1 // SPDX-License-Identifier: GPL-2.0 2 /* Converted from tools/testing/selftests/bpf/verifier/int_ptr.c */ 3 4 #include <linux/bpf.h> 5 #include <bpf/bpf_helpers.h> 6 #include "bpf_misc.h" 7 8 SEC("socket") 9 __description("ARG_PTR_TO_LONG uninitialized") 10 __success 11 __naked void arg_ptr_to_long_uninitialized(void) 12 { 13 asm volatile (" \ 14 /* bpf_strtoul arg1 (buf) */ \ 15 r7 = r10; \ 16 r7 += -8; \ 17 r0 = 0x00303036; \ 18 *(u64*)(r7 + 0) = r0; \ 19 r1 = r7; \ 20 /* bpf_strtoul arg2 (buf_len) */ \ 21 r2 = 4; \ 22 /* bpf_strtoul arg3 (flags) */ \ 23 r3 = 0; \ 24 /* bpf_strtoul arg4 (res) */ \ 25 r7 += -8; \ 26 r4 = r7; \ 27 /* bpf_strtoul() */ \ 28 call %[bpf_strtoul]; \ 29 r0 = 1; \ 30 exit; \ 31 " : 32 : __imm(bpf_strtoul) 33 : __clobber_all); 34 } 35 36 SEC("socket") 37 __description("ARG_PTR_TO_LONG half-uninitialized") 38 __success 39 __retval(0) 40 __naked void ptr_to_long_half_uninitialized(void) 41 { 42 asm volatile (" \ 43 /* bpf_strtoul arg1 (buf) */ \ 44 r7 = r10; \ 45 r7 += -8; \ 46 r0 = 0x00303036; \ 47 *(u64*)(r7 + 0) = r0; \ 48 r1 = r7; \ 49 /* bpf_strtoul arg2 (buf_len) */ \ 50 r2 = 4; \ 51 /* bpf_strtoul arg3 (flags) */ \ 52 r3 = 0; \ 53 /* bpf_strtoul arg4 (res) */ \ 54 r7 += -8; \ 55 *(u32*)(r7 + 0) = r0; \ 56 r4 = r7; \ 57 /* bpf_strtoul() */ \ 58 call %[bpf_strtoul]; \ 59 r0 = 0; \ 60 exit; \ 61 " : 62 : __imm(bpf_strtoul) 63 : __clobber_all); 64 } 65 66 SEC("cgroup/sysctl") 67 __description("ARG_PTR_TO_LONG misaligned") 68 __failure __msg("misaligned stack access off (0x0; 0x0)+-20+0 size 8") 69 __naked void arg_ptr_to_long_misaligned(void) 70 { 71 asm volatile (" \ 72 /* bpf_strtoul arg1 (buf) */ \ 73 r7 = r10; \ 74 r7 += -8; \ 75 r0 = 0x00303036; \ 76 *(u64*)(r7 + 0) = r0; \ 77 r1 = r7; \ 78 /* bpf_strtoul arg2 (buf_len) */ \ 79 r2 = 4; \ 80 /* bpf_strtoul arg3 (flags) */ \ 81 r3 = 0; \ 82 /* bpf_strtoul arg4 (res) */ \ 83 r7 += -12; \ 84 r0 = 0; \ 85 *(u32*)(r7 + 0) = r0; \ 86 *(u64*)(r7 + 4) = r0; \ 87 r4 = r7; \ 88 /* bpf_strtoul() */ \ 89 call %[bpf_strtoul]; \ 90 r0 = 1; \ 91 exit; \ 92 " : 93 : __imm(bpf_strtoul) 94 : __clobber_all); 95 } 96 97 SEC("cgroup/sysctl") 98 __description("ARG_PTR_TO_LONG size < sizeof(long)") 99 __failure __msg("invalid indirect access to stack R4 off=-4 size=8") 100 __naked void to_long_size_sizeof_long(void) 101 { 102 asm volatile (" \ 103 /* bpf_strtoul arg1 (buf) */ \ 104 r7 = r10; \ 105 r7 += -16; \ 106 r0 = 0x00303036; \ 107 *(u64*)(r7 + 0) = r0; \ 108 r1 = r7; \ 109 /* bpf_strtoul arg2 (buf_len) */ \ 110 r2 = 4; \ 111 /* bpf_strtoul arg3 (flags) */ \ 112 r3 = 0; \ 113 /* bpf_strtoul arg4 (res) */ \ 114 r7 += 12; \ 115 *(u32*)(r7 + 0) = r0; \ 116 r4 = r7; \ 117 /* bpf_strtoul() */ \ 118 call %[bpf_strtoul]; \ 119 r0 = 1; \ 120 exit; \ 121 " : 122 : __imm(bpf_strtoul) 123 : __clobber_all); 124 } 125 126 SEC("cgroup/sysctl") 127 __description("ARG_PTR_TO_LONG initialized") 128 __success 129 __naked void arg_ptr_to_long_initialized(void) 130 { 131 asm volatile (" \ 132 /* bpf_strtoul arg1 (buf) */ \ 133 r7 = r10; \ 134 r7 += -8; \ 135 r0 = 0x00303036; \ 136 *(u64*)(r7 + 0) = r0; \ 137 r1 = r7; \ 138 /* bpf_strtoul arg2 (buf_len) */ \ 139 r2 = 4; \ 140 /* bpf_strtoul arg3 (flags) */ \ 141 r3 = 0; \ 142 /* bpf_strtoul arg4 (res) */ \ 143 r7 += -8; \ 144 *(u64*)(r7 + 0) = r0; \ 145 r4 = r7; \ 146 /* bpf_strtoul() */ \ 147 call %[bpf_strtoul]; \ 148 r0 = 1; \ 149 exit; \ 150 " : 151 : __imm(bpf_strtoul) 152 : __clobber_all); 153 } 154 155 char _license[] SEC("license") = "GPL"; 156