-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
selftests/bpf: Add verifier tests for bpf_sk_lookup context access
Exercise verifier access checks for bpf_sk_lookup context fields. Signed-off-by: Jakub Sitnicki <jakub@cloudflare.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Link: https://lore.kernel.org/bpf/20200717103536.397595-15-jakub@cloudflare.com
- Loading branch information
Jakub Sitnicki
authored and
Alexei Starovoitov
committed
Jul 18, 2020
1 parent
93a3545
commit f7726cb
Showing
1 changed file
with
492 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,492 @@ | ||
{ | ||
"valid 1,2,4,8-byte reads from bpf_sk_lookup", | ||
.insns = { | ||
/* 1-byte read from family field */ | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, family)), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, family) + 1), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, family) + 2), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, family) + 3), | ||
/* 2-byte read from family field */ | ||
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, family)), | ||
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, family) + 2), | ||
/* 4-byte read from family field */ | ||
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, family)), | ||
|
||
/* 1-byte read from protocol field */ | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, protocol)), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, protocol) + 1), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, protocol) + 2), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, protocol) + 3), | ||
/* 2-byte read from protocol field */ | ||
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, protocol)), | ||
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, protocol) + 2), | ||
/* 4-byte read from protocol field */ | ||
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, protocol)), | ||
|
||
/* 1-byte read from remote_ip4 field */ | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip4)), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip4) + 1), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip4) + 2), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip4) + 3), | ||
/* 2-byte read from remote_ip4 field */ | ||
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip4)), | ||
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip4) + 2), | ||
/* 4-byte read from remote_ip4 field */ | ||
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip4)), | ||
|
||
/* 1-byte read from remote_ip6 field */ | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip6)), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip6) + 1), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip6) + 2), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip6) + 3), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip6) + 4), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip6) + 5), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip6) + 6), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip6) + 7), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip6) + 8), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip6) + 9), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip6) + 10), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip6) + 11), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip6) + 12), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip6) + 13), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip6) + 14), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip6) + 15), | ||
/* 2-byte read from remote_ip6 field */ | ||
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip6)), | ||
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip6) + 2), | ||
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip6) + 4), | ||
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip6) + 6), | ||
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip6) + 8), | ||
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip6) + 10), | ||
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip6) + 12), | ||
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip6) + 14), | ||
/* 4-byte read from remote_ip6 field */ | ||
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip6)), | ||
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip6) + 4), | ||
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip6) + 8), | ||
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip6) + 12), | ||
|
||
/* 1-byte read from remote_port field */ | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_port)), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_port) + 1), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_port) + 2), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_port) + 3), | ||
/* 2-byte read from remote_port field */ | ||
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_port)), | ||
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_port) + 2), | ||
/* 4-byte read from remote_port field */ | ||
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_port)), | ||
|
||
/* 1-byte read from local_ip4 field */ | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip4)), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip4) + 1), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip4) + 2), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip4) + 3), | ||
/* 2-byte read from local_ip4 field */ | ||
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip4)), | ||
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip4) + 2), | ||
/* 4-byte read from local_ip4 field */ | ||
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip4)), | ||
|
||
/* 1-byte read from local_ip6 field */ | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip6)), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip6) + 1), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip6) + 2), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip6) + 3), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip6) + 4), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip6) + 5), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip6) + 6), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip6) + 7), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip6) + 8), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip6) + 9), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip6) + 10), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip6) + 11), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip6) + 12), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip6) + 13), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip6) + 14), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip6) + 15), | ||
/* 2-byte read from local_ip6 field */ | ||
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip6)), | ||
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip6) + 2), | ||
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip6) + 4), | ||
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip6) + 6), | ||
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip6) + 8), | ||
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip6) + 10), | ||
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip6) + 12), | ||
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip6) + 14), | ||
/* 4-byte read from local_ip6 field */ | ||
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip6)), | ||
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip6) + 4), | ||
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip6) + 8), | ||
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip6) + 12), | ||
|
||
/* 1-byte read from local_port field */ | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_port)), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_port) + 1), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_port) + 2), | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_port) + 3), | ||
/* 2-byte read from local_port field */ | ||
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_port)), | ||
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_port) + 2), | ||
/* 4-byte read from local_port field */ | ||
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_port)), | ||
|
||
/* 8-byte read from sk field */ | ||
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, sk)), | ||
|
||
BPF_MOV32_IMM(BPF_REG_0, 0), | ||
BPF_EXIT_INSN(), | ||
}, | ||
.result = ACCEPT, | ||
.prog_type = BPF_PROG_TYPE_SK_LOOKUP, | ||
.expected_attach_type = BPF_SK_LOOKUP, | ||
}, | ||
/* invalid 8-byte reads from a 4-byte fields in bpf_sk_lookup */ | ||
{ | ||
"invalid 8-byte read from bpf_sk_lookup family field", | ||
.insns = { | ||
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, family)), | ||
BPF_MOV32_IMM(BPF_REG_0, 0), | ||
BPF_EXIT_INSN(), | ||
}, | ||
.errstr = "invalid bpf_context access", | ||
.result = REJECT, | ||
.prog_type = BPF_PROG_TYPE_SK_LOOKUP, | ||
.expected_attach_type = BPF_SK_LOOKUP, | ||
}, | ||
{ | ||
"invalid 8-byte read from bpf_sk_lookup protocol field", | ||
.insns = { | ||
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, protocol)), | ||
BPF_MOV32_IMM(BPF_REG_0, 0), | ||
BPF_EXIT_INSN(), | ||
}, | ||
.errstr = "invalid bpf_context access", | ||
.result = REJECT, | ||
.prog_type = BPF_PROG_TYPE_SK_LOOKUP, | ||
.expected_attach_type = BPF_SK_LOOKUP, | ||
}, | ||
{ | ||
"invalid 8-byte read from bpf_sk_lookup remote_ip4 field", | ||
.insns = { | ||
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip4)), | ||
BPF_MOV32_IMM(BPF_REG_0, 0), | ||
BPF_EXIT_INSN(), | ||
}, | ||
.errstr = "invalid bpf_context access", | ||
.result = REJECT, | ||
.prog_type = BPF_PROG_TYPE_SK_LOOKUP, | ||
.expected_attach_type = BPF_SK_LOOKUP, | ||
}, | ||
{ | ||
"invalid 8-byte read from bpf_sk_lookup remote_ip6 field", | ||
.insns = { | ||
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_ip6)), | ||
BPF_MOV32_IMM(BPF_REG_0, 0), | ||
BPF_EXIT_INSN(), | ||
}, | ||
.errstr = "invalid bpf_context access", | ||
.result = REJECT, | ||
.prog_type = BPF_PROG_TYPE_SK_LOOKUP, | ||
.expected_attach_type = BPF_SK_LOOKUP, | ||
}, | ||
{ | ||
"invalid 8-byte read from bpf_sk_lookup remote_port field", | ||
.insns = { | ||
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, remote_port)), | ||
BPF_MOV32_IMM(BPF_REG_0, 0), | ||
BPF_EXIT_INSN(), | ||
}, | ||
.errstr = "invalid bpf_context access", | ||
.result = REJECT, | ||
.prog_type = BPF_PROG_TYPE_SK_LOOKUP, | ||
.expected_attach_type = BPF_SK_LOOKUP, | ||
}, | ||
{ | ||
"invalid 8-byte read from bpf_sk_lookup local_ip4 field", | ||
.insns = { | ||
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip4)), | ||
BPF_MOV32_IMM(BPF_REG_0, 0), | ||
BPF_EXIT_INSN(), | ||
}, | ||
.errstr = "invalid bpf_context access", | ||
.result = REJECT, | ||
.prog_type = BPF_PROG_TYPE_SK_LOOKUP, | ||
.expected_attach_type = BPF_SK_LOOKUP, | ||
}, | ||
{ | ||
"invalid 8-byte read from bpf_sk_lookup local_ip6 field", | ||
.insns = { | ||
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_ip6)), | ||
BPF_MOV32_IMM(BPF_REG_0, 0), | ||
BPF_EXIT_INSN(), | ||
}, | ||
.errstr = "invalid bpf_context access", | ||
.result = REJECT, | ||
.prog_type = BPF_PROG_TYPE_SK_LOOKUP, | ||
.expected_attach_type = BPF_SK_LOOKUP, | ||
}, | ||
{ | ||
"invalid 8-byte read from bpf_sk_lookup local_port field", | ||
.insns = { | ||
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, local_port)), | ||
BPF_MOV32_IMM(BPF_REG_0, 0), | ||
BPF_EXIT_INSN(), | ||
}, | ||
.errstr = "invalid bpf_context access", | ||
.result = REJECT, | ||
.prog_type = BPF_PROG_TYPE_SK_LOOKUP, | ||
.expected_attach_type = BPF_SK_LOOKUP, | ||
}, | ||
/* invalid 1,2,4-byte reads from 8-byte fields in bpf_sk_lookup */ | ||
{ | ||
"invalid 4-byte read from bpf_sk_lookup sk field", | ||
.insns = { | ||
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, sk)), | ||
BPF_MOV32_IMM(BPF_REG_0, 0), | ||
BPF_EXIT_INSN(), | ||
}, | ||
.errstr = "invalid bpf_context access", | ||
.result = REJECT, | ||
.prog_type = BPF_PROG_TYPE_SK_LOOKUP, | ||
.expected_attach_type = BPF_SK_LOOKUP, | ||
}, | ||
{ | ||
"invalid 2-byte read from bpf_sk_lookup sk field", | ||
.insns = { | ||
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, sk)), | ||
BPF_MOV32_IMM(BPF_REG_0, 0), | ||
BPF_EXIT_INSN(), | ||
}, | ||
.errstr = "invalid bpf_context access", | ||
.result = REJECT, | ||
.prog_type = BPF_PROG_TYPE_SK_LOOKUP, | ||
.expected_attach_type = BPF_SK_LOOKUP, | ||
}, | ||
{ | ||
"invalid 1-byte read from bpf_sk_lookup sk field", | ||
.insns = { | ||
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, | ||
offsetof(struct bpf_sk_lookup, sk)), | ||
BPF_MOV32_IMM(BPF_REG_0, 0), | ||
BPF_EXIT_INSN(), | ||
}, | ||
.errstr = "invalid bpf_context access", | ||
.result = REJECT, | ||
.prog_type = BPF_PROG_TYPE_SK_LOOKUP, | ||
.expected_attach_type = BPF_SK_LOOKUP, | ||
}, | ||
/* out of bounds and unaligned reads from bpf_sk_lookup */ | ||
{ | ||
"invalid 4-byte read past end of bpf_sk_lookup", | ||
.insns = { | ||
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, | ||
sizeof(struct bpf_sk_lookup)), | ||
BPF_MOV32_IMM(BPF_REG_0, 0), | ||
BPF_EXIT_INSN(), | ||
}, | ||
.errstr = "invalid bpf_context access", | ||
.result = REJECT, | ||
.prog_type = BPF_PROG_TYPE_SK_LOOKUP, | ||
.expected_attach_type = BPF_SK_LOOKUP, | ||
}, | ||
{ | ||
"invalid 4-byte unaligned read from bpf_sk_lookup at odd offset", | ||
.insns = { | ||
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 1), | ||
BPF_MOV32_IMM(BPF_REG_0, 0), | ||
BPF_EXIT_INSN(), | ||
}, | ||
.errstr = "invalid bpf_context access", | ||
.result = REJECT, | ||
.prog_type = BPF_PROG_TYPE_SK_LOOKUP, | ||
.expected_attach_type = BPF_SK_LOOKUP, | ||
}, | ||
{ | ||
"invalid 4-byte unaligned read from bpf_sk_lookup at even offset", | ||
.insns = { | ||
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 2), | ||
BPF_MOV32_IMM(BPF_REG_0, 0), | ||
BPF_EXIT_INSN(), | ||
}, | ||
.errstr = "invalid bpf_context access", | ||
.result = REJECT, | ||
.prog_type = BPF_PROG_TYPE_SK_LOOKUP, | ||
.expected_attach_type = BPF_SK_LOOKUP, | ||
}, | ||
/* in-bound and out-of-bound writes to bpf_sk_lookup */ | ||
{ | ||
"invalid 8-byte write to bpf_sk_lookup", | ||
.insns = { | ||
BPF_MOV64_IMM(BPF_REG_0, 0xcafe4a11U), | ||
BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 0), | ||
BPF_MOV32_IMM(BPF_REG_0, 0), | ||
BPF_EXIT_INSN(), | ||
}, | ||
.errstr = "invalid bpf_context access", | ||
.result = REJECT, | ||
.prog_type = BPF_PROG_TYPE_SK_LOOKUP, | ||
.expected_attach_type = BPF_SK_LOOKUP, | ||
}, | ||
{ | ||
"invalid 4-byte write to bpf_sk_lookup", | ||
.insns = { | ||
BPF_MOV64_IMM(BPF_REG_0, 0xcafe4a11U), | ||
BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 0), | ||
BPF_MOV32_IMM(BPF_REG_0, 0), | ||
BPF_EXIT_INSN(), | ||
}, | ||
.errstr = "invalid bpf_context access", | ||
.result = REJECT, | ||
.prog_type = BPF_PROG_TYPE_SK_LOOKUP, | ||
.expected_attach_type = BPF_SK_LOOKUP, | ||
}, | ||
{ | ||
"invalid 2-byte write to bpf_sk_lookup", | ||
.insns = { | ||
BPF_MOV64_IMM(BPF_REG_0, 0xcafe4a11U), | ||
BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0, 0), | ||
BPF_MOV32_IMM(BPF_REG_0, 0), | ||
BPF_EXIT_INSN(), | ||
}, | ||
.errstr = "invalid bpf_context access", | ||
.result = REJECT, | ||
.prog_type = BPF_PROG_TYPE_SK_LOOKUP, | ||
.expected_attach_type = BPF_SK_LOOKUP, | ||
}, | ||
{ | ||
"invalid 1-byte write to bpf_sk_lookup", | ||
.insns = { | ||
BPF_MOV64_IMM(BPF_REG_0, 0xcafe4a11U), | ||
BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 0), | ||
BPF_MOV32_IMM(BPF_REG_0, 0), | ||
BPF_EXIT_INSN(), | ||
}, | ||
.errstr = "invalid bpf_context access", | ||
.result = REJECT, | ||
.prog_type = BPF_PROG_TYPE_SK_LOOKUP, | ||
.expected_attach_type = BPF_SK_LOOKUP, | ||
}, | ||
{ | ||
"invalid 4-byte write past end of bpf_sk_lookup", | ||
.insns = { | ||
BPF_MOV64_IMM(BPF_REG_0, 0xcafe4a11U), | ||
BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, | ||
sizeof(struct bpf_sk_lookup)), | ||
BPF_MOV32_IMM(BPF_REG_0, 0), | ||
BPF_EXIT_INSN(), | ||
}, | ||
.errstr = "invalid bpf_context access", | ||
.result = REJECT, | ||
.prog_type = BPF_PROG_TYPE_SK_LOOKUP, | ||
.expected_attach_type = BPF_SK_LOOKUP, | ||
}, |