1 {
2 "pkt_end - pkt_start is allowed",
3 .insns = {
4 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
5 offsetof(struct __sk_buff, data_end)),
6 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
7 offsetof(struct __sk_buff, data)),
8 BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_2),
9 BPF_EXIT_INSN(),
10 },
11 .result = ACCEPT,
12 .retval = TEST_DATA_LEN,
13 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
14 },
15 {
16 "direct packet access: test1",
17 .insns = {
18 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
19 offsetof(struct __sk_buff, data)),
20 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
21 offsetof(struct __sk_buff, data_end)),
22 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
23 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
24 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1),
25 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0),
26 BPF_MOV64_IMM(BPF_REG_0, 0),
27 BPF_EXIT_INSN(),
28 },
29 .result = ACCEPT,
30 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
31 },
32 {
33 "direct packet access: test2",
34 .insns = {
35 BPF_MOV64_IMM(BPF_REG_0, 1),
36 BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_1,
37 offsetof(struct __sk_buff, data_end)),
38 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
39 offsetof(struct __sk_buff, data)),
40 BPF_MOV64_REG(BPF_REG_5, BPF_REG_3),
41 BPF_ALU64_IMM(BPF_ADD, BPF_REG_5, 14),
42 BPF_JMP_REG(BPF_JGT, BPF_REG_5, BPF_REG_4, 15),
43 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_3, 7),
44 BPF_LDX_MEM(BPF_B, BPF_REG_4, BPF_REG_3, 12),
45 BPF_ALU64_IMM(BPF_MUL, BPF_REG_4, 14),
46 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
47 offsetof(struct __sk_buff, data)),
48 BPF_ALU64_REG(BPF_ADD, BPF_REG_3, BPF_REG_4),
49 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
50 offsetof(struct __sk_buff, len)),
51 BPF_ALU64_IMM(BPF_LSH, BPF_REG_2, 49),
52 BPF_ALU64_IMM(BPF_RSH, BPF_REG_2, 49),
53 BPF_ALU64_REG(BPF_ADD, BPF_REG_3, BPF_REG_2),
54 BPF_MOV64_REG(BPF_REG_2, BPF_REG_3),
55 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, 8),
56 BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_1,
57 offsetof(struct __sk_buff, data_end)),
58 BPF_JMP_REG(BPF_JGT, BPF_REG_2, BPF_REG_1, 1),
59 BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_3, 4),
60 BPF_MOV64_IMM(BPF_REG_0, 0),
61 BPF_EXIT_INSN(),
62 },
63 .result = ACCEPT,
64 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
65 },
66 {
67 "direct packet access: test3",
68 .insns = {
69 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
70 offsetof(struct __sk_buff, data)),
71 BPF_MOV64_IMM(BPF_REG_0, 0),
72 BPF_EXIT_INSN(),
73 },
74 .errstr = "invalid bpf_context access off=76",
75 .result = REJECT,
76 .prog_type = BPF_PROG_TYPE_SOCKET_FILTER,
77 },
78 {
79 "direct packet access: test4 (write)",
80 .insns = {
81 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
82 offsetof(struct __sk_buff, data)),
83 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
84 offsetof(struct __sk_buff, data_end)),
85 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
86 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
87 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1),
88 BPF_STX_MEM(BPF_B, BPF_REG_2, BPF_REG_2, 0),
89 BPF_MOV64_IMM(BPF_REG_0, 0),
90 BPF_EXIT_INSN(),
91 },
92 .result = ACCEPT,
93 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
94 },
95 {
96 "direct packet access: test5 (pkt_end >= reg, good access)",
97 .insns = {
98 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
99 offsetof(struct __sk_buff, data)),
100 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
101 offsetof(struct __sk_buff, data_end)),
102 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
103 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
104 BPF_JMP_REG(BPF_JGE, BPF_REG_3, BPF_REG_0, 2),
105 BPF_MOV64_IMM(BPF_REG_0, 1),
106 BPF_EXIT_INSN(),
107 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0),
108 BPF_MOV64_IMM(BPF_REG_0, 0),
109 BPF_EXIT_INSN(),
110 },
111 .result = ACCEPT,
112 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
113 },
114 {
115 "direct packet access: test6 (pkt_end >= reg, bad access)",
116 .insns = {
117 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
118 offsetof(struct __sk_buff, data)),
119 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
120 offsetof(struct __sk_buff, data_end)),
121 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
122 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
123 BPF_JMP_REG(BPF_JGE, BPF_REG_3, BPF_REG_0, 3),
124 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0),
125 BPF_MOV64_IMM(BPF_REG_0, 1),
126 BPF_EXIT_INSN(),
127 BPF_MOV64_IMM(BPF_REG_0, 0),
128 BPF_EXIT_INSN(),
129 },
130 .errstr = "invalid access to packet",
131 .result = REJECT,
132 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
133 },
134 {
135 "direct packet access: test7 (pkt_end >= reg, both accesses)",
136 .insns = {
137 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
138 offsetof(struct __sk_buff, data)),
139 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
140 offsetof(struct __sk_buff, data_end)),
141 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
142 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
143 BPF_JMP_REG(BPF_JGE, BPF_REG_3, BPF_REG_0, 3),
144 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0),
145 BPF_MOV64_IMM(BPF_REG_0, 1),
146 BPF_EXIT_INSN(),
147 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0),
148 BPF_MOV64_IMM(BPF_REG_0, 0),
149 BPF_EXIT_INSN(),
150 },
151 .errstr = "invalid access to packet",
152 .result = REJECT,
153 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
154 },
155 {
156 "direct packet access: test8 (double test, variant 1)",
157 .insns = {
158 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
159 offsetof(struct __sk_buff, data)),
160 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
161 offsetof(struct __sk_buff, data_end)),
162 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
163 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
164 BPF_JMP_REG(BPF_JGE, BPF_REG_3, BPF_REG_0, 4),
165 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1),
166 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0),
167 BPF_MOV64_IMM(BPF_REG_0, 1),
168 BPF_EXIT_INSN(),
169 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0),
170 BPF_MOV64_IMM(BPF_REG_0, 0),
171 BPF_EXIT_INSN(),
172 },
173 .result = ACCEPT,
174 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
175 },
176 {
177 "direct packet access: test9 (double test, variant 2)",
178 .insns = {
179 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
180 offsetof(struct __sk_buff, data)),
181 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
182 offsetof(struct __sk_buff, data_end)),
183 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
184 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
185 BPF_JMP_REG(BPF_JGE, BPF_REG_3, BPF_REG_0, 2),
186 BPF_MOV64_IMM(BPF_REG_0, 1),
187 BPF_EXIT_INSN(),
188 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1),
189 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0),
190 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0),
191 BPF_MOV64_IMM(BPF_REG_0, 0),
192 BPF_EXIT_INSN(),
193 },
194 .result = ACCEPT,
195 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
196 },
197 {
198 "direct packet access: test10 (write invalid)",
199 .insns = {
200 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
201 offsetof(struct __sk_buff, data)),
202 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
203 offsetof(struct __sk_buff, data_end)),
204 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
205 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
206 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 2),
207 BPF_MOV64_IMM(BPF_REG_0, 0),
208 BPF_EXIT_INSN(),
209 BPF_STX_MEM(BPF_B, BPF_REG_2, BPF_REG_2, 0),
210 BPF_MOV64_IMM(BPF_REG_0, 0),
211 BPF_EXIT_INSN(),
212 },
213 .errstr = "invalid access to packet",
214 .result = REJECT,
215 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
216 },
217 {
218 "direct packet access: test11 (shift, good access)",
219 .insns = {
220 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
221 offsetof(struct __sk_buff, data)),
222 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
223 offsetof(struct __sk_buff, data_end)),
224 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
225 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 22),
226 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 8),
227 BPF_MOV64_IMM(BPF_REG_3, 144),
228 BPF_MOV64_REG(BPF_REG_5, BPF_REG_3),
229 BPF_ALU64_IMM(BPF_ADD, BPF_REG_5, 23),
230 BPF_ALU64_IMM(BPF_RSH, BPF_REG_5, 3),
231 BPF_MOV64_REG(BPF_REG_6, BPF_REG_2),
232 BPF_ALU64_REG(BPF_ADD, BPF_REG_6, BPF_REG_5),
233 BPF_MOV64_IMM(BPF_REG_0, 1),
234 BPF_EXIT_INSN(),
235 BPF_MOV64_IMM(BPF_REG_0, 0),
236 BPF_EXIT_INSN(),
237 },
238 .result = ACCEPT,
239 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
240 .retval = 1,
241 },
242 {
243 "direct packet access: test12 (and, good access)",
244 .insns = {
245 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
246 offsetof(struct __sk_buff, data)),
247 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
248 offsetof(struct __sk_buff, data_end)),
249 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
250 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 22),
251 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 8),
252 BPF_MOV64_IMM(BPF_REG_3, 144),
253 BPF_MOV64_REG(BPF_REG_5, BPF_REG_3),
254 BPF_ALU64_IMM(BPF_ADD, BPF_REG_5, 23),
255 BPF_ALU64_IMM(BPF_AND, BPF_REG_5, 15),
256 BPF_MOV64_REG(BPF_REG_6, BPF_REG_2),
257 BPF_ALU64_REG(BPF_ADD, BPF_REG_6, BPF_REG_5),
258 BPF_MOV64_IMM(BPF_REG_0, 1),
259 BPF_EXIT_INSN(),
260 BPF_MOV64_IMM(BPF_REG_0, 0),
261 BPF_EXIT_INSN(),
262 },
263 .result = ACCEPT,
264 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
265 .retval = 1,
266 },
267 {
268 "direct packet access: test13 (branches, good access)",
269 .insns = {
270 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
271 offsetof(struct __sk_buff, data)),
272 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
273 offsetof(struct __sk_buff, data_end)),
274 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
275 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 22),
276 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 13),
277 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
278 offsetof(struct __sk_buff, mark)),
279 BPF_MOV64_IMM(BPF_REG_4, 1),
280 BPF_JMP_REG(BPF_JGT, BPF_REG_3, BPF_REG_4, 2),
281 BPF_MOV64_IMM(BPF_REG_3, 14),
282 BPF_JMP_IMM(BPF_JA, 0, 0, 1),
283 BPF_MOV64_IMM(BPF_REG_3, 24),
284 BPF_MOV64_REG(BPF_REG_5, BPF_REG_3),
285 BPF_ALU64_IMM(BPF_ADD, BPF_REG_5, 23),
286 BPF_ALU64_IMM(BPF_AND, BPF_REG_5, 15),
287 BPF_MOV64_REG(BPF_REG_6, BPF_REG_2),
288 BPF_ALU64_REG(BPF_ADD, BPF_REG_6, BPF_REG_5),
289 BPF_MOV64_IMM(BPF_REG_0, 1),
290 BPF_EXIT_INSN(),
291 BPF_MOV64_IMM(BPF_REG_0, 0),
292 BPF_EXIT_INSN(),
293 },
294 .result = ACCEPT,
295 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
296 .retval = 1,
297 },
298 {
299 "direct packet access: test14 (pkt_ptr += 0, CONST_IMM, good access)",
300 .insns = {
301 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
302 offsetof(struct __sk_buff, data)),
303 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
304 offsetof(struct __sk_buff, data_end)),
305 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
306 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 22),
307 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 7),
308 BPF_MOV64_IMM(BPF_REG_5, 12),
309 BPF_ALU64_IMM(BPF_RSH, BPF_REG_5, 4),
310 BPF_MOV64_REG(BPF_REG_6, BPF_REG_2),
311 BPF_ALU64_REG(BPF_ADD, BPF_REG_6, BPF_REG_5),
312 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_6, 0),
313 BPF_MOV64_IMM(BPF_REG_0, 1),
314 BPF_EXIT_INSN(),
315 BPF_MOV64_IMM(BPF_REG_0, 0),
316 BPF_EXIT_INSN(),
317 },
318 .result = ACCEPT,
319 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
320 .retval = 1,
321 },
322 {
323 "direct packet access: test15 (spill with xadd)",
324 .insns = {
325 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
326 offsetof(struct __sk_buff, data)),
327 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
328 offsetof(struct __sk_buff, data_end)),
329 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
330 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
331 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 8),
332 BPF_MOV64_IMM(BPF_REG_5, 4096),
333 BPF_MOV64_REG(BPF_REG_4, BPF_REG_10),
334 BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, -8),
335 BPF_STX_MEM(BPF_DW, BPF_REG_4, BPF_REG_2, 0),
336 BPF_STX_XADD(BPF_DW, BPF_REG_4, BPF_REG_5, 0),
337 BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_4, 0),
338 BPF_STX_MEM(BPF_W, BPF_REG_2, BPF_REG_5, 0),
339 BPF_MOV64_IMM(BPF_REG_0, 0),
340 BPF_EXIT_INSN(),
341 },
342 .errstr = "R2 invalid mem access 'inv'",
343 .result = REJECT,
344 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
345 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
346 },
347 {
348 "direct packet access: test16 (arith on data_end)",
349 .insns = {
350 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
351 offsetof(struct __sk_buff, data)),
352 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
353 offsetof(struct __sk_buff, data_end)),
354 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
355 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
356 BPF_ALU64_IMM(BPF_ADD, BPF_REG_3, 16),
357 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1),
358 BPF_STX_MEM(BPF_B, BPF_REG_2, BPF_REG_2, 0),
359 BPF_MOV64_IMM(BPF_REG_0, 0),
360 BPF_EXIT_INSN(),
361 },
362 .errstr = "R3 pointer arithmetic on pkt_end",
363 .result = REJECT,
364 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
365 },
366 {
367 "direct packet access: test17 (pruning, alignment)",
368 .insns = {
369 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
370 offsetof(struct __sk_buff, data)),
371 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
372 offsetof(struct __sk_buff, data_end)),
373 BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_1,
374 offsetof(struct __sk_buff, mark)),
375 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
376 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 14),
377 BPF_JMP_IMM(BPF_JGT, BPF_REG_7, 1, 4),
378 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1),
379 BPF_STX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, -4),
380 BPF_MOV64_IMM(BPF_REG_0, 0),
381 BPF_EXIT_INSN(),
382 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 1),
383 BPF_JMP_A(-6),
384 },
385 .errstr = "misaligned packet access off 2+(0x0; 0x0)+15+-4 size 4",
386 .result = REJECT,
387 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
388 .flags = F_LOAD_WITH_STRICT_ALIGNMENT,
389 },
390 {
391 "direct packet access: test18 (imm += pkt_ptr, 1)",
392 .insns = {
393 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
394 offsetof(struct __sk_buff, data)),
395 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
396 offsetof(struct __sk_buff, data_end)),
397 BPF_MOV64_IMM(BPF_REG_0, 8),
398 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_2),
399 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1),
400 BPF_STX_MEM(BPF_B, BPF_REG_2, BPF_REG_2, 0),
401 BPF_MOV64_IMM(BPF_REG_0, 0),
402 BPF_EXIT_INSN(),
403 },
404 .result = ACCEPT,
405 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
406 },
407 {
408 "direct packet access: test19 (imm += pkt_ptr, 2)",
409 .insns = {
410 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
411 offsetof(struct __sk_buff, data)),
412 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
413 offsetof(struct __sk_buff, data_end)),
414 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
415 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
416 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 3),
417 BPF_MOV64_IMM(BPF_REG_4, 4),
418 BPF_ALU64_REG(BPF_ADD, BPF_REG_4, BPF_REG_2),
419 BPF_STX_MEM(BPF_B, BPF_REG_4, BPF_REG_4, 0),
420 BPF_MOV64_IMM(BPF_REG_0, 0),
421 BPF_EXIT_INSN(),
422 },
423 .result = ACCEPT,
424 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
425 },
426 {
427 "direct packet access: test20 (x += pkt_ptr, 1)",
428 .insns = {
429 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
430 offsetof(struct __sk_buff, data)),
431 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
432 offsetof(struct __sk_buff, data_end)),
433 BPF_MOV64_IMM(BPF_REG_0, 0xffffffff),
434 BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -8),
435 BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_10, -8),
436 BPF_ALU64_IMM(BPF_AND, BPF_REG_0, 0x7fff),
437 BPF_MOV64_REG(BPF_REG_4, BPF_REG_0),
438 BPF_ALU64_REG(BPF_ADD, BPF_REG_4, BPF_REG_2),
439 BPF_MOV64_REG(BPF_REG_5, BPF_REG_4),
440 BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, 0x7fff - 1),
441 BPF_JMP_REG(BPF_JGT, BPF_REG_4, BPF_REG_3, 1),
442 BPF_STX_MEM(BPF_DW, BPF_REG_5, BPF_REG_4, 0),
443 BPF_MOV64_IMM(BPF_REG_0, 0),
444 BPF_EXIT_INSN(),
445 },
446 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
447 .result = ACCEPT,
448 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
449 },
450 {
451 "direct packet access: test21 (x += pkt_ptr, 2)",
452 .insns = {
453 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
454 offsetof(struct __sk_buff, data)),
455 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
456 offsetof(struct __sk_buff, data_end)),
457 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
458 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
459 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 9),
460 BPF_MOV64_IMM(BPF_REG_4, 0xffffffff),
461 BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_4, -8),
462 BPF_LDX_MEM(BPF_DW, BPF_REG_4, BPF_REG_10, -8),
463 BPF_ALU64_IMM(BPF_AND, BPF_REG_4, 0x7fff),
464 BPF_ALU64_REG(BPF_ADD, BPF_REG_4, BPF_REG_2),
465 BPF_MOV64_REG(BPF_REG_5, BPF_REG_4),
466 BPF_ALU64_IMM(BPF_ADD, BPF_REG_4, 0x7fff - 1),
467 BPF_JMP_REG(BPF_JGT, BPF_REG_4, BPF_REG_3, 1),
468 BPF_STX_MEM(BPF_DW, BPF_REG_5, BPF_REG_4, 0),
469 BPF_MOV64_IMM(BPF_REG_0, 0),
470 BPF_EXIT_INSN(),
471 },
472 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
473 .result = ACCEPT,
474 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
475 },
476 {
477 "direct packet access: test22 (x += pkt_ptr, 3)",
478 .insns = {
479 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
480 offsetof(struct __sk_buff, data)),
481 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
482 offsetof(struct __sk_buff, data_end)),
483 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
484 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
485 BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -8),
486 BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_3, -16),
487 BPF_LDX_MEM(BPF_DW, BPF_REG_3, BPF_REG_10, -16),
488 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 11),
489 BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_10, -8),
490 BPF_MOV64_IMM(BPF_REG_4, 0xffffffff),
491 BPF_STX_XADD(BPF_DW, BPF_REG_10, BPF_REG_4, -8),
492 BPF_LDX_MEM(BPF_DW, BPF_REG_4, BPF_REG_10, -8),
493 BPF_ALU64_IMM(BPF_RSH, BPF_REG_4, 49),
494 BPF_ALU64_REG(BPF_ADD, BPF_REG_4, BPF_REG_2),
495 BPF_MOV64_REG(BPF_REG_0, BPF_REG_4),
496 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 2),
497 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 2),
498 BPF_MOV64_IMM(BPF_REG_2, 1),
499 BPF_STX_MEM(BPF_H, BPF_REG_4, BPF_REG_2, 0),
500 BPF_MOV64_IMM(BPF_REG_0, 0),
501 BPF_EXIT_INSN(),
502 },
503 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
504 .result = ACCEPT,
505 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
506 },
507 {
508 "direct packet access: test23 (x += pkt_ptr, 4)",
509 .insns = {
510 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
511 offsetof(struct __sk_buff, data)),
512 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
513 offsetof(struct __sk_buff, data_end)),
514 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
515 offsetof(struct __sk_buff, mark)),
516 BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -8),
517 BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_10, -8),
518 BPF_ALU64_IMM(BPF_AND, BPF_REG_0, 0xffff),
519 BPF_MOV64_REG(BPF_REG_4, BPF_REG_0),
520 BPF_MOV64_IMM(BPF_REG_0, 31),
521 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_4),
522 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_2),
523 BPF_MOV64_REG(BPF_REG_5, BPF_REG_0),
524 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 0xffff - 1),
525 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1),
526 BPF_STX_MEM(BPF_DW, BPF_REG_5, BPF_REG_0, 0),
527 BPF_MOV64_IMM(BPF_REG_0, 0),
528 BPF_EXIT_INSN(),
529 },
530 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
531 .result = REJECT,
532 .errstr = "invalid access to packet, off=0 size=8, R5(id=1,off=0,r=0)",
533 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
534 },
535 {
536 "direct packet access: test24 (x += pkt_ptr, 5)",
537 .insns = {
538 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
539 offsetof(struct __sk_buff, data)),
540 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
541 offsetof(struct __sk_buff, data_end)),
542 BPF_MOV64_IMM(BPF_REG_0, 0xffffffff),
543 BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -8),
544 BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_10, -8),
545 BPF_ALU64_IMM(BPF_AND, BPF_REG_0, 0xff),
546 BPF_MOV64_REG(BPF_REG_4, BPF_REG_0),
547 BPF_MOV64_IMM(BPF_REG_0, 64),
548 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_4),
549 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_2),
550 BPF_MOV64_REG(BPF_REG_5, BPF_REG_0),
551 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 0x7fff - 1),
552 BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1),
553 BPF_STX_MEM(BPF_DW, BPF_REG_5, BPF_REG_0, 0),
554 BPF_MOV64_IMM(BPF_REG_0, 0),
555 BPF_EXIT_INSN(),
556 },
557 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
558 .result = ACCEPT,
559 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
560 },
561 {
562 "direct packet access: test25 (marking on <, good access)",
563 .insns = {
564 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
565 offsetof(struct __sk_buff, data)),
566 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
567 offsetof(struct __sk_buff, data_end)),
568 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
569 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
570 BPF_JMP_REG(BPF_JLT, BPF_REG_0, BPF_REG_3, 2),
571 BPF_MOV64_IMM(BPF_REG_0, 0),
572 BPF_EXIT_INSN(),
573 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0),
574 BPF_JMP_IMM(BPF_JA, 0, 0, -4),
575 },
576 .result = ACCEPT,
577 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
578 },
579 {
580 "direct packet access: test26 (marking on <, bad access)",
581 .insns = {
582 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
583 offsetof(struct __sk_buff, data)),
584 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
585 offsetof(struct __sk_buff, data_end)),
586 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
587 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
588 BPF_JMP_REG(BPF_JLT, BPF_REG_0, BPF_REG_3, 3),
589 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0),
590 BPF_MOV64_IMM(BPF_REG_0, 0),
591 BPF_EXIT_INSN(),
592 BPF_JMP_IMM(BPF_JA, 0, 0, -3),
593 },
594 .result = REJECT,
595 .errstr = "invalid access to packet",
596 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
597 },
598 {
599 "direct packet access: test27 (marking on <=, good access)",
600 .insns = {
601 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
602 offsetof(struct __sk_buff, data)),
603 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
604 offsetof(struct __sk_buff, data_end)),
605 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
606 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
607 BPF_JMP_REG(BPF_JLE, BPF_REG_3, BPF_REG_0, 1),
608 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0),
609 BPF_MOV64_IMM(BPF_REG_0, 1),
610 BPF_EXIT_INSN(),
611 },
612 .result = ACCEPT,
613 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
614 .retval = 1,
615 },
616 {
617 "direct packet access: test28 (marking on <=, bad access)",
618 .insns = {
619 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
620 offsetof(struct __sk_buff, data)),
621 BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
622 offsetof(struct __sk_buff, data_end)),
623 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
624 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
625 BPF_JMP_REG(BPF_JLE, BPF_REG_3, BPF_REG_0, 2),
626 BPF_MOV64_IMM(BPF_REG_0, 1),
627 BPF_EXIT_INSN(),
628 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0),
629 BPF_JMP_IMM(BPF_JA, 0, 0, -4),
630 },
631 .result = REJECT,
632 .errstr = "invalid access to packet",
633 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
634 },
635 {
636 "direct packet access: test29 (reg > pkt_end in subprog)",
637 .insns = {
638 BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1,
639 offsetof(struct __sk_buff, data)),
640 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
641 offsetof(struct __sk_buff, data_end)),
642 BPF_MOV64_REG(BPF_REG_3, BPF_REG_6),
643 BPF_ALU64_IMM(BPF_ADD, BPF_REG_3, 8),
644 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 1, 0, 4),
645 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 1),
646 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_6, 0),
647 BPF_MOV64_IMM(BPF_REG_0, 0),
648 BPF_EXIT_INSN(),
649 BPF_MOV64_IMM(BPF_REG_0, 0),
650 BPF_JMP_REG(BPF_JGT, BPF_REG_3, BPF_REG_2, 1),
651 BPF_MOV64_IMM(BPF_REG_0, 1),
652 BPF_EXIT_INSN(),
653 },
654 .result = ACCEPT,
655 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
656 },