT_INSN(),
0010 },
0011 .result = ACCEPT,
0012 .retval = TEST_DATA_LEN,
0013 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
0014 },
0015 {
0016 "direct packet access: test1",
0017 .insns = {
0018 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0019 offsetof(struct __sk_buff, data)),
0020 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0021 offsetof(struct __sk_buff, data_end)),
0022 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
0023 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
0024 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1),
0025 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0),
0026 BPF_MOV64_IMM(BPF_REG_0, 0),
0027 BPF_EXIT_INSN(),
0028 },
0029 .result = ACCEPT,
0030 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
0031 },
0032 {
0033 "direct packet access: test2",
0034 .insns = {
0035 BPF_MOV64_IMM(BPF_REG_0, 1),
0036 BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_1,
0037 offsetof(struct __sk_buff, data_end)),
0038 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0039 offsetof(struct __sk_buff, data)),
0040 BPF_MOV64_REG(BPF_REG_5, BPF_REG_3),
0041 BPF_ALU64_IMM(BPF_ADD, BPF_REG_5, 14),
0042 BPF_JMP_REG(BPF_JGT, BPF_REG_5, BPF_REG_4, 15),
0043 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_3, 7),
0044 BPF_LDX_MEM(BPF_B, BPF_REG_4, BPF_REG_3, 12),
0045 BPF_ALU64_IMM(BPF_MUL, BPF_REG_4, 14),
0046 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0047 offsetof(struct __sk_buff, data)),
0048 BPF_ALU64_REG(BPF_ADD, BPF_REG_3, BPF_REG_4),
0049 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0050 offsetof(struct __sk_buff, len)),
0051 BPF_ALU64_IMM(BPF_LSH, BPF_REG_2, 49),
0052 BPF_ALU64_IMM(BPF_RSH, BPF_REG_2, 49),
0053 BPF_ALU64_REG(BPF_ADD, BPF_REG_3, BPF_REG_2),
0054 BPF_MOV64_REG(BPF_REG_2, BPF_REG_3),
0055 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, 8),
0056 BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_1,
0057 offsetof(struct __sk_buff, data_end)),
0058 BPF_JMP_REG(BPF_JGT, BPF_REG_2, BPF_REG_1, 1),
0059 BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_3, 4),
0060 BPF_MOV64_IMM(BPF_REG_0, 0),
0061 BPF_EXIT_INSN(),
0062 },
0063 .result = ACCEPT,
0064 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
0065 },
0066 {
0067 "direct packet access: test3",
0068 .insns = {
0069 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0070 offsetof(struct __sk_buff, data)),
0071 BPF_MOV64_IMM(BPF_REG_0, 0),
0072 BPF_EXIT_INSN(),
0073 },
0074 .errstr = "invalid bpf_context access off=76",
0075 .result = REJECT,
0076 .prog_type = BPF_PROG_TYPE_SOCKET_FILTER,
0077 },
0078 {
0079 "direct packet access: test4 (write)",
0080 .insns = {
0081 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0082 offsetof(struct __sk_buff, data)),
0083 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0084 offsetof(struct __sk_buff, data_end)),
0085 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
0086 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
0087 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1),
0088 BPF_STX_MEM(BPF_B, BPF_REG_2, BPF_REG_2, 0),
0089 BPF_MOV64_IMM(BPF_REG_0, 0),
0090 BPF_EXIT_INSN(),
0091 },
0092 .result = ACCEPT,
0093 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
0094 },
0095 {
0096 "direct packet access: test5 (pkt_end >= reg, good access)",
0097 .insns = {
0098 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0099 offsetof(struct __sk_buff, data)),
0100 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0101 offsetof(struct __sk_buff, data_end)),
0102 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
0103 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
0104 BPF_JMP_REG(BPF_JGE, BPF_REG_3, BPF_REG_0, 2),
0105 BPF_MOV64_IMM(BPF_REG_0, 1),
0106 BPF_EXIT_INSN(),
0107 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0),
0108 BPF_MOV64_IMM(BPF_REG_0, 0),
0109 BPF_EXIT_INSN(),
0110 },
0111 .result = ACCEPT,
0112 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
0113 },
0114 {
0115 "direct packet access: test6 (pkt_end >= reg, bad access)",
0116 .insns = {
0117 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0118 offsetof(struct __sk_buff, data)),
0119 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0120 offsetof(struct __sk_buff, data_end)),
0121 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
0122 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
0123 BPF_JMP_REG(BPF_JGE, BPF_REG_3, BPF_REG_0, 3),
0124 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0),
0125 BPF_MOV64_IMM(BPF_REG_0, 1),
0126 BPF_EXIT_INSN(),
0127 BPF_MOV64_IMM(BPF_REG_0, 0),
0128 BPF_EXIT_INSN(),
0129 },
0130 .errstr = "invalid access to packet",
0131 .result = REJECT,
0132 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
0133 },
0134 {
0135 "direct packet access: test7 (pkt_end >= reg, both accesses)",
0136 .insns = {
0137 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0138 offsetof(struct __sk_buff, data)),
0139 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0140 offsetof(struct __sk_buff, data_end)),
0141 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
0142 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
0143 BPF_JMP_REG(BPF_JGE, BPF_REG_3, BPF_REG_0, 3),
0144 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0),
0145 BPF_MOV64_IMM(BPF_REG_0, 1),
0146 BPF_EXIT_INSN(),
0147 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0),
0148 BPF_MOV64_IMM(BPF_REG_0, 0),
0149 BPF_EXIT_INSN(),
0150 },
0151 .errstr = "invalid access to packet",
0152 .result = REJECT,
0153 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
0154 },
0155 {
0156 "direct packet access: test8 (double test, variant 1)",
0157 .insns = {
0158 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0159 offsetof(struct __sk_buff, data)),
0160 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0161 offsetof(struct __sk_buff, data_end)),
0162 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
0163 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
0164 BPF_JMP_REG(BPF_JGE, BPF_REG_3, BPF_REG_0, 4),
0165 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1),
0166 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0),
0167 BPF_MOV64_IMM(BPF_REG_0, 1),
0168 BPF_EXIT_INSN(),
0169 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0),
0170 BPF_MOV64_IMM(BPF_REG_0, 0),
0171 BPF_EXIT_INSN(),
0172 },
0173 .result = ACCEPT,
0174 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
0175 },
0176 {
0177 "direct packet access: test9 (double test, variant 2)",
0178 .insns = {
0179 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0180 offsetof(struct __sk_buff, data)),
0181 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0182 offsetof(struct __sk_buff, data_end)),
0183 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
0184 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
0185 BPF_JMP_REG(BPF_JGE, BPF_REG_3, BPF_REG_0, 2),
0186 BPF_MOV64_IMM(BPF_REG_0, 1),
0187 BPF_EXIT_INSN(),
0188 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1),
0189 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0),
0190 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0),
0191 BPF_MOV64_IMM(BPF_REG_0, 0),
0192 BPF_EXIT_INSN(),
0193 },
0194 .result = ACCEPT,
0195 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
0196 },
0197 {
0198 "direct packet access: test10 (write invalid)",
0199 .insns = {
0200 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0201 offsetof(struct __sk_buff, data)),
0202 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0203 offsetof(struct __sk_buff, data_end)),
0204 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
0205 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
0206 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 2),
0207 BPF_MOV64_IMM(BPF_REG_0, 0),
0208 BPF_EXIT_INSN(),
0209 BPF_STX_MEM(BPF_B, BPF_REG_2, BPF_REG_2, 0),
0210 BPF_MOV64_IMM(BPF_REG_0, 0),
0211 BPF_EXIT_INSN(),
0212 },
0213 .errstr = "invalid access to packet",
0214 .result = REJECT,
0215 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
0216 },
0217 {
0218 "direct packet access: test11 (shift, good access)",
0219 .insns = {
0220 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0221 offsetof(struct __sk_buff, data)),
0222 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0223 offsetof(struct __sk_buff, data_end)),
0224 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
0225 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 22),
0226 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 8),
0227 BPF_MOV64_IMM(BPF_REG_3, 144),
0228 BPF_MOV64_REG(BPF_REG_5, BPF_REG_3),
0229 BPF_ALU64_IMM(BPF_ADD, BPF_REG_5, 23),
0230 BPF_ALU64_IMM(BPF_RSH, BPF_REG_5, 3),
0231 BPF_MOV64_REG(BPF_REG_6, BPF_REG_2),
0232 BPF_ALU64_REG(BPF_ADD, BPF_REG_6, BPF_REG_5),
0233 BPF_MOV64_IMM(BPF_REG_0, 1),
0234 BPF_EXIT_INSN(),
0235 BPF_MOV64_IMM(BPF_REG_0, 0),
0236 BPF_EXIT_INSN(),
0237 },
0238 .result = ACCEPT,
0239 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
0240 .retval = 1,
0241 },
0242 {
0243 "direct packet access: test12 (and, good access)",
0244 .insns = {
0245 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0246 offsetof(struct __sk_buff, data)),
0247 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0248 offsetof(struct __sk_buff, data_end)),
0249 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
0250 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 22),
0251 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 8),
0252 BPF_MOV64_IMM(BPF_REG_3, 144),
0253 BPF_MOV64_REG(BPF_REG_5, BPF_REG_3),
0254 BPF_ALU64_IMM(BPF_ADD, BPF_REG_5, 23),
0255 BPF_ALU64_IMM(BPF_AND, BPF_REG_5, 15),
0256 BPF_MOV64_REG(BPF_REG_6, BPF_REG_2),
0257 BPF_ALU64_REG(BPF_ADD, BPF_REG_6, BPF_REG_5),
0258 BPF_MOV64_IMM(BPF_REG_0, 1),
0259 BPF_EXIT_INSN(),
0260 BPF_MOV64_IMM(BPF_REG_0, 0),
0261 BPF_EXIT_INSN(),
0262 },
0263 .result = ACCEPT,
0264 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
0265 .retval = 1,
0266 },
0267 {
0268 "direct packet access: test13 (branches, good access)",
0269 .insns = {
0270 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0271 offsetof(struct __sk_buff, data)),
0272 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0273 offsetof(struct __sk_buff, data_end)),
0274 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
0275 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 22),
0276 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 13),
0277 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0278 offsetof(struct __sk_buff, mark)),
0279 BPF_MOV64_IMM(BPF_REG_4, 1),
0280 BPF_JMP_REG(BPF_JGT, BPF_REG_3, BPF_REG_4, 2),
0281 BPF_MOV64_IMM(BPF_REG_3, 14),
0282 BPF_JMP_IMM(BPF_JA, 0, 0, 1),
0283 BPF_MOV64_IMM(BPF_REG_3, 24),
0284 BPF_MOV64_REG(BPF_REG_5, BPF_REG_3),
0285 BPF_ALU64_IMM(BPF_ADD, BPF_REG_5, 23),
0286 BPF_ALU64_IMM(BPF_AND, BPF_REG_5, 15),
0287 BPF_MOV64_REG(BPF_REG_6, BPF_REG_2),
0288 BPF_ALU64_REG(BPF_ADD, BPF_REG_6, BPF_REG_5),
0289 BPF_MOV64_IMM(BPF_REG_0, 1),
0290 BPF_EXIT_INSN(),
0291 BPF_MOV64_IMM(BPF_REG_0, 0),
0292 BPF_EXIT_INSN(),
0293 },
0294 .result = ACCEPT,
0295 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
0296 .retval = 1,
0297 },
0298 {
0299 "direct packet access: test14 (pkt_ptr += 0, CONST_IMM, good access)",
0300 .insns = {
0301 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0302 offsetof(struct __sk_buff, data)),
0303 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0304 offsetof(struct __sk_buff, data_end)),
0305 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
0306 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 22),
0307 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 7),
0308 BPF_MOV64_IMM(BPF_REG_5, 12),
0309 BPF_ALU64_IMM(BPF_RSH, BPF_REG_5, 4),
0310 BPF_MOV64_REG(BPF_REG_6, BPF_REG_2),
0311 BPF_ALU64_REG(BPF_ADD, BPF_REG_6, BPF_REG_5),
0312 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_6, 0),
0313 BPF_MOV64_IMM(BPF_REG_0, 1),
0314 BPF_EXIT_INSN(),
0315 BPF_MOV64_IMM(BPF_REG_0, 0),
0316 BPF_EXIT_INSN(),
0317 },
0318 .result = ACCEPT,
0319 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
0320 .retval = 1,
0321 },
0322 {
0323 "direct packet access: test15 (spill with xadd)",
0324 .insns = {
0325 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0326 offsetof(struct __sk_buff, data)),
0327 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0328 offsetof(struct __sk_buff, data_end)),
0329 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
0330 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
0331 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 8),
0332 BPF_MOV64_IMM(BPF_REG_5, 4096),
0333 BPF_MOV64_REG(BPF_REG_4, BPF_REG_10),
0334 BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, -8),
0335 BPF_STX_MEM(BPF_DW, BPF_REG_4, BPF_REG_2, 0),
0336 BPF_ATOMIC_OP(BPF_DW, BPF_ADD, BPF_REG_4, BPF_REG_5, 0),
0337 BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_4, 0),
0338 BPF_STX_MEM(BPF_W, BPF_REG_2, BPF_REG_5, 0),
0339 BPF_MOV64_IMM(BPF_REG_0, 0),
0340 BPF_EXIT_INSN(),
0341 },
0342 .errstr = "R2 invalid mem access 'scalar'",
0343 .result = REJECT,
0344 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
0345 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
0346 },
0347 {
0348 "direct packet access: test16 (arith on data_end)",
0349 .insns = {
0350 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0351 offsetof(struct __sk_buff, data)),
0352 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0353 offsetof(struct __sk_buff, data_end)),
0354 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
0355 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
0356 BPF_ALU64_IMM(BPF_ADD, BPF_REG_3, 16),
0357 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1),
0358 BPF_STX_MEM(BPF_B, BPF_REG_2, BPF_REG_2, 0),
0359 BPF_MOV64_IMM(BPF_REG_0, 0),
0360 BPF_EXIT_INSN(),
0361 },
0362 .errstr = "R3 pointer arithmetic on pkt_end",
0363 .result = REJECT,
0364 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
0365 },
0366 {
0367 "direct packet access: test17 (pruning, alignment)",
0368 .insns = {
0369 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0370 offsetof(struct __sk_buff, data)),
0371 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0372 offsetof(struct __sk_buff, data_end)),
0373 BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_1,
0374 offsetof(struct __sk_buff, mark)),
0375 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
0376 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 14),
0377 BPF_JMP_IMM(BPF_JGT, BPF_REG_7, 1, 4),
0378 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1),
0379 BPF_STX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, -4),
0380 BPF_MOV64_IMM(BPF_REG_0, 0),
0381 BPF_EXIT_INSN(),
0382 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 1),
0383 BPF_JMP_A(-6),
0384 },
0385 .errstr = "misaligned packet access off 2+(0x0; 0x0)+15+-4 size 4",
0386 .result = REJECT,
0387 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
0388 .flags = F_LOAD_WITH_STRICT_ALIGNMENT,
0389 },
0390 {
0391 "direct packet access: test18 (imm += pkt_ptr, 1)",
0392 .insns = {
0393 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0394 offsetof(struct __sk_buff, data)),
0395 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0396 offsetof(struct __sk_buff, data_end)),
0397 BPF_MOV64_IMM(BPF_REG_0, 8),
0398 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_2),
0399 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1),
0400 BPF_STX_MEM(BPF_B, BPF_REG_2, BPF_REG_2, 0),
0401 BPF_MOV64_IMM(BPF_REG_0, 0),
0402 BPF_EXIT_INSN(),
0403 },
0404 .result = ACCEPT,
0405 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
0406 },
0407 {
0408 "direct packet access: test19 (imm += pkt_ptr, 2)",
0409 .insns = {
0410 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0411 offsetof(struct __sk_buff, data)),
0412 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0413 offsetof(struct __sk_buff, data_end)),
0414 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
0415 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
0416 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 3),
0417 BPF_MOV64_IMM(BPF_REG_4, 4),
0418 BPF_ALU64_REG(BPF_ADD, BPF_REG_4, BPF_REG_2),
0419 BPF_STX_MEM(BPF_B, BPF_REG_4, BPF_REG_4, 0),
0420 BPF_MOV64_IMM(BPF_REG_0, 0),
0421 BPF_EXIT_INSN(),
0422 },
0423 .result = ACCEPT,
0424 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
0425 },
0426 {
0427 "direct packet access: test20 (x += pkt_ptr, 1)",
0428 .insns = {
0429 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0430 offsetof(struct __sk_buff, data)),
0431 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0432 offsetof(struct __sk_buff, data_end)),
0433 BPF_MOV64_IMM(BPF_REG_0, 0xffffffff),
0434 BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -8),
0435 BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_10, -8),
0436 BPF_ALU64_IMM(BPF_AND, BPF_REG_0, 0x7fff),
0437 BPF_MOV64_REG(BPF_REG_4, BPF_REG_0),
0438 BPF_ALU64_REG(BPF_ADD, BPF_REG_4, BPF_REG_2),
0439 BPF_MOV64_REG(BPF_REG_5, BPF_REG_4),
0440 BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, 0x7fff - 1),
0441 BPF_JMP_REG(BPF_JGT, BPF_REG_4, BPF_REG_3, 1),
0442 BPF_STX_MEM(BPF_DW, BPF_REG_5, BPF_REG_4, 0),
0443 BPF_MOV64_IMM(BPF_REG_0, 0),
0444 BPF_EXIT_INSN(),
0445 },
0446 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
0447 .result = ACCEPT,
0448 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
0449 },
0450 {
0451 "direct packet access: test21 (x += pkt_ptr, 2)",
0452 .insns = {
0453 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0454 offsetof(struct __sk_buff, data)),
0455 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0456 offsetof(struct __sk_buff, data_end)),
0457 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
0458 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
0459 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 9),
0460 BPF_MOV64_IMM(BPF_REG_4, 0xffffffff),
0461 BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_4, -8),
0462 BPF_LDX_MEM(BPF_DW, BPF_REG_4, BPF_REG_10, -8),
0463 BPF_ALU64_IMM(BPF_AND, BPF_REG_4, 0x7fff),
0464 BPF_ALU64_REG(BPF_ADD, BPF_REG_4, BPF_REG_2),
0465 BPF_MOV64_REG(BPF_REG_5, BPF_REG_4),
0466 BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, 0x7fff - 1),
0467 BPF_JMP_REG(BPF_JGT, BPF_REG_4, BPF_REG_3, 1),
0468 BPF_STX_MEM(BPF_DW, BPF_REG_5, BPF_REG_4, 0),
0469 BPF_MOV64_IMM(BPF_REG_0, 0),
0470 BPF_EXIT_INSN(),
0471 },
0472 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
0473 .result = ACCEPT,
0474 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
0475 },
0476 {
0477 "direct packet access: test22 (x += pkt_ptr, 3)",
0478 .insns = {
0479 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0480 offsetof(struct __sk_buff, data)),
0481 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0482 offsetof(struct __sk_buff, data_end)),
0483 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
0484 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
0485 BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -8),
0486 BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_3, -16),
0487 BPF_LDX_MEM(BPF_DW, BPF_REG_3, BPF_REG_10, -16),
0488 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 11),
0489 BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_10, -8),
0490 BPF_MOV64_IMM(BPF_REG_4, 0xffffffff),
0491 BPF_ATOMIC_OP(BPF_DW, BPF_ADD, BPF_REG_10, BPF_REG_4, -8),
0492 BPF_LDX_MEM(BPF_DW, BPF_REG_4, BPF_REG_10, -8),
0493 BPF_ALU64_IMM(BPF_RSH, BPF_REG_4, 49),
0494 BPF_ALU64_REG(BPF_ADD, BPF_REG_4, BPF_REG_2),
0495 BPF_MOV64_REG(BPF_REG_0, BPF_REG_4),
0496 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 2),
0497 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 2),
0498 BPF_MOV64_IMM(BPF_REG_2, 1),
0499 BPF_STX_MEM(BPF_H, BPF_REG_4, BPF_REG_2, 0),
0500 BPF_MOV64_IMM(BPF_REG_0, 0),
0501 BPF_EXIT_INSN(),
0502 },
0503 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
0504 .result = ACCEPT,
0505 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
0506 },
0507 {
0508 "direct packet access: test23 (x += pkt_ptr, 4)",
0509 .insns = {
0510 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0511 offsetof(struct __sk_buff, data)),
0512 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0513 offsetof(struct __sk_buff, data_end)),
0514 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
0515 offsetof(struct __sk_buff, mark)),
0516 BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -8),
0517 BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_10, -8),
0518 BPF_ALU64_IMM(BPF_AND, BPF_REG_0, 0xffff),
0519 BPF_MOV64_REG(BPF_REG_4, BPF_REG_0),
0520 BPF_MOV64_IMM(BPF_REG_0, 31),
0521 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_4),
0522 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_2),
0523 BPF_MOV64_REG(BPF_REG_5, BPF_REG_0),
0524 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 0xffff - 1),
0525 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1),
0526 BPF_STX_MEM(BPF_DW, BPF_REG_5, BPF_REG_0, 0),
0527 BPF_MOV64_IMM(BPF_REG_0, 0),
0528 BPF_EXIT_INSN(),
0529 },
0530 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
0531 .result = REJECT,
0532 .errstr = "invalid access to packet, off=0 size=8, R5(id=2,off=0,r=0)",
0533 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
0534 },
0535 {
0536 "direct packet access: test24 (x += pkt_ptr, 5)",
0537 .insns = {
0538 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0539 offsetof(struct __sk_buff, data)),
0540 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0541 offsetof(struct __sk_buff, data_end)),
0542 BPF_MOV64_IMM(BPF_REG_0, 0xffffffff),
0543 BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -8),
0544 BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_10, -8),
0545 BPF_ALU64_IMM(BPF_AND, BPF_REG_0, 0xff),
0546 BPF_MOV64_REG(BPF_REG_4, BPF_REG_0),
0547 BPF_MOV64_IMM(BPF_REG_0, 64),
0548 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_4),
0549 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_2),
0550 BPF_MOV64_REG(BPF_REG_5, BPF_REG_0),
0551 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 0x7fff - 1),
0552 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1),
0553 BPF_STX_MEM(BPF_DW, BPF_REG_5, BPF_REG_0, 0),
0554 BPF_MOV64_IMM(BPF_REG_0, 0),
0555 BPF_EXIT_INSN(),
0556 },
0557 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
0558 .result = ACCEPT,
0559 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
0560 },
0561 {
0562 "direct packet access: test25 (marking on <, good access)",
0563 .insns = {
0564 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0565 offsetof(struct __sk_buff, data)),
0566 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0567 offsetof(struct __sk_buff, data_end)),
0568 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
0569 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
0570 BPF_JMP_REG(BPF_JLT, BPF_REG_0, BPF_REG_3, 2),
0571 BPF_MOV64_IMM(BPF_REG_0, 0),
0572 BPF_EXIT_INSN(),
0573 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0),
0574 BPF_JMP_IMM(BPF_JA, 0, 0, -4),
0575 },
0576 .result = ACCEPT,
0577 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
0578 },
0579 {
0580 "direct packet access: test26 (marking on <, bad access)",
0581 .insns = {
0582 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0583 offsetof(struct __sk_buff, data)),
0584 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0585 offsetof(struct __sk_buff, data_end)),
0586 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
0587 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
0588 BPF_JMP_REG(BPF_JLT, BPF_REG_0, BPF_REG_3, 3),
0589 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0),
0590 BPF_MOV64_IMM(BPF_REG_0, 0),
0591 BPF_EXIT_INSN(),
0592 BPF_JMP_IMM(BPF_JA, 0, 0, -3),
0593 },
0594 .result = REJECT,
0595 .errstr = "invalid access to packet",
0596 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
0597 },
0598 {
0599 "direct packet access: test27 (marking on <=, good access)",
0600 .insns = {
0601 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0602 offsetof(struct __sk_buff, data)),
0603 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0604 offsetof(struct __sk_buff, data_end)),
0605 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
0606 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
0607 BPF_JMP_REG(BPF_JLE, BPF_REG_3, BPF_REG_0, 1),
0608 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0),
0609 BPF_MOV64_IMM(BPF_REG_0, 1),
0610 BPF_EXIT_INSN(),
0611 },
0612 .result = ACCEPT,
0613 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
0614 .retval = 1,
0615 },
0616 {
0617 "direct packet access: test28 (marking on <=, bad access)",
0618 .insns = {
0619 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0620 offsetof(struct __sk_buff, data)),
0621 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
0622 offsetof(struct __sk_buff, data_end)),
0623 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
0624 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
0625 BPF_JMP_REG(BPF_JLE, BPF_REG_3, BPF_REG_0, 2),
0626 BPF_MOV64_IMM(BPF_REG_0, 1),
0627 BPF_EXIT_INSN(),
0628 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0),
0629 BPF_JMP_IMM(BPF_JA, 0, 0, -4),
0630 },
0631 .result = REJECT,
0632 .errstr = "invalid access to packet",
0633 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
0634 },
0635 {
0636 "direct packet access: test29 (reg > pkt_end in subprog)",
0637 .insns = {
0638 BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1,
0639 offsetof(struct __sk_buff, data)),
0640 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
0641 offsetof(struct __sk_buff, data_end)),
0642 BPF_MOV64_REG(BPF_REG_3, BPF_REG_6),
0643 BPF_ALU64_IMM(BPF_ADD, BPF_REG_3, 8),
0644 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 1, 0, 4),
0645 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 1),
0646 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_6, 0),
0647 BPF_MOV64_IMM(BPF_REG_0, 0),
0648 BPF_EXIT_INSN(),
0649 BPF_MOV64_IMM(BPF_REG_0, 0),
0650 BPF_JMP_REG(BPF_JGT, BPF_REG_3, BPF_REG_2, 1),
0651 BPF_MOV64_IMM(BPF_REG_0, 1),
0652 BPF_EXIT_INSN(),
0653 },
0654 .result = ACCEPT,
0655 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
0656 },
