linux/tools/testing/selftests/bpf/progs/verifier_ctx_sk_msg.c

// SPDX-License-Identifier: GPL-2.0
/* Converted from tools/testing/selftests/bpf/verifier/ctx_sk_msg.c */

#include <linux/bpf.h>
#include <bpf/bpf_helpers.h>
#include "bpf_misc.h"

SEC("sk_msg")
__description("valid access family in SK_MSG")
__success
__naked void access_family_in_sk_msg(void)
{
	asm volatile ("					\
	r0 = *(u32*)(r1 + %[sk_msg_md_family]);		\
	exit;						\
"	:
	: __imm_const(sk_msg_md_family, offsetof(struct sk_msg_md, family))
	: __clobber_all);
}

SEC("sk_msg")
__description("valid access remote_ip4 in SK_MSG")
__success
__naked void remote_ip4_in_sk_msg(void)
{
	asm volatile ("					\
	r0 = *(u32*)(r1 + %[sk_msg_md_remote_ip4]);	\
	exit;						\
"	:
	: __imm_const(sk_msg_md_remote_ip4, offsetof(struct sk_msg_md, remote_ip4))
	: __clobber_all);
}

SEC("sk_msg")
__description("valid access local_ip4 in SK_MSG")
__success
__naked void local_ip4_in_sk_msg(void)
{
	asm volatile ("					\
	r0 = *(u32*)(r1 + %[sk_msg_md_local_ip4]);	\
	exit;						\
"	:
	: __imm_const(sk_msg_md_local_ip4, offsetof(struct sk_msg_md, local_ip4))
	: __clobber_all);
}

SEC("sk_msg")
__description("valid access remote_port in SK_MSG")
__success
__naked void remote_port_in_sk_msg(void)
{
	asm volatile ("					\
	r0 = *(u32*)(r1 + %[sk_msg_md_remote_port]);	\
	exit;						\
"	:
	: __imm_const(sk_msg_md_remote_port, offsetof(struct sk_msg_md, remote_port))
	: __clobber_all);
}

SEC("sk_msg")
__description("valid access local_port in SK_MSG")
__success
__naked void local_port_in_sk_msg(void)
{
	asm volatile ("					\
	r0 = *(u32*)(r1 + %[sk_msg_md_local_port]);	\
	exit;						\
"	:
	: __imm_const(sk_msg_md_local_port, offsetof(struct sk_msg_md, local_port))
	: __clobber_all);
}

SEC("sk_skb")
__description("valid access remote_ip6 in SK_MSG")
__success
__naked void remote_ip6_in_sk_msg(void)
{
	asm volatile ("					\
	r0 = *(u32*)(r1 + %[sk_msg_md_remote_ip6_0]);	\
	r0 = *(u32*)(r1 + %[sk_msg_md_remote_ip6_1]);	\
	r0 = *(u32*)(r1 + %[sk_msg_md_remote_ip6_2]);	\
	r0 = *(u32*)(r1 + %[sk_msg_md_remote_ip6_3]);	\
	exit;						\
"	:
	: __imm_const(sk_msg_md_remote_ip6_0, offsetof(struct sk_msg_md, remote_ip6[0])),
	  __imm_const(sk_msg_md_remote_ip6_1, offsetof(struct sk_msg_md, remote_ip6[1])),
	  __imm_const(sk_msg_md_remote_ip6_2, offsetof(struct sk_msg_md, remote_ip6[2])),
	  __imm_const(sk_msg_md_remote_ip6_3, offsetof(struct sk_msg_md, remote_ip6[3]))
	: __clobber_all);
}

SEC("sk_skb")
__description("valid access local_ip6 in SK_MSG")
__success
__naked void local_ip6_in_sk_msg(void)
{
	asm volatile ("					\
	r0 = *(u32*)(r1 + %[sk_msg_md_local_ip6_0]);	\
	r0 = *(u32*)(r1 + %[sk_msg_md_local_ip6_1]);	\
	r0 = *(u32*)(r1 + %[sk_msg_md_local_ip6_2]);	\
	r0 = *(u32*)(r1 + %[sk_msg_md_local_ip6_3]);	\
	exit;						\
"	:
	: __imm_const(sk_msg_md_local_ip6_0, offsetof(struct sk_msg_md, local_ip6[0])),
	  __imm_const(sk_msg_md_local_ip6_1, offsetof(struct sk_msg_md, local_ip6[1])),
	  __imm_const(sk_msg_md_local_ip6_2, offsetof(struct sk_msg_md, local_ip6[2])),
	  __imm_const(sk_msg_md_local_ip6_3, offsetof(struct sk_msg_md, local_ip6[3]))
	: __clobber_all);
}

SEC("sk_msg")
__description("valid access size in SK_MSG")
__success
__naked void access_size_in_sk_msg(void)
{
	asm volatile ("					\
	r0 = *(u32*)(r1 + %[sk_msg_md_size]);		\
	exit;						\
"	:
	: __imm_const(sk_msg_md_size, offsetof(struct sk_msg_md, size))
	: __clobber_all);
}

SEC("sk_msg")
__description("invalid 64B read of size in SK_MSG")
__failure __msg("invalid bpf_context access")
__flag(BPF_F_ANY_ALIGNMENT)
__naked void of_size_in_sk_msg(void)
{
	asm volatile ("					\
	r2 = *(u64*)(r1 + %[sk_msg_md_size]);		\
	exit;						\
"	:
	: __imm_const(sk_msg_md_size, offsetof(struct sk_msg_md, size))
	: __clobber_all);
}

SEC("sk_msg")
__description("invalid read past end of SK_MSG")
__failure __msg("invalid bpf_context access")
__naked void past_end_of_sk_msg(void)
{
	asm volatile ("					\
	r2 = *(u32*)(r1 + %[__imm_0]);			\
	exit;						\
"	:
	: __imm_const(__imm_0, offsetof(struct sk_msg_md, size) + 4)
	: __clobber_all);
}

SEC("sk_msg")
__description("invalid read offset in SK_MSG")
__failure __msg("invalid bpf_context access")
__flag(BPF_F_ANY_ALIGNMENT)
__naked void read_offset_in_sk_msg(void)
{
	asm volatile ("					\
	r2 = *(u32*)(r1 + %[__imm_0]);			\
	exit;						\
"	:
	: __imm_const(__imm_0, offsetof(struct sk_msg_md, family) + 1)
	: __clobber_all);
}

SEC("sk_msg")
__description("direct packet read for SK_MSG")
__success
__naked void packet_read_for_sk_msg(void)
{
	asm volatile ("					\
	r2 = *(u64*)(r1 + %[sk_msg_md_data]);		\
	r3 = *(u64*)(r1 + %[sk_msg_md_data_end]);	\
	r0 = r2;					\
	r0 += 8;					\
	if r0 > r3 goto l0_%=;				\
	r0 = *(u8*)(r2 + 0);				\
l0_%=:	r0 = 0;						\
	exit;						\
"	:
	: __imm_const(sk_msg_md_data, offsetof(struct sk_msg_md, data)),
	  __imm_const(sk_msg_md_data_end, offsetof(struct sk_msg_md, data_end))
	: __clobber_all);
}

SEC("sk_msg")
__description("direct packet write for SK_MSG")
__success
__naked void packet_write_for_sk_msg(void)
{
	asm volatile ("					\
	r2 = *(u64*)(r1 + %[sk_msg_md_data]);		\
	r3 = *(u64*)(r1 + %[sk_msg_md_data_end]);	\
	r0 = r2;					\
	r0 += 8;					\
	if r0 > r3 goto l0_%=;				\
	*(u8*)(r2 + 0) = r2;				\
l0_%=:	r0 = 0;						\
	exit;						\
"	:
	: __imm_const(sk_msg_md_data, offsetof(struct sk_msg_md, data)),
	  __imm_const(sk_msg_md_data_end, offsetof(struct sk_msg_md, data_end))
	: __clobber_all);
}

SEC("sk_msg")
__description("overlapping checks for direct packet access SK_MSG")
__success
__naked void direct_packet_access_sk_msg(void)
{
	asm volatile ("					\
	r2 = *(u64*)(r1 + %[sk_msg_md_data]);		\
	r3 = *(u64*)(r1 + %[sk_msg_md_data_end]);	\
	r0 = r2;					\
	r0 += 8;					\
	if r0 > r3 goto l0_%=;				\
	r1 = r2;					\
	r1 += 6;					\
	if r1 > r3 goto l0_%=;				\
	r0 = *(u16*)(r2 + 6);				\
l0_%=:	r0 = 0;						\
	exit;						\
"	:
	: __imm_const(sk_msg_md_data, offsetof(struct sk_msg_md, data)),
	  __imm_const(sk_msg_md_data_end, offsetof(struct sk_msg_md, data_end))
	: __clobber_all);
}

char _license[] SEC("license") = "GPL";