1 { 2 "valid access family in SK_MSG", 3 .insns = { 4 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 5 offsetof(struct sk_msg_md, family)), 6 BPF_EXIT_INSN(), 7 }, 8 .result = ACCEPT, 9 .prog_type = BPF_PROG_TYPE_SK_MSG, 10 }, 11 { 12 "valid access remote_ip4 in SK_MSG", 13 .insns = { 14 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 15 offsetof(struct sk_msg_md, remote_ip4)), 16 BPF_EXIT_INSN(), 17 }, 18 .result = ACCEPT, 19 .prog_type = BPF_PROG_TYPE_SK_MSG, 20 }, 21 { 22 "valid access local_ip4 in SK_MSG", 23 .insns = { 24 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 25 offsetof(struct sk_msg_md, local_ip4)), 26 BPF_EXIT_INSN(), 27 }, 28 .result = ACCEPT, 29 .prog_type = BPF_PROG_TYPE_SK_MSG, 30 }, 31 { 32 "valid access remote_port in SK_MSG", 33 .insns = { 34 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 35 offsetof(struct sk_msg_md, remote_port)), 36 BPF_EXIT_INSN(), 37 }, 38 .result = ACCEPT, 39 .prog_type = BPF_PROG_TYPE_SK_MSG, 40 }, 41 { 42 "valid access local_port in SK_MSG", 43 .insns = { 44 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 45 offsetof(struct sk_msg_md, local_port)), 46 BPF_EXIT_INSN(), 47 }, 48 .result = ACCEPT, 49 .prog_type = BPF_PROG_TYPE_SK_MSG, 50 }, 51 { 52 "valid access remote_ip6 in SK_MSG", 53 .insns = { 54 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 55 offsetof(struct sk_msg_md, remote_ip6[0])), 56 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 57 offsetof(struct sk_msg_md, remote_ip6[1])), 58 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 59 offsetof(struct sk_msg_md, remote_ip6[2])), 60 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 61 offsetof(struct sk_msg_md, remote_ip6[3])), 62 BPF_EXIT_INSN(), 63 }, 64 .result = ACCEPT, 65 .prog_type = BPF_PROG_TYPE_SK_SKB, 66 }, 67 { 68 "valid access local_ip6 in SK_MSG", 69 .insns = { 70 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 71 offsetof(struct sk_msg_md, local_ip6[0])), 72 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 73 offsetof(struct sk_msg_md, local_ip6[1])), 74 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 75 offsetof(struct sk_msg_md, local_ip6[2])), 76 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 77 offsetof(struct sk_msg_md, local_ip6[3])), 78 BPF_EXIT_INSN(), 79 }, 80 .result = ACCEPT, 81 .prog_type = BPF_PROG_TYPE_SK_SKB, 82 }, 83 { 84 "valid access size in SK_MSG", 85 .insns = { 86 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 87 offsetof(struct sk_msg_md, size)), 88 BPF_EXIT_INSN(), 89 }, 90 .result = ACCEPT, 91 .prog_type = BPF_PROG_TYPE_SK_MSG, 92 }, 93 { 94 "invalid 64B read of size in SK_MSG", 95 .insns = { 96 BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, 97 offsetof(struct sk_msg_md, size)), 98 BPF_EXIT_INSN(), 99 }, 100 .errstr = "invalid bpf_context access", 101 .result = REJECT, 102 .prog_type = BPF_PROG_TYPE_SK_MSG, 103 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 104 }, 105 { 106 "invalid read past end of SK_MSG", 107 .insns = { 108 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 109 offsetof(struct sk_msg_md, size) + 4), 110 BPF_EXIT_INSN(), 111 }, 112 .errstr = "invalid bpf_context access", 113 .result = REJECT, 114 .prog_type = BPF_PROG_TYPE_SK_MSG, 115 }, 116 { 117 "invalid read offset in SK_MSG", 118 .insns = { 119 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 120 offsetof(struct sk_msg_md, family) + 1), 121 BPF_EXIT_INSN(), 122 }, 123 .errstr = "invalid bpf_context access", 124 .result = REJECT, 125 .prog_type = BPF_PROG_TYPE_SK_MSG, 126 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 127 }, 128 { 129 "direct packet read for SK_MSG", 130 .insns = { 131 BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, 132 offsetof(struct sk_msg_md, data)), 133 BPF_LDX_MEM(BPF_DW, BPF_REG_3, BPF_REG_1, 134 offsetof(struct sk_msg_md, data_end)), 135 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 136 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 137 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1), 138 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0), 139 BPF_MOV64_IMM(BPF_REG_0, 0), 140 BPF_EXIT_INSN(), 141 }, 142 .result = ACCEPT, 143 .prog_type = BPF_PROG_TYPE_SK_MSG, 144 }, 145 { 146 "direct packet write for SK_MSG", 147 .insns = { 148 BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, 149 offsetof(struct sk_msg_md, data)), 150 BPF_LDX_MEM(BPF_DW, BPF_REG_3, BPF_REG_1, 151 offsetof(struct sk_msg_md, data_end)), 152 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 153 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 154 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1), 155 BPF_STX_MEM(BPF_B, BPF_REG_2, BPF_REG_2, 0), 156 BPF_MOV64_IMM(BPF_REG_0, 0), 157 BPF_EXIT_INSN(), 158 }, 159 .result = ACCEPT, 160 .prog_type = BPF_PROG_TYPE_SK_MSG, 161 }, 162 { 163 "overlapping checks for direct packet access SK_MSG", 164 .insns = { 165 BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, 166 offsetof(struct sk_msg_md, data)), 167 BPF_LDX_MEM(BPF_DW, BPF_REG_3, BPF_REG_1, 168 offsetof(struct sk_msg_md, data_end)), 169 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 170 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 171 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 4), 172 BPF_MOV64_REG(BPF_REG_1, BPF_REG_2), 173 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 6), 174 BPF_JMP_REG(BPF_JGT, BPF_REG_1, BPF_REG_3, 1), 175 BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_2, 6), 176 BPF_MOV64_IMM(BPF_REG_0, 0), 177 BPF_EXIT_INSN(), 178 }, 179 .result = ACCEPT, 180 .prog_type = BPF_PROG_TYPE_SK_MSG, 181 }, 182