1*18cdc2b5SEduard Zingerman // SPDX-License-Identifier: GPL-2.0 2*18cdc2b5SEduard Zingerman /* Converted from tools/testing/selftests/bpf/verifier/raw_tp_writable.c */ 3*18cdc2b5SEduard Zingerman 4*18cdc2b5SEduard Zingerman #include <linux/bpf.h> 5*18cdc2b5SEduard Zingerman #include <bpf/bpf_helpers.h> 6*18cdc2b5SEduard Zingerman #include "bpf_misc.h" 7*18cdc2b5SEduard Zingerman 8*18cdc2b5SEduard Zingerman struct { 9*18cdc2b5SEduard Zingerman __uint(type, BPF_MAP_TYPE_HASH); 10*18cdc2b5SEduard Zingerman __uint(max_entries, 1); 11*18cdc2b5SEduard Zingerman __type(key, long long); 12*18cdc2b5SEduard Zingerman __type(value, long long); 13*18cdc2b5SEduard Zingerman } map_hash_8b SEC(".maps"); 14*18cdc2b5SEduard Zingerman 15*18cdc2b5SEduard Zingerman SEC("raw_tracepoint.w") 16*18cdc2b5SEduard Zingerman __description("raw_tracepoint_writable: reject variable offset") 17*18cdc2b5SEduard Zingerman __failure 18*18cdc2b5SEduard Zingerman __msg("R6 invalid variable buffer offset: off=0, var_off=(0x0; 0xffffffff)") __flag(BPF_F_ANY_ALIGNMENT)19*18cdc2b5SEduard Zingerman__flag(BPF_F_ANY_ALIGNMENT) 20*18cdc2b5SEduard Zingerman __naked void tracepoint_writable_reject_variable_offset(void) 21*18cdc2b5SEduard Zingerman { 22*18cdc2b5SEduard Zingerman asm volatile (" \ 23*18cdc2b5SEduard Zingerman /* r6 is our tp buffer */ \ 24*18cdc2b5SEduard Zingerman r6 = *(u64*)(r1 + 0); \ 25*18cdc2b5SEduard Zingerman r1 = %[map_hash_8b] ll; \ 26*18cdc2b5SEduard Zingerman /* move the key (== 0) to r10-8 */ \ 27*18cdc2b5SEduard Zingerman w0 = 0; \ 28*18cdc2b5SEduard Zingerman r2 = r10; \ 29*18cdc2b5SEduard Zingerman r2 += -8; \ 30*18cdc2b5SEduard Zingerman *(u64*)(r2 + 0) = r0; \ 31*18cdc2b5SEduard Zingerman /* lookup in the map */ \ 32*18cdc2b5SEduard Zingerman call %[bpf_map_lookup_elem]; \ 33*18cdc2b5SEduard Zingerman /* exit clean if null */ \ 34*18cdc2b5SEduard Zingerman if r0 != 0 goto l0_%=; \ 35*18cdc2b5SEduard Zingerman exit; \ 36*18cdc2b5SEduard Zingerman l0_%=: /* shift the buffer pointer to a variable location */\ 37*18cdc2b5SEduard Zingerman r0 = *(u32*)(r0 + 0); \ 38*18cdc2b5SEduard Zingerman r6 += r0; \ 39*18cdc2b5SEduard Zingerman /* clobber whatever's there */ \ 40*18cdc2b5SEduard Zingerman r7 = 4242; \ 41*18cdc2b5SEduard Zingerman *(u64*)(r6 + 0) = r7; \ 42*18cdc2b5SEduard Zingerman r0 = 0; \ 43*18cdc2b5SEduard Zingerman exit; \ 44*18cdc2b5SEduard Zingerman " : 45*18cdc2b5SEduard Zingerman : __imm(bpf_map_lookup_elem), 46*18cdc2b5SEduard Zingerman __imm_addr(map_hash_8b) 47*18cdc2b5SEduard Zingerman : __clobber_all); 48*18cdc2b5SEduard Zingerman } 49*18cdc2b5SEduard Zingerman 50*18cdc2b5SEduard Zingerman char _license[] SEC("license") = "GPL"; 51