1 // SPDX-License-Identifier: GPL-2.0
2 #include <linux/bpf.h>
3 #include <bpf/bpf_helpers.h>
4 #include <bpf/bpf_endian.h>
5
6 int cork_byte;
7 int push_start;
8 int push_end;
9 int apply_bytes;
10 int pop_start;
11 int pop_end;
12
13 struct {
14 __uint(type, BPF_MAP_TYPE_SOCKMAP);
15 __uint(max_entries, 20);
16 __type(key, int);
17 __type(value, int);
18 } sock_map SEC(".maps");
19
20 struct {
21 __uint(type, BPF_MAP_TYPE_SOCKMAP);
22 __uint(max_entries, 2);
23 __type(key, int);
24 __type(value, int);
25 } sock_map_verdict SEC(".maps");
26
27 SEC("sk_msg")
prog_sk_policy(struct sk_msg_md * msg)28 int prog_sk_policy(struct sk_msg_md *msg)
29 {
30 if (cork_byte > 0)
31 bpf_msg_cork_bytes(msg, cork_byte);
32 if (push_start > 0 && push_end > 0)
33 bpf_msg_push_data(msg, push_start, push_end, 0);
34 if (pop_start >= 0 && pop_end > 0)
35 bpf_msg_pop_data(msg, pop_start, pop_end, 0);
36
37 return SK_PASS;
38 }
39
40 SEC("sk_msg")
prog_sk_policy_redir(struct sk_msg_md * msg)41 int prog_sk_policy_redir(struct sk_msg_md *msg)
42 {
43 int two = 2;
44
45 bpf_msg_apply_bytes(msg, apply_bytes);
46 return bpf_msg_redirect_map(msg, &sock_map, two, 0);
47 }
48
49 /*
50 * Verdict program for the reverse-order TLS/sockmap regression test.
51 * Returns SK_PASS so tcp_read_skb() drains the receive queue via
52 * sk_psock_verdict_recv() without calling tcp_eat_skb(), which is
53 * the precondition for the KTLS strparser frag_list UAF.
54 */
55 SEC("sk_skb/verdict")
prog_skb_verdict_pass(struct __sk_buff * skb)56 int prog_skb_verdict_pass(struct __sk_buff *skb)
57 {
58 return SK_PASS;
59 }
60
61 char _license[] SEC("license") = "GPL";
62