2 "map access: known scalar += value_ptr from different maps",
4 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
5 offsetof(struct __sk_buff, len)),
6 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
7 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
8 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
9 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 1, 3),
10 BPF_LD_MAP_FD(BPF_REG_1, 0),
11 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 1, 2),
12 BPF_LD_MAP_FD(BPF_REG_1, 0),
13 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
14 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 3),
15 BPF_MOV64_IMM(BPF_REG_1, 4),
16 BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_0),
17 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 0),
18 BPF_MOV64_IMM(BPF_REG_0, 1),
21 .fixup_map_hash_16b = { 5 },
22 .fixup_map_array_48b = { 8 },
27 "map access: value_ptr -= known scalar from different maps",
29 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
30 offsetof(struct __sk_buff, len)),
31 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
32 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
33 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
34 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 1, 3),
35 BPF_LD_MAP_FD(BPF_REG_1, 0),
36 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 1, 2),
37 BPF_LD_MAP_FD(BPF_REG_1, 0),
38 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
39 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 4),
40 BPF_MOV64_IMM(BPF_REG_1, 4),
41 BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
42 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_1),
43 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, 0),
44 BPF_MOV64_IMM(BPF_REG_0, 1),
47 .fixup_map_hash_16b = { 5 },
48 .fixup_map_array_48b = { 8 },
50 .result_unpriv = REJECT,
51 .errstr_unpriv = "R0 min value is outside of the allowed memory range",
55 "map access: known scalar += value_ptr from different maps, but same value properties",
57 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
58 offsetof(struct __sk_buff, len)),
59 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
60 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
61 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
62 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 1, 3),
63 BPF_LD_MAP_FD(BPF_REG_1, 0),
64 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 1, 2),
65 BPF_LD_MAP_FD(BPF_REG_1, 0),
66 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
67 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 3),
68 BPF_MOV64_IMM(BPF_REG_1, 4),
69 BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_0),
70 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 0),
71 BPF_MOV64_IMM(BPF_REG_0, 1),
74 .fixup_map_hash_48b = { 5 },
75 .fixup_map_array_48b = { 8 },
80 "map access: mixing value pointer and scalar, 1",
82 // load map value pointer into r0 and r2
83 BPF_MOV64_IMM(BPF_REG_0, 1),
84 BPF_LD_MAP_FD(BPF_REG_ARG1, 0),
85 BPF_MOV64_REG(BPF_REG_ARG2, BPF_REG_FP),
86 BPF_ALU64_IMM(BPF_ADD, BPF_REG_ARG2, -16),
87 BPF_ST_MEM(BPF_DW, BPF_REG_FP, -16, 0),
88 BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
89 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
91 // load some number from the map into r1
92 BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 0),
93 // depending on r1, branch:
94 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 3),
96 BPF_MOV64_REG(BPF_REG_2, BPF_REG_0),
97 BPF_MOV64_IMM(BPF_REG_3, 0),
100 BPF_MOV64_IMM(BPF_REG_2, 0),
101 BPF_MOV64_IMM(BPF_REG_3, 0x100000),
102 // common instruction
103 BPF_ALU64_REG(BPF_ADD, BPF_REG_2, BPF_REG_3),
104 // depending on r1, branch:
105 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 1),
109 BPF_MOV64_IMM(BPF_REG_0, 0x13371337),
110 // verifier follows fall-through
111 BPF_JMP_IMM(BPF_JNE, BPF_REG_2, 0x100000, 2),
112 BPF_MOV64_IMM(BPF_REG_0, 0),
114 // fake-dead code; targeted from branch A to
115 // prevent dead code sanitization
116 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, 0),
117 BPF_MOV64_IMM(BPF_REG_0, 0),
120 .fixup_map_array_48b = { 1 },
122 .result_unpriv = REJECT,
123 .errstr_unpriv = "R2 pointer comparison prohibited",
127 "map access: mixing value pointer and scalar, 2",
129 // load map value pointer into r0 and r2
130 BPF_MOV64_IMM(BPF_REG_0, 1),
131 BPF_LD_MAP_FD(BPF_REG_ARG1, 0),
132 BPF_MOV64_REG(BPF_REG_ARG2, BPF_REG_FP),
133 BPF_ALU64_IMM(BPF_ADD, BPF_REG_ARG2, -16),
134 BPF_ST_MEM(BPF_DW, BPF_REG_FP, -16, 0),
135 BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
136 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
138 // load some number from the map into r1
139 BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 0),
140 // depending on r1, branch:
141 BPF_JMP_IMM(BPF_JEQ, BPF_REG_1, 0, 3),
143 BPF_MOV64_IMM(BPF_REG_2, 0),
144 BPF_MOV64_IMM(BPF_REG_3, 0x100000),
147 BPF_MOV64_REG(BPF_REG_2, BPF_REG_0),
148 BPF_MOV64_IMM(BPF_REG_3, 0),
149 // common instruction
150 BPF_ALU64_REG(BPF_ADD, BPF_REG_2, BPF_REG_3),
151 // depending on r1, branch:
152 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 1),
156 BPF_MOV64_IMM(BPF_REG_0, 0x13371337),
157 // verifier follows fall-through
158 BPF_JMP_IMM(BPF_JNE, BPF_REG_2, 0x100000, 2),
159 BPF_MOV64_IMM(BPF_REG_0, 0),
161 // fake-dead code; targeted from branch A to
162 // prevent dead code sanitization, rejected
163 // via branch B however
164 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, 0),
165 BPF_MOV64_IMM(BPF_REG_0, 0),
168 .fixup_map_array_48b = { 1 },
170 .result_unpriv = REJECT,
171 .errstr_unpriv = "R0 invalid mem access 'inv'",
175 "sanitation: alu with different scalars 1",
177 BPF_MOV64_IMM(BPF_REG_0, 1),
178 BPF_LD_MAP_FD(BPF_REG_ARG1, 0),
179 BPF_MOV64_REG(BPF_REG_ARG2, BPF_REG_FP),
180 BPF_ALU64_IMM(BPF_ADD, BPF_REG_ARG2, -16),
181 BPF_ST_MEM(BPF_DW, BPF_REG_FP, -16, 0),
182 BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
183 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
185 BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 0),
186 BPF_JMP_IMM(BPF_JEQ, BPF_REG_1, 0, 3),
187 BPF_MOV64_IMM(BPF_REG_2, 0),
188 BPF_MOV64_IMM(BPF_REG_3, 0x100000),
190 BPF_MOV64_IMM(BPF_REG_2, 42),
191 BPF_MOV64_IMM(BPF_REG_3, 0x100001),
192 BPF_ALU64_REG(BPF_ADD, BPF_REG_2, BPF_REG_3),
193 BPF_MOV64_REG(BPF_REG_0, BPF_REG_2),
196 .fixup_map_array_48b = { 1 },
201 "sanitation: alu with different scalars 2",
203 BPF_MOV64_IMM(BPF_REG_0, 1),
204 BPF_LD_MAP_FD(BPF_REG_1, 0),
205 BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
206 BPF_MOV64_REG(BPF_REG_2, BPF_REG_FP),
207 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -16),
208 BPF_ST_MEM(BPF_DW, BPF_REG_FP, -16, 0),
209 BPF_EMIT_CALL(BPF_FUNC_map_delete_elem),
210 BPF_MOV64_REG(BPF_REG_7, BPF_REG_0),
211 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
212 BPF_MOV64_REG(BPF_REG_2, BPF_REG_FP),
213 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -16),
214 BPF_EMIT_CALL(BPF_FUNC_map_delete_elem),
215 BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
216 BPF_MOV64_REG(BPF_REG_8, BPF_REG_6),
217 BPF_ALU64_REG(BPF_ADD, BPF_REG_8, BPF_REG_7),
218 BPF_MOV64_REG(BPF_REG_0, BPF_REG_8),
221 .fixup_map_array_48b = { 1 },
223 .retval = -EINVAL * 2,
226 "sanitation: alu with different scalars 3",
228 BPF_MOV64_IMM(BPF_REG_0, EINVAL),
229 BPF_ALU64_IMM(BPF_MUL, BPF_REG_0, -1),
230 BPF_MOV64_REG(BPF_REG_7, BPF_REG_0),
231 BPF_MOV64_IMM(BPF_REG_0, EINVAL),
232 BPF_ALU64_IMM(BPF_MUL, BPF_REG_0, -1),
233 BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
234 BPF_MOV64_REG(BPF_REG_8, BPF_REG_6),
235 BPF_ALU64_REG(BPF_ADD, BPF_REG_8, BPF_REG_7),
236 BPF_MOV64_REG(BPF_REG_0, BPF_REG_8),
240 .retval = -EINVAL * 2,
243 "map access: value_ptr += known scalar, upper oob arith, test 1",
245 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
246 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
247 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
248 BPF_LD_MAP_FD(BPF_REG_1, 0),
249 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
250 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 4),
251 BPF_MOV64_IMM(BPF_REG_1, 48),
252 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_1),
253 BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
254 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, 0),
255 BPF_MOV64_IMM(BPF_REG_0, 1),
258 .fixup_map_array_48b = { 3 },
260 .result_unpriv = REJECT,
261 .errstr_unpriv = "R0 pointer arithmetic of map value goes out of range",
265 "map access: value_ptr += known scalar, upper oob arith, test 2",
267 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
268 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
269 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
270 BPF_LD_MAP_FD(BPF_REG_1, 0),
271 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
272 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 4),
273 BPF_MOV64_IMM(BPF_REG_1, 49),
274 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_1),
275 BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
276 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, 0),
277 BPF_MOV64_IMM(BPF_REG_0, 1),
280 .fixup_map_array_48b = { 3 },
282 .result_unpriv = REJECT,
283 .errstr_unpriv = "R0 pointer arithmetic of map value goes out of range",
287 "map access: value_ptr += known scalar, upper oob arith, test 3",
289 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
290 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
291 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
292 BPF_LD_MAP_FD(BPF_REG_1, 0),
293 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
294 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 4),
295 BPF_MOV64_IMM(BPF_REG_1, 47),
296 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_1),
297 BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
298 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, 0),
299 BPF_MOV64_IMM(BPF_REG_0, 1),
302 .fixup_map_array_48b = { 3 },
307 "map access: value_ptr -= known scalar, lower oob arith, test 1",
309 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
310 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
311 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
312 BPF_LD_MAP_FD(BPF_REG_1, 0),
313 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
314 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 5),
315 BPF_MOV64_IMM(BPF_REG_1, 47),
316 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_1),
317 BPF_MOV64_IMM(BPF_REG_1, 48),
318 BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
319 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, 0),
320 BPF_MOV64_IMM(BPF_REG_0, 1),
323 .fixup_map_array_48b = { 3 },
325 .errstr = "R0 min value is outside of the allowed memory range",
326 .result_unpriv = REJECT,
327 .errstr_unpriv = "R0 pointer arithmetic of map value goes out of range",
330 "map access: value_ptr -= known scalar, lower oob arith, test 2",
332 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
333 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
334 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
335 BPF_LD_MAP_FD(BPF_REG_1, 0),
336 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
337 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 7),
338 BPF_MOV64_IMM(BPF_REG_1, 47),
339 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_1),
340 BPF_MOV64_IMM(BPF_REG_1, 48),
341 BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
342 BPF_MOV64_IMM(BPF_REG_1, 1),
343 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_1),
344 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, 0),
345 BPF_MOV64_IMM(BPF_REG_0, 1),
348 .fixup_map_array_48b = { 3 },
350 .result_unpriv = REJECT,
351 .errstr_unpriv = "R0 pointer arithmetic of map value goes out of range",
355 "map access: value_ptr -= known scalar, lower oob arith, test 3",
357 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
358 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
359 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
360 BPF_LD_MAP_FD(BPF_REG_1, 0),
361 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
362 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 5),
363 BPF_MOV64_IMM(BPF_REG_1, 47),
364 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_1),
365 BPF_MOV64_IMM(BPF_REG_1, 47),
366 BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
367 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, 0),
368 BPF_MOV64_IMM(BPF_REG_0, 1),
371 .fixup_map_array_48b = { 3 },
376 "map access: known scalar += value_ptr",
378 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
379 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
380 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
381 BPF_LD_MAP_FD(BPF_REG_1, 0),
382 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
383 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 3),
384 BPF_MOV64_IMM(BPF_REG_1, 4),
385 BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_0),
386 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 0),
387 BPF_MOV64_IMM(BPF_REG_0, 1),
390 .fixup_map_array_48b = { 3 },
395 "map access: value_ptr += known scalar, 1",
397 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
398 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
399 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
400 BPF_LD_MAP_FD(BPF_REG_1, 0),
401 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
402 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 3),
403 BPF_MOV64_IMM(BPF_REG_1, 4),
404 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_1),
405 BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 0),
406 BPF_MOV64_IMM(BPF_REG_0, 1),
409 .fixup_map_array_48b = { 3 },
414 "map access: value_ptr += known scalar, 2",
416 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
417 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
418 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
419 BPF_LD_MAP_FD(BPF_REG_1, 0),
420 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
421 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 3),
422 BPF_MOV64_IMM(BPF_REG_1, 49),
423 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_1),
424 BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 0),
425 BPF_MOV64_IMM(BPF_REG_0, 1),
428 .fixup_map_array_48b = { 3 },
430 .errstr = "invalid access to map value",
433 "map access: value_ptr += known scalar, 3",
435 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
436 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
437 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
438 BPF_LD_MAP_FD(BPF_REG_1, 0),
439 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
440 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 3),
441 BPF_MOV64_IMM(BPF_REG_1, -1),
442 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_1),
443 BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 0),
444 BPF_MOV64_IMM(BPF_REG_0, 1),
447 .fixup_map_array_48b = { 3 },
449 .errstr = "invalid access to map value",
452 "map access: value_ptr += known scalar, 4",
454 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
455 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
456 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
457 BPF_LD_MAP_FD(BPF_REG_1, 0),
458 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
459 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 7),
460 BPF_MOV64_IMM(BPF_REG_1, 5),
461 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_1),
462 BPF_MOV64_IMM(BPF_REG_1, -2),
463 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_1),
464 BPF_MOV64_IMM(BPF_REG_1, -1),
465 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_1),
466 BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 0),
467 BPF_MOV64_IMM(BPF_REG_0, 1),
470 .fixup_map_array_48b = { 3 },
475 "map access: value_ptr += known scalar, 5",
477 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
478 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
479 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
480 BPF_LD_MAP_FD(BPF_REG_1, 0),
481 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
482 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 3),
483 BPF_MOV64_IMM(BPF_REG_1, (6 + 1) * sizeof(int)),
484 BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_0),
485 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 0),
488 .fixup_map_array_48b = { 3 },
490 .retval = 0xabcdef12,
493 "map access: value_ptr += known scalar, 6",
495 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
496 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
497 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
498 BPF_LD_MAP_FD(BPF_REG_1, 0),
499 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
500 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 5),
501 BPF_MOV64_IMM(BPF_REG_1, (3 + 1) * sizeof(int)),
502 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_1),
503 BPF_MOV64_IMM(BPF_REG_1, 3 * sizeof(int)),
504 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_1),
505 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, 0),
508 .fixup_map_array_48b = { 3 },
510 .retval = 0xabcdef12,
513 "map access: value_ptr += N, value_ptr -= N known scalar",
515 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
516 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
517 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
518 BPF_LD_MAP_FD(BPF_REG_1, 0),
519 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
520 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 6),
521 BPF_MOV32_IMM(BPF_REG_1, 0x12345678),
522 BPF_STX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 0),
523 BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 2),
524 BPF_MOV64_IMM(BPF_REG_1, 2),
525 BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
526 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, 0),
529 .fixup_map_array_48b = { 3 },
531 .retval = 0x12345678,
534 "map access: unknown scalar += value_ptr, 1",
536 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
537 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
538 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
539 BPF_LD_MAP_FD(BPF_REG_1, 0),
540 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
541 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 4),
542 BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 0),
543 BPF_ALU64_IMM(BPF_AND, BPF_REG_1, 0xf),
544 BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_0),
545 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 0),
546 BPF_MOV64_IMM(BPF_REG_0, 1),
549 .fixup_map_array_48b = { 3 },
554 "map access: unknown scalar += value_ptr, 2",
556 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
557 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
558 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
559 BPF_LD_MAP_FD(BPF_REG_1, 0),
560 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
561 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 4),
562 BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 0),
563 BPF_ALU64_IMM(BPF_AND, BPF_REG_1, 31),
564 BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_0),
565 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 0),
568 .fixup_map_array_48b = { 3 },
570 .retval = 0xabcdef12,
571 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
574 "map access: unknown scalar += value_ptr, 3",
576 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
577 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
578 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
579 BPF_LD_MAP_FD(BPF_REG_1, 0),
580 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
581 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 8),
582 BPF_MOV64_IMM(BPF_REG_1, -1),
583 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_1),
584 BPF_MOV64_IMM(BPF_REG_1, 1),
585 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_1),
586 BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 0),
587 BPF_ALU64_IMM(BPF_AND, BPF_REG_1, 31),
588 BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_0),
589 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 0),
592 .fixup_map_array_48b = { 3 },
594 .result_unpriv = REJECT,
595 .errstr_unpriv = "R0 pointer arithmetic of map value goes out of range",
596 .retval = 0xabcdef12,
597 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
600 "map access: unknown scalar += value_ptr, 4",
602 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
603 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
604 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
605 BPF_LD_MAP_FD(BPF_REG_1, 0),
606 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
607 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 6),
608 BPF_MOV64_IMM(BPF_REG_1, 19),
609 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_1),
610 BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 0),
611 BPF_ALU64_IMM(BPF_AND, BPF_REG_1, 31),
612 BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_0),
613 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 0),
616 .fixup_map_array_48b = { 3 },
618 .errstr = "R1 max value is outside of the allowed memory range",
619 .errstr_unpriv = "R1 pointer arithmetic of map value goes out of range",
620 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
623 "map access: value_ptr += unknown scalar, 1",
625 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
626 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
627 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
628 BPF_LD_MAP_FD(BPF_REG_1, 0),
629 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
630 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 4),
631 BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 0),
632 BPF_ALU64_IMM(BPF_AND, BPF_REG_1, 0xf),
633 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_1),
634 BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 0),
635 BPF_MOV64_IMM(BPF_REG_0, 1),
638 .fixup_map_array_48b = { 3 },
643 "map access: value_ptr += unknown scalar, 2",
645 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
646 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
647 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
648 BPF_LD_MAP_FD(BPF_REG_1, 0),
649 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
650 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 4),
651 BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 0),
652 BPF_ALU64_IMM(BPF_AND, BPF_REG_1, 31),
653 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_1),
654 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, 0),
657 .fixup_map_array_48b = { 3 },
659 .retval = 0xabcdef12,
660 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
663 "map access: value_ptr += unknown scalar, 3",
665 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
666 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
667 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
668 BPF_LD_MAP_FD(BPF_REG_1, 0),
669 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
670 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 11),
671 BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 0),
672 BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_0, 8),
673 BPF_LDX_MEM(BPF_DW, BPF_REG_3, BPF_REG_0, 16),
674 BPF_ALU64_IMM(BPF_AND, BPF_REG_1, 0xf),
675 BPF_ALU64_IMM(BPF_AND, BPF_REG_3, 1),
676 BPF_ALU64_IMM(BPF_OR, BPF_REG_3, 1),
677 BPF_JMP_REG(BPF_JGT, BPF_REG_2, BPF_REG_3, 4),
678 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_3),
679 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, 0),
680 BPF_MOV64_IMM(BPF_REG_0, 1),
682 BPF_MOV64_IMM(BPF_REG_0, 2),
683 BPF_JMP_IMM(BPF_JA, 0, 0, -3),
685 .fixup_map_array_48b = { 3 },
690 "map access: value_ptr += value_ptr",
692 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
693 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
694 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
695 BPF_LD_MAP_FD(BPF_REG_1, 0),
696 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
697 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 2),
698 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_0),
699 BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 0),
700 BPF_MOV64_IMM(BPF_REG_0, 1),
703 .fixup_map_array_48b = { 3 },
705 .errstr = "R0 pointer += pointer prohibited",
708 "map access: known scalar -= value_ptr",
710 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
711 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
712 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
713 BPF_LD_MAP_FD(BPF_REG_1, 0),
714 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
715 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 3),
716 BPF_MOV64_IMM(BPF_REG_1, 4),
717 BPF_ALU64_REG(BPF_SUB, BPF_REG_1, BPF_REG_0),
718 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 0),
719 BPF_MOV64_IMM(BPF_REG_0, 1),
722 .fixup_map_array_48b = { 3 },
724 .errstr = "R1 tried to subtract pointer from scalar",
727 "map access: value_ptr -= known scalar",
729 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
730 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
731 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
732 BPF_LD_MAP_FD(BPF_REG_1, 0),
733 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
734 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 3),
735 BPF_MOV64_IMM(BPF_REG_1, 4),
736 BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
737 BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 0),
738 BPF_MOV64_IMM(BPF_REG_0, 1),
741 .fixup_map_array_48b = { 3 },
743 .errstr = "R0 min value is outside of the allowed memory range",
746 "map access: value_ptr -= known scalar, 2",
748 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
749 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
750 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
751 BPF_LD_MAP_FD(BPF_REG_1, 0),
752 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
753 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 5),
754 BPF_MOV64_IMM(BPF_REG_1, 6),
755 BPF_MOV64_IMM(BPF_REG_2, 4),
756 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_1),
757 BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_2),
758 BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 0),
759 BPF_MOV64_IMM(BPF_REG_0, 1),
762 .fixup_map_array_48b = { 3 },
767 "map access: unknown scalar -= value_ptr",
769 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
770 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
771 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
772 BPF_LD_MAP_FD(BPF_REG_1, 0),
773 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
774 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 4),
775 BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 0),
776 BPF_ALU64_IMM(BPF_AND, BPF_REG_1, 0xf),
777 BPF_ALU64_REG(BPF_SUB, BPF_REG_1, BPF_REG_0),
778 BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 0),
779 BPF_MOV64_IMM(BPF_REG_0, 1),
782 .fixup_map_array_48b = { 3 },
784 .errstr = "R1 tried to subtract pointer from scalar",
787 "map access: value_ptr -= unknown scalar",
789 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
790 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
791 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
792 BPF_LD_MAP_FD(BPF_REG_1, 0),
793 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
794 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 4),
795 BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 0),
796 BPF_ALU64_IMM(BPF_AND, BPF_REG_1, 0xf),
797 BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
798 BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 0),
799 BPF_MOV64_IMM(BPF_REG_0, 1),
802 .fixup_map_array_48b = { 3 },
804 .errstr = "R0 min value is negative",
807 "map access: value_ptr -= unknown scalar, 2",
809 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
810 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
811 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
812 BPF_LD_MAP_FD(BPF_REG_1, 0),
813 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
814 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 8),
815 BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 0),
816 BPF_ALU64_IMM(BPF_AND, BPF_REG_1, 0xf),
817 BPF_ALU64_IMM(BPF_OR, BPF_REG_1, 0x7),
818 BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_1),
819 BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 0),
820 BPF_ALU64_IMM(BPF_AND, BPF_REG_1, 0x7),
821 BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
822 BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 0),
823 BPF_MOV64_IMM(BPF_REG_0, 1),
826 .fixup_map_array_48b = { 3 },
828 .result_unpriv = REJECT,
829 .errstr_unpriv = "R0 pointer arithmetic of map value goes out of range",
833 "map access: value_ptr -= value_ptr",
835 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
836 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
837 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
838 BPF_LD_MAP_FD(BPF_REG_1, 0),
839 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
840 BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 2),
841 BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_0),
842 BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 0),
843 BPF_MOV64_IMM(BPF_REG_0, 1),
846 .fixup_map_array_48b = { 3 },
848 .errstr = "R0 invalid mem access 'inv'",
849 .errstr_unpriv = "R0 pointer -= pointer prohibited",
852 "32bit pkt_ptr -= scalar",
854 BPF_LDX_MEM(BPF_W, BPF_REG_8, BPF_REG_1,
855 offsetof(struct __sk_buff, data_end)),
856 BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_1,
857 offsetof(struct __sk_buff, data)),
858 BPF_MOV64_REG(BPF_REG_6, BPF_REG_7),
859 BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, 40),
860 BPF_JMP_REG(BPF_JGT, BPF_REG_6, BPF_REG_8, 2),
861 BPF_ALU32_REG(BPF_MOV, BPF_REG_4, BPF_REG_7),
862 BPF_ALU32_REG(BPF_SUB, BPF_REG_6, BPF_REG_4),
863 BPF_MOV64_IMM(BPF_REG_0, 0),
866 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
868 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
871 "32bit scalar -= pkt_ptr",
873 BPF_LDX_MEM(BPF_W, BPF_REG_8, BPF_REG_1,
874 offsetof(struct __sk_buff, data_end)),
875 BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_1,
876 offsetof(struct __sk_buff, data)),
877 BPF_MOV64_REG(BPF_REG_6, BPF_REG_7),
878 BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, 40),
879 BPF_JMP_REG(BPF_JGT, BPF_REG_6, BPF_REG_8, 2),
880 BPF_ALU32_REG(BPF_MOV, BPF_REG_4, BPF_REG_6),
881 BPF_ALU32_REG(BPF_SUB, BPF_REG_4, BPF_REG_7),
882 BPF_MOV64_IMM(BPF_REG_0, 0),
885 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
887 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
projects / linux-2.6-microblaze.git / blob