mirror of https://gitee.com/openkylin/linux.git
bpf: Add skb->sk, bpf_sk_fullsock and bpf_tcp_sock tests to test_verifer
This patch tests accessing the skb->sk and the new helpers, bpf_sk_fullsock and bpf_tcp_sock. The errstr of some existing "reference tracking" tests is changed with s/bpf_sock/sock/ and s/socket/sock/ where "sock" is from the verifier's reg_type_str[]. Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Martin KaFai Lau <kafai@fb.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org>
This commit is contained in:
parent
281f9e7572
commit
fb47d1d931
|
@ -48,4 +48,13 @@ static inline unsigned int bpf_num_possible_cpus(void)
|
||||||
# define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
|
# define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#ifndef sizeof_field
|
||||||
|
#define sizeof_field(TYPE, MEMBER) sizeof((((TYPE *)0)->MEMBER))
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef offsetofend
|
||||||
|
#define offsetofend(TYPE, MEMBER) \
|
||||||
|
(offsetof(TYPE, MEMBER) + sizeof_field(TYPE, MEMBER))
|
||||||
|
#endif
|
||||||
|
|
||||||
#endif /* __BPF_UTIL__ */
|
#endif /* __BPF_UTIL__ */
|
||||||
|
|
|
@ -547,7 +547,7 @@
|
||||||
BPF_EXIT_INSN(),
|
BPF_EXIT_INSN(),
|
||||||
},
|
},
|
||||||
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
|
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
|
||||||
.errstr = "cannot write into socket",
|
.errstr = "cannot write into sock",
|
||||||
.result = REJECT,
|
.result = REJECT,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
@ -562,7 +562,7 @@
|
||||||
BPF_EXIT_INSN(),
|
BPF_EXIT_INSN(),
|
||||||
},
|
},
|
||||||
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
|
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
|
||||||
.errstr = "invalid bpf_sock access off=0 size=8",
|
.errstr = "invalid sock access off=0 size=8",
|
||||||
.result = REJECT,
|
.result = REJECT,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
|
@ -0,0 +1,384 @@
|
||||||
|
{
|
||||||
|
"skb->sk: no NULL check",
|
||||||
|
.insns = {
|
||||||
|
BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
|
||||||
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 0),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
},
|
||||||
|
.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
|
||||||
|
.result = REJECT,
|
||||||
|
.errstr = "invalid mem access 'sock_common_or_null'",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"skb->sk: sk->family [non fullsock field]",
|
||||||
|
.insns = {
|
||||||
|
BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, offsetof(struct bpf_sock, family)),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
},
|
||||||
|
.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
|
||||||
|
.result = ACCEPT,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"skb->sk: sk->type [fullsock field]",
|
||||||
|
.insns = {
|
||||||
|
BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, offsetof(struct bpf_sock, type)),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
},
|
||||||
|
.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
|
||||||
|
.result = REJECT,
|
||||||
|
.errstr = "invalid sock_common access",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"bpf_sk_fullsock(skb->sk): no !skb->sk check",
|
||||||
|
.insns = {
|
||||||
|
BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
|
||||||
|
BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
},
|
||||||
|
.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
|
||||||
|
.result = REJECT,
|
||||||
|
.errstr = "type=sock_common_or_null expected=sock_common",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"sk_fullsock(skb->sk): no NULL check on ret",
|
||||||
|
.insns = {
|
||||||
|
BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
|
||||||
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, type)),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
},
|
||||||
|
.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
|
||||||
|
.result = REJECT,
|
||||||
|
.errstr = "invalid mem access 'sock_or_null'",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"sk_fullsock(skb->sk): sk->type [fullsock field]",
|
||||||
|
.insns = {
|
||||||
|
BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, type)),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
},
|
||||||
|
.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
|
||||||
|
.result = ACCEPT,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"sk_fullsock(skb->sk): sk->family [non fullsock field]",
|
||||||
|
.insns = {
|
||||||
|
BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, family)),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
},
|
||||||
|
.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
|
||||||
|
.result = ACCEPT,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"sk_fullsock(skb->sk): sk->state [narrow load]",
|
||||||
|
.insns = {
|
||||||
|
BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, state)),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
},
|
||||||
|
.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
|
||||||
|
.result = ACCEPT,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"sk_fullsock(skb->sk): sk->dst_port [narrow load]",
|
||||||
|
.insns = {
|
||||||
|
BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, dst_port)),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
},
|
||||||
|
.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
|
||||||
|
.result = ACCEPT,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"sk_fullsock(skb->sk): sk->dst_port [load 2nd byte]",
|
||||||
|
.insns = {
|
||||||
|
BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, dst_port) + 1),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
},
|
||||||
|
.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
|
||||||
|
.result = REJECT,
|
||||||
|
.errstr = "invalid sock access",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"sk_fullsock(skb->sk): sk->dst_ip6 [load 2nd byte]",
|
||||||
|
.insns = {
|
||||||
|
BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, dst_ip6[0]) + 1),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
},
|
||||||
|
.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
|
||||||
|
.result = ACCEPT,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"sk_fullsock(skb->sk): sk->type [narrow load]",
|
||||||
|
.insns = {
|
||||||
|
BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, type)),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
},
|
||||||
|
.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
|
||||||
|
.result = ACCEPT,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"sk_fullsock(skb->sk): sk->protocol [narrow load]",
|
||||||
|
.insns = {
|
||||||
|
BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, protocol)),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
},
|
||||||
|
.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
|
||||||
|
.result = ACCEPT,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"sk_fullsock(skb->sk): beyond last field",
|
||||||
|
.insns = {
|
||||||
|
BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetofend(struct bpf_sock, state)),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
},
|
||||||
|
.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
|
||||||
|
.result = REJECT,
|
||||||
|
.errstr = "invalid sock access",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"bpf_tcp_sock(skb->sk): no !skb->sk check",
|
||||||
|
.insns = {
|
||||||
|
BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
|
||||||
|
BPF_EMIT_CALL(BPF_FUNC_tcp_sock),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
},
|
||||||
|
.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
|
||||||
|
.result = REJECT,
|
||||||
|
.errstr = "type=sock_common_or_null expected=sock_common",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"bpf_tcp_sock(skb->sk): no NULL check on ret",
|
||||||
|
.insns = {
|
||||||
|
BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_EMIT_CALL(BPF_FUNC_tcp_sock),
|
||||||
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_tcp_sock, snd_cwnd)),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
},
|
||||||
|
.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
|
||||||
|
.result = REJECT,
|
||||||
|
.errstr = "invalid mem access 'tcp_sock_or_null'",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"bpf_tcp_sock(skb->sk): tp->snd_cwnd",
|
||||||
|
.insns = {
|
||||||
|
BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_EMIT_CALL(BPF_FUNC_tcp_sock),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_tcp_sock, snd_cwnd)),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
},
|
||||||
|
.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
|
||||||
|
.result = ACCEPT,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"bpf_tcp_sock(skb->sk): tp->bytes_acked",
|
||||||
|
.insns = {
|
||||||
|
BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_EMIT_CALL(BPF_FUNC_tcp_sock),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_tcp_sock, bytes_acked)),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
},
|
||||||
|
.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
|
||||||
|
.result = ACCEPT,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"bpf_tcp_sock(skb->sk): beyond last field",
|
||||||
|
.insns = {
|
||||||
|
BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_EMIT_CALL(BPF_FUNC_tcp_sock),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, offsetofend(struct bpf_tcp_sock, bytes_acked)),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
},
|
||||||
|
.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
|
||||||
|
.result = REJECT,
|
||||||
|
.errstr = "invalid tcp_sock access",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"bpf_tcp_sock(bpf_sk_fullsock(skb->sk)): tp->snd_cwnd",
|
||||||
|
.insns = {
|
||||||
|
BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
|
||||||
|
BPF_EMIT_CALL(BPF_FUNC_tcp_sock),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_tcp_sock, snd_cwnd)),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
},
|
||||||
|
.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
|
||||||
|
.result = ACCEPT,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"bpf_sk_release(skb->sk)",
|
||||||
|
.insns = {
|
||||||
|
BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
|
||||||
|
BPF_JMP_IMM(BPF_JEQ, BPF_REG_1, 0, 1),
|
||||||
|
BPF_EMIT_CALL(BPF_FUNC_sk_release),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
},
|
||||||
|
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
|
||||||
|
.result = REJECT,
|
||||||
|
.errstr = "type=sock_common expected=sock",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"bpf_sk_release(bpf_sk_fullsock(skb->sk))",
|
||||||
|
.insns = {
|
||||||
|
BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
|
||||||
|
BPF_EMIT_CALL(BPF_FUNC_sk_release),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 1),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
},
|
||||||
|
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
|
||||||
|
.result = REJECT,
|
||||||
|
.errstr = "reference has not been acquired before",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"bpf_sk_release(bpf_tcp_sock(skb->sk))",
|
||||||
|
.insns = {
|
||||||
|
BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_EMIT_CALL(BPF_FUNC_tcp_sock),
|
||||||
|
BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
|
||||||
|
BPF_EMIT_CALL(BPF_FUNC_sk_release),
|
||||||
|
BPF_MOV64_IMM(BPF_REG_0, 1),
|
||||||
|
BPF_EXIT_INSN(),
|
||||||
|
},
|
||||||
|
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
|
||||||
|
.result = REJECT,
|
||||||
|
.errstr = "type=tcp_sock expected=sock",
|
||||||
|
},
|
|
@ -365,7 +365,7 @@
|
||||||
},
|
},
|
||||||
.result = REJECT,
|
.result = REJECT,
|
||||||
//.errstr = "same insn cannot be used with different pointers",
|
//.errstr = "same insn cannot be used with different pointers",
|
||||||
.errstr = "cannot write into socket",
|
.errstr = "cannot write into sock",
|
||||||
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
|
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue