diff options
| author | Paul Chaignon <paul.chaignon@gmail.com> | 2024-09-09 23:13:54 +0200 |
|---|---|---|
| committer | Aleksandr Nogikh <nogikh@google.com> | 2024-09-11 15:44:33 +0000 |
| commit | d94c83d8ace830ea2b5a52a5bb82d96e75d59e5d (patch) | |
| tree | aa25a39c31981dc377add2d384f9eb30360c8931 /sys/linux/bpf_prog.txt | |
| parent | 709979145c8aad814397b9314d5bd44d9e2ccc1d (diff) | |
sys/linux: improve BPF program attach types
Which attach types are available to a BPF program depends on its type.
We can encode this using conditional fields to reduce the time syzkaller
loses on unsupported combinations of (program type; attach type).
Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
Diffstat (limited to 'sys/linux/bpf_prog.txt')
| -rw-r--r-- | sys/linux/bpf_prog.txt | 44 |
1 files changed, 43 insertions, 1 deletions
diff --git a/sys/linux/bpf_prog.txt b/sys/linux/bpf_prog.txt index 5681c253a..82ae0b217 100644 --- a/sys/linux/bpf_prog.txt +++ b/sys/linux/bpf_prog.txt @@ -39,7 +39,49 @@ type bpf_prog_t[TYPE, ATTACH_TYPE, BTF_ID, PROG_FD] { pad const[0, int32] (if[value[flags] & BPF_F_TOKEN_FD == 0]) } [packed] -type bpf_prog bpf_prog_t[flags[bpf_prog_type, int32], flags[bpf_attach_type, int32], bpf_btf_id[opt], fd_bpf_prog[opt]] +# These flags should match the mappings in bpf_prog_load_check_attach and attach_type_to_prog_type upstream. +cgroup_sock_attach_types = BPF_CGROUP_INET_SOCK_CREATE, BPF_CGROUP_INET_SOCK_RELEASE, BPF_CGROUP_INET4_POST_BIND, BPF_CGROUP_INET6_POST_BIND +cgroup_sock_addr_attach_types = BPF_CGROUP_INET4_BIND, BPF_CGROUP_INET6_BIND, BPF_CGROUP_INET4_CONNECT, BPF_CGROUP_INET6_CONNECT, BPF_CGROUP_UNIX_CONNECT, BPF_CGROUP_INET4_GETPEERNAME, BPF_CGROUP_INET6_GETPEERNAME, BPF_CGROUP_UNIX_GETPEERNAME, BPF_CGROUP_INET4_GETSOCKNAME, BPF_CGROUP_INET6_GETSOCKNAME, BPF_CGROUP_UNIX_GETSOCKNAME, BPF_CGROUP_UDP4_SENDMSG, BPF_CGROUP_UDP6_SENDMSG, BPF_CGROUP_UNIX_SENDMSG, BPF_CGROUP_UDP4_RECVMSG, BPF_CGROUP_UDP6_RECVMSG, BPF_CGROUP_UNIX_RECVMSG +cgroup_skb_attach_types = BPF_CGROUP_INET_INGRESS, BPF_CGROUP_INET_EGRESS +cgroup_sockopt_attach_types = BPF_CGROUP_SETSOCKOPT, BPF_CGROUP_GETSOCKOPT +sk_lookup_attach_types = BPF_SK_LOOKUP +sk_reuseport_attach_types = BPF_SK_REUSEPORT_SELECT, BPF_SK_REUSEPORT_SELECT_OR_MIGRATE +netfilter_attach_types = BPF_NETFILTER +sock_ops_attach_types = BPF_CGROUP_SOCK_OPS +cgroup_device_attach_types = BPF_CGROUP_DEVICE +sk_msg_attach_types = BPF_SK_MSG_VERDICT +sk_skb_attach_types = BPF_SK_SKB_STREAM_PARSER, BPF_SK_SKB_STREAM_VERDICT, BPF_SK_SKB_VERDICT +lirc_mode2_attach_types = BPF_LIRC_MODE2 +flow_dissector_attach_types = BPF_FLOW_DISSECTOR +cgroup_sysctl_attach_types = BPF_CGROUP_SYSCTL +tracing_attach_types = BPF_TRACE_ITER, BPF_TRACE_RAW_TP, BPF_TRACE_FENTRY, BPF_TRACE_FEXIT, BPF_MODIFY_RETURN +lsm_attach_types = BPF_LSM_MAC, BPF_LSM_CGROUP +xdp_attach_types = BPF_XDP +sched_cls_attach_types = BPF_TCX_INGRESS, BPF_TCX_EGRESS, BPF_NETKIT_PRIMARY, BPF_NETKIT_PEER + +bpf_prog_attach_types [ + cgroup_sock flags[cgroup_sock_attach_types, int32] (if[value[bpf_prog_t:type] == BPF_PROG_TYPE_CGROUP_SOCK]) + cgroup_sock_addr flags[cgroup_sock_addr_attach_types, int32] (if[value[bpf_prog_t:type] == BPF_PROG_TYPE_CGROUP_SOCK_ADDR]) + cgroup_skb flags[cgroup_skb_attach_types, int32] (if[value[bpf_prog_t:type] == BPF_PROG_TYPE_CGROUP_SKB]) + cgroup_sockopt flags[cgroup_sockopt_attach_types, int32] (if[value[bpf_prog_t:type] == BPF_PROG_TYPE_CGROUP_SOCKOPT]) + sk_lookup flags[sk_lookup_attach_types, int32] (if[value[bpf_prog_t:type] == BPF_PROG_TYPE_SK_LOOKUP]) + sk_reuseport flags[sk_reuseport_attach_types, int32] (if[value[bpf_prog_t:type] == BPF_PROG_TYPE_SK_REUSEPORT]) + netfilter flags[netfilter_attach_types, int32] (if[value[bpf_prog_t:type] == BPF_PROG_TYPE_NETFILTER]) + sock_ops flags[sock_ops_attach_types, int32] (if[value[bpf_prog_t:type] == BPF_PROG_TYPE_SOCK_OPS]) + cgroup_device flags[cgroup_device_attach_types, int32] (if[value[bpf_prog_t:type] == BPF_PROG_TYPE_CGROUP_DEVICE]) + sk_msg flags[sk_msg_attach_types, int32] (if[value[bpf_prog_t:type] == BPF_PROG_TYPE_SK_MSG]) + sk_skb flags[sk_skb_attach_types, int32] (if[value[bpf_prog_t:type] == BPF_PROG_TYPE_SK_SKB]) + lirc_mode2 flags[lirc_mode2_attach_types, int32] (if[value[bpf_prog_t:type] == BPF_PROG_TYPE_LIRC_MODE2]) + flow_dissector flags[flow_dissector_attach_types, int32] (if[value[bpf_prog_t:type] == BPF_PROG_TYPE_FLOW_DISSECTOR]) + cgroup_sysctl flags[cgroup_sysctl_attach_types, int32] (if[value[bpf_prog_t:type] == BPF_PROG_TYPE_CGROUP_SYSCTL]) + tracing flags[tracing_attach_types, int32] (if[value[bpf_prog_t:type] == BPF_PROG_TYPE_TRACING]) + lsm flags[lsm_attach_types, int32] (if[value[bpf_prog_t:type] == BPF_PROG_TYPE_LSM]) + xdp flags[xdp_attach_types, int32] (if[value[bpf_prog_t:type] == BPF_PROG_TYPE_XDP]) + sched_cls flags[sched_cls_attach_types, int32] (if[value[bpf_prog_t:type] == BPF_PROG_TYPE_SCHED_CLS]) + fallback flags[bpf_attach_types, int32] +] + +type bpf_prog bpf_prog_t[flags[bpf_prog_type, int32], bpf_prog_attach_types, bpf_btf_id[opt], fd_bpf_prog[opt]] bpf_licenses = "GPL", "syzkaller" bpf_kern_version = 0x40f00, 0x41000, 0x41100 |