uninit_stack.c source code [linux/tools/testing/selftests/bpf/progs/uninit_stack.c]

1	// SPDX-License-Identifier: GPL-2.0
2
3	#include <linux/bpf.h>
4	#include <bpf/bpf_helpers.h>
5	#include "bpf_misc.h"
6
7	/ Read an uninitialized value from stack at a fixed offset /
8	SEC("socket")
9	__naked int read_uninit_stack_fixed_off(void *ctx)
10	{
11	asm volatile (" \
12	r0 = 0; \
13	/* force stack depth to be 128 */ \
14	(u64)(r10 - 128) = r1; \
15	r1 = (u8 )(r10 - 8 ); \
16	r0 += r1; \
17	r1 = (u8 )(r10 - 11); \
18	r1 = (u8 )(r10 - 13); \
19	r1 = (u8 )(r10 - 15); \
20	r1 = (u16)(r10 - 16); \
21	r1 = (u32)(r10 - 32); \
22	r1 = (u64)(r10 - 64); \
23	/* read from a spill of a wrong size, it is a separate \
24	* branch in check_stack_read_fixed_off() \
25	*/ \
26	(u32)(r10 - 72) = r1; \
27	r1 = (u64)(r10 - 72); \
28	r0 = 0; \
29	exit; \
30	"
31	::: __clobber_all);
32	}
33
34	/ Read an uninitialized value from stack at a variable offset /
35	SEC("socket")
36	__naked int read_uninit_stack_var_off(void *ctx)
37	{
38	asm volatile (" \
39	call %[bpf_get_prandom_u32]; \
40	/* force stack depth to be 64 */ \
41	(u64)(r10 - 64) = r0; \
42	r0 = -r0; \
43	/* give r0 a range [-31, -1] */ \
44	if r0 s<= -32 goto exit_%=; \
45	if r0 s>= 0 goto exit_%=; \
46	/* access stack using r0 */ \
47	r1 = r10; \
48	r1 += r0; \
49	r2 = (u8)(r1 + 0); \
50	exit_%=: r0 = 0; \
51	exit; \
52	"
53	:
54	: __imm(bpf_get_prandom_u32)
55	: __clobber_all);
56	}
57
58	static __noinline void dummy(void) {}
59
60	/ Pass a pointer to uninitialized stack memory to a helper.*
61	* Passed memory block should be marked as STACK_MISC after helper call.
62	*/
63	SEC("socket")
64	__log_level(`7`) __msg("fp-104=mmmmmmmm")
65	__naked int helper_uninit_to_misc(void *ctx)
66	{
67	asm volatile (" \
68	/* force stack depth to be 128 */ \
69	(u64)(r10 - 128) = r1; \
70	r1 = r10; \
71	r1 += -128; \
72	r2 = 32; \
73	call %[bpf_trace_printk]; \
74	/* Call to dummy() forces print_verifier_state(..., true), \
75	* thus showing the stack state, matched by __msg(). \
76	*/ \
77	call %[dummy]; \
78	r0 = 0; \
79	exit; \
80	"
81	:
82	: __imm(bpf_trace_printk),
83	__imm(dummy)
84	: __clobber_all);
85	}
86
87	char _license[] SEC("license") = "GPL";
88

source code of linux/tools/testing/selftests/bpf/progs/uninit_stack.c