Back to home page

OSCL-LXR
 
 

     

0001 {
0002     "regalloc basic",
0003     .insns = {
0004     BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
0005     BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
0006     BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
0007     BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
0008     BPF_LD_MAP_FD(BPF_REG_1, 0),
0009     BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
0010     BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 8),
0011     BPF_MOV64_REG(BPF_REG_7, BPF_REG_0),
0012     BPF_EMIT_CALL(BPF_FUNC_get_prandom_u32),
0013     BPF_MOV64_REG(BPF_REG_2, BPF_REG_0),
0014     BPF_JMP_IMM(BPF_JSGT, BPF_REG_0, 20, 4),
0015     BPF_JMP_IMM(BPF_JSLT, BPF_REG_2, 0, 3),
0016     BPF_ALU64_REG(BPF_ADD, BPF_REG_7, BPF_REG_0),
0017     BPF_ALU64_REG(BPF_ADD, BPF_REG_7, BPF_REG_2),
0018     BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_7, 0),
0019     BPF_EXIT_INSN(),
0020     },
0021     .fixup_map_hash_48b = { 4 },
0022     .result = ACCEPT,
0023     .prog_type = BPF_PROG_TYPE_TRACEPOINT,
0024     .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
0025 },
0026 {
0027     "regalloc negative",
0028     .insns = {
0029     BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
0030     BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
0031     BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
0032     BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
0033     BPF_LD_MAP_FD(BPF_REG_1, 0),
0034     BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
0035     BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 8),
0036     BPF_MOV64_REG(BPF_REG_7, BPF_REG_0),
0037     BPF_EMIT_CALL(BPF_FUNC_get_prandom_u32),
0038     BPF_MOV64_REG(BPF_REG_2, BPF_REG_0),
0039     BPF_JMP_IMM(BPF_JSGT, BPF_REG_0, 24, 4),
0040     BPF_JMP_IMM(BPF_JSLT, BPF_REG_2, 0, 3),
0041     BPF_ALU64_REG(BPF_ADD, BPF_REG_7, BPF_REG_0),
0042     BPF_ALU64_REG(BPF_ADD, BPF_REG_7, BPF_REG_2),
0043     BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_7, 0),
0044     BPF_EXIT_INSN(),
0045     },
0046     .fixup_map_hash_48b = { 4 },
0047     .result = REJECT,
0048     .errstr = "invalid access to map value, value_size=48 off=48 size=1",
0049     .prog_type = BPF_PROG_TYPE_TRACEPOINT,
0050 },
0051 {
0052     "regalloc src_reg mark",
0053     .insns = {
0054     BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
0055     BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
0056     BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
0057     BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
0058     BPF_LD_MAP_FD(BPF_REG_1, 0),
0059     BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
0060     BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 9),
0061     BPF_MOV64_REG(BPF_REG_7, BPF_REG_0),
0062     BPF_EMIT_CALL(BPF_FUNC_get_prandom_u32),
0063     BPF_MOV64_REG(BPF_REG_2, BPF_REG_0),
0064     BPF_JMP_IMM(BPF_JSGT, BPF_REG_0, 20, 5),
0065     BPF_MOV64_IMM(BPF_REG_3, 0),
0066     BPF_JMP_REG(BPF_JSGE, BPF_REG_3, BPF_REG_2, 3),
0067     BPF_ALU64_REG(BPF_ADD, BPF_REG_7, BPF_REG_0),
0068     BPF_ALU64_REG(BPF_ADD, BPF_REG_7, BPF_REG_2),
0069     BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_7, 0),
0070     BPF_EXIT_INSN(),
0071     },
0072     .fixup_map_hash_48b = { 4 },
0073     .result = ACCEPT,
0074     .prog_type = BPF_PROG_TYPE_TRACEPOINT,
0075     .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
0076 },
0077 {
0078     "regalloc src_reg negative",
0079     .insns = {
0080     BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
0081     BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
0082     BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
0083     BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
0084     BPF_LD_MAP_FD(BPF_REG_1, 0),
0085     BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
0086     BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 9),
0087     BPF_MOV64_REG(BPF_REG_7, BPF_REG_0),
0088     BPF_EMIT_CALL(BPF_FUNC_get_prandom_u32),
0089     BPF_MOV64_REG(BPF_REG_2, BPF_REG_0),
0090     BPF_JMP_IMM(BPF_JSGT, BPF_REG_0, 22, 5),
0091     BPF_MOV64_IMM(BPF_REG_3, 0),
0092     BPF_JMP_REG(BPF_JSGE, BPF_REG_3, BPF_REG_2, 3),
0093     BPF_ALU64_REG(BPF_ADD, BPF_REG_7, BPF_REG_0),
0094     BPF_ALU64_REG(BPF_ADD, BPF_REG_7, BPF_REG_2),
0095     BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_7, 0),
0096     BPF_EXIT_INSN(),
0097     },
0098     .fixup_map_hash_48b = { 4 },
0099     .result = REJECT,
0100     .errstr = "invalid access to map value, value_size=48 off=44 size=8",
0101     .prog_type = BPF_PROG_TYPE_TRACEPOINT,
0102     .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
0103 },
0104 {
0105     "regalloc and spill",
0106     .insns = {
0107     BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
0108     BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
0109     BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
0110     BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
0111     BPF_LD_MAP_FD(BPF_REG_1, 0),
0112     BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
0113     BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 11),
0114     BPF_MOV64_REG(BPF_REG_7, BPF_REG_0),
0115     BPF_EMIT_CALL(BPF_FUNC_get_prandom_u32),
0116     BPF_MOV64_REG(BPF_REG_2, BPF_REG_0),
0117     BPF_JMP_IMM(BPF_JSGT, BPF_REG_0, 20, 7),
0118     /* r0 has upper bound that should propagate into r2 */
0119     BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -8), /* spill r2 */
0120     BPF_MOV64_IMM(BPF_REG_0, 0),
0121     BPF_MOV64_IMM(BPF_REG_2, 0), /* clear r0 and r2 */
0122     BPF_LDX_MEM(BPF_DW, BPF_REG_3, BPF_REG_10, -8), /* fill r3 */
0123     BPF_JMP_REG(BPF_JSGE, BPF_REG_0, BPF_REG_3, 2),
0124     /* r3 has lower and upper bounds */
0125     BPF_ALU64_REG(BPF_ADD, BPF_REG_7, BPF_REG_3),
0126     BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_7, 0),
0127     BPF_EXIT_INSN(),
0128     },
0129     .fixup_map_hash_48b = { 4 },
0130     .result = ACCEPT,
0131     .prog_type = BPF_PROG_TYPE_TRACEPOINT,
0132     .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
0133 },
0134 {
0135     "regalloc and spill negative",
0136     .insns = {
0137     BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
0138     BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
0139     BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
0140     BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
0141     BPF_LD_MAP_FD(BPF_REG_1, 0),
0142     BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
0143     BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 11),
0144     BPF_MOV64_REG(BPF_REG_7, BPF_REG_0),
0145     BPF_EMIT_CALL(BPF_FUNC_get_prandom_u32),
0146     BPF_MOV64_REG(BPF_REG_2, BPF_REG_0),
0147     BPF_JMP_IMM(BPF_JSGT, BPF_REG_0, 48, 7),
0148     /* r0 has upper bound that should propagate into r2 */
0149     BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -8), /* spill r2 */
0150     BPF_MOV64_IMM(BPF_REG_0, 0),
0151     BPF_MOV64_IMM(BPF_REG_2, 0), /* clear r0 and r2 */
0152     BPF_LDX_MEM(BPF_DW, BPF_REG_3, BPF_REG_10, -8), /* fill r3 */
0153     BPF_JMP_REG(BPF_JSGE, BPF_REG_0, BPF_REG_3, 2),
0154     /* r3 has lower and upper bounds */
0155     BPF_ALU64_REG(BPF_ADD, BPF_REG_7, BPF_REG_3),
0156     BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_7, 0),
0157     BPF_EXIT_INSN(),
0158     },
0159     .fixup_map_hash_48b = { 4 },
0160     .result = REJECT,
0161     .errstr = "invalid access to map value, value_size=48 off=48 size=8",
0162     .prog_type = BPF_PROG_TYPE_TRACEPOINT,
0163     .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
0164 },
0165 {
0166     "regalloc three regs",
0167     .insns = {
0168     BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
0169     BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
0170     BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
0171     BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
0172     BPF_LD_MAP_FD(BPF_REG_1, 0),
0173     BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
0174     BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 10),
0175     BPF_MOV64_REG(BPF_REG_7, BPF_REG_0),
0176     BPF_EMIT_CALL(BPF_FUNC_get_prandom_u32),
0177     BPF_MOV64_REG(BPF_REG_2, BPF_REG_0),
0178     BPF_MOV64_REG(BPF_REG_4, BPF_REG_2),
0179     BPF_JMP_IMM(BPF_JSGT, BPF_REG_0, 12, 5),
0180     BPF_JMP_IMM(BPF_JSLT, BPF_REG_2, 0, 4),
0181     BPF_ALU64_REG(BPF_ADD, BPF_REG_7, BPF_REG_0),
0182     BPF_ALU64_REG(BPF_ADD, BPF_REG_7, BPF_REG_2),
0183     BPF_ALU64_REG(BPF_ADD, BPF_REG_7, BPF_REG_4),
0184     BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_7, 0),
0185     BPF_EXIT_INSN(),
0186     },
0187     .fixup_map_hash_48b = { 4 },
0188     .result = ACCEPT,
0189     .prog_type = BPF_PROG_TYPE_TRACEPOINT,
0190     .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
0191 },
0192 {
0193     "regalloc after call",
0194     .insns = {
0195     BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
0196     BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
0197     BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
0198     BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
0199     BPF_LD_MAP_FD(BPF_REG_1, 0),
0200     BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
0201     BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 10),
0202     BPF_MOV64_REG(BPF_REG_7, BPF_REG_0),
0203     BPF_EMIT_CALL(BPF_FUNC_get_prandom_u32),
0204     BPF_MOV64_REG(BPF_REG_8, BPF_REG_0),
0205     BPF_MOV64_REG(BPF_REG_9, BPF_REG_0),
0206     BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 1, 0, 6),
0207     BPF_JMP_IMM(BPF_JSGT, BPF_REG_8, 20, 4),
0208     BPF_JMP_IMM(BPF_JSLT, BPF_REG_9, 0, 3),
0209     BPF_ALU64_REG(BPF_ADD, BPF_REG_7, BPF_REG_8),
0210     BPF_ALU64_REG(BPF_ADD, BPF_REG_7, BPF_REG_9),
0211     BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_7, 0),
0212     BPF_EXIT_INSN(),
0213     BPF_MOV64_IMM(BPF_REG_0, 0),
0214     BPF_EXIT_INSN(),
0215     },
0216     .fixup_map_hash_48b = { 4 },
0217     .result = ACCEPT,
0218     .prog_type = BPF_PROG_TYPE_TRACEPOINT,
0219     .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
0220 },
0221 {
0222     "regalloc in callee",
0223     .insns = {
0224     BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
0225     BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
0226     BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
0227     BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
0228     BPF_LD_MAP_FD(BPF_REG_1, 0),
0229     BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
0230     BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 6),
0231     BPF_MOV64_REG(BPF_REG_7, BPF_REG_0),
0232     BPF_EMIT_CALL(BPF_FUNC_get_prandom_u32),
0233     BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
0234     BPF_MOV64_REG(BPF_REG_2, BPF_REG_0),
0235     BPF_MOV64_REG(BPF_REG_3, BPF_REG_7),
0236     BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 1, 0, 1),
0237     BPF_EXIT_INSN(),
0238     BPF_JMP_IMM(BPF_JSGT, BPF_REG_1, 20, 5),
0239     BPF_JMP_IMM(BPF_JSLT, BPF_REG_2, 0, 4),
0240     BPF_ALU64_REG(BPF_ADD, BPF_REG_3, BPF_REG_1),
0241     BPF_ALU64_REG(BPF_ADD, BPF_REG_3, BPF_REG_2),
0242     BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_3, 0),
0243     BPF_EXIT_INSN(),
0244     BPF_MOV64_IMM(BPF_REG_0, 0),
0245     BPF_EXIT_INSN(),
0246     },
0247     .fixup_map_hash_48b = { 4 },
0248     .result = ACCEPT,
0249     .prog_type = BPF_PROG_TYPE_TRACEPOINT,
0250     .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
0251 },
0252 {
0253     "regalloc, spill, JEQ",
0254     .insns = {
0255     BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
0256     BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
0257     BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
0258     BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
0259     BPF_LD_MAP_FD(BPF_REG_1, 0),
0260     BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
0261     BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -8), /* spill r0 */
0262     BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 0),
0263     /* The verifier will walk the rest twice with r0 == 0 and r0 == map_value */
0264     BPF_EMIT_CALL(BPF_FUNC_get_prandom_u32),
0265     BPF_MOV64_REG(BPF_REG_2, BPF_REG_0),
0266     BPF_JMP_IMM(BPF_JEQ, BPF_REG_2, 20, 0),
0267     /* The verifier will walk the rest two more times with r0 == 20 and r0 == unknown */
0268     BPF_LDX_MEM(BPF_DW, BPF_REG_3, BPF_REG_10, -8), /* fill r3 with map_value */
0269     BPF_JMP_IMM(BPF_JEQ, BPF_REG_3, 0, 1), /* skip ldx if map_value == NULL */
0270     /* Buggy verifier will think that r3 == 20 here */
0271     BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_3, 0), /* read from map_value */
0272     BPF_EXIT_INSN(),
0273     },
0274     .fixup_map_hash_48b = { 4 },
0275     .result = ACCEPT,
0276     .prog_type = BPF_PROG_TYPE_TRACEPOINT,
0277 },
Source navigation ] Diff markup ] Identifier search ] general search ]

This page was automatically generated by the 2.1.0 LXR engine.

The LXR team
Valid CSS 2.1! Valid HTML 4.01!