Loading...
Note: File does not exist in v4.10.11.
1// SPDX-License-Identifier: GPL-2.0
2/* Converted from tools/testing/selftests/bpf/verifier/int_ptr.c */
3
4#include <linux/bpf.h>
5#include <bpf/bpf_helpers.h>
6#include "bpf_misc.h"
7
8SEC("socket")
9__description("ARG_PTR_TO_LONG uninitialized")
10__success
11__failure_unpriv __msg_unpriv("invalid indirect read from stack R4 off -16+0 size 8")
12__naked void arg_ptr_to_long_uninitialized(void)
13{
14 asm volatile (" \
15 /* bpf_strtoul arg1 (buf) */ \
16 r7 = r10; \
17 r7 += -8; \
18 r0 = 0x00303036; \
19 *(u64*)(r7 + 0) = r0; \
20 r1 = r7; \
21 /* bpf_strtoul arg2 (buf_len) */ \
22 r2 = 4; \
23 /* bpf_strtoul arg3 (flags) */ \
24 r3 = 0; \
25 /* bpf_strtoul arg4 (res) */ \
26 r7 += -8; \
27 r4 = r7; \
28 /* bpf_strtoul() */ \
29 call %[bpf_strtoul]; \
30 r0 = 1; \
31 exit; \
32" :
33 : __imm(bpf_strtoul)
34 : __clobber_all);
35}
36
37SEC("socket")
38__description("ARG_PTR_TO_LONG half-uninitialized")
39/* in privileged mode reads from uninitialized stack locations are permitted */
40__success __failure_unpriv
41__msg_unpriv("invalid indirect read from stack R4 off -16+4 size 8")
42__retval(0)
43__naked void ptr_to_long_half_uninitialized(void)
44{
45 asm volatile (" \
46 /* bpf_strtoul arg1 (buf) */ \
47 r7 = r10; \
48 r7 += -8; \
49 r0 = 0x00303036; \
50 *(u64*)(r7 + 0) = r0; \
51 r1 = r7; \
52 /* bpf_strtoul arg2 (buf_len) */ \
53 r2 = 4; \
54 /* bpf_strtoul arg3 (flags) */ \
55 r3 = 0; \
56 /* bpf_strtoul arg4 (res) */ \
57 r7 += -8; \
58 *(u32*)(r7 + 0) = r0; \
59 r4 = r7; \
60 /* bpf_strtoul() */ \
61 call %[bpf_strtoul]; \
62 r0 = 0; \
63 exit; \
64" :
65 : __imm(bpf_strtoul)
66 : __clobber_all);
67}
68
69SEC("cgroup/sysctl")
70__description("ARG_PTR_TO_LONG misaligned")
71__failure __msg("misaligned stack access off 0+-20+0 size 8")
72__naked void arg_ptr_to_long_misaligned(void)
73{
74 asm volatile (" \
75 /* bpf_strtoul arg1 (buf) */ \
76 r7 = r10; \
77 r7 += -8; \
78 r0 = 0x00303036; \
79 *(u64*)(r7 + 0) = r0; \
80 r1 = r7; \
81 /* bpf_strtoul arg2 (buf_len) */ \
82 r2 = 4; \
83 /* bpf_strtoul arg3 (flags) */ \
84 r3 = 0; \
85 /* bpf_strtoul arg4 (res) */ \
86 r7 += -12; \
87 r0 = 0; \
88 *(u32*)(r7 + 0) = r0; \
89 *(u64*)(r7 + 4) = r0; \
90 r4 = r7; \
91 /* bpf_strtoul() */ \
92 call %[bpf_strtoul]; \
93 r0 = 1; \
94 exit; \
95" :
96 : __imm(bpf_strtoul)
97 : __clobber_all);
98}
99
100SEC("cgroup/sysctl")
101__description("ARG_PTR_TO_LONG size < sizeof(long)")
102__failure __msg("invalid indirect access to stack R4 off=-4 size=8")
103__naked void to_long_size_sizeof_long(void)
104{
105 asm volatile (" \
106 /* bpf_strtoul arg1 (buf) */ \
107 r7 = r10; \
108 r7 += -16; \
109 r0 = 0x00303036; \
110 *(u64*)(r7 + 0) = r0; \
111 r1 = r7; \
112 /* bpf_strtoul arg2 (buf_len) */ \
113 r2 = 4; \
114 /* bpf_strtoul arg3 (flags) */ \
115 r3 = 0; \
116 /* bpf_strtoul arg4 (res) */ \
117 r7 += 12; \
118 *(u32*)(r7 + 0) = r0; \
119 r4 = r7; \
120 /* bpf_strtoul() */ \
121 call %[bpf_strtoul]; \
122 r0 = 1; \
123 exit; \
124" :
125 : __imm(bpf_strtoul)
126 : __clobber_all);
127}
128
129SEC("cgroup/sysctl")
130__description("ARG_PTR_TO_LONG initialized")
131__success
132__naked void arg_ptr_to_long_initialized(void)
133{
134 asm volatile (" \
135 /* bpf_strtoul arg1 (buf) */ \
136 r7 = r10; \
137 r7 += -8; \
138 r0 = 0x00303036; \
139 *(u64*)(r7 + 0) = r0; \
140 r1 = r7; \
141 /* bpf_strtoul arg2 (buf_len) */ \
142 r2 = 4; \
143 /* bpf_strtoul arg3 (flags) */ \
144 r3 = 0; \
145 /* bpf_strtoul arg4 (res) */ \
146 r7 += -8; \
147 *(u64*)(r7 + 0) = r0; \
148 r4 = r7; \
149 /* bpf_strtoul() */ \
150 call %[bpf_strtoul]; \
151 r0 = 1; \
152 exit; \
153" :
154 : __imm(bpf_strtoul)
155 : __clobber_all);
156}
157
158char _license[] SEC("license") = "GPL";