18c2ecf20Sopenharmony_ci{ 28c2ecf20Sopenharmony_ci "raw_stack: no skb_load_bytes", 38c2ecf20Sopenharmony_ci .insns = { 48c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_2, 4), 58c2ecf20Sopenharmony_ci BPF_ALU64_REG(BPF_MOV, BPF_REG_6, BPF_REG_10), 68c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, -8), 78c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_3, BPF_REG_6), 88c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_4, 8), 98c2ecf20Sopenharmony_ci /* Call to skb_load_bytes() omitted. */ 108c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_6, 0), 118c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 128c2ecf20Sopenharmony_ci }, 138c2ecf20Sopenharmony_ci .result = REJECT, 148c2ecf20Sopenharmony_ci .errstr = "invalid read from stack R6 off=-8 size=8", 158c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 168c2ecf20Sopenharmony_ci}, 178c2ecf20Sopenharmony_ci{ 188c2ecf20Sopenharmony_ci "raw_stack: skb_load_bytes, negative len", 198c2ecf20Sopenharmony_ci .insns = { 208c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_2, 4), 218c2ecf20Sopenharmony_ci BPF_ALU64_REG(BPF_MOV, BPF_REG_6, BPF_REG_10), 228c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, -8), 238c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_3, BPF_REG_6), 248c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_4, -8), 258c2ecf20Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_skb_load_bytes), 268c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_6, 0), 278c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 288c2ecf20Sopenharmony_ci }, 298c2ecf20Sopenharmony_ci .result = REJECT, 308c2ecf20Sopenharmony_ci .errstr = "R4 min value is negative", 318c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 328c2ecf20Sopenharmony_ci}, 338c2ecf20Sopenharmony_ci{ 348c2ecf20Sopenharmony_ci "raw_stack: skb_load_bytes, negative len 2", 358c2ecf20Sopenharmony_ci .insns = { 368c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_2, 4), 378c2ecf20Sopenharmony_ci BPF_ALU64_REG(BPF_MOV, BPF_REG_6, BPF_REG_10), 388c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, -8), 398c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_3, BPF_REG_6), 408c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_4, ~0), 418c2ecf20Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_skb_load_bytes), 428c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_6, 0), 438c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 448c2ecf20Sopenharmony_ci }, 458c2ecf20Sopenharmony_ci .result = REJECT, 468c2ecf20Sopenharmony_ci .errstr = "R4 min value is negative", 478c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 488c2ecf20Sopenharmony_ci}, 498c2ecf20Sopenharmony_ci{ 508c2ecf20Sopenharmony_ci "raw_stack: skb_load_bytes, zero len", 518c2ecf20Sopenharmony_ci .insns = { 528c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_2, 4), 538c2ecf20Sopenharmony_ci BPF_ALU64_REG(BPF_MOV, BPF_REG_6, BPF_REG_10), 548c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, -8), 558c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_3, BPF_REG_6), 568c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_4, 0), 578c2ecf20Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_skb_load_bytes), 588c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_6, 0), 598c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 608c2ecf20Sopenharmony_ci }, 618c2ecf20Sopenharmony_ci .result = REJECT, 628c2ecf20Sopenharmony_ci .errstr = "invalid zero-sized read", 638c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 648c2ecf20Sopenharmony_ci}, 658c2ecf20Sopenharmony_ci{ 668c2ecf20Sopenharmony_ci "raw_stack: skb_load_bytes, no init", 678c2ecf20Sopenharmony_ci .insns = { 688c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_2, 4), 698c2ecf20Sopenharmony_ci BPF_ALU64_REG(BPF_MOV, BPF_REG_6, BPF_REG_10), 708c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, -8), 718c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_3, BPF_REG_6), 728c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_4, 8), 738c2ecf20Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_skb_load_bytes), 748c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_6, 0), 758c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 768c2ecf20Sopenharmony_ci }, 778c2ecf20Sopenharmony_ci .result = ACCEPT, 788c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 798c2ecf20Sopenharmony_ci}, 808c2ecf20Sopenharmony_ci{ 818c2ecf20Sopenharmony_ci "raw_stack: skb_load_bytes, init", 828c2ecf20Sopenharmony_ci .insns = { 838c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_2, 4), 848c2ecf20Sopenharmony_ci BPF_ALU64_REG(BPF_MOV, BPF_REG_6, BPF_REG_10), 858c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, -8), 868c2ecf20Sopenharmony_ci BPF_ST_MEM(BPF_DW, BPF_REG_6, 0, 0xcafe), 878c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_3, BPF_REG_6), 888c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_4, 8), 898c2ecf20Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_skb_load_bytes), 908c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_6, 0), 918c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 928c2ecf20Sopenharmony_ci }, 938c2ecf20Sopenharmony_ci .result = ACCEPT, 948c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 958c2ecf20Sopenharmony_ci}, 968c2ecf20Sopenharmony_ci{ 978c2ecf20Sopenharmony_ci "raw_stack: skb_load_bytes, spilled regs around bounds", 988c2ecf20Sopenharmony_ci .insns = { 998c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_2, 4), 1008c2ecf20Sopenharmony_ci BPF_ALU64_REG(BPF_MOV, BPF_REG_6, BPF_REG_10), 1018c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, -16), 1028c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_6, BPF_REG_1, -8), 1038c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_6, BPF_REG_1, 8), 1048c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_3, BPF_REG_6), 1058c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_4, 8), 1068c2ecf20Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_skb_load_bytes), 1078c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_6, -8), 1088c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_6, 8), 1098c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, 1108c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, mark)), 1118c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_2, 1128c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, priority)), 1138c2ecf20Sopenharmony_ci BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_2), 1148c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1158c2ecf20Sopenharmony_ci }, 1168c2ecf20Sopenharmony_ci .result = ACCEPT, 1178c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 1188c2ecf20Sopenharmony_ci}, 1198c2ecf20Sopenharmony_ci{ 1208c2ecf20Sopenharmony_ci "raw_stack: skb_load_bytes, spilled regs corruption", 1218c2ecf20Sopenharmony_ci .insns = { 1228c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_2, 4), 1238c2ecf20Sopenharmony_ci BPF_ALU64_REG(BPF_MOV, BPF_REG_6, BPF_REG_10), 1248c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, -8), 1258c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_6, BPF_REG_1, 0), 1268c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_3, BPF_REG_6), 1278c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_4, 8), 1288c2ecf20Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_skb_load_bytes), 1298c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_6, 0), 1308c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, 1318c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, mark)), 1328c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1338c2ecf20Sopenharmony_ci }, 1348c2ecf20Sopenharmony_ci .result = REJECT, 1358c2ecf20Sopenharmony_ci .errstr = "R0 invalid mem access 'inv'", 1368c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 1378c2ecf20Sopenharmony_ci .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 1388c2ecf20Sopenharmony_ci}, 1398c2ecf20Sopenharmony_ci{ 1408c2ecf20Sopenharmony_ci "raw_stack: skb_load_bytes, spilled regs corruption 2", 1418c2ecf20Sopenharmony_ci .insns = { 1428c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_2, 4), 1438c2ecf20Sopenharmony_ci BPF_ALU64_REG(BPF_MOV, BPF_REG_6, BPF_REG_10), 1448c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, -16), 1458c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_6, BPF_REG_1, -8), 1468c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_6, BPF_REG_1, 0), 1478c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_6, BPF_REG_1, 8), 1488c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_3, BPF_REG_6), 1498c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_4, 8), 1508c2ecf20Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_skb_load_bytes), 1518c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_6, -8), 1528c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_6, 8), 1538c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_3, BPF_REG_6, 0), 1548c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, 1558c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, mark)), 1568c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_2, 1578c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, priority)), 1588c2ecf20Sopenharmony_ci BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_2), 1598c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_3, 1608c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, pkt_type)), 1618c2ecf20Sopenharmony_ci BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_3), 1628c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1638c2ecf20Sopenharmony_ci }, 1648c2ecf20Sopenharmony_ci .result = REJECT, 1658c2ecf20Sopenharmony_ci .errstr = "R3 invalid mem access 'inv'", 1668c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 1678c2ecf20Sopenharmony_ci .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 1688c2ecf20Sopenharmony_ci}, 1698c2ecf20Sopenharmony_ci{ 1708c2ecf20Sopenharmony_ci "raw_stack: skb_load_bytes, spilled regs + data", 1718c2ecf20Sopenharmony_ci .insns = { 1728c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_2, 4), 1738c2ecf20Sopenharmony_ci BPF_ALU64_REG(BPF_MOV, BPF_REG_6, BPF_REG_10), 1748c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, -16), 1758c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_6, BPF_REG_1, -8), 1768c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_6, BPF_REG_1, 0), 1778c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_6, BPF_REG_1, 8), 1788c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_3, BPF_REG_6), 1798c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_4, 8), 1808c2ecf20Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_skb_load_bytes), 1818c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_6, -8), 1828c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_6, 8), 1838c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_3, BPF_REG_6, 0), 1848c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, 1858c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, mark)), 1868c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_2, 1878c2ecf20Sopenharmony_ci offsetof(struct __sk_buff, priority)), 1888c2ecf20Sopenharmony_ci BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_2), 1898c2ecf20Sopenharmony_ci BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_3), 1908c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1918c2ecf20Sopenharmony_ci }, 1928c2ecf20Sopenharmony_ci .result = ACCEPT, 1938c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 1948c2ecf20Sopenharmony_ci}, 1958c2ecf20Sopenharmony_ci{ 1968c2ecf20Sopenharmony_ci "raw_stack: skb_load_bytes, invalid access 1", 1978c2ecf20Sopenharmony_ci .insns = { 1988c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_2, 4), 1998c2ecf20Sopenharmony_ci BPF_ALU64_REG(BPF_MOV, BPF_REG_6, BPF_REG_10), 2008c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, -513), 2018c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_3, BPF_REG_6), 2028c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_4, 8), 2038c2ecf20Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_skb_load_bytes), 2048c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_6, 0), 2058c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 2068c2ecf20Sopenharmony_ci }, 2078c2ecf20Sopenharmony_ci .result = REJECT, 2088c2ecf20Sopenharmony_ci .errstr = "invalid indirect access to stack R3 off=-513 size=8", 2098c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 2108c2ecf20Sopenharmony_ci}, 2118c2ecf20Sopenharmony_ci{ 2128c2ecf20Sopenharmony_ci "raw_stack: skb_load_bytes, invalid access 2", 2138c2ecf20Sopenharmony_ci .insns = { 2148c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_2, 4), 2158c2ecf20Sopenharmony_ci BPF_ALU64_REG(BPF_MOV, BPF_REG_6, BPF_REG_10), 2168c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, -1), 2178c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_3, BPF_REG_6), 2188c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_4, 8), 2198c2ecf20Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_skb_load_bytes), 2208c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_6, 0), 2218c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 2228c2ecf20Sopenharmony_ci }, 2238c2ecf20Sopenharmony_ci .result = REJECT, 2248c2ecf20Sopenharmony_ci .errstr = "invalid indirect access to stack R3 off=-1 size=8", 2258c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 2268c2ecf20Sopenharmony_ci}, 2278c2ecf20Sopenharmony_ci{ 2288c2ecf20Sopenharmony_ci "raw_stack: skb_load_bytes, invalid access 3", 2298c2ecf20Sopenharmony_ci .insns = { 2308c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_2, 4), 2318c2ecf20Sopenharmony_ci BPF_ALU64_REG(BPF_MOV, BPF_REG_6, BPF_REG_10), 2328c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, 0xffffffff), 2338c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_3, BPF_REG_6), 2348c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_4, 0xffffffff), 2358c2ecf20Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_skb_load_bytes), 2368c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_6, 0), 2378c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 2388c2ecf20Sopenharmony_ci }, 2398c2ecf20Sopenharmony_ci .result = REJECT, 2408c2ecf20Sopenharmony_ci .errstr = "R4 min value is negative", 2418c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 2428c2ecf20Sopenharmony_ci}, 2438c2ecf20Sopenharmony_ci{ 2448c2ecf20Sopenharmony_ci "raw_stack: skb_load_bytes, invalid access 4", 2458c2ecf20Sopenharmony_ci .insns = { 2468c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_2, 4), 2478c2ecf20Sopenharmony_ci BPF_ALU64_REG(BPF_MOV, BPF_REG_6, BPF_REG_10), 2488c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, -1), 2498c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_3, BPF_REG_6), 2508c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_4, 0x7fffffff), 2518c2ecf20Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_skb_load_bytes), 2528c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_6, 0), 2538c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 2548c2ecf20Sopenharmony_ci }, 2558c2ecf20Sopenharmony_ci .result = REJECT, 2568c2ecf20Sopenharmony_ci .errstr = "R4 unbounded memory access, use 'var &= const' or 'if (var < const)'", 2578c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 2588c2ecf20Sopenharmony_ci}, 2598c2ecf20Sopenharmony_ci{ 2608c2ecf20Sopenharmony_ci "raw_stack: skb_load_bytes, invalid access 5", 2618c2ecf20Sopenharmony_ci .insns = { 2628c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_2, 4), 2638c2ecf20Sopenharmony_ci BPF_ALU64_REG(BPF_MOV, BPF_REG_6, BPF_REG_10), 2648c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, -512), 2658c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_3, BPF_REG_6), 2668c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_4, 0x7fffffff), 2678c2ecf20Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_skb_load_bytes), 2688c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_6, 0), 2698c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 2708c2ecf20Sopenharmony_ci }, 2718c2ecf20Sopenharmony_ci .result = REJECT, 2728c2ecf20Sopenharmony_ci .errstr = "R4 unbounded memory access, use 'var &= const' or 'if (var < const)'", 2738c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 2748c2ecf20Sopenharmony_ci}, 2758c2ecf20Sopenharmony_ci{ 2768c2ecf20Sopenharmony_ci "raw_stack: skb_load_bytes, invalid access 6", 2778c2ecf20Sopenharmony_ci .insns = { 2788c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_2, 4), 2798c2ecf20Sopenharmony_ci BPF_ALU64_REG(BPF_MOV, BPF_REG_6, BPF_REG_10), 2808c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, -512), 2818c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_3, BPF_REG_6), 2828c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_4, 0), 2838c2ecf20Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_skb_load_bytes), 2848c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_6, 0), 2858c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 2868c2ecf20Sopenharmony_ci }, 2878c2ecf20Sopenharmony_ci .result = REJECT, 2888c2ecf20Sopenharmony_ci .errstr = "invalid zero-sized read", 2898c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 2908c2ecf20Sopenharmony_ci}, 2918c2ecf20Sopenharmony_ci{ 2928c2ecf20Sopenharmony_ci "raw_stack: skb_load_bytes, large access", 2938c2ecf20Sopenharmony_ci .insns = { 2948c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_2, 4), 2958c2ecf20Sopenharmony_ci BPF_ALU64_REG(BPF_MOV, BPF_REG_6, BPF_REG_10), 2968c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, -512), 2978c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_3, BPF_REG_6), 2988c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_4, 512), 2998c2ecf20Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_skb_load_bytes), 3008c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_6, 0), 3018c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 3028c2ecf20Sopenharmony_ci }, 3038c2ecf20Sopenharmony_ci .result = ACCEPT, 3048c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 3058c2ecf20Sopenharmony_ci}, 306