18c2ecf20Sopenharmony_ci{ 28c2ecf20Sopenharmony_ci "skb->sk: no NULL check", 38c2ecf20Sopenharmony_ci .insns = { 48c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 58c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 0), 68c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 78c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 88c2ecf20Sopenharmony_ci }, 98c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 108c2ecf20Sopenharmony_ci .result = REJECT, 118c2ecf20Sopenharmony_ci .errstr = "invalid mem access 'sock_common_or_null'", 128c2ecf20Sopenharmony_ci}, 138c2ecf20Sopenharmony_ci{ 148c2ecf20Sopenharmony_ci "skb->sk: sk->family [non fullsock field]", 158c2ecf20Sopenharmony_ci .insns = { 168c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 178c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), 188c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 198c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 208c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, offsetof(struct bpf_sock, family)), 218c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 228c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 238c2ecf20Sopenharmony_ci }, 248c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 258c2ecf20Sopenharmony_ci .result = ACCEPT, 268c2ecf20Sopenharmony_ci}, 278c2ecf20Sopenharmony_ci{ 288c2ecf20Sopenharmony_ci "skb->sk: sk->type [fullsock field]", 298c2ecf20Sopenharmony_ci .insns = { 308c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 318c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), 328c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 338c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 348c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, offsetof(struct bpf_sock, type)), 358c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 368c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 378c2ecf20Sopenharmony_ci }, 388c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 398c2ecf20Sopenharmony_ci .result = REJECT, 408c2ecf20Sopenharmony_ci .errstr = "invalid sock_common access", 418c2ecf20Sopenharmony_ci}, 428c2ecf20Sopenharmony_ci{ 438c2ecf20Sopenharmony_ci "bpf_sk_fullsock(skb->sk): no !skb->sk check", 448c2ecf20Sopenharmony_ci .insns = { 458c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 468c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_fullsock), 478c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 488c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 498c2ecf20Sopenharmony_ci }, 508c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 518c2ecf20Sopenharmony_ci .result = REJECT, 528c2ecf20Sopenharmony_ci .errstr = "type=sock_common_or_null expected=sock_common", 538c2ecf20Sopenharmony_ci}, 548c2ecf20Sopenharmony_ci{ 558c2ecf20Sopenharmony_ci "sk_fullsock(skb->sk): no NULL check on ret", 568c2ecf20Sopenharmony_ci .insns = { 578c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 588c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), 598c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 608c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 618c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_fullsock), 628c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, type)), 638c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 648c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 658c2ecf20Sopenharmony_ci }, 668c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 678c2ecf20Sopenharmony_ci .result = REJECT, 688c2ecf20Sopenharmony_ci .errstr = "invalid mem access 'sock_or_null'", 698c2ecf20Sopenharmony_ci}, 708c2ecf20Sopenharmony_ci{ 718c2ecf20Sopenharmony_ci "sk_fullsock(skb->sk): sk->type [fullsock field]", 728c2ecf20Sopenharmony_ci .insns = { 738c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 748c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), 758c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 768c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 778c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_fullsock), 788c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2), 798c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 808c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 818c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, type)), 828c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 838c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 848c2ecf20Sopenharmony_ci }, 858c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 868c2ecf20Sopenharmony_ci .result = ACCEPT, 878c2ecf20Sopenharmony_ci}, 888c2ecf20Sopenharmony_ci{ 898c2ecf20Sopenharmony_ci "sk_fullsock(skb->sk): sk->family [non fullsock field]", 908c2ecf20Sopenharmony_ci .insns = { 918c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 928c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), 938c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 948c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 958c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_fullsock), 968c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 978c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 988c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, family)), 998c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 1008c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1018c2ecf20Sopenharmony_ci }, 1028c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 1038c2ecf20Sopenharmony_ci .result = ACCEPT, 1048c2ecf20Sopenharmony_ci}, 1058c2ecf20Sopenharmony_ci{ 1068c2ecf20Sopenharmony_ci "sk_fullsock(skb->sk): sk->state [narrow load]", 1078c2ecf20Sopenharmony_ci .insns = { 1088c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 1098c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), 1108c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 1118c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1128c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_fullsock), 1138c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2), 1148c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 1158c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1168c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, state)), 1178c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 1188c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1198c2ecf20Sopenharmony_ci }, 1208c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 1218c2ecf20Sopenharmony_ci .result = ACCEPT, 1228c2ecf20Sopenharmony_ci}, 1238c2ecf20Sopenharmony_ci{ 1248c2ecf20Sopenharmony_ci "sk_fullsock(skb->sk): sk->dst_port [word load] (backward compatibility)", 1258c2ecf20Sopenharmony_ci .insns = { 1268c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 1278c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), 1288c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 1298c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1308c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_fullsock), 1318c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2), 1328c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 1338c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1348c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, dst_port)), 1358c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 1368c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1378c2ecf20Sopenharmony_ci }, 1388c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 1398c2ecf20Sopenharmony_ci .result = ACCEPT, 1408c2ecf20Sopenharmony_ci}, 1418c2ecf20Sopenharmony_ci{ 1428c2ecf20Sopenharmony_ci "sk_fullsock(skb->sk): sk->dst_port [half load]", 1438c2ecf20Sopenharmony_ci .insns = { 1448c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 1458c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), 1468c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 1478c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1488c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_fullsock), 1498c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2), 1508c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 1518c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1528c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, dst_port)), 1538c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 1548c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1558c2ecf20Sopenharmony_ci }, 1568c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 1578c2ecf20Sopenharmony_ci .result = ACCEPT, 1588c2ecf20Sopenharmony_ci}, 1598c2ecf20Sopenharmony_ci{ 1608c2ecf20Sopenharmony_ci "sk_fullsock(skb->sk): sk->dst_port [half load] (invalid)", 1618c2ecf20Sopenharmony_ci .insns = { 1628c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 1638c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), 1648c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 1658c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1668c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_fullsock), 1678c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2), 1688c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 1698c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1708c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, dst_port) + 2), 1718c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 1728c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1738c2ecf20Sopenharmony_ci }, 1748c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 1758c2ecf20Sopenharmony_ci .result = REJECT, 1768c2ecf20Sopenharmony_ci .errstr = "invalid sock access", 1778c2ecf20Sopenharmony_ci}, 1788c2ecf20Sopenharmony_ci{ 1798c2ecf20Sopenharmony_ci "sk_fullsock(skb->sk): sk->dst_port [byte load]", 1808c2ecf20Sopenharmony_ci .insns = { 1818c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 1828c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), 1838c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 1848c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1858c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_fullsock), 1868c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2), 1878c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 1888c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1898c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_2, BPF_REG_0, offsetof(struct bpf_sock, dst_port)), 1908c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_2, BPF_REG_0, offsetof(struct bpf_sock, dst_port) + 1), 1918c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 1928c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1938c2ecf20Sopenharmony_ci }, 1948c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 1958c2ecf20Sopenharmony_ci .result = ACCEPT, 1968c2ecf20Sopenharmony_ci}, 1978c2ecf20Sopenharmony_ci{ 1988c2ecf20Sopenharmony_ci "sk_fullsock(skb->sk): sk->dst_port [byte load] (invalid)", 1998c2ecf20Sopenharmony_ci .insns = { 2008c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 2018c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), 2028c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 2038c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 2048c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_fullsock), 2058c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2), 2068c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 2078c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 2088c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, dst_port) + 2), 2098c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 2108c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 2118c2ecf20Sopenharmony_ci }, 2128c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 2138c2ecf20Sopenharmony_ci .result = REJECT, 2148c2ecf20Sopenharmony_ci .errstr = "invalid sock access", 2158c2ecf20Sopenharmony_ci}, 2168c2ecf20Sopenharmony_ci{ 2178c2ecf20Sopenharmony_ci "sk_fullsock(skb->sk): past sk->dst_port [half load] (invalid)", 2188c2ecf20Sopenharmony_ci .insns = { 2198c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 2208c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), 2218c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 2228c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 2238c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_fullsock), 2248c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2), 2258c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 2268c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 2278c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_0, offsetofend(struct bpf_sock, dst_port)), 2288c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 2298c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 2308c2ecf20Sopenharmony_ci }, 2318c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 2328c2ecf20Sopenharmony_ci .result = REJECT, 2338c2ecf20Sopenharmony_ci .errstr = "invalid sock access", 2348c2ecf20Sopenharmony_ci}, 2358c2ecf20Sopenharmony_ci{ 2368c2ecf20Sopenharmony_ci "sk_fullsock(skb->sk): sk->dst_ip6 [load 2nd byte]", 2378c2ecf20Sopenharmony_ci .insns = { 2388c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 2398c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), 2408c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 2418c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 2428c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_fullsock), 2438c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2), 2448c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 2458c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 2468c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, dst_ip6[0]) + 1), 2478c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 2488c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 2498c2ecf20Sopenharmony_ci }, 2508c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 2518c2ecf20Sopenharmony_ci .result = ACCEPT, 2528c2ecf20Sopenharmony_ci}, 2538c2ecf20Sopenharmony_ci{ 2548c2ecf20Sopenharmony_ci "sk_fullsock(skb->sk): sk->type [narrow load]", 2558c2ecf20Sopenharmony_ci .insns = { 2568c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 2578c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), 2588c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 2598c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 2608c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_fullsock), 2618c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2), 2628c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 2638c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 2648c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, type)), 2658c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 2668c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 2678c2ecf20Sopenharmony_ci }, 2688c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 2698c2ecf20Sopenharmony_ci .result = ACCEPT, 2708c2ecf20Sopenharmony_ci}, 2718c2ecf20Sopenharmony_ci{ 2728c2ecf20Sopenharmony_ci "sk_fullsock(skb->sk): sk->protocol [narrow load]", 2738c2ecf20Sopenharmony_ci .insns = { 2748c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 2758c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), 2768c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 2778c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 2788c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_fullsock), 2798c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2), 2808c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 2818c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 2828c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, protocol)), 2838c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 2848c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 2858c2ecf20Sopenharmony_ci }, 2868c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 2878c2ecf20Sopenharmony_ci .result = ACCEPT, 2888c2ecf20Sopenharmony_ci}, 2898c2ecf20Sopenharmony_ci{ 2908c2ecf20Sopenharmony_ci "sk_fullsock(skb->sk): beyond last field", 2918c2ecf20Sopenharmony_ci .insns = { 2928c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 2938c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), 2948c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 2958c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 2968c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_fullsock), 2978c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2), 2988c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 2998c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 3008c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetofend(struct bpf_sock, rx_queue_mapping)), 3018c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 3028c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 3038c2ecf20Sopenharmony_ci }, 3048c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 3058c2ecf20Sopenharmony_ci .result = REJECT, 3068c2ecf20Sopenharmony_ci .errstr = "invalid sock access", 3078c2ecf20Sopenharmony_ci}, 3088c2ecf20Sopenharmony_ci{ 3098c2ecf20Sopenharmony_ci "bpf_tcp_sock(skb->sk): no !skb->sk check", 3108c2ecf20Sopenharmony_ci .insns = { 3118c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 3128c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_tcp_sock), 3138c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 3148c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 3158c2ecf20Sopenharmony_ci }, 3168c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 3178c2ecf20Sopenharmony_ci .result = REJECT, 3188c2ecf20Sopenharmony_ci .errstr = "type=sock_common_or_null expected=sock_common", 3198c2ecf20Sopenharmony_ci}, 3208c2ecf20Sopenharmony_ci{ 3218c2ecf20Sopenharmony_ci "bpf_tcp_sock(skb->sk): no NULL check on ret", 3228c2ecf20Sopenharmony_ci .insns = { 3238c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 3248c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), 3258c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 3268c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 3278c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_tcp_sock), 3288c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_tcp_sock, snd_cwnd)), 3298c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 3308c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 3318c2ecf20Sopenharmony_ci }, 3328c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 3338c2ecf20Sopenharmony_ci .result = REJECT, 3348c2ecf20Sopenharmony_ci .errstr = "invalid mem access 'tcp_sock_or_null'", 3358c2ecf20Sopenharmony_ci}, 3368c2ecf20Sopenharmony_ci{ 3378c2ecf20Sopenharmony_ci "bpf_tcp_sock(skb->sk): tp->snd_cwnd", 3388c2ecf20Sopenharmony_ci .insns = { 3398c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 3408c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), 3418c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 3428c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 3438c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_tcp_sock), 3448c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 3458c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 3468c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_tcp_sock, snd_cwnd)), 3478c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 3488c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 3498c2ecf20Sopenharmony_ci }, 3508c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 3518c2ecf20Sopenharmony_ci .result = ACCEPT, 3528c2ecf20Sopenharmony_ci}, 3538c2ecf20Sopenharmony_ci{ 3548c2ecf20Sopenharmony_ci "bpf_tcp_sock(skb->sk): tp->bytes_acked", 3558c2ecf20Sopenharmony_ci .insns = { 3568c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 3578c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), 3588c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 3598c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 3608c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_tcp_sock), 3618c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 3628c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 3638c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_tcp_sock, bytes_acked)), 3648c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 3658c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 3668c2ecf20Sopenharmony_ci }, 3678c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 3688c2ecf20Sopenharmony_ci .result = ACCEPT, 3698c2ecf20Sopenharmony_ci}, 3708c2ecf20Sopenharmony_ci{ 3718c2ecf20Sopenharmony_ci "bpf_tcp_sock(skb->sk): beyond last field", 3728c2ecf20Sopenharmony_ci .insns = { 3738c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 3748c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), 3758c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 3768c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 3778c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_tcp_sock), 3788c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 3798c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 3808c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, offsetofend(struct bpf_tcp_sock, bytes_acked)), 3818c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 3828c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 3838c2ecf20Sopenharmony_ci }, 3848c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 3858c2ecf20Sopenharmony_ci .result = REJECT, 3868c2ecf20Sopenharmony_ci .errstr = "invalid tcp_sock access", 3878c2ecf20Sopenharmony_ci}, 3888c2ecf20Sopenharmony_ci{ 3898c2ecf20Sopenharmony_ci "bpf_tcp_sock(bpf_sk_fullsock(skb->sk)): tp->snd_cwnd", 3908c2ecf20Sopenharmony_ci .insns = { 3918c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 3928c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), 3938c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 3948c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 3958c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_fullsock), 3968c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 3978c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 3988c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), 3998c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_tcp_sock), 4008c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 4018c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 4028c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_tcp_sock, snd_cwnd)), 4038c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 4048c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 4058c2ecf20Sopenharmony_ci }, 4068c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 4078c2ecf20Sopenharmony_ci .result = ACCEPT, 4088c2ecf20Sopenharmony_ci}, 4098c2ecf20Sopenharmony_ci{ 4108c2ecf20Sopenharmony_ci "bpf_sk_release(skb->sk)", 4118c2ecf20Sopenharmony_ci .insns = { 4128c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 4138c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JEQ, BPF_REG_1, 0, 1), 4148c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_release), 4158c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 4168c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 4178c2ecf20Sopenharmony_ci }, 4188c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 4198c2ecf20Sopenharmony_ci .result = REJECT, 4208c2ecf20Sopenharmony_ci .errstr = "reference has not been acquired before", 4218c2ecf20Sopenharmony_ci}, 4228c2ecf20Sopenharmony_ci{ 4238c2ecf20Sopenharmony_ci "bpf_sk_release(bpf_sk_fullsock(skb->sk))", 4248c2ecf20Sopenharmony_ci .insns = { 4258c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 4268c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), 4278c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 4288c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 4298c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_fullsock), 4308c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 4318c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 4328c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), 4338c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_release), 4348c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 1), 4358c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 4368c2ecf20Sopenharmony_ci }, 4378c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 4388c2ecf20Sopenharmony_ci .result = REJECT, 4398c2ecf20Sopenharmony_ci .errstr = "reference has not been acquired before", 4408c2ecf20Sopenharmony_ci}, 4418c2ecf20Sopenharmony_ci{ 4428c2ecf20Sopenharmony_ci "bpf_sk_release(bpf_tcp_sock(skb->sk))", 4438c2ecf20Sopenharmony_ci .insns = { 4448c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 4458c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), 4468c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 4478c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 4488c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_tcp_sock), 4498c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 4508c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 4518c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), 4528c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_release), 4538c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 1), 4548c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 4558c2ecf20Sopenharmony_ci }, 4568c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 4578c2ecf20Sopenharmony_ci .result = REJECT, 4588c2ecf20Sopenharmony_ci .errstr = "reference has not been acquired before", 4598c2ecf20Sopenharmony_ci}, 4608c2ecf20Sopenharmony_ci{ 4618c2ecf20Sopenharmony_ci "sk_storage_get(map, skb->sk, NULL, 0): value == NULL", 4628c2ecf20Sopenharmony_ci .insns = { 4638c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 4648c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), 4658c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 4668c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 4678c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_fullsock), 4688c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2), 4698c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 4708c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 4718c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_4, 0), 4728c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_3, 0), 4738c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_0), 4748c2ecf20Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_1, 0), 4758c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_storage_get), 4768c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 4778c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 4788c2ecf20Sopenharmony_ci }, 4798c2ecf20Sopenharmony_ci .fixup_sk_storage_map = { 11 }, 4808c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 4818c2ecf20Sopenharmony_ci .result = ACCEPT, 4828c2ecf20Sopenharmony_ci}, 4838c2ecf20Sopenharmony_ci{ 4848c2ecf20Sopenharmony_ci "sk_storage_get(map, skb->sk, 1, 1): value == 1", 4858c2ecf20Sopenharmony_ci .insns = { 4868c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 4878c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), 4888c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 4898c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 4908c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_fullsock), 4918c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2), 4928c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 4938c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 4948c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_4, 1), 4958c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_3, 1), 4968c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_0), 4978c2ecf20Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_1, 0), 4988c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_storage_get), 4998c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 5008c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 5018c2ecf20Sopenharmony_ci }, 5028c2ecf20Sopenharmony_ci .fixup_sk_storage_map = { 11 }, 5038c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 5048c2ecf20Sopenharmony_ci .result = REJECT, 5058c2ecf20Sopenharmony_ci .errstr = "R3 type=inv expected=fp", 5068c2ecf20Sopenharmony_ci}, 5078c2ecf20Sopenharmony_ci{ 5088c2ecf20Sopenharmony_ci "sk_storage_get(map, skb->sk, &stack_value, 1): stack_value", 5098c2ecf20Sopenharmony_ci .insns = { 5108c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_2, 0), 5118c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -8), 5128c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 5138c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), 5148c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 5158c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 5168c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_fullsock), 5178c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2), 5188c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 5198c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 5208c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_4, 1), 5218c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_3, BPF_REG_10), 5228c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_3, -8), 5238c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_0), 5248c2ecf20Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_1, 0), 5258c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_storage_get), 5268c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 5278c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 5288c2ecf20Sopenharmony_ci }, 5298c2ecf20Sopenharmony_ci .fixup_sk_storage_map = { 14 }, 5308c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 5318c2ecf20Sopenharmony_ci .result = ACCEPT, 5328c2ecf20Sopenharmony_ci}, 5338c2ecf20Sopenharmony_ci{ 5348c2ecf20Sopenharmony_ci "sk_storage_get(map, skb->sk, &stack_value, 1): partially init stack_value", 5358c2ecf20Sopenharmony_ci .insns = { 5368c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_2, 0), 5378c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_10, BPF_REG_2, -8), 5388c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 5398c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), 5408c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 5418c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 5428c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_fullsock), 5438c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2), 5448c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 5458c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 5468c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_4, 1), 5478c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_3, BPF_REG_10), 5488c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_3, -8), 5498c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_0), 5508c2ecf20Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_1, 0), 5518c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_storage_get), 5528c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 5538c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 5548c2ecf20Sopenharmony_ci }, 5558c2ecf20Sopenharmony_ci .fixup_sk_storage_map = { 14 }, 5568c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 5578c2ecf20Sopenharmony_ci .result = REJECT, 5588c2ecf20Sopenharmony_ci .errstr = "invalid indirect read from stack", 5598c2ecf20Sopenharmony_ci}, 5608c2ecf20Sopenharmony_ci{ 5618c2ecf20Sopenharmony_ci "bpf_map_lookup_elem(smap, &key)", 5628c2ecf20Sopenharmony_ci .insns = { 5638c2ecf20Sopenharmony_ci BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0), 5648c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 5658c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4), 5668c2ecf20Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_1, 0), 5678c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 5688c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 5698c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 5708c2ecf20Sopenharmony_ci }, 5718c2ecf20Sopenharmony_ci .fixup_sk_storage_map = { 3 }, 5728c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 5738c2ecf20Sopenharmony_ci .result = REJECT, 5748c2ecf20Sopenharmony_ci .errstr = "cannot pass map_type 24 into func bpf_map_lookup_elem", 5758c2ecf20Sopenharmony_ci}, 5768c2ecf20Sopenharmony_ci{ 5778c2ecf20Sopenharmony_ci "bpf_map_lookup_elem(xskmap, &key); xs->queue_id", 5788c2ecf20Sopenharmony_ci .insns = { 5798c2ecf20Sopenharmony_ci BPF_ST_MEM(BPF_W, BPF_REG_10, -8, 0), 5808c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 5818c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 5828c2ecf20Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_1, 0), 5838c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 5848c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 5858c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 5868c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_xdp_sock, queue_id)), 5878c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 5888c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 5898c2ecf20Sopenharmony_ci }, 5908c2ecf20Sopenharmony_ci .fixup_map_xskmap = { 3 }, 5918c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_XDP, 5928c2ecf20Sopenharmony_ci .result = ACCEPT, 5938c2ecf20Sopenharmony_ci}, 5948c2ecf20Sopenharmony_ci{ 5958c2ecf20Sopenharmony_ci "bpf_map_lookup_elem(sockmap, &key)", 5968c2ecf20Sopenharmony_ci .insns = { 5978c2ecf20Sopenharmony_ci BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0), 5988c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 5998c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4), 6008c2ecf20Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_1, 0), 6018c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 6028c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 6038c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 6048c2ecf20Sopenharmony_ci }, 6058c2ecf20Sopenharmony_ci .fixup_map_sockmap = { 3 }, 6068c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 6078c2ecf20Sopenharmony_ci .result = REJECT, 6088c2ecf20Sopenharmony_ci .errstr = "Unreleased reference id=2 alloc_insn=5", 6098c2ecf20Sopenharmony_ci}, 6108c2ecf20Sopenharmony_ci{ 6118c2ecf20Sopenharmony_ci "bpf_map_lookup_elem(sockhash, &key)", 6128c2ecf20Sopenharmony_ci .insns = { 6138c2ecf20Sopenharmony_ci BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0), 6148c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 6158c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4), 6168c2ecf20Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_1, 0), 6178c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 6188c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 6198c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 6208c2ecf20Sopenharmony_ci }, 6218c2ecf20Sopenharmony_ci .fixup_map_sockhash = { 3 }, 6228c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 6238c2ecf20Sopenharmony_ci .result = REJECT, 6248c2ecf20Sopenharmony_ci .errstr = "Unreleased reference id=2 alloc_insn=5", 6258c2ecf20Sopenharmony_ci}, 6268c2ecf20Sopenharmony_ci{ 6278c2ecf20Sopenharmony_ci "bpf_map_lookup_elem(sockmap, &key); sk->type [fullsock field]; bpf_sk_release(sk)", 6288c2ecf20Sopenharmony_ci .insns = { 6298c2ecf20Sopenharmony_ci BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0), 6308c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 6318c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4), 6328c2ecf20Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_1, 0), 6338c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 6348c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 6358c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 6368c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), 6378c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, type)), 6388c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_release), 6398c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 6408c2ecf20Sopenharmony_ci }, 6418c2ecf20Sopenharmony_ci .fixup_map_sockmap = { 3 }, 6428c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 6438c2ecf20Sopenharmony_ci .result = ACCEPT, 6448c2ecf20Sopenharmony_ci}, 6458c2ecf20Sopenharmony_ci{ 6468c2ecf20Sopenharmony_ci "bpf_map_lookup_elem(sockhash, &key); sk->type [fullsock field]; bpf_sk_release(sk)", 6478c2ecf20Sopenharmony_ci .insns = { 6488c2ecf20Sopenharmony_ci BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0), 6498c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 6508c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4), 6518c2ecf20Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_1, 0), 6528c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 6538c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 6548c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 6558c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), 6568c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, type)), 6578c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_release), 6588c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 6598c2ecf20Sopenharmony_ci }, 6608c2ecf20Sopenharmony_ci .fixup_map_sockhash = { 3 }, 6618c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 6628c2ecf20Sopenharmony_ci .result = ACCEPT, 6638c2ecf20Sopenharmony_ci}, 6648c2ecf20Sopenharmony_ci{ 6658c2ecf20Sopenharmony_ci "bpf_sk_select_reuseport(ctx, reuseport_array, &key, flags)", 6668c2ecf20Sopenharmony_ci .insns = { 6678c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_4, 0), 6688c2ecf20Sopenharmony_ci BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0), 6698c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_3, BPF_REG_10), 6708c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_3, -4), 6718c2ecf20Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_2, 0), 6728c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_select_reuseport), 6738c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 6748c2ecf20Sopenharmony_ci }, 6758c2ecf20Sopenharmony_ci .fixup_map_reuseport_array = { 4 }, 6768c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_REUSEPORT, 6778c2ecf20Sopenharmony_ci .result = ACCEPT, 6788c2ecf20Sopenharmony_ci}, 6798c2ecf20Sopenharmony_ci{ 6808c2ecf20Sopenharmony_ci "bpf_sk_select_reuseport(ctx, sockmap, &key, flags)", 6818c2ecf20Sopenharmony_ci .insns = { 6828c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_4, 0), 6838c2ecf20Sopenharmony_ci BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0), 6848c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_3, BPF_REG_10), 6858c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_3, -4), 6868c2ecf20Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_2, 0), 6878c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_select_reuseport), 6888c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 6898c2ecf20Sopenharmony_ci }, 6908c2ecf20Sopenharmony_ci .fixup_map_sockmap = { 4 }, 6918c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_REUSEPORT, 6928c2ecf20Sopenharmony_ci .result = ACCEPT, 6938c2ecf20Sopenharmony_ci}, 6948c2ecf20Sopenharmony_ci{ 6958c2ecf20Sopenharmony_ci "bpf_sk_select_reuseport(ctx, sockhash, &key, flags)", 6968c2ecf20Sopenharmony_ci .insns = { 6978c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_4, 0), 6988c2ecf20Sopenharmony_ci BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0), 6998c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_3, BPF_REG_10), 7008c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_3, -4), 7018c2ecf20Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_2, 0), 7028c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_sk_select_reuseport), 7038c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 7048c2ecf20Sopenharmony_ci }, 7058c2ecf20Sopenharmony_ci .fixup_map_sockmap = { 4 }, 7068c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_REUSEPORT, 7078c2ecf20Sopenharmony_ci .result = ACCEPT, 7088c2ecf20Sopenharmony_ci}, 7098c2ecf20Sopenharmony_ci{ 7108c2ecf20Sopenharmony_ci "mark null check on return value of bpf_skc_to helpers", 7118c2ecf20Sopenharmony_ci .insns = { 7128c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), 7138c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), 7148c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 7158c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 7168c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_6, BPF_REG_1), 7178c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_skc_to_tcp_sock), 7188c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_7, BPF_REG_0), 7198c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), 7208c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_skc_to_tcp_request_sock), 7218c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_8, BPF_REG_0), 7228c2ecf20Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_8, 0, 2), 7238c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 7248c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 7258c2ecf20Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_7, 0), 7268c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 7278c2ecf20Sopenharmony_ci }, 7288c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 7298c2ecf20Sopenharmony_ci .result = REJECT, 7308c2ecf20Sopenharmony_ci .errstr = "invalid mem access", 7318c2ecf20Sopenharmony_ci .result_unpriv = REJECT, 7328c2ecf20Sopenharmony_ci .errstr_unpriv = "unknown func", 7338c2ecf20Sopenharmony_ci}, 734