Linux/tools/testing/selftests/bpf/progs/verifier_int

Version: ~ [ linux-6.11-rc3 ] ~ [ linux-6.10.4 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.45 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.104 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.164 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.223 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.281 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.319 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

1 // SPDX-License-Identifier: GPL-2.0 2 /* Converted from tools/testing/selftests/bpf/verifier/int_ptr.c */ 3 4 #include <linux/bpf.h> 5 #include <bpf/bpf_helpers.h> 6 #include "bpf_misc.h" 7 8 SEC("socket") 9 __description("ARG_PTR_TO_LONG uninitialized") 10 __success 11 __failure_unpriv __msg_unpriv("invalid indirect read from stack R4 off -16+0 size 8") 12 __naked void arg_ptr_to_long_uninitialized(void) 13 { 14 asm volatile (" \ 15 /* bpf_strtoul arg1 (buf) */ \ 16 r7 = r10; \ 17 r7 += -8; \ 18 r0 = 0x00303036; \ 19 *(u64*)(r7 + 0) = r0; \ 20 r1 = r7; \ 21 /* bpf_strtoul arg2 (buf_len) */ \ 22 r2 = 4; \ 23 /* bpf_strtoul arg3 (flags) */ \ 24 r3 = 0; \ 25 /* bpf_strtoul arg4 (res) */ \ 26 r7 += -8; \ 27 r4 = r7; \ 28 /* bpf_strtoul() */ \ 29 call %[bpf_strtoul]; \ 30 r0 = 1; \ 31 exit; \ 32 " : 33 : __imm(bpf_strtoul) 34 : __clobber_all); 35 } 36 37 SEC("socket") 38 __description("ARG_PTR_TO_LONG half-uninitialized") 39 /* in privileged mode reads from uninitialized stack locations are permitted */ 40 __success __failure_unpriv 41 __msg_unpriv("invalid indirect read from stack R4 off -16+4 size 8") 42 __retval(0) 43 __naked void ptr_to_long_half_uninitialized(void) 44 { 45 asm volatile (" \ 46 /* bpf_strtoul arg1 (buf) */ \ 47 r7 = r10; \ 48 r7 += -8; \ 49 r0 = 0x00303036; \ 50 *(u64*)(r7 + 0) = r0; \ 51 r1 = r7; \ 52 /* bpf_strtoul arg2 (buf_len) */ \ 53 r2 = 4; \ 54 /* bpf_strtoul arg3 (flags) */ \ 55 r3 = 0; \ 56 /* bpf_strtoul arg4 (res) */ \ 57 r7 += -8; \ 58 *(u32*)(r7 + 0) = r0; \ 59 r4 = r7; \ 60 /* bpf_strtoul() */ \ 61 call %[bpf_strtoul]; \ 62 r0 = 0; \ 63 exit; \ 64 " : 65 : __imm(bpf_strtoul) 66 : __clobber_all); 67 } 68 69 SEC("cgroup/sysctl") 70 __description("ARG_PTR_TO_LONG misaligned") 71 __failure __msg("misaligned stack access off 0+-20+0 size 8") 72 __naked void arg_ptr_to_long_misaligned(void) 73 { 74 asm volatile (" \ 75 /* bpf_strtoul arg1 (buf) */ \ 76 r7 = r10; \ 77 r7 += -8; \ 78 r0 = 0x00303036; \ 79 *(u64*)(r7 + 0) = r0; \ 80 r1 = r7; \ 81 /* bpf_strtoul arg2 (buf_len) */ \ 82 r2 = 4; \ 83 /* bpf_strtoul arg3 (flags) */ \ 84 r3 = 0; \ 85 /* bpf_strtoul arg4 (res) */ \ 86 r7 += -12; \ 87 r0 = 0; \ 88 *(u32*)(r7 + 0) = r0; \ 89 *(u64*)(r7 + 4) = r0; \ 90 r4 = r7; \ 91 /* bpf_strtoul() */ \ 92 call %[bpf_strtoul]; \ 93 r0 = 1; \ 94 exit; \ 95 " : 96 : __imm(bpf_strtoul) 97 : __clobber_all); 98 } 99 100 SEC("cgroup/sysctl") 101 __description("ARG_PTR_TO_LONG size < sizeof(long)") 102 __failure __msg("invalid indirect access to stack R4 off=-4 size=8") 103 __naked void to_long_size_sizeof_long(void) 104 { 105 asm volatile (" \ 106 /* bpf_strtoul arg1 (buf) */ \ 107 r7 = r10; \ 108 r7 += -16; \ 109 r0 = 0x00303036; \ 110 *(u64*)(r7 + 0) = r0; \ 111 r1 = r7; \ 112 /* bpf_strtoul arg2 (buf_len) */ \ 113 r2 = 4; \ 114 /* bpf_strtoul arg3 (flags) */ \ 115 r3 = 0; \ 116 /* bpf_strtoul arg4 (res) */ \ 117 r7 += 12; \ 118 *(u32*)(r7 + 0) = r0; \ 119 r4 = r7; \ 120 /* bpf_strtoul() */ \ 121 call %[bpf_strtoul]; \ 122 r0 = 1; \ 123 exit; \ 124 " : 125 : __imm(bpf_strtoul) 126 : __clobber_all); 127 } 128 129 SEC("cgroup/sysctl") 130 __description("ARG_PTR_TO_LONG initialized") 131 __success 132 __naked void arg_ptr_to_long_initialized(void) 133 { 134 asm volatile (" \ 135 /* bpf_strtoul arg1 (buf) */ \ 136 r7 = r10; \ 137 r7 += -8; \ 138 r0 = 0x00303036; \ 139 *(u64*)(r7 + 0) = r0; \ 140 r1 = r7; \ 141 /* bpf_strtoul arg2 (buf_len) */ \ 142 r2 = 4; \ 143 /* bpf_strtoul arg3 (flags) */ \ 144 r3 = 0; \ 145 /* bpf_strtoul arg4 (res) */ \ 146 r7 += -8; \ 147 *(u64*)(r7 + 0) = r0; \ 148 r4 = r7; \ 149 /* bpf_strtoul() */ \ 150 call %[bpf_strtoul]; \ 151 r0 = 1; \ 152 exit; \ 153 " : 154 : __imm(bpf_strtoul) 155 : __clobber_all); 156 } 157 158 char _license[] SEC("license") = "GPL"; 159

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference Linux/tools/testing/selftests/bpf/progs/verifier_int_ptr.c

TOMOYO Linux Cross Reference
Linux/tools/testing/selftests/bpf/progs/verifier_int_ptr.c