162306a36Sopenharmony_ci{ 262306a36Sopenharmony_ci "access skb fields ok", 362306a36Sopenharmony_ci .insns = { 462306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 562306a36Sopenharmony_ci offsetof(struct __sk_buff, len)), 662306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 1), 762306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 862306a36Sopenharmony_ci offsetof(struct __sk_buff, mark)), 962306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 1), 1062306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 1162306a36Sopenharmony_ci offsetof(struct __sk_buff, pkt_type)), 1262306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 1), 1362306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 1462306a36Sopenharmony_ci offsetof(struct __sk_buff, queue_mapping)), 1562306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 0), 1662306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 1762306a36Sopenharmony_ci offsetof(struct __sk_buff, protocol)), 1862306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 0), 1962306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 2062306a36Sopenharmony_ci offsetof(struct __sk_buff, vlan_present)), 2162306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 0), 2262306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 2362306a36Sopenharmony_ci offsetof(struct __sk_buff, vlan_tci)), 2462306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 0), 2562306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 2662306a36Sopenharmony_ci offsetof(struct __sk_buff, napi_id)), 2762306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 0), 2862306a36Sopenharmony_ci BPF_EXIT_INSN(), 2962306a36Sopenharmony_ci }, 3062306a36Sopenharmony_ci .result = ACCEPT, 3162306a36Sopenharmony_ci}, 3262306a36Sopenharmony_ci{ 3362306a36Sopenharmony_ci "access skb fields bad1", 3462306a36Sopenharmony_ci .insns = { 3562306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, -4), 3662306a36Sopenharmony_ci BPF_EXIT_INSN(), 3762306a36Sopenharmony_ci }, 3862306a36Sopenharmony_ci .errstr = "invalid bpf_context access", 3962306a36Sopenharmony_ci .result = REJECT, 4062306a36Sopenharmony_ci}, 4162306a36Sopenharmony_ci{ 4262306a36Sopenharmony_ci "access skb fields bad2", 4362306a36Sopenharmony_ci .insns = { 4462306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JGE, BPF_REG_1, 0, 9), 4562306a36Sopenharmony_ci BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), 4662306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 4762306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 4862306a36Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_1, 0), 4962306a36Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 5062306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 5162306a36Sopenharmony_ci BPF_EXIT_INSN(), 5262306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), 5362306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 5462306a36Sopenharmony_ci offsetof(struct __sk_buff, pkt_type)), 5562306a36Sopenharmony_ci BPF_EXIT_INSN(), 5662306a36Sopenharmony_ci }, 5762306a36Sopenharmony_ci .fixup_map_hash_8b = { 4 }, 5862306a36Sopenharmony_ci .errstr = "different pointers", 5962306a36Sopenharmony_ci .errstr_unpriv = "R1 pointer comparison", 6062306a36Sopenharmony_ci .result = REJECT, 6162306a36Sopenharmony_ci}, 6262306a36Sopenharmony_ci{ 6362306a36Sopenharmony_ci "access skb fields bad3", 6462306a36Sopenharmony_ci .insns = { 6562306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JGE, BPF_REG_1, 0, 2), 6662306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 6762306a36Sopenharmony_ci offsetof(struct __sk_buff, pkt_type)), 6862306a36Sopenharmony_ci BPF_EXIT_INSN(), 6962306a36Sopenharmony_ci BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), 7062306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 7162306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 7262306a36Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_1, 0), 7362306a36Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 7462306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 7562306a36Sopenharmony_ci BPF_EXIT_INSN(), 7662306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), 7762306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JA, 0, 0, -12), 7862306a36Sopenharmony_ci }, 7962306a36Sopenharmony_ci .fixup_map_hash_8b = { 6 }, 8062306a36Sopenharmony_ci .errstr = "different pointers", 8162306a36Sopenharmony_ci .errstr_unpriv = "R1 pointer comparison", 8262306a36Sopenharmony_ci .result = REJECT, 8362306a36Sopenharmony_ci}, 8462306a36Sopenharmony_ci{ 8562306a36Sopenharmony_ci "access skb fields bad4", 8662306a36Sopenharmony_ci .insns = { 8762306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JGE, BPF_REG_1, 0, 3), 8862306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 8962306a36Sopenharmony_ci offsetof(struct __sk_buff, len)), 9062306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 9162306a36Sopenharmony_ci BPF_EXIT_INSN(), 9262306a36Sopenharmony_ci BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), 9362306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 9462306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 9562306a36Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_1, 0), 9662306a36Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 9762306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 9862306a36Sopenharmony_ci BPF_EXIT_INSN(), 9962306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), 10062306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JA, 0, 0, -13), 10162306a36Sopenharmony_ci }, 10262306a36Sopenharmony_ci .fixup_map_hash_8b = { 7 }, 10362306a36Sopenharmony_ci .errstr = "different pointers", 10462306a36Sopenharmony_ci .errstr_unpriv = "R1 pointer comparison", 10562306a36Sopenharmony_ci .result = REJECT, 10662306a36Sopenharmony_ci}, 10762306a36Sopenharmony_ci{ 10862306a36Sopenharmony_ci "invalid access __sk_buff family", 10962306a36Sopenharmony_ci .insns = { 11062306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 11162306a36Sopenharmony_ci offsetof(struct __sk_buff, family)), 11262306a36Sopenharmony_ci BPF_EXIT_INSN(), 11362306a36Sopenharmony_ci }, 11462306a36Sopenharmony_ci .errstr = "invalid bpf_context access", 11562306a36Sopenharmony_ci .result = REJECT, 11662306a36Sopenharmony_ci}, 11762306a36Sopenharmony_ci{ 11862306a36Sopenharmony_ci "invalid access __sk_buff remote_ip4", 11962306a36Sopenharmony_ci .insns = { 12062306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 12162306a36Sopenharmony_ci offsetof(struct __sk_buff, remote_ip4)), 12262306a36Sopenharmony_ci BPF_EXIT_INSN(), 12362306a36Sopenharmony_ci }, 12462306a36Sopenharmony_ci .errstr = "invalid bpf_context access", 12562306a36Sopenharmony_ci .result = REJECT, 12662306a36Sopenharmony_ci}, 12762306a36Sopenharmony_ci{ 12862306a36Sopenharmony_ci "invalid access __sk_buff local_ip4", 12962306a36Sopenharmony_ci .insns = { 13062306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 13162306a36Sopenharmony_ci offsetof(struct __sk_buff, local_ip4)), 13262306a36Sopenharmony_ci BPF_EXIT_INSN(), 13362306a36Sopenharmony_ci }, 13462306a36Sopenharmony_ci .errstr = "invalid bpf_context access", 13562306a36Sopenharmony_ci .result = REJECT, 13662306a36Sopenharmony_ci}, 13762306a36Sopenharmony_ci{ 13862306a36Sopenharmony_ci "invalid access __sk_buff remote_ip6", 13962306a36Sopenharmony_ci .insns = { 14062306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 14162306a36Sopenharmony_ci offsetof(struct __sk_buff, remote_ip6)), 14262306a36Sopenharmony_ci BPF_EXIT_INSN(), 14362306a36Sopenharmony_ci }, 14462306a36Sopenharmony_ci .errstr = "invalid bpf_context access", 14562306a36Sopenharmony_ci .result = REJECT, 14662306a36Sopenharmony_ci}, 14762306a36Sopenharmony_ci{ 14862306a36Sopenharmony_ci "invalid access __sk_buff local_ip6", 14962306a36Sopenharmony_ci .insns = { 15062306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 15162306a36Sopenharmony_ci offsetof(struct __sk_buff, local_ip6)), 15262306a36Sopenharmony_ci BPF_EXIT_INSN(), 15362306a36Sopenharmony_ci }, 15462306a36Sopenharmony_ci .errstr = "invalid bpf_context access", 15562306a36Sopenharmony_ci .result = REJECT, 15662306a36Sopenharmony_ci}, 15762306a36Sopenharmony_ci{ 15862306a36Sopenharmony_ci "invalid access __sk_buff remote_port", 15962306a36Sopenharmony_ci .insns = { 16062306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 16162306a36Sopenharmony_ci offsetof(struct __sk_buff, remote_port)), 16262306a36Sopenharmony_ci BPF_EXIT_INSN(), 16362306a36Sopenharmony_ci }, 16462306a36Sopenharmony_ci .errstr = "invalid bpf_context access", 16562306a36Sopenharmony_ci .result = REJECT, 16662306a36Sopenharmony_ci}, 16762306a36Sopenharmony_ci{ 16862306a36Sopenharmony_ci "invalid access __sk_buff remote_port", 16962306a36Sopenharmony_ci .insns = { 17062306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 17162306a36Sopenharmony_ci offsetof(struct __sk_buff, local_port)), 17262306a36Sopenharmony_ci BPF_EXIT_INSN(), 17362306a36Sopenharmony_ci }, 17462306a36Sopenharmony_ci .errstr = "invalid bpf_context access", 17562306a36Sopenharmony_ci .result = REJECT, 17662306a36Sopenharmony_ci}, 17762306a36Sopenharmony_ci{ 17862306a36Sopenharmony_ci "valid access __sk_buff family", 17962306a36Sopenharmony_ci .insns = { 18062306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 18162306a36Sopenharmony_ci offsetof(struct __sk_buff, family)), 18262306a36Sopenharmony_ci BPF_EXIT_INSN(), 18362306a36Sopenharmony_ci }, 18462306a36Sopenharmony_ci .result = ACCEPT, 18562306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 18662306a36Sopenharmony_ci}, 18762306a36Sopenharmony_ci{ 18862306a36Sopenharmony_ci "valid access __sk_buff remote_ip4", 18962306a36Sopenharmony_ci .insns = { 19062306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 19162306a36Sopenharmony_ci offsetof(struct __sk_buff, remote_ip4)), 19262306a36Sopenharmony_ci BPF_EXIT_INSN(), 19362306a36Sopenharmony_ci }, 19462306a36Sopenharmony_ci .result = ACCEPT, 19562306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 19662306a36Sopenharmony_ci}, 19762306a36Sopenharmony_ci{ 19862306a36Sopenharmony_ci "valid access __sk_buff local_ip4", 19962306a36Sopenharmony_ci .insns = { 20062306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 20162306a36Sopenharmony_ci offsetof(struct __sk_buff, local_ip4)), 20262306a36Sopenharmony_ci BPF_EXIT_INSN(), 20362306a36Sopenharmony_ci }, 20462306a36Sopenharmony_ci .result = ACCEPT, 20562306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 20662306a36Sopenharmony_ci}, 20762306a36Sopenharmony_ci{ 20862306a36Sopenharmony_ci "valid access __sk_buff remote_ip6", 20962306a36Sopenharmony_ci .insns = { 21062306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 21162306a36Sopenharmony_ci offsetof(struct __sk_buff, remote_ip6[0])), 21262306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 21362306a36Sopenharmony_ci offsetof(struct __sk_buff, remote_ip6[1])), 21462306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 21562306a36Sopenharmony_ci offsetof(struct __sk_buff, remote_ip6[2])), 21662306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 21762306a36Sopenharmony_ci offsetof(struct __sk_buff, remote_ip6[3])), 21862306a36Sopenharmony_ci BPF_EXIT_INSN(), 21962306a36Sopenharmony_ci }, 22062306a36Sopenharmony_ci .result = ACCEPT, 22162306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 22262306a36Sopenharmony_ci}, 22362306a36Sopenharmony_ci{ 22462306a36Sopenharmony_ci "valid access __sk_buff local_ip6", 22562306a36Sopenharmony_ci .insns = { 22662306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 22762306a36Sopenharmony_ci offsetof(struct __sk_buff, local_ip6[0])), 22862306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 22962306a36Sopenharmony_ci offsetof(struct __sk_buff, local_ip6[1])), 23062306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 23162306a36Sopenharmony_ci offsetof(struct __sk_buff, local_ip6[2])), 23262306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 23362306a36Sopenharmony_ci offsetof(struct __sk_buff, local_ip6[3])), 23462306a36Sopenharmony_ci BPF_EXIT_INSN(), 23562306a36Sopenharmony_ci }, 23662306a36Sopenharmony_ci .result = ACCEPT, 23762306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 23862306a36Sopenharmony_ci}, 23962306a36Sopenharmony_ci{ 24062306a36Sopenharmony_ci "valid access __sk_buff remote_port", 24162306a36Sopenharmony_ci .insns = { 24262306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 24362306a36Sopenharmony_ci offsetof(struct __sk_buff, remote_port)), 24462306a36Sopenharmony_ci BPF_EXIT_INSN(), 24562306a36Sopenharmony_ci }, 24662306a36Sopenharmony_ci .result = ACCEPT, 24762306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 24862306a36Sopenharmony_ci}, 24962306a36Sopenharmony_ci{ 25062306a36Sopenharmony_ci "valid access __sk_buff remote_port", 25162306a36Sopenharmony_ci .insns = { 25262306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 25362306a36Sopenharmony_ci offsetof(struct __sk_buff, local_port)), 25462306a36Sopenharmony_ci BPF_EXIT_INSN(), 25562306a36Sopenharmony_ci }, 25662306a36Sopenharmony_ci .result = ACCEPT, 25762306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 25862306a36Sopenharmony_ci}, 25962306a36Sopenharmony_ci{ 26062306a36Sopenharmony_ci "invalid access of tc_classid for SK_SKB", 26162306a36Sopenharmony_ci .insns = { 26262306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 26362306a36Sopenharmony_ci offsetof(struct __sk_buff, tc_classid)), 26462306a36Sopenharmony_ci BPF_EXIT_INSN(), 26562306a36Sopenharmony_ci }, 26662306a36Sopenharmony_ci .result = REJECT, 26762306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 26862306a36Sopenharmony_ci .errstr = "invalid bpf_context access", 26962306a36Sopenharmony_ci}, 27062306a36Sopenharmony_ci{ 27162306a36Sopenharmony_ci "invalid access of skb->mark for SK_SKB", 27262306a36Sopenharmony_ci .insns = { 27362306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 27462306a36Sopenharmony_ci offsetof(struct __sk_buff, mark)), 27562306a36Sopenharmony_ci BPF_EXIT_INSN(), 27662306a36Sopenharmony_ci }, 27762306a36Sopenharmony_ci .result = REJECT, 27862306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 27962306a36Sopenharmony_ci .errstr = "invalid bpf_context access", 28062306a36Sopenharmony_ci}, 28162306a36Sopenharmony_ci{ 28262306a36Sopenharmony_ci "check skb->mark is not writeable by SK_SKB", 28362306a36Sopenharmony_ci .insns = { 28462306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 28562306a36Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 28662306a36Sopenharmony_ci offsetof(struct __sk_buff, mark)), 28762306a36Sopenharmony_ci BPF_EXIT_INSN(), 28862306a36Sopenharmony_ci }, 28962306a36Sopenharmony_ci .result = REJECT, 29062306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 29162306a36Sopenharmony_ci .errstr = "invalid bpf_context access", 29262306a36Sopenharmony_ci}, 29362306a36Sopenharmony_ci{ 29462306a36Sopenharmony_ci "check skb->tc_index is writeable by SK_SKB", 29562306a36Sopenharmony_ci .insns = { 29662306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 29762306a36Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 29862306a36Sopenharmony_ci offsetof(struct __sk_buff, tc_index)), 29962306a36Sopenharmony_ci BPF_EXIT_INSN(), 30062306a36Sopenharmony_ci }, 30162306a36Sopenharmony_ci .result = ACCEPT, 30262306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 30362306a36Sopenharmony_ci}, 30462306a36Sopenharmony_ci{ 30562306a36Sopenharmony_ci "check skb->priority is writeable by SK_SKB", 30662306a36Sopenharmony_ci .insns = { 30762306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 30862306a36Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 30962306a36Sopenharmony_ci offsetof(struct __sk_buff, priority)), 31062306a36Sopenharmony_ci BPF_EXIT_INSN(), 31162306a36Sopenharmony_ci }, 31262306a36Sopenharmony_ci .result = ACCEPT, 31362306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 31462306a36Sopenharmony_ci}, 31562306a36Sopenharmony_ci{ 31662306a36Sopenharmony_ci "direct packet read for SK_SKB", 31762306a36Sopenharmony_ci .insns = { 31862306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 31962306a36Sopenharmony_ci offsetof(struct __sk_buff, data)), 32062306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 32162306a36Sopenharmony_ci offsetof(struct __sk_buff, data_end)), 32262306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 32362306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 32462306a36Sopenharmony_ci BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1), 32562306a36Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0), 32662306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 32762306a36Sopenharmony_ci BPF_EXIT_INSN(), 32862306a36Sopenharmony_ci }, 32962306a36Sopenharmony_ci .result = ACCEPT, 33062306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 33162306a36Sopenharmony_ci}, 33262306a36Sopenharmony_ci{ 33362306a36Sopenharmony_ci "direct packet write for SK_SKB", 33462306a36Sopenharmony_ci .insns = { 33562306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 33662306a36Sopenharmony_ci offsetof(struct __sk_buff, data)), 33762306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 33862306a36Sopenharmony_ci offsetof(struct __sk_buff, data_end)), 33962306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 34062306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 34162306a36Sopenharmony_ci BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1), 34262306a36Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_2, BPF_REG_2, 0), 34362306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 34462306a36Sopenharmony_ci BPF_EXIT_INSN(), 34562306a36Sopenharmony_ci }, 34662306a36Sopenharmony_ci .result = ACCEPT, 34762306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 34862306a36Sopenharmony_ci}, 34962306a36Sopenharmony_ci{ 35062306a36Sopenharmony_ci "overlapping checks for direct packet access SK_SKB", 35162306a36Sopenharmony_ci .insns = { 35262306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 35362306a36Sopenharmony_ci offsetof(struct __sk_buff, data)), 35462306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 35562306a36Sopenharmony_ci offsetof(struct __sk_buff, data_end)), 35662306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 35762306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 35862306a36Sopenharmony_ci BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 4), 35962306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_2), 36062306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 6), 36162306a36Sopenharmony_ci BPF_JMP_REG(BPF_JGT, BPF_REG_1, BPF_REG_3, 1), 36262306a36Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_2, 6), 36362306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 36462306a36Sopenharmony_ci BPF_EXIT_INSN(), 36562306a36Sopenharmony_ci }, 36662306a36Sopenharmony_ci .result = ACCEPT, 36762306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 36862306a36Sopenharmony_ci}, 36962306a36Sopenharmony_ci{ 37062306a36Sopenharmony_ci "check skb->mark is not writeable by sockets", 37162306a36Sopenharmony_ci .insns = { 37262306a36Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 37362306a36Sopenharmony_ci offsetof(struct __sk_buff, mark)), 37462306a36Sopenharmony_ci BPF_EXIT_INSN(), 37562306a36Sopenharmony_ci }, 37662306a36Sopenharmony_ci .errstr = "invalid bpf_context access", 37762306a36Sopenharmony_ci .errstr_unpriv = "R1 leaks addr", 37862306a36Sopenharmony_ci .result = REJECT, 37962306a36Sopenharmony_ci}, 38062306a36Sopenharmony_ci{ 38162306a36Sopenharmony_ci "check skb->tc_index is not writeable by sockets", 38262306a36Sopenharmony_ci .insns = { 38362306a36Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 38462306a36Sopenharmony_ci offsetof(struct __sk_buff, tc_index)), 38562306a36Sopenharmony_ci BPF_EXIT_INSN(), 38662306a36Sopenharmony_ci }, 38762306a36Sopenharmony_ci .errstr = "invalid bpf_context access", 38862306a36Sopenharmony_ci .errstr_unpriv = "R1 leaks addr", 38962306a36Sopenharmony_ci .result = REJECT, 39062306a36Sopenharmony_ci}, 39162306a36Sopenharmony_ci{ 39262306a36Sopenharmony_ci "check cb access: byte", 39362306a36Sopenharmony_ci .insns = { 39462306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 39562306a36Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 39662306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[0])), 39762306a36Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 39862306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[0]) + 1), 39962306a36Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 40062306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[0]) + 2), 40162306a36Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 40262306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[0]) + 3), 40362306a36Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 40462306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[1])), 40562306a36Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 40662306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[1]) + 1), 40762306a36Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 40862306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[1]) + 2), 40962306a36Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 41062306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[1]) + 3), 41162306a36Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 41262306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[2])), 41362306a36Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 41462306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[2]) + 1), 41562306a36Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 41662306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[2]) + 2), 41762306a36Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 41862306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[2]) + 3), 41962306a36Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 42062306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[3])), 42162306a36Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 42262306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[3]) + 1), 42362306a36Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 42462306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[3]) + 2), 42562306a36Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 42662306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[3]) + 3), 42762306a36Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 42862306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[4])), 42962306a36Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 43062306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[4]) + 1), 43162306a36Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 43262306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[4]) + 2), 43362306a36Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 43462306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[4]) + 3), 43562306a36Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 43662306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[0])), 43762306a36Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 43862306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[0]) + 1), 43962306a36Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 44062306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[0]) + 2), 44162306a36Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 44262306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[0]) + 3), 44362306a36Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 44462306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[1])), 44562306a36Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 44662306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[1]) + 1), 44762306a36Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 44862306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[1]) + 2), 44962306a36Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 45062306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[1]) + 3), 45162306a36Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 45262306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[2])), 45362306a36Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 45462306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[2]) + 1), 45562306a36Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 45662306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[2]) + 2), 45762306a36Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 45862306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[2]) + 3), 45962306a36Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 46062306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[3])), 46162306a36Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 46262306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[3]) + 1), 46362306a36Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 46462306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[3]) + 2), 46562306a36Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 46662306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[3]) + 3), 46762306a36Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 46862306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[4])), 46962306a36Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 47062306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[4]) + 1), 47162306a36Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 47262306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[4]) + 2), 47362306a36Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 47462306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[4]) + 3), 47562306a36Sopenharmony_ci BPF_EXIT_INSN(), 47662306a36Sopenharmony_ci }, 47762306a36Sopenharmony_ci .result = ACCEPT, 47862306a36Sopenharmony_ci}, 47962306a36Sopenharmony_ci{ 48062306a36Sopenharmony_ci "__sk_buff->hash, offset 0, byte store not permitted", 48162306a36Sopenharmony_ci .insns = { 48262306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 48362306a36Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 48462306a36Sopenharmony_ci offsetof(struct __sk_buff, hash)), 48562306a36Sopenharmony_ci BPF_EXIT_INSN(), 48662306a36Sopenharmony_ci }, 48762306a36Sopenharmony_ci .errstr = "invalid bpf_context access", 48862306a36Sopenharmony_ci .result = REJECT, 48962306a36Sopenharmony_ci}, 49062306a36Sopenharmony_ci{ 49162306a36Sopenharmony_ci "__sk_buff->tc_index, offset 3, byte store not permitted", 49262306a36Sopenharmony_ci .insns = { 49362306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 49462306a36Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 49562306a36Sopenharmony_ci offsetof(struct __sk_buff, tc_index) + 3), 49662306a36Sopenharmony_ci BPF_EXIT_INSN(), 49762306a36Sopenharmony_ci }, 49862306a36Sopenharmony_ci .errstr = "invalid bpf_context access", 49962306a36Sopenharmony_ci .result = REJECT, 50062306a36Sopenharmony_ci}, 50162306a36Sopenharmony_ci{ 50262306a36Sopenharmony_ci "check skb->hash byte load permitted", 50362306a36Sopenharmony_ci .insns = { 50462306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 50562306a36Sopenharmony_ci#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ 50662306a36Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 50762306a36Sopenharmony_ci offsetof(struct __sk_buff, hash)), 50862306a36Sopenharmony_ci#else 50962306a36Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 51062306a36Sopenharmony_ci offsetof(struct __sk_buff, hash) + 3), 51162306a36Sopenharmony_ci#endif 51262306a36Sopenharmony_ci BPF_EXIT_INSN(), 51362306a36Sopenharmony_ci }, 51462306a36Sopenharmony_ci .result = ACCEPT, 51562306a36Sopenharmony_ci}, 51662306a36Sopenharmony_ci{ 51762306a36Sopenharmony_ci "check skb->hash byte load permitted 1", 51862306a36Sopenharmony_ci .insns = { 51962306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 52062306a36Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 52162306a36Sopenharmony_ci offsetof(struct __sk_buff, hash) + 1), 52262306a36Sopenharmony_ci BPF_EXIT_INSN(), 52362306a36Sopenharmony_ci }, 52462306a36Sopenharmony_ci .result = ACCEPT, 52562306a36Sopenharmony_ci}, 52662306a36Sopenharmony_ci{ 52762306a36Sopenharmony_ci "check skb->hash byte load permitted 2", 52862306a36Sopenharmony_ci .insns = { 52962306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 53062306a36Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 53162306a36Sopenharmony_ci offsetof(struct __sk_buff, hash) + 2), 53262306a36Sopenharmony_ci BPF_EXIT_INSN(), 53362306a36Sopenharmony_ci }, 53462306a36Sopenharmony_ci .result = ACCEPT, 53562306a36Sopenharmony_ci}, 53662306a36Sopenharmony_ci{ 53762306a36Sopenharmony_ci "check skb->hash byte load permitted 3", 53862306a36Sopenharmony_ci .insns = { 53962306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 54062306a36Sopenharmony_ci#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ 54162306a36Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 54262306a36Sopenharmony_ci offsetof(struct __sk_buff, hash) + 3), 54362306a36Sopenharmony_ci#else 54462306a36Sopenharmony_ci BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 54562306a36Sopenharmony_ci offsetof(struct __sk_buff, hash)), 54662306a36Sopenharmony_ci#endif 54762306a36Sopenharmony_ci BPF_EXIT_INSN(), 54862306a36Sopenharmony_ci }, 54962306a36Sopenharmony_ci .result = ACCEPT, 55062306a36Sopenharmony_ci}, 55162306a36Sopenharmony_ci{ 55262306a36Sopenharmony_ci "check cb access: byte, wrong type", 55362306a36Sopenharmony_ci .insns = { 55462306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 55562306a36Sopenharmony_ci BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 55662306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[0])), 55762306a36Sopenharmony_ci BPF_EXIT_INSN(), 55862306a36Sopenharmony_ci }, 55962306a36Sopenharmony_ci .errstr = "invalid bpf_context access", 56062306a36Sopenharmony_ci .result = REJECT, 56162306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SOCK, 56262306a36Sopenharmony_ci}, 56362306a36Sopenharmony_ci{ 56462306a36Sopenharmony_ci "check cb access: half", 56562306a36Sopenharmony_ci .insns = { 56662306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 56762306a36Sopenharmony_ci BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 56862306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[0])), 56962306a36Sopenharmony_ci BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 57062306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[0]) + 2), 57162306a36Sopenharmony_ci BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 57262306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[1])), 57362306a36Sopenharmony_ci BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 57462306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[1]) + 2), 57562306a36Sopenharmony_ci BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 57662306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[2])), 57762306a36Sopenharmony_ci BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 57862306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[2]) + 2), 57962306a36Sopenharmony_ci BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 58062306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[3])), 58162306a36Sopenharmony_ci BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 58262306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[3]) + 2), 58362306a36Sopenharmony_ci BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 58462306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[4])), 58562306a36Sopenharmony_ci BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 58662306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[4]) + 2), 58762306a36Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 58862306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[0])), 58962306a36Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 59062306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[0]) + 2), 59162306a36Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 59262306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[1])), 59362306a36Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 59462306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[1]) + 2), 59562306a36Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 59662306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[2])), 59762306a36Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 59862306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[2]) + 2), 59962306a36Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 60062306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[3])), 60162306a36Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 60262306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[3]) + 2), 60362306a36Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 60462306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[4])), 60562306a36Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 60662306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[4]) + 2), 60762306a36Sopenharmony_ci BPF_EXIT_INSN(), 60862306a36Sopenharmony_ci }, 60962306a36Sopenharmony_ci .result = ACCEPT, 61062306a36Sopenharmony_ci}, 61162306a36Sopenharmony_ci{ 61262306a36Sopenharmony_ci "check cb access: half, unaligned", 61362306a36Sopenharmony_ci .insns = { 61462306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 61562306a36Sopenharmony_ci BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 61662306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[0]) + 1), 61762306a36Sopenharmony_ci BPF_EXIT_INSN(), 61862306a36Sopenharmony_ci }, 61962306a36Sopenharmony_ci .errstr = "misaligned context access", 62062306a36Sopenharmony_ci .result = REJECT, 62162306a36Sopenharmony_ci .flags = F_LOAD_WITH_STRICT_ALIGNMENT, 62262306a36Sopenharmony_ci}, 62362306a36Sopenharmony_ci{ 62462306a36Sopenharmony_ci "check __sk_buff->hash, offset 0, half store not permitted", 62562306a36Sopenharmony_ci .insns = { 62662306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 62762306a36Sopenharmony_ci BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 62862306a36Sopenharmony_ci offsetof(struct __sk_buff, hash)), 62962306a36Sopenharmony_ci BPF_EXIT_INSN(), 63062306a36Sopenharmony_ci }, 63162306a36Sopenharmony_ci .errstr = "invalid bpf_context access", 63262306a36Sopenharmony_ci .result = REJECT, 63362306a36Sopenharmony_ci}, 63462306a36Sopenharmony_ci{ 63562306a36Sopenharmony_ci "check __sk_buff->tc_index, offset 2, half store not permitted", 63662306a36Sopenharmony_ci .insns = { 63762306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 63862306a36Sopenharmony_ci BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 63962306a36Sopenharmony_ci offsetof(struct __sk_buff, tc_index) + 2), 64062306a36Sopenharmony_ci BPF_EXIT_INSN(), 64162306a36Sopenharmony_ci }, 64262306a36Sopenharmony_ci .errstr = "invalid bpf_context access", 64362306a36Sopenharmony_ci .result = REJECT, 64462306a36Sopenharmony_ci}, 64562306a36Sopenharmony_ci{ 64662306a36Sopenharmony_ci "check skb->hash half load permitted", 64762306a36Sopenharmony_ci .insns = { 64862306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 64962306a36Sopenharmony_ci#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ 65062306a36Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 65162306a36Sopenharmony_ci offsetof(struct __sk_buff, hash)), 65262306a36Sopenharmony_ci#else 65362306a36Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 65462306a36Sopenharmony_ci offsetof(struct __sk_buff, hash) + 2), 65562306a36Sopenharmony_ci#endif 65662306a36Sopenharmony_ci BPF_EXIT_INSN(), 65762306a36Sopenharmony_ci }, 65862306a36Sopenharmony_ci .result = ACCEPT, 65962306a36Sopenharmony_ci}, 66062306a36Sopenharmony_ci{ 66162306a36Sopenharmony_ci "check skb->hash half load permitted 2", 66262306a36Sopenharmony_ci .insns = { 66362306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 66462306a36Sopenharmony_ci#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ 66562306a36Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 66662306a36Sopenharmony_ci offsetof(struct __sk_buff, hash) + 2), 66762306a36Sopenharmony_ci#else 66862306a36Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 66962306a36Sopenharmony_ci offsetof(struct __sk_buff, hash)), 67062306a36Sopenharmony_ci#endif 67162306a36Sopenharmony_ci BPF_EXIT_INSN(), 67262306a36Sopenharmony_ci }, 67362306a36Sopenharmony_ci .result = ACCEPT, 67462306a36Sopenharmony_ci}, 67562306a36Sopenharmony_ci{ 67662306a36Sopenharmony_ci "check skb->hash half load not permitted, unaligned 1", 67762306a36Sopenharmony_ci .insns = { 67862306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 67962306a36Sopenharmony_ci#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ 68062306a36Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 68162306a36Sopenharmony_ci offsetof(struct __sk_buff, hash) + 1), 68262306a36Sopenharmony_ci#else 68362306a36Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 68462306a36Sopenharmony_ci offsetof(struct __sk_buff, hash) + 3), 68562306a36Sopenharmony_ci#endif 68662306a36Sopenharmony_ci BPF_EXIT_INSN(), 68762306a36Sopenharmony_ci }, 68862306a36Sopenharmony_ci .errstr = "invalid bpf_context access", 68962306a36Sopenharmony_ci .result = REJECT, 69062306a36Sopenharmony_ci .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 69162306a36Sopenharmony_ci}, 69262306a36Sopenharmony_ci{ 69362306a36Sopenharmony_ci "check skb->hash half load not permitted, unaligned 3", 69462306a36Sopenharmony_ci .insns = { 69562306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 69662306a36Sopenharmony_ci#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ 69762306a36Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 69862306a36Sopenharmony_ci offsetof(struct __sk_buff, hash) + 3), 69962306a36Sopenharmony_ci#else 70062306a36Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 70162306a36Sopenharmony_ci offsetof(struct __sk_buff, hash) + 1), 70262306a36Sopenharmony_ci#endif 70362306a36Sopenharmony_ci BPF_EXIT_INSN(), 70462306a36Sopenharmony_ci }, 70562306a36Sopenharmony_ci .errstr = "invalid bpf_context access", 70662306a36Sopenharmony_ci .result = REJECT, 70762306a36Sopenharmony_ci .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 70862306a36Sopenharmony_ci}, 70962306a36Sopenharmony_ci{ 71062306a36Sopenharmony_ci "check cb access: half, wrong type", 71162306a36Sopenharmony_ci .insns = { 71262306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 71362306a36Sopenharmony_ci BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 71462306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[0])), 71562306a36Sopenharmony_ci BPF_EXIT_INSN(), 71662306a36Sopenharmony_ci }, 71762306a36Sopenharmony_ci .errstr = "invalid bpf_context access", 71862306a36Sopenharmony_ci .result = REJECT, 71962306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SOCK, 72062306a36Sopenharmony_ci}, 72162306a36Sopenharmony_ci{ 72262306a36Sopenharmony_ci "check cb access: word", 72362306a36Sopenharmony_ci .insns = { 72462306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 72562306a36Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 72662306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[0])), 72762306a36Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 72862306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[1])), 72962306a36Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 73062306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[2])), 73162306a36Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 73262306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[3])), 73362306a36Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 73462306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[4])), 73562306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 73662306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[0])), 73762306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 73862306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[1])), 73962306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 74062306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[2])), 74162306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 74262306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[3])), 74362306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 74462306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[4])), 74562306a36Sopenharmony_ci BPF_EXIT_INSN(), 74662306a36Sopenharmony_ci }, 74762306a36Sopenharmony_ci .result = ACCEPT, 74862306a36Sopenharmony_ci}, 74962306a36Sopenharmony_ci{ 75062306a36Sopenharmony_ci "check cb access: word, unaligned 1", 75162306a36Sopenharmony_ci .insns = { 75262306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 75362306a36Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 75462306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[0]) + 2), 75562306a36Sopenharmony_ci BPF_EXIT_INSN(), 75662306a36Sopenharmony_ci }, 75762306a36Sopenharmony_ci .errstr = "misaligned context access", 75862306a36Sopenharmony_ci .result = REJECT, 75962306a36Sopenharmony_ci .flags = F_LOAD_WITH_STRICT_ALIGNMENT, 76062306a36Sopenharmony_ci}, 76162306a36Sopenharmony_ci{ 76262306a36Sopenharmony_ci "check cb access: word, unaligned 2", 76362306a36Sopenharmony_ci .insns = { 76462306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 76562306a36Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 76662306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[4]) + 1), 76762306a36Sopenharmony_ci BPF_EXIT_INSN(), 76862306a36Sopenharmony_ci }, 76962306a36Sopenharmony_ci .errstr = "misaligned context access", 77062306a36Sopenharmony_ci .result = REJECT, 77162306a36Sopenharmony_ci .flags = F_LOAD_WITH_STRICT_ALIGNMENT, 77262306a36Sopenharmony_ci}, 77362306a36Sopenharmony_ci{ 77462306a36Sopenharmony_ci "check cb access: word, unaligned 3", 77562306a36Sopenharmony_ci .insns = { 77662306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 77762306a36Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 77862306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[4]) + 2), 77962306a36Sopenharmony_ci BPF_EXIT_INSN(), 78062306a36Sopenharmony_ci }, 78162306a36Sopenharmony_ci .errstr = "misaligned context access", 78262306a36Sopenharmony_ci .result = REJECT, 78362306a36Sopenharmony_ci .flags = F_LOAD_WITH_STRICT_ALIGNMENT, 78462306a36Sopenharmony_ci}, 78562306a36Sopenharmony_ci{ 78662306a36Sopenharmony_ci "check cb access: word, unaligned 4", 78762306a36Sopenharmony_ci .insns = { 78862306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 78962306a36Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 79062306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[4]) + 3), 79162306a36Sopenharmony_ci BPF_EXIT_INSN(), 79262306a36Sopenharmony_ci }, 79362306a36Sopenharmony_ci .errstr = "misaligned context access", 79462306a36Sopenharmony_ci .result = REJECT, 79562306a36Sopenharmony_ci .flags = F_LOAD_WITH_STRICT_ALIGNMENT, 79662306a36Sopenharmony_ci}, 79762306a36Sopenharmony_ci{ 79862306a36Sopenharmony_ci "check cb access: double", 79962306a36Sopenharmony_ci .insns = { 80062306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 80162306a36Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 80262306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[0])), 80362306a36Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 80462306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[2])), 80562306a36Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 80662306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[0])), 80762306a36Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 80862306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[2])), 80962306a36Sopenharmony_ci BPF_EXIT_INSN(), 81062306a36Sopenharmony_ci }, 81162306a36Sopenharmony_ci .result = ACCEPT, 81262306a36Sopenharmony_ci}, 81362306a36Sopenharmony_ci{ 81462306a36Sopenharmony_ci "check cb access: double, unaligned 1", 81562306a36Sopenharmony_ci .insns = { 81662306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 81762306a36Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 81862306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[1])), 81962306a36Sopenharmony_ci BPF_EXIT_INSN(), 82062306a36Sopenharmony_ci }, 82162306a36Sopenharmony_ci .errstr = "misaligned context access", 82262306a36Sopenharmony_ci .result = REJECT, 82362306a36Sopenharmony_ci .flags = F_LOAD_WITH_STRICT_ALIGNMENT, 82462306a36Sopenharmony_ci}, 82562306a36Sopenharmony_ci{ 82662306a36Sopenharmony_ci "check cb access: double, unaligned 2", 82762306a36Sopenharmony_ci .insns = { 82862306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 82962306a36Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 83062306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[3])), 83162306a36Sopenharmony_ci BPF_EXIT_INSN(), 83262306a36Sopenharmony_ci }, 83362306a36Sopenharmony_ci .errstr = "misaligned context access", 83462306a36Sopenharmony_ci .result = REJECT, 83562306a36Sopenharmony_ci .flags = F_LOAD_WITH_STRICT_ALIGNMENT, 83662306a36Sopenharmony_ci}, 83762306a36Sopenharmony_ci{ 83862306a36Sopenharmony_ci "check cb access: double, oob 1", 83962306a36Sopenharmony_ci .insns = { 84062306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 84162306a36Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 84262306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[4])), 84362306a36Sopenharmony_ci BPF_EXIT_INSN(), 84462306a36Sopenharmony_ci }, 84562306a36Sopenharmony_ci .errstr = "invalid bpf_context access", 84662306a36Sopenharmony_ci .result = REJECT, 84762306a36Sopenharmony_ci}, 84862306a36Sopenharmony_ci{ 84962306a36Sopenharmony_ci "check cb access: double, oob 2", 85062306a36Sopenharmony_ci .insns = { 85162306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 85262306a36Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 85362306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[4])), 85462306a36Sopenharmony_ci BPF_EXIT_INSN(), 85562306a36Sopenharmony_ci }, 85662306a36Sopenharmony_ci .errstr = "invalid bpf_context access", 85762306a36Sopenharmony_ci .result = REJECT, 85862306a36Sopenharmony_ci}, 85962306a36Sopenharmony_ci{ 86062306a36Sopenharmony_ci "check __sk_buff->ifindex dw store not permitted", 86162306a36Sopenharmony_ci .insns = { 86262306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 86362306a36Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 86462306a36Sopenharmony_ci offsetof(struct __sk_buff, ifindex)), 86562306a36Sopenharmony_ci BPF_EXIT_INSN(), 86662306a36Sopenharmony_ci }, 86762306a36Sopenharmony_ci .errstr = "invalid bpf_context access", 86862306a36Sopenharmony_ci .result = REJECT, 86962306a36Sopenharmony_ci}, 87062306a36Sopenharmony_ci{ 87162306a36Sopenharmony_ci "check __sk_buff->ifindex dw load not permitted", 87262306a36Sopenharmony_ci .insns = { 87362306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 87462306a36Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 87562306a36Sopenharmony_ci offsetof(struct __sk_buff, ifindex)), 87662306a36Sopenharmony_ci BPF_EXIT_INSN(), 87762306a36Sopenharmony_ci }, 87862306a36Sopenharmony_ci .errstr = "invalid bpf_context access", 87962306a36Sopenharmony_ci .result = REJECT, 88062306a36Sopenharmony_ci}, 88162306a36Sopenharmony_ci{ 88262306a36Sopenharmony_ci "check cb access: double, wrong type", 88362306a36Sopenharmony_ci .insns = { 88462306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 88562306a36Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 88662306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[0])), 88762306a36Sopenharmony_ci BPF_EXIT_INSN(), 88862306a36Sopenharmony_ci }, 88962306a36Sopenharmony_ci .errstr = "invalid bpf_context access", 89062306a36Sopenharmony_ci .result = REJECT, 89162306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SOCK, 89262306a36Sopenharmony_ci}, 89362306a36Sopenharmony_ci{ 89462306a36Sopenharmony_ci "check out of range skb->cb access", 89562306a36Sopenharmony_ci .insns = { 89662306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 89762306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[0]) + 256), 89862306a36Sopenharmony_ci BPF_EXIT_INSN(), 89962306a36Sopenharmony_ci }, 90062306a36Sopenharmony_ci .errstr = "invalid bpf_context access", 90162306a36Sopenharmony_ci .errstr_unpriv = "", 90262306a36Sopenharmony_ci .result = REJECT, 90362306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_ACT, 90462306a36Sopenharmony_ci}, 90562306a36Sopenharmony_ci{ 90662306a36Sopenharmony_ci "write skb fields from socket prog", 90762306a36Sopenharmony_ci .insns = { 90862306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 90962306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[4])), 91062306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 1), 91162306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 91262306a36Sopenharmony_ci offsetof(struct __sk_buff, mark)), 91362306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 91462306a36Sopenharmony_ci offsetof(struct __sk_buff, tc_index)), 91562306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 1), 91662306a36Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 91762306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[0])), 91862306a36Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 91962306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[2])), 92062306a36Sopenharmony_ci BPF_EXIT_INSN(), 92162306a36Sopenharmony_ci }, 92262306a36Sopenharmony_ci .result = ACCEPT, 92362306a36Sopenharmony_ci .errstr_unpriv = "R1 leaks addr", 92462306a36Sopenharmony_ci .result_unpriv = REJECT, 92562306a36Sopenharmony_ci}, 92662306a36Sopenharmony_ci{ 92762306a36Sopenharmony_ci "write skb fields from tc_cls_act prog", 92862306a36Sopenharmony_ci .insns = { 92962306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 93062306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[0])), 93162306a36Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 93262306a36Sopenharmony_ci offsetof(struct __sk_buff, mark)), 93362306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 93462306a36Sopenharmony_ci offsetof(struct __sk_buff, tc_index)), 93562306a36Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 93662306a36Sopenharmony_ci offsetof(struct __sk_buff, tc_index)), 93762306a36Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 93862306a36Sopenharmony_ci offsetof(struct __sk_buff, cb[3])), 93962306a36Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 94062306a36Sopenharmony_ci offsetof(struct __sk_buff, tstamp)), 94162306a36Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 94262306a36Sopenharmony_ci offsetof(struct __sk_buff, tstamp)), 94362306a36Sopenharmony_ci BPF_EXIT_INSN(), 94462306a36Sopenharmony_ci }, 94562306a36Sopenharmony_ci .errstr_unpriv = "", 94662306a36Sopenharmony_ci .result_unpriv = REJECT, 94762306a36Sopenharmony_ci .result = ACCEPT, 94862306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 94962306a36Sopenharmony_ci}, 95062306a36Sopenharmony_ci{ 95162306a36Sopenharmony_ci "check skb->data half load not permitted", 95262306a36Sopenharmony_ci .insns = { 95362306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 95462306a36Sopenharmony_ci#if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ 95562306a36Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 95662306a36Sopenharmony_ci offsetof(struct __sk_buff, data)), 95762306a36Sopenharmony_ci#else 95862306a36Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, 95962306a36Sopenharmony_ci offsetof(struct __sk_buff, data) + 2), 96062306a36Sopenharmony_ci#endif 96162306a36Sopenharmony_ci BPF_EXIT_INSN(), 96262306a36Sopenharmony_ci }, 96362306a36Sopenharmony_ci .result = REJECT, 96462306a36Sopenharmony_ci .errstr = "invalid bpf_context access", 96562306a36Sopenharmony_ci}, 96662306a36Sopenharmony_ci{ 96762306a36Sopenharmony_ci "read gso_segs from CGROUP_SKB", 96862306a36Sopenharmony_ci .insns = { 96962306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 97062306a36Sopenharmony_ci offsetof(struct __sk_buff, gso_segs)), 97162306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 97262306a36Sopenharmony_ci BPF_EXIT_INSN(), 97362306a36Sopenharmony_ci }, 97462306a36Sopenharmony_ci .result = ACCEPT, 97562306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 97662306a36Sopenharmony_ci}, 97762306a36Sopenharmony_ci{ 97862306a36Sopenharmony_ci "read gso_segs from CGROUP_SKB", 97962306a36Sopenharmony_ci .insns = { 98062306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 98162306a36Sopenharmony_ci offsetof(struct __sk_buff, gso_segs)), 98262306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 98362306a36Sopenharmony_ci BPF_EXIT_INSN(), 98462306a36Sopenharmony_ci }, 98562306a36Sopenharmony_ci .result = ACCEPT, 98662306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 98762306a36Sopenharmony_ci}, 98862306a36Sopenharmony_ci{ 98962306a36Sopenharmony_ci "write gso_segs from CGROUP_SKB", 99062306a36Sopenharmony_ci .insns = { 99162306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 99262306a36Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 99362306a36Sopenharmony_ci offsetof(struct __sk_buff, gso_segs)), 99462306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 99562306a36Sopenharmony_ci BPF_EXIT_INSN(), 99662306a36Sopenharmony_ci }, 99762306a36Sopenharmony_ci .result = REJECT, 99862306a36Sopenharmony_ci .result_unpriv = REJECT, 99962306a36Sopenharmony_ci .errstr = "invalid bpf_context access off=164 size=4", 100062306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 100162306a36Sopenharmony_ci}, 100262306a36Sopenharmony_ci{ 100362306a36Sopenharmony_ci "read gso_segs from CLS", 100462306a36Sopenharmony_ci .insns = { 100562306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 100662306a36Sopenharmony_ci offsetof(struct __sk_buff, gso_segs)), 100762306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 100862306a36Sopenharmony_ci BPF_EXIT_INSN(), 100962306a36Sopenharmony_ci }, 101062306a36Sopenharmony_ci .result = ACCEPT, 101162306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 101262306a36Sopenharmony_ci}, 101362306a36Sopenharmony_ci{ 101462306a36Sopenharmony_ci "read gso_size from CGROUP_SKB", 101562306a36Sopenharmony_ci .insns = { 101662306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 101762306a36Sopenharmony_ci offsetof(struct __sk_buff, gso_size)), 101862306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 101962306a36Sopenharmony_ci BPF_EXIT_INSN(), 102062306a36Sopenharmony_ci }, 102162306a36Sopenharmony_ci .result = ACCEPT, 102262306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 102362306a36Sopenharmony_ci}, 102462306a36Sopenharmony_ci{ 102562306a36Sopenharmony_ci "read gso_size from CGROUP_SKB", 102662306a36Sopenharmony_ci .insns = { 102762306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 102862306a36Sopenharmony_ci offsetof(struct __sk_buff, gso_size)), 102962306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 103062306a36Sopenharmony_ci BPF_EXIT_INSN(), 103162306a36Sopenharmony_ci }, 103262306a36Sopenharmony_ci .result = ACCEPT, 103362306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 103462306a36Sopenharmony_ci}, 103562306a36Sopenharmony_ci{ 103662306a36Sopenharmony_ci "write gso_size from CGROUP_SKB", 103762306a36Sopenharmony_ci .insns = { 103862306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 103962306a36Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 104062306a36Sopenharmony_ci offsetof(struct __sk_buff, gso_size)), 104162306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 104262306a36Sopenharmony_ci BPF_EXIT_INSN(), 104362306a36Sopenharmony_ci }, 104462306a36Sopenharmony_ci .result = REJECT, 104562306a36Sopenharmony_ci .result_unpriv = REJECT, 104662306a36Sopenharmony_ci .errstr = "invalid bpf_context access off=176 size=4", 104762306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 104862306a36Sopenharmony_ci}, 104962306a36Sopenharmony_ci{ 105062306a36Sopenharmony_ci "read gso_size from CLS", 105162306a36Sopenharmony_ci .insns = { 105262306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 105362306a36Sopenharmony_ci offsetof(struct __sk_buff, gso_size)), 105462306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 105562306a36Sopenharmony_ci BPF_EXIT_INSN(), 105662306a36Sopenharmony_ci }, 105762306a36Sopenharmony_ci .result = ACCEPT, 105862306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 105962306a36Sopenharmony_ci}, 106062306a36Sopenharmony_ci{ 106162306a36Sopenharmony_ci "padding after gso_size is not accessible", 106262306a36Sopenharmony_ci .insns = { 106362306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 106462306a36Sopenharmony_ci offsetofend(struct __sk_buff, gso_size)), 106562306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 106662306a36Sopenharmony_ci BPF_EXIT_INSN(), 106762306a36Sopenharmony_ci }, 106862306a36Sopenharmony_ci .result = REJECT, 106962306a36Sopenharmony_ci .result_unpriv = REJECT, 107062306a36Sopenharmony_ci .errstr = "invalid bpf_context access off=180 size=4", 107162306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 107262306a36Sopenharmony_ci}, 107362306a36Sopenharmony_ci{ 107462306a36Sopenharmony_ci "read hwtstamp from CGROUP_SKB", 107562306a36Sopenharmony_ci .insns = { 107662306a36Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 107762306a36Sopenharmony_ci offsetof(struct __sk_buff, hwtstamp)), 107862306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 107962306a36Sopenharmony_ci BPF_EXIT_INSN(), 108062306a36Sopenharmony_ci }, 108162306a36Sopenharmony_ci .result = ACCEPT, 108262306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 108362306a36Sopenharmony_ci}, 108462306a36Sopenharmony_ci{ 108562306a36Sopenharmony_ci "read hwtstamp from CGROUP_SKB", 108662306a36Sopenharmony_ci .insns = { 108762306a36Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, 108862306a36Sopenharmony_ci offsetof(struct __sk_buff, hwtstamp)), 108962306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 109062306a36Sopenharmony_ci BPF_EXIT_INSN(), 109162306a36Sopenharmony_ci }, 109262306a36Sopenharmony_ci .result = ACCEPT, 109362306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 109462306a36Sopenharmony_ci}, 109562306a36Sopenharmony_ci{ 109662306a36Sopenharmony_ci "write hwtstamp from CGROUP_SKB", 109762306a36Sopenharmony_ci .insns = { 109862306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 109962306a36Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 110062306a36Sopenharmony_ci offsetof(struct __sk_buff, hwtstamp)), 110162306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 110262306a36Sopenharmony_ci BPF_EXIT_INSN(), 110362306a36Sopenharmony_ci }, 110462306a36Sopenharmony_ci .result = REJECT, 110562306a36Sopenharmony_ci .result_unpriv = REJECT, 110662306a36Sopenharmony_ci .errstr = "invalid bpf_context access off=184 size=8", 110762306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 110862306a36Sopenharmony_ci}, 110962306a36Sopenharmony_ci{ 111062306a36Sopenharmony_ci "read hwtstamp from CLS", 111162306a36Sopenharmony_ci .insns = { 111262306a36Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 111362306a36Sopenharmony_ci offsetof(struct __sk_buff, hwtstamp)), 111462306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 111562306a36Sopenharmony_ci BPF_EXIT_INSN(), 111662306a36Sopenharmony_ci }, 111762306a36Sopenharmony_ci .result = ACCEPT, 111862306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 111962306a36Sopenharmony_ci}, 112062306a36Sopenharmony_ci{ 112162306a36Sopenharmony_ci "check wire_len is not readable by sockets", 112262306a36Sopenharmony_ci .insns = { 112362306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 112462306a36Sopenharmony_ci offsetof(struct __sk_buff, wire_len)), 112562306a36Sopenharmony_ci BPF_EXIT_INSN(), 112662306a36Sopenharmony_ci }, 112762306a36Sopenharmony_ci .errstr = "invalid bpf_context access", 112862306a36Sopenharmony_ci .result = REJECT, 112962306a36Sopenharmony_ci}, 113062306a36Sopenharmony_ci{ 113162306a36Sopenharmony_ci "check wire_len is readable by tc classifier", 113262306a36Sopenharmony_ci .insns = { 113362306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 113462306a36Sopenharmony_ci offsetof(struct __sk_buff, wire_len)), 113562306a36Sopenharmony_ci BPF_EXIT_INSN(), 113662306a36Sopenharmony_ci }, 113762306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 113862306a36Sopenharmony_ci .result = ACCEPT, 113962306a36Sopenharmony_ci}, 114062306a36Sopenharmony_ci{ 114162306a36Sopenharmony_ci "check wire_len is not writable by tc classifier", 114262306a36Sopenharmony_ci .insns = { 114362306a36Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 114462306a36Sopenharmony_ci offsetof(struct __sk_buff, wire_len)), 114562306a36Sopenharmony_ci BPF_EXIT_INSN(), 114662306a36Sopenharmony_ci }, 114762306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 114862306a36Sopenharmony_ci .errstr = "invalid bpf_context access", 114962306a36Sopenharmony_ci .errstr_unpriv = "R1 leaks addr", 115062306a36Sopenharmony_ci .result = REJECT, 115162306a36Sopenharmony_ci}, 115262306a36Sopenharmony_ci{ 115362306a36Sopenharmony_ci "pkt > pkt_end taken check", 115462306a36Sopenharmony_ci .insns = { 115562306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, // 0. r2 = *(u32 *)(r1 + data_end) 115662306a36Sopenharmony_ci offsetof(struct __sk_buff, data_end)), 115762306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_1, // 1. r4 = *(u32 *)(r1 + data) 115862306a36Sopenharmony_ci offsetof(struct __sk_buff, data)), 115962306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_3, BPF_REG_4), // 2. r3 = r4 116062306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_3, 42), // 3. r3 += 42 116162306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_1, 0), // 4. r1 = 0 116262306a36Sopenharmony_ci BPF_JMP_REG(BPF_JGT, BPF_REG_3, BPF_REG_2, 2), // 5. if r3 > r2 goto 8 116362306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, 14), // 6. r4 += 14 116462306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_4), // 7. r1 = r4 116562306a36Sopenharmony_ci BPF_JMP_REG(BPF_JGT, BPF_REG_3, BPF_REG_2, 1), // 8. if r3 > r2 goto 10 116662306a36Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_2, BPF_REG_1, 9), // 9. r2 = *(u8 *)(r1 + 9) 116762306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), // 10. r0 = 0 116862306a36Sopenharmony_ci BPF_EXIT_INSN(), // 11. exit 116962306a36Sopenharmony_ci }, 117062306a36Sopenharmony_ci .result = ACCEPT, 117162306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 117262306a36Sopenharmony_ci .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 117362306a36Sopenharmony_ci}, 117462306a36Sopenharmony_ci{ 117562306a36Sopenharmony_ci "pkt_end < pkt taken check", 117662306a36Sopenharmony_ci .insns = { 117762306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, // 0. r2 = *(u32 *)(r1 + data_end) 117862306a36Sopenharmony_ci offsetof(struct __sk_buff, data_end)), 117962306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_1, // 1. r4 = *(u32 *)(r1 + data) 118062306a36Sopenharmony_ci offsetof(struct __sk_buff, data)), 118162306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_3, BPF_REG_4), // 2. r3 = r4 118262306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_3, 42), // 3. r3 += 42 118362306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_1, 0), // 4. r1 = 0 118462306a36Sopenharmony_ci BPF_JMP_REG(BPF_JGT, BPF_REG_3, BPF_REG_2, 2), // 5. if r3 > r2 goto 8 118562306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, 14), // 6. r4 += 14 118662306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_4), // 7. r1 = r4 118762306a36Sopenharmony_ci BPF_JMP_REG(BPF_JLT, BPF_REG_2, BPF_REG_3, 1), // 8. if r2 < r3 goto 10 118862306a36Sopenharmony_ci BPF_LDX_MEM(BPF_H, BPF_REG_2, BPF_REG_1, 9), // 9. r2 = *(u8 *)(r1 + 9) 118962306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), // 10. r0 = 0 119062306a36Sopenharmony_ci BPF_EXIT_INSN(), // 11. exit 119162306a36Sopenharmony_ci }, 119262306a36Sopenharmony_ci .result = ACCEPT, 119362306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SK_SKB, 119462306a36Sopenharmony_ci .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 119562306a36Sopenharmony_ci}, 1196