1*ab839a58SEduard Zingerman // SPDX-License-Identifier: GPL-2.0 2*ab839a58SEduard Zingerman /* Converted from tools/testing/selftests/bpf/verifier/uninit.c */ 3*ab839a58SEduard Zingerman 4*ab839a58SEduard Zingerman #include <linux/bpf.h> 5*ab839a58SEduard Zingerman #include <bpf/bpf_helpers.h> 6*ab839a58SEduard Zingerman #include "../../../include/linux/filter.h" 7*ab839a58SEduard Zingerman #include "bpf_misc.h" 8*ab839a58SEduard Zingerman 9*ab839a58SEduard Zingerman SEC("socket") 10*ab839a58SEduard Zingerman __description("read uninitialized register") 11*ab839a58SEduard Zingerman __failure __msg("R2 !read_ok") 12*ab839a58SEduard Zingerman __failure_unpriv read_uninitialized_register(void)13*ab839a58SEduard Zingerman__naked void read_uninitialized_register(void) 14*ab839a58SEduard Zingerman { 15*ab839a58SEduard Zingerman asm volatile (" \ 16*ab839a58SEduard Zingerman r0 = r2; \ 17*ab839a58SEduard Zingerman exit; \ 18*ab839a58SEduard Zingerman " ::: __clobber_all); 19*ab839a58SEduard Zingerman } 20*ab839a58SEduard Zingerman 21*ab839a58SEduard Zingerman SEC("socket") 22*ab839a58SEduard Zingerman __description("read invalid register") 23*ab839a58SEduard Zingerman __failure __msg("R15 is invalid") 24*ab839a58SEduard Zingerman __failure_unpriv read_invalid_register(void)25*ab839a58SEduard Zingerman__naked void read_invalid_register(void) 26*ab839a58SEduard Zingerman { 27*ab839a58SEduard Zingerman asm volatile (" \ 28*ab839a58SEduard Zingerman .8byte %[mov64_reg]; \ 29*ab839a58SEduard Zingerman exit; \ 30*ab839a58SEduard Zingerman " : 31*ab839a58SEduard Zingerman : __imm_insn(mov64_reg, BPF_MOV64_REG(BPF_REG_0, -1)) 32*ab839a58SEduard Zingerman : __clobber_all); 33*ab839a58SEduard Zingerman } 34*ab839a58SEduard Zingerman 35*ab839a58SEduard Zingerman SEC("socket") 36*ab839a58SEduard Zingerman __description("program doesn't init R0 before exit") 37*ab839a58SEduard Zingerman __failure __msg("R0 !read_ok") 38*ab839a58SEduard Zingerman __failure_unpriv t_init_r0_before_exit(void)39*ab839a58SEduard Zingerman__naked void t_init_r0_before_exit(void) 40*ab839a58SEduard Zingerman { 41*ab839a58SEduard Zingerman asm volatile (" \ 42*ab839a58SEduard Zingerman r2 = r1; \ 43*ab839a58SEduard Zingerman exit; \ 44*ab839a58SEduard Zingerman " ::: __clobber_all); 45*ab839a58SEduard Zingerman } 46*ab839a58SEduard Zingerman 47*ab839a58SEduard Zingerman SEC("socket") 48*ab839a58SEduard Zingerman __description("program doesn't init R0 before exit in all branches") 49*ab839a58SEduard Zingerman __failure __msg("R0 !read_ok") 50*ab839a58SEduard Zingerman __msg_unpriv("R1 pointer comparison") before_exit_in_all_branches(void)51*ab839a58SEduard Zingerman__naked void before_exit_in_all_branches(void) 52*ab839a58SEduard Zingerman { 53*ab839a58SEduard Zingerman asm volatile (" \ 54*ab839a58SEduard Zingerman if r1 >= 0 goto l0_%=; \ 55*ab839a58SEduard Zingerman r0 = 1; \ 56*ab839a58SEduard Zingerman r0 += 2; \ 57*ab839a58SEduard Zingerman l0_%=: exit; \ 58*ab839a58SEduard Zingerman " ::: __clobber_all); 59*ab839a58SEduard Zingerman } 60*ab839a58SEduard Zingerman 61*ab839a58SEduard Zingerman char _license[] SEC("license") = "GPL"; 62