]> git.ipfire.org Git - thirdparty/kernel/stable.git/blob - tools/testing/selftests/bpf/verifier/sock.c
projects / thirdparty / kernel / stable.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
gpu: host1x: Fix compile error when IOMMU API is not available
[thirdparty/kernel/stable.git] / tools / testing / selftests / bpf / verifier / sock.c
1 {
2 "skb->sk: no NULL check",
3 .insns = {
4 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
5 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 0),
6 BPF_MOV64_IMM(BPF_REG_0, 0),
7 BPF_EXIT_INSN(),
8 },
9 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
10 .result = REJECT,
11 .errstr = "invalid mem access 'sock_common_or_null'",
12 },
13 {
14 "skb->sk: sk->family [non fullsock field]",
15 .insns = {
16 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
17 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
18 BPF_MOV64_IMM(BPF_REG_0, 0),
19 BPF_EXIT_INSN(),
20 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, offsetof(struct bpf_sock, family)),
21 BPF_MOV64_IMM(BPF_REG_0, 0),
22 BPF_EXIT_INSN(),
23 },
24 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
25 .result = ACCEPT,
26 },
27 {
28 "skb->sk: sk->type [fullsock field]",
29 .insns = {
30 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
31 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
32 BPF_MOV64_IMM(BPF_REG_0, 0),
33 BPF_EXIT_INSN(),
34 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, offsetof(struct bpf_sock, type)),
35 BPF_MOV64_IMM(BPF_REG_0, 0),
36 BPF_EXIT_INSN(),
37 },
38 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
39 .result = REJECT,
40 .errstr = "invalid sock_common access",
41 },
42 {
43 "bpf_sk_fullsock(skb->sk): no !skb->sk check",
44 .insns = {
45 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
46 BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
47 BPF_MOV64_IMM(BPF_REG_0, 0),
48 BPF_EXIT_INSN(),
49 },
50 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
51 .result = REJECT,
52 .errstr = "type=sock_common_or_null expected=sock_common",
53 },
54 {
55 "sk_fullsock(skb->sk): no NULL check on ret",
56 .insns = {
57 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
58 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
59 BPF_MOV64_IMM(BPF_REG_0, 0),
60 BPF_EXIT_INSN(),
61 BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
62 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, type)),
63 BPF_MOV64_IMM(BPF_REG_0, 0),
64 BPF_EXIT_INSN(),
65 },
66 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
67 .result = REJECT,
68 .errstr = "invalid mem access 'sock_or_null'",
69 },
70 {
71 "sk_fullsock(skb->sk): sk->type [fullsock field]",
72 .insns = {
73 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
74 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
75 BPF_MOV64_IMM(BPF_REG_0, 0),
76 BPF_EXIT_INSN(),
77 BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
78 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2),
79 BPF_MOV64_IMM(BPF_REG_0, 0),
80 BPF_EXIT_INSN(),
81 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, type)),
82 BPF_MOV64_IMM(BPF_REG_0, 0),
83 BPF_EXIT_INSN(),
84 },
85 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
86 .result = ACCEPT,
87 },
88 {
89 "sk_fullsock(skb->sk): sk->family [non fullsock field]",
90 .insns = {
91 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
92 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
93 BPF_MOV64_IMM(BPF_REG_0, 0),
94 BPF_EXIT_INSN(),
95 BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
96 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
97 BPF_EXIT_INSN(),
98 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, family)),
99 BPF_MOV64_IMM(BPF_REG_0, 0),
100 BPF_EXIT_INSN(),
101 },
102 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
103 .result = ACCEPT,
104 },
105 {
106 "sk_fullsock(skb->sk): sk->state [narrow load]",
107 .insns = {
108 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
109 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
110 BPF_MOV64_IMM(BPF_REG_0, 0),
111 BPF_EXIT_INSN(),
112 BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
113 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2),
114 BPF_MOV64_IMM(BPF_REG_0, 0),
115 BPF_EXIT_INSN(),
116 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, state)),
117 BPF_MOV64_IMM(BPF_REG_0, 0),
118 BPF_EXIT_INSN(),
119 },
120 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
121 .result = ACCEPT,
122 },
123 {
124 "sk_fullsock(skb->sk): sk->dst_port [narrow load]",
125 .insns = {
126 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
127 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
128 BPF_MOV64_IMM(BPF_REG_0, 0),
129 BPF_EXIT_INSN(),
130 BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
131 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2),
132 BPF_MOV64_IMM(BPF_REG_0, 0),
133 BPF_EXIT_INSN(),
134 BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, dst_port)),
135 BPF_MOV64_IMM(BPF_REG_0, 0),
136 BPF_EXIT_INSN(),
137 },
138 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
139 .result = ACCEPT,
140 },
141 {
142 "sk_fullsock(skb->sk): sk->dst_port [load 2nd byte]",
143 .insns = {
144 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
145 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
146 BPF_MOV64_IMM(BPF_REG_0, 0),
147 BPF_EXIT_INSN(),
148 BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
149 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2),
150 BPF_MOV64_IMM(BPF_REG_0, 0),
151 BPF_EXIT_INSN(),
152 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, dst_port) + 1),
153 BPF_MOV64_IMM(BPF_REG_0, 0),
154 BPF_EXIT_INSN(),
155 },
156 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
157 .result = REJECT,
158 .errstr = "invalid sock access",
159 },
160 {
161 "sk_fullsock(skb->sk): sk->dst_ip6 [load 2nd byte]",
162 .insns = {
163 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
164 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
165 BPF_MOV64_IMM(BPF_REG_0, 0),
166 BPF_EXIT_INSN(),
167 BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
168 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2),
169 BPF_MOV64_IMM(BPF_REG_0, 0),
170 BPF_EXIT_INSN(),
171 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, dst_ip6[0]) + 1),
172 BPF_MOV64_IMM(BPF_REG_0, 0),
173 BPF_EXIT_INSN(),
174 },
175 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
176 .result = ACCEPT,
177 },
178 {
179 "sk_fullsock(skb->sk): sk->type [narrow load]",
180 .insns = {
181 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
182 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
183 BPF_MOV64_IMM(BPF_REG_0, 0),
184 BPF_EXIT_INSN(),
185 BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
186 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2),
187 BPF_MOV64_IMM(BPF_REG_0, 0),
188 BPF_EXIT_INSN(),
189 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, type)),
190 BPF_MOV64_IMM(BPF_REG_0, 0),
191 BPF_EXIT_INSN(),
192 },
193 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
194 .result = ACCEPT,
195 },
196 {
197 "sk_fullsock(skb->sk): sk->protocol [narrow load]",
198 .insns = {
199 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
200 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
201 BPF_MOV64_IMM(BPF_REG_0, 0),
202 BPF_EXIT_INSN(),
203 BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
204 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2),
205 BPF_MOV64_IMM(BPF_REG_0, 0),
206 BPF_EXIT_INSN(),
207 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, protocol)),
208 BPF_MOV64_IMM(BPF_REG_0, 0),
209 BPF_EXIT_INSN(),
210 },
211 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
212 .result = ACCEPT,
213 },
214 {
215 "sk_fullsock(skb->sk): beyond last field",
216 .insns = {
217 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
218 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
219 BPF_MOV64_IMM(BPF_REG_0, 0),
220 BPF_EXIT_INSN(),
221 BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
222 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2),
223 BPF_MOV64_IMM(BPF_REG_0, 0),
224 BPF_EXIT_INSN(),
225 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetofend(struct bpf_sock, state)),
226 BPF_MOV64_IMM(BPF_REG_0, 0),
227 BPF_EXIT_INSN(),
228 },
229 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
230 .result = REJECT,
231 .errstr = "invalid sock access",
232 },
233 {
234 "bpf_tcp_sock(skb->sk): no !skb->sk check",
235 .insns = {
236 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
237 BPF_EMIT_CALL(BPF_FUNC_tcp_sock),
238 BPF_MOV64_IMM(BPF_REG_0, 0),
239 BPF_EXIT_INSN(),
240 },
241 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
242 .result = REJECT,
243 .errstr = "type=sock_common_or_null expected=sock_common",
244 },
245 {
246 "bpf_tcp_sock(skb->sk): no NULL check on ret",
247 .insns = {
248 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
249 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
250 BPF_MOV64_IMM(BPF_REG_0, 0),
251 BPF_EXIT_INSN(),
252 BPF_EMIT_CALL(BPF_FUNC_tcp_sock),
253 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_tcp_sock, snd_cwnd)),
254 BPF_MOV64_IMM(BPF_REG_0, 0),
255 BPF_EXIT_INSN(),
256 },
257 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
258 .result = REJECT,
259 .errstr = "invalid mem access 'tcp_sock_or_null'",
260 },
261 {
262 "bpf_tcp_sock(skb->sk): tp->snd_cwnd",
263 .insns = {
264 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
265 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
266 BPF_MOV64_IMM(BPF_REG_0, 0),
267 BPF_EXIT_INSN(),
268 BPF_EMIT_CALL(BPF_FUNC_tcp_sock),
269 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
270 BPF_EXIT_INSN(),
271 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_tcp_sock, snd_cwnd)),
272 BPF_MOV64_IMM(BPF_REG_0, 0),
273 BPF_EXIT_INSN(),
274 },
275 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
276 .result = ACCEPT,
277 },
278 {
279 "bpf_tcp_sock(skb->sk): tp->bytes_acked",
280 .insns = {
281 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
282 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
283 BPF_MOV64_IMM(BPF_REG_0, 0),
284 BPF_EXIT_INSN(),
285 BPF_EMIT_CALL(BPF_FUNC_tcp_sock),
286 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
287 BPF_EXIT_INSN(),
288 BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_tcp_sock, bytes_acked)),
289 BPF_MOV64_IMM(BPF_REG_0, 0),
290 BPF_EXIT_INSN(),
291 },
292 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
293 .result = ACCEPT,
294 },
295 {
296 "bpf_tcp_sock(skb->sk): beyond last field",
297 .insns = {
298 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
299 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
300 BPF_MOV64_IMM(BPF_REG_0, 0),
301 BPF_EXIT_INSN(),
302 BPF_EMIT_CALL(BPF_FUNC_tcp_sock),
303 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
304 BPF_EXIT_INSN(),
305 BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, offsetofend(struct bpf_tcp_sock, bytes_acked)),
306 BPF_MOV64_IMM(BPF_REG_0, 0),
307 BPF_EXIT_INSN(),
308 },
309 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
310 .result = REJECT,
311 .errstr = "invalid tcp_sock access",
312 },
313 {
314 "bpf_tcp_sock(bpf_sk_fullsock(skb->sk)): tp->snd_cwnd",
315 .insns = {
316 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
317 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
318 BPF_MOV64_IMM(BPF_REG_0, 0),
319 BPF_EXIT_INSN(),
320 BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
321 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
322 BPF_EXIT_INSN(),
323 BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
324 BPF_EMIT_CALL(BPF_FUNC_tcp_sock),
325 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
326 BPF_EXIT_INSN(),
327 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_tcp_sock, snd_cwnd)),
328 BPF_MOV64_IMM(BPF_REG_0, 0),
329 BPF_EXIT_INSN(),
330 },
331 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
332 .result = ACCEPT,
333 },
334 {
335 "bpf_sk_release(skb->sk)",
336 .insns = {
337 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
338 BPF_JMP_IMM(BPF_JEQ, BPF_REG_1, 0, 1),
339 BPF_EMIT_CALL(BPF_FUNC_sk_release),
340 BPF_MOV64_IMM(BPF_REG_0, 0),
341 BPF_EXIT_INSN(),
342 },
343 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
344 .result = REJECT,
345 .errstr = "type=sock_common expected=sock",
346 },
347 {
348 "bpf_sk_release(bpf_sk_fullsock(skb->sk))",
349 .insns = {
350 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
351 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
352 BPF_MOV64_IMM(BPF_REG_0, 0),
353 BPF_EXIT_INSN(),
354 BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
355 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
356 BPF_EXIT_INSN(),
357 BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
358 BPF_EMIT_CALL(BPF_FUNC_sk_release),
359 BPF_MOV64_IMM(BPF_REG_0, 1),
360 BPF_EXIT_INSN(),
361 },
362 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
363 .result = REJECT,
364 .errstr = "reference has not been acquired before",
365 },
366 {
367 "bpf_sk_release(bpf_tcp_sock(skb->sk))",
368 .insns = {
369 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
370 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
371 BPF_MOV64_IMM(BPF_REG_0, 0),
372 BPF_EXIT_INSN(),
373 BPF_EMIT_CALL(BPF_FUNC_tcp_sock),
374 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
375 BPF_EXIT_INSN(),
376 BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
377 BPF_EMIT_CALL(BPF_FUNC_sk_release),
378 BPF_MOV64_IMM(BPF_REG_0, 1),
379 BPF_EXIT_INSN(),
380 },
381 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
382 .result = REJECT,
383 .errstr = "type=tcp_sock expected=sock",
384 },
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git