8b4fd2bf1f
A new field was added to the bpf_sk_lookup data that users can access. Add tests that validate that the new ingress_ifindex field contains the right data. Signed-off-by: Mark Pashmfouroush <markpash@cloudflare.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Link: https://lore.kernel.org/bpf/20211110111016.5670-3-markpash@cloudflare.com
533 lines
19 KiB
C
533 lines
19 KiB
C
{
|
|
"valid 1,2,4,8-byte reads from bpf_sk_lookup",
|
|
.insns = {
|
|
/* 1-byte read from family field */
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, family)),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, family) + 1),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, family) + 2),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, family) + 3),
|
|
/* 2-byte read from family field */
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, family)),
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, family) + 2),
|
|
/* 4-byte read from family field */
|
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, family)),
|
|
|
|
/* 1-byte read from protocol field */
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, protocol)),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, protocol) + 1),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, protocol) + 2),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, protocol) + 3),
|
|
/* 2-byte read from protocol field */
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, protocol)),
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, protocol) + 2),
|
|
/* 4-byte read from protocol field */
|
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, protocol)),
|
|
|
|
/* 1-byte read from remote_ip4 field */
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip4)),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip4) + 1),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip4) + 2),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip4) + 3),
|
|
/* 2-byte read from remote_ip4 field */
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip4)),
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip4) + 2),
|
|
/* 4-byte read from remote_ip4 field */
|
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip4)),
|
|
|
|
/* 1-byte read from remote_ip6 field */
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip6)),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip6) + 1),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip6) + 2),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip6) + 3),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip6) + 4),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip6) + 5),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip6) + 6),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip6) + 7),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip6) + 8),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip6) + 9),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip6) + 10),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip6) + 11),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip6) + 12),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip6) + 13),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip6) + 14),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip6) + 15),
|
|
/* 2-byte read from remote_ip6 field */
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip6)),
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip6) + 2),
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip6) + 4),
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip6) + 6),
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip6) + 8),
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip6) + 10),
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip6) + 12),
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip6) + 14),
|
|
/* 4-byte read from remote_ip6 field */
|
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip6)),
|
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip6) + 4),
|
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip6) + 8),
|
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip6) + 12),
|
|
|
|
/* 1-byte read from remote_port field */
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_port)),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_port) + 1),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_port) + 2),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_port) + 3),
|
|
/* 2-byte read from remote_port field */
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_port)),
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_port) + 2),
|
|
/* 4-byte read from remote_port field */
|
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_port)),
|
|
|
|
/* 1-byte read from local_ip4 field */
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip4)),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip4) + 1),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip4) + 2),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip4) + 3),
|
|
/* 2-byte read from local_ip4 field */
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip4)),
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip4) + 2),
|
|
/* 4-byte read from local_ip4 field */
|
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip4)),
|
|
|
|
/* 1-byte read from local_ip6 field */
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip6)),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip6) + 1),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip6) + 2),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip6) + 3),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip6) + 4),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip6) + 5),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip6) + 6),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip6) + 7),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip6) + 8),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip6) + 9),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip6) + 10),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip6) + 11),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip6) + 12),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip6) + 13),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip6) + 14),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip6) + 15),
|
|
/* 2-byte read from local_ip6 field */
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip6)),
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip6) + 2),
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip6) + 4),
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip6) + 6),
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip6) + 8),
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip6) + 10),
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip6) + 12),
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip6) + 14),
|
|
/* 4-byte read from local_ip6 field */
|
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip6)),
|
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip6) + 4),
|
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip6) + 8),
|
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip6) + 12),
|
|
|
|
/* 1-byte read from local_port field */
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_port)),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_port) + 1),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_port) + 2),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_port) + 3),
|
|
/* 2-byte read from local_port field */
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_port)),
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_port) + 2),
|
|
/* 4-byte read from local_port field */
|
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_port)),
|
|
|
|
/* 1-byte read from ingress_ifindex field */
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, ingress_ifindex)),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, ingress_ifindex) + 1),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, ingress_ifindex) + 2),
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, ingress_ifindex) + 3),
|
|
/* 2-byte read from ingress_ifindex field */
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, ingress_ifindex)),
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, ingress_ifindex) + 2),
|
|
/* 4-byte read from ingress_ifindex field */
|
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, ingress_ifindex)),
|
|
|
|
/* 8-byte read from sk field */
|
|
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, sk)),
|
|
|
|
BPF_MOV32_IMM(BPF_REG_0, 0),
|
|
BPF_EXIT_INSN(),
|
|
},
|
|
.result = ACCEPT,
|
|
.prog_type = BPF_PROG_TYPE_SK_LOOKUP,
|
|
.expected_attach_type = BPF_SK_LOOKUP,
|
|
.runs = -1,
|
|
},
|
|
/* invalid 8-byte reads from a 4-byte fields in bpf_sk_lookup */
|
|
{
|
|
"invalid 8-byte read from bpf_sk_lookup family field",
|
|
.insns = {
|
|
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, family)),
|
|
BPF_MOV32_IMM(BPF_REG_0, 0),
|
|
BPF_EXIT_INSN(),
|
|
},
|
|
.errstr = "invalid bpf_context access",
|
|
.result = REJECT,
|
|
.prog_type = BPF_PROG_TYPE_SK_LOOKUP,
|
|
.expected_attach_type = BPF_SK_LOOKUP,
|
|
},
|
|
{
|
|
"invalid 8-byte read from bpf_sk_lookup protocol field",
|
|
.insns = {
|
|
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, protocol)),
|
|
BPF_MOV32_IMM(BPF_REG_0, 0),
|
|
BPF_EXIT_INSN(),
|
|
},
|
|
.errstr = "invalid bpf_context access",
|
|
.result = REJECT,
|
|
.prog_type = BPF_PROG_TYPE_SK_LOOKUP,
|
|
.expected_attach_type = BPF_SK_LOOKUP,
|
|
.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
|
|
},
|
|
{
|
|
"invalid 8-byte read from bpf_sk_lookup remote_ip4 field",
|
|
.insns = {
|
|
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip4)),
|
|
BPF_MOV32_IMM(BPF_REG_0, 0),
|
|
BPF_EXIT_INSN(),
|
|
},
|
|
.errstr = "invalid bpf_context access",
|
|
.result = REJECT,
|
|
.prog_type = BPF_PROG_TYPE_SK_LOOKUP,
|
|
.expected_attach_type = BPF_SK_LOOKUP,
|
|
},
|
|
{
|
|
"invalid 8-byte read from bpf_sk_lookup remote_ip6 field",
|
|
.insns = {
|
|
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_ip6)),
|
|
BPF_MOV32_IMM(BPF_REG_0, 0),
|
|
BPF_EXIT_INSN(),
|
|
},
|
|
.errstr = "invalid bpf_context access",
|
|
.result = REJECT,
|
|
.prog_type = BPF_PROG_TYPE_SK_LOOKUP,
|
|
.expected_attach_type = BPF_SK_LOOKUP,
|
|
.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
|
|
},
|
|
{
|
|
"invalid 8-byte read from bpf_sk_lookup remote_port field",
|
|
.insns = {
|
|
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, remote_port)),
|
|
BPF_MOV32_IMM(BPF_REG_0, 0),
|
|
BPF_EXIT_INSN(),
|
|
},
|
|
.errstr = "invalid bpf_context access",
|
|
.result = REJECT,
|
|
.prog_type = BPF_PROG_TYPE_SK_LOOKUP,
|
|
.expected_attach_type = BPF_SK_LOOKUP,
|
|
.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
|
|
},
|
|
{
|
|
"invalid 8-byte read from bpf_sk_lookup local_ip4 field",
|
|
.insns = {
|
|
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip4)),
|
|
BPF_MOV32_IMM(BPF_REG_0, 0),
|
|
BPF_EXIT_INSN(),
|
|
},
|
|
.errstr = "invalid bpf_context access",
|
|
.result = REJECT,
|
|
.prog_type = BPF_PROG_TYPE_SK_LOOKUP,
|
|
.expected_attach_type = BPF_SK_LOOKUP,
|
|
},
|
|
{
|
|
"invalid 8-byte read from bpf_sk_lookup local_ip6 field",
|
|
.insns = {
|
|
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_ip6)),
|
|
BPF_MOV32_IMM(BPF_REG_0, 0),
|
|
BPF_EXIT_INSN(),
|
|
},
|
|
.errstr = "invalid bpf_context access",
|
|
.result = REJECT,
|
|
.prog_type = BPF_PROG_TYPE_SK_LOOKUP,
|
|
.expected_attach_type = BPF_SK_LOOKUP,
|
|
.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
|
|
},
|
|
{
|
|
"invalid 8-byte read from bpf_sk_lookup local_port field",
|
|
.insns = {
|
|
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, local_port)),
|
|
BPF_MOV32_IMM(BPF_REG_0, 0),
|
|
BPF_EXIT_INSN(),
|
|
},
|
|
.errstr = "invalid bpf_context access",
|
|
.result = REJECT,
|
|
.prog_type = BPF_PROG_TYPE_SK_LOOKUP,
|
|
.expected_attach_type = BPF_SK_LOOKUP,
|
|
.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
|
|
},
|
|
{
|
|
"invalid 8-byte read from bpf_sk_lookup ingress_ifindex field",
|
|
.insns = {
|
|
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, ingress_ifindex)),
|
|
BPF_MOV32_IMM(BPF_REG_0, 0),
|
|
BPF_EXIT_INSN(),
|
|
},
|
|
.errstr = "invalid bpf_context access",
|
|
.result = REJECT,
|
|
.prog_type = BPF_PROG_TYPE_SK_LOOKUP,
|
|
.expected_attach_type = BPF_SK_LOOKUP,
|
|
.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
|
|
},
|
|
/* invalid 1,2,4-byte reads from 8-byte fields in bpf_sk_lookup */
|
|
{
|
|
"invalid 4-byte read from bpf_sk_lookup sk field",
|
|
.insns = {
|
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, sk)),
|
|
BPF_MOV32_IMM(BPF_REG_0, 0),
|
|
BPF_EXIT_INSN(),
|
|
},
|
|
.errstr = "invalid bpf_context access",
|
|
.result = REJECT,
|
|
.prog_type = BPF_PROG_TYPE_SK_LOOKUP,
|
|
.expected_attach_type = BPF_SK_LOOKUP,
|
|
},
|
|
{
|
|
"invalid 2-byte read from bpf_sk_lookup sk field",
|
|
.insns = {
|
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, sk)),
|
|
BPF_MOV32_IMM(BPF_REG_0, 0),
|
|
BPF_EXIT_INSN(),
|
|
},
|
|
.errstr = "invalid bpf_context access",
|
|
.result = REJECT,
|
|
.prog_type = BPF_PROG_TYPE_SK_LOOKUP,
|
|
.expected_attach_type = BPF_SK_LOOKUP,
|
|
},
|
|
{
|
|
"invalid 1-byte read from bpf_sk_lookup sk field",
|
|
.insns = {
|
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
|
|
offsetof(struct bpf_sk_lookup, sk)),
|
|
BPF_MOV32_IMM(BPF_REG_0, 0),
|
|
BPF_EXIT_INSN(),
|
|
},
|
|
.errstr = "invalid bpf_context access",
|
|
.result = REJECT,
|
|
.prog_type = BPF_PROG_TYPE_SK_LOOKUP,
|
|
.expected_attach_type = BPF_SK_LOOKUP,
|
|
},
|
|
/* out of bounds and unaligned reads from bpf_sk_lookup */
|
|
{
|
|
"invalid 4-byte read past end of bpf_sk_lookup",
|
|
.insns = {
|
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
|
|
sizeof(struct bpf_sk_lookup)),
|
|
BPF_MOV32_IMM(BPF_REG_0, 0),
|
|
BPF_EXIT_INSN(),
|
|
},
|
|
.errstr = "invalid bpf_context access",
|
|
.result = REJECT,
|
|
.prog_type = BPF_PROG_TYPE_SK_LOOKUP,
|
|
.expected_attach_type = BPF_SK_LOOKUP,
|
|
},
|
|
{
|
|
"invalid 4-byte unaligned read from bpf_sk_lookup at odd offset",
|
|
.insns = {
|
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 1),
|
|
BPF_MOV32_IMM(BPF_REG_0, 0),
|
|
BPF_EXIT_INSN(),
|
|
},
|
|
.errstr = "invalid bpf_context access",
|
|
.result = REJECT,
|
|
.prog_type = BPF_PROG_TYPE_SK_LOOKUP,
|
|
.expected_attach_type = BPF_SK_LOOKUP,
|
|
.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
|
|
},
|
|
{
|
|
"invalid 4-byte unaligned read from bpf_sk_lookup at even offset",
|
|
.insns = {
|
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 2),
|
|
BPF_MOV32_IMM(BPF_REG_0, 0),
|
|
BPF_EXIT_INSN(),
|
|
},
|
|
.errstr = "invalid bpf_context access",
|
|
.result = REJECT,
|
|
.prog_type = BPF_PROG_TYPE_SK_LOOKUP,
|
|
.expected_attach_type = BPF_SK_LOOKUP,
|
|
.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
|
|
},
|
|
/* in-bound and out-of-bound writes to bpf_sk_lookup */
|
|
{
|
|
"invalid 8-byte write to bpf_sk_lookup",
|
|
.insns = {
|
|
BPF_MOV64_IMM(BPF_REG_0, 0xcafe4a11U),
|
|
BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 0),
|
|
BPF_MOV32_IMM(BPF_REG_0, 0),
|
|
BPF_EXIT_INSN(),
|
|
},
|
|
.errstr = "invalid bpf_context access",
|
|
.result = REJECT,
|
|
.prog_type = BPF_PROG_TYPE_SK_LOOKUP,
|
|
.expected_attach_type = BPF_SK_LOOKUP,
|
|
},
|
|
{
|
|
"invalid 4-byte write to bpf_sk_lookup",
|
|
.insns = {
|
|
BPF_MOV64_IMM(BPF_REG_0, 0xcafe4a11U),
|
|
BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 0),
|
|
BPF_MOV32_IMM(BPF_REG_0, 0),
|
|
BPF_EXIT_INSN(),
|
|
},
|
|
.errstr = "invalid bpf_context access",
|
|
.result = REJECT,
|
|
.prog_type = BPF_PROG_TYPE_SK_LOOKUP,
|
|
.expected_attach_type = BPF_SK_LOOKUP,
|
|
},
|
|
{
|
|
"invalid 2-byte write to bpf_sk_lookup",
|
|
.insns = {
|
|
BPF_MOV64_IMM(BPF_REG_0, 0xcafe4a11U),
|
|
BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 0),
|
|
BPF_MOV32_IMM(BPF_REG_0, 0),
|
|
BPF_EXIT_INSN(),
|
|
},
|
|
.errstr = "invalid bpf_context access",
|
|
.result = REJECT,
|
|
.prog_type = BPF_PROG_TYPE_SK_LOOKUP,
|
|
.expected_attach_type = BPF_SK_LOOKUP,
|
|
},
|
|
{
|
|
"invalid 1-byte write to bpf_sk_lookup",
|
|
.insns = {
|
|
BPF_MOV64_IMM(BPF_REG_0, 0xcafe4a11U),
|
|
BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 0),
|
|
BPF_MOV32_IMM(BPF_REG_0, 0),
|
|
BPF_EXIT_INSN(),
|
|
},
|
|
.errstr = "invalid bpf_context access",
|
|
.result = REJECT,
|
|
.prog_type = BPF_PROG_TYPE_SK_LOOKUP,
|
|
.expected_attach_type = BPF_SK_LOOKUP,
|
|
},
|
|
{
|
|
"invalid 4-byte write past end of bpf_sk_lookup",
|
|
.insns = {
|
|
BPF_MOV64_IMM(BPF_REG_0, 0xcafe4a11U),
|
|
BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0,
|
|
sizeof(struct bpf_sk_lookup)),
|
|
BPF_MOV32_IMM(BPF_REG_0, 0),
|
|
BPF_EXIT_INSN(),
|
|
},
|
|
.errstr = "invalid bpf_context access",
|
|
.result = REJECT,
|
|
.prog_type = BPF_PROG_TYPE_SK_LOOKUP,
|
|
.expected_attach_type = BPF_SK_LOOKUP,
|
|
},
|