xref: /linux/tools/testing/selftests/bpf/verifier/jmp32.c (revision 55ec81f7517fad09135f65552cea0a3ee84fff30)
1 {
2 	"jset32: BPF_K",
3 	.insns = {
4 	BPF_DIRECT_PKT_R2,
5 	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
6 	/* reg, high bits shouldn't be tested */
7 	BPF_JMP32_IMM(BPF_JSET, BPF_REG_7, -2, 1),
8 	BPF_JMP_IMM(BPF_JA, 0, 0, 1),
9 	BPF_EXIT_INSN(),
10 
11 	BPF_JMP32_IMM(BPF_JSET, BPF_REG_7, 1, 1),
12 	BPF_EXIT_INSN(),
13 	BPF_MOV64_IMM(BPF_REG_0, 2),
14 	BPF_EXIT_INSN(),
15 	},
16 	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
17 	.result = ACCEPT,
18 	.runs = 3,
19 	.retvals = {
20 		{ .retval = 0,
21 		  .data64 = { 1ULL << 63, }
22 		},
23 		{ .retval = 2,
24 		  .data64 = { 1, }
25 		},
26 		{ .retval = 2,
27 		  .data64 = { 1ULL << 63 | 1, }
28 		},
29 	},
30 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
31 },
32 {
33 	"jset32: BPF_X",
34 	.insns = {
35 	BPF_DIRECT_PKT_R2,
36 	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
37 	BPF_LD_IMM64(BPF_REG_8, 0x8000000000000000),
38 	BPF_JMP32_REG(BPF_JSET, BPF_REG_7, BPF_REG_8, 1),
39 	BPF_JMP_IMM(BPF_JA, 0, 0, 1),
40 	BPF_EXIT_INSN(),
41 
42 	BPF_LD_IMM64(BPF_REG_8, 0x8000000000000001),
43 	BPF_JMP32_REG(BPF_JSET, BPF_REG_7, BPF_REG_8, 1),
44 	BPF_EXIT_INSN(),
45 	BPF_MOV64_IMM(BPF_REG_0, 2),
46 	BPF_EXIT_INSN(),
47 	},
48 	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
49 	.result = ACCEPT,
50 	.runs = 3,
51 	.retvals = {
52 		{ .retval = 0,
53 		  .data64 = { 1ULL << 63, }
54 		},
55 		{ .retval = 2,
56 		  .data64 = { 1, }
57 		},
58 		{ .retval = 2,
59 		  .data64 = { 1ULL << 63 | 1, }
60 		},
61 	},
62 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
63 },
64 {
65 	"jset32: ignores upper bits",
66 	.insns = {
67 	BPF_MOV64_IMM(BPF_REG_0, 0),
68 	BPF_LD_IMM64(BPF_REG_7, 0x8000000000000000),
69 	BPF_LD_IMM64(BPF_REG_8, 0x8000000000000000),
70 	BPF_JMP_REG(BPF_JSET, BPF_REG_7, BPF_REG_8, 1),
71 	BPF_EXIT_INSN(),
72 	BPF_JMP32_REG(BPF_JSET, BPF_REG_7, BPF_REG_8, 1),
73 	BPF_MOV64_IMM(BPF_REG_0, 2),
74 	BPF_EXIT_INSN(),
75 	},
76 	.result = ACCEPT,
77 	.retval = 2,
78 },
79 {
80 	"jset32: min/max deduction",
81 	.insns = {
82 	BPF_RAND_UEXT_R7,
83 	BPF_MOV64_IMM(BPF_REG_0, 0),
84 	BPF_JMP32_IMM(BPF_JSET, BPF_REG_7, 0x10, 1),
85 	BPF_EXIT_INSN(),
86 	BPF_JMP32_IMM(BPF_JGE, BPF_REG_7, 0x10, 1),
87 	BPF_LDX_MEM(BPF_B, BPF_REG_8, BPF_REG_9, 0),
88 	BPF_EXIT_INSN(),
89 	},
90 	.errstr_unpriv = "R9 !read_ok",
91 	.result_unpriv = REJECT,
92 	.result = ACCEPT,
93 },
94 {
95 	"jeq32: BPF_K",
96 	.insns = {
97 	BPF_DIRECT_PKT_R2,
98 	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
99 	BPF_JMP32_IMM(BPF_JEQ, BPF_REG_7, -1, 1),
100 	BPF_EXIT_INSN(),
101 	BPF_MOV64_IMM(BPF_REG_0, 2),
102 	BPF_EXIT_INSN(),
103 	},
104 	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
105 	.result = ACCEPT,
106 	.runs = 2,
107 	.retvals = {
108 		{ .retval = 0,
109 		  .data64 = { -2, }
110 		},
111 		{ .retval = 2,
112 		  .data64 = { -1, }
113 		},
114 	},
115 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
116 },
117 {
118 	"jeq32: BPF_X",
119 	.insns = {
120 	BPF_DIRECT_PKT_R2,
121 	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
122 	BPF_LD_IMM64(BPF_REG_8, 0x7000000000000001),
123 	BPF_JMP32_REG(BPF_JEQ, BPF_REG_7, BPF_REG_8, 1),
124 	BPF_EXIT_INSN(),
125 	BPF_MOV64_IMM(BPF_REG_0, 2),
126 	BPF_EXIT_INSN(),
127 	},
128 	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
129 	.result = ACCEPT,
130 	.runs = 3,
131 	.retvals = {
132 		{ .retval = 0,
133 		  .data64 = { 2, }
134 		},
135 		{ .retval = 2,
136 		  .data64 = { 1, }
137 		},
138 		{ .retval = 2,
139 		  .data64 = { 1ULL << 63 | 1, }
140 		},
141 	},
142 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
143 },
144 {
145 	"jeq32: min/max deduction",
146 	.insns = {
147 	BPF_RAND_UEXT_R7,
148 	BPF_MOV64_IMM(BPF_REG_0, 0),
149 	BPF_JMP32_IMM(BPF_JEQ, BPF_REG_7, 0x10, 1),
150 	BPF_EXIT_INSN(),
151 	BPF_JMP32_IMM(BPF_JSGE, BPF_REG_7, 0xf, 1),
152 	BPF_LDX_MEM(BPF_B, BPF_REG_8, BPF_REG_9, 0),
153 	BPF_EXIT_INSN(),
154 	},
155 	.errstr_unpriv = "R9 !read_ok",
156 	.result_unpriv = REJECT,
157 	.result = ACCEPT,
158 },
159 {
160 	"jne32: BPF_K",
161 	.insns = {
162 	BPF_DIRECT_PKT_R2,
163 	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
164 	BPF_JMP32_IMM(BPF_JNE, BPF_REG_7, -1, 1),
165 	BPF_EXIT_INSN(),
166 	BPF_MOV64_IMM(BPF_REG_0, 2),
167 	BPF_EXIT_INSN(),
168 	},
169 	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
170 	.result = ACCEPT,
171 	.runs = 2,
172 	.retvals = {
173 		{ .retval = 2,
174 		  .data64 = { 1, }
175 		},
176 		{ .retval = 0,
177 		  .data64 = { -1, }
178 		},
179 	},
180 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
181 },
182 {
183 	"jne32: BPF_X",
184 	.insns = {
185 	BPF_DIRECT_PKT_R2,
186 	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
187 	BPF_LD_IMM64(BPF_REG_8, 0x8000000000000001),
188 	BPF_JMP32_REG(BPF_JNE, BPF_REG_7, BPF_REG_8, 1),
189 	BPF_EXIT_INSN(),
190 	BPF_MOV64_IMM(BPF_REG_0, 2),
191 	BPF_EXIT_INSN(),
192 	},
193 	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
194 	.result = ACCEPT,
195 	.runs = 3,
196 	.retvals = {
197 		{ .retval = 0,
198 		  .data64 = { 1, }
199 		},
200 		{ .retval = 2,
201 		  .data64 = { 2, }
202 		},
203 		{ .retval = 2,
204 		  .data64 = { 1ULL << 63 | 2, }
205 		},
206 	},
207 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
208 },
209 {
210 	"jne32: min/max deduction",
211 	.insns = {
212 	BPF_RAND_UEXT_R7,
213 	BPF_MOV64_IMM(BPF_REG_0, 0),
214 	BPF_JMP32_IMM(BPF_JNE, BPF_REG_7, 0x10, 1),
215 	BPF_JMP_IMM(BPF_JNE, BPF_REG_7, 0x10, 1),
216 	BPF_EXIT_INSN(),
217 	BPF_LDX_MEM(BPF_B, BPF_REG_8, BPF_REG_9, 0),
218 	BPF_EXIT_INSN(),
219 	},
220 	.errstr_unpriv = "R9 !read_ok",
221 	.result_unpriv = REJECT,
222 	.result = ACCEPT,
223 },
224 {
225 	"jge32: BPF_K",
226 	.insns = {
227 	BPF_DIRECT_PKT_R2,
228 	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
229 	BPF_JMP32_IMM(BPF_JGE, BPF_REG_7, UINT_MAX - 1, 1),
230 	BPF_EXIT_INSN(),
231 	BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
232 	BPF_EXIT_INSN(),
233 	},
234 	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
235 	.result = ACCEPT,
236 	.runs = 3,
237 	.retvals = {
238 		{ .retval = 2,
239 		  .data64 = { UINT_MAX, }
240 		},
241 		{ .retval = 2,
242 		  .data64 = { UINT_MAX - 1, }
243 		},
244 		{ .retval = 0,
245 		  .data64 = { 0, }
246 		},
247 	},
248 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
249 },
250 {
251 	"jge32: BPF_X",
252 	.insns = {
253 	BPF_DIRECT_PKT_R2,
254 	BPF_LD_IMM64(BPF_REG_8, UINT_MAX | 1ULL << 32),
255 	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
256 	BPF_JMP32_REG(BPF_JGE, BPF_REG_7, BPF_REG_8, 1),
257 	BPF_EXIT_INSN(),
258 	BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
259 	BPF_EXIT_INSN(),
260 	},
261 	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
262 	.result = ACCEPT,
263 	.runs = 3,
264 	.retvals = {
265 		{ .retval = 2,
266 		  .data64 = { UINT_MAX, }
267 		},
268 		{ .retval = 0,
269 		  .data64 = { INT_MAX, }
270 		},
271 		{ .retval = 0,
272 		  .data64 = { (UINT_MAX - 1) | 2ULL << 32, }
273 		},
274 	},
275 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
276 },
277 {
278 	"jge32: min/max deduction",
279 	.insns = {
280 	BPF_RAND_UEXT_R7,
281 	BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
282 	BPF_LD_IMM64(BPF_REG_8, 0x7ffffff0 | 1ULL << 32),
283 	BPF_JMP32_REG(BPF_JGE, BPF_REG_7, BPF_REG_8, 1),
284 	BPF_EXIT_INSN(),
285 	BPF_JMP32_IMM(BPF_JGE, BPF_REG_7, 0x7ffffff0, 1),
286 	BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0),
287 	BPF_EXIT_INSN(),
288 	},
289 	.errstr_unpriv = "R0 invalid mem access 'scalar'",
290 	.result_unpriv = REJECT,
291 	.result = ACCEPT,
292 	.retval = 2,
293 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
294 },
295 {
296 	"jgt32: BPF_K",
297 	.insns = {
298 	BPF_DIRECT_PKT_R2,
299 	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
300 	BPF_JMP32_IMM(BPF_JGT, BPF_REG_7, UINT_MAX - 1, 1),
301 	BPF_EXIT_INSN(),
302 	BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
303 	BPF_EXIT_INSN(),
304 	},
305 	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
306 	.result = ACCEPT,
307 	.runs = 3,
308 	.retvals = {
309 		{ .retval = 2,
310 		  .data64 = { UINT_MAX, }
311 		},
312 		{ .retval = 0,
313 		  .data64 = { UINT_MAX - 1, }
314 		},
315 		{ .retval = 0,
316 		  .data64 = { 0, }
317 		},
318 	},
319 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
320 },
321 {
322 	"jgt32: BPF_X",
323 	.insns = {
324 	BPF_DIRECT_PKT_R2,
325 	BPF_LD_IMM64(BPF_REG_8, (UINT_MAX - 1) | 1ULL << 32),
326 	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
327 	BPF_JMP32_REG(BPF_JGT, BPF_REG_7, BPF_REG_8, 1),
328 	BPF_EXIT_INSN(),
329 	BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
330 	BPF_EXIT_INSN(),
331 	},
332 	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
333 	.result = ACCEPT,
334 	.runs = 3,
335 	.retvals = {
336 		{ .retval = 2,
337 		  .data64 = { UINT_MAX, }
338 		},
339 		{ .retval = 0,
340 		  .data64 = { UINT_MAX - 1, }
341 		},
342 		{ .retval = 0,
343 		  .data64 = { (UINT_MAX - 1) | 2ULL << 32, }
344 		},
345 	},
346 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
347 },
348 {
349 	"jgt32: min/max deduction",
350 	.insns = {
351 	BPF_RAND_UEXT_R7,
352 	BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
353 	BPF_LD_IMM64(BPF_REG_8, 0x7ffffff0 | 1ULL << 32),
354 	BPF_JMP32_REG(BPF_JGT, BPF_REG_7, BPF_REG_8, 1),
355 	BPF_EXIT_INSN(),
356 	BPF_JMP_IMM(BPF_JGT, BPF_REG_7, 0x7ffffff0, 1),
357 	BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0),
358 	BPF_EXIT_INSN(),
359 	},
360 	.errstr_unpriv = "R0 invalid mem access 'scalar'",
361 	.result_unpriv = REJECT,
362 	.result = ACCEPT,
363 	.retval = 2,
364 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
365 },
366 {
367 	"jle32: BPF_K",
368 	.insns = {
369 	BPF_DIRECT_PKT_R2,
370 	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
371 	BPF_JMP32_IMM(BPF_JLE, BPF_REG_7, INT_MAX, 1),
372 	BPF_EXIT_INSN(),
373 	BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
374 	BPF_EXIT_INSN(),
375 	},
376 	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
377 	.result = ACCEPT,
378 	.runs = 3,
379 	.retvals = {
380 		{ .retval = 2,
381 		  .data64 = { INT_MAX - 1, }
382 		},
383 		{ .retval = 0,
384 		  .data64 = { UINT_MAX, }
385 		},
386 		{ .retval = 2,
387 		  .data64 = { INT_MAX, }
388 		},
389 	},
390 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
391 },
392 {
393 	"jle32: BPF_X",
394 	.insns = {
395 	BPF_DIRECT_PKT_R2,
396 	BPF_LD_IMM64(BPF_REG_8, (INT_MAX - 1) | 2ULL << 32),
397 	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
398 	BPF_JMP32_REG(BPF_JLE, BPF_REG_7, BPF_REG_8, 1),
399 	BPF_EXIT_INSN(),
400 	BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
401 	BPF_EXIT_INSN(),
402 	},
403 	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
404 	.result = ACCEPT,
405 	.runs = 3,
406 	.retvals = {
407 		{ .retval = 0,
408 		  .data64 = { INT_MAX | 1ULL << 32, }
409 		},
410 		{ .retval = 2,
411 		  .data64 = { INT_MAX - 2, }
412 		},
413 		{ .retval = 0,
414 		  .data64 = { UINT_MAX, }
415 		},
416 	},
417 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
418 },
419 {
420 	"jle32: min/max deduction",
421 	.insns = {
422 	BPF_RAND_UEXT_R7,
423 	BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
424 	BPF_LD_IMM64(BPF_REG_8, 0x7ffffff0 | 1ULL << 32),
425 	BPF_JMP32_REG(BPF_JLE, BPF_REG_7, BPF_REG_8, 1),
426 	BPF_EXIT_INSN(),
427 	BPF_JMP32_IMM(BPF_JLE, BPF_REG_7, 0x7ffffff0, 1),
428 	BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0),
429 	BPF_EXIT_INSN(),
430 	},
431 	.errstr_unpriv = "R0 invalid mem access 'scalar'",
432 	.result_unpriv = REJECT,
433 	.result = ACCEPT,
434 	.retval = 2,
435 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
436 },
437 {
438 	"jlt32: BPF_K",
439 	.insns = {
440 	BPF_DIRECT_PKT_R2,
441 	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
442 	BPF_JMP32_IMM(BPF_JLT, BPF_REG_7, INT_MAX, 1),
443 	BPF_EXIT_INSN(),
444 	BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
445 	BPF_EXIT_INSN(),
446 	},
447 	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
448 	.result = ACCEPT,
449 	.runs = 3,
450 	.retvals = {
451 		{ .retval = 0,
452 		  .data64 = { INT_MAX, }
453 		},
454 		{ .retval = 0,
455 		  .data64 = { UINT_MAX, }
456 		},
457 		{ .retval = 2,
458 		  .data64 = { INT_MAX - 1, }
459 		},
460 	},
461 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
462 },
463 {
464 	"jlt32: BPF_X",
465 	.insns = {
466 	BPF_DIRECT_PKT_R2,
467 	BPF_LD_IMM64(BPF_REG_8, INT_MAX | 2ULL << 32),
468 	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
469 	BPF_JMP32_REG(BPF_JLT, BPF_REG_7, BPF_REG_8, 1),
470 	BPF_EXIT_INSN(),
471 	BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
472 	BPF_EXIT_INSN(),
473 	},
474 	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
475 	.result = ACCEPT,
476 	.runs = 3,
477 	.retvals = {
478 		{ .retval = 0,
479 		  .data64 = { INT_MAX | 1ULL << 32, }
480 		},
481 		{ .retval = 0,
482 		  .data64 = { UINT_MAX, }
483 		},
484 		{ .retval = 2,
485 		  .data64 = { (INT_MAX - 1) | 3ULL << 32, }
486 		},
487 	},
488 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
489 },
490 {
491 	"jlt32: min/max deduction",
492 	.insns = {
493 	BPF_RAND_UEXT_R7,
494 	BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
495 	BPF_LD_IMM64(BPF_REG_8, 0x7ffffff0 | 1ULL << 32),
496 	BPF_JMP32_REG(BPF_JLT, BPF_REG_7, BPF_REG_8, 1),
497 	BPF_EXIT_INSN(),
498 	BPF_JMP_IMM(BPF_JSLT, BPF_REG_7, 0x7ffffff0, 1),
499 	BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0),
500 	BPF_EXIT_INSN(),
501 	},
502 	.errstr_unpriv = "R0 invalid mem access 'scalar'",
503 	.result_unpriv = REJECT,
504 	.result = ACCEPT,
505 	.retval = 2,
506 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
507 },
508 {
509 	"jsge32: BPF_K",
510 	.insns = {
511 	BPF_DIRECT_PKT_R2,
512 	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
513 	BPF_JMP32_IMM(BPF_JSGE, BPF_REG_7, -1, 1),
514 	BPF_EXIT_INSN(),
515 	BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
516 	BPF_EXIT_INSN(),
517 	},
518 	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
519 	.result = ACCEPT,
520 	.runs = 3,
521 	.retvals = {
522 		{ .retval = 2,
523 		  .data64 = { 0, }
524 		},
525 		{ .retval = 2,
526 		  .data64 = { -1, }
527 		},
528 		{ .retval = 0,
529 		  .data64 = { -2, }
530 		},
531 	},
532 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
533 },
534 {
535 	"jsge32: BPF_X",
536 	.insns = {
537 	BPF_DIRECT_PKT_R2,
538 	BPF_LD_IMM64(BPF_REG_8, (__u32)-1 | 2ULL << 32),
539 	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
540 	BPF_JMP32_REG(BPF_JSGE, BPF_REG_7, BPF_REG_8, 1),
541 	BPF_EXIT_INSN(),
542 	BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
543 	BPF_EXIT_INSN(),
544 	},
545 	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
546 	.result = ACCEPT,
547 	.runs = 3,
548 	.retvals = {
549 		{ .retval = 2,
550 		  .data64 = { -1, }
551 		},
552 		{ .retval = 2,
553 		  .data64 = { 0x7fffffff | 1ULL << 32, }
554 		},
555 		{ .retval = 0,
556 		  .data64 = { -2, }
557 		},
558 	},
559 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
560 },
561 {
562 	"jsge32: min/max deduction",
563 	.insns = {
564 	BPF_RAND_UEXT_R7,
565 	BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
566 	BPF_LD_IMM64(BPF_REG_8, 0x7ffffff0 | 1ULL << 32),
567 	BPF_JMP32_REG(BPF_JSGE, BPF_REG_7, BPF_REG_8, 1),
568 	BPF_EXIT_INSN(),
569 	BPF_JMP_IMM(BPF_JSGE, BPF_REG_7, 0x7ffffff0, 1),
570 	BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0),
571 	BPF_EXIT_INSN(),
572 	},
573 	.errstr_unpriv = "R0 invalid mem access 'scalar'",
574 	.result_unpriv = REJECT,
575 	.result = ACCEPT,
576 	.retval = 2,
577 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
578 },
579 {
580 	"jsgt32: BPF_K",
581 	.insns = {
582 	BPF_DIRECT_PKT_R2,
583 	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
584 	BPF_JMP32_IMM(BPF_JSGT, BPF_REG_7, -1, 1),
585 	BPF_EXIT_INSN(),
586 	BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
587 	BPF_EXIT_INSN(),
588 	},
589 	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
590 	.result = ACCEPT,
591 	.runs = 3,
592 	.retvals = {
593 		{ .retval = 0,
594 		  .data64 = { (__u32)-2, }
595 		},
596 		{ .retval = 0,
597 		  .data64 = { -1, }
598 		},
599 		{ .retval = 2,
600 		  .data64 = { 1, }
601 		},
602 	},
603 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
604 },
605 {
606 	"jsgt32: BPF_X",
607 	.insns = {
608 	BPF_DIRECT_PKT_R2,
609 	BPF_LD_IMM64(BPF_REG_8, 0x7ffffffe | 1ULL << 32),
610 	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
611 	BPF_JMP32_REG(BPF_JSGT, BPF_REG_7, BPF_REG_8, 1),
612 	BPF_EXIT_INSN(),
613 	BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
614 	BPF_EXIT_INSN(),
615 	},
616 	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
617 	.result = ACCEPT,
618 	.runs = 3,
619 	.retvals = {
620 		{ .retval = 0,
621 		  .data64 = { 0x7ffffffe, }
622 		},
623 		{ .retval = 0,
624 		  .data64 = { 0x1ffffffffULL, }
625 		},
626 		{ .retval = 2,
627 		  .data64 = { 0x7fffffff, }
628 		},
629 	},
630 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
631 },
632 {
633 	"jsgt32: min/max deduction",
634 	.insns = {
635 	BPF_RAND_SEXT_R7,
636 	BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
637 	BPF_LD_IMM64(BPF_REG_8, (__u32)(-2) | 1ULL << 32),
638 	BPF_JMP32_REG(BPF_JSGT, BPF_REG_7, BPF_REG_8, 1),
639 	BPF_EXIT_INSN(),
640 	BPF_JMP_IMM(BPF_JSGT, BPF_REG_7, -2, 1),
641 	BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0),
642 	BPF_EXIT_INSN(),
643 	},
644 	.errstr_unpriv = "R0 invalid mem access 'scalar'",
645 	.result_unpriv = REJECT,
646 	.result = ACCEPT,
647 	.retval = 2,
648 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
649 },
650 {
651 	"jsle32: BPF_K",
652 	.insns = {
653 	BPF_DIRECT_PKT_R2,
654 	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
655 	BPF_JMP32_IMM(BPF_JSLE, BPF_REG_7, -1, 1),
656 	BPF_EXIT_INSN(),
657 	BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
658 	BPF_EXIT_INSN(),
659 	},
660 	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
661 	.result = ACCEPT,
662 	.runs = 3,
663 	.retvals = {
664 		{ .retval = 2,
665 		  .data64 = { (__u32)-2, }
666 		},
667 		{ .retval = 2,
668 		  .data64 = { -1, }
669 		},
670 		{ .retval = 0,
671 		  .data64 = { 1, }
672 		},
673 	},
674 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
675 },
676 {
677 	"jsle32: BPF_X",
678 	.insns = {
679 	BPF_DIRECT_PKT_R2,
680 	BPF_LD_IMM64(BPF_REG_8, 0x7ffffffe | 1ULL << 32),
681 	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
682 	BPF_JMP32_REG(BPF_JSLE, BPF_REG_7, BPF_REG_8, 1),
683 	BPF_EXIT_INSN(),
684 	BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
685 	BPF_EXIT_INSN(),
686 	},
687 	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
688 	.result = ACCEPT,
689 	.runs = 3,
690 	.retvals = {
691 		{ .retval = 2,
692 		  .data64 = { 0x7ffffffe, }
693 		},
694 		{ .retval = 2,
695 		  .data64 = { (__u32)-1, }
696 		},
697 		{ .retval = 0,
698 		  .data64 = { 0x7fffffff | 2ULL << 32, }
699 		},
700 	},
701 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
702 },
703 {
704 	"jsle32: min/max deduction",
705 	.insns = {
706 	BPF_RAND_UEXT_R7,
707 	BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
708 	BPF_LD_IMM64(BPF_REG_8, 0x7ffffff0 | 1ULL << 32),
709 	BPF_JMP32_REG(BPF_JSLE, BPF_REG_7, BPF_REG_8, 1),
710 	BPF_EXIT_INSN(),
711 	BPF_JMP_IMM(BPF_JSLE, BPF_REG_7, 0x7ffffff0, 1),
712 	BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0),
713 	BPF_EXIT_INSN(),
714 	},
715 	.errstr_unpriv = "R0 invalid mem access 'scalar'",
716 	.result_unpriv = REJECT,
717 	.result = ACCEPT,
718 	.retval = 2,
719 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
720 },
721 {
722 	"jslt32: BPF_K",
723 	.insns = {
724 	BPF_DIRECT_PKT_R2,
725 	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
726 	BPF_JMP32_IMM(BPF_JSLT, BPF_REG_7, -1, 1),
727 	BPF_EXIT_INSN(),
728 	BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
729 	BPF_EXIT_INSN(),
730 	},
731 	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
732 	.result = ACCEPT,
733 	.runs = 3,
734 	.retvals = {
735 		{ .retval = 2,
736 		  .data64 = { (__u32)-2, }
737 		},
738 		{ .retval = 0,
739 		  .data64 = { -1, }
740 		},
741 		{ .retval = 0,
742 		  .data64 = { 1, }
743 		},
744 	},
745 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
746 },
747 {
748 	"jslt32: BPF_X",
749 	.insns = {
750 	BPF_DIRECT_PKT_R2,
751 	BPF_LD_IMM64(BPF_REG_8, 0x7fffffff | 1ULL << 32),
752 	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_2, 0),
753 	BPF_JMP32_REG(BPF_JSLT, BPF_REG_7, BPF_REG_8, 1),
754 	BPF_EXIT_INSN(),
755 	BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
756 	BPF_EXIT_INSN(),
757 	},
758 	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
759 	.result = ACCEPT,
760 	.runs = 3,
761 	.retvals = {
762 		{ .retval = 2,
763 		  .data64 = { 0x7ffffffe, }
764 		},
765 		{ .retval = 2,
766 		  .data64 = { 0xffffffff, }
767 		},
768 		{ .retval = 0,
769 		  .data64 = { 0x7fffffff | 2ULL << 32, }
770 		},
771 	},
772 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
773 },
774 {
775 	"jslt32: min/max deduction",
776 	.insns = {
777 	BPF_RAND_SEXT_R7,
778 	BPF_ALU32_IMM(BPF_MOV, BPF_REG_0, 2),
779 	BPF_LD_IMM64(BPF_REG_8, (__u32)(-1) | 1ULL << 32),
780 	BPF_JMP32_REG(BPF_JSLT, BPF_REG_7, BPF_REG_8, 1),
781 	BPF_EXIT_INSN(),
782 	BPF_JMP32_IMM(BPF_JSLT, BPF_REG_7, -1, 1),
783 	BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0),
784 	BPF_EXIT_INSN(),
785 	},
786 	.errstr_unpriv = "R0 invalid mem access 'scalar'",
787 	.result_unpriv = REJECT,
788 	.result = ACCEPT,
789 	.retval = 2,
790 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
791 },
792 {
793 	"jgt32: range bound deduction, reg op imm",
794 	.insns = {
795 	BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
796 	BPF_MOV64_REG(BPF_REG_8, BPF_REG_1),
797 	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
798 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
799 	BPF_LD_MAP_FD(BPF_REG_1, 0),
800 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
801 	BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 9),
802 	BPF_MOV64_REG(BPF_REG_1, BPF_REG_8),
803 	BPF_MOV64_REG(BPF_REG_8, BPF_REG_0),
804 	BPF_EMIT_CALL(BPF_FUNC_get_cgroup_classid),
805 	BPF_JMP32_IMM(BPF_JGT, BPF_REG_0, 1, 5),
806 	BPF_MOV32_REG(BPF_REG_6, BPF_REG_0),
807 	BPF_ALU64_IMM(BPF_LSH, BPF_REG_6, 32),
808 	BPF_ALU64_IMM(BPF_RSH, BPF_REG_6, 32),
809 	BPF_ALU64_REG(BPF_ADD, BPF_REG_8, BPF_REG_6),
810 	BPF_ST_MEM(BPF_B, BPF_REG_8, 0, 0),
811 	BPF_MOV32_IMM(BPF_REG_0, 0),
812 	BPF_EXIT_INSN(),
813 	},
814 	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
815 	.fixup_map_hash_48b = { 4 },
816 	.result = ACCEPT,
817 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
818 },
819 {
820 	"jgt32: range bound deduction, reg1 op reg2, reg1 unknown",
821 	.insns = {
822 	BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
823 	BPF_MOV64_REG(BPF_REG_8, BPF_REG_1),
824 	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
825 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
826 	BPF_LD_MAP_FD(BPF_REG_1, 0),
827 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
828 	BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 10),
829 	BPF_MOV64_REG(BPF_REG_1, BPF_REG_8),
830 	BPF_MOV64_REG(BPF_REG_8, BPF_REG_0),
831 	BPF_EMIT_CALL(BPF_FUNC_get_cgroup_classid),
832 	BPF_MOV32_IMM(BPF_REG_2, 1),
833 	BPF_JMP32_REG(BPF_JGT, BPF_REG_0, BPF_REG_2, 5),
834 	BPF_MOV32_REG(BPF_REG_6, BPF_REG_0),
835 	BPF_ALU64_IMM(BPF_LSH, BPF_REG_6, 32),
836 	BPF_ALU64_IMM(BPF_RSH, BPF_REG_6, 32),
837 	BPF_ALU64_REG(BPF_ADD, BPF_REG_8, BPF_REG_6),
838 	BPF_ST_MEM(BPF_B, BPF_REG_8, 0, 0),
839 	BPF_MOV32_IMM(BPF_REG_0, 0),
840 	BPF_EXIT_INSN(),
841 	},
842 	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
843 	.fixup_map_hash_48b = { 4 },
844 	.result = ACCEPT,
845 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
846 },
847 {
848 	"jle32: range bound deduction, reg1 op reg2, reg2 unknown",
849 	.insns = {
850 	BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
851 	BPF_MOV64_REG(BPF_REG_8, BPF_REG_1),
852 	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
853 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
854 	BPF_LD_MAP_FD(BPF_REG_1, 0),
855 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
856 	BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 10),
857 	BPF_MOV64_REG(BPF_REG_1, BPF_REG_8),
858 	BPF_MOV64_REG(BPF_REG_8, BPF_REG_0),
859 	BPF_EMIT_CALL(BPF_FUNC_get_cgroup_classid),
860 	BPF_MOV32_IMM(BPF_REG_2, 1),
861 	BPF_JMP32_REG(BPF_JLE, BPF_REG_2, BPF_REG_0, 5),
862 	BPF_MOV32_REG(BPF_REG_6, BPF_REG_0),
863 	BPF_ALU64_IMM(BPF_LSH, BPF_REG_6, 32),
864 	BPF_ALU64_IMM(BPF_RSH, BPF_REG_6, 32),
865 	BPF_ALU64_REG(BPF_ADD, BPF_REG_8, BPF_REG_6),
866 	BPF_ST_MEM(BPF_B, BPF_REG_8, 0, 0),
867 	BPF_MOV32_IMM(BPF_REG_0, 0),
868 	BPF_EXIT_INSN(),
869 	},
870 	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
871 	.fixup_map_hash_48b = { 4 },
872 	.result = ACCEPT,
873 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
874 },
875 {
876 	"jeq32/jne32: bounds checking",
877 	.insns = {
878 	BPF_MOV64_IMM(BPF_REG_6, 563),
879 	BPF_MOV64_IMM(BPF_REG_2, 0),
880 	BPF_ALU64_IMM(BPF_NEG, BPF_REG_2, 0),
881 	BPF_ALU64_IMM(BPF_NEG, BPF_REG_2, 0),
882 	BPF_ALU32_REG(BPF_OR, BPF_REG_2, BPF_REG_6),
883 	BPF_JMP32_IMM(BPF_JNE, BPF_REG_2, 8, 5),
884 	BPF_JMP_IMM(BPF_JSGE, BPF_REG_2, 500, 2),
885 	BPF_MOV64_IMM(BPF_REG_0, 2),
886 	BPF_EXIT_INSN(),
887 	BPF_MOV64_REG(BPF_REG_0, BPF_REG_4),
888 	BPF_EXIT_INSN(),
889 	BPF_MOV64_IMM(BPF_REG_0, 1),
890 	BPF_EXIT_INSN(),
891 	},
892 	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
893 	.result = ACCEPT,
894 	.retval = 1,
895 },
896