[linux-2.6-block.git] / tools / testing / selftests / bpf / verifier / ctx.c

{
	"context stores via ST",
	.insns = {
	BPF_MOV64_IMM(BPF_REG_0, 0),
	BPF_ST_MEM(BPF_DW, BPF_REG_1, offsetof(struct __sk_buff, mark), 0),
	BPF_EXIT_INSN(),
	},
	.errstr = "BPF_ST stores into R1 ctx is not allowed",
	.result = REJECT,
	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
},
{
	"context stores via XADD",
	.insns = {
	BPF_MOV64_IMM(BPF_REG_0, 0),
	BPF_RAW_INSN(BPF_STX | BPF_XADD | BPF_W, BPF_REG_1,
		     BPF_REG_0, offsetof(struct __sk_buff, mark), 0),
	BPF_EXIT_INSN(),
	},
	.errstr = "BPF_XADD stores into R1 ctx is not allowed",
	.result = REJECT,
	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
},
{
	"arithmetic ops make PTR_TO_CTX unusable",
	.insns = {
		BPF_ALU64_IMM(BPF_ADD, BPF_REG_1,
			      offsetof(struct __sk_buff, data) -
			      offsetof(struct __sk_buff, mark)),
		BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
			    offsetof(struct __sk_buff, mark)),
		BPF_EXIT_INSN(),
	},
	.errstr = "dereference of modified ctx ptr",
	.result = REJECT,
	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
},
{
	"pass unmodified ctx pointer to helper",
	.insns = {
		BPF_MOV64_IMM(BPF_REG_2, 0),
		BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
			     BPF_FUNC_csum_update),
		BPF_MOV64_IMM(BPF_REG_0, 0),
		BPF_EXIT_INSN(),
	},
	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
	.result = ACCEPT,
},
{
	"pass modified ctx pointer to helper, 1",
	.insns = {
		BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -612),
		BPF_MOV64_IMM(BPF_REG_2, 0),
		BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
			     BPF_FUNC_csum_update),
		BPF_MOV64_IMM(BPF_REG_0, 0),
		BPF_EXIT_INSN(),
	},
	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
	.result = REJECT,
	.errstr = "dereference of modified ctx ptr",
},
{
	"pass modified ctx pointer to helper, 2",
	.insns = {
		BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -612),
		BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
			     BPF_FUNC_get_socket_cookie),
		BPF_MOV64_IMM(BPF_REG_0, 0),
		BPF_EXIT_INSN(),
	},
	.result_unpriv = REJECT,
	.result = REJECT,
	.errstr_unpriv = "dereference of modified ctx ptr",
	.errstr = "dereference of modified ctx ptr",
},
{
	"pass modified ctx pointer to helper, 3",
	.insns = {
		BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 0),
		BPF_ALU64_IMM(BPF_AND, BPF_REG_3, 4),
		BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_3),
		BPF_MOV64_IMM(BPF_REG_2, 0),
		BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0,
			     BPF_FUNC_csum_update),
		BPF_MOV64_IMM(BPF_REG_0, 0),
		BPF_EXIT_INSN(),
	},
	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
	.result = REJECT,
	.errstr = "variable ctx access var_off=(0x0; 0x4)",
},
Commit	Line	Data
40f2fbd5 JK	1	{
	2	"context stores via ST",
	3	.insns = {
	4	BPF_MOV64_IMM(BPF_REG_0, 0),
	5	BPF_ST_MEM(BPF_DW, BPF_REG_1, offsetof(struct __sk_buff, mark), 0),
	6	BPF_EXIT_INSN(),
	7	},
	8	.errstr = "BPF_ST stores into R1 ctx is not allowed",
	9	.result = REJECT,
	10	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
	11	},
	12	{
	13	"context stores via XADD",
	14	.insns = {
	15	BPF_MOV64_IMM(BPF_REG_0, 0),
	16	BPF_RAW_INSN(BPF_STX \| BPF_XADD \| BPF_W, BPF_REG_1,
	17	BPF_REG_0, offsetof(struct __sk_buff, mark), 0),
	18	BPF_EXIT_INSN(),
	19	},
	20	.errstr = "BPF_XADD stores into R1 ctx is not allowed",
	21	.result = REJECT,
	22	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
	23	},
48729226 JK	24	{
	25	"arithmetic ops make PTR_TO_CTX unusable",
	26	.insns = {
	27	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1,
	28	offsetof(struct __sk_buff, data) -
	29	offsetof(struct __sk_buff, mark)),
	30	BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
	31	offsetof(struct __sk_buff, mark)),
	32	BPF_EXIT_INSN(),
	33	},
	34	.errstr = "dereference of modified ctx ptr",
	35	.result = REJECT,
	36	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
	37	},
	38	{
	39	"pass unmodified ctx pointer to helper",
	40	.insns = {
	41	BPF_MOV64_IMM(BPF_REG_2, 0),
	42	BPF_RAW_INSN(BPF_JMP \| BPF_CALL, 0, 0, 0,
	43	BPF_FUNC_csum_update),
	44	BPF_MOV64_IMM(BPF_REG_0, 0),
	45	BPF_EXIT_INSN(),
	46	},
	47	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
	48	.result = ACCEPT,
	49	},
	50	{
	51	"pass modified ctx pointer to helper, 1",
	52	.insns = {
	53	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -612),
	54	BPF_MOV64_IMM(BPF_REG_2, 0),
	55	BPF_RAW_INSN(BPF_JMP \| BPF_CALL, 0, 0, 0,
	56	BPF_FUNC_csum_update),
	57	BPF_MOV64_IMM(BPF_REG_0, 0),
	58	BPF_EXIT_INSN(),
	59	},
	60	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
	61	.result = REJECT,
	62	.errstr = "dereference of modified ctx ptr",
	63	},
	64	{
	65	"pass modified ctx pointer to helper, 2",
	66	.insns = {
	67	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -612),
	68	BPF_RAW_INSN(BPF_JMP \| BPF_CALL, 0, 0, 0,
	69	BPF_FUNC_get_socket_cookie),
	70	BPF_MOV64_IMM(BPF_REG_0, 0),
	71	BPF_EXIT_INSN(),
	72	},
	73	.result_unpriv = REJECT,
	74	.result = REJECT,
	75	.errstr_unpriv = "dereference of modified ctx ptr",
	76	.errstr = "dereference of modified ctx ptr",
	77	},
	78	{
	79	"pass modified ctx pointer to helper, 3",
	80	.insns = {
	81	BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 0),
	82	BPF_ALU64_IMM(BPF_AND, BPF_REG_3, 4),
	83	BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_3),
	84	BPF_MOV64_IMM(BPF_REG_2, 0),
	85	BPF_RAW_INSN(BPF_JMP \| BPF_CALL, 0, 0, 0,
	86	BPF_FUNC_csum_update),
	87	BPF_MOV64_IMM(BPF_REG_0, 0),
88	BPF_EXIT_INSN(),
89	},
90	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
91	.result = REJECT,
92	.errstr = "variable ctx access var_off=(0x0; 0x4)",
93	},