1// SPDX-License-Identifier: GPL-2.0 2/* Converted from tools/testing/selftests/bpf/verifier/int_ptr.c */ 3 4#include <linux/bpf.h> 5#include <bpf/bpf_helpers.h> 6#include "bpf_misc.h" 7 8SEC("socket") 9__description("ARG_PTR_TO_LONG uninitialized") 10__success 11__failure_unpriv __msg_unpriv("invalid indirect read from stack R4 off -16+0 size 8") 12__naked void arg_ptr_to_long_uninitialized(void) 13{ 14 asm volatile (" \ 15 /* bpf_strtoul arg1 (buf) */ \ 16 r7 = r10; \ 17 r7 += -8; \ 18 r0 = 0x00303036; \ 19 *(u64*)(r7 + 0) = r0; \ 20 r1 = r7; \ 21 /* bpf_strtoul arg2 (buf_len) */ \ 22 r2 = 4; \ 23 /* bpf_strtoul arg3 (flags) */ \ 24 r3 = 0; \ 25 /* bpf_strtoul arg4 (res) */ \ 26 r7 += -8; \ 27 r4 = r7; \ 28 /* bpf_strtoul() */ \ 29 call %[bpf_strtoul]; \ 30 r0 = 1; \ 31 exit; \ 32" : 33 : __imm(bpf_strtoul) 34 : __clobber_all); 35} 36 37SEC("socket") 38__description("ARG_PTR_TO_LONG half-uninitialized") 39/* in privileged mode reads from uninitialized stack locations are permitted */ 40__success __failure_unpriv 41__msg_unpriv("invalid indirect read from stack R4 off -16+4 size 8") 42__retval(0) 43__naked void ptr_to_long_half_uninitialized(void) 44{ 45 asm volatile (" \ 46 /* bpf_strtoul arg1 (buf) */ \ 47 r7 = r10; \ 48 r7 += -8; \ 49 r0 = 0x00303036; \ 50 *(u64*)(r7 + 0) = r0; \ 51 r1 = r7; \ 52 /* bpf_strtoul arg2 (buf_len) */ \ 53 r2 = 4; \ 54 /* bpf_strtoul arg3 (flags) */ \ 55 r3 = 0; \ 56 /* bpf_strtoul arg4 (res) */ \ 57 r7 += -8; \ 58 *(u32*)(r7 + 0) = r0; \ 59 r4 = r7; \ 60 /* bpf_strtoul() */ \ 61 call %[bpf_strtoul]; \ 62 r0 = 0; \ 63 exit; \ 64" : 65 : __imm(bpf_strtoul) 66 : __clobber_all); 67} 68 69SEC("cgroup/sysctl") 70__description("ARG_PTR_TO_LONG misaligned") 71__failure __msg("misaligned stack access off 0+-20+0 size 8") 72__naked void arg_ptr_to_long_misaligned(void) 73{ 74 asm volatile (" \ 75 /* bpf_strtoul arg1 (buf) */ \ 76 r7 = r10; \ 77 r7 += -8; \ 78 r0 = 0x00303036; \ 79 *(u64*)(r7 + 0) = r0; \ 80 r1 = r7; \ 81 /* bpf_strtoul arg2 (buf_len) */ \ 82 r2 = 4; \ 83 /* bpf_strtoul arg3 (flags) */ \ 84 r3 = 0; \ 85 /* bpf_strtoul arg4 (res) */ \ 86 r7 += -12; \ 87 r0 = 0; \ 88 *(u32*)(r7 + 0) = r0; \ 89 *(u64*)(r7 + 4) = r0; \ 90 r4 = r7; \ 91 /* bpf_strtoul() */ \ 92 call %[bpf_strtoul]; \ 93 r0 = 1; \ 94 exit; \ 95" : 96 : __imm(bpf_strtoul) 97 : __clobber_all); 98} 99 100SEC("cgroup/sysctl") 101__description("ARG_PTR_TO_LONG size < sizeof(long)") 102__failure __msg("invalid indirect access to stack R4 off=-4 size=8") 103__naked void to_long_size_sizeof_long(void) 104{ 105 asm volatile (" \ 106 /* bpf_strtoul arg1 (buf) */ \ 107 r7 = r10; \ 108 r7 += -16; \ 109 r0 = 0x00303036; \ 110 *(u64*)(r7 + 0) = r0; \ 111 r1 = r7; \ 112 /* bpf_strtoul arg2 (buf_len) */ \ 113 r2 = 4; \ 114 /* bpf_strtoul arg3 (flags) */ \ 115 r3 = 0; \ 116 /* bpf_strtoul arg4 (res) */ \ 117 r7 += 12; \ 118 *(u32*)(r7 + 0) = r0; \ 119 r4 = r7; \ 120 /* bpf_strtoul() */ \ 121 call %[bpf_strtoul]; \ 122 r0 = 1; \ 123 exit; \ 124" : 125 : __imm(bpf_strtoul) 126 : __clobber_all); 127} 128 129SEC("cgroup/sysctl") 130__description("ARG_PTR_TO_LONG initialized") 131__success 132__naked void arg_ptr_to_long_initialized(void) 133{ 134 asm volatile (" \ 135 /* bpf_strtoul arg1 (buf) */ \ 136 r7 = r10; \ 137 r7 += -8; \ 138 r0 = 0x00303036; \ 139 *(u64*)(r7 + 0) = r0; \ 140 r1 = r7; \ 141 /* bpf_strtoul arg2 (buf_len) */ \ 142 r2 = 4; \ 143 /* bpf_strtoul arg3 (flags) */ \ 144 r3 = 0; \ 145 /* bpf_strtoul arg4 (res) */ \ 146 r7 += -8; \ 147 *(u64*)(r7 + 0) = r0; \ 148 r4 = r7; \ 149 /* bpf_strtoul() */ \ 150 call %[bpf_strtoul]; \ 151 r0 = 1; \ 152 exit; \ 153" : 154 : __imm(bpf_strtoul) 155 : __clobber_all); 156} 157 158char _license[] SEC("license") = "GPL"; 159