verifier_map_ret_val.c source code [linux/tools/testing/selftests/bpf/progs/verifier_map_ret_val.c]

1	// SPDX-License-Identifier: GPL-2.0
2	/ Converted from tools/testing/selftests/bpf/verifier/map_ret_val.c /
3
4	#include <linux/bpf.h>
5	#include <bpf/bpf_helpers.h>
6	#include "../../../include/linux/filter.h"
7	#include "bpf_misc.h"
8
9	struct {
10	__uint(type, BPF_MAP_TYPE_HASH);
11	__uint(max_entries, `1`);
12	__type(key, long long);
13	__type(value, long long);
14	} map_hash_8b SEC(".maps");
15
16	SEC("socket")
17	__description("invalid map_fd for function call")
18	__failure __msg("fd 0 is not pointing to valid bpf_map")
19	__failure_unpriv
20	__naked void map_fd_for_function_call(void)
21	{
22	asm volatile (" \
23	r2 = 0; \
24	(u64)(r10 - 8) = r2; \
25	r2 = r10; \
26	r2 += -8; \
27	.8byte %[ld_map_fd]; \
28	.8byte 0; \
29	call %[bpf_map_delete_elem]; \
30	exit; \
31	" :
32	: __imm(bpf_map_delete_elem),
33	__imm_insn(ld_map_fd, BPF_RAW_INSN(BPF_LD \| BPF_DW \| BPF_IMM, BPF_REG_1, BPF_PSEUDO_MAP_FD, `0`, `0`))
34	: __clobber_all);
35	}
36
37	SEC("socket")
38	__description("don't check return value before access")
39	__failure __msg("R0 invalid mem access 'map_value_or_null'")
40	__failure_unpriv
41	__naked void check_return_value_before_access(void)
42	{
43	asm volatile (" \
44	r1 = 0; \
45	(u64)(r10 - 8) = r1; \
46	r2 = r10; \
47	r2 += -8; \
48	r1 = %[map_hash_8b] ll; \
49	call %[bpf_map_lookup_elem]; \
50	r1 = 0; \
51	(u64)(r0 + 0) = r1; \
52	exit; \
53	" :
54	: __imm(bpf_map_lookup_elem),
55	__imm_addr(map_hash_8b)
56	: __clobber_all);
57	}
58
59	SEC("socket")
60	__description("access memory with incorrect alignment")
61	__failure __msg("misaligned value access")
62	__failure_unpriv
63	__flag(BPF_F_STRICT_ALIGNMENT)
64	__naked void access_memory_with_incorrect_alignment_1(void)
65	{
66	asm volatile (" \
67	r1 = 0; \
68	(u64)(r10 - 8) = r1; \
69	r2 = r10; \
70	r2 += -8; \
71	r1 = %[map_hash_8b] ll; \
72	call %[bpf_map_lookup_elem]; \
73	if r0 == 0 goto l0_%=; \
74	r1 = 0; \
75	(u64)(r0 + 4) = r1; \
76	l0_%=: exit; \
77	" :
78	: __imm(bpf_map_lookup_elem),
79	__imm_addr(map_hash_8b)
80	: __clobber_all);
81	}
82
83	SEC("socket")
84	__description("sometimes access memory with incorrect alignment")
85	__failure __msg("R0 invalid mem access")
86	__msg_unpriv("R0 leaks addr")
87	__flag(BPF_F_STRICT_ALIGNMENT)
88	__naked void access_memory_with_incorrect_alignment_2(void)
89	{
90	asm volatile (" \
91	r1 = 0; \
92	(u64)(r10 - 8) = r1; \
93	r2 = r10; \
94	r2 += -8; \
95	r1 = %[map_hash_8b] ll; \
96	call %[bpf_map_lookup_elem]; \
97	if r0 == 0 goto l0_%=; \
98	r1 = 0; \
99	(u64)(r0 + 0) = r1; \
100	exit; \
101	l0_%=: r1 = 1; \
102	(u64)(r0 + 0) = r1; \
103	exit; \
104	" :
105	: __imm(bpf_map_lookup_elem),
106	__imm_addr(map_hash_8b)
107	: __clobber_all);
108	}
109
110	char _license[] SEC("license") = "GPL";
111

source code of linux/tools/testing/selftests/bpf/progs/verifier_map_ret_val.c