tools/testing/selftests/bpf/progs/verifier_int_ptr.c

   1 // SPDX-License-Identifier: GPL-2.0
   2 /* Converted from tools/testing/selftests/bpf/verifier/int_ptr.c */
   3
   4 #include <linux/bpf.h>
   5 #include <bpf/bpf_helpers.h>
   6 #include "bpf_misc.h"
   7
   8 SEC("cgroup/sysctl")
   9 __description("ARG_PTR_TO_LONG uninitialized")
  10 __failure __msg("invalid indirect read from stack R4 off -16+0 size 8")
  11 __naked void arg_ptr_to_long_uninitialized(void)
  12 {
  13         asm volatile ("                                 \
  14         /* bpf_strtoul arg1 (buf) */                    \
  15         r7 = r10;                                       \
  16         r7 += -8;                                       \
  17         r0 = 0x00303036;                                \
  18         *(u64*)(r7 + 0) = r0;                           \
  19         r1 = r7;                                        \
  20         /* bpf_strtoul arg2 (buf_len) */                \
  21         r2 = 4;                                         \
  22         /* bpf_strtoul arg3 (flags) */                  \
  23         r3 = 0;                                         \
  24         /* bpf_strtoul arg4 (res) */                    \
  25         r7 += -8;                                       \
  26         r4 = r7;                                        \
  27         /* bpf_strtoul() */                             \
  28         call %[bpf_strtoul];                            \
  29         r0 = 1;                                         \
  30         exit;                                           \
  31 "       :
  32         : __imm(bpf_strtoul)
  33         : __clobber_all);
  34 }
  35
  36 SEC("socket")
  37 __description("ARG_PTR_TO_LONG half-uninitialized")
  38 /* in privileged mode reads from uninitialized stack locations are permitted */
  39 __success __failure_unpriv
  40 __msg_unpriv("invalid indirect read from stack R4 off -16+4 size 8")
  41 __retval(0)
  42 __naked void ptr_to_long_half_uninitialized(void)
  43 {
  44         asm volatile ("                                 \
  45         /* bpf_strtoul arg1 (buf) */                    \
  46         r7 = r10;                                       \
  47         r7 += -8;                                       \
  48         r0 = 0x00303036;                                \
  49         *(u64*)(r7 + 0) = r0;                           \
  50         r1 = r7;                                        \
  51         /* bpf_strtoul arg2 (buf_len) */                \
  52         r2 = 4;                                         \
  53         /* bpf_strtoul arg3 (flags) */                  \
  54         r3 = 0;                                         \
  55         /* bpf_strtoul arg4 (res) */                    \
  56         r7 += -8;                                       \
  57         *(u32*)(r7 + 0) = r0;                           \
  58         r4 = r7;                                        \
  59         /* bpf_strtoul() */                             \
  60         call %[bpf_strtoul];                            \
  61         r0 = 0;                                         \
  62         exit;                                           \
  63 "       :
  64         : __imm(bpf_strtoul)
  65         : __clobber_all);
  66 }
  67
  68 SEC("cgroup/sysctl")
  69 __description("ARG_PTR_TO_LONG misaligned")
  70 __failure __msg("misaligned stack access off (0x0; 0x0)+-20+0 size 8")
  71 __naked void arg_ptr_to_long_misaligned(void)
  72 {
  73         asm volatile ("                                 \
  74         /* bpf_strtoul arg1 (buf) */                    \
  75         r7 = r10;                                       \
  76         r7 += -8;                                       \
  77         r0 = 0x00303036;                                \
  78         *(u64*)(r7 + 0) = r0;                           \
  79         r1 = r7;                                        \
  80         /* bpf_strtoul arg2 (buf_len) */                \
  81         r2 = 4;                                         \
  82         /* bpf_strtoul arg3 (flags) */                  \
  83         r3 = 0;                                         \
  84         /* bpf_strtoul arg4 (res) */                    \
  85         r7 += -12;                                      \
  86         r0 = 0;                                         \
  87         *(u32*)(r7 + 0) = r0;                           \
  88         *(u64*)(r7 + 4) = r0;                           \
  89         r4 = r7;                                        \
  90         /* bpf_strtoul() */                             \
  91         call %[bpf_strtoul];                            \
  92         r0 = 1;                                         \
  93         exit;                                           \
  94 "       :
  95         : __imm(bpf_strtoul)
  96         : __clobber_all);
  97 }
  98
  99 SEC("cgroup/sysctl")
 100 __description("ARG_PTR_TO_LONG size < sizeof(long)")
 101 __failure __msg("invalid indirect access to stack R4 off=-4 size=8")
 102 __naked void to_long_size_sizeof_long(void)
 103 {
 104         asm volatile ("                                 \
 105         /* bpf_strtoul arg1 (buf) */                    \
 106         r7 = r10;                                       \
 107         r7 += -16;                                      \
 108         r0 = 0x00303036;                                \
 109         *(u64*)(r7 + 0) = r0;                           \
 110         r1 = r7;                                        \
 111         /* bpf_strtoul arg2 (buf_len) */                \
 112         r2 = 4;                                         \
 113         /* bpf_strtoul arg3 (flags) */                  \
 114         r3 = 0;                                         \
 115         /* bpf_strtoul arg4 (res) */                    \
 116         r7 += 12;                                       \
 117         *(u32*)(r7 + 0) = r0;                           \
 118         r4 = r7;                                        \
 119         /* bpf_strtoul() */                             \
 120         call %[bpf_strtoul];                            \
 121         r0 = 1;                                         \
 122         exit;                                           \
 123 "       :
 124         : __imm(bpf_strtoul)
 125         : __clobber_all);
 126 }
 127
 128 SEC("cgroup/sysctl")
 129 __description("ARG_PTR_TO_LONG initialized")
 130 __success
 131 __naked void arg_ptr_to_long_initialized(void)
 132 {
 133         asm volatile ("                                 \
 134         /* bpf_strtoul arg1 (buf) */                    \
 135         r7 = r10;                                       \
 136         r7 += -8;                                       \
 137         r0 = 0x00303036;                                \
 138         *(u64*)(r7 + 0) = r0;                           \
 139         r1 = r7;                                        \
 140         /* bpf_strtoul arg2 (buf_len) */                \
 141         r2 = 4;                                         \
 142         /* bpf_strtoul arg3 (flags) */                  \
 143         r3 = 0;                                         \
 144         /* bpf_strtoul arg4 (res) */                    \
 145         r7 += -8;                                       \
 146         *(u64*)(r7 + 0) = r0;                           \
 147         r4 = r7;                                        \
 148         /* bpf_strtoul() */                             \
 149         call %[bpf_strtoul];                            \
 150         r0 = 1;                                         \
 151         exit;                                           \
 152 "       :
 153         : __imm(bpf_strtoul)
 154         : __clobber_all);
 155 }
 156
 157 char _license[] SEC("license") = "GPL";