2 "skb->sk: no NULL check",
4 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
5 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 0),
6 BPF_MOV64_IMM(BPF_REG_0, 0),
9 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
11 .errstr = "invalid mem access 'sock_common_or_null'",
14 "skb->sk: sk->family [non fullsock field]",
16 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
17 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
18 BPF_MOV64_IMM(BPF_REG_0, 0),
20 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, offsetof(struct bpf_sock, family)),
21 BPF_MOV64_IMM(BPF_REG_0, 0),
24 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
28 "skb->sk: sk->type [fullsock field]",
30 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
31 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
32 BPF_MOV64_IMM(BPF_REG_0, 0),
34 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, offsetof(struct bpf_sock, type)),
35 BPF_MOV64_IMM(BPF_REG_0, 0),
38 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
40 .errstr = "invalid sock_common access",
43 "bpf_sk_fullsock(skb->sk): no !skb->sk check",
45 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
46 BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
47 BPF_MOV64_IMM(BPF_REG_0, 0),
50 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
52 .errstr = "type=sock_common_or_null expected=sock_common",
55 "sk_fullsock(skb->sk): no NULL check on ret",
57 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
58 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
59 BPF_MOV64_IMM(BPF_REG_0, 0),
61 BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
62 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, type)),
63 BPF_MOV64_IMM(BPF_REG_0, 0),
66 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
68 .errstr = "invalid mem access 'sock_or_null'",
71 "sk_fullsock(skb->sk): sk->type [fullsock field]",
73 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
74 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
75 BPF_MOV64_IMM(BPF_REG_0, 0),
77 BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
78 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2),
79 BPF_MOV64_IMM(BPF_REG_0, 0),
81 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, type)),
82 BPF_MOV64_IMM(BPF_REG_0, 0),
85 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
89 "sk_fullsock(skb->sk): sk->family [non fullsock field]",
91 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
92 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
93 BPF_MOV64_IMM(BPF_REG_0, 0),
95 BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
96 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
98 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, family)),
99 BPF_MOV64_IMM(BPF_REG_0, 0),
102 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
106 "sk_fullsock(skb->sk): sk->state [narrow load]",
108 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
109 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
110 BPF_MOV64_IMM(BPF_REG_0, 0),
112 BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
113 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2),
114 BPF_MOV64_IMM(BPF_REG_0, 0),
116 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, state)),
117 BPF_MOV64_IMM(BPF_REG_0, 0),
120 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
124 "sk_fullsock(skb->sk): sk->dst_port [narrow load]",
126 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
127 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
128 BPF_MOV64_IMM(BPF_REG_0, 0),
130 BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
131 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2),
132 BPF_MOV64_IMM(BPF_REG_0, 0),
134 BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, dst_port)),
135 BPF_MOV64_IMM(BPF_REG_0, 0),
138 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
142 "sk_fullsock(skb->sk): sk->dst_port [load 2nd byte]",
144 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
145 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
146 BPF_MOV64_IMM(BPF_REG_0, 0),
148 BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
149 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2),
150 BPF_MOV64_IMM(BPF_REG_0, 0),
152 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, dst_port) + 1),
153 BPF_MOV64_IMM(BPF_REG_0, 0),
156 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
158 .errstr = "invalid sock access",
161 "sk_fullsock(skb->sk): sk->dst_ip6 [load 2nd byte]",
163 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
164 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
165 BPF_MOV64_IMM(BPF_REG_0, 0),
167 BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
168 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2),
169 BPF_MOV64_IMM(BPF_REG_0, 0),
171 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, dst_ip6[0]) + 1),
172 BPF_MOV64_IMM(BPF_REG_0, 0),
175 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
179 "sk_fullsock(skb->sk): sk->type [narrow load]",
181 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
182 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
183 BPF_MOV64_IMM(BPF_REG_0, 0),
185 BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
186 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2),
187 BPF_MOV64_IMM(BPF_REG_0, 0),
189 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, type)),
190 BPF_MOV64_IMM(BPF_REG_0, 0),
193 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
197 "sk_fullsock(skb->sk): sk->protocol [narrow load]",
199 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
200 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
201 BPF_MOV64_IMM(BPF_REG_0, 0),
203 BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
204 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2),
205 BPF_MOV64_IMM(BPF_REG_0, 0),
207 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, protocol)),
208 BPF_MOV64_IMM(BPF_REG_0, 0),
211 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
215 "sk_fullsock(skb->sk): beyond last field",
217 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
218 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
219 BPF_MOV64_IMM(BPF_REG_0, 0),
221 BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
222 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2),
223 BPF_MOV64_IMM(BPF_REG_0, 0),
225 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetofend(struct bpf_sock, state)),
226 BPF_MOV64_IMM(BPF_REG_0, 0),
229 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
231 .errstr = "invalid sock access",
234 "bpf_tcp_sock(skb->sk): no !skb->sk check",
236 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
237 BPF_EMIT_CALL(BPF_FUNC_tcp_sock),
238 BPF_MOV64_IMM(BPF_REG_0, 0),
241 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
243 .errstr = "type=sock_common_or_null expected=sock_common",
246 "bpf_tcp_sock(skb->sk): no NULL check on ret",
248 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
249 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
250 BPF_MOV64_IMM(BPF_REG_0, 0),
252 BPF_EMIT_CALL(BPF_FUNC_tcp_sock),
253 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_tcp_sock, snd_cwnd)),
254 BPF_MOV64_IMM(BPF_REG_0, 0),
257 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
259 .errstr = "invalid mem access 'tcp_sock_or_null'",
262 "bpf_tcp_sock(skb->sk): tp->snd_cwnd",
264 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
265 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
266 BPF_MOV64_IMM(BPF_REG_0, 0),
268 BPF_EMIT_CALL(BPF_FUNC_tcp_sock),
269 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
271 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_tcp_sock, snd_cwnd)),
272 BPF_MOV64_IMM(BPF_REG_0, 0),
275 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
279 "bpf_tcp_sock(skb->sk): tp->bytes_acked",
281 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
282 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
283 BPF_MOV64_IMM(BPF_REG_0, 0),
285 BPF_EMIT_CALL(BPF_FUNC_tcp_sock),
286 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
288 BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_tcp_sock, bytes_acked)),
289 BPF_MOV64_IMM(BPF_REG_0, 0),
292 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
296 "bpf_tcp_sock(skb->sk): beyond last field",
298 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
299 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
300 BPF_MOV64_IMM(BPF_REG_0, 0),
302 BPF_EMIT_CALL(BPF_FUNC_tcp_sock),
303 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
305 BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, offsetofend(struct bpf_tcp_sock, bytes_acked)),
306 BPF_MOV64_IMM(BPF_REG_0, 0),
309 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
311 .errstr = "invalid tcp_sock access",
314 "bpf_tcp_sock(bpf_sk_fullsock(skb->sk)): tp->snd_cwnd",
316 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
317 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
318 BPF_MOV64_IMM(BPF_REG_0, 0),
320 BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
321 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
323 BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
324 BPF_EMIT_CALL(BPF_FUNC_tcp_sock),
325 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
327 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_tcp_sock, snd_cwnd)),
328 BPF_MOV64_IMM(BPF_REG_0, 0),
331 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
335 "bpf_sk_release(skb->sk)",
337 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
338 BPF_JMP_IMM(BPF_JEQ, BPF_REG_1, 0, 1),
339 BPF_EMIT_CALL(BPF_FUNC_sk_release),
340 BPF_MOV64_IMM(BPF_REG_0, 0),
343 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
345 .errstr = "reference has not been acquired before",
348 "bpf_sk_release(bpf_sk_fullsock(skb->sk))",
350 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
351 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
352 BPF_MOV64_IMM(BPF_REG_0, 0),
354 BPF_EMIT_CALL(BPF_FUNC_sk_fullsock),
355 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
357 BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
358 BPF_EMIT_CALL(BPF_FUNC_sk_release),
359 BPF_MOV64_IMM(BPF_REG_0, 1),
362 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
364 .errstr = "reference has not been acquired before",
367 "bpf_sk_release(bpf_tcp_sock(skb->sk))",
369 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)),
370 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2),
371 BPF_MOV64_IMM(BPF_REG_0, 0),
373 BPF_EMIT_CALL(BPF_FUNC_tcp_sock),
374 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
376 BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
377 BPF_EMIT_CALL(BPF_FUNC_sk_release),
378 BPF_MOV64_IMM(BPF_REG_0, 1),
381 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
383 .errstr = "reference has not been acquired before",