Back to home page

OSCL-LXR
 
 

     

0001 {
0002     "atomic compare-and-exchange smoketest - 64bit",
0003     .insns = {
0004         /* val = 3; */
0005         BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 3),
0006         /* old = atomic_cmpxchg(&val, 2, 4); */
0007         BPF_MOV64_IMM(BPF_REG_1, 4),
0008         BPF_MOV64_IMM(BPF_REG_0, 2),
0009         BPF_ATOMIC_OP(BPF_DW, BPF_CMPXCHG, BPF_REG_10, BPF_REG_1, -8),
0010         /* if (old != 3) exit(2); */
0011         BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 3, 2),
0012         BPF_MOV64_IMM(BPF_REG_0, 2),
0013         BPF_EXIT_INSN(),
0014         /* if (val != 3) exit(3); */
0015         BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_10, -8),
0016         BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 3, 2),
0017         BPF_MOV64_IMM(BPF_REG_0, 3),
0018         BPF_EXIT_INSN(),
0019         /* old = atomic_cmpxchg(&val, 3, 4); */
0020         BPF_MOV64_IMM(BPF_REG_1, 4),
0021         BPF_MOV64_IMM(BPF_REG_0, 3),
0022         BPF_ATOMIC_OP(BPF_DW, BPF_CMPXCHG, BPF_REG_10, BPF_REG_1, -8),
0023         /* if (old != 3) exit(4); */
0024         BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 3, 2),
0025         BPF_MOV64_IMM(BPF_REG_0, 4),
0026         BPF_EXIT_INSN(),
0027         /* if (val != 4) exit(5); */
0028         BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_10, -8),
0029         BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 4, 2),
0030         BPF_MOV64_IMM(BPF_REG_0, 5),
0031         BPF_EXIT_INSN(),
0032         /* exit(0); */
0033         BPF_MOV64_IMM(BPF_REG_0, 0),
0034         BPF_EXIT_INSN(),
0035     },
0036     .result = ACCEPT,
0037 },
0038 {
0039     "atomic compare-and-exchange smoketest - 32bit",
0040     .insns = {
0041         /* val = 3; */
0042         BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 3),
0043         /* old = atomic_cmpxchg(&val, 2, 4); */
0044         BPF_MOV32_IMM(BPF_REG_1, 4),
0045         BPF_MOV32_IMM(BPF_REG_0, 2),
0046         BPF_ATOMIC_OP(BPF_W, BPF_CMPXCHG, BPF_REG_10, BPF_REG_1, -4),
0047         /* if (old != 3) exit(2); */
0048         BPF_JMP32_IMM(BPF_JEQ, BPF_REG_0, 3, 2),
0049         BPF_MOV32_IMM(BPF_REG_0, 2),
0050         BPF_EXIT_INSN(),
0051         /* if (val != 3) exit(3); */
0052         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_10, -4),
0053         BPF_JMP32_IMM(BPF_JEQ, BPF_REG_0, 3, 2),
0054         BPF_MOV32_IMM(BPF_REG_0, 3),
0055         BPF_EXIT_INSN(),
0056         /* old = atomic_cmpxchg(&val, 3, 4); */
0057         BPF_MOV32_IMM(BPF_REG_1, 4),
0058         BPF_MOV32_IMM(BPF_REG_0, 3),
0059         BPF_ATOMIC_OP(BPF_W, BPF_CMPXCHG, BPF_REG_10, BPF_REG_1, -4),
0060         /* if (old != 3) exit(4); */
0061         BPF_JMP32_IMM(BPF_JEQ, BPF_REG_0, 3, 2),
0062         BPF_MOV32_IMM(BPF_REG_0, 4),
0063         BPF_EXIT_INSN(),
0064         /* if (val != 4) exit(5); */
0065         BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_10, -4),
0066         BPF_JMP32_IMM(BPF_JEQ, BPF_REG_0, 4, 2),
0067         BPF_MOV32_IMM(BPF_REG_0, 5),
0068         BPF_EXIT_INSN(),
0069         /* exit(0); */
0070         BPF_MOV32_IMM(BPF_REG_0, 0),
0071         BPF_EXIT_INSN(),
0072     },
0073     .result = ACCEPT,
0074 },
0075 {
0076     "Can't use cmpxchg on uninit src reg",
0077     .insns = {
0078         BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 3),
0079         BPF_MOV64_IMM(BPF_REG_0, 3),
0080         BPF_ATOMIC_OP(BPF_DW, BPF_CMPXCHG, BPF_REG_10, BPF_REG_2, -8),
0081         BPF_EXIT_INSN(),
0082     },
0083     .result = REJECT,
0084     .errstr = "!read_ok",
0085 },
0086 {
0087     "Can't use cmpxchg on uninit memory",
0088     .insns = {
0089         BPF_MOV64_IMM(BPF_REG_0, 3),
0090         BPF_MOV64_IMM(BPF_REG_2, 4),
0091         BPF_ATOMIC_OP(BPF_DW, BPF_CMPXCHG, BPF_REG_10, BPF_REG_2, -8),
0092         BPF_EXIT_INSN(),
0093     },
0094     .result = REJECT,
0095     .errstr = "invalid read from stack",
0096 },
0097 {
0098     "BPF_W cmpxchg should zero top 32 bits",
0099     .insns = {
0100         /* r0 = U64_MAX; */
0101         BPF_MOV64_IMM(BPF_REG_0, 0),
0102         BPF_ALU64_IMM(BPF_SUB, BPF_REG_0, 1),
0103         /* u64 val = r0; */
0104         BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -8),
0105         /* r0 = (u32)atomic_cmpxchg((u32 *)&val, r0, 1); */
0106         BPF_MOV32_IMM(BPF_REG_1, 1),
0107         BPF_ATOMIC_OP(BPF_W, BPF_CMPXCHG, BPF_REG_10, BPF_REG_1, -8),
0108         /* r1 = 0x00000000FFFFFFFFull; */
0109         BPF_MOV64_IMM(BPF_REG_1, 1),
0110         BPF_ALU64_IMM(BPF_LSH, BPF_REG_1, 32),
0111         BPF_ALU64_IMM(BPF_SUB, BPF_REG_1, 1),
0112         /* if (r0 != r1) exit(1); */
0113         BPF_JMP_REG(BPF_JEQ, BPF_REG_0, BPF_REG_1, 2),
0114         BPF_MOV32_IMM(BPF_REG_0, 1),
0115         BPF_EXIT_INSN(),
0116         /* exit(0); */
0117         BPF_MOV32_IMM(BPF_REG_0, 0),
0118         BPF_EXIT_INSN(),
0119     },
0120     .result = ACCEPT,
0121 },
0122 {
0123     "Dest pointer in r0 - fail",
0124     .insns = {
0125         /* val = 0; */
0126         BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
0127         /* r0 = &val */
0128         BPF_MOV64_REG(BPF_REG_0, BPF_REG_10),
0129         /* r0 = atomic_cmpxchg(&val, r0, 1); */
0130         BPF_MOV64_IMM(BPF_REG_1, 1),
0131         BPF_ATOMIC_OP(BPF_DW, BPF_CMPXCHG, BPF_REG_10, BPF_REG_1, -8),
0132         /* if (r0 != 0) exit(1); */
0133         BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 2),
0134         BPF_MOV64_IMM(BPF_REG_0, 1),
0135         BPF_EXIT_INSN(),
0136         /* exit(0); */
0137         BPF_MOV64_IMM(BPF_REG_0, 0),
0138         BPF_EXIT_INSN(),
0139     },
0140     .result = ACCEPT,
0141     .result_unpriv = REJECT,
0142     .errstr_unpriv = "R0 leaks addr into mem",
0143 },
0144 {
0145     "Dest pointer in r0 - succeed",
0146     .insns = {
0147         /* r0 = &val */
0148         BPF_MOV64_REG(BPF_REG_0, BPF_REG_10),
0149         /* val = r0; */
0150         BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -8),
0151         /* r0 = atomic_cmpxchg(&val, r0, 0); */
0152         BPF_MOV64_IMM(BPF_REG_1, 0),
0153         BPF_ATOMIC_OP(BPF_DW, BPF_CMPXCHG, BPF_REG_10, BPF_REG_1, -8),
0154         /* r1 = *r0 */
0155         BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, -8),
0156         /* exit(0); */
0157         BPF_MOV64_IMM(BPF_REG_0, 0),
0158         BPF_EXIT_INSN(),
0159     },
0160     .result = ACCEPT,
0161     .result_unpriv = REJECT,
0162     .errstr_unpriv = "R0 leaks addr into mem",
0163 },
0164 {
0165     "Dest pointer in r0 - succeed, check 2",
0166     .insns = {
0167         /* r0 = &val */
0168         BPF_MOV64_REG(BPF_REG_0, BPF_REG_10),
0169         /* val = r0; */
0170         BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -8),
0171         /* r5 = &val */
0172         BPF_MOV64_REG(BPF_REG_5, BPF_REG_10),
0173         /* r0 = atomic_cmpxchg(&val, r0, r5); */
0174         BPF_ATOMIC_OP(BPF_DW, BPF_CMPXCHG, BPF_REG_10, BPF_REG_5, -8),
0175         /* r1 = *r0 */
0176         BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, -8),
0177         /* exit(0); */
0178         BPF_MOV64_IMM(BPF_REG_0, 0),
0179         BPF_EXIT_INSN(),
0180     },
0181     .result = ACCEPT,
0182     .result_unpriv = REJECT,
0183     .errstr_unpriv = "R0 leaks addr into mem",
0184 },
0185 {
0186     "Dest pointer in r0 - succeed, check 3",
0187     .insns = {
0188         /* r0 = &val */
0189         BPF_MOV64_REG(BPF_REG_0, BPF_REG_10),
0190         /* val = r0; */
0191         BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -8),
0192         /* r5 = &val */
0193         BPF_MOV64_REG(BPF_REG_5, BPF_REG_10),
0194         /* r0 = atomic_cmpxchg(&val, r0, r5); */
0195         BPF_ATOMIC_OP(BPF_W, BPF_CMPXCHG, BPF_REG_10, BPF_REG_5, -8),
0196         /* exit(0); */
0197         BPF_MOV64_IMM(BPF_REG_0, 0),
0198         BPF_EXIT_INSN(),
0199     },
0200     .result = REJECT,
0201     .errstr = "invalid size of register fill",
0202     .errstr_unpriv = "R0 leaks addr into mem",
0203 },
0204 {
0205     "Dest pointer in r0 - succeed, check 4",
0206     .insns = {
0207         /* r0 = &val */
0208         BPF_MOV32_REG(BPF_REG_0, BPF_REG_10),
0209         /* val = r0; */
0210         BPF_STX_MEM(BPF_W, BPF_REG_10, BPF_REG_0, -8),
0211         /* r5 = &val */
0212         BPF_MOV32_REG(BPF_REG_5, BPF_REG_10),
0213         /* r0 = atomic_cmpxchg(&val, r0, r5); */
0214         BPF_ATOMIC_OP(BPF_W, BPF_CMPXCHG, BPF_REG_10, BPF_REG_5, -8),
0215         /* r1 = *r10 */
0216         BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_10, -8),
0217         /* exit(0); */
0218         BPF_MOV64_IMM(BPF_REG_0, 0),
0219         BPF_EXIT_INSN(),
0220     },
0221     .result = ACCEPT,
0222     .result_unpriv = REJECT,
0223     .errstr_unpriv = "R10 partial copy of pointer",
0224 },
0225 {
0226     "Dest pointer in r0 - succeed, check 5",
0227     .insns = {
0228         /* r0 = &val */
0229         BPF_MOV32_REG(BPF_REG_0, BPF_REG_10),
0230         /* val = r0; */
0231         BPF_STX_MEM(BPF_W, BPF_REG_10, BPF_REG_0, -8),
0232         /* r5 = &val */
0233         BPF_MOV32_REG(BPF_REG_5, BPF_REG_10),
0234         /* r0 = atomic_cmpxchg(&val, r0, r5); */
0235         BPF_ATOMIC_OP(BPF_W, BPF_CMPXCHG, BPF_REG_10, BPF_REG_5, -8),
0236         /* r1 = *r0 */
0237         BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, -8),
0238         /* exit(0); */
0239         BPF_MOV64_IMM(BPF_REG_0, 0),
0240         BPF_EXIT_INSN(),
0241     },
0242     .result = REJECT,
0243     .errstr = "R0 invalid mem access",
0244     .errstr_unpriv = "R10 partial copy of pointer",
0245 },
Source navigation ] Diff markup ] Identifier search ] general search ]

This page was automatically generated by the 2.1.0 LXR engine.

The LXR team
Valid CSS 2.1! Valid HTML 4.01!