162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0 262306a36Sopenharmony_ci/* Converted from tools/testing/selftests/bpf/verifier/ctx.c */ 362306a36Sopenharmony_ci 462306a36Sopenharmony_ci#include <linux/bpf.h> 562306a36Sopenharmony_ci#include <bpf/bpf_helpers.h> 662306a36Sopenharmony_ci#include "bpf_misc.h" 762306a36Sopenharmony_ci 862306a36Sopenharmony_ciSEC("tc") 962306a36Sopenharmony_ci__description("context stores via BPF_ATOMIC") 1062306a36Sopenharmony_ci__failure __msg("BPF_ATOMIC stores into R1 ctx is not allowed") 1162306a36Sopenharmony_ci__naked void context_stores_via_bpf_atomic(void) 1262306a36Sopenharmony_ci{ 1362306a36Sopenharmony_ci asm volatile (" \ 1462306a36Sopenharmony_ci r0 = 0; \ 1562306a36Sopenharmony_ci lock *(u32 *)(r1 + %[__sk_buff_mark]) += w0; \ 1662306a36Sopenharmony_ci exit; \ 1762306a36Sopenharmony_ci" : 1862306a36Sopenharmony_ci : __imm_const(__sk_buff_mark, offsetof(struct __sk_buff, mark)) 1962306a36Sopenharmony_ci : __clobber_all); 2062306a36Sopenharmony_ci} 2162306a36Sopenharmony_ci 2262306a36Sopenharmony_ciSEC("tc") 2362306a36Sopenharmony_ci__description("arithmetic ops make PTR_TO_CTX unusable") 2462306a36Sopenharmony_ci__failure __msg("dereference of modified ctx ptr") 2562306a36Sopenharmony_ci__naked void make_ptr_to_ctx_unusable(void) 2662306a36Sopenharmony_ci{ 2762306a36Sopenharmony_ci asm volatile (" \ 2862306a36Sopenharmony_ci r1 += %[__imm_0]; \ 2962306a36Sopenharmony_ci r0 = *(u32*)(r1 + %[__sk_buff_mark]); \ 3062306a36Sopenharmony_ci exit; \ 3162306a36Sopenharmony_ci" : 3262306a36Sopenharmony_ci : __imm_const(__imm_0, 3362306a36Sopenharmony_ci offsetof(struct __sk_buff, data) - offsetof(struct __sk_buff, mark)), 3462306a36Sopenharmony_ci __imm_const(__sk_buff_mark, offsetof(struct __sk_buff, mark)) 3562306a36Sopenharmony_ci : __clobber_all); 3662306a36Sopenharmony_ci} 3762306a36Sopenharmony_ci 3862306a36Sopenharmony_ciSEC("tc") 3962306a36Sopenharmony_ci__description("pass unmodified ctx pointer to helper") 4062306a36Sopenharmony_ci__success __retval(0) 4162306a36Sopenharmony_ci__naked void unmodified_ctx_pointer_to_helper(void) 4262306a36Sopenharmony_ci{ 4362306a36Sopenharmony_ci asm volatile (" \ 4462306a36Sopenharmony_ci r2 = 0; \ 4562306a36Sopenharmony_ci call %[bpf_csum_update]; \ 4662306a36Sopenharmony_ci r0 = 0; \ 4762306a36Sopenharmony_ci exit; \ 4862306a36Sopenharmony_ci" : 4962306a36Sopenharmony_ci : __imm(bpf_csum_update) 5062306a36Sopenharmony_ci : __clobber_all); 5162306a36Sopenharmony_ci} 5262306a36Sopenharmony_ci 5362306a36Sopenharmony_ciSEC("tc") 5462306a36Sopenharmony_ci__description("pass modified ctx pointer to helper, 1") 5562306a36Sopenharmony_ci__failure __msg("negative offset ctx ptr R1 off=-612 disallowed") 5662306a36Sopenharmony_ci__naked void ctx_pointer_to_helper_1(void) 5762306a36Sopenharmony_ci{ 5862306a36Sopenharmony_ci asm volatile (" \ 5962306a36Sopenharmony_ci r1 += -612; \ 6062306a36Sopenharmony_ci r2 = 0; \ 6162306a36Sopenharmony_ci call %[bpf_csum_update]; \ 6262306a36Sopenharmony_ci r0 = 0; \ 6362306a36Sopenharmony_ci exit; \ 6462306a36Sopenharmony_ci" : 6562306a36Sopenharmony_ci : __imm(bpf_csum_update) 6662306a36Sopenharmony_ci : __clobber_all); 6762306a36Sopenharmony_ci} 6862306a36Sopenharmony_ci 6962306a36Sopenharmony_ciSEC("socket") 7062306a36Sopenharmony_ci__description("pass modified ctx pointer to helper, 2") 7162306a36Sopenharmony_ci__failure __msg("negative offset ctx ptr R1 off=-612 disallowed") 7262306a36Sopenharmony_ci__failure_unpriv __msg_unpriv("negative offset ctx ptr R1 off=-612 disallowed") 7362306a36Sopenharmony_ci__naked void ctx_pointer_to_helper_2(void) 7462306a36Sopenharmony_ci{ 7562306a36Sopenharmony_ci asm volatile (" \ 7662306a36Sopenharmony_ci r1 += -612; \ 7762306a36Sopenharmony_ci call %[bpf_get_socket_cookie]; \ 7862306a36Sopenharmony_ci r0 = 0; \ 7962306a36Sopenharmony_ci exit; \ 8062306a36Sopenharmony_ci" : 8162306a36Sopenharmony_ci : __imm(bpf_get_socket_cookie) 8262306a36Sopenharmony_ci : __clobber_all); 8362306a36Sopenharmony_ci} 8462306a36Sopenharmony_ci 8562306a36Sopenharmony_ciSEC("tc") 8662306a36Sopenharmony_ci__description("pass modified ctx pointer to helper, 3") 8762306a36Sopenharmony_ci__failure __msg("variable ctx access var_off=(0x0; 0x4)") 8862306a36Sopenharmony_ci__naked void ctx_pointer_to_helper_3(void) 8962306a36Sopenharmony_ci{ 9062306a36Sopenharmony_ci asm volatile (" \ 9162306a36Sopenharmony_ci r3 = *(u32*)(r1 + 0); \ 9262306a36Sopenharmony_ci r3 &= 4; \ 9362306a36Sopenharmony_ci r1 += r3; \ 9462306a36Sopenharmony_ci r2 = 0; \ 9562306a36Sopenharmony_ci call %[bpf_csum_update]; \ 9662306a36Sopenharmony_ci r0 = 0; \ 9762306a36Sopenharmony_ci exit; \ 9862306a36Sopenharmony_ci" : 9962306a36Sopenharmony_ci : __imm(bpf_csum_update) 10062306a36Sopenharmony_ci : __clobber_all); 10162306a36Sopenharmony_ci} 10262306a36Sopenharmony_ci 10362306a36Sopenharmony_ciSEC("cgroup/sendmsg6") 10462306a36Sopenharmony_ci__description("pass ctx or null check, 1: ctx") 10562306a36Sopenharmony_ci__success 10662306a36Sopenharmony_ci__naked void or_null_check_1_ctx(void) 10762306a36Sopenharmony_ci{ 10862306a36Sopenharmony_ci asm volatile (" \ 10962306a36Sopenharmony_ci call %[bpf_get_netns_cookie]; \ 11062306a36Sopenharmony_ci r0 = 0; \ 11162306a36Sopenharmony_ci exit; \ 11262306a36Sopenharmony_ci" : 11362306a36Sopenharmony_ci : __imm(bpf_get_netns_cookie) 11462306a36Sopenharmony_ci : __clobber_all); 11562306a36Sopenharmony_ci} 11662306a36Sopenharmony_ci 11762306a36Sopenharmony_ciSEC("cgroup/sendmsg6") 11862306a36Sopenharmony_ci__description("pass ctx or null check, 2: null") 11962306a36Sopenharmony_ci__success 12062306a36Sopenharmony_ci__naked void or_null_check_2_null(void) 12162306a36Sopenharmony_ci{ 12262306a36Sopenharmony_ci asm volatile (" \ 12362306a36Sopenharmony_ci r1 = 0; \ 12462306a36Sopenharmony_ci call %[bpf_get_netns_cookie]; \ 12562306a36Sopenharmony_ci r0 = 0; \ 12662306a36Sopenharmony_ci exit; \ 12762306a36Sopenharmony_ci" : 12862306a36Sopenharmony_ci : __imm(bpf_get_netns_cookie) 12962306a36Sopenharmony_ci : __clobber_all); 13062306a36Sopenharmony_ci} 13162306a36Sopenharmony_ci 13262306a36Sopenharmony_ciSEC("cgroup/sendmsg6") 13362306a36Sopenharmony_ci__description("pass ctx or null check, 3: 1") 13462306a36Sopenharmony_ci__failure __msg("R1 type=scalar expected=ctx") 13562306a36Sopenharmony_ci__naked void or_null_check_3_1(void) 13662306a36Sopenharmony_ci{ 13762306a36Sopenharmony_ci asm volatile (" \ 13862306a36Sopenharmony_ci r1 = 1; \ 13962306a36Sopenharmony_ci call %[bpf_get_netns_cookie]; \ 14062306a36Sopenharmony_ci r0 = 0; \ 14162306a36Sopenharmony_ci exit; \ 14262306a36Sopenharmony_ci" : 14362306a36Sopenharmony_ci : __imm(bpf_get_netns_cookie) 14462306a36Sopenharmony_ci : __clobber_all); 14562306a36Sopenharmony_ci} 14662306a36Sopenharmony_ci 14762306a36Sopenharmony_ciSEC("cgroup/sendmsg6") 14862306a36Sopenharmony_ci__description("pass ctx or null check, 4: ctx - const") 14962306a36Sopenharmony_ci__failure __msg("negative offset ctx ptr R1 off=-612 disallowed") 15062306a36Sopenharmony_ci__naked void null_check_4_ctx_const(void) 15162306a36Sopenharmony_ci{ 15262306a36Sopenharmony_ci asm volatile (" \ 15362306a36Sopenharmony_ci r1 += -612; \ 15462306a36Sopenharmony_ci call %[bpf_get_netns_cookie]; \ 15562306a36Sopenharmony_ci r0 = 0; \ 15662306a36Sopenharmony_ci exit; \ 15762306a36Sopenharmony_ci" : 15862306a36Sopenharmony_ci : __imm(bpf_get_netns_cookie) 15962306a36Sopenharmony_ci : __clobber_all); 16062306a36Sopenharmony_ci} 16162306a36Sopenharmony_ci 16262306a36Sopenharmony_ciSEC("cgroup/connect4") 16362306a36Sopenharmony_ci__description("pass ctx or null check, 5: null (connect)") 16462306a36Sopenharmony_ci__success 16562306a36Sopenharmony_ci__naked void null_check_5_null_connect(void) 16662306a36Sopenharmony_ci{ 16762306a36Sopenharmony_ci asm volatile (" \ 16862306a36Sopenharmony_ci r1 = 0; \ 16962306a36Sopenharmony_ci call %[bpf_get_netns_cookie]; \ 17062306a36Sopenharmony_ci r0 = 0; \ 17162306a36Sopenharmony_ci exit; \ 17262306a36Sopenharmony_ci" : 17362306a36Sopenharmony_ci : __imm(bpf_get_netns_cookie) 17462306a36Sopenharmony_ci : __clobber_all); 17562306a36Sopenharmony_ci} 17662306a36Sopenharmony_ci 17762306a36Sopenharmony_ciSEC("cgroup/post_bind4") 17862306a36Sopenharmony_ci__description("pass ctx or null check, 6: null (bind)") 17962306a36Sopenharmony_ci__success 18062306a36Sopenharmony_ci__naked void null_check_6_null_bind(void) 18162306a36Sopenharmony_ci{ 18262306a36Sopenharmony_ci asm volatile (" \ 18362306a36Sopenharmony_ci r1 = 0; \ 18462306a36Sopenharmony_ci call %[bpf_get_netns_cookie]; \ 18562306a36Sopenharmony_ci r0 = 0; \ 18662306a36Sopenharmony_ci exit; \ 18762306a36Sopenharmony_ci" : 18862306a36Sopenharmony_ci : __imm(bpf_get_netns_cookie) 18962306a36Sopenharmony_ci : __clobber_all); 19062306a36Sopenharmony_ci} 19162306a36Sopenharmony_ci 19262306a36Sopenharmony_ciSEC("cgroup/post_bind4") 19362306a36Sopenharmony_ci__description("pass ctx or null check, 7: ctx (bind)") 19462306a36Sopenharmony_ci__success 19562306a36Sopenharmony_ci__naked void null_check_7_ctx_bind(void) 19662306a36Sopenharmony_ci{ 19762306a36Sopenharmony_ci asm volatile (" \ 19862306a36Sopenharmony_ci call %[bpf_get_socket_cookie]; \ 19962306a36Sopenharmony_ci r0 = 0; \ 20062306a36Sopenharmony_ci exit; \ 20162306a36Sopenharmony_ci" : 20262306a36Sopenharmony_ci : __imm(bpf_get_socket_cookie) 20362306a36Sopenharmony_ci : __clobber_all); 20462306a36Sopenharmony_ci} 20562306a36Sopenharmony_ci 20662306a36Sopenharmony_ciSEC("cgroup/post_bind4") 20762306a36Sopenharmony_ci__description("pass ctx or null check, 8: null (bind)") 20862306a36Sopenharmony_ci__failure __msg("R1 type=scalar expected=ctx") 20962306a36Sopenharmony_ci__naked void null_check_8_null_bind(void) 21062306a36Sopenharmony_ci{ 21162306a36Sopenharmony_ci asm volatile (" \ 21262306a36Sopenharmony_ci r1 = 0; \ 21362306a36Sopenharmony_ci call %[bpf_get_socket_cookie]; \ 21462306a36Sopenharmony_ci r0 = 0; \ 21562306a36Sopenharmony_ci exit; \ 21662306a36Sopenharmony_ci" : 21762306a36Sopenharmony_ci : __imm(bpf_get_socket_cookie) 21862306a36Sopenharmony_ci : __clobber_all); 21962306a36Sopenharmony_ci} 22062306a36Sopenharmony_ci 22162306a36Sopenharmony_cichar _license[] SEC("license") = "GPL"; 222