Loading...
Note: File does not exist in v4.17.
1{
2 "precise: test 1",
3 .insns = {
4 BPF_MOV64_IMM(BPF_REG_0, 1),
5 BPF_LD_MAP_FD(BPF_REG_6, 0),
6 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
7 BPF_MOV64_REG(BPF_REG_2, BPF_REG_FP),
8 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
9 BPF_ST_MEM(BPF_DW, BPF_REG_FP, -8, 0),
10 BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
11 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
12 BPF_EXIT_INSN(),
13
14 BPF_MOV64_REG(BPF_REG_9, BPF_REG_0),
15
16 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
17 BPF_MOV64_REG(BPF_REG_2, BPF_REG_FP),
18 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
19 BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
20 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
21 BPF_EXIT_INSN(),
22
23 BPF_MOV64_REG(BPF_REG_8, BPF_REG_0),
24
25 BPF_ALU64_REG(BPF_SUB, BPF_REG_9, BPF_REG_8), /* map_value_ptr -= map_value_ptr */
26 BPF_MOV64_REG(BPF_REG_2, BPF_REG_9),
27 BPF_JMP_IMM(BPF_JLT, BPF_REG_2, 8, 1),
28 BPF_EXIT_INSN(),
29
30 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, 1), /* R2=scalar(umin=1, umax=8) */
31 BPF_MOV64_REG(BPF_REG_1, BPF_REG_FP),
32 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -8),
33 BPF_MOV64_IMM(BPF_REG_3, 0),
34 BPF_EMIT_CALL(BPF_FUNC_probe_read_kernel),
35 BPF_EXIT_INSN(),
36 },
37 .prog_type = BPF_PROG_TYPE_TRACEPOINT,
38 .fixup_map_array_48b = { 1 },
39 .result = VERBOSE_ACCEPT,
40 .errstr =
41 "26: (85) call bpf_probe_read_kernel#113\
42 last_idx 26 first_idx 20\
43 regs=4 stack=0 before 25\
44 regs=4 stack=0 before 24\
45 regs=4 stack=0 before 23\
46 regs=4 stack=0 before 22\
47 regs=4 stack=0 before 20\
48 parent didn't have regs=4 stack=0 marks\
49 last_idx 19 first_idx 10\
50 regs=4 stack=0 before 19\
51 regs=200 stack=0 before 18\
52 regs=300 stack=0 before 17\
53 regs=201 stack=0 before 15\
54 regs=201 stack=0 before 14\
55 regs=200 stack=0 before 13\
56 regs=200 stack=0 before 12\
57 regs=200 stack=0 before 11\
58 regs=200 stack=0 before 10\
59 parent already had regs=0 stack=0 marks",
60},
61{
62 "precise: test 2",
63 .insns = {
64 BPF_MOV64_IMM(BPF_REG_0, 1),
65 BPF_LD_MAP_FD(BPF_REG_6, 0),
66 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
67 BPF_MOV64_REG(BPF_REG_2, BPF_REG_FP),
68 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
69 BPF_ST_MEM(BPF_DW, BPF_REG_FP, -8, 0),
70 BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
71 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
72 BPF_EXIT_INSN(),
73
74 BPF_MOV64_REG(BPF_REG_9, BPF_REG_0),
75
76 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
77 BPF_MOV64_REG(BPF_REG_2, BPF_REG_FP),
78 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
79 BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
80 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
81 BPF_EXIT_INSN(),
82
83 BPF_MOV64_REG(BPF_REG_8, BPF_REG_0),
84
85 BPF_ALU64_REG(BPF_SUB, BPF_REG_9, BPF_REG_8), /* map_value_ptr -= map_value_ptr */
86 BPF_MOV64_REG(BPF_REG_2, BPF_REG_9),
87 BPF_JMP_IMM(BPF_JLT, BPF_REG_2, 8, 1),
88 BPF_EXIT_INSN(),
89
90 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, 1), /* R2=scalar(umin=1, umax=8) */
91 BPF_MOV64_REG(BPF_REG_1, BPF_REG_FP),
92 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -8),
93 BPF_MOV64_IMM(BPF_REG_3, 0),
94 BPF_EMIT_CALL(BPF_FUNC_probe_read_kernel),
95 BPF_EXIT_INSN(),
96 },
97 .prog_type = BPF_PROG_TYPE_TRACEPOINT,
98 .fixup_map_array_48b = { 1 },
99 .result = VERBOSE_ACCEPT,
100 .flags = BPF_F_TEST_STATE_FREQ,
101 .errstr =
102 "26: (85) call bpf_probe_read_kernel#113\
103 last_idx 26 first_idx 22\
104 regs=4 stack=0 before 25\
105 regs=4 stack=0 before 24\
106 regs=4 stack=0 before 23\
107 regs=4 stack=0 before 22\
108 parent didn't have regs=4 stack=0 marks\
109 last_idx 20 first_idx 20\
110 regs=4 stack=0 before 20\
111 parent didn't have regs=4 stack=0 marks\
112 last_idx 19 first_idx 17\
113 regs=4 stack=0 before 19\
114 regs=200 stack=0 before 18\
115 regs=300 stack=0 before 17\
116 parent already had regs=0 stack=0 marks",
117},
118{
119 "precise: cross frame pruning",
120 .insns = {
121 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_get_prandom_u32),
122 BPF_MOV64_IMM(BPF_REG_8, 0),
123 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
124 BPF_MOV64_IMM(BPF_REG_8, 1),
125 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_get_prandom_u32),
126 BPF_MOV64_IMM(BPF_REG_9, 0),
127 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
128 BPF_MOV64_IMM(BPF_REG_9, 1),
129 BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
130 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 1, 0, 4),
131 BPF_JMP_IMM(BPF_JEQ, BPF_REG_8, 1, 1),
132 BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_2, 0),
133 BPF_MOV64_IMM(BPF_REG_0, 0),
134 BPF_EXIT_INSN(),
135 BPF_JMP_IMM(BPF_JEQ, BPF_REG_1, 0, 0),
136 BPF_EXIT_INSN(),
137 },
138 .prog_type = BPF_PROG_TYPE_XDP,
139 .flags = BPF_F_TEST_STATE_FREQ,
140 .errstr = "!read_ok",
141 .result = REJECT,
142},
143{
144 "precise: ST insn causing spi > allocated_stack",
145 .insns = {
146 BPF_MOV64_REG(BPF_REG_3, BPF_REG_10),
147 BPF_JMP_IMM(BPF_JNE, BPF_REG_3, 123, 0),
148 BPF_ST_MEM(BPF_DW, BPF_REG_3, -8, 0),
149 BPF_LDX_MEM(BPF_DW, BPF_REG_4, BPF_REG_10, -8),
150 BPF_MOV64_IMM(BPF_REG_0, -1),
151 BPF_JMP_REG(BPF_JGT, BPF_REG_4, BPF_REG_0, 0),
152 BPF_EXIT_INSN(),
153 },
154 .prog_type = BPF_PROG_TYPE_XDP,
155 .flags = BPF_F_TEST_STATE_FREQ,
156 .errstr = "5: (2d) if r4 > r0 goto pc+0\
157 last_idx 5 first_idx 5\
158 parent didn't have regs=10 stack=0 marks\
159 last_idx 4 first_idx 2\
160 regs=10 stack=0 before 4\
161 regs=10 stack=0 before 3\
162 regs=0 stack=1 before 2\
163 last_idx 5 first_idx 5\
164 parent didn't have regs=1 stack=0 marks",
165 .result = VERBOSE_ACCEPT,
166 .retval = -1,
167},
168{
169 "precise: STX insn causing spi > allocated_stack",
170 .insns = {
171 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_get_prandom_u32),
172 BPF_MOV64_REG(BPF_REG_3, BPF_REG_10),
173 BPF_JMP_IMM(BPF_JNE, BPF_REG_3, 123, 0),
174 BPF_STX_MEM(BPF_DW, BPF_REG_3, BPF_REG_0, -8),
175 BPF_LDX_MEM(BPF_DW, BPF_REG_4, BPF_REG_10, -8),
176 BPF_MOV64_IMM(BPF_REG_0, -1),
177 BPF_JMP_REG(BPF_JGT, BPF_REG_4, BPF_REG_0, 0),
178 BPF_EXIT_INSN(),
179 },
180 .prog_type = BPF_PROG_TYPE_XDP,
181 .flags = BPF_F_TEST_STATE_FREQ,
182 .errstr = "last_idx 6 first_idx 6\
183 parent didn't have regs=10 stack=0 marks\
184 last_idx 5 first_idx 3\
185 regs=10 stack=0 before 5\
186 regs=10 stack=0 before 4\
187 regs=0 stack=1 before 3\
188 last_idx 6 first_idx 6\
189 parent didn't have regs=1 stack=0 marks\
190 last_idx 5 first_idx 3\
191 regs=1 stack=0 before 5",
192 .result = VERBOSE_ACCEPT,
193 .retval = -1,
194},
195{
196 "precise: mark_chain_precision for ARG_CONST_ALLOC_SIZE_OR_ZERO",
197 .insns = {
198 BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_1, offsetof(struct xdp_md, ingress_ifindex)),
199 BPF_LD_MAP_FD(BPF_REG_6, 0),
200 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
201 BPF_MOV64_IMM(BPF_REG_2, 1),
202 BPF_MOV64_IMM(BPF_REG_3, 0),
203 BPF_JMP_IMM(BPF_JEQ, BPF_REG_4, 0, 1),
204 BPF_MOV64_IMM(BPF_REG_2, 0x1000),
205 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_ringbuf_reserve),
206 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
207 BPF_EXIT_INSN(),
208 BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
209 BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_0, 42),
210 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_ringbuf_submit),
211 BPF_MOV64_IMM(BPF_REG_0, 0),
212 BPF_EXIT_INSN(),
213 },
214 .fixup_map_ringbuf = { 1 },
215 .prog_type = BPF_PROG_TYPE_XDP,
216 .flags = BPF_F_TEST_STATE_FREQ,
217 .errstr = "invalid access to memory, mem_size=1 off=42 size=8",
218 .result = REJECT,
219},