1 {
2 "prevent map lookup in sockmap",
3 .insns = {
4 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
5 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
6 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
7 BPF_LD_MAP_FD(BPF_REG_1, 0),
8 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
9 BPF_EXIT_INSN(),
10 },
11 .fixup_map_sockmap = { 3 },
12 .result = REJECT,
13 .errstr = "cannot pass map_type 15 into func bpf_map_lookup_elem",
14 .prog_type = BPF_PROG_TYPE_SOCK_OPS,
15 },
16 {
17 "prevent map lookup in sockhash",
18 .insns = {
19 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
20 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
21 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
22 BPF_LD_MAP_FD(BPF_REG_1, 0),
23 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
24 BPF_EXIT_INSN(),
25 },
26 .fixup_map_sockhash = { 3 },
27 .result = REJECT,
28 .errstr = "cannot pass map_type 18 into func bpf_map_lookup_elem",
29 .prog_type = BPF_PROG_TYPE_SOCK_OPS,
30 },
31 {
32 "prevent map lookup in stack trace",
33 .insns = {
34 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
35 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
36 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
37 BPF_LD_MAP_FD(BPF_REG_1, 0),
38 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
39 BPF_EXIT_INSN(),
40 },
41 .fixup_map_stacktrace = { 3 },
42 .result = REJECT,
43 .errstr = "cannot pass map_type 7 into func bpf_map_lookup_elem",
44 .prog_type = BPF_PROG_TYPE_PERF_EVENT,
45 },
46 {
47 "prevent map lookup in prog array",
48 .insns = {
49 BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
50 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
51 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
52 BPF_LD_MAP_FD(BPF_REG_1, 0),
53 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
54 BPF_EXIT_INSN(),
55 },
56 .fixup_prog2 = { 3 },
57 .result = REJECT,
58 .errstr = "cannot pass map_type 3 into func bpf_map_lookup_elem",
59 },