mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2025-01-01 19:34:35 +08:00
Merge branch 'bpf-misc'
Daniel Borkmann says: ==================== Misc BPF improvements This series adds various misc improvements to BPF, f.e. allowing skb_load_bytes() helper to be used with filter/reuseport programs to facilitate programming, test cases for program tag, etc. For details, please see individual patches. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
commit
bef4e179b0
@ -522,6 +522,7 @@ enum bpf_func_id {
|
||||
/* BPF_FUNC_l4_csum_replace flags. */
|
||||
#define BPF_F_PSEUDO_HDR (1ULL << 4)
|
||||
#define BPF_F_MARK_MANGLED_0 (1ULL << 5)
|
||||
#define BPF_F_MARK_ENFORCE (1ULL << 6)
|
||||
|
||||
/* BPF_FUNC_clone_redirect and BPF_FUNC_redirect flags. */
|
||||
#define BPF_F_INGRESS (1ULL << 0)
|
||||
|
@ -1566,22 +1566,54 @@ static int evaluate_reg_imm_alu(struct bpf_verifier_env *env,
|
||||
struct bpf_reg_state *dst_reg = ®s[insn->dst_reg];
|
||||
struct bpf_reg_state *src_reg = ®s[insn->src_reg];
|
||||
u8 opcode = BPF_OP(insn->code);
|
||||
u64 dst_imm = dst_reg->imm;
|
||||
|
||||
/* dst_reg->type == CONST_IMM here, simulate execution of 'add'/'or'
|
||||
* insn. Don't care about overflow or negative values, just add them
|
||||
/* dst_reg->type == CONST_IMM here. Simulate execution of insns
|
||||
* containing ALU ops. Don't care about overflow or negative
|
||||
* values, just add/sub/... them; registers are in u64.
|
||||
*/
|
||||
if (opcode == BPF_ADD && BPF_SRC(insn->code) == BPF_K)
|
||||
dst_reg->imm += insn->imm;
|
||||
else if (opcode == BPF_ADD && BPF_SRC(insn->code) == BPF_X &&
|
||||
src_reg->type == CONST_IMM)
|
||||
dst_reg->imm += src_reg->imm;
|
||||
else if (opcode == BPF_OR && BPF_SRC(insn->code) == BPF_K)
|
||||
dst_reg->imm |= insn->imm;
|
||||
else if (opcode == BPF_OR && BPF_SRC(insn->code) == BPF_X &&
|
||||
src_reg->type == CONST_IMM)
|
||||
dst_reg->imm |= src_reg->imm;
|
||||
else
|
||||
if (opcode == BPF_ADD && BPF_SRC(insn->code) == BPF_K) {
|
||||
dst_imm += insn->imm;
|
||||
} else if (opcode == BPF_ADD && BPF_SRC(insn->code) == BPF_X &&
|
||||
src_reg->type == CONST_IMM) {
|
||||
dst_imm += src_reg->imm;
|
||||
} else if (opcode == BPF_SUB && BPF_SRC(insn->code) == BPF_K) {
|
||||
dst_imm -= insn->imm;
|
||||
} else if (opcode == BPF_SUB && BPF_SRC(insn->code) == BPF_X &&
|
||||
src_reg->type == CONST_IMM) {
|
||||
dst_imm -= src_reg->imm;
|
||||
} else if (opcode == BPF_MUL && BPF_SRC(insn->code) == BPF_K) {
|
||||
dst_imm *= insn->imm;
|
||||
} else if (opcode == BPF_MUL && BPF_SRC(insn->code) == BPF_X &&
|
||||
src_reg->type == CONST_IMM) {
|
||||
dst_imm *= src_reg->imm;
|
||||
} else if (opcode == BPF_OR && BPF_SRC(insn->code) == BPF_K) {
|
||||
dst_imm |= insn->imm;
|
||||
} else if (opcode == BPF_OR && BPF_SRC(insn->code) == BPF_X &&
|
||||
src_reg->type == CONST_IMM) {
|
||||
dst_imm |= src_reg->imm;
|
||||
} else if (opcode == BPF_AND && BPF_SRC(insn->code) == BPF_K) {
|
||||
dst_imm &= insn->imm;
|
||||
} else if (opcode == BPF_AND && BPF_SRC(insn->code) == BPF_X &&
|
||||
src_reg->type == CONST_IMM) {
|
||||
dst_imm &= src_reg->imm;
|
||||
} else if (opcode == BPF_RSH && BPF_SRC(insn->code) == BPF_K) {
|
||||
dst_imm >>= insn->imm;
|
||||
} else if (opcode == BPF_RSH && BPF_SRC(insn->code) == BPF_X &&
|
||||
src_reg->type == CONST_IMM) {
|
||||
dst_imm >>= src_reg->imm;
|
||||
} else if (opcode == BPF_LSH && BPF_SRC(insn->code) == BPF_K) {
|
||||
dst_imm <<= insn->imm;
|
||||
} else if (opcode == BPF_LSH && BPF_SRC(insn->code) == BPF_X &&
|
||||
src_reg->type == CONST_IMM) {
|
||||
dst_imm <<= src_reg->imm;
|
||||
} else {
|
||||
mark_reg_unknown_value(regs, insn->dst_reg);
|
||||
goto out;
|
||||
}
|
||||
|
||||
dst_reg->imm = dst_imm;
|
||||
out:
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -2225,14 +2257,8 @@ static int check_ld_imm(struct bpf_verifier_env *env, struct bpf_insn *insn)
|
||||
return err;
|
||||
|
||||
if (insn->src_reg == 0) {
|
||||
/* generic move 64-bit immediate into a register,
|
||||
* only analyzer needs to collect the ld_imm value.
|
||||
*/
|
||||
u64 imm = ((u64)(insn + 1)->imm << 32) | (u32)insn->imm;
|
||||
|
||||
if (!env->analyzer_ops)
|
||||
return 0;
|
||||
|
||||
regs[insn->dst_reg].type = CONST_IMM;
|
||||
regs[insn->dst_reg].imm = imm;
|
||||
return 0;
|
||||
|
@ -1522,10 +1522,11 @@ BPF_CALL_5(bpf_l4_csum_replace, struct sk_buff *, skb, u32, offset,
|
||||
{
|
||||
bool is_pseudo = flags & BPF_F_PSEUDO_HDR;
|
||||
bool is_mmzero = flags & BPF_F_MARK_MANGLED_0;
|
||||
bool do_mforce = flags & BPF_F_MARK_ENFORCE;
|
||||
__sum16 *ptr;
|
||||
|
||||
if (unlikely(flags & ~(BPF_F_MARK_MANGLED_0 | BPF_F_PSEUDO_HDR |
|
||||
BPF_F_HDR_FIELD_MASK)))
|
||||
if (unlikely(flags & ~(BPF_F_MARK_MANGLED_0 | BPF_F_MARK_ENFORCE |
|
||||
BPF_F_PSEUDO_HDR | BPF_F_HDR_FIELD_MASK)))
|
||||
return -EINVAL;
|
||||
if (unlikely(offset > 0xffff || offset & 1))
|
||||
return -EFAULT;
|
||||
@ -1533,7 +1534,7 @@ BPF_CALL_5(bpf_l4_csum_replace, struct sk_buff *, skb, u32, offset,
|
||||
return -EFAULT;
|
||||
|
||||
ptr = (__sum16 *)(skb->data + offset);
|
||||
if (is_mmzero && !*ptr)
|
||||
if (is_mmzero && !do_mforce && !*ptr)
|
||||
return 0;
|
||||
|
||||
switch (flags & BPF_F_HDR_FIELD_MASK) {
|
||||
@ -2598,7 +2599,7 @@ static const struct bpf_func_proto bpf_xdp_event_output_proto = {
|
||||
};
|
||||
|
||||
static const struct bpf_func_proto *
|
||||
sk_filter_func_proto(enum bpf_func_id func_id)
|
||||
bpf_base_func_proto(enum bpf_func_id func_id)
|
||||
{
|
||||
switch (func_id) {
|
||||
case BPF_FUNC_map_lookup_elem:
|
||||
@ -2625,6 +2626,17 @@ sk_filter_func_proto(enum bpf_func_id func_id)
|
||||
}
|
||||
}
|
||||
|
||||
static const struct bpf_func_proto *
|
||||
sk_filter_func_proto(enum bpf_func_id func_id)
|
||||
{
|
||||
switch (func_id) {
|
||||
case BPF_FUNC_skb_load_bytes:
|
||||
return &bpf_skb_load_bytes_proto;
|
||||
default:
|
||||
return bpf_base_func_proto(func_id);
|
||||
}
|
||||
}
|
||||
|
||||
static const struct bpf_func_proto *
|
||||
tc_cls_act_func_proto(enum bpf_func_id func_id)
|
||||
{
|
||||
@ -2680,7 +2692,7 @@ tc_cls_act_func_proto(enum bpf_func_id func_id)
|
||||
case BPF_FUNC_skb_under_cgroup:
|
||||
return &bpf_skb_under_cgroup_proto;
|
||||
default:
|
||||
return sk_filter_func_proto(func_id);
|
||||
return bpf_base_func_proto(func_id);
|
||||
}
|
||||
}
|
||||
|
||||
@ -2695,7 +2707,7 @@ xdp_func_proto(enum bpf_func_id func_id)
|
||||
case BPF_FUNC_xdp_adjust_head:
|
||||
return &bpf_xdp_adjust_head_proto;
|
||||
default:
|
||||
return sk_filter_func_proto(func_id);
|
||||
return bpf_base_func_proto(func_id);
|
||||
}
|
||||
}
|
||||
|
||||
@ -2706,7 +2718,7 @@ cg_skb_func_proto(enum bpf_func_id func_id)
|
||||
case BPF_FUNC_skb_load_bytes:
|
||||
return &bpf_skb_load_bytes_proto;
|
||||
default:
|
||||
return sk_filter_func_proto(func_id);
|
||||
return bpf_base_func_proto(func_id);
|
||||
}
|
||||
}
|
||||
|
||||
@ -2733,7 +2745,7 @@ lwt_inout_func_proto(enum bpf_func_id func_id)
|
||||
case BPF_FUNC_skb_under_cgroup:
|
||||
return &bpf_skb_under_cgroup_proto;
|
||||
default:
|
||||
return sk_filter_func_proto(func_id);
|
||||
return bpf_base_func_proto(func_id);
|
||||
}
|
||||
}
|
||||
|
||||
@ -2784,19 +2796,8 @@ static bool __is_valid_access(int off, int size)
|
||||
switch (off) {
|
||||
case offsetof(struct __sk_buff, cb[0]) ...
|
||||
offsetof(struct __sk_buff, cb[4]) + sizeof(__u32) - 1:
|
||||
if (size == sizeof(__u16) &&
|
||||
off > offsetof(struct __sk_buff, cb[4]) + sizeof(__u16))
|
||||
return false;
|
||||
if (size == sizeof(__u32) &&
|
||||
off > offsetof(struct __sk_buff, cb[4]))
|
||||
return false;
|
||||
if (size == sizeof(__u64) &&
|
||||
off > offsetof(struct __sk_buff, cb[2]))
|
||||
return false;
|
||||
if (size != sizeof(__u8) &&
|
||||
size != sizeof(__u16) &&
|
||||
size != sizeof(__u32) &&
|
||||
size != sizeof(__u64))
|
||||
if (off + size >
|
||||
offsetof(struct __sk_buff, cb[4]) + sizeof(__u32))
|
||||
return false;
|
||||
break;
|
||||
default:
|
||||
@ -2994,10 +2995,10 @@ void bpf_warn_invalid_xdp_action(u32 act)
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(bpf_warn_invalid_xdp_action);
|
||||
|
||||
static u32 sk_filter_convert_ctx_access(enum bpf_access_type type,
|
||||
const struct bpf_insn *si,
|
||||
struct bpf_insn *insn_buf,
|
||||
struct bpf_prog *prog)
|
||||
static u32 bpf_convert_ctx_access(enum bpf_access_type type,
|
||||
const struct bpf_insn *si,
|
||||
struct bpf_insn *insn_buf,
|
||||
struct bpf_prog *prog)
|
||||
{
|
||||
struct bpf_insn *insn = insn_buf;
|
||||
int off;
|
||||
@ -3221,7 +3222,7 @@ static u32 tc_cls_act_convert_ctx_access(enum bpf_access_type type,
|
||||
offsetof(struct net_device, ifindex));
|
||||
break;
|
||||
default:
|
||||
return sk_filter_convert_ctx_access(type, si, insn_buf, prog);
|
||||
return bpf_convert_ctx_access(type, si, insn_buf, prog);
|
||||
}
|
||||
|
||||
return insn - insn_buf;
|
||||
@ -3253,7 +3254,7 @@ static u32 xdp_convert_ctx_access(enum bpf_access_type type,
|
||||
static const struct bpf_verifier_ops sk_filter_ops = {
|
||||
.get_func_proto = sk_filter_func_proto,
|
||||
.is_valid_access = sk_filter_is_valid_access,
|
||||
.convert_ctx_access = sk_filter_convert_ctx_access,
|
||||
.convert_ctx_access = bpf_convert_ctx_access,
|
||||
};
|
||||
|
||||
static const struct bpf_verifier_ops tc_cls_act_ops = {
|
||||
@ -3272,24 +3273,24 @@ static const struct bpf_verifier_ops xdp_ops = {
|
||||
static const struct bpf_verifier_ops cg_skb_ops = {
|
||||
.get_func_proto = cg_skb_func_proto,
|
||||
.is_valid_access = sk_filter_is_valid_access,
|
||||
.convert_ctx_access = sk_filter_convert_ctx_access,
|
||||
.convert_ctx_access = bpf_convert_ctx_access,
|
||||
};
|
||||
|
||||
static const struct bpf_verifier_ops lwt_inout_ops = {
|
||||
.get_func_proto = lwt_inout_func_proto,
|
||||
.is_valid_access = lwt_is_valid_access,
|
||||
.convert_ctx_access = sk_filter_convert_ctx_access,
|
||||
.convert_ctx_access = bpf_convert_ctx_access,
|
||||
};
|
||||
|
||||
static const struct bpf_verifier_ops lwt_xmit_ops = {
|
||||
.get_func_proto = lwt_xmit_func_proto,
|
||||
.is_valid_access = lwt_is_valid_access,
|
||||
.convert_ctx_access = sk_filter_convert_ctx_access,
|
||||
.convert_ctx_access = bpf_convert_ctx_access,
|
||||
.gen_prologue = tc_cls_act_prologue,
|
||||
};
|
||||
|
||||
static const struct bpf_verifier_ops cg_sock_ops = {
|
||||
.get_func_proto = sk_filter_func_proto,
|
||||
.get_func_proto = bpf_base_func_proto,
|
||||
.is_valid_access = sock_filter_is_valid_access,
|
||||
.convert_ctx_access = sock_filter_convert_ctx_access,
|
||||
};
|
||||
|
@ -1,8 +1,8 @@
|
||||
CFLAGS += -Wall -O2 -I../../../../usr/include
|
||||
|
||||
test_objs = test_verifier test_maps test_lru_map test_lpm_map
|
||||
test_objs = test_verifier test_tag test_maps test_lru_map test_lpm_map
|
||||
|
||||
TEST_PROGS := test_verifier test_maps test_lru_map test_lpm_map test_kmod.sh
|
||||
TEST_PROGS := $(test_objs) test_kmod.sh
|
||||
TEST_FILES := $(test_objs)
|
||||
|
||||
all: $(test_objs)
|
||||
|
202
tools/testing/selftests/bpf/test_tag.c
Normal file
202
tools/testing/selftests/bpf/test_tag.c
Normal file
@ -0,0 +1,202 @@
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <ctype.h>
|
||||
#include <time.h>
|
||||
#include <errno.h>
|
||||
#include <unistd.h>
|
||||
#include <string.h>
|
||||
#include <sched.h>
|
||||
#include <limits.h>
|
||||
#include <assert.h>
|
||||
|
||||
#include <sys/socket.h>
|
||||
#include <sys/resource.h>
|
||||
|
||||
#include <linux/filter.h>
|
||||
#include <linux/bpf.h>
|
||||
#include <linux/if_alg.h>
|
||||
|
||||
#include "../../../include/linux/filter.h"
|
||||
|
||||
#include "bpf_sys.h"
|
||||
|
||||
static struct bpf_insn prog[BPF_MAXINSNS];
|
||||
|
||||
static void bpf_gen_imm_prog(unsigned int insns, int fd_map)
|
||||
{
|
||||
int i;
|
||||
|
||||
srand(time(NULL));
|
||||
for (i = 0; i < insns; i++)
|
||||
prog[i] = BPF_ALU64_IMM(BPF_MOV, i % BPF_REG_10, rand());
|
||||
prog[i - 1] = BPF_EXIT_INSN();
|
||||
}
|
||||
|
||||
static void bpf_gen_map_prog(unsigned int insns, int fd_map)
|
||||
{
|
||||
int i, j = 0;
|
||||
|
||||
for (i = 0; i + 1 < insns; i += 2) {
|
||||
struct bpf_insn tmp[] = {
|
||||
BPF_LD_MAP_FD(j++ % BPF_REG_10, fd_map)
|
||||
};
|
||||
|
||||
memcpy(&prog[i], tmp, sizeof(tmp));
|
||||
}
|
||||
if (insns % 2 == 0)
|
||||
prog[insns - 2] = BPF_ALU64_IMM(BPF_MOV, i % BPF_REG_10, 42);
|
||||
prog[insns - 1] = BPF_EXIT_INSN();
|
||||
}
|
||||
|
||||
static int bpf_try_load_prog(int insns, int fd_map,
|
||||
void (*bpf_filler)(unsigned int insns,
|
||||
int fd_map))
|
||||
{
|
||||
int fd_prog;
|
||||
|
||||
bpf_filler(insns, fd_map);
|
||||
fd_prog = bpf_prog_load(BPF_PROG_TYPE_SCHED_CLS, prog, insns *
|
||||
sizeof(struct bpf_insn), "", NULL, 0);
|
||||
assert(fd_prog > 0);
|
||||
if (fd_map > 0)
|
||||
bpf_filler(insns, 0);
|
||||
return fd_prog;
|
||||
}
|
||||
|
||||
static int __hex2bin(char ch)
|
||||
{
|
||||
if ((ch >= '0') && (ch <= '9'))
|
||||
return ch - '0';
|
||||
ch = tolower(ch);
|
||||
if ((ch >= 'a') && (ch <= 'f'))
|
||||
return ch - 'a' + 10;
|
||||
return -1;
|
||||
}
|
||||
|
||||
static int hex2bin(uint8_t *dst, const char *src, size_t count)
|
||||
{
|
||||
while (count--) {
|
||||
int hi = __hex2bin(*src++);
|
||||
int lo = __hex2bin(*src++);
|
||||
|
||||
if ((hi < 0) || (lo < 0))
|
||||
return -1;
|
||||
*dst++ = (hi << 4) | lo;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void tag_from_fdinfo(int fd_prog, uint8_t *tag, uint32_t len)
|
||||
{
|
||||
const int prefix_len = sizeof("prog_tag:\t") - 1;
|
||||
char buff[256];
|
||||
int ret = -1;
|
||||
FILE *fp;
|
||||
|
||||
snprintf(buff, sizeof(buff), "/proc/%d/fdinfo/%d", getpid(),
|
||||
fd_prog);
|
||||
fp = fopen(buff, "r");
|
||||
assert(fp);
|
||||
|
||||
while (fgets(buff, sizeof(buff), fp)) {
|
||||
if (strncmp(buff, "prog_tag:\t", len))
|
||||
continue;
|
||||
ret = hex2bin(tag, buff + prefix_len, len);
|
||||
break;
|
||||
}
|
||||
|
||||
fclose(fp);
|
||||
assert(!ret);
|
||||
}
|
||||
|
||||
static void tag_from_alg(int insns, uint8_t *tag, uint32_t len)
|
||||
{
|
||||
static const struct sockaddr_alg alg = {
|
||||
.salg_family = AF_ALG,
|
||||
.salg_type = "hash",
|
||||
.salg_name = "sha1",
|
||||
};
|
||||
int fd_base, fd_alg, ret;
|
||||
ssize_t size;
|
||||
|
||||
fd_base = socket(AF_ALG, SOCK_SEQPACKET, 0);
|
||||
assert(fd_base > 0);
|
||||
|
||||
ret = bind(fd_base, (struct sockaddr *)&alg, sizeof(alg));
|
||||
assert(!ret);
|
||||
|
||||
fd_alg = accept(fd_base, NULL, 0);
|
||||
assert(fd_alg > 0);
|
||||
|
||||
insns *= sizeof(struct bpf_insn);
|
||||
size = write(fd_alg, prog, insns);
|
||||
assert(size == insns);
|
||||
|
||||
size = read(fd_alg, tag, len);
|
||||
assert(size == len);
|
||||
|
||||
close(fd_alg);
|
||||
close(fd_base);
|
||||
}
|
||||
|
||||
static void tag_dump(const char *prefix, uint8_t *tag, uint32_t len)
|
||||
{
|
||||
int i;
|
||||
|
||||
printf("%s", prefix);
|
||||
for (i = 0; i < len; i++)
|
||||
printf("%02x", tag[i]);
|
||||
printf("\n");
|
||||
}
|
||||
|
||||
static void tag_exit_report(int insns, int fd_map, uint8_t *ftag,
|
||||
uint8_t *atag, uint32_t len)
|
||||
{
|
||||
printf("Program tag mismatch for %d insns%s!\n", insns,
|
||||
fd_map < 0 ? "" : " with map");
|
||||
|
||||
tag_dump(" fdinfo result: ", ftag, len);
|
||||
tag_dump(" af_alg result: ", atag, len);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
static void do_test(uint32_t *tests, int start_insns, int fd_map,
|
||||
void (*bpf_filler)(unsigned int insns, int fd))
|
||||
{
|
||||
int i, fd_prog;
|
||||
|
||||
for (i = start_insns; i <= BPF_MAXINSNS; i++) {
|
||||
uint8_t ftag[8], atag[sizeof(ftag)];
|
||||
|
||||
fd_prog = bpf_try_load_prog(i, fd_map, bpf_filler);
|
||||
tag_from_fdinfo(fd_prog, ftag, sizeof(ftag));
|
||||
tag_from_alg(i, atag, sizeof(atag));
|
||||
if (memcmp(ftag, atag, sizeof(ftag)))
|
||||
tag_exit_report(i, fd_map, ftag, atag, sizeof(ftag));
|
||||
|
||||
close(fd_prog);
|
||||
sched_yield();
|
||||
(*tests)++;
|
||||
}
|
||||
}
|
||||
|
||||
int main(void)
|
||||
{
|
||||
struct rlimit rinf = { RLIM_INFINITY, RLIM_INFINITY };
|
||||
uint32_t tests = 0;
|
||||
int i, fd_map;
|
||||
|
||||
setrlimit(RLIMIT_MEMLOCK, &rinf);
|
||||
fd_map = bpf_map_create(BPF_MAP_TYPE_HASH, sizeof(int),
|
||||
sizeof(int), 1, BPF_F_NO_PREALLOC);
|
||||
assert(fd_map > 0);
|
||||
|
||||
for (i = 0; i < 5; i++) {
|
||||
do_test(&tests, 2, -1, bpf_gen_imm_prog);
|
||||
do_test(&tests, 3, fd_map, bpf_gen_map_prog);
|
||||
}
|
||||
|
||||
printf("test_tag: OK (%u tests)\n", tests);
|
||||
close(fd_map);
|
||||
return 0;
|
||||
}
|
@ -2325,6 +2325,84 @@ static struct bpf_test tests[] = {
|
||||
.result = REJECT,
|
||||
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
|
||||
},
|
||||
{
|
||||
"direct packet access: test11 (shift, good access)",
|
||||
.insns = {
|
||||
BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
|
||||
offsetof(struct __sk_buff, data)),
|
||||
BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
|
||||
offsetof(struct __sk_buff, data_end)),
|
||||
BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
|
||||
BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 22),
|
||||
BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 8),
|
||||
BPF_MOV64_IMM(BPF_REG_3, 144),
|
||||
BPF_MOV64_REG(BPF_REG_5, BPF_REG_3),
|
||||
BPF_ALU64_IMM(BPF_ADD, BPF_REG_5, 23),
|
||||
BPF_ALU64_IMM(BPF_RSH, BPF_REG_5, 3),
|
||||
BPF_MOV64_REG(BPF_REG_6, BPF_REG_2),
|
||||
BPF_ALU64_REG(BPF_ADD, BPF_REG_6, BPF_REG_5),
|
||||
BPF_MOV64_IMM(BPF_REG_0, 1),
|
||||
BPF_EXIT_INSN(),
|
||||
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||
BPF_EXIT_INSN(),
|
||||
},
|
||||
.result = ACCEPT,
|
||||
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
|
||||
},
|
||||
{
|
||||
"direct packet access: test12 (and, good access)",
|
||||
.insns = {
|
||||
BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
|
||||
offsetof(struct __sk_buff, data)),
|
||||
BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
|
||||
offsetof(struct __sk_buff, data_end)),
|
||||
BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
|
||||
BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 22),
|
||||
BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 8),
|
||||
BPF_MOV64_IMM(BPF_REG_3, 144),
|
||||
BPF_MOV64_REG(BPF_REG_5, BPF_REG_3),
|
||||
BPF_ALU64_IMM(BPF_ADD, BPF_REG_5, 23),
|
||||
BPF_ALU64_IMM(BPF_AND, BPF_REG_5, 15),
|
||||
BPF_MOV64_REG(BPF_REG_6, BPF_REG_2),
|
||||
BPF_ALU64_REG(BPF_ADD, BPF_REG_6, BPF_REG_5),
|
||||
BPF_MOV64_IMM(BPF_REG_0, 1),
|
||||
BPF_EXIT_INSN(),
|
||||
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||
BPF_EXIT_INSN(),
|
||||
},
|
||||
.result = ACCEPT,
|
||||
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
|
||||
},
|
||||
{
|
||||
"direct packet access: test13 (branches, good access)",
|
||||
.insns = {
|
||||
BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
|
||||
offsetof(struct __sk_buff, data)),
|
||||
BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
|
||||
offsetof(struct __sk_buff, data_end)),
|
||||
BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
|
||||
BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 22),
|
||||
BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 13),
|
||||
BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
|
||||
offsetof(struct __sk_buff, mark)),
|
||||
BPF_MOV64_IMM(BPF_REG_4, 1),
|
||||
BPF_JMP_REG(BPF_JGT, BPF_REG_3, BPF_REG_4, 2),
|
||||
BPF_MOV64_IMM(BPF_REG_3, 14),
|
||||
BPF_JMP_IMM(BPF_JA, 0, 0, 1),
|
||||
BPF_MOV64_IMM(BPF_REG_3, 24),
|
||||
BPF_MOV64_REG(BPF_REG_5, BPF_REG_3),
|
||||
BPF_ALU64_IMM(BPF_ADD, BPF_REG_5, 23),
|
||||
BPF_ALU64_IMM(BPF_AND, BPF_REG_5, 15),
|
||||
BPF_MOV64_REG(BPF_REG_6, BPF_REG_2),
|
||||
BPF_ALU64_REG(BPF_ADD, BPF_REG_6, BPF_REG_5),
|
||||
BPF_MOV64_IMM(BPF_REG_0, 1),
|
||||
BPF_EXIT_INSN(),
|
||||
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||
BPF_EXIT_INSN(),
|
||||
},
|
||||
.result = ACCEPT,
|
||||
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
|
||||
},
|
||||
{
|
||||
"helper access to packet: test1, valid packet_ptr range",
|
||||
.insns = {
|
||||
@ -4208,6 +4286,8 @@ static struct bpf_test tests[] = {
|
||||
.insns = {
|
||||
BPF_MOV64_IMM(BPF_REG_1, 0),
|
||||
BPF_MOV64_IMM(BPF_REG_2, 0),
|
||||
BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -128),
|
||||
BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_10, -128),
|
||||
BPF_ALU64_IMM(BPF_AND, BPF_REG_2, 64),
|
||||
BPF_MOV64_IMM(BPF_REG_3, 0),
|
||||
BPF_MOV64_IMM(BPF_REG_4, 0),
|
||||
@ -4251,6 +4331,8 @@ static struct bpf_test tests[] = {
|
||||
BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -16),
|
||||
BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -8),
|
||||
BPF_MOV64_IMM(BPF_REG_2, 0),
|
||||
BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -128),
|
||||
BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_10, -128),
|
||||
BPF_ALU64_IMM(BPF_AND, BPF_REG_2, 63),
|
||||
BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, 1),
|
||||
BPF_MOV64_IMM(BPF_REG_3, 0),
|
||||
|
Loading…
Reference in New Issue
Block a user