Back to home page

OSCL-LXR
 
 

     

0001 {
0002     "ARG_PTR_TO_LONG uninitialized",
0003     .insns = {
0004         /* bpf_strtoul arg1 (buf) */
0005         BPF_MOV64_REG(BPF_REG_7, BPF_REG_10),
0006         BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8),
0007         BPF_MOV64_IMM(BPF_REG_0, 0x00303036),
0008         BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0),
0009 
0010         BPF_MOV64_REG(BPF_REG_1, BPF_REG_7),
0011 
0012         /* bpf_strtoul arg2 (buf_len) */
0013         BPF_MOV64_IMM(BPF_REG_2, 4),
0014 
0015         /* bpf_strtoul arg3 (flags) */
0016         BPF_MOV64_IMM(BPF_REG_3, 0),
0017 
0018         /* bpf_strtoul arg4 (res) */
0019         BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8),
0020         BPF_MOV64_REG(BPF_REG_4, BPF_REG_7),
0021 
0022         /* bpf_strtoul() */
0023         BPF_EMIT_CALL(BPF_FUNC_strtoul),
0024 
0025         BPF_MOV64_IMM(BPF_REG_0, 1),
0026         BPF_EXIT_INSN(),
0027     },
0028     .result = REJECT,
0029     .prog_type = BPF_PROG_TYPE_CGROUP_SYSCTL,
0030     .errstr = "invalid indirect read from stack R4 off -16+0 size 8",
0031 },
0032 {
0033     "ARG_PTR_TO_LONG half-uninitialized",
0034     .insns = {
0035         /* bpf_strtoul arg1 (buf) */
0036         BPF_MOV64_REG(BPF_REG_7, BPF_REG_10),
0037         BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8),
0038         BPF_MOV64_IMM(BPF_REG_0, 0x00303036),
0039         BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0),
0040 
0041         BPF_MOV64_REG(BPF_REG_1, BPF_REG_7),
0042 
0043         /* bpf_strtoul arg2 (buf_len) */
0044         BPF_MOV64_IMM(BPF_REG_2, 4),
0045 
0046         /* bpf_strtoul arg3 (flags) */
0047         BPF_MOV64_IMM(BPF_REG_3, 0),
0048 
0049         /* bpf_strtoul arg4 (res) */
0050         BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8),
0051         BPF_STX_MEM(BPF_W, BPF_REG_7, BPF_REG_0, 0),
0052         BPF_MOV64_REG(BPF_REG_4, BPF_REG_7),
0053 
0054         /* bpf_strtoul() */
0055         BPF_EMIT_CALL(BPF_FUNC_strtoul),
0056 
0057         BPF_MOV64_IMM(BPF_REG_0, 1),
0058         BPF_EXIT_INSN(),
0059     },
0060     .result = REJECT,
0061     .prog_type = BPF_PROG_TYPE_CGROUP_SYSCTL,
0062     .errstr = "invalid indirect read from stack R4 off -16+4 size 8",
0063 },
0064 {
0065     "ARG_PTR_TO_LONG misaligned",
0066     .insns = {
0067         /* bpf_strtoul arg1 (buf) */
0068         BPF_MOV64_REG(BPF_REG_7, BPF_REG_10),
0069         BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8),
0070         BPF_MOV64_IMM(BPF_REG_0, 0x00303036),
0071         BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0),
0072 
0073         BPF_MOV64_REG(BPF_REG_1, BPF_REG_7),
0074 
0075         /* bpf_strtoul arg2 (buf_len) */
0076         BPF_MOV64_IMM(BPF_REG_2, 4),
0077 
0078         /* bpf_strtoul arg3 (flags) */
0079         BPF_MOV64_IMM(BPF_REG_3, 0),
0080 
0081         /* bpf_strtoul arg4 (res) */
0082         BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -12),
0083         BPF_MOV64_IMM(BPF_REG_0, 0),
0084         BPF_STX_MEM(BPF_W, BPF_REG_7, BPF_REG_0, 0),
0085         BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 4),
0086         BPF_MOV64_REG(BPF_REG_4, BPF_REG_7),
0087 
0088         /* bpf_strtoul() */
0089         BPF_EMIT_CALL(BPF_FUNC_strtoul),
0090 
0091         BPF_MOV64_IMM(BPF_REG_0, 1),
0092         BPF_EXIT_INSN(),
0093     },
0094     .result = REJECT,
0095     .prog_type = BPF_PROG_TYPE_CGROUP_SYSCTL,
0096     .errstr = "misaligned stack access off (0x0; 0x0)+-20+0 size 8",
0097 },
0098 {
0099     "ARG_PTR_TO_LONG size < sizeof(long)",
0100     .insns = {
0101         /* bpf_strtoul arg1 (buf) */
0102         BPF_MOV64_REG(BPF_REG_7, BPF_REG_10),
0103         BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -16),
0104         BPF_MOV64_IMM(BPF_REG_0, 0x00303036),
0105         BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0),
0106 
0107         BPF_MOV64_REG(BPF_REG_1, BPF_REG_7),
0108 
0109         /* bpf_strtoul arg2 (buf_len) */
0110         BPF_MOV64_IMM(BPF_REG_2, 4),
0111 
0112         /* bpf_strtoul arg3 (flags) */
0113         BPF_MOV64_IMM(BPF_REG_3, 0),
0114 
0115         /* bpf_strtoul arg4 (res) */
0116         BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, 12),
0117         BPF_STX_MEM(BPF_W, BPF_REG_7, BPF_REG_0, 0),
0118         BPF_MOV64_REG(BPF_REG_4, BPF_REG_7),
0119 
0120         /* bpf_strtoul() */
0121         BPF_EMIT_CALL(BPF_FUNC_strtoul),
0122 
0123         BPF_MOV64_IMM(BPF_REG_0, 1),
0124         BPF_EXIT_INSN(),
0125     },
0126     .result = REJECT,
0127     .prog_type = BPF_PROG_TYPE_CGROUP_SYSCTL,
0128     .errstr = "invalid indirect access to stack R4 off=-4 size=8",
0129 },
0130 {
0131     "ARG_PTR_TO_LONG initialized",
0132     .insns = {
0133         /* bpf_strtoul arg1 (buf) */
0134         BPF_MOV64_REG(BPF_REG_7, BPF_REG_10),
0135         BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8),
0136         BPF_MOV64_IMM(BPF_REG_0, 0x00303036),
0137         BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0),
0138 
0139         BPF_MOV64_REG(BPF_REG_1, BPF_REG_7),
0140 
0141         /* bpf_strtoul arg2 (buf_len) */
0142         BPF_MOV64_IMM(BPF_REG_2, 4),
0143 
0144         /* bpf_strtoul arg3 (flags) */
0145         BPF_MOV64_IMM(BPF_REG_3, 0),
0146 
0147         /* bpf_strtoul arg4 (res) */
0148         BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8),
0149         BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0),
0150         BPF_MOV64_REG(BPF_REG_4, BPF_REG_7),
0151 
0152         /* bpf_strtoul() */
0153         BPF_EMIT_CALL(BPF_FUNC_strtoul),
0154 
0155         BPF_MOV64_IMM(BPF_REG_0, 1),
0156         BPF_EXIT_INSN(),
0157     },
0158     .result = ACCEPT,
0159     .prog_type = BPF_PROG_TYPE_CGROUP_SYSCTL,
0160 },
Source navigation ] Diff markup ] Identifier search ] general search ]

This page was automatically generated by the 2.1.0 LXR engine.

The LXR team
Valid CSS 2.1! Valid HTML 4.01!