^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) /* SPDX-License-Identifier: GPL-2.0 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * Example wrapper around BPF macros.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * Copyright (c) 2012 The Chromium OS Authors <chromium-os-dev@chromium.org>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) * Author: Will Drewry <wad@chromium.org>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) * The code may be used by anyone for any purpose,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) * and can serve as a starting point for developing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) * applications using prctl(PR_SET_SECCOMP, 2, ...).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) * No guarantees are provided with respect to the correctness
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) * or functionality of this code.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) #ifndef __BPF_HELPER_H__
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) #define __BPF_HELPER_H__
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) #include <asm/bitsperlong.h> /* for __BITS_PER_LONG */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) #include <endian.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) #include <linux/filter.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) #include <linux/seccomp.h> /* for seccomp_data */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) #include <linux/types.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) #include <linux/unistd.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) #include <stddef.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) #define BPF_LABELS_MAX 256
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) struct bpf_labels {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) int count;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) struct __bpf_label {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) const char *label;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) __u32 location;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) } labels[BPF_LABELS_MAX];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) int bpf_resolve_jumps(struct bpf_labels *labels,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) struct sock_filter *filter, size_t count);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) __u32 seccomp_bpf_label(struct bpf_labels *labels, const char *label);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) void seccomp_bpf_print(struct sock_filter *filter, size_t count);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) #define JUMP_JT 0xff
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) #define JUMP_JF 0xff
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) #define LABEL_JT 0xfe
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) #define LABEL_JF 0xfe
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) #define ALLOW \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) #define DENY \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) #define JUMP(labels, label) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) BPF_JUMP(BPF_JMP+BPF_JA, FIND_LABEL((labels), (label)), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) JUMP_JT, JUMP_JF)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) #define LABEL(labels, label) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) BPF_JUMP(BPF_JMP+BPF_JA, FIND_LABEL((labels), (label)), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) LABEL_JT, LABEL_JF)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) #define SYSCALL(nr, jt) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (nr), 0, 1), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) jt
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) /* Lame, but just an example */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) #define FIND_LABEL(labels, label) seccomp_bpf_label((labels), #label)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) #define EXPAND(...) __VA_ARGS__
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) /* Ensure that we load the logically correct offset. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) #if __BYTE_ORDER == __LITTLE_ENDIAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) #define LO_ARG(idx) offsetof(struct seccomp_data, args[(idx)])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) #elif __BYTE_ORDER == __BIG_ENDIAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) #define LO_ARG(idx) offsetof(struct seccomp_data, args[(idx)]) + sizeof(__u32)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) #error "Unknown endianness"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) /* Map all width-sensitive operations */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) #if __BITS_PER_LONG == 32
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) #define JEQ(x, jt) JEQ32(x, EXPAND(jt))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) #define JNE(x, jt) JNE32(x, EXPAND(jt))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) #define JGT(x, jt) JGT32(x, EXPAND(jt))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) #define JLT(x, jt) JLT32(x, EXPAND(jt))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) #define JGE(x, jt) JGE32(x, EXPAND(jt))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) #define JLE(x, jt) JLE32(x, EXPAND(jt))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) #define JA(x, jt) JA32(x, EXPAND(jt))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) #define ARG(i) ARG_32(i)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) #elif __BITS_PER_LONG == 64
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) /* Ensure that we load the logically correct offset. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) #if __BYTE_ORDER == __LITTLE_ENDIAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) #define ENDIAN(_lo, _hi) _lo, _hi
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) #define HI_ARG(idx) offsetof(struct seccomp_data, args[(idx)]) + sizeof(__u32)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) #elif __BYTE_ORDER == __BIG_ENDIAN
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) #define ENDIAN(_lo, _hi) _hi, _lo
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) #define HI_ARG(idx) offsetof(struct seccomp_data, args[(idx)])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) union arg64 {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) struct {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) __u32 ENDIAN(lo32, hi32);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) __u64 u64;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) #define JEQ(x, jt) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) JEQ64(((union arg64){.u64 = (x)}).lo32, \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) ((union arg64){.u64 = (x)}).hi32, \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) EXPAND(jt))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) #define JGT(x, jt) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) JGT64(((union arg64){.u64 = (x)}).lo32, \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) ((union arg64){.u64 = (x)}).hi32, \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) EXPAND(jt))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) #define JGE(x, jt) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) JGE64(((union arg64){.u64 = (x)}).lo32, \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) ((union arg64){.u64 = (x)}).hi32, \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) EXPAND(jt))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) #define JNE(x, jt) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) JNE64(((union arg64){.u64 = (x)}).lo32, \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) ((union arg64){.u64 = (x)}).hi32, \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) EXPAND(jt))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) #define JLT(x, jt) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) JLT64(((union arg64){.u64 = (x)}).lo32, \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) ((union arg64){.u64 = (x)}).hi32, \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) EXPAND(jt))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) #define JLE(x, jt) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) JLE64(((union arg64){.u64 = (x)}).lo32, \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) ((union arg64){.u64 = (x)}).hi32, \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) EXPAND(jt))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) #define JA(x, jt) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) JA64(((union arg64){.u64 = (x)}).lo32, \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) ((union arg64){.u64 = (x)}).hi32, \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) EXPAND(jt))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) #define ARG(i) ARG_64(i)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) #error __BITS_PER_LONG value unusable.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) /* Loads the arg into A */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) #define ARG_32(idx) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) BPF_STMT(BPF_LD+BPF_W+BPF_ABS, LO_ARG(idx))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) /* Loads lo into M[0] and hi into M[1] and A */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) #define ARG_64(idx) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) BPF_STMT(BPF_LD+BPF_W+BPF_ABS, LO_ARG(idx)), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) BPF_STMT(BPF_ST, 0), /* lo -> M[0] */ \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) BPF_STMT(BPF_LD+BPF_W+BPF_ABS, HI_ARG(idx)), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) BPF_STMT(BPF_ST, 1) /* hi -> M[1] */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) #define JEQ32(value, jt) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (value), 0, 1), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) jt
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) #define JNE32(value, jt) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (value), 1, 0), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) jt
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) #define JA32(value, jt) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) BPF_JUMP(BPF_JMP+BPF_JSET+BPF_K, (value), 0, 1), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) jt
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) #define JGE32(value, jt) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, (value), 0, 1), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) jt
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) #define JGT32(value, jt) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) BPF_JUMP(BPF_JMP+BPF_JGT+BPF_K, (value), 0, 1), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) jt
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) #define JLE32(value, jt) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) BPF_JUMP(BPF_JMP+BPF_JGT+BPF_K, (value), 1, 0), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) jt
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) #define JLT32(value, jt) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, (value), 1, 0), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) jt
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) * All the JXX64 checks assume lo is saved in M[0] and hi is saved in both
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) * A and M[1]. This invariant is kept by restoring A if necessary.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) #define JEQ64(lo, hi, jt) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) /* if (hi != arg.hi) goto NOMATCH; */ \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (hi), 0, 5), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) BPF_STMT(BPF_LD+BPF_MEM, 0), /* swap in lo */ \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) /* if (lo != arg.lo) goto NOMATCH; */ \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (lo), 0, 2), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) BPF_STMT(BPF_LD+BPF_MEM, 1), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) jt, \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) BPF_STMT(BPF_LD+BPF_MEM, 1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) #define JNE64(lo, hi, jt) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) /* if (hi != arg.hi) goto MATCH; */ \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (hi), 0, 3), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) BPF_STMT(BPF_LD+BPF_MEM, 0), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) /* if (lo != arg.lo) goto MATCH; */ \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (lo), 2, 0), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) BPF_STMT(BPF_LD+BPF_MEM, 1), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) jt, \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) BPF_STMT(BPF_LD+BPF_MEM, 1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) #define JA64(lo, hi, jt) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) /* if (hi & arg.hi) goto MATCH; */ \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) BPF_JUMP(BPF_JMP+BPF_JSET+BPF_K, (hi), 3, 0), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) BPF_STMT(BPF_LD+BPF_MEM, 0), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) /* if (lo & arg.lo) goto MATCH; */ \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) BPF_JUMP(BPF_JMP+BPF_JSET+BPF_K, (lo), 0, 2), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) BPF_STMT(BPF_LD+BPF_MEM, 1), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) jt, \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) BPF_STMT(BPF_LD+BPF_MEM, 1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) #define JGE64(lo, hi, jt) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) /* if (hi > arg.hi) goto MATCH; */ \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) BPF_JUMP(BPF_JMP+BPF_JGT+BPF_K, (hi), 4, 0), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) /* if (hi != arg.hi) goto NOMATCH; */ \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (hi), 0, 5), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) BPF_STMT(BPF_LD+BPF_MEM, 0), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) /* if (lo >= arg.lo) goto MATCH; */ \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, (lo), 0, 2), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) BPF_STMT(BPF_LD+BPF_MEM, 1), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) jt, \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) BPF_STMT(BPF_LD+BPF_MEM, 1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) #define JGT64(lo, hi, jt) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) /* if (hi > arg.hi) goto MATCH; */ \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) BPF_JUMP(BPF_JMP+BPF_JGT+BPF_K, (hi), 4, 0), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) /* if (hi != arg.hi) goto NOMATCH; */ \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (hi), 0, 5), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) BPF_STMT(BPF_LD+BPF_MEM, 0), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) /* if (lo > arg.lo) goto MATCH; */ \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) BPF_JUMP(BPF_JMP+BPF_JGT+BPF_K, (lo), 0, 2), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) BPF_STMT(BPF_LD+BPF_MEM, 1), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) jt, \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) BPF_STMT(BPF_LD+BPF_MEM, 1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) #define JLE64(lo, hi, jt) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) /* if (hi < arg.hi) goto MATCH; */ \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, (hi), 0, 4), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) /* if (hi != arg.hi) goto NOMATCH; */ \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (hi), 0, 5), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) BPF_STMT(BPF_LD+BPF_MEM, 0), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) /* if (lo <= arg.lo) goto MATCH; */ \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) BPF_JUMP(BPF_JMP+BPF_JGT+BPF_K, (lo), 2, 0), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) BPF_STMT(BPF_LD+BPF_MEM, 1), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) jt, \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) BPF_STMT(BPF_LD+BPF_MEM, 1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) #define JLT64(lo, hi, jt) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) /* if (hi < arg.hi) goto MATCH; */ \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, (hi), 0, 4), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) /* if (hi != arg.hi) goto NOMATCH; */ \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (hi), 0, 5), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) BPF_STMT(BPF_LD+BPF_MEM, 0), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) /* if (lo < arg.lo) goto MATCH; */ \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) BPF_JUMP(BPF_JMP+BPF_JGE+BPF_K, (lo), 2, 0), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) BPF_STMT(BPF_LD+BPF_MEM, 1), \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) jt, \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) BPF_STMT(BPF_LD+BPF_MEM, 1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) #define LOAD_SYSCALL_NR \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) offsetof(struct seccomp_data, nr))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) #endif /* __BPF_HELPER_H__ */
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags