0001 {
0002 "spin_lock: test1 success",
0003 .insns = {
0004 BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
0005 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
0006 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
0007 BPF_LD_MAP_FD(BPF_REG_1,
0008 0),
0009 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
0010 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
0011 BPF_EXIT_INSN(),
0012 BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
0013 BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
0014 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
0015 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
0016 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
0017 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
0018 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_6, 0),
0019 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
0020 BPF_MOV64_IMM(BPF_REG_0, 0),
0021 BPF_EXIT_INSN(),
0022 },
0023 .fixup_map_spin_lock = { 3 },
0024 .result = ACCEPT,
0025 .result_unpriv = REJECT,
0026 .errstr_unpriv = "",
0027 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
0028 },
0029 {
0030 "spin_lock: test2 direct ld/st",
0031 .insns = {
0032 BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
0033 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
0034 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
0035 BPF_LD_MAP_FD(BPF_REG_1,
0036 0),
0037 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
0038 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
0039 BPF_EXIT_INSN(),
0040 BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
0041 BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
0042 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
0043 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
0044 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
0045 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
0046 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 0),
0047 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
0048 BPF_MOV64_IMM(BPF_REG_0, 0),
0049 BPF_EXIT_INSN(),
0050 },
0051 .fixup_map_spin_lock = { 3 },
0052 .result = REJECT,
0053 .errstr = "cannot be accessed directly",
0054 .result_unpriv = REJECT,
0055 .errstr_unpriv = "",
0056 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
0057 },
0058 {
0059 "spin_lock: test3 direct ld/st",
0060 .insns = {
0061 BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
0062 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
0063 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
0064 BPF_LD_MAP_FD(BPF_REG_1,
0065 0),
0066 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
0067 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
0068 BPF_EXIT_INSN(),
0069 BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
0070 BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
0071 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
0072 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
0073 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
0074 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
0075 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_6, 1),
0076 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
0077 BPF_MOV64_IMM(BPF_REG_0, 0),
0078 BPF_EXIT_INSN(),
0079 },
0080 .fixup_map_spin_lock = { 3 },
0081 .result = REJECT,
0082 .errstr = "cannot be accessed directly",
0083 .result_unpriv = REJECT,
0084 .errstr_unpriv = "",
0085 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
0086 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
0087 },
0088 {
0089 "spin_lock: test4 direct ld/st",
0090 .insns = {
0091 BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
0092 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
0093 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
0094 BPF_LD_MAP_FD(BPF_REG_1,
0095 0),
0096 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
0097 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
0098 BPF_EXIT_INSN(),
0099 BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
0100 BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
0101 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
0102 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
0103 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
0104 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
0105 BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_6, 3),
0106 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
0107 BPF_MOV64_IMM(BPF_REG_0, 0),
0108 BPF_EXIT_INSN(),
0109 },
0110 .fixup_map_spin_lock = { 3 },
0111 .result = REJECT,
0112 .errstr = "cannot be accessed directly",
0113 .result_unpriv = REJECT,
0114 .errstr_unpriv = "",
0115 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
0116 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
0117 },
0118 {
0119 "spin_lock: test5 call within a locked region",
0120 .insns = {
0121 BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
0122 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
0123 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
0124 BPF_LD_MAP_FD(BPF_REG_1,
0125 0),
0126 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
0127 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
0128 BPF_EXIT_INSN(),
0129 BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
0130 BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
0131 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
0132 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
0133 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_get_prandom_u32),
0134 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
0135 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
0136 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
0137 BPF_MOV64_IMM(BPF_REG_0, 0),
0138 BPF_EXIT_INSN(),
0139 },
0140 .fixup_map_spin_lock = { 3 },
0141 .result = REJECT,
0142 .errstr = "calls are not allowed",
0143 .result_unpriv = REJECT,
0144 .errstr_unpriv = "",
0145 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
0146 },
0147 {
0148 "spin_lock: test6 missing unlock",
0149 .insns = {
0150 BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
0151 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
0152 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
0153 BPF_LD_MAP_FD(BPF_REG_1,
0154 0),
0155 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
0156 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
0157 BPF_EXIT_INSN(),
0158 BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
0159 BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
0160 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
0161 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
0162 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
0163 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
0164 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_6, 0),
0165 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
0166 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
0167 BPF_MOV64_IMM(BPF_REG_0, 0),
0168 BPF_EXIT_INSN(),
0169 },
0170 .fixup_map_spin_lock = { 3 },
0171 .result = REJECT,
0172 .errstr = "unlock is missing",
0173 .result_unpriv = REJECT,
0174 .errstr_unpriv = "",
0175 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
0176 },
0177 {
0178 "spin_lock: test7 unlock without lock",
0179 .insns = {
0180 BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
0181 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
0182 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
0183 BPF_LD_MAP_FD(BPF_REG_1,
0184 0),
0185 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
0186 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
0187 BPF_EXIT_INSN(),
0188 BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
0189 BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
0190 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
0191 BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 1),
0192 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
0193 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
0194 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
0195 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_6, 0),
0196 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
0197 BPF_MOV64_IMM(BPF_REG_0, 0),
0198 BPF_EXIT_INSN(),
0199 },
0200 .fixup_map_spin_lock = { 3 },
0201 .result = REJECT,
0202 .errstr = "without taking a lock",
0203 .result_unpriv = REJECT,
0204 .errstr_unpriv = "",
0205 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
0206 },
0207 {
0208 "spin_lock: test8 double lock",
0209 .insns = {
0210 BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
0211 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
0212 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
0213 BPF_LD_MAP_FD(BPF_REG_1,
0214 0),
0215 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
0216 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
0217 BPF_EXIT_INSN(),
0218 BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
0219 BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
0220 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
0221 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
0222 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
0223 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
0224 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
0225 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
0226 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
0227 BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_6, 0),
0228 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
0229 BPF_MOV64_IMM(BPF_REG_0, 0),
0230 BPF_EXIT_INSN(),
0231 },
0232 .fixup_map_spin_lock = { 3 },
0233 .result = REJECT,
0234 .errstr = "calls are not allowed",
0235 .result_unpriv = REJECT,
0236 .errstr_unpriv = "",
0237 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
0238 },
0239 {
0240 "spin_lock: test9 different lock",
0241 .insns = {
0242 BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
0243 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
0244 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
0245 BPF_LD_MAP_FD(BPF_REG_1,
0246 0),
0247 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
0248 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
0249 BPF_EXIT_INSN(),
0250 BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
0251 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
0252 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
0253 BPF_LD_MAP_FD(BPF_REG_1,
0254 0),
0255 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
0256 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
0257 BPF_EXIT_INSN(),
0258 BPF_MOV64_REG(BPF_REG_7, BPF_REG_0),
0259 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
0260 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
0261 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
0262 BPF_MOV64_REG(BPF_REG_1, BPF_REG_7),
0263 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
0264 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
0265 BPF_MOV64_IMM(BPF_REG_0, 0),
0266 BPF_EXIT_INSN(),
0267 },
0268 .fixup_map_spin_lock = { 3, 11 },
0269 .result = REJECT,
0270 .errstr = "unlock of different lock",
0271 .result_unpriv = REJECT,
0272 .errstr_unpriv = "",
0273 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
0274 },
0275 {
0276 "spin_lock: test10 lock in subprog without unlock",
0277 .insns = {
0278 BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
0279 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
0280 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
0281 BPF_LD_MAP_FD(BPF_REG_1,
0282 0),
0283 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
0284 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
0285 BPF_EXIT_INSN(),
0286 BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
0287 BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
0288 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
0289 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 1, 0, 5),
0290 BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
0291 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
0292 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
0293 BPF_MOV64_IMM(BPF_REG_0, 1),
0294 BPF_EXIT_INSN(),
0295 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
0296 BPF_MOV64_IMM(BPF_REG_0, 0),
0297 BPF_EXIT_INSN(),
0298 },
0299 .fixup_map_spin_lock = { 3 },
0300 .result = REJECT,
0301 .errstr = "unlock is missing",
0302 .result_unpriv = REJECT,
0303 .errstr_unpriv = "",
0304 .prog_type = BPF_PROG_TYPE_CGROUP_SKB,
0305 },
0306 {
0307 "spin_lock: test11 ld_abs under lock",
0308 .insns = {
0309 BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
0310 BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
0311 BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
0312 BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
0313 BPF_LD_MAP_FD(BPF_REG_1,
0314 0),
0315 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
0316 BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
0317 BPF_EXIT_INSN(),
0318 BPF_MOV64_REG(BPF_REG_7, BPF_REG_0),
0319 BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
0320 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
0321 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
0322 BPF_LD_ABS(BPF_B, 0),
0323 BPF_MOV64_REG(BPF_REG_1, BPF_REG_7),
0324 BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
0325 BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
0326 BPF_MOV64_IMM(BPF_REG_0, 0),
0327 BPF_EXIT_INSN(),
0328 },
0329 .fixup_map_spin_lock = { 4 },
0330 .result = REJECT,
0331 .errstr = "inside bpf_spin_lock",
0332 .prog_type = BPF_PROG_TYPE_SCHED_CLS,
0333 },
