• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 {
2 	"map element value store of cleared call register",
3 	.insns = {
4 	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
5 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
6 	BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0),
7 	BPF_LD_MAP_FD(BPF_REG_1, 0),
8 	BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
9 	BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 1),
10 	BPF_STX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 0),
11 	BPF_EXIT_INSN(),
12 	},
13 	.fixup_map_hash_48b = { 3 },
14 	.errstr_unpriv = "R1 !read_ok",
15 	.errstr = "R1 !read_ok",
16 	.result = REJECT,
17 	.result_unpriv = REJECT,
18 },
19 {
20 	"map element value with unaligned store",
21 	.insns = {
22 	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
23 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
24 	BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0),
25 	BPF_LD_MAP_FD(BPF_REG_1, 0),
26 	BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
27 	BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 17),
28 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 3),
29 	BPF_ST_MEM(BPF_DW, BPF_REG_0, 0, 42),
30 	BPF_ST_MEM(BPF_DW, BPF_REG_0, 2, 43),
31 	BPF_ST_MEM(BPF_DW, BPF_REG_0, -2, 44),
32 	BPF_MOV64_REG(BPF_REG_8, BPF_REG_0),
33 	BPF_ST_MEM(BPF_DW, BPF_REG_8, 0, 32),
34 	BPF_ST_MEM(BPF_DW, BPF_REG_8, 2, 33),
35 	BPF_ST_MEM(BPF_DW, BPF_REG_8, -2, 34),
36 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_8, 5),
37 	BPF_ST_MEM(BPF_DW, BPF_REG_8, 0, 22),
38 	BPF_ST_MEM(BPF_DW, BPF_REG_8, 4, 23),
39 	BPF_ST_MEM(BPF_DW, BPF_REG_8, -7, 24),
40 	BPF_MOV64_REG(BPF_REG_7, BPF_REG_8),
41 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, 3),
42 	BPF_ST_MEM(BPF_DW, BPF_REG_7, 0, 22),
43 	BPF_ST_MEM(BPF_DW, BPF_REG_7, 4, 23),
44 	BPF_ST_MEM(BPF_DW, BPF_REG_7, -4, 24),
45 	BPF_EXIT_INSN(),
46 	},
47 	.fixup_map_hash_48b = { 3 },
48 	.errstr_unpriv = "R0 leaks addr",
49 	.result = ACCEPT,
50 	.result_unpriv = REJECT,
51 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
52 },
53 {
54 	"map element value with unaligned load",
55 	.insns = {
56 	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
57 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
58 	BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0),
59 	BPF_LD_MAP_FD(BPF_REG_1, 0),
60 	BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
61 	BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 11),
62 	BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 0),
63 	BPF_JMP_IMM(BPF_JGE, BPF_REG_1, MAX_ENTRIES, 9),
64 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 3),
65 	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0),
66 	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 2),
67 	BPF_MOV64_REG(BPF_REG_8, BPF_REG_0),
68 	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_8, 0),
69 	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_8, 2),
70 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 5),
71 	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0),
72 	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 4),
73 	BPF_EXIT_INSN(),
74 	},
75 	.fixup_map_hash_48b = { 3 },
76 	.errstr_unpriv = "R0 leaks addr",
77 	.result = ACCEPT,
78 	.result_unpriv = REJECT,
79 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
80 },
81 {
82 	"map element value is preserved across register spilling",
83 	.insns = {
84 	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
85 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
86 	BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0),
87 	BPF_LD_MAP_FD(BPF_REG_1, 0),
88 	BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
89 	BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 7),
90 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, offsetof(struct test_val, foo)),
91 	BPF_ST_MEM(BPF_DW, BPF_REG_0, 0, 42),
92 	BPF_MOV64_REG(BPF_REG_1, BPF_REG_10),
93 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -184),
94 	BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 0),
95 	BPF_LDX_MEM(BPF_DW, BPF_REG_3, BPF_REG_1, 0),
96 	BPF_ST_MEM(BPF_DW, BPF_REG_3, 0, 42),
97 	BPF_EXIT_INSN(),
98 	},
99 	.fixup_map_hash_48b = { 3 },
100 	.errstr_unpriv = "R0 leaks addr",
101 	.result = ACCEPT,
102 	.result_unpriv = REJECT,
103 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
104 },
105