xref: /linux/tools/testing/selftests/bpf/verifier/bpf_st_mem.c (revision eb01fe7abbe2d0b38824d2a93fdb4cc3eaf2ccc1)
1 {
2 	"BPF_ST_MEM stack imm non-zero",
3 	.insns = {
4 	BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 42),
5 	BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_10, -8),
6 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, -42),
7 	/* if value is tracked correctly R0 is zero */
8 	BPF_EXIT_INSN(),
9 	},
10 	.result = ACCEPT,
11 	/* Use prog type that requires return value in range [0, 1] */
12 	.prog_type = BPF_PROG_TYPE_SK_LOOKUP,
13 	.expected_attach_type = BPF_SK_LOOKUP,
14 	.runs = -1,
15 },
16 {
17 	"BPF_ST_MEM stack imm zero",
18 	.insns = {
19 	/* mark stack 0000 0000 */
20 	BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
21 	/* read and sum a few bytes */
22 	BPF_MOV64_IMM(BPF_REG_0, 0),
23 	BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_10, -8),
24 	BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_1),
25 	BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_10, -4),
26 	BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_1),
27 	BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_10, -1),
28 	BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_1),
29 	/* if value is tracked correctly R0 is zero */
30 	BPF_EXIT_INSN(),
31 	},
32 	.result = ACCEPT,
33 	/* Use prog type that requires return value in range [0, 1] */
34 	.prog_type = BPF_PROG_TYPE_SK_LOOKUP,
35 	.expected_attach_type = BPF_SK_LOOKUP,
36 	.runs = -1,
37 },
38 {
39 	"BPF_ST_MEM stack imm zero, variable offset",
40 	.insns = {
41 	/* set fp[-16], fp[-24] to zeros */
42 	BPF_ST_MEM(BPF_DW, BPF_REG_10, -16, 0),
43 	BPF_ST_MEM(BPF_DW, BPF_REG_10, -24, 0),
44 	/* r0 = random value in range [-32, -15] */
45 	BPF_EMIT_CALL(BPF_FUNC_get_prandom_u32),
46 	BPF_JMP_IMM(BPF_JLE, BPF_REG_0, 16, 2),
47 	BPF_MOV64_IMM(BPF_REG_0, 0),
48 	BPF_EXIT_INSN(),
49 	BPF_ALU64_IMM(BPF_SUB, BPF_REG_0, 32),
50 	/* fp[r0] = 0, make a variable offset write of zero,
51 	 *             this should preserve zero marks on stack.
52 	 */
53 	BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_10),
54 	BPF_ST_MEM(BPF_B, BPF_REG_0, 0, 0),
55 	/* r0 = fp[-20], if variable offset write was tracked correctly
56 	 *               r0 would be a known zero.
57 	 */
58 	BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_10, -20),
59 	/* Would fail return code verification if r0 range is not tracked correctly. */
60 	BPF_EXIT_INSN(),
61 	},
62 	.result = ACCEPT,
63 	/* Use prog type that requires return value in range [0, 1] */
64 	.prog_type = BPF_PROG_TYPE_SK_LOOKUP,
65 	.expected_attach_type = BPF_SK_LOOKUP,
66 	.runs = -1,
67 },
68 {
69 	"BPF_ST_MEM stack imm sign",
70 	/* Check if verifier correctly reasons about sign of an
71 	 * immediate spilled to stack by BPF_ST instruction.
72 	 *
73 	 *   fp[-8] = -44;
74 	 *   r0 = fp[-8];
75 	 *   if r0 s< 0 goto ret0;
76 	 *   r0 = -1;
77 	 *   exit;
78 	 * ret0:
79 	 *   r0 = 0;
80 	 *   exit;
81 	 */
82 	.insns = {
83 	BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, -44),
84 	BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_10, -8),
85 	BPF_JMP_IMM(BPF_JSLT, BPF_REG_0, 0, 2),
86 	BPF_MOV64_IMM(BPF_REG_0, -1),
87 	BPF_EXIT_INSN(),
88 	BPF_MOV64_IMM(BPF_REG_0, 0),
89 	BPF_EXIT_INSN(),
90 	},
91 	/* Use prog type that requires return value in range [0, 1] */
92 	.prog_type = BPF_PROG_TYPE_SK_LOOKUP,
93 	.expected_attach_type = BPF_SK_LOOKUP,
94 	.result = VERBOSE_ACCEPT,
95 	.runs = -1,
96 	.errstr = "0: (7a) *(u64 *)(r10 -8) = -44        ; R10=fp0 fp-8_w=-44\
97 	2: (c5) if r0 s< 0x0 goto pc+2\
98 	R0_w=-44",
99 },
100