Loading...
1// SPDX-License-Identifier: GPL-2.0
2/* Converted from tools/testing/selftests/bpf/verifier/int_ptr.c */
3
4#include <linux/bpf.h>
5#include <bpf/bpf_helpers.h>
6#include "bpf_misc.h"
7
8SEC("socket")
9__description("arg pointer to long uninitialized")
10__success
11__naked void arg_ptr_to_long_uninitialized(void)
12{
13 asm volatile (" \
14 /* bpf_strtoul arg1 (buf) */ \
15 r7 = r10; \
16 r7 += -8; \
17 r0 = 0x00303036; \
18 *(u64*)(r7 + 0) = r0; \
19 r1 = r7; \
20 /* bpf_strtoul arg2 (buf_len) */ \
21 r2 = 4; \
22 /* bpf_strtoul arg3 (flags) */ \
23 r3 = 0; \
24 /* bpf_strtoul arg4 (res) */ \
25 r7 += -8; \
26 r4 = r7; \
27 /* bpf_strtoul() */ \
28 call %[bpf_strtoul]; \
29 r0 = 1; \
30 exit; \
31" :
32 : __imm(bpf_strtoul)
33 : __clobber_all);
34}
35
36SEC("socket")
37__description("arg pointer to long half-uninitialized")
38__success
39__retval(0)
40__naked void ptr_to_long_half_uninitialized(void)
41{
42 asm volatile (" \
43 /* bpf_strtoul arg1 (buf) */ \
44 r7 = r10; \
45 r7 += -8; \
46 r0 = 0x00303036; \
47 *(u64*)(r7 + 0) = r0; \
48 r1 = r7; \
49 /* bpf_strtoul arg2 (buf_len) */ \
50 r2 = 4; \
51 /* bpf_strtoul arg3 (flags) */ \
52 r3 = 0; \
53 /* bpf_strtoul arg4 (res) */ \
54 r7 += -8; \
55 *(u32*)(r7 + 0) = r0; \
56 r4 = r7; \
57 /* bpf_strtoul() */ \
58 call %[bpf_strtoul]; \
59 r0 = 0; \
60 exit; \
61" :
62 : __imm(bpf_strtoul)
63 : __clobber_all);
64}
65
66SEC("cgroup/sysctl")
67__description("arg pointer to long misaligned")
68__failure __msg("misaligned stack access off 0+-20+0 size 8")
69__naked void arg_ptr_to_long_misaligned(void)
70{
71 asm volatile (" \
72 /* bpf_strtoul arg1 (buf) */ \
73 r7 = r10; \
74 r7 += -8; \
75 r0 = 0x00303036; \
76 *(u64*)(r7 + 0) = r0; \
77 r1 = r7; \
78 /* bpf_strtoul arg2 (buf_len) */ \
79 r2 = 4; \
80 /* bpf_strtoul arg3 (flags) */ \
81 r3 = 0; \
82 /* bpf_strtoul arg4 (res) */ \
83 r7 += -12; \
84 r0 = 0; \
85 *(u32*)(r7 + 0) = r0; \
86 *(u64*)(r7 + 4) = r0; \
87 r4 = r7; \
88 /* bpf_strtoul() */ \
89 call %[bpf_strtoul]; \
90 r0 = 1; \
91 exit; \
92" :
93 : __imm(bpf_strtoul)
94 : __clobber_all);
95}
96
97SEC("cgroup/sysctl")
98__description("arg pointer to long size < sizeof(long)")
99__failure __msg("invalid indirect access to stack R4 off=-4 size=8")
100__naked void to_long_size_sizeof_long(void)
101{
102 asm volatile (" \
103 /* bpf_strtoul arg1 (buf) */ \
104 r7 = r10; \
105 r7 += -16; \
106 r0 = 0x00303036; \
107 *(u64*)(r7 + 0) = r0; \
108 r1 = r7; \
109 /* bpf_strtoul arg2 (buf_len) */ \
110 r2 = 4; \
111 /* bpf_strtoul arg3 (flags) */ \
112 r3 = 0; \
113 /* bpf_strtoul arg4 (res) */ \
114 r7 += 12; \
115 *(u32*)(r7 + 0) = r0; \
116 r4 = r7; \
117 /* bpf_strtoul() */ \
118 call %[bpf_strtoul]; \
119 r0 = 1; \
120 exit; \
121" :
122 : __imm(bpf_strtoul)
123 : __clobber_all);
124}
125
126SEC("cgroup/sysctl")
127__description("arg pointer to long initialized")
128__success
129__naked void arg_ptr_to_long_initialized(void)
130{
131 asm volatile (" \
132 /* bpf_strtoul arg1 (buf) */ \
133 r7 = r10; \
134 r7 += -8; \
135 r0 = 0x00303036; \
136 *(u64*)(r7 + 0) = r0; \
137 r1 = r7; \
138 /* bpf_strtoul arg2 (buf_len) */ \
139 r2 = 4; \
140 /* bpf_strtoul arg3 (flags) */ \
141 r3 = 0; \
142 /* bpf_strtoul arg4 (res) */ \
143 r7 += -8; \
144 *(u64*)(r7 + 0) = r0; \
145 r4 = r7; \
146 /* bpf_strtoul() */ \
147 call %[bpf_strtoul]; \
148 r0 = 1; \
149 exit; \
150" :
151 : __imm(bpf_strtoul)
152 : __clobber_all);
153}
154
155char _license[] SEC("license") = "GPL";
1// SPDX-License-Identifier: GPL-2.0
2/* Converted from tools/testing/selftests/bpf/verifier/int_ptr.c */
3
4#include <linux/bpf.h>
5#include <bpf/bpf_helpers.h>
6#include "bpf_misc.h"
7
8SEC("socket")
9__description("ARG_PTR_TO_LONG uninitialized")
10__success
11__failure_unpriv __msg_unpriv("invalid indirect read from stack R4 off -16+0 size 8")
12__naked void arg_ptr_to_long_uninitialized(void)
13{
14 asm volatile (" \
15 /* bpf_strtoul arg1 (buf) */ \
16 r7 = r10; \
17 r7 += -8; \
18 r0 = 0x00303036; \
19 *(u64*)(r7 + 0) = r0; \
20 r1 = r7; \
21 /* bpf_strtoul arg2 (buf_len) */ \
22 r2 = 4; \
23 /* bpf_strtoul arg3 (flags) */ \
24 r3 = 0; \
25 /* bpf_strtoul arg4 (res) */ \
26 r7 += -8; \
27 r4 = r7; \
28 /* bpf_strtoul() */ \
29 call %[bpf_strtoul]; \
30 r0 = 1; \
31 exit; \
32" :
33 : __imm(bpf_strtoul)
34 : __clobber_all);
35}
36
37SEC("socket")
38__description("ARG_PTR_TO_LONG half-uninitialized")
39/* in privileged mode reads from uninitialized stack locations are permitted */
40__success __failure_unpriv
41__msg_unpriv("invalid indirect read from stack R4 off -16+4 size 8")
42__retval(0)
43__naked void ptr_to_long_half_uninitialized(void)
44{
45 asm volatile (" \
46 /* bpf_strtoul arg1 (buf) */ \
47 r7 = r10; \
48 r7 += -8; \
49 r0 = 0x00303036; \
50 *(u64*)(r7 + 0) = r0; \
51 r1 = r7; \
52 /* bpf_strtoul arg2 (buf_len) */ \
53 r2 = 4; \
54 /* bpf_strtoul arg3 (flags) */ \
55 r3 = 0; \
56 /* bpf_strtoul arg4 (res) */ \
57 r7 += -8; \
58 *(u32*)(r7 + 0) = r0; \
59 r4 = r7; \
60 /* bpf_strtoul() */ \
61 call %[bpf_strtoul]; \
62 r0 = 0; \
63 exit; \
64" :
65 : __imm(bpf_strtoul)
66 : __clobber_all);
67}
68
69SEC("cgroup/sysctl")
70__description("ARG_PTR_TO_LONG misaligned")
71__failure __msg("misaligned stack access off 0+-20+0 size 8")
72__naked void arg_ptr_to_long_misaligned(void)
73{
74 asm volatile (" \
75 /* bpf_strtoul arg1 (buf) */ \
76 r7 = r10; \
77 r7 += -8; \
78 r0 = 0x00303036; \
79 *(u64*)(r7 + 0) = r0; \
80 r1 = r7; \
81 /* bpf_strtoul arg2 (buf_len) */ \
82 r2 = 4; \
83 /* bpf_strtoul arg3 (flags) */ \
84 r3 = 0; \
85 /* bpf_strtoul arg4 (res) */ \
86 r7 += -12; \
87 r0 = 0; \
88 *(u32*)(r7 + 0) = r0; \
89 *(u64*)(r7 + 4) = r0; \
90 r4 = r7; \
91 /* bpf_strtoul() */ \
92 call %[bpf_strtoul]; \
93 r0 = 1; \
94 exit; \
95" :
96 : __imm(bpf_strtoul)
97 : __clobber_all);
98}
99
100SEC("cgroup/sysctl")
101__description("ARG_PTR_TO_LONG size < sizeof(long)")
102__failure __msg("invalid indirect access to stack R4 off=-4 size=8")
103__naked void to_long_size_sizeof_long(void)
104{
105 asm volatile (" \
106 /* bpf_strtoul arg1 (buf) */ \
107 r7 = r10; \
108 r7 += -16; \
109 r0 = 0x00303036; \
110 *(u64*)(r7 + 0) = r0; \
111 r1 = r7; \
112 /* bpf_strtoul arg2 (buf_len) */ \
113 r2 = 4; \
114 /* bpf_strtoul arg3 (flags) */ \
115 r3 = 0; \
116 /* bpf_strtoul arg4 (res) */ \
117 r7 += 12; \
118 *(u32*)(r7 + 0) = r0; \
119 r4 = r7; \
120 /* bpf_strtoul() */ \
121 call %[bpf_strtoul]; \
122 r0 = 1; \
123 exit; \
124" :
125 : __imm(bpf_strtoul)
126 : __clobber_all);
127}
128
129SEC("cgroup/sysctl")
130__description("ARG_PTR_TO_LONG initialized")
131__success
132__naked void arg_ptr_to_long_initialized(void)
133{
134 asm volatile (" \
135 /* bpf_strtoul arg1 (buf) */ \
136 r7 = r10; \
137 r7 += -8; \
138 r0 = 0x00303036; \
139 *(u64*)(r7 + 0) = r0; \
140 r1 = r7; \
141 /* bpf_strtoul arg2 (buf_len) */ \
142 r2 = 4; \
143 /* bpf_strtoul arg3 (flags) */ \
144 r3 = 0; \
145 /* bpf_strtoul arg4 (res) */ \
146 r7 += -8; \
147 *(u64*)(r7 + 0) = r0; \
148 r4 = r7; \
149 /* bpf_strtoul() */ \
150 call %[bpf_strtoul]; \
151 r0 = 1; \
152 exit; \
153" :
154 : __imm(bpf_strtoul)
155 : __clobber_all);
156}
157
158char _license[] SEC("license") = "GPL";