18c2ecf20Sopenharmony_ci{ 28c2ecf20Sopenharmony_ci "access skb fields ok", 38c2ecf20Sopenharmony_ci .insns = { 48c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 58c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, len)), 68c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 1), 78c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 88c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, mark)), 98c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 1), 108c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 118c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, pkt_type)), 128c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 1), 138c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 148c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, queue_mapping)), 158c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 0), 168c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 178c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, protocol)), 188c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 0), 198c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 208c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, vlan_present)), 218c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 0), 228c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 238c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, vlan_tci)), 248c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 0), 258c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 268c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, napi_id)), 278c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 0), 288c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 298c2ecf20Sopenharmony_ci }, 308c2ecf20Sopenharmony_ci .result = ACCEPT, 318c2ecf20Sopenharmony_ci}, 328c2ecf20Sopenharmony_ci{ 338c2ecf20Sopenharmony_ci "access skb fields bad1", 348c2ecf20Sopenharmony_ci .insns = { 358c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, -4), 368c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 378c2ecf20Sopenharmony_ci }, 388c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access", 398c2ecf20Sopenharmony_ci .result = REJECT, 408c2ecf20Sopenharmony_ci}, 418c2ecf20Sopenharmony_ci{ 428c2ecf20Sopenharmony_ci "access skb fields bad2", 438c2ecf20Sopenharmony_ci .insns = { 448c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JGE, BPF_REG_1, 0, 9), 458c2ecf20Sopenharmony_ci BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), 468c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 478c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 488c2ecf20Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_1, 0), 498c2ecf20Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 508c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 518c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 528c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), 538c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 548c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, pkt_type)), 558c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 568c2ecf20Sopenharmony_ci }, 578c2ecf20Sopenharmony_ci .fixup_map_hash_8b = { 4 }, 588c2ecf20Sopenharmony_ci .errstr = "different pointers", 598c2ecf20Sopenharmony_ci .errstr_unpriv = "R1 pointer comparison", 608c2ecf20Sopenharmony_ci .result = REJECT, 618c2ecf20Sopenharmony_ci}, 628c2ecf20Sopenharmony_ci{ 638c2ecf20Sopenharmony_ci "access skb fields bad3", 648c2ecf20Sopenharmony_ci .insns = { 658c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JGE, BPF_REG_1, 0, 2), 668c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 678c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, pkt_type)), 688c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 698c2ecf20Sopenharmony_ci BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), 708c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 718c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 728c2ecf20Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_1, 0), 738c2ecf20Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 748c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 758c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 768c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), 778c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JA, 0, 0, -12), 788c2ecf20Sopenharmony_ci }, 798c2ecf20Sopenharmony_ci .fixup_map_hash_8b = { 6 }, 808c2ecf20Sopenharmony_ci .errstr = "different pointers", 818c2ecf20Sopenharmony_ci .errstr_unpriv = "R1 pointer comparison", 828c2ecf20Sopenharmony_ci .result = REJECT, 838c2ecf20Sopenharmony_ci}, 848c2ecf20Sopenharmony_ci{ 858c2ecf20Sopenharmony_ci "access skb fields bad4", 868c2ecf20Sopenharmony_ci .insns = { 878c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JGE, BPF_REG_1, 0, 3), 888c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 898c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, len)), 908c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 918c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 928c2ecf20Sopenharmony_ci BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), 938c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 948c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 958c2ecf20Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_1, 0), 968c2ecf20Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 978c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 988c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 998c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), 1008c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JA, 0, 0, -13), 1018c2ecf20Sopenharmony_ci }, 1028c2ecf20Sopenharmony_ci .fixup_map_hash_8b = { 7 }, 1038c2ecf20Sopenharmony_ci .errstr = "different pointers", 1048c2ecf20Sopenharmony_ci .errstr_unpriv = "R1 pointer comparison", 1058c2ecf20Sopenharmony_ci .result = REJECT, 1068c2ecf20Sopenharmony_ci}, 1078c2ecf20Sopenharmony_ci{ 1088c2ecf20Sopenharmony_ci "invalid access __sk_buff family", 1098c2ecf20Sopenharmony_ci .insns = { 1108c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 1118c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, family)), 1128c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1138c2ecf20Sopenharmony_ci }, 1148c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access", 1158c2ecf20Sopenharmony_ci .result = REJECT, 1168c2ecf20Sopenharmony_ci}, 1178c2ecf20Sopenharmony_ci{ 1188c2ecf20Sopenharmony_ci "invalid access __sk_buff remote_ip4", 1198c2ecf20Sopenharmony_ci .insns = { 1208c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 1218c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, remote_ip4)), 1228c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1238c2ecf20Sopenharmony_ci }, 1248c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access", 1258c2ecf20Sopenharmony_ci .result = REJECT, 1268c2ecf20Sopenharmony_ci}, 1278c2ecf20Sopenharmony_ci{ 1288c2ecf20Sopenharmony_ci "invalid access __sk_buff local_ip4", 1298c2ecf20Sopenharmony_ci .insns = { 1308c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 1318c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, local_ip4)), 1328c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1338c2ecf20Sopenharmony_ci }, 1348c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access", 1358c2ecf20Sopenharmony_ci .result = REJECT, 1368c2ecf20Sopenharmony_ci}, 1378c2ecf20Sopenharmony_ci{ 1388c2ecf20Sopenharmony_ci "invalid access __sk_buff remote_ip6", 1398c2ecf20Sopenharmony_ci .insns = { 1408c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 1418c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, remote_ip6)), 1428c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1438c2ecf20Sopenharmony_ci }, 1448c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access", 1458c2ecf20Sopenharmony_ci .result = REJECT, 1468c2ecf20Sopenharmony_ci}, 1478c2ecf20Sopenharmony_ci{ 1488c2ecf20Sopenharmony_ci "invalid access __sk_buff local_ip6", 1498c2ecf20Sopenharmony_ci .insns = { 1508c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 1518c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, local_ip6)), 1528c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1538c2ecf20Sopenharmony_ci }, 1548c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access", 1558c2ecf20Sopenharmony_ci .result = REJECT, 1568c2ecf20Sopenharmony_ci}, 1578c2ecf20Sopenharmony_ci{ 1588c2ecf20Sopenharmony_ci "invalid access __sk_buff remote_port", 1598c2ecf20Sopenharmony_ci .insns = { 1608c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 1618c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, remote_port)), 1628c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1638c2ecf20Sopenharmony_ci }, 1648c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access", 1658c2ecf20Sopenharmony_ci .result = REJECT, 1668c2ecf20Sopenharmony_ci}, 1678c2ecf20Sopenharmony_ci{ 1688c2ecf20Sopenharmony_ci "invalid access __sk_buff remote_port", 1698c2ecf20Sopenharmony_ci .insns = { 1708c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 1718c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, local_port)), 1728c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1738c2ecf20Sopenharmony_ci }, 1748c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access", 1758c2ecf20Sopenharmony_ci .result = REJECT, 1768c2ecf20Sopenharmony_ci}, 1778c2ecf20Sopenharmony_ci{ 1788c2ecf20Sopenharmony_ci "valid access __sk_buff family", 1798c2ecf20Sopenharmony_ci .insns = { 1808c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 1818c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, family)), 1828c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1838c2ecf20Sopenharmony_ci }, 1848c2ecf20Sopenharmony_ci .result = ACCEPT, 1858c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 1868c2ecf20Sopenharmony_ci}, 1878c2ecf20Sopenharmony_ci{ 1888c2ecf20Sopenharmony_ci "valid access __sk_buff remote_ip4", 1898c2ecf20Sopenharmony_ci .insns = { 1908c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 1918c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, remote_ip4)), 1928c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1938c2ecf20Sopenharmony_ci }, 1948c2ecf20Sopenharmony_ci .result = ACCEPT, 1958c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 1968c2ecf20Sopenharmony_ci}, 1978c2ecf20Sopenharmony_ci{ 1988c2ecf20Sopenharmony_ci "valid access __sk_buff local_ip4", 1998c2ecf20Sopenharmony_ci .insns = { 2008c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 2018c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, local_ip4)), 2028c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 2038c2ecf20Sopenharmony_ci }, 2048c2ecf20Sopenharmony_ci .result = ACCEPT, 2058c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 2068c2ecf20Sopenharmony_ci}, 2078c2ecf20Sopenharmony_ci{ 2088c2ecf20Sopenharmony_ci "valid access __sk_buff remote_ip6", 2098c2ecf20Sopenharmony_ci .insns = { 2108c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 2118c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, remote_ip6[0])), 2128c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 2138c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, remote_ip6[1])), 2148c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 2158c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, remote_ip6[2])), 2168c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 2178c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, remote_ip6[3])), 2188c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 2198c2ecf20Sopenharmony_ci }, 2208c2ecf20Sopenharmony_ci .result = ACCEPT, 2218c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 2228c2ecf20Sopenharmony_ci}, 2238c2ecf20Sopenharmony_ci{ 2248c2ecf20Sopenharmony_ci "valid access __sk_buff local_ip6", 2258c2ecf20Sopenharmony_ci .insns = { 2268c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 2278c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, local_ip6[0])), 2288c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 2298c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, local_ip6[1])), 2308c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 2318c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, local_ip6[2])), 2328c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 2338c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, local_ip6[3])), 2348c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 2358c2ecf20Sopenharmony_ci }, 2368c2ecf20Sopenharmony_ci .result = ACCEPT, 2378c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 2388c2ecf20Sopenharmony_ci}, 2398c2ecf20Sopenharmony_ci{ 2408c2ecf20Sopenharmony_ci "valid access __sk_buff remote_port", 2418c2ecf20Sopenharmony_ci .insns = { 2428c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 2438c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, remote_port)), 2448c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 2458c2ecf20Sopenharmony_ci }, 2468c2ecf20Sopenharmony_ci .result = ACCEPT, 2478c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 2488c2ecf20Sopenharmony_ci}, 2498c2ecf20Sopenharmony_ci{ 2508c2ecf20Sopenharmony_ci "valid access __sk_buff remote_port", 2518c2ecf20Sopenharmony_ci .insns = { 2528c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 2538c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, local_port)), 2548c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 2558c2ecf20Sopenharmony_ci }, 2568c2ecf20Sopenharmony_ci .result = ACCEPT, 2578c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 2588c2ecf20Sopenharmony_ci}, 2598c2ecf20Sopenharmony_ci{ 2608c2ecf20Sopenharmony_ci "invalid access of tc_classid for SK_SKB", 2618c2ecf20Sopenharmony_ci .insns = { 2628c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 2638c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, tc_classid)), 2648c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 2658c2ecf20Sopenharmony_ci }, 2668c2ecf20Sopenharmony_ci .result = REJECT, 2678c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 2688c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access", 2698c2ecf20Sopenharmony_ci}, 2708c2ecf20Sopenharmony_ci{ 2718c2ecf20Sopenharmony_ci "invalid access of skb->mark for SK_SKB", 2728c2ecf20Sopenharmony_ci .insns = { 2738c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 2748c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, mark)), 2758c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 2768c2ecf20Sopenharmony_ci }, 2778c2ecf20Sopenharmony_ci .result = REJECT, 2788c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 2798c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access", 2808c2ecf20Sopenharmony_ci}, 2818c2ecf20Sopenharmony_ci{ 2828c2ecf20Sopenharmony_ci "check skb->mark is not writeable by SK_SKB", 2838c2ecf20Sopenharmony_ci .insns = { 2848c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 2858c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 2868c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, mark)), 2878c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 2888c2ecf20Sopenharmony_ci }, 2898c2ecf20Sopenharmony_ci .result = REJECT, 2908c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 2918c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access", 2928c2ecf20Sopenharmony_ci}, 2938c2ecf20Sopenharmony_ci{ 2948c2ecf20Sopenharmony_ci "check skb->tc_index is writeable by SK_SKB", 2958c2ecf20Sopenharmony_ci .insns = { 2968c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 2978c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 2988c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, tc_index)), 2998c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 3008c2ecf20Sopenharmony_ci }, 3018c2ecf20Sopenharmony_ci .result = ACCEPT, 3028c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 3038c2ecf20Sopenharmony_ci}, 3048c2ecf20Sopenharmony_ci{ 3058c2ecf20Sopenharmony_ci "check skb->priority is writeable by SK_SKB", 3068c2ecf20Sopenharmony_ci .insns = { 3078c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 3088c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 3098c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, priority)), 3108c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 3118c2ecf20Sopenharmony_ci }, 3128c2ecf20Sopenharmony_ci .result = ACCEPT, 3138c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 3148c2ecf20Sopenharmony_ci}, 3158c2ecf20Sopenharmony_ci{ 3168c2ecf20Sopenharmony_ci "direct packet read for SK_SKB", 3178c2ecf20Sopenharmony_ci .insns = { 3188c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 3198c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, data)), 3208c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 3218c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, data_end)), 3228c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 3238c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 3248c2ecf20Sopenharmony_ci BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1), 3258c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0), 3268c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 3278c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 3288c2ecf20Sopenharmony_ci }, 3298c2ecf20Sopenharmony_ci .result = ACCEPT, 3308c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 3318c2ecf20Sopenharmony_ci}, 3328c2ecf20Sopenharmony_ci{ 3338c2ecf20Sopenharmony_ci "direct packet write for SK_SKB", 3348c2ecf20Sopenharmony_ci .insns = { 3358c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 3368c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, data)), 3378c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 3388c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, data_end)), 3398c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 3408c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 3418c2ecf20Sopenharmony_ci BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1), 3428c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_2, BPF_REG_2, 0), 3438c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 3448c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 3458c2ecf20Sopenharmony_ci }, 3468c2ecf20Sopenharmony_ci .result = ACCEPT, 3478c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 3488c2ecf20Sopenharmony_ci}, 3498c2ecf20Sopenharmony_ci{ 3508c2ecf20Sopenharmony_ci "overlapping checks for direct packet access SK_SKB", 3518c2ecf20Sopenharmony_ci .insns = { 3528c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 3538c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, data)), 3548c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 3558c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, data_end)), 3568c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 3578c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 3588c2ecf20Sopenharmony_ci BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 4), 3598c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_2), 3608c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 6), 3618c2ecf20Sopenharmony_ci BPF_JMP_REG(BPF_JGT, BPF_REG_1, BPF_REG_3, 1), 3628c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_2, 6), 3638c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 3648c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 3658c2ecf20Sopenharmony_ci }, 3668c2ecf20Sopenharmony_ci .result = ACCEPT, 3678c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 3688c2ecf20Sopenharmony_ci}, 3698c2ecf20Sopenharmony_ci{ 3708c2ecf20Sopenharmony_ci "check skb->mark is not writeable by sockets", 3718c2ecf20Sopenharmony_ci .insns = { 3728c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 3738c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, mark)), 3748c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 3758c2ecf20Sopenharmony_ci }, 3768c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access", 3778c2ecf20Sopenharmony_ci .errstr_unpriv = "R1 leaks addr", 3788c2ecf20Sopenharmony_ci .result = REJECT, 3798c2ecf20Sopenharmony_ci}, 3808c2ecf20Sopenharmony_ci{ 3818c2ecf20Sopenharmony_ci "check skb->tc_index is not writeable by sockets", 3828c2ecf20Sopenharmony_ci .insns = { 3838c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 3848c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, tc_index)), 3858c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 3868c2ecf20Sopenharmony_ci }, 3878c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access", 3888c2ecf20Sopenharmony_ci .errstr_unpriv = "R1 leaks addr", 3898c2ecf20Sopenharmony_ci .result = REJECT, 3908c2ecf20Sopenharmony_ci}, 3918c2ecf20Sopenharmony_ci{ 3928c2ecf20Sopenharmony_ci "check cb access: byte", 3938c2ecf20Sopenharmony_ci .insns = { 3948c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 3958c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 3968c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[0])), 3978c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 3988c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[0]) + 1), 3998c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 4008c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[0]) + 2), 4018c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 4028c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[0]) + 3), 4038c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 4048c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[1])), 4058c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 4068c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[1]) + 1), 4078c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 4088c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[1]) + 2), 4098c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 4108c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[1]) + 3), 4118c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 4128c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[2])), 4138c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 4148c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[2]) + 1), 4158c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 4168c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[2]) + 2), 4178c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 4188c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[2]) + 3), 4198c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 4208c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[3])), 4218c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 4228c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[3]) + 1), 4238c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 4248c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[3]) + 2), 4258c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 4268c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[3]) + 3), 4278c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 4288c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[4])), 4298c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 4308c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[4]) + 1), 4318c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 4328c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[4]) + 2), 4338c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 4348c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[4]) + 3), 4358c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 4368c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[0])), 4378c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 4388c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[0]) + 1), 4398c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 4408c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[0]) + 2), 4418c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 4428c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[0]) + 3), 4438c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 4448c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[1])), 4458c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 4468c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[1]) + 1), 4478c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 4488c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[1]) + 2), 4498c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 4508c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[1]) + 3), 4518c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 4528c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[2])), 4538c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 4548c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[2]) + 1), 4558c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 4568c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[2]) + 2), 4578c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 4588c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[2]) + 3), 4598c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 4608c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[3])), 4618c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 4628c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[3]) + 1), 4638c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 4648c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[3]) + 2), 4658c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 4668c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[3]) + 3), 4678c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 4688c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[4])), 4698c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 4708c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[4]) + 1), 4718c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 4728c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[4]) + 2), 4738c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 4748c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[4]) + 3), 4758c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 4768c2ecf20Sopenharmony_ci }, 4778c2ecf20Sopenharmony_ci .result = ACCEPT, 4788c2ecf20Sopenharmony_ci}, 4798c2ecf20Sopenharmony_ci{ 4808c2ecf20Sopenharmony_ci "__sk_buff->hash, offset 0, byte store not permitted", 4818c2ecf20Sopenharmony_ci .insns = { 4828c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 4838c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 4848c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, hash)), 4858c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 4868c2ecf20Sopenharmony_ci }, 4878c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access", 4888c2ecf20Sopenharmony_ci .result = REJECT, 4898c2ecf20Sopenharmony_ci}, 4908c2ecf20Sopenharmony_ci{ 4918c2ecf20Sopenharmony_ci "__sk_buff->tc_index, offset 3, byte store not permitted", 4928c2ecf20Sopenharmony_ci .insns = { 4938c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 4948c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 4958c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, tc_index) + 3), 4968c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 4978c2ecf20Sopenharmony_ci }, 4988c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access", 4998c2ecf20Sopenharmony_ci .result = REJECT, 5008c2ecf20Sopenharmony_ci}, 5018c2ecf20Sopenharmony_ci{ 5028c2ecf20Sopenharmony_ci "check skb->hash byte load permitted", 5038c2ecf20Sopenharmony_ci .insns = { 5048c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 5058c2ecf20Sopenharmony_ci#if __BYTE_ORDER == __LITTLE_ENDIAN 5068c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 5078c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, hash)), 5088c2ecf20Sopenharmony_ci#else 5098c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 5108c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, hash) + 3), 5118c2ecf20Sopenharmony_ci#endif 5128c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 5138c2ecf20Sopenharmony_ci }, 5148c2ecf20Sopenharmony_ci .result = ACCEPT, 5158c2ecf20Sopenharmony_ci}, 5168c2ecf20Sopenharmony_ci{ 5178c2ecf20Sopenharmony_ci "check skb->hash byte load permitted 1", 5188c2ecf20Sopenharmony_ci .insns = { 5198c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 5208c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 5218c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, hash) + 1), 5228c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 5238c2ecf20Sopenharmony_ci }, 5248c2ecf20Sopenharmony_ci .result = ACCEPT, 5258c2ecf20Sopenharmony_ci}, 5268c2ecf20Sopenharmony_ci{ 5278c2ecf20Sopenharmony_ci "check skb->hash byte load permitted 2", 5288c2ecf20Sopenharmony_ci .insns = { 5298c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 5308c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 5318c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, hash) + 2), 5328c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 5338c2ecf20Sopenharmony_ci }, 5348c2ecf20Sopenharmony_ci .result = ACCEPT, 5358c2ecf20Sopenharmony_ci}, 5368c2ecf20Sopenharmony_ci{ 5378c2ecf20Sopenharmony_ci "check skb->hash byte load permitted 3", 5388c2ecf20Sopenharmony_ci .insns = { 5398c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 5408c2ecf20Sopenharmony_ci#if __BYTE_ORDER == __LITTLE_ENDIAN 5418c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 5428c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, hash) + 3), 5438c2ecf20Sopenharmony_ci#else 5448c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 5458c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, hash)), 5468c2ecf20Sopenharmony_ci#endif 5478c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 5488c2ecf20Sopenharmony_ci }, 5498c2ecf20Sopenharmony_ci .result = ACCEPT, 5508c2ecf20Sopenharmony_ci}, 5518c2ecf20Sopenharmony_ci{ 5528c2ecf20Sopenharmony_ci "check cb access: byte, wrong type", 5538c2ecf20Sopenharmony_ci .insns = { 5548c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 5558c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 5568c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[0])), 5578c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 5588c2ecf20Sopenharmony_ci }, 5598c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access", 5608c2ecf20Sopenharmony_ci .result = REJECT, 5618c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SOCK, 5628c2ecf20Sopenharmony_ci}, 5638c2ecf20Sopenharmony_ci{ 5648c2ecf20Sopenharmony_ci "check cb access: half", 5658c2ecf20Sopenharmony_ci .insns = { 5668c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 5678c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 5688c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[0])), 5698c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 5708c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[0]) + 2), 5718c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 5728c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[1])), 5738c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 5748c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[1]) + 2), 5758c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 5768c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[2])), 5778c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 5788c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[2]) + 2), 5798c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 5808c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[3])), 5818c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 5828c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[3]) + 2), 5838c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 5848c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[4])), 5858c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 5868c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[4]) + 2), 5878c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 5888c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[0])), 5898c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 5908c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[0]) + 2), 5918c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 5928c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[1])), 5938c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 5948c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[1]) + 2), 5958c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 5968c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[2])), 5978c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 5988c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[2]) + 2), 5998c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 6008c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[3])), 6018c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 6028c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[3]) + 2), 6038c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 6048c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[4])), 6058c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 6068c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[4]) + 2), 6078c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 6088c2ecf20Sopenharmony_ci }, 6098c2ecf20Sopenharmony_ci .result = ACCEPT, 6108c2ecf20Sopenharmony_ci}, 6118c2ecf20Sopenharmony_ci{ 6128c2ecf20Sopenharmony_ci "check cb access: half, unaligned", 6138c2ecf20Sopenharmony_ci .insns = { 6148c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 6158c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 6168c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[0]) + 1), 6178c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 6188c2ecf20Sopenharmony_ci }, 6198c2ecf20Sopenharmony_ci .errstr = "misaligned context access", 6208c2ecf20Sopenharmony_ci .result = REJECT, 6218c2ecf20Sopenharmony_ci .flags = F_LOAD_WITH_STRICT_ALIGNMENT, 6228c2ecf20Sopenharmony_ci}, 6238c2ecf20Sopenharmony_ci{ 6248c2ecf20Sopenharmony_ci "check __sk_buff->hash, offset 0, half store not permitted", 6258c2ecf20Sopenharmony_ci .insns = { 6268c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 6278c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 6288c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, hash)), 6298c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 6308c2ecf20Sopenharmony_ci }, 6318c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access", 6328c2ecf20Sopenharmony_ci .result = REJECT, 6338c2ecf20Sopenharmony_ci}, 6348c2ecf20Sopenharmony_ci{ 6358c2ecf20Sopenharmony_ci "check __sk_buff->tc_index, offset 2, half store not permitted", 6368c2ecf20Sopenharmony_ci .insns = { 6378c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 6388c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 6398c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, tc_index) + 2), 6408c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 6418c2ecf20Sopenharmony_ci }, 6428c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access", 6438c2ecf20Sopenharmony_ci .result = REJECT, 6448c2ecf20Sopenharmony_ci}, 6458c2ecf20Sopenharmony_ci{ 6468c2ecf20Sopenharmony_ci "check skb->hash half load permitted", 6478c2ecf20Sopenharmony_ci .insns = { 6488c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 6498c2ecf20Sopenharmony_ci#if __BYTE_ORDER == __LITTLE_ENDIAN 6508c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 6518c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, hash)), 6528c2ecf20Sopenharmony_ci#else 6538c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 6548c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, hash) + 2), 6558c2ecf20Sopenharmony_ci#endif 6568c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 6578c2ecf20Sopenharmony_ci }, 6588c2ecf20Sopenharmony_ci .result = ACCEPT, 6598c2ecf20Sopenharmony_ci}, 6608c2ecf20Sopenharmony_ci{ 6618c2ecf20Sopenharmony_ci "check skb->hash half load permitted 2", 6628c2ecf20Sopenharmony_ci .insns = { 6638c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 6648c2ecf20Sopenharmony_ci#if __BYTE_ORDER == __LITTLE_ENDIAN 6658c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 6668c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, hash) + 2), 6678c2ecf20Sopenharmony_ci#else 6688c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 6698c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, hash)), 6708c2ecf20Sopenharmony_ci#endif 6718c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 6728c2ecf20Sopenharmony_ci }, 6738c2ecf20Sopenharmony_ci .result = ACCEPT, 6748c2ecf20Sopenharmony_ci}, 6758c2ecf20Sopenharmony_ci{ 6768c2ecf20Sopenharmony_ci "check skb->hash half load not permitted, unaligned 1", 6778c2ecf20Sopenharmony_ci .insns = { 6788c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 6798c2ecf20Sopenharmony_ci#if __BYTE_ORDER == __LITTLE_ENDIAN 6808c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 6818c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, hash) + 1), 6828c2ecf20Sopenharmony_ci#else 6838c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 6848c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, hash) + 3), 6858c2ecf20Sopenharmony_ci#endif 6868c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 6878c2ecf20Sopenharmony_ci }, 6888c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access", 6898c2ecf20Sopenharmony_ci .result = REJECT, 6908c2ecf20Sopenharmony_ci .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 6918c2ecf20Sopenharmony_ci}, 6928c2ecf20Sopenharmony_ci{ 6938c2ecf20Sopenharmony_ci "check skb->hash half load not permitted, unaligned 3", 6948c2ecf20Sopenharmony_ci .insns = { 6958c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 6968c2ecf20Sopenharmony_ci#if __BYTE_ORDER == __LITTLE_ENDIAN 6978c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 6988c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, hash) + 3), 6998c2ecf20Sopenharmony_ci#else 7008c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 7018c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, hash) + 1), 7028c2ecf20Sopenharmony_ci#endif 7038c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 7048c2ecf20Sopenharmony_ci }, 7058c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access", 7068c2ecf20Sopenharmony_ci .result = REJECT, 7078c2ecf20Sopenharmony_ci .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 7088c2ecf20Sopenharmony_ci}, 7098c2ecf20Sopenharmony_ci{ 7108c2ecf20Sopenharmony_ci "check cb access: half, wrong type", 7118c2ecf20Sopenharmony_ci .insns = { 7128c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 7138c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 7148c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[0])), 7158c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 7168c2ecf20Sopenharmony_ci }, 7178c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access", 7188c2ecf20Sopenharmony_ci .result = REJECT, 7198c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SOCK, 7208c2ecf20Sopenharmony_ci}, 7218c2ecf20Sopenharmony_ci{ 7228c2ecf20Sopenharmony_ci "check cb access: word", 7238c2ecf20Sopenharmony_ci .insns = { 7248c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 7258c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 7268c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[0])), 7278c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 7288c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[1])), 7298c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 7308c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[2])), 7318c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 7328c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[3])), 7338c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 7348c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[4])), 7358c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 7368c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[0])), 7378c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 7388c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[1])), 7398c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 7408c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[2])), 7418c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 7428c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[3])), 7438c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 7448c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[4])), 7458c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 7468c2ecf20Sopenharmony_ci }, 7478c2ecf20Sopenharmony_ci .result = ACCEPT, 7488c2ecf20Sopenharmony_ci}, 7498c2ecf20Sopenharmony_ci{ 7508c2ecf20Sopenharmony_ci "check cb access: word, unaligned 1", 7518c2ecf20Sopenharmony_ci .insns = { 7528c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 7538c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 7548c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[0]) + 2), 7558c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 7568c2ecf20Sopenharmony_ci }, 7578c2ecf20Sopenharmony_ci .errstr = "misaligned context access", 7588c2ecf20Sopenharmony_ci .result = REJECT, 7598c2ecf20Sopenharmony_ci .flags = F_LOAD_WITH_STRICT_ALIGNMENT, 7608c2ecf20Sopenharmony_ci}, 7618c2ecf20Sopenharmony_ci{ 7628c2ecf20Sopenharmony_ci "check cb access: word, unaligned 2", 7638c2ecf20Sopenharmony_ci .insns = { 7648c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 7658c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 7668c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[4]) + 1), 7678c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 7688c2ecf20Sopenharmony_ci }, 7698c2ecf20Sopenharmony_ci .errstr = "misaligned context access", 7708c2ecf20Sopenharmony_ci .result = REJECT, 7718c2ecf20Sopenharmony_ci .flags = F_LOAD_WITH_STRICT_ALIGNMENT, 7728c2ecf20Sopenharmony_ci}, 7738c2ecf20Sopenharmony_ci{ 7748c2ecf20Sopenharmony_ci "check cb access: word, unaligned 3", 7758c2ecf20Sopenharmony_ci .insns = { 7768c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 7778c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 7788c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[4]) + 2), 7798c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 7808c2ecf20Sopenharmony_ci }, 7818c2ecf20Sopenharmony_ci .errstr = "misaligned context access", 7828c2ecf20Sopenharmony_ci .result = REJECT, 7838c2ecf20Sopenharmony_ci .flags = F_LOAD_WITH_STRICT_ALIGNMENT, 7848c2ecf20Sopenharmony_ci}, 7858c2ecf20Sopenharmony_ci{ 7868c2ecf20Sopenharmony_ci "check cb access: word, unaligned 4", 7878c2ecf20Sopenharmony_ci .insns = { 7888c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 7898c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 7908c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[4]) + 3), 7918c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 7928c2ecf20Sopenharmony_ci }, 7938c2ecf20Sopenharmony_ci .errstr = "misaligned context access", 7948c2ecf20Sopenharmony_ci .result = REJECT, 7958c2ecf20Sopenharmony_ci .flags = F_LOAD_WITH_STRICT_ALIGNMENT, 7968c2ecf20Sopenharmony_ci}, 7978c2ecf20Sopenharmony_ci{ 7988c2ecf20Sopenharmony_ci "check cb access: double", 7998c2ecf20Sopenharmony_ci .insns = { 8008c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 8018c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 8028c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[0])), 8038c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 8048c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[2])), 8058c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 8068c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[0])), 8078c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 8088c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[2])), 8098c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 8108c2ecf20Sopenharmony_ci }, 8118c2ecf20Sopenharmony_ci .result = ACCEPT, 8128c2ecf20Sopenharmony_ci}, 8138c2ecf20Sopenharmony_ci{ 8148c2ecf20Sopenharmony_ci "check cb access: double, unaligned 1", 8158c2ecf20Sopenharmony_ci .insns = { 8168c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 8178c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 8188c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[1])), 8198c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 8208c2ecf20Sopenharmony_ci }, 8218c2ecf20Sopenharmony_ci .errstr = "misaligned context access", 8228c2ecf20Sopenharmony_ci .result = REJECT, 8238c2ecf20Sopenharmony_ci .flags = F_LOAD_WITH_STRICT_ALIGNMENT, 8248c2ecf20Sopenharmony_ci}, 8258c2ecf20Sopenharmony_ci{ 8268c2ecf20Sopenharmony_ci "check cb access: double, unaligned 2", 8278c2ecf20Sopenharmony_ci .insns = { 8288c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 8298c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 8308c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[3])), 8318c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 8328c2ecf20Sopenharmony_ci }, 8338c2ecf20Sopenharmony_ci .errstr = "misaligned context access", 8348c2ecf20Sopenharmony_ci .result = REJECT, 8358c2ecf20Sopenharmony_ci .flags = F_LOAD_WITH_STRICT_ALIGNMENT, 8368c2ecf20Sopenharmony_ci}, 8378c2ecf20Sopenharmony_ci{ 8388c2ecf20Sopenharmony_ci "check cb access: double, oob 1", 8398c2ecf20Sopenharmony_ci .insns = { 8408c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 8418c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 8428c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[4])), 8438c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 8448c2ecf20Sopenharmony_ci }, 8458c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access", 8468c2ecf20Sopenharmony_ci .result = REJECT, 8478c2ecf20Sopenharmony_ci}, 8488c2ecf20Sopenharmony_ci{ 8498c2ecf20Sopenharmony_ci "check cb access: double, oob 2", 8508c2ecf20Sopenharmony_ci .insns = { 8518c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 8528c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 8538c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[4])), 8548c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 8558c2ecf20Sopenharmony_ci }, 8568c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access", 8578c2ecf20Sopenharmony_ci .result = REJECT, 8588c2ecf20Sopenharmony_ci}, 8598c2ecf20Sopenharmony_ci{ 8608c2ecf20Sopenharmony_ci "check __sk_buff->ifindex dw store not permitted", 8618c2ecf20Sopenharmony_ci .insns = { 8628c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 8638c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 8648c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, ifindex)), 8658c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 8668c2ecf20Sopenharmony_ci }, 8678c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access", 8688c2ecf20Sopenharmony_ci .result = REJECT, 8698c2ecf20Sopenharmony_ci}, 8708c2ecf20Sopenharmony_ci{ 8718c2ecf20Sopenharmony_ci "check __sk_buff->ifindex dw load not permitted", 8728c2ecf20Sopenharmony_ci .insns = { 8738c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 8748c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 8758c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, ifindex)), 8768c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 8778c2ecf20Sopenharmony_ci }, 8788c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access", 8798c2ecf20Sopenharmony_ci .result = REJECT, 8808c2ecf20Sopenharmony_ci}, 8818c2ecf20Sopenharmony_ci{ 8828c2ecf20Sopenharmony_ci "check cb access: double, wrong type", 8838c2ecf20Sopenharmony_ci .insns = { 8848c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 8858c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 8868c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[0])), 8878c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 8888c2ecf20Sopenharmony_ci }, 8898c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access", 8908c2ecf20Sopenharmony_ci .result = REJECT, 8918c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SOCK, 8928c2ecf20Sopenharmony_ci}, 8938c2ecf20Sopenharmony_ci{ 8948c2ecf20Sopenharmony_ci "check out of range skb->cb access", 8958c2ecf20Sopenharmony_ci .insns = { 8968c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 8978c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[0]) + 256), 8988c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 8998c2ecf20Sopenharmony_ci }, 9008c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access", 9018c2ecf20Sopenharmony_ci .errstr_unpriv = "", 9028c2ecf20Sopenharmony_ci .result = REJECT, 9038c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_ACT, 9048c2ecf20Sopenharmony_ci}, 9058c2ecf20Sopenharmony_ci{ 9068c2ecf20Sopenharmony_ci "write skb fields from socket prog", 9078c2ecf20Sopenharmony_ci .insns = { 9088c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 9098c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[4])), 9108c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 1), 9118c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 9128c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, mark)), 9138c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 9148c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, tc_index)), 9158c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 1), 9168c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 9178c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[0])), 9188c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 9198c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[2])), 9208c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 9218c2ecf20Sopenharmony_ci }, 9228c2ecf20Sopenharmony_ci .result = ACCEPT, 9238c2ecf20Sopenharmony_ci .errstr_unpriv = "R1 leaks addr", 9248c2ecf20Sopenharmony_ci .result_unpriv = REJECT, 9258c2ecf20Sopenharmony_ci}, 9268c2ecf20Sopenharmony_ci{ 9278c2ecf20Sopenharmony_ci "write skb fields from tc_cls_act prog", 9288c2ecf20Sopenharmony_ci .insns = { 9298c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 9308c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[0])), 9318c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 9328c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, mark)), 9338c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 9348c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, tc_index)), 9358c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 9368c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, tc_index)), 9378c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 9388c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, cb[3])), 9398c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 9408c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, tstamp)), 9418c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 9428c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, tstamp)), 9438c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 9448c2ecf20Sopenharmony_ci }, 9458c2ecf20Sopenharmony_ci .errstr_unpriv = "", 9468c2ecf20Sopenharmony_ci .result_unpriv = REJECT, 9478c2ecf20Sopenharmony_ci .result = ACCEPT, 9488c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 9498c2ecf20Sopenharmony_ci}, 9508c2ecf20Sopenharmony_ci{ 9518c2ecf20Sopenharmony_ci "check skb->data half load not permitted", 9528c2ecf20Sopenharmony_ci .insns = { 9538c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 9548c2ecf20Sopenharmony_ci#if __BYTE_ORDER == __LITTLE_ENDIAN 9558c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 9568c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, data)), 9578c2ecf20Sopenharmony_ci#else 9588c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 9598c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, data) + 2), 9608c2ecf20Sopenharmony_ci#endif 9618c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 9628c2ecf20Sopenharmony_ci }, 9638c2ecf20Sopenharmony_ci .result = REJECT, 9648c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access", 9658c2ecf20Sopenharmony_ci}, 9668c2ecf20Sopenharmony_ci{ 9678c2ecf20Sopenharmony_ci "read gso_segs from CGROUP_SKB", 9688c2ecf20Sopenharmony_ci .insns = { 9698c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 9708c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, gso_segs)), 9718c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 9728c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 9738c2ecf20Sopenharmony_ci }, 9748c2ecf20Sopenharmony_ci .result = ACCEPT, 9758c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 9768c2ecf20Sopenharmony_ci}, 9778c2ecf20Sopenharmony_ci{ 9788c2ecf20Sopenharmony_ci "read gso_segs from CGROUP_SKB", 9798c2ecf20Sopenharmony_ci .insns = { 9808c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 9818c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, gso_segs)), 9828c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 9838c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 9848c2ecf20Sopenharmony_ci }, 9858c2ecf20Sopenharmony_ci .result = ACCEPT, 9868c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 9878c2ecf20Sopenharmony_ci}, 9888c2ecf20Sopenharmony_ci{ 9898c2ecf20Sopenharmony_ci "write gso_segs from CGROUP_SKB", 9908c2ecf20Sopenharmony_ci .insns = { 9918c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 9928c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 9938c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, gso_segs)), 9948c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 9958c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 9968c2ecf20Sopenharmony_ci }, 9978c2ecf20Sopenharmony_ci .result = REJECT, 9988c2ecf20Sopenharmony_ci .result_unpriv = REJECT, 9998c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access off=164 size=4", 10008c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 10018c2ecf20Sopenharmony_ci}, 10028c2ecf20Sopenharmony_ci{ 10038c2ecf20Sopenharmony_ci "read gso_segs from CLS", 10048c2ecf20Sopenharmony_ci .insns = { 10058c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 10068c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, gso_segs)), 10078c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 10088c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 10098c2ecf20Sopenharmony_ci }, 10108c2ecf20Sopenharmony_ci .result = ACCEPT, 10118c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 10128c2ecf20Sopenharmony_ci}, 10138c2ecf20Sopenharmony_ci{ 10148c2ecf20Sopenharmony_ci "read gso_size from CGROUP_SKB", 10158c2ecf20Sopenharmony_ci .insns = { 10168c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 10178c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, gso_size)), 10188c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 10198c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 10208c2ecf20Sopenharmony_ci }, 10218c2ecf20Sopenharmony_ci .result = ACCEPT, 10228c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 10238c2ecf20Sopenharmony_ci}, 10248c2ecf20Sopenharmony_ci{ 10258c2ecf20Sopenharmony_ci "read gso_size from CGROUP_SKB", 10268c2ecf20Sopenharmony_ci .insns = { 10278c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 10288c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, gso_size)), 10298c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 10308c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 10318c2ecf20Sopenharmony_ci }, 10328c2ecf20Sopenharmony_ci .result = ACCEPT, 10338c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 10348c2ecf20Sopenharmony_ci}, 10358c2ecf20Sopenharmony_ci{ 10368c2ecf20Sopenharmony_ci "write gso_size from CGROUP_SKB", 10378c2ecf20Sopenharmony_ci .insns = { 10388c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 10398c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 10408c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, gso_size)), 10418c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 10428c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 10438c2ecf20Sopenharmony_ci }, 10448c2ecf20Sopenharmony_ci .result = REJECT, 10458c2ecf20Sopenharmony_ci .result_unpriv = REJECT, 10468c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access off=176 size=4", 10478c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 10488c2ecf20Sopenharmony_ci}, 10498c2ecf20Sopenharmony_ci{ 10508c2ecf20Sopenharmony_ci "read gso_size from CLS", 10518c2ecf20Sopenharmony_ci .insns = { 10528c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 10538c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, gso_size)), 10548c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 10558c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 10568c2ecf20Sopenharmony_ci }, 10578c2ecf20Sopenharmony_ci .result = ACCEPT, 10588c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 10598c2ecf20Sopenharmony_ci}, 10608c2ecf20Sopenharmony_ci{ 10618c2ecf20Sopenharmony_ci "check wire_len is not readable by sockets", 10628c2ecf20Sopenharmony_ci .insns = { 10638c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 10648c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, wire_len)), 10658c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 10668c2ecf20Sopenharmony_ci }, 10678c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access", 10688c2ecf20Sopenharmony_ci .result = REJECT, 10698c2ecf20Sopenharmony_ci}, 10708c2ecf20Sopenharmony_ci{ 10718c2ecf20Sopenharmony_ci "check wire_len is readable by tc classifier", 10728c2ecf20Sopenharmony_ci .insns = { 10738c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 10748c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, wire_len)), 10758c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 10768c2ecf20Sopenharmony_ci }, 10778c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 10788c2ecf20Sopenharmony_ci .result = ACCEPT, 10798c2ecf20Sopenharmony_ci}, 10808c2ecf20Sopenharmony_ci{ 10818c2ecf20Sopenharmony_ci "check wire_len is not writable by tc classifier", 10828c2ecf20Sopenharmony_ci .insns = { 10838c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 10848c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, wire_len)), 10858c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 10868c2ecf20Sopenharmony_ci }, 10878c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 10888c2ecf20Sopenharmony_ci .errstr = "invalid bpf_context access", 10898c2ecf20Sopenharmony_ci .errstr_unpriv = "R1 leaks addr", 10908c2ecf20Sopenharmony_ci .result = REJECT, 10918c2ecf20Sopenharmony_ci}, 1092