]> asedeno.scripts.mit.edu Git - linux.git/blob - tools/testing/selftests/bpf/verifier/ctx_skb.c
projects / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
selftests/bpf: add "any alignment" annotation for some tests
[linux.git] / tools / testing / selftests / bpf / verifier / ctx_skb.c
1 {
2         "access skb fields ok",
3         .insns = {
4         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
5                     offsetof(struct __sk_buff, len)),
6         BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 1),
7         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
8                     offsetof(struct __sk_buff, mark)),
9         BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 1),
10         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
11                     offsetof(struct __sk_buff, pkt_type)),
12         BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 1),
13         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
14                     offsetof(struct __sk_buff, queue_mapping)),
15         BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 0),
16         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
17                     offsetof(struct __sk_buff, protocol)),
18         BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 0),
19         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
20                     offsetof(struct __sk_buff, vlan_present)),
21         BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 0),
22         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
23                     offsetof(struct __sk_buff, vlan_tci)),
24         BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 0),
25         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
26                     offsetof(struct __sk_buff, napi_id)),
27         BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 0),
28         BPF_EXIT_INSN(),
29         },
30         .result = ACCEPT,
31 },
32 {
33         "access skb fields bad1",
34         .insns = {
35         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, -4),
36         BPF_EXIT_INSN(),
37         },
38         .errstr = "invalid bpf_context access",
39         .result = REJECT,
40 },
41 {
42         "access skb fields bad2",
43         .insns = {
44         BPF_JMP_IMM(BPF_JGE, BPF_REG_1, 0, 9),
45         BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
46         BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
47         BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
48         BPF_LD_MAP_FD(BPF_REG_1, 0),
49         BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
50         BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
51         BPF_EXIT_INSN(),
52         BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
53         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
54                     offsetof(struct __sk_buff, pkt_type)),
55         BPF_EXIT_INSN(),
56         },
57         .fixup_map_hash_8b = { 4 },
58         .errstr = "different pointers",
59         .errstr_unpriv = "R1 pointer comparison",
60         .result = REJECT,
61 },
62 {
63         "access skb fields bad3",
64         .insns = {
65         BPF_JMP_IMM(BPF_JGE, BPF_REG_1, 0, 2),
66         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
67                     offsetof(struct __sk_buff, pkt_type)),
68         BPF_EXIT_INSN(),
69         BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
70         BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
71         BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
72         BPF_LD_MAP_FD(BPF_REG_1, 0),
73         BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
74         BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
75         BPF_EXIT_INSN(),
76         BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
77         BPF_JMP_IMM(BPF_JA, 0, 0, -12),
78         },
79         .fixup_map_hash_8b = { 6 },
80         .errstr = "different pointers",
81         .errstr_unpriv = "R1 pointer comparison",
82         .result = REJECT,
83 },
84 {
85         "access skb fields bad4",
86         .insns = {
87         BPF_JMP_IMM(BPF_JGE, BPF_REG_1, 0, 3),
88         BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_1,
89                     offsetof(struct __sk_buff, len)),
90         BPF_MOV64_IMM(BPF_REG_0, 0),
91         BPF_EXIT_INSN(),
92         BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
93         BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
94         BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
95         BPF_LD_MAP_FD(BPF_REG_1, 0),
96         BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
97         BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
98         BPF_EXIT_INSN(),
99         BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
100         BPF_JMP_IMM(BPF_JA, 0, 0, -13),
101         },
102         .fixup_map_hash_8b = { 7 },
103         .errstr = "different pointers",
104         .errstr_unpriv = "R1 pointer comparison",
105         .result = REJECT,
106 },
107 {
108         "invalid access __sk_buff family",
109         .insns = {
110         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
111                     offsetof(struct __sk_buff, family)),
112         BPF_EXIT_INSN(),
113         },
114         .errstr = "invalid bpf_context access",
115         .result = REJECT,
116 },
117 {
118         "invalid access __sk_buff remote_ip4",
119         .insns = {
120         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
121                     offsetof(struct __sk_buff, remote_ip4)),
122         BPF_EXIT_INSN(),
123         },
124         .errstr = "invalid bpf_context access",
125         .result = REJECT,
126 },
127 {
128         "invalid access __sk_buff local_ip4",
129         .insns = {
130         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
131                     offsetof(struct __sk_buff, local_ip4)),
132         BPF_EXIT_INSN(),
133         },
134         .errstr = "invalid bpf_context access",
135         .result = REJECT,
136 },
137 {
138         "invalid access __sk_buff remote_ip6",
139         .insns = {
140         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
141                     offsetof(struct __sk_buff, remote_ip6)),
142         BPF_EXIT_INSN(),
143         },
144         .errstr = "invalid bpf_context access",
145         .result = REJECT,
146 },
147 {
148         "invalid access __sk_buff local_ip6",
149         .insns = {
150         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
151                     offsetof(struct __sk_buff, local_ip6)),
152         BPF_EXIT_INSN(),
153         },
154         .errstr = "invalid bpf_context access",
155         .result = REJECT,
156 },
157 {
158         "invalid access __sk_buff remote_port",
159         .insns = {
160         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
161                     offsetof(struct __sk_buff, remote_port)),
162         BPF_EXIT_INSN(),
163         },
164         .errstr = "invalid bpf_context access",
165         .result = REJECT,
166 },
167 {
168         "invalid access __sk_buff remote_port",
169         .insns = {
170         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
171                     offsetof(struct __sk_buff, local_port)),
172         BPF_EXIT_INSN(),
173         },
174         .errstr = "invalid bpf_context access",
175         .result = REJECT,
176 },
177 {
178         "valid access __sk_buff family",
179         .insns = {
180         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
181                     offsetof(struct __sk_buff, family)),
182         BPF_EXIT_INSN(),
183         },
184         .result = ACCEPT,
185         .prog_type = BPF_PROG_TYPE_SK_SKB,
186 },
187 {
188         "valid access __sk_buff remote_ip4",
189         .insns = {
190         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
191                     offsetof(struct __sk_buff, remote_ip4)),
192         BPF_EXIT_INSN(),
193         },
194         .result = ACCEPT,
195         .prog_type = BPF_PROG_TYPE_SK_SKB,
196 },
197 {
198         "valid access __sk_buff local_ip4",
199         .insns = {
200         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
201                     offsetof(struct __sk_buff, local_ip4)),
202         BPF_EXIT_INSN(),
203         },
204         .result = ACCEPT,
205         .prog_type = BPF_PROG_TYPE_SK_SKB,
206 },
207 {
208         "valid access __sk_buff remote_ip6",
209         .insns = {
210         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
211                     offsetof(struct __sk_buff, remote_ip6[0])),
212         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
213                     offsetof(struct __sk_buff, remote_ip6[1])),
214         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
215                     offsetof(struct __sk_buff, remote_ip6[2])),
216         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
217                     offsetof(struct __sk_buff, remote_ip6[3])),
218         BPF_EXIT_INSN(),
219         },
220         .result = ACCEPT,
221         .prog_type = BPF_PROG_TYPE_SK_SKB,
222 },
223 {
224         "valid access __sk_buff local_ip6",
225         .insns = {
226         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
227                     offsetof(struct __sk_buff, local_ip6[0])),
228         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
229                     offsetof(struct __sk_buff, local_ip6[1])),
230         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
231                     offsetof(struct __sk_buff, local_ip6[2])),
232         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
233                     offsetof(struct __sk_buff, local_ip6[3])),
234         BPF_EXIT_INSN(),
235         },
236         .result = ACCEPT,
237         .prog_type = BPF_PROG_TYPE_SK_SKB,
238 },
239 {
240         "valid access __sk_buff remote_port",
241         .insns = {
242         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
243                     offsetof(struct __sk_buff, remote_port)),
244         BPF_EXIT_INSN(),
245         },
246         .result = ACCEPT,
247         .prog_type = BPF_PROG_TYPE_SK_SKB,
248 },
249 {
250         "valid access __sk_buff remote_port",
251         .insns = {
252         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
253                     offsetof(struct __sk_buff, local_port)),
254         BPF_EXIT_INSN(),
255         },
256         .result = ACCEPT,
257         .prog_type = BPF_PROG_TYPE_SK_SKB,
258 },
259 {
260         "invalid access of tc_classid for SK_SKB",
261         .insns = {
262         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
263                     offsetof(struct __sk_buff, tc_classid)),
264         BPF_EXIT_INSN(),
265         },
266         .result = REJECT,
267         .prog_type = BPF_PROG_TYPE_SK_SKB,
268         .errstr = "invalid bpf_context access",
269 },
270 {
271         "invalid access of skb->mark for SK_SKB",
272         .insns = {
273         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
274                     offsetof(struct __sk_buff, mark)),
275         BPF_EXIT_INSN(),
276         },
277         .result =  REJECT,
278         .prog_type = BPF_PROG_TYPE_SK_SKB,
279         .errstr = "invalid bpf_context access",
280 },
281 {
282         "check skb->mark is not writeable by SK_SKB",
283         .insns = {
284         BPF_MOV64_IMM(BPF_REG_0, 0),
285         BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0,
286                     offsetof(struct __sk_buff, mark)),
287         BPF_EXIT_INSN(),
288         },
289         .result =  REJECT,
290         .prog_type = BPF_PROG_TYPE_SK_SKB,
291         .errstr = "invalid bpf_context access",
292 },
293 {
294         "check skb->tc_index is writeable by SK_SKB",
295         .insns = {
296         BPF_MOV64_IMM(BPF_REG_0, 0),
297         BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0,
298                     offsetof(struct __sk_buff, tc_index)),
299         BPF_EXIT_INSN(),
300         },
301         .result = ACCEPT,
302         .prog_type = BPF_PROG_TYPE_SK_SKB,
303 },
304 {
305         "check skb->priority is writeable by SK_SKB",
306         .insns = {
307         BPF_MOV64_IMM(BPF_REG_0, 0),
308         BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0,
309                     offsetof(struct __sk_buff, priority)),
310         BPF_EXIT_INSN(),
311         },
312         .result = ACCEPT,
313         .prog_type = BPF_PROG_TYPE_SK_SKB,
314 },
315 {
316         "direct packet read for SK_SKB",
317         .insns = {
318         BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
319                     offsetof(struct __sk_buff, data)),
320         BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
321                     offsetof(struct __sk_buff, data_end)),
322         BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
323         BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
324         BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1),
325         BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0),
326         BPF_MOV64_IMM(BPF_REG_0, 0),
327         BPF_EXIT_INSN(),
328         },
329         .result = ACCEPT,
330         .prog_type = BPF_PROG_TYPE_SK_SKB,
331 },
332 {
333         "direct packet write for SK_SKB",
334         .insns = {
335         BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
336                     offsetof(struct __sk_buff, data)),
337         BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
338                     offsetof(struct __sk_buff, data_end)),
339         BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
340         BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
341         BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1),
342         BPF_STX_MEM(BPF_B, BPF_REG_2, BPF_REG_2, 0),
343         BPF_MOV64_IMM(BPF_REG_0, 0),
344         BPF_EXIT_INSN(),
345         },
346         .result = ACCEPT,
347         .prog_type = BPF_PROG_TYPE_SK_SKB,
348 },
349 {
350         "overlapping checks for direct packet access SK_SKB",
351         .insns = {
352         BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1,
353                     offsetof(struct __sk_buff, data)),
354         BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1,
355                     offsetof(struct __sk_buff, data_end)),
356         BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
357         BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8),
358         BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 4),
359         BPF_MOV64_REG(BPF_REG_1, BPF_REG_2),
360         BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 6),
361         BPF_JMP_REG(BPF_JGT, BPF_REG_1, BPF_REG_3, 1),
362         BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_2, 6),
363         BPF_MOV64_IMM(BPF_REG_0, 0),
364         BPF_EXIT_INSN(),
365         },
366         .result = ACCEPT,
367         .prog_type = BPF_PROG_TYPE_SK_SKB,
368 },
369 {
370         "check skb->mark is not writeable by sockets",
371         .insns = {
372         BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_1,
373                     offsetof(struct __sk_buff, mark)),
374         BPF_EXIT_INSN(),
375         },
376         .errstr = "invalid bpf_context access",
377         .errstr_unpriv = "R1 leaks addr",
378         .result = REJECT,
379 },
380 {
381         "check skb->tc_index is not writeable by sockets",
382         .insns = {
383         BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_1,
384                     offsetof(struct __sk_buff, tc_index)),
385         BPF_EXIT_INSN(),
386         },
387         .errstr = "invalid bpf_context access",
388         .errstr_unpriv = "R1 leaks addr",
389         .result = REJECT,
390 },
391 {
392         "check cb access: byte",
393         .insns = {
394         BPF_MOV64_IMM(BPF_REG_0, 0),
395         BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0,
396                     offsetof(struct __sk_buff, cb[0])),
397         BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0,
398                     offsetof(struct __sk_buff, cb[0]) + 1),
399         BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0,
400                     offsetof(struct __sk_buff, cb[0]) + 2),
401         BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0,
402                     offsetof(struct __sk_buff, cb[0]) + 3),
403         BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0,
404                     offsetof(struct __sk_buff, cb[1])),
405         BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0,
406                     offsetof(struct __sk_buff, cb[1]) + 1),
407         BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0,
408                     offsetof(struct __sk_buff, cb[1]) + 2),
409         BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0,
410                     offsetof(struct __sk_buff, cb[1]) + 3),
411         BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0,
412                     offsetof(struct __sk_buff, cb[2])),
413         BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0,
414                     offsetof(struct __sk_buff, cb[2]) + 1),
415         BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0,
416                     offsetof(struct __sk_buff, cb[2]) + 2),
417         BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0,
418                     offsetof(struct __sk_buff, cb[2]) + 3),
419         BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0,
420                     offsetof(struct __sk_buff, cb[3])),
421         BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0,
422                     offsetof(struct __sk_buff, cb[3]) + 1),
423         BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0,
424                     offsetof(struct __sk_buff, cb[3]) + 2),
425         BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0,
426                     offsetof(struct __sk_buff, cb[3]) + 3),
427         BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0,
428                     offsetof(struct __sk_buff, cb[4])),
429         BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0,
430                     offsetof(struct __sk_buff, cb[4]) + 1),
431         BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0,
432                     offsetof(struct __sk_buff, cb[4]) + 2),
433         BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0,
434                     offsetof(struct __sk_buff, cb[4]) + 3),
435         BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
436                     offsetof(struct __sk_buff, cb[0])),
437         BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
438                     offsetof(struct __sk_buff, cb[0]) + 1),
439         BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
440                     offsetof(struct __sk_buff, cb[0]) + 2),
441         BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
442                     offsetof(struct __sk_buff, cb[0]) + 3),
443         BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
444                     offsetof(struct __sk_buff, cb[1])),
445         BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
446                     offsetof(struct __sk_buff, cb[1]) + 1),
447         BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
448                     offsetof(struct __sk_buff, cb[1]) + 2),
449         BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
450                     offsetof(struct __sk_buff, cb[1]) + 3),
451         BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
452                     offsetof(struct __sk_buff, cb[2])),
453         BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
454                     offsetof(struct __sk_buff, cb[2]) + 1),
455         BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
456                     offsetof(struct __sk_buff, cb[2]) + 2),
457         BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
458                     offsetof(struct __sk_buff, cb[2]) + 3),
459         BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
460                     offsetof(struct __sk_buff, cb[3])),
461         BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
462                     offsetof(struct __sk_buff, cb[3]) + 1),
463         BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
464                     offsetof(struct __sk_buff, cb[3]) + 2),
465         BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
466                     offsetof(struct __sk_buff, cb[3]) + 3),
467         BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
468                     offsetof(struct __sk_buff, cb[4])),
469         BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
470                     offsetof(struct __sk_buff, cb[4]) + 1),
471         BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
472                     offsetof(struct __sk_buff, cb[4]) + 2),
473         BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
474                     offsetof(struct __sk_buff, cb[4]) + 3),
475         BPF_EXIT_INSN(),
476         },
477         .result = ACCEPT,
478 },
479 {
480         "__sk_buff->hash, offset 0, byte store not permitted",
481         .insns = {
482         BPF_MOV64_IMM(BPF_REG_0, 0),
483         BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0,
484                     offsetof(struct __sk_buff, hash)),
485         BPF_EXIT_INSN(),
486         },
487         .errstr = "invalid bpf_context access",
488         .result = REJECT,
489 },
490 {
491         "__sk_buff->tc_index, offset 3, byte store not permitted",
492         .insns = {
493         BPF_MOV64_IMM(BPF_REG_0, 0),
494         BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0,
495                     offsetof(struct __sk_buff, tc_index) + 3),
496         BPF_EXIT_INSN(),
497         },
498         .errstr = "invalid bpf_context access",
499         .result = REJECT,
500 },
501 {
502         "check skb->hash byte load permitted",
503         .insns = {
504         BPF_MOV64_IMM(BPF_REG_0, 0),
505 #if __BYTE_ORDER == __LITTLE_ENDIAN
506         BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
507                     offsetof(struct __sk_buff, hash)),
508 #else
509         BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
510                     offsetof(struct __sk_buff, hash) + 3),
511 #endif
512         BPF_EXIT_INSN(),
513         },
514         .result = ACCEPT,
515 },
516 {
517         "check skb->hash byte load permitted 1",
518         .insns = {
519         BPF_MOV64_IMM(BPF_REG_0, 0),
520         BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
521                     offsetof(struct __sk_buff, hash) + 1),
522         BPF_EXIT_INSN(),
523         },
524         .result = ACCEPT,
525 },
526 {
527         "check skb->hash byte load permitted 2",
528         .insns = {
529         BPF_MOV64_IMM(BPF_REG_0, 0),
530         BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
531                     offsetof(struct __sk_buff, hash) + 2),
532         BPF_EXIT_INSN(),
533         },
534         .result = ACCEPT,
535 },
536 {
537         "check skb->hash byte load permitted 3",
538         .insns = {
539         BPF_MOV64_IMM(BPF_REG_0, 0),
540 #if __BYTE_ORDER == __LITTLE_ENDIAN
541         BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
542                     offsetof(struct __sk_buff, hash) + 3),
543 #else
544         BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1,
545                     offsetof(struct __sk_buff, hash)),
546 #endif
547         BPF_EXIT_INSN(),
548         },
549         .result = ACCEPT,
550 },
551 {
552         "check cb access: byte, wrong type",
553         .insns = {
554         BPF_MOV64_IMM(BPF_REG_0, 0),
555         BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_0,
556                     offsetof(struct __sk_buff, cb[0])),
557         BPF_EXIT_INSN(),
558         },
559         .errstr = "invalid bpf_context access",
560         .result = REJECT,
561         .prog_type = BPF_PROG_TYPE_CGROUP_SOCK,
562 },
563 {
564         "check cb access: half",
565         .insns = {
566         BPF_MOV64_IMM(BPF_REG_0, 0),
567         BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0,
568                     offsetof(struct __sk_buff, cb[0])),
569         BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0,
570                     offsetof(struct __sk_buff, cb[0]) + 2),
571         BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0,
572                     offsetof(struct __sk_buff, cb[1])),
573         BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0,
574                     offsetof(struct __sk_buff, cb[1]) + 2),
575         BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0,
576                     offsetof(struct __sk_buff, cb[2])),
577         BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0,
578                     offsetof(struct __sk_buff, cb[2]) + 2),
579         BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0,
580                     offsetof(struct __sk_buff, cb[3])),
581         BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0,
582                     offsetof(struct __sk_buff, cb[3]) + 2),
583         BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0,
584                     offsetof(struct __sk_buff, cb[4])),
585         BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0,
586                     offsetof(struct __sk_buff, cb[4]) + 2),
587         BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
588                     offsetof(struct __sk_buff, cb[0])),
589         BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
590                     offsetof(struct __sk_buff, cb[0]) + 2),
591         BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
592                     offsetof(struct __sk_buff, cb[1])),
593         BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
594                     offsetof(struct __sk_buff, cb[1]) + 2),
595         BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
596                     offsetof(struct __sk_buff, cb[2])),
597         BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
598                     offsetof(struct __sk_buff, cb[2]) + 2),
599         BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
600                     offsetof(struct __sk_buff, cb[3])),
601         BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
602                     offsetof(struct __sk_buff, cb[3]) + 2),
603         BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
604                     offsetof(struct __sk_buff, cb[4])),
605         BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
606                     offsetof(struct __sk_buff, cb[4]) + 2),
607         BPF_EXIT_INSN(),
608         },
609         .result = ACCEPT,
610 },
611 {
612         "check cb access: half, unaligned",
613         .insns = {
614         BPF_MOV64_IMM(BPF_REG_0, 0),
615         BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0,
616                     offsetof(struct __sk_buff, cb[0]) + 1),
617         BPF_EXIT_INSN(),
618         },
619         .errstr = "misaligned context access",
620         .result = REJECT,
621         .flags = F_LOAD_WITH_STRICT_ALIGNMENT,
622 },
623 {
624         "check __sk_buff->hash, offset 0, half store not permitted",
625         .insns = {
626         BPF_MOV64_IMM(BPF_REG_0, 0),
627         BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0,
628                     offsetof(struct __sk_buff, hash)),
629         BPF_EXIT_INSN(),
630         },
631         .errstr = "invalid bpf_context access",
632         .result = REJECT,
633 },
634 {
635         "check __sk_buff->tc_index, offset 2, half store not permitted",
636         .insns = {
637         BPF_MOV64_IMM(BPF_REG_0, 0),
638         BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0,
639                     offsetof(struct __sk_buff, tc_index) + 2),
640         BPF_EXIT_INSN(),
641         },
642         .errstr = "invalid bpf_context access",
643         .result = REJECT,
644 },
645 {
646         "check skb->hash half load permitted",
647         .insns = {
648         BPF_MOV64_IMM(BPF_REG_0, 0),
649 #if __BYTE_ORDER == __LITTLE_ENDIAN
650         BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
651                     offsetof(struct __sk_buff, hash)),
652 #else
653         BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
654                     offsetof(struct __sk_buff, hash) + 2),
655 #endif
656         BPF_EXIT_INSN(),
657         },
658         .result = ACCEPT,
659 },
660 {
661         "check skb->hash half load permitted 2",
662         .insns = {
663         BPF_MOV64_IMM(BPF_REG_0, 0),
664 #if __BYTE_ORDER == __LITTLE_ENDIAN
665         BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
666                     offsetof(struct __sk_buff, hash) + 2),
667 #else
668         BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
669                     offsetof(struct __sk_buff, hash)),
670 #endif
671         BPF_EXIT_INSN(),
672         },
673         .result = ACCEPT,
674 },
675 {
676         "check skb->hash half load not permitted, unaligned 1",
677         .insns = {
678         BPF_MOV64_IMM(BPF_REG_0, 0),
679 #if __BYTE_ORDER == __LITTLE_ENDIAN
680         BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
681                     offsetof(struct __sk_buff, hash) + 1),
682 #else
683         BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
684                     offsetof(struct __sk_buff, hash) + 3),
685 #endif
686         BPF_EXIT_INSN(),
687         },
688         .errstr = "invalid bpf_context access",
689         .result = REJECT,
690         .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
691 },
692 {
693         "check skb->hash half load not permitted, unaligned 3",
694         .insns = {
695         BPF_MOV64_IMM(BPF_REG_0, 0),
696 #if __BYTE_ORDER == __LITTLE_ENDIAN
697         BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
698                     offsetof(struct __sk_buff, hash) + 3),
699 #else
700         BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
701                     offsetof(struct __sk_buff, hash) + 1),
702 #endif
703         BPF_EXIT_INSN(),
704         },
705         .errstr = "invalid bpf_context access",
706         .result = REJECT,
707         .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
708         .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
709 },
710 {
711         "check cb access: half, wrong type",
712         .insns = {
713         BPF_MOV64_IMM(BPF_REG_0, 0),
714         BPF_STX_MEM(BPF_H, BPF_REG_1, BPF_REG_0,
715                     offsetof(struct __sk_buff, cb[0])),
716         BPF_EXIT_INSN(),
717         },
718         .errstr = "invalid bpf_context access",
719         .result = REJECT,
720         .prog_type = BPF_PROG_TYPE_CGROUP_SOCK,
721 },
722 {
723         "check cb access: word",
724         .insns = {
725         BPF_MOV64_IMM(BPF_REG_0, 0),
726         BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0,
727                     offsetof(struct __sk_buff, cb[0])),
728         BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0,
729                     offsetof(struct __sk_buff, cb[1])),
730         BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0,
731                     offsetof(struct __sk_buff, cb[2])),
732         BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0,
733                     offsetof(struct __sk_buff, cb[3])),
734         BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0,
735                     offsetof(struct __sk_buff, cb[4])),
736         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
737                     offsetof(struct __sk_buff, cb[0])),
738         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
739                     offsetof(struct __sk_buff, cb[1])),
740         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
741                     offsetof(struct __sk_buff, cb[2])),
742         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
743                     offsetof(struct __sk_buff, cb[3])),
744         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
745                     offsetof(struct __sk_buff, cb[4])),
746         BPF_EXIT_INSN(),
747         },
748         .result = ACCEPT,
749 },
750 {
751         "check cb access: word, unaligned 1",
752         .insns = {
753         BPF_MOV64_IMM(BPF_REG_0, 0),
754         BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0,
755                     offsetof(struct __sk_buff, cb[0]) + 2),
756         BPF_EXIT_INSN(),
757         },
758         .errstr = "misaligned context access",
759         .result = REJECT,
760         .flags = F_LOAD_WITH_STRICT_ALIGNMENT,
761 },
762 {
763         "check cb access: word, unaligned 2",
764         .insns = {
765         BPF_MOV64_IMM(BPF_REG_0, 0),
766         BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0,
767                     offsetof(struct __sk_buff, cb[4]) + 1),
768         BPF_EXIT_INSN(),
769         },
770         .errstr = "misaligned context access",
771         .result = REJECT,
772         .flags = F_LOAD_WITH_STRICT_ALIGNMENT,
773 },
774 {
775         "check cb access: word, unaligned 3",
776         .insns = {
777         BPF_MOV64_IMM(BPF_REG_0, 0),
778         BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0,
779                     offsetof(struct __sk_buff, cb[4]) + 2),
780         BPF_EXIT_INSN(),
781         },
782         .errstr = "misaligned context access",
783         .result = REJECT,
784         .flags = F_LOAD_WITH_STRICT_ALIGNMENT,
785 },
786 {
787         "check cb access: word, unaligned 4",
788         .insns = {
789         BPF_MOV64_IMM(BPF_REG_0, 0),
790         BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0,
791                     offsetof(struct __sk_buff, cb[4]) + 3),
792         BPF_EXIT_INSN(),
793         },
794         .errstr = "misaligned context access",
795         .result = REJECT,
796         .flags = F_LOAD_WITH_STRICT_ALIGNMENT,
797 },
798 {
799         "check cb access: double",
800         .insns = {
801         BPF_MOV64_IMM(BPF_REG_0, 0),
802         BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0,
803                     offsetof(struct __sk_buff, cb[0])),
804         BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0,
805                     offsetof(struct __sk_buff, cb[2])),
806         BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1,
807                     offsetof(struct __sk_buff, cb[0])),
808         BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1,
809                     offsetof(struct __sk_buff, cb[2])),
810         BPF_EXIT_INSN(),
811         },
812         .result = ACCEPT,
813 },
814 {
815         "check cb access: double, unaligned 1",
816         .insns = {
817         BPF_MOV64_IMM(BPF_REG_0, 0),
818         BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0,
819                     offsetof(struct __sk_buff, cb[1])),
820         BPF_EXIT_INSN(),
821         },
822         .errstr = "misaligned context access",
823         .result = REJECT,
824         .flags = F_LOAD_WITH_STRICT_ALIGNMENT,
825 },
826 {
827         "check cb access: double, unaligned 2",
828         .insns = {
829         BPF_MOV64_IMM(BPF_REG_0, 0),
830         BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0,
831                     offsetof(struct __sk_buff, cb[3])),
832         BPF_EXIT_INSN(),
833         },
834         .errstr = "misaligned context access",
835         .result = REJECT,
836         .flags = F_LOAD_WITH_STRICT_ALIGNMENT,
837 },
838 {
839         "check cb access: double, oob 1",
840         .insns = {
841         BPF_MOV64_IMM(BPF_REG_0, 0),
842         BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0,
843                     offsetof(struct __sk_buff, cb[4])),
844         BPF_EXIT_INSN(),
845         },
846         .errstr = "invalid bpf_context access",
847         .result = REJECT,
848 },
849 {
850         "check cb access: double, oob 2",
851         .insns = {
852         BPF_MOV64_IMM(BPF_REG_0, 0),
853         BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1,
854                     offsetof(struct __sk_buff, cb[4])),
855         BPF_EXIT_INSN(),
856         },
857         .errstr = "invalid bpf_context access",
858         .result = REJECT,
859 },
860 {
861         "check __sk_buff->ifindex dw store not permitted",
862         .insns = {
863         BPF_MOV64_IMM(BPF_REG_0, 0),
864         BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0,
865                     offsetof(struct __sk_buff, ifindex)),
866         BPF_EXIT_INSN(),
867         },
868         .errstr = "invalid bpf_context access",
869         .result = REJECT,
870 },
871 {
872         "check __sk_buff->ifindex dw load not permitted",
873         .insns = {
874         BPF_MOV64_IMM(BPF_REG_0, 0),
875         BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1,
876                     offsetof(struct __sk_buff, ifindex)),
877         BPF_EXIT_INSN(),
878         },
879         .errstr = "invalid bpf_context access",
880         .result = REJECT,
881 },
882 {
883         "check cb access: double, wrong type",
884         .insns = {
885         BPF_MOV64_IMM(BPF_REG_0, 0),
886         BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0,
887                     offsetof(struct __sk_buff, cb[0])),
888         BPF_EXIT_INSN(),
889         },
890         .errstr = "invalid bpf_context access",
891         .result = REJECT,
892         .prog_type = BPF_PROG_TYPE_CGROUP_SOCK,
893 },
894 {
895         "check out of range skb->cb access",
896         .insns = {
897         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
898                     offsetof(struct __sk_buff, cb[0]) + 256),
899         BPF_EXIT_INSN(),
900         },
901         .errstr = "invalid bpf_context access",
902         .errstr_unpriv = "",
903         .result = REJECT,
904         .prog_type = BPF_PROG_TYPE_SCHED_ACT,
905 },
906 {
907         "write skb fields from socket prog",
908         .insns = {
909         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
910                     offsetof(struct __sk_buff, cb[4])),
911         BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 1),
912         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
913                     offsetof(struct __sk_buff, mark)),
914         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
915                     offsetof(struct __sk_buff, tc_index)),
916         BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 0, 1),
917         BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_1,
918                     offsetof(struct __sk_buff, cb[0])),
919         BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_1,
920                     offsetof(struct __sk_buff, cb[2])),
921         BPF_EXIT_INSN(),
922         },
923         .result = ACCEPT,
924         .errstr_unpriv = "R1 leaks addr",
925         .result_unpriv = REJECT,
926 },
927 {
928         "write skb fields from tc_cls_act prog",
929         .insns = {
930         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
931                     offsetof(struct __sk_buff, cb[0])),
932         BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0,
933                     offsetof(struct __sk_buff, mark)),
934         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
935                     offsetof(struct __sk_buff, tc_index)),
936         BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0,
937                     offsetof(struct __sk_buff, tc_index)),
938         BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0,
939                     offsetof(struct __sk_buff, cb[3])),
940         BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1,
941                     offsetof(struct __sk_buff, tstamp)),
942         BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0,
943                     offsetof(struct __sk_buff, tstamp)),
944         BPF_EXIT_INSN(),
945         },
946         .errstr_unpriv = "",
947         .result_unpriv = REJECT,
948         .result = ACCEPT,
949         .prog_type = BPF_PROG_TYPE_SCHED_CLS,
950 },
951 {
952         "check skb->data half load not permitted",
953         .insns = {
954         BPF_MOV64_IMM(BPF_REG_0, 0),
955 #if __BYTE_ORDER == __LITTLE_ENDIAN
956         BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
957                     offsetof(struct __sk_buff, data)),
958 #else
959         BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_1,
960                     offsetof(struct __sk_buff, data) + 2),
961 #endif
962         BPF_EXIT_INSN(),
963         },
964         .result = REJECT,
965         .errstr = "invalid bpf_context access",
966 },
967 {
968         "read gso_segs from CGROUP_SKB",
969         .insns = {
970         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
971                     offsetof(struct __sk_buff, gso_segs)),
972         BPF_MOV64_IMM(BPF_REG_0, 0),
973         BPF_EXIT_INSN(),
974         },
975         .result = ACCEPT,
976         .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
977 },
978 {
979         "write gso_segs from CGROUP_SKB",
980         .insns = {
981         BPF_MOV64_IMM(BPF_REG_0, 0),
982         BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_0,
983                     offsetof(struct __sk_buff, gso_segs)),
984         BPF_MOV64_IMM(BPF_REG_0, 0),
985         BPF_EXIT_INSN(),
986         },
987         .result = REJECT,
988         .result_unpriv = REJECT,
989         .errstr = "invalid bpf_context access off=164 size=4",
990         .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
991 },
992 {
993         "read gso_segs from CLS",
994         .insns = {
995         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
996                     offsetof(struct __sk_buff, gso_segs)),
997         BPF_MOV64_IMM(BPF_REG_0, 0),
998         BPF_EXIT_INSN(),
999         },
1000         .result = ACCEPT,
1001         .prog_type = BPF_PROG_TYPE_SCHED_CLS,
1002 },
1003 {
1004         "check wire_len is not readable by sockets",
1005         .insns = {
1006                 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
1007                             offsetof(struct __sk_buff, wire_len)),
1008                 BPF_EXIT_INSN(),
1009         },
1010         .errstr = "invalid bpf_context access",
1011         .result = REJECT,
1012 },
1013 {
1014         "check wire_len is readable by tc classifier",
1015         .insns = {
1016                 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
1017                             offsetof(struct __sk_buff, wire_len)),
1018                 BPF_EXIT_INSN(),
1019         },
1020         .prog_type = BPF_PROG_TYPE_SCHED_CLS,
1021         .result = ACCEPT,
1022 },
1023 {
1024         "check wire_len is not writable by tc classifier",
1025         .insns = {
1026                 BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_1,
1027                             offsetof(struct __sk_buff, wire_len)),
1028                 BPF_EXIT_INSN(),
1029         },
1030         .prog_type = BPF_PROG_TYPE_SCHED_CLS,
1031         .errstr = "invalid bpf_context access",
1032         .errstr_unpriv = "R1 leaks addr",
1033         .result = REJECT,
1034 },
local clone of linux.git