1 // SPDX-License-Identifier: GPL-2.0
2 /* Converted from tools/testing/selftests/bpf/verifier/int_ptr.c */
3 
4 #include <linux/bpf.h>
5 #include <bpf/bpf_helpers.h>
6 #include "bpf_misc.h"
7 
8 SEC("socket")
9 __description("ARG_PTR_TO_LONG uninitialized")
10 __success
11 __naked void arg_ptr_to_long_uninitialized(void)
12 {
13 	asm volatile ("					\
14 	/* bpf_strtoul arg1 (buf) */			\
15 	r7 = r10;					\
16 	r7 += -8;					\
17 	r0 = 0x00303036;				\
18 	*(u64*)(r7 + 0) = r0;				\
19 	r1 = r7;					\
20 	/* bpf_strtoul arg2 (buf_len) */		\
21 	r2 = 4;						\
22 	/* bpf_strtoul arg3 (flags) */			\
23 	r3 = 0;						\
24 	/* bpf_strtoul arg4 (res) */			\
25 	r7 += -8;					\
26 	r4 = r7;					\
27 	/* bpf_strtoul() */				\
28 	call %[bpf_strtoul];				\
29 	r0 = 1;						\
30 	exit;						\
31 "	:
32 	: __imm(bpf_strtoul)
33 	: __clobber_all);
34 }
35 
36 SEC("socket")
37 __description("ARG_PTR_TO_LONG half-uninitialized")
38 __success
39 __retval(0)
40 __naked void ptr_to_long_half_uninitialized(void)
41 {
42 	asm volatile ("					\
43 	/* bpf_strtoul arg1 (buf) */			\
44 	r7 = r10;					\
45 	r7 += -8;					\
46 	r0 = 0x00303036;				\
47 	*(u64*)(r7 + 0) = r0;				\
48 	r1 = r7;					\
49 	/* bpf_strtoul arg2 (buf_len) */		\
50 	r2 = 4;						\
51 	/* bpf_strtoul arg3 (flags) */			\
52 	r3 = 0;						\
53 	/* bpf_strtoul arg4 (res) */			\
54 	r7 += -8;					\
55 	*(u32*)(r7 + 0) = r0;				\
56 	r4 = r7;					\
57 	/* bpf_strtoul() */				\
58 	call %[bpf_strtoul];				\
59 	r0 = 0;						\
60 	exit;						\
61 "	:
62 	: __imm(bpf_strtoul)
63 	: __clobber_all);
64 }
65 
66 SEC("cgroup/sysctl")
67 __description("ARG_PTR_TO_LONG misaligned")
68 __failure __msg("misaligned stack access off (0x0; 0x0)+-20+0 size 8")
69 __naked void arg_ptr_to_long_misaligned(void)
70 {
71 	asm volatile ("					\
72 	/* bpf_strtoul arg1 (buf) */			\
73 	r7 = r10;					\
74 	r7 += -8;					\
75 	r0 = 0x00303036;				\
76 	*(u64*)(r7 + 0) = r0;				\
77 	r1 = r7;					\
78 	/* bpf_strtoul arg2 (buf_len) */		\
79 	r2 = 4;						\
80 	/* bpf_strtoul arg3 (flags) */			\
81 	r3 = 0;						\
82 	/* bpf_strtoul arg4 (res) */			\
83 	r7 += -12;					\
84 	r0 = 0;						\
85 	*(u32*)(r7 + 0) = r0;				\
86 	*(u64*)(r7 + 4) = r0;				\
87 	r4 = r7;					\
88 	/* bpf_strtoul() */				\
89 	call %[bpf_strtoul];				\
90 	r0 = 1;						\
91 	exit;						\
92 "	:
93 	: __imm(bpf_strtoul)
94 	: __clobber_all);
95 }
96 
97 SEC("cgroup/sysctl")
98 __description("ARG_PTR_TO_LONG size < sizeof(long)")
99 __failure __msg("invalid indirect access to stack R4 off=-4 size=8")
100 __naked void to_long_size_sizeof_long(void)
101 {
102 	asm volatile ("					\
103 	/* bpf_strtoul arg1 (buf) */			\
104 	r7 = r10;					\
105 	r7 += -16;					\
106 	r0 = 0x00303036;				\
107 	*(u64*)(r7 + 0) = r0;				\
108 	r1 = r7;					\
109 	/* bpf_strtoul arg2 (buf_len) */		\
110 	r2 = 4;						\
111 	/* bpf_strtoul arg3 (flags) */			\
112 	r3 = 0;						\
113 	/* bpf_strtoul arg4 (res) */			\
114 	r7 += 12;					\
115 	*(u32*)(r7 + 0) = r0;				\
116 	r4 = r7;					\
117 	/* bpf_strtoul() */				\
118 	call %[bpf_strtoul];				\
119 	r0 = 1;						\
120 	exit;						\
121 "	:
122 	: __imm(bpf_strtoul)
123 	: __clobber_all);
124 }
125 
126 SEC("cgroup/sysctl")
127 __description("ARG_PTR_TO_LONG initialized")
128 __success
129 __naked void arg_ptr_to_long_initialized(void)
130 {
131 	asm volatile ("					\
132 	/* bpf_strtoul arg1 (buf) */			\
133 	r7 = r10;					\
134 	r7 += -8;					\
135 	r0 = 0x00303036;				\
136 	*(u64*)(r7 + 0) = r0;				\
137 	r1 = r7;					\
138 	/* bpf_strtoul arg2 (buf_len) */		\
139 	r2 = 4;						\
140 	/* bpf_strtoul arg3 (flags) */			\
141 	r3 = 0;						\
142 	/* bpf_strtoul arg4 (res) */			\
143 	r7 += -8;					\
144 	*(u64*)(r7 + 0) = r0;				\
145 	r4 = r7;					\
146 	/* bpf_strtoul() */				\
147 	call %[bpf_strtoul];				\
148 	r0 = 1;						\
149 	exit;						\
150 "	:
151 	: __imm(bpf_strtoul)
152 	: __clobber_all);
153 }
154 
155 char _license[] SEC("license") = "GPL";
156