1*84988478SEduard Zingerman // SPDX-License-Identifier: GPL-2.0 2*84988478SEduard Zingerman /* Converted from tools/testing/selftests/bpf/verifier/direct_stack_access_wraparound.c */ 3*84988478SEduard Zingerman 4*84988478SEduard Zingerman #include <linux/bpf.h> 5*84988478SEduard Zingerman #include <bpf/bpf_helpers.h> 6*84988478SEduard Zingerman #include "bpf_misc.h" 7*84988478SEduard Zingerman 8*84988478SEduard Zingerman SEC("socket") 9*84988478SEduard Zingerman __description("direct stack access with 32-bit wraparound. test1") 10*84988478SEduard Zingerman __failure __msg("fp pointer and 2147483647") 11*84988478SEduard Zingerman __failure_unpriv with_32_bit_wraparound_test1(void)12*84988478SEduard Zingerman__naked void with_32_bit_wraparound_test1(void) 13*84988478SEduard Zingerman { 14*84988478SEduard Zingerman asm volatile (" \ 15*84988478SEduard Zingerman r1 = r10; \ 16*84988478SEduard Zingerman r1 += 0x7fffffff; \ 17*84988478SEduard Zingerman r1 += 0x7fffffff; \ 18*84988478SEduard Zingerman w0 = 0; \ 19*84988478SEduard Zingerman *(u8*)(r1 + 0) = r0; \ 20*84988478SEduard Zingerman exit; \ 21*84988478SEduard Zingerman " ::: __clobber_all); 22*84988478SEduard Zingerman } 23*84988478SEduard Zingerman 24*84988478SEduard Zingerman SEC("socket") 25*84988478SEduard Zingerman __description("direct stack access with 32-bit wraparound. test2") 26*84988478SEduard Zingerman __failure __msg("fp pointer and 1073741823") 27*84988478SEduard Zingerman __failure_unpriv with_32_bit_wraparound_test2(void)28*84988478SEduard Zingerman__naked void with_32_bit_wraparound_test2(void) 29*84988478SEduard Zingerman { 30*84988478SEduard Zingerman asm volatile (" \ 31*84988478SEduard Zingerman r1 = r10; \ 32*84988478SEduard Zingerman r1 += 0x3fffffff; \ 33*84988478SEduard Zingerman r1 += 0x3fffffff; \ 34*84988478SEduard Zingerman w0 = 0; \ 35*84988478SEduard Zingerman *(u8*)(r1 + 0) = r0; \ 36*84988478SEduard Zingerman exit; \ 37*84988478SEduard Zingerman " ::: __clobber_all); 38*84988478SEduard Zingerman } 39*84988478SEduard Zingerman 40*84988478SEduard Zingerman SEC("socket") 41*84988478SEduard Zingerman __description("direct stack access with 32-bit wraparound. test3") 42*84988478SEduard Zingerman __failure __msg("fp pointer offset 1073741822") 43*84988478SEduard Zingerman __msg_unpriv("R1 stack pointer arithmetic goes out of range") with_32_bit_wraparound_test3(void)44*84988478SEduard Zingerman__naked void with_32_bit_wraparound_test3(void) 45*84988478SEduard Zingerman { 46*84988478SEduard Zingerman asm volatile (" \ 47*84988478SEduard Zingerman r1 = r10; \ 48*84988478SEduard Zingerman r1 += 0x1fffffff; \ 49*84988478SEduard Zingerman r1 += 0x1fffffff; \ 50*84988478SEduard Zingerman w0 = 0; \ 51*84988478SEduard Zingerman *(u8*)(r1 + 0) = r0; \ 52*84988478SEduard Zingerman exit; \ 53*84988478SEduard Zingerman " ::: __clobber_all); 54*84988478SEduard Zingerman } 55*84988478SEduard Zingerman 56*84988478SEduard Zingerman char _license[] SEC("license") = "GPL"; 57