@@ -309,6 +309,125 @@ static struct sock_test tests[] = {
0,
SUCCESS,
},
+ {
+ "sock_release4 load with valid access: src_ip4",
+ .insns = {
+ BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
+ BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_6,
+ offsetof(struct bpf_sock, src_ip4)),
+ BPF_MOV64_IMM(BPF_REG_0, 1),
+ BPF_EXIT_INSN(),
+ },
+ BPF_CGROUP_INET4_SOCK_RELEASE,
+ BPF_CGROUP_INET4_SOCK_RELEASE,
+ AF_INET,
+ SOCK_STREAM,
+ "127.0.0.1",
+ 0,
+ SUCCESS,
+ },
+ {
+ "sock_release4 load with valid access: src_port",
+ .insns = {
+ BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
+ BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_6,
+ offsetof(struct bpf_sock, src_port)),
+ BPF_MOV64_IMM(BPF_REG_0, 1),
+ BPF_EXIT_INSN(),
+ },
+ BPF_CGROUP_INET4_SOCK_RELEASE,
+ BPF_CGROUP_INET4_SOCK_RELEASE,
+ AF_INET,
+ SOCK_STREAM,
+ "127.0.0.1",
+ 0,
+ SUCCESS,
+ },
+ {
+ "sock_release4 load with invalid access: src_ip6",
+ .insns = {
+ BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
+ BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_6,
+ offsetof(struct bpf_sock, src_ip6[0])),
+ BPF_MOV64_IMM(BPF_REG_0, 1),
+ BPF_EXIT_INSN(),
+ },
+ BPF_CGROUP_INET4_SOCK_RELEASE,
+ BPF_CGROUP_INET4_SOCK_RELEASE,
+ 0,
+ 0,
+ NULL,
+ 0,
+ LOAD_REJECT,
+ },
+ {
+ "sock_release4 load with valid access: mark",
+ .insns = {
+ BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
+ BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_6,
+ offsetof(struct bpf_sock, mark)),
+ BPF_MOV64_IMM(BPF_REG_0, 1),
+ BPF_EXIT_INSN(),
+ },
+ BPF_CGROUP_INET4_SOCK_RELEASE,
+ BPF_CGROUP_INET4_SOCK_RELEASE,
+ AF_INET,
+ SOCK_STREAM,
+ "127.0.0.1",
+ 0,
+ SUCCESS,
+ },
+ {
+ "sock_release6 load with valid access: src_ip6",
+ .insns = {
+ BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
+ BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_6,
+ offsetof(struct bpf_sock, src_ip6[0])),
+ BPF_MOV64_IMM(BPF_REG_0, 1),
+ BPF_EXIT_INSN(),
+ },
+ BPF_CGROUP_INET6_SOCK_RELEASE,
+ BPF_CGROUP_INET6_SOCK_RELEASE,
+ AF_INET6,
+ SOCK_STREAM,
+ "::",
+ 0,
+ SUCCESS,
+ },
+ {
+ "sock_release6 load with valid access: src_port",
+ .insns = {
+ BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
+ BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_6,
+ offsetof(struct bpf_sock, src_port)),
+ BPF_MOV64_IMM(BPF_REG_0, 1),
+ BPF_EXIT_INSN(),
+ },
+ BPF_CGROUP_INET6_SOCK_RELEASE,
+ BPF_CGROUP_INET6_SOCK_RELEASE,
+ AF_INET6,
+ SOCK_STREAM,
+ "::",
+ 0,
+ SUCCESS,
+ },
+ {
+ "sock_release6 load with invalid access: src_ip4",
+ .insns = {
+ BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
+ BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_6,
+ offsetof(struct bpf_sock, src_ip4)),
+ BPF_MOV64_IMM(BPF_REG_0, 1),
+ BPF_EXIT_INSN(),
+ },
+ BPF_CGROUP_INET6_SOCK_RELEASE,
+ BPF_CGROUP_INET6_SOCK_RELEASE,
+ 0,
+ 0,
+ NULL,
+ 0,
+ LOAD_REJECT,
+ },
};
static size_t probe_prog_length(const struct bpf_insn *fp)
Add context access tests for BPF_CGROUP_INET{4,6}_SOCK_RELEASE. Signed-off-by: Stanislav Fomichev <sdf@google.com> --- tools/testing/selftests/bpf/test_sock.c | 119 ++++++++++++++++++++++++ 1 file changed, 119 insertions(+)