11a24af65SEduard Zingerman { 21a24af65SEduard Zingerman "BPF_ST_MEM stack imm non-zero", 31a24af65SEduard Zingerman .insns = { 41a24af65SEduard Zingerman BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 42), 51a24af65SEduard Zingerman BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_10, -8), 61a24af65SEduard Zingerman BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, -42), 71a24af65SEduard Zingerman /* if value is tracked correctly R0 is zero */ 81a24af65SEduard Zingerman BPF_EXIT_INSN(), 91a24af65SEduard Zingerman }, 101a24af65SEduard Zingerman .result = ACCEPT, 111a24af65SEduard Zingerman /* Use prog type that requires return value in range [0, 1] */ 121a24af65SEduard Zingerman .prog_type = BPF_PROG_TYPE_SK_LOOKUP, 131a24af65SEduard Zingerman .expected_attach_type = BPF_SK_LOOKUP, 141a24af65SEduard Zingerman .runs = -1, 151a24af65SEduard Zingerman }, 161a24af65SEduard Zingerman { 171a24af65SEduard Zingerman "BPF_ST_MEM stack imm zero", 181a24af65SEduard Zingerman .insns = { 191a24af65SEduard Zingerman /* mark stack 0000 0000 */ 201a24af65SEduard Zingerman BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), 211a24af65SEduard Zingerman /* read and sum a few bytes */ 221a24af65SEduard Zingerman BPF_MOV64_IMM(BPF_REG_0, 0), 231a24af65SEduard Zingerman BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_10, -8), 241a24af65SEduard Zingerman BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_1), 251a24af65SEduard Zingerman BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_10, -4), 261a24af65SEduard Zingerman BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_1), 271a24af65SEduard Zingerman BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_10, -1), 281a24af65SEduard Zingerman BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_1), 291a24af65SEduard Zingerman /* if value is tracked correctly R0 is zero */ 301a24af65SEduard Zingerman BPF_EXIT_INSN(), 311a24af65SEduard Zingerman }, 321a24af65SEduard Zingerman .result = ACCEPT, 331a24af65SEduard Zingerman /* Use prog type that requires return value in range [0, 1] */ 341a24af65SEduard Zingerman .prog_type = BPF_PROG_TYPE_SK_LOOKUP, 351a24af65SEduard Zingerman .expected_attach_type = BPF_SK_LOOKUP, 361a24af65SEduard Zingerman .runs = -1, 371a24af65SEduard Zingerman }, 38*2a33c5a2SEduard Zingerman { 39*2a33c5a2SEduard Zingerman "BPF_ST_MEM stack imm zero, variable offset", 40*2a33c5a2SEduard Zingerman .insns = { 41*2a33c5a2SEduard Zingerman /* set fp[-16], fp[-24] to zeros */ 42*2a33c5a2SEduard Zingerman BPF_ST_MEM(BPF_DW, BPF_REG_10, -16, 0), 43*2a33c5a2SEduard Zingerman BPF_ST_MEM(BPF_DW, BPF_REG_10, -24, 0), 44*2a33c5a2SEduard Zingerman /* r0 = random value in range [-32, -15] */ 45*2a33c5a2SEduard Zingerman BPF_EMIT_CALL(BPF_FUNC_get_prandom_u32), 46*2a33c5a2SEduard Zingerman BPF_JMP_IMM(BPF_JLE, BPF_REG_0, 16, 2), 47*2a33c5a2SEduard Zingerman BPF_MOV64_IMM(BPF_REG_0, 0), 48*2a33c5a2SEduard Zingerman BPF_EXIT_INSN(), 49*2a33c5a2SEduard Zingerman BPF_ALU64_IMM(BPF_SUB, BPF_REG_0, 32), 50*2a33c5a2SEduard Zingerman /* fp[r0] = 0, make a variable offset write of zero, 51*2a33c5a2SEduard Zingerman * this should preserve zero marks on stack. 52*2a33c5a2SEduard Zingerman */ 53*2a33c5a2SEduard Zingerman BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_10), 54*2a33c5a2SEduard Zingerman BPF_ST_MEM(BPF_B, BPF_REG_0, 0, 0), 55*2a33c5a2SEduard Zingerman /* r0 = fp[-20], if variable offset write was tracked correctly 56*2a33c5a2SEduard Zingerman * r0 would be a known zero. 57*2a33c5a2SEduard Zingerman */ 58*2a33c5a2SEduard Zingerman BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_10, -20), 59*2a33c5a2SEduard Zingerman /* Would fail return code verification if r0 range is not tracked correctly. */ 60*2a33c5a2SEduard Zingerman BPF_EXIT_INSN(), 61*2a33c5a2SEduard Zingerman }, 62*2a33c5a2SEduard Zingerman .result = ACCEPT, 63*2a33c5a2SEduard Zingerman /* Use prog type that requires return value in range [0, 1] */ 64*2a33c5a2SEduard Zingerman .prog_type = BPF_PROG_TYPE_SK_LOOKUP, 65*2a33c5a2SEduard Zingerman .expected_attach_type = BPF_SK_LOOKUP, 66*2a33c5a2SEduard Zingerman .runs = -1, 67*2a33c5a2SEduard Zingerman }, 68