aboutsummaryrefslogtreecommitdiffstats
path: root/samples
diff options
context:
space:
mode:
Diffstat (limited to 'samples')
-rw-r--r--samples/bpf/test_verifier.c433
1 files changed, 430 insertions, 3 deletions
diff --git a/samples/bpf/test_verifier.c b/samples/bpf/test_verifier.c
index 1f6cc9b6a23b..ac590d4b7f02 100644
--- a/samples/bpf/test_verifier.c
+++ b/samples/bpf/test_verifier.c
@@ -291,6 +291,29 @@ static struct bpf_test tests[] = {
291 .result = REJECT, 291 .result = REJECT,
292 }, 292 },
293 { 293 {
294 "invalid argument register",
295 .insns = {
296 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_get_cgroup_classid),
297 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_get_cgroup_classid),
298 BPF_EXIT_INSN(),
299 },
300 .errstr = "R1 !read_ok",
301 .result = REJECT,
302 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
303 },
304 {
305 "non-invalid argument register",
306 .insns = {
307 BPF_ALU64_REG(BPF_MOV, BPF_REG_6, BPF_REG_1),
308 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_get_cgroup_classid),
309 BPF_ALU64_REG(BPF_MOV, BPF_REG_1, BPF_REG_6),
310 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_get_cgroup_classid),
311 BPF_EXIT_INSN(),
312 },
313 .result = ACCEPT,
314 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
315 },
316 {
294 "check valid spill/fill", 317 "check valid spill/fill",
295 .insns = { 318 .insns = {
296 /* spill R1(ctx) into stack */ 319 /* spill R1(ctx) into stack */
@@ -1210,6 +1233,54 @@ static struct bpf_test tests[] = {
1210 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 1233 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
1211 }, 1234 },
1212 { 1235 {
1236 "raw_stack: skb_load_bytes, negative len",
1237 .insns = {
1238 BPF_MOV64_IMM(BPF_REG_2, 4),
1239 BPF_ALU64_REG(BPF_MOV, BPF_REG_6, BPF_REG_10),
1240 BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, -8),
1241 BPF_MOV64_REG(BPF_REG_3, BPF_REG_6),
1242 BPF_MOV64_IMM(BPF_REG_4, -8),
1243 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_skb_load_bytes),
1244 BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_6, 0),
1245 BPF_EXIT_INSN(),
1246 },
1247 .result = REJECT,
1248 .errstr = "invalid stack type R3",
1249 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
1250 },
1251 {
1252 "raw_stack: skb_load_bytes, negative len 2",
1253 .insns = {
1254 BPF_MOV64_IMM(BPF_REG_2, 4),
1255 BPF_ALU64_REG(BPF_MOV, BPF_REG_6, BPF_REG_10),
1256 BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, -8),
1257 BPF_MOV64_REG(BPF_REG_3, BPF_REG_6),
1258 BPF_MOV64_IMM(BPF_REG_4, ~0),
1259 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_skb_load_bytes),
1260 BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_6, 0),
1261 BPF_EXIT_INSN(),
1262 },
1263 .result = REJECT,
1264 .errstr = "invalid stack type R3",
1265 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
1266 },
1267 {
1268 "raw_stack: skb_load_bytes, zero len",
1269 .insns = {
1270 BPF_MOV64_IMM(BPF_REG_2, 4),
1271 BPF_ALU64_REG(BPF_MOV, BPF_REG_6, BPF_REG_10),
1272 BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, -8),
1273 BPF_MOV64_REG(BPF_REG_3, BPF_REG_6),
1274 BPF_MOV64_IMM(BPF_REG_4, 0),
1275 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_skb_load_bytes),
1276 BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_6, 0),
1277 BPF_EXIT_INSN(),
1278 },
1279 .result = REJECT,
1280 .errstr = "invalid stack type R3",
1281 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
1282 },
1283 {
1213 "raw_stack: skb_load_bytes, no init", 1284 "raw_stack: skb_load_bytes, no init",
1214 .insns = { 1285 .insns = {
1215 BPF_MOV64_IMM(BPF_REG_2, 4), 1286 BPF_MOV64_IMM(BPF_REG_2, 4),
@@ -1511,7 +1582,7 @@ static struct bpf_test tests[] = {
1511 .prog_type = BPF_PROG_TYPE_SOCKET_FILTER, 1582 .prog_type = BPF_PROG_TYPE_SOCKET_FILTER,
1512 }, 1583 },
1513 { 1584 {
1514 "direct packet access: test4", 1585 "direct packet access: test4 (write)",
1515 .insns = { 1586 .insns = {
1516 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 1587 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
1517 offsetof(struct __sk_buff, data)), 1588 offsetof(struct __sk_buff, data)),
@@ -1524,8 +1595,7 @@ static struct bpf_test tests[] = {
1524 BPF_MOV64_IMM(BPF_REG_0, 0), 1595 BPF_MOV64_IMM(BPF_REG_0, 0),
1525 BPF_EXIT_INSN(), 1596 BPF_EXIT_INSN(),
1526 }, 1597 },
1527 .errstr = "cannot write", 1598 .result = ACCEPT,
1528 .result = REJECT,
1529 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 1599 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
1530 }, 1600 },
1531 { 1601 {
@@ -1631,6 +1701,26 @@ static struct bpf_test tests[] = {
1631 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 1701 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
1632 }, 1702 },
1633 { 1703 {
1704 "direct packet access: test10 (write invalid)",
1705 .insns = {
1706 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
1707 offsetof(struct __sk_buff, data)),
1708 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
1709 offsetof(struct __sk_buff, data_end)),
1710 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
1711 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
1712 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 2),
1713 BPF_MOV64_IMM(BPF_REG_0, 0),
1714 BPF_EXIT_INSN(),
1715 BPF_STX_MEM(BPF_B, BPF_REG_2, BPF_REG_2, 0),
1716 BPF_MOV64_IMM(BPF_REG_0, 0),
1717 BPF_EXIT_INSN(),
1718 },
1719 .errstr = "invalid access to packet",
1720 .result = REJECT,
1721 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
1722 },
1723 {
1634 "helper access to packet: test1, valid packet_ptr range", 1724 "helper access to packet: test1, valid packet_ptr range",
1635 .insns = { 1725 .insns = {
1636 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 1726 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
@@ -1736,6 +1826,343 @@ static struct bpf_test tests[] = {
1736 .errstr = "invalid access to packet", 1826 .errstr = "invalid access to packet",
1737 .prog_type = BPF_PROG_TYPE_XDP, 1827 .prog_type = BPF_PROG_TYPE_XDP,
1738 }, 1828 },
1829 {
1830 "helper access to packet: test6, cls valid packet_ptr range",
1831 .insns = {
1832 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
1833 offsetof(struct __sk_buff, data)),
1834 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
1835 offsetof(struct __sk_buff, data_end)),
1836 BPF_MOV64_REG(BPF_REG_1, BPF_REG_2),
1837 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 8),
1838 BPF_JMP_REG(BPF_JGT, BPF_REG_1, BPF_REG_3, 5),
1839 BPF_LD_MAP_FD(BPF_REG_1, 0),
1840 BPF_MOV64_REG(BPF_REG_3, BPF_REG_2),
1841 BPF_MOV64_IMM(BPF_REG_4, 0),
1842 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_update_elem),
1843 BPF_MOV64_IMM(BPF_REG_0, 0),
1844 BPF_EXIT_INSN(),
1845 },
1846 .fixup = {5},
1847 .result = ACCEPT,
1848 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
1849 },
1850 {
1851 "helper access to packet: test7, cls unchecked packet_ptr",
1852 .insns = {
1853 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
1854 offsetof(struct __sk_buff, data)),
1855 BPF_LD_MAP_FD(BPF_REG_1, 0),
1856 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
1857 BPF_MOV64_IMM(BPF_REG_0, 0),
1858 BPF_EXIT_INSN(),
1859 },
1860 .fixup = {1},
1861 .result = REJECT,
1862 .errstr = "invalid access to packet",
1863 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
1864 },
1865 {
1866 "helper access to packet: test8, cls variable add",
1867 .insns = {
1868 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
1869 offsetof(struct __sk_buff, data)),
1870 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
1871 offsetof(struct __sk_buff, data_end)),
1872 BPF_MOV64_REG(BPF_REG_4, BPF_REG_2),
1873 BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, 8),
1874 BPF_JMP_REG(BPF_JGT, BPF_REG_4, BPF_REG_3, 10),
1875 BPF_LDX_MEM(BPF_B, BPF_REG_5, BPF_REG_2, 0),
1876 BPF_MOV64_REG(BPF_REG_4, BPF_REG_2),
1877 BPF_ALU64_REG(BPF_ADD, BPF_REG_4, BPF_REG_5),
1878 BPF_MOV64_REG(BPF_REG_5, BPF_REG_4),
1879 BPF_ALU64_IMM(BPF_ADD, BPF_REG_5, 8),
1880 BPF_JMP_REG(BPF_JGT, BPF_REG_5, BPF_REG_3, 4),
1881 BPF_LD_MAP_FD(BPF_REG_1, 0),
1882 BPF_MOV64_REG(BPF_REG_2, BPF_REG_4),
1883 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
1884 BPF_MOV64_IMM(BPF_REG_0, 0),
1885 BPF_EXIT_INSN(),
1886 },
1887 .fixup = {11},
1888 .result = ACCEPT,
1889 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
1890 },
1891 {
1892 "helper access to packet: test9, cls packet_ptr with bad range",
1893 .insns = {
1894 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
1895 offsetof(struct __sk_buff, data)),
1896 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
1897 offsetof(struct __sk_buff, data_end)),
1898 BPF_MOV64_REG(BPF_REG_4, BPF_REG_2),
1899 BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, 4),
1900 BPF_JMP_REG(BPF_JGT, BPF_REG_4, BPF_REG_3, 2),
1901 BPF_MOV64_IMM(BPF_REG_0, 0),
1902 BPF_EXIT_INSN(),
1903 BPF_LD_MAP_FD(BPF_REG_1, 0),
1904 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
1905 BPF_MOV64_IMM(BPF_REG_0, 0),
1906 BPF_EXIT_INSN(),
1907 },
1908 .fixup = {7},
1909 .result = REJECT,
1910 .errstr = "invalid access to packet",
1911 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
1912 },
1913 {
1914 "helper access to packet: test10, cls packet_ptr with too short range",
1915 .insns = {
1916 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
1917 offsetof(struct __sk_buff, data)),
1918 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
1919 offsetof(struct __sk_buff, data_end)),
1920 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, 1),
1921 BPF_MOV64_REG(BPF_REG_4, BPF_REG_2),
1922 BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, 7),
1923 BPF_JMP_REG(BPF_JGT, BPF_REG_4, BPF_REG_3, 3),
1924 BPF_LD_MAP_FD(BPF_REG_1, 0),
1925 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
1926 BPF_MOV64_IMM(BPF_REG_0, 0),
1927 BPF_EXIT_INSN(),
1928 },
1929 .fixup = {6},
1930 .result = REJECT,
1931 .errstr = "invalid access to packet",
1932 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
1933 },
1934 {
1935 "helper access to packet: test11, cls unsuitable helper 1",
1936 .insns = {
1937 BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1,
1938 offsetof(struct __sk_buff, data)),
1939 BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_1,
1940 offsetof(struct __sk_buff, data_end)),
1941 BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, 1),
1942 BPF_MOV64_REG(BPF_REG_3, BPF_REG_6),
1943 BPF_ALU64_IMM(BPF_ADD, BPF_REG_3, 7),
1944 BPF_JMP_REG(BPF_JGT, BPF_REG_3, BPF_REG_7, 4),
1945 BPF_MOV64_IMM(BPF_REG_2, 0),
1946 BPF_MOV64_IMM(BPF_REG_4, 42),
1947 BPF_MOV64_IMM(BPF_REG_5, 0),
1948 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_skb_store_bytes),
1949 BPF_MOV64_IMM(BPF_REG_0, 0),
1950 BPF_EXIT_INSN(),
1951 },
1952 .result = REJECT,
1953 .errstr = "helper access to the packet",
1954 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
1955 },
1956 {
1957 "helper access to packet: test12, cls unsuitable helper 2",
1958 .insns = {
1959 BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1,
1960 offsetof(struct __sk_buff, data)),
1961 BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_1,
1962 offsetof(struct __sk_buff, data_end)),
1963 BPF_MOV64_REG(BPF_REG_3, BPF_REG_6),
1964 BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, 8),
1965 BPF_JMP_REG(BPF_JGT, BPF_REG_6, BPF_REG_7, 3),
1966 BPF_MOV64_IMM(BPF_REG_2, 0),
1967 BPF_MOV64_IMM(BPF_REG_4, 4),
1968 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_skb_load_bytes),
1969 BPF_MOV64_IMM(BPF_REG_0, 0),
1970 BPF_EXIT_INSN(),
1971 },
1972 .result = REJECT,
1973 .errstr = "helper access to the packet",
1974 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
1975 },
1976 {
1977 "helper access to packet: test13, cls helper ok",
1978 .insns = {
1979 BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1,
1980 offsetof(struct __sk_buff, data)),
1981 BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_1,
1982 offsetof(struct __sk_buff, data_end)),
1983 BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, 1),
1984 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
1985 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 7),
1986 BPF_JMP_REG(BPF_JGT, BPF_REG_1, BPF_REG_7, 6),
1987 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
1988 BPF_MOV64_IMM(BPF_REG_2, 4),
1989 BPF_MOV64_IMM(BPF_REG_3, 0),
1990 BPF_MOV64_IMM(BPF_REG_4, 0),
1991 BPF_MOV64_IMM(BPF_REG_5, 0),
1992 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_csum_diff),
1993 BPF_MOV64_IMM(BPF_REG_0, 0),
1994 BPF_EXIT_INSN(),
1995 },
1996 .result = ACCEPT,
1997 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
1998 },
1999 {
2000 "helper access to packet: test14, cls helper fail sub",
2001 .insns = {
2002 BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1,
2003 offsetof(struct __sk_buff, data)),
2004 BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_1,
2005 offsetof(struct __sk_buff, data_end)),
2006 BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, 1),
2007 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
2008 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 7),
2009 BPF_JMP_REG(BPF_JGT, BPF_REG_1, BPF_REG_7, 6),
2010 BPF_ALU64_IMM(BPF_SUB, BPF_REG_1, 4),
2011 BPF_MOV64_IMM(BPF_REG_2, 4),
2012 BPF_MOV64_IMM(BPF_REG_3, 0),
2013 BPF_MOV64_IMM(BPF_REG_4, 0),
2014 BPF_MOV64_IMM(BPF_REG_5, 0),
2015 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_csum_diff),
2016 BPF_MOV64_IMM(BPF_REG_0, 0),
2017 BPF_EXIT_INSN(),
2018 },
2019 .result = REJECT,
2020 .errstr = "type=inv expected=fp",
2021 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
2022 },
2023 {
2024 "helper access to packet: test15, cls helper fail range 1",
2025 .insns = {
2026 BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1,
2027 offsetof(struct __sk_buff, data)),
2028 BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_1,
2029 offsetof(struct __sk_buff, data_end)),
2030 BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, 1),
2031 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
2032 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 7),
2033 BPF_JMP_REG(BPF_JGT, BPF_REG_1, BPF_REG_7, 6),
2034 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
2035 BPF_MOV64_IMM(BPF_REG_2, 8),
2036 BPF_MOV64_IMM(BPF_REG_3, 0),
2037 BPF_MOV64_IMM(BPF_REG_4, 0),
2038 BPF_MOV64_IMM(BPF_REG_5, 0),
2039 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_csum_diff),
2040 BPF_MOV64_IMM(BPF_REG_0, 0),
2041 BPF_EXIT_INSN(),
2042 },
2043 .result = REJECT,
2044 .errstr = "invalid access to packet",
2045 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
2046 },
2047 {
2048 "helper access to packet: test16, cls helper fail range 2",
2049 .insns = {
2050 BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1,
2051 offsetof(struct __sk_buff, data)),
2052 BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_1,
2053 offsetof(struct __sk_buff, data_end)),
2054 BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, 1),
2055 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
2056 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 7),
2057 BPF_JMP_REG(BPF_JGT, BPF_REG_1, BPF_REG_7, 6),
2058 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
2059 BPF_MOV64_IMM(BPF_REG_2, -9),
2060 BPF_MOV64_IMM(BPF_REG_3, 0),
2061 BPF_MOV64_IMM(BPF_REG_4, 0),
2062 BPF_MOV64_IMM(BPF_REG_5, 0),
2063 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_csum_diff),
2064 BPF_MOV64_IMM(BPF_REG_0, 0),
2065 BPF_EXIT_INSN(),
2066 },
2067 .result = REJECT,
2068 .errstr = "invalid access to packet",
2069 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
2070 },
2071 {
2072 "helper access to packet: test17, cls helper fail range 3",
2073 .insns = {
2074 BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1,
2075 offsetof(struct __sk_buff, data)),
2076 BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_1,
2077 offsetof(struct __sk_buff, data_end)),
2078 BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, 1),
2079 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
2080 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 7),
2081 BPF_JMP_REG(BPF_JGT, BPF_REG_1, BPF_REG_7, 6),
2082 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
2083 BPF_MOV64_IMM(BPF_REG_2, ~0),
2084 BPF_MOV64_IMM(BPF_REG_3, 0),
2085 BPF_MOV64_IMM(BPF_REG_4, 0),
2086 BPF_MOV64_IMM(BPF_REG_5, 0),
2087 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_csum_diff),
2088 BPF_MOV64_IMM(BPF_REG_0, 0),
2089 BPF_EXIT_INSN(),
2090 },
2091 .result = REJECT,
2092 .errstr = "invalid access to packet",
2093 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
2094 },
2095 {
2096 "helper access to packet: test18, cls helper fail range zero",
2097 .insns = {
2098 BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1,
2099 offsetof(struct __sk_buff, data)),
2100 BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_1,
2101 offsetof(struct __sk_buff, data_end)),
2102 BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, 1),
2103 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
2104 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 7),
2105 BPF_JMP_REG(BPF_JGT, BPF_REG_1, BPF_REG_7, 6),
2106 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
2107 BPF_MOV64_IMM(BPF_REG_2, 0),
2108 BPF_MOV64_IMM(BPF_REG_3, 0),
2109 BPF_MOV64_IMM(BPF_REG_4, 0),
2110 BPF_MOV64_IMM(BPF_REG_5, 0),
2111 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_csum_diff),
2112 BPF_MOV64_IMM(BPF_REG_0, 0),
2113 BPF_EXIT_INSN(),
2114 },
2115 .result = REJECT,
2116 .errstr = "invalid access to packet",
2117 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
2118 },
2119 {
2120 "helper access to packet: test19, pkt end as input",
2121 .insns = {
2122 BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1,
2123 offsetof(struct __sk_buff, data)),
2124 BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_1,
2125 offsetof(struct __sk_buff, data_end)),
2126 BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, 1),
2127 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
2128 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 7),
2129 BPF_JMP_REG(BPF_JGT, BPF_REG_1, BPF_REG_7, 6),
2130 BPF_MOV64_REG(BPF_REG_1, BPF_REG_7),
2131 BPF_MOV64_IMM(BPF_REG_2, 4),
2132 BPF_MOV64_IMM(BPF_REG_3, 0),
2133 BPF_MOV64_IMM(BPF_REG_4, 0),
2134 BPF_MOV64_IMM(BPF_REG_5, 0),
2135 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_csum_diff),
2136 BPF_MOV64_IMM(BPF_REG_0, 0),
2137 BPF_EXIT_INSN(),
2138 },
2139 .result = REJECT,
2140 .errstr = "R1 type=pkt_end expected=fp",
2141 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
2142 },
2143 {
2144 "helper access to packet: test20, wrong reg",
2145 .insns = {
2146 BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1,
2147 offsetof(struct __sk_buff, data)),
2148 BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_1,
2149 offsetof(struct __sk_buff, data_end)),
2150 BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, 1),
2151 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
2152 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 7),
2153 BPF_JMP_REG(BPF_JGT, BPF_REG_1, BPF_REG_7, 6),
2154 BPF_MOV64_IMM(BPF_REG_2, 4),
2155 BPF_MOV64_IMM(BPF_REG_3, 0),
2156 BPF_MOV64_IMM(BPF_REG_4, 0),
2157 BPF_MOV64_IMM(BPF_REG_5, 0),
2158 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_csum_diff),
2159 BPF_MOV64_IMM(BPF_REG_0, 0),
2160 BPF_EXIT_INSN(),
2161 },
2162 .result = REJECT,
2163 .errstr = "invalid access to packet",
2164 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
2165 },
1739}; 2166};
1740 2167
1741static int probe_filter_length(struct bpf_insn *fp) 2168static int probe_filter_length(struct bpf_insn *fp)
generated by cgit v1.2.2 (git 2.25.0) at 2026-05-14 11:49:08 -0400