0001 {
0002 "precise: test 1",
0003 .insns = {
0004 BPF_MOV64_IMM(BPF_REG_0, 1),
0005 BPF_LD_MAP_FD(BPF_REG_6, 0),
0006 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
0007 BPF_MOV64_REG(BPF_REG_2, BPF_REG_FP),
0008 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
0009 BPF_ST_MEM(BPF_DW, BPF_REG_FP, -8, 0),
0010 BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
0011 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
0012 BPF_EXIT_INSN(),
0013
0014 BPF_MOV64_REG(BPF_REG_9, BPF_REG_0),
0015
0016 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
0017 BPF_MOV64_REG(BPF_REG_2, BPF_REG_FP),
0018 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
0019 BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
0020 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
0021 BPF_EXIT_INSN(),
0022
0023 BPF_MOV64_REG(BPF_REG_8, BPF_REG_0),
0024
0025 BPF_ALU64_REG(BPF_SUB, BPF_REG_9, BPF_REG_8),
0026 BPF_MOV64_REG(BPF_REG_2, BPF_REG_9),
0027 BPF_JMP_IMM(BPF_JLT, BPF_REG_2, 8, 1),
0028 BPF_EXIT_INSN(),
0029
0030 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, 1),
0031 BPF_MOV64_REG(BPF_REG_1, BPF_REG_FP),
0032 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -8),
0033 BPF_MOV64_IMM(BPF_REG_3, 0),
0034 BPF_EMIT_CALL(BPF_FUNC_probe_read_kernel),
0035 BPF_EXIT_INSN(),
0036 },
0037 .prog_type = BPF_PROG_TYPE_TRACEPOINT,
0038 .fixup_map_array_48b = { 1 },
0039 .result = VERBOSE_ACCEPT,
0040 .errstr =
0041 "26: (85) call bpf_probe_read_kernel#113\
0042 last_idx 26 first_idx 20\
0043 regs=4 stack=0 before 25\
0044 regs=4 stack=0 before 24\
0045 regs=4 stack=0 before 23\
0046 regs=4 stack=0 before 22\
0047 regs=4 stack=0 before 20\
0048 parent didn't have regs=4 stack=0 marks\
0049 last_idx 19 first_idx 10\
0050 regs=4 stack=0 before 19\
0051 regs=200 stack=0 before 18\
0052 regs=300 stack=0 before 17\
0053 regs=201 stack=0 before 15\
0054 regs=201 stack=0 before 14\
0055 regs=200 stack=0 before 13\
0056 regs=200 stack=0 before 12\
0057 regs=200 stack=0 before 11\
0058 regs=200 stack=0 before 10\
0059 parent already had regs=0 stack=0 marks",
0060 },
0061 {
0062 "precise: test 2",
0063 .insns = {
0064 BPF_MOV64_IMM(BPF_REG_0, 1),
0065 BPF_LD_MAP_FD(BPF_REG_6, 0),
0066 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
0067 BPF_MOV64_REG(BPF_REG_2, BPF_REG_FP),
0068 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
0069 BPF_ST_MEM(BPF_DW, BPF_REG_FP, -8, 0),
0070 BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
0071 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
0072 BPF_EXIT_INSN(),
0073
0074 BPF_MOV64_REG(BPF_REG_9, BPF_REG_0),
0075
0076 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
0077 BPF_MOV64_REG(BPF_REG_2, BPF_REG_FP),
0078 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
0079 BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
0080 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
0081 BPF_EXIT_INSN(),
0082
0083 BPF_MOV64_REG(BPF_REG_8, BPF_REG_0),
0084
0085 BPF_ALU64_REG(BPF_SUB, BPF_REG_9, BPF_REG_8),
0086 BPF_MOV64_REG(BPF_REG_2, BPF_REG_9),
0087 BPF_JMP_IMM(BPF_JLT, BPF_REG_2, 8, 1),
0088 BPF_EXIT_INSN(),
0089
0090 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, 1),
0091 BPF_MOV64_REG(BPF_REG_1, BPF_REG_FP),
0092 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -8),
0093 BPF_MOV64_IMM(BPF_REG_3, 0),
0094 BPF_EMIT_CALL(BPF_FUNC_probe_read_kernel),
0095 BPF_EXIT_INSN(),
0096 },
0097 .prog_type = BPF_PROG_TYPE_TRACEPOINT,
0098 .fixup_map_array_48b = { 1 },
0099 .result = VERBOSE_ACCEPT,
0100 .flags = BPF_F_TEST_STATE_FREQ,
0101 .errstr =
0102 "26: (85) call bpf_probe_read_kernel#113\
0103 last_idx 26 first_idx 22\
0104 regs=4 stack=0 before 25\
0105 regs=4 stack=0 before 24\
0106 regs=4 stack=0 before 23\
0107 regs=4 stack=0 before 22\
0108 parent didn't have regs=4 stack=0 marks\
0109 last_idx 20 first_idx 20\
0110 regs=4 stack=0 before 20\
0111 parent didn't have regs=4 stack=0 marks\
0112 last_idx 19 first_idx 17\
0113 regs=4 stack=0 before 19\
0114 regs=200 stack=0 before 18\
0115 regs=300 stack=0 before 17\
0116 parent already had regs=0 stack=0 marks",
0117 },
0118 {
0119 "precise: cross frame pruning",
0120 .insns = {
0121 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_get_prandom_u32),
0122 BPF_MOV64_IMM(BPF_REG_8, 0),
0123 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
0124 BPF_MOV64_IMM(BPF_REG_8, 1),
0125 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_get_prandom_u32),
0126 BPF_MOV64_IMM(BPF_REG_9, 0),
0127 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
0128 BPF_MOV64_IMM(BPF_REG_9, 1),
0129 BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
0130 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 1, 0, 4),
0131 BPF_JMP_IMM(BPF_JEQ, BPF_REG_8, 1, 1),
0132 BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_2, 0),
0133 BPF_MOV64_IMM(BPF_REG_0, 0),
0134 BPF_EXIT_INSN(),
0135 BPF_JMP_IMM(BPF_JEQ, BPF_REG_1, 0, 0),
0136 BPF_EXIT_INSN(),
0137 },
0138 .prog_type = BPF_PROG_TYPE_XDP,
0139 .flags = BPF_F_TEST_STATE_FREQ,
0140 .errstr = "!read_ok",
0141 .result = REJECT,
0142 },
0143 {
0144 "precise: ST insn causing spi > allocated_stack",
0145 .insns = {
0146 BPF_MOV64_REG(BPF_REG_3, BPF_REG_10),
0147 BPF_JMP_IMM(BPF_JNE, BPF_REG_3, 123, 0),
0148 BPF_ST_MEM(BPF_DW, BPF_REG_3, -8, 0),
0149 BPF_LDX_MEM(BPF_DW, BPF_REG_4, BPF_REG_10, -8),
0150 BPF_MOV64_IMM(BPF_REG_0, -1),
0151 BPF_JMP_REG(BPF_JGT, BPF_REG_4, BPF_REG_0, 0),
0152 BPF_EXIT_INSN(),
0153 },
0154 .prog_type = BPF_PROG_TYPE_XDP,
0155 .flags = BPF_F_TEST_STATE_FREQ,
0156 .errstr = "5: (2d) if r4 > r0 goto pc+0\
0157 last_idx 5 first_idx 5\
0158 parent didn't have regs=10 stack=0 marks\
0159 last_idx 4 first_idx 2\
0160 regs=10 stack=0 before 4\
0161 regs=10 stack=0 before 3\
0162 regs=0 stack=1 before 2\
0163 last_idx 5 first_idx 5\
0164 parent didn't have regs=1 stack=0 marks",
0165 .result = VERBOSE_ACCEPT,
0166 .retval = -1,
0167 },
0168 {
0169 "precise: STX insn causing spi > allocated_stack",
0170 .insns = {
0171 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_get_prandom_u32),
0172 BPF_MOV64_REG(BPF_REG_3, BPF_REG_10),
0173 BPF_JMP_IMM(BPF_JNE, BPF_REG_3, 123, 0),
0174 BPF_STX_MEM(BPF_DW, BPF_REG_3, BPF_REG_0, -8),
0175 BPF_LDX_MEM(BPF_DW, BPF_REG_4, BPF_REG_10, -8),
0176 BPF_MOV64_IMM(BPF_REG_0, -1),
0177 BPF_JMP_REG(BPF_JGT, BPF_REG_4, BPF_REG_0, 0),
0178 BPF_EXIT_INSN(),
0179 },
0180 .prog_type = BPF_PROG_TYPE_XDP,
0181 .flags = BPF_F_TEST_STATE_FREQ,
0182 .errstr = "last_idx 6 first_idx 6\
0183 parent didn't have regs=10 stack=0 marks\
0184 last_idx 5 first_idx 3\
0185 regs=10 stack=0 before 5\
0186 regs=10 stack=0 before 4\
0187 regs=0 stack=1 before 3\
0188 last_idx 6 first_idx 6\
0189 parent didn't have regs=1 stack=0 marks\
0190 last_idx 5 first_idx 3\
0191 regs=1 stack=0 before 5",
0192 .result = VERBOSE_ACCEPT,
0193 .retval = -1,
0194 },
0195 {
0196 "precise: mark_chain_precision for ARG_CONST_ALLOC_SIZE_OR_ZERO",
0197 .insns = {
0198 BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_1, offsetof(struct xdp_md, ingress_ifindex)),
0199 BPF_LD_MAP_FD(BPF_REG_6, 0),
0200 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
0201 BPF_MOV64_IMM(BPF_REG_2, 1),
0202 BPF_MOV64_IMM(BPF_REG_3, 0),
0203 BPF_JMP_IMM(BPF_JEQ, BPF_REG_4, 0, 1),
0204 BPF_MOV64_IMM(BPF_REG_2, 0x1000),
0205 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_ringbuf_reserve),
0206 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
0207 BPF_EXIT_INSN(),
0208 BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
0209 BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_0, 42),
0210 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_ringbuf_submit),
0211 BPF_MOV64_IMM(BPF_REG_0, 0),
0212 BPF_EXIT_INSN(),
0213 },
0214 .fixup_map_ringbuf = { 1 },
0215 .prog_type = BPF_PROG_TYPE_XDP,
0216 .flags = BPF_F_TEST_STATE_FREQ,
0217 .errstr = "invalid access to memory, mem_size=1 off=42 size=8",
0218 .result = REJECT,
0219 },
