File: verifier_direct_stack_access_wraparound.c

package info (click to toggle)
linux 6.12.8-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 1,673,568 kB
  • sloc: ansic: 25,888,630; asm: 268,782; sh: 136,481; python: 64,809; makefile: 55,668; perl: 38,052; xml: 19,270; cpp: 5,893; yacc: 4,923; lex: 2,939; awk: 1,592; sed: 28; ruby: 25
file content (56 lines) | stat: -rw-r--r-- 1,380 bytes parent folder | download | duplicates (14) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
 
// SPDX-License-Identifier: GPL-2.0
/* Converted from tools/testing/selftests/bpf/verifier/direct_stack_access_wraparound.c */

#include <linux/bpf.h>
#include <bpf/bpf_helpers.h>
#include "bpf_misc.h"

SEC("socket")
__description("direct stack access with 32-bit wraparound. test1")
__failure __msg("fp pointer and 2147483647")
__failure_unpriv
__naked void with_32_bit_wraparound_test1(void)
{
	asm volatile ("					\
	r1 = r10;					\
	r1 += 0x7fffffff;				\
	r1 += 0x7fffffff;				\
	w0 = 0;						\
	*(u8*)(r1 + 0) = r0;				\
	exit;						\
"	::: __clobber_all);
}

SEC("socket")
__description("direct stack access with 32-bit wraparound. test2")
__failure __msg("fp pointer and 1073741823")
__failure_unpriv
__naked void with_32_bit_wraparound_test2(void)
{
	asm volatile ("					\
	r1 = r10;					\
	r1 += 0x3fffffff;				\
	r1 += 0x3fffffff;				\
	w0 = 0;						\
	*(u8*)(r1 + 0) = r0;				\
	exit;						\
"	::: __clobber_all);
}

SEC("socket")
__description("direct stack access with 32-bit wraparound. test3")
__failure __msg("fp pointer offset 1073741822")
__msg_unpriv("R1 stack pointer arithmetic goes out of range")
__naked void with_32_bit_wraparound_test3(void)
{
	asm volatile ("					\
	r1 = r10;					\
	r1 += 0x1fffffff;				\
	r1 += 0x1fffffff;				\
	w0 = 0;						\
	*(u8*)(r1 + 0) = r0;				\
	exit;						\
"	::: __clobber_all);
}

char _license[] SEC("license") = "GPL";