1 // SPDX-License-Identifier: GPL-2.0 2 #include <linux/bpf.h> 3 #include <bpf/bpf_helpers.h> 4 #include <bpf/bpf_endian.h> 5 6 int cork_byte; 7 int push_start; 8 int push_end; 9 int apply_bytes; 10 int pop_start; 11 int pop_end; 12 13 struct { 14 __uint(type, BPF_MAP_TYPE_SOCKMAP); 15 __uint(max_entries, 20); 16 __type(key, int); 17 __type(value, int); 18 } sock_map SEC(".maps"); 19 20 struct { 21 __uint(type, BPF_MAP_TYPE_SOCKMAP); 22 __uint(max_entries, 2); 23 __type(key, int); 24 __type(value, int); 25 } sock_map_verdict SEC(".maps"); 26 27 SEC("sk_msg") 28 int prog_sk_policy(struct sk_msg_md *msg) 29 { 30 if (cork_byte > 0) 31 bpf_msg_cork_bytes(msg, cork_byte); 32 if (push_start > 0 && push_end > 0) 33 bpf_msg_push_data(msg, push_start, push_end, 0); 34 if (pop_start >= 0 && pop_end > 0) 35 bpf_msg_pop_data(msg, pop_start, pop_end, 0); 36 37 return SK_PASS; 38 } 39 40 SEC("sk_msg") 41 int prog_sk_policy_redir(struct sk_msg_md *msg) 42 { 43 int two = 2; 44 45 bpf_msg_apply_bytes(msg, apply_bytes); 46 return bpf_msg_redirect_map(msg, &sock_map, two, 0); 47 } 48 49 /* 50 * Verdict program for the reverse-order TLS/sockmap regression test. 51 * Returns SK_PASS so tcp_read_skb() drains the receive queue via 52 * sk_psock_verdict_recv() without calling tcp_eat_skb(), which is 53 * the precondition for the KTLS strparser frag_list UAF. 54 */ 55 SEC("sk_skb/verdict") 56 int prog_skb_verdict_pass(struct __sk_buff *skb) 57 { 58 return SK_PASS; 59 } 60 61 char _license[] SEC("license") = "GPL"; 62