xref: /linux/tools/testing/selftests/bpf/progs/verifier_int_ptr.c (revision 03c11eb3b16dc0058589751dfd91f254be2be613) 
101481e67SEduard Zingerman // SPDX-License-Identifier: GPL-2.0
201481e67SEduard Zingerman /* Converted from tools/testing/selftests/bpf/verifier/int_ptr.c */
301481e67SEduard Zingerman 
401481e67SEduard Zingerman #include <linux/bpf.h>
501481e67SEduard Zingerman #include <bpf/bpf_helpers.h>
601481e67SEduard Zingerman #include "bpf_misc.h"
701481e67SEduard Zingerman 
8*6b4a64baSAndrei Matei SEC("socket")
901481e67SEduard Zingerman __description("arg pointer to long uninitialized")
10*6b4a64baSAndrei Matei __success
arg_ptr_to_long_uninitialized(void)11*6b4a64baSAndrei Matei __naked void arg_ptr_to_long_uninitialized(void)
1201481e67SEduard Zingerman {
1301481e67SEduard Zingerman 	asm volatile ("					\
1401481e67SEduard Zingerman 	/* bpf_strtoul arg1 (buf) */			\
1501481e67SEduard Zingerman 	r7 = r10;					\
1601481e67SEduard Zingerman 	r7 += -8;					\
1701481e67SEduard Zingerman 	r0 = 0x00303036;				\
1801481e67SEduard Zingerman 	*(u64*)(r7 + 0) = r0;				\
1901481e67SEduard Zingerman 	r1 = r7;					\
2001481e67SEduard Zingerman 	/* bpf_strtoul arg2 (buf_len) */		\
2101481e67SEduard Zingerman 	r2 = 4;						\
2201481e67SEduard Zingerman 	/* bpf_strtoul arg3 (flags) */			\
2301481e67SEduard Zingerman 	r3 = 0;						\
2401481e67SEduard Zingerman 	/* bpf_strtoul arg4 (res) */			\
2501481e67SEduard Zingerman 	r7 += -8;					\
2601481e67SEduard Zingerman 	r4 = r7;					\
2701481e67SEduard Zingerman 	/* bpf_strtoul() */				\
2801481e67SEduard Zingerman 	call %[bpf_strtoul];				\
2901481e67SEduard Zingerman 	r0 = 1;						\
3001481e67SEduard Zingerman 	exit;						\
3101481e67SEduard Zingerman "	:
3201481e67SEduard Zingerman 	: __imm(bpf_strtoul)
3301481e67SEduard Zingerman 	: __clobber_all);
3401481e67SEduard Zingerman }
3501481e67SEduard Zingerman 
3601481e67SEduard Zingerman SEC("socket")
3701481e67SEduard Zingerman __description("arg pointer to long half-uninitialized")
3801481e67SEduard Zingerman __success
3901481e67SEduard Zingerman __retval(0)
ptr_to_long_half_uninitialized(void)4001481e67SEduard Zingerman __naked void ptr_to_long_half_uninitialized(void)
4101481e67SEduard Zingerman {
4201481e67SEduard Zingerman 	asm volatile ("					\
4301481e67SEduard Zingerman 	/* bpf_strtoul arg1 (buf) */			\
4401481e67SEduard Zingerman 	r7 = r10;					\
4501481e67SEduard Zingerman 	r7 += -8;					\
4601481e67SEduard Zingerman 	r0 = 0x00303036;				\
4701481e67SEduard Zingerman 	*(u64*)(r7 + 0) = r0;				\
4801481e67SEduard Zingerman 	r1 = r7;					\
4901481e67SEduard Zingerman 	/* bpf_strtoul arg2 (buf_len) */		\
5001481e67SEduard Zingerman 	r2 = 4;						\
5101481e67SEduard Zingerman 	/* bpf_strtoul arg3 (flags) */			\
5201481e67SEduard Zingerman 	r3 = 0;						\
5301481e67SEduard Zingerman 	/* bpf_strtoul arg4 (res) */			\
5401481e67SEduard Zingerman 	r7 += -8;					\
5501481e67SEduard Zingerman 	*(u32*)(r7 + 0) = r0;				\
5601481e67SEduard Zingerman 	r4 = r7;					\
5701481e67SEduard Zingerman 	/* bpf_strtoul() */				\
5801481e67SEduard Zingerman 	call %[bpf_strtoul];				\
5901481e67SEduard Zingerman 	r0 = 0;						\
6001481e67SEduard Zingerman 	exit;						\
6101481e67SEduard Zingerman "	:
6201481e67SEduard Zingerman 	: __imm(bpf_strtoul)
6301481e67SEduard Zingerman 	: __clobber_all);
6401481e67SEduard Zingerman }
6501481e67SEduard Zingerman 
6601481e67SEduard Zingerman SEC("cgroup/sysctl")
6701481e67SEduard Zingerman __description("arg pointer to long misaligned")
6801481e67SEduard Zingerman __failure __msg("misaligned stack access off 0+-20+0 size 8")
arg_ptr_to_long_misaligned(void)6901481e67SEduard Zingerman __naked void arg_ptr_to_long_misaligned(void)
7001481e67SEduard Zingerman {
7181eff2e3SAndrii Nakryiko 	asm volatile ("					\
7201481e67SEduard Zingerman 	/* bpf_strtoul arg1 (buf) */			\
7301481e67SEduard Zingerman 	r7 = r10;					\
7401481e67SEduard Zingerman 	r7 += -8;					\
7501481e67SEduard Zingerman 	r0 = 0x00303036;				\
7601481e67SEduard Zingerman 	*(u64*)(r7 + 0) = r0;				\
7701481e67SEduard Zingerman 	r1 = r7;					\
7801481e67SEduard Zingerman 	/* bpf_strtoul arg2 (buf_len) */		\
7901481e67SEduard Zingerman 	r2 = 4;						\
8001481e67SEduard Zingerman 	/* bpf_strtoul arg3 (flags) */			\
8101481e67SEduard Zingerman 	r3 = 0;						\
8201481e67SEduard Zingerman 	/* bpf_strtoul arg4 (res) */			\
8301481e67SEduard Zingerman 	r7 += -12;					\
8401481e67SEduard Zingerman 	r0 = 0;						\
8501481e67SEduard Zingerman 	*(u32*)(r7 + 0) = r0;				\
8601481e67SEduard Zingerman 	*(u64*)(r7 + 4) = r0;				\
8701481e67SEduard Zingerman 	r4 = r7;					\
8801481e67SEduard Zingerman 	/* bpf_strtoul() */				\
8901481e67SEduard Zingerman 	call %[bpf_strtoul];				\
9001481e67SEduard Zingerman 	r0 = 1;						\
9101481e67SEduard Zingerman 	exit;						\
9201481e67SEduard Zingerman "	:
9301481e67SEduard Zingerman 	: __imm(bpf_strtoul)
9401481e67SEduard Zingerman 	: __clobber_all);
9501481e67SEduard Zingerman }
9601481e67SEduard Zingerman 
9701481e67SEduard Zingerman SEC("cgroup/sysctl")
9801481e67SEduard Zingerman __description("arg pointer to long size < sizeof(long)")
9901481e67SEduard Zingerman __failure __msg("invalid write to stack R4 off=-4 size=8")
to_long_size_sizeof_long(void)10001481e67SEduard Zingerman __naked void to_long_size_sizeof_long(void)
10101481e67SEduard Zingerman {
10201481e67SEduard Zingerman 	asm volatile ("					\
10301481e67SEduard Zingerman 	/* bpf_strtoul arg1 (buf) */			\
10401481e67SEduard Zingerman 	r7 = r10;					\
10501481e67SEduard Zingerman 	r7 += -16;					\
10601481e67SEduard Zingerman 	r0 = 0x00303036;				\
10701481e67SEduard Zingerman 	*(u64*)(r7 + 0) = r0;				\
10801481e67SEduard Zingerman 	r1 = r7;					\
10901481e67SEduard Zingerman 	/* bpf_strtoul arg2 (buf_len) */		\
11001481e67SEduard Zingerman 	r2 = 4;						\
11101481e67SEduard Zingerman 	/* bpf_strtoul arg3 (flags) */			\
11201481e67SEduard Zingerman 	r3 = 0;						\
11301481e67SEduard Zingerman 	/* bpf_strtoul arg4 (res) */			\
11401481e67SEduard Zingerman 	r7 += 12;					\
11501481e67SEduard Zingerman 	*(u32*)(r7 + 0) = r0;				\
11601481e67SEduard Zingerman 	r4 = r7;					\
11701481e67SEduard Zingerman 	/* bpf_strtoul() */				\
11801481e67SEduard Zingerman 	call %[bpf_strtoul];				\
11901481e67SEduard Zingerman 	r0 = 1;						\
12001481e67SEduard Zingerman 	exit;						\
12101481e67SEduard Zingerman "	:
12201481e67SEduard Zingerman 	: __imm(bpf_strtoul)
12301481e67SEduard Zingerman 	: __clobber_all);
12401481e67SEduard Zingerman }
12501481e67SEduard Zingerman 
12601481e67SEduard Zingerman SEC("cgroup/sysctl")
12701481e67SEduard Zingerman __description("arg pointer to long initialized")
12801481e67SEduard Zingerman __success
arg_ptr_to_long_initialized(void)12901481e67SEduard Zingerman __naked void arg_ptr_to_long_initialized(void)
13001481e67SEduard Zingerman {
13101481e67SEduard Zingerman 	asm volatile ("					\
13201481e67SEduard Zingerman 	/* bpf_strtoul arg1 (buf) */			\
13301481e67SEduard Zingerman 	r7 = r10;					\
13401481e67SEduard Zingerman 	r7 += -8;					\
13501481e67SEduard Zingerman 	r0 = 0x00303036;				\
13601481e67SEduard Zingerman 	*(u64*)(r7 + 0) = r0;				\
13701481e67SEduard Zingerman 	r1 = r7;					\
13801481e67SEduard Zingerman 	/* bpf_strtoul arg2 (buf_len) */		\
13901481e67SEduard Zingerman 	r2 = 4;						\
14001481e67SEduard Zingerman 	/* bpf_strtoul arg3 (flags) */			\
14101481e67SEduard Zingerman 	r3 = 0;						\
14201481e67SEduard Zingerman 	/* bpf_strtoul arg4 (res) */			\
14301481e67SEduard Zingerman 	r7 += -8;					\
14401481e67SEduard Zingerman 	*(u64*)(r7 + 0) = r0;				\
14501481e67SEduard Zingerman 	r4 = r7;					\
14601481e67SEduard Zingerman 	/* bpf_strtoul() */				\
14701481e67SEduard Zingerman 	call %[bpf_strtoul];				\
14801481e67SEduard Zingerman 	r0 = 1;						\
14901481e67SEduard Zingerman 	exit;						\
15001481e67SEduard Zingerman "	:
15101481e67SEduard Zingerman 	: __imm(bpf_strtoul)
15201481e67SEduard Zingerman 	: __clobber_all);
15301481e67SEduard Zingerman }
15401481e67SEduard Zingerman 
15501481e67SEduard Zingerman char _license[] SEC("license") = "GPL";
15601481e67SEduard Zingerman