verifier_int_ptr.c source code [linux/tools/testing/selftests/bpf/progs/verifier_int_ptr.c]

1	// SPDX-License-Identifier: GPL-2.0
2	/ Converted from tools/testing/selftests/bpf/verifier/int_ptr.c /
3
4	#include <linux/bpf.h>
5	#include <bpf/bpf_helpers.h>
6	#include "bpf_misc.h"
7
8	SEC("socket")
9	__description("ARG_PTR_TO_LONG uninitialized")
10	__success
11	__failure_unpriv __msg_unpriv("invalid indirect read from stack R4 off -16+0 size 8")
12	__naked void arg_ptr_to_long_uninitialized(void)
13	{
14	asm volatile (" \
15	/* bpf_strtoul arg1 (buf) */ \
16	r7 = r10; \
17	r7 += -8; \
18	r0 = 0x00303036; \
19	(u64)(r7 + 0) = r0; \
20	r1 = r7; \
21	/* bpf_strtoul arg2 (buf_len) */ \
22	r2 = 4; \
23	/* bpf_strtoul arg3 (flags) */ \
24	r3 = 0; \
25	/* bpf_strtoul arg4 (res) */ \
26	r7 += -8; \
27	r4 = r7; \
28	/* bpf_strtoul() */ \
29	call %[bpf_strtoul]; \
30	r0 = 1; \
31	exit; \
32	" :
33	: __imm(bpf_strtoul)
34	: __clobber_all);
35	}
36
37	SEC("socket")
38	__description("ARG_PTR_TO_LONG half-uninitialized")
39	/ in privileged mode reads from uninitialized stack locations are permitted /
40	__success __failure_unpriv
41	__msg_unpriv("invalid indirect read from stack R4 off -16+4 size 8")
42	__retval(`0`)
43	__naked void ptr_to_long_half_uninitialized(void)
44	{
45	asm volatile (" \
46	/* bpf_strtoul arg1 (buf) */ \
47	r7 = r10; \
48	r7 += -8; \
49	r0 = 0x00303036; \
50	(u64)(r7 + 0) = r0; \
51	r1 = r7; \
52	/* bpf_strtoul arg2 (buf_len) */ \
53	r2 = 4; \
54	/* bpf_strtoul arg3 (flags) */ \
55	r3 = 0; \
56	/* bpf_strtoul arg4 (res) */ \
57	r7 += -8; \
58	(u32)(r7 + 0) = r0; \
59	r4 = r7; \
60	/* bpf_strtoul() */ \
61	call %[bpf_strtoul]; \
62	r0 = 0; \
63	exit; \
64	" :
65	: __imm(bpf_strtoul)
66	: __clobber_all);
67	}
68
69	SEC("cgroup/sysctl")
70	__description("ARG_PTR_TO_LONG misaligned")
71	__failure __msg("misaligned stack access off 0+-20+0 size 8")
72	__naked void arg_ptr_to_long_misaligned(void)
73	{
74	asm volatile (" \
75	/* bpf_strtoul arg1 (buf) */ \
76	r7 = r10; \
77	r7 += -8; \
78	r0 = 0x00303036; \
79	(u64)(r7 + 0) = r0; \
80	r1 = r7; \
81	/* bpf_strtoul arg2 (buf_len) */ \
82	r2 = 4; \
83	/* bpf_strtoul arg3 (flags) */ \
84	r3 = 0; \
85	/* bpf_strtoul arg4 (res) */ \
86	r7 += -12; \
87	r0 = 0; \
88	(u32)(r7 + 0) = r0; \
89	(u64)(r7 + 4) = r0; \
90	r4 = r7; \
91	/* bpf_strtoul() */ \
92	call %[bpf_strtoul]; \
93	r0 = 1; \
94	exit; \
95	" :
96	: __imm(bpf_strtoul)
97	: __clobber_all);
98	}
99
100	SEC("cgroup/sysctl")
101	__description("ARG_PTR_TO_LONG size < sizeof(long)")
102	__failure __msg("invalid indirect access to stack R4 off=-4 size=8")
103	__naked void to_long_size_sizeof_long(void)
104	{
105	asm volatile (" \
106	/* bpf_strtoul arg1 (buf) */ \
107	r7 = r10; \
108	r7 += -16; \
109	r0 = 0x00303036; \
110	(u64)(r7 + 0) = r0; \
111	r1 = r7; \
112	/* bpf_strtoul arg2 (buf_len) */ \
113	r2 = 4; \
114	/* bpf_strtoul arg3 (flags) */ \
115	r3 = 0; \
116	/* bpf_strtoul arg4 (res) */ \
117	r7 += 12; \
118	(u32)(r7 + 0) = r0; \
119	r4 = r7; \
120	/* bpf_strtoul() */ \
121	call %[bpf_strtoul]; \
122	r0 = 1; \
123	exit; \
124	" :
125	: __imm(bpf_strtoul)
126	: __clobber_all);
127	}
128
129	SEC("cgroup/sysctl")
130	__description("ARG_PTR_TO_LONG initialized")
131	__success
132	__naked void arg_ptr_to_long_initialized(void)
133	{
134	asm volatile (" \
135	/* bpf_strtoul arg1 (buf) */ \
136	r7 = r10; \
137	r7 += -8; \
138	r0 = 0x00303036; \
139	(u64)(r7 + 0) = r0; \
140	r1 = r7; \
141	/* bpf_strtoul arg2 (buf_len) */ \
142	r2 = 4; \
143	/* bpf_strtoul arg3 (flags) */ \
144	r3 = 0; \
145	/* bpf_strtoul arg4 (res) */ \
146	r7 += -8; \
147	(u64)(r7 + 0) = r0; \
148	r4 = r7; \
149	/* bpf_strtoul() */ \
150	call %[bpf_strtoul]; \
151	r0 = 1; \
152	exit; \
153	" :
154	: __imm(bpf_strtoul)
155	: __clobber_all);
156	}
157
158	char _license[] SEC("license") = "GPL";
159

source code of linux/tools/testing/selftests/bpf/progs/verifier_int_ptr.c