1 {
2 "ARG_PTR_TO_LONG uninitialized",
3 .insns = {
4
5 BPF_MOV64_REG(BPF_REG_7, BPF_REG_10),
6 BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8),
7 BPF_MOV64_IMM(BPF_REG_0, 0x00303036),
8 BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0),
9
10 BPF_MOV64_REG(BPF_REG_1, BPF_REG_7),
11
12
13 BPF_MOV64_IMM(BPF_REG_2, 4),
14
15
16 BPF_MOV64_IMM(BPF_REG_3, 0),
17
18
19 BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8),
20 BPF_MOV64_REG(BPF_REG_4, BPF_REG_7),
21
22
23 BPF_EMIT_CALL(BPF_FUNC_strtoul),
24
25 BPF_MOV64_IMM(BPF_REG_0, 1),
26 BPF_EXIT_INSN(),
27 },
28 .result = REJECT,
29 .prog_type = BPF_PROG_TYPE_CGROUP_SYSCTL,
30 .errstr = "invalid indirect read from stack off -16+0 size 8",
31 },
32 {
33 "ARG_PTR_TO_LONG half-uninitialized",
34 .insns = {
35
36 BPF_MOV64_REG(BPF_REG_7, BPF_REG_10),
37 BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8),
38 BPF_MOV64_IMM(BPF_REG_0, 0x00303036),
39 BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0),
40
41 BPF_MOV64_REG(BPF_REG_1, BPF_REG_7),
42
43
44 BPF_MOV64_IMM(BPF_REG_2, 4),
45
46
47 BPF_MOV64_IMM(BPF_REG_3, 0),
48
49
50 BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8),
51 BPF_STX_MEM(BPF_W, BPF_REG_7, BPF_REG_0, 0),
52 BPF_MOV64_REG(BPF_REG_4, BPF_REG_7),
53
54
55 BPF_EMIT_CALL(BPF_FUNC_strtoul),
56
57 BPF_MOV64_IMM(BPF_REG_0, 1),
58 BPF_EXIT_INSN(),
59 },
60 .result = REJECT,
61 .prog_type = BPF_PROG_TYPE_CGROUP_SYSCTL,
62 .errstr = "invalid indirect read from stack off -16+4 size 8",
63 },
64 {
65 "ARG_PTR_TO_LONG misaligned",
66 .insns = {
67
68 BPF_MOV64_REG(BPF_REG_7, BPF_REG_10),
69 BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8),
70 BPF_MOV64_IMM(BPF_REG_0, 0x00303036),
71 BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0),
72
73 BPF_MOV64_REG(BPF_REG_1, BPF_REG_7),
74
75
76 BPF_MOV64_IMM(BPF_REG_2, 4),
77
78
79 BPF_MOV64_IMM(BPF_REG_3, 0),
80
81
82 BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -12),
83 BPF_MOV64_IMM(BPF_REG_0, 0),
84 BPF_STX_MEM(BPF_W, BPF_REG_7, BPF_REG_0, 0),
85 BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 4),
86 BPF_MOV64_REG(BPF_REG_4, BPF_REG_7),
87
88
89 BPF_EMIT_CALL(BPF_FUNC_strtoul),
90
91 BPF_MOV64_IMM(BPF_REG_0, 1),
92 BPF_EXIT_INSN(),
93 },
94 .result = REJECT,
95 .prog_type = BPF_PROG_TYPE_CGROUP_SYSCTL,
96 .errstr = "misaligned stack access off (0x0; 0x0)+-20+0 size 8",
97 },
98 {
99 "ARG_PTR_TO_LONG size < sizeof(long)",
100 .insns = {
101
102 BPF_MOV64_REG(BPF_REG_7, BPF_REG_10),
103 BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -16),
104 BPF_MOV64_IMM(BPF_REG_0, 0x00303036),
105 BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0),
106
107 BPF_MOV64_REG(BPF_REG_1, BPF_REG_7),
108
109
110 BPF_MOV64_IMM(BPF_REG_2, 4),
111
112
113 BPF_MOV64_IMM(BPF_REG_3, 0),
114
115
116 BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, 12),
117 BPF_STX_MEM(BPF_W, BPF_REG_7, BPF_REG_0, 0),
118 BPF_MOV64_REG(BPF_REG_4, BPF_REG_7),
119
120
121 BPF_EMIT_CALL(BPF_FUNC_strtoul),
122
123 BPF_MOV64_IMM(BPF_REG_0, 1),
124 BPF_EXIT_INSN(),
125 },
126 .result = REJECT,
127 .prog_type = BPF_PROG_TYPE_CGROUP_SYSCTL,
128 .errstr = "invalid stack type R4 off=-4 access_size=8",
129 },
130 {
131 "ARG_PTR_TO_LONG initialized",
132 .insns = {
133
134 BPF_MOV64_REG(BPF_REG_7, BPF_REG_10),
135 BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8),
136 BPF_MOV64_IMM(BPF_REG_0, 0x00303036),
137 BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0),
138
139 BPF_MOV64_REG(BPF_REG_1, BPF_REG_7),
140
141
142 BPF_MOV64_IMM(BPF_REG_2, 4),
143
144
145 BPF_MOV64_IMM(BPF_REG_3, 0),
146
147
148 BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8),
149 BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0),
150 BPF_MOV64_REG(BPF_REG_4, BPF_REG_7),
151
152
153 BPF_EMIT_CALL(BPF_FUNC_strtoul),
154
155 BPF_MOV64_IMM(BPF_REG_0, 1),
156 BPF_EXIT_INSN(),
157 },
158 .result = ACCEPT,
159 .prog_type = BPF_PROG_TYPE_CGROUP_SYSCTL,
160 },