tools/testing/selftests/bpf/progs/verifier_and.c

   1 // SPDX-License-Identifier: GPL-2.0
   2 /* Converted from tools/testing/selftests/bpf/verifier/and.c */
   3
   4 #include <linux/bpf.h>
   5 #include <bpf/bpf_helpers.h>
   6 #include "bpf_misc.h"
   7
   8 #define MAX_ENTRIES 11
   9
  10 struct test_val {
  11         unsigned int index;
  12         int foo[MAX_ENTRIES];
  13 };
  14
  15 struct {
  16         __uint(type, BPF_MAP_TYPE_HASH);
  17         __uint(max_entries, 1);
  18         __type(key, long long);
  19         __type(value, struct test_val);
  20 } map_hash_48b SEC(".maps");
  21
  22 SEC("socket")
  23 __description("invalid and of negative number")
  24 __failure __msg("R0 max value is outside of the allowed memory range")
  25 __failure_unpriv
  26 __flag(BPF_F_ANY_ALIGNMENT)
  27 __naked void invalid_and_of_negative_number(void)
  28 {
  29         asm volatile ("                                 \
  30         r1 = 0;                                         \
  31         *(u64*)(r10 - 8) = r1;                          \
  32         r2 = r10;                                       \
  33         r2 += -8;                                       \
  34         r1 = %[map_hash_48b] ll;                        \
  35         call %[bpf_map_lookup_elem];                    \
  36         if r0 == 0 goto l0_%=;                          \
  37         r1 = *(u8*)(r0 + 0);                            \
  38         r1 &= -4;                                       \
  39         r1 <<= 2;                                       \
  40         r0 += r1;                                       \
  41 l0_%=:  r1 = %[test_val_foo];                           \
  42         *(u64*)(r0 + 0) = r1;                           \
  43         exit;                                           \
  44 "       :
  45         : __imm(bpf_map_lookup_elem),
  46           __imm_addr(map_hash_48b),
  47           __imm_const(test_val_foo, offsetof(struct test_val, foo))
  48         : __clobber_all);
  49 }
  50
  51 SEC("socket")
  52 __description("invalid range check")
  53 __failure __msg("R0 max value is outside of the allowed memory range")
  54 __failure_unpriv
  55 __flag(BPF_F_ANY_ALIGNMENT)
  56 __naked void invalid_range_check(void)
  57 {
  58         asm volatile ("                                 \
  59         r1 = 0;                                         \
  60         *(u64*)(r10 - 8) = r1;                          \
  61         r2 = r10;                                       \
  62         r2 += -8;                                       \
  63         r1 = %[map_hash_48b] ll;                        \
  64         call %[bpf_map_lookup_elem];                    \
  65         if r0 == 0 goto l0_%=;                          \
  66         r1 = *(u32*)(r0 + 0);                           \
  67         r9 = 1;                                         \
  68         w1 %%= 2;                                       \
  69         w1 += 1;                                        \
  70         w9 &= w1;                                       \
  71         w9 += 1;                                        \
  72         w9 >>= 1;                                       \
  73         w3 = 1;                                         \
  74         w3 -= w9;                                       \
  75         w3 *= 0x10000000;                               \
  76         r0 += r3;                                       \
  77         *(u32*)(r0 + 0) = r3;                           \
  78 l0_%=:  r0 = r0;                                        \
  79         exit;                                           \
  80 "       :
  81         : __imm(bpf_map_lookup_elem),
  82           __imm_addr(map_hash_48b)
  83         : __clobber_all);
  84 }
  85
  86 SEC("socket")
  87 __description("check known subreg with unknown reg")
  88 __success __failure_unpriv __msg_unpriv("R1 !read_ok")
  89 __retval(0)
  90 __naked void known_subreg_with_unknown_reg(void)
  91 {
  92         asm volatile ("                                 \
  93         call %[bpf_get_prandom_u32];                    \
  94         r0 <<= 32;                                      \
  95         r0 += 1;                                        \
  96         r0 &= 0xFFFF1234;                               \
  97         /* Upper bits are unknown but AND above masks out 1 zero'ing lower bits */\
  98         if w0 < 1 goto l0_%=;                           \
  99         r1 = *(u32*)(r1 + 512);                         \
 100 l0_%=:  r0 = 0;                                         \
 101         exit;                                           \
 102 "       :
 103         : __imm(bpf_get_prandom_u32)
 104         : __clobber_all);
 105 }
 106
 107 char _license[] SEC("license") = "GPL";