18c2ecf20Sopenharmony_ci{ 28c2ecf20Sopenharmony_ci "ARG_PTR_TO_LONG uninitialized", 38c2ecf20Sopenharmony_ci .insns = { 48c2ecf20Sopenharmony_ci /* bpf_strtoul arg1 (buf) */ 58c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_7, BPF_REG_10), 68c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8), 78c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0x00303036), 88c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0), 98c2ecf20Sopenharmony_ci 108c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_7), 118c2ecf20Sopenharmony_ci 128c2ecf20Sopenharmony_ci /* bpf_strtoul arg2 (buf_len) */ 138c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_2, 4), 148c2ecf20Sopenharmony_ci 158c2ecf20Sopenharmony_ci /* bpf_strtoul arg3 (flags) */ 168c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_3, 0), 178c2ecf20Sopenharmony_ci 188c2ecf20Sopenharmony_ci /* bpf_strtoul arg4 (res) */ 198c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8), 208c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_4, BPF_REG_7), 218c2ecf20Sopenharmony_ci 228c2ecf20Sopenharmony_ci /* bpf_strtoul() */ 238c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_strtoul), 248c2ecf20Sopenharmony_ci 258c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 1), 268c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 278c2ecf20Sopenharmony_ci }, 288c2ecf20Sopenharmony_ci .result = REJECT, 298c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SYSCTL, 308c2ecf20Sopenharmony_ci .errstr = "invalid indirect read from stack R4 off -16+0 size 8", 318c2ecf20Sopenharmony_ci}, 328c2ecf20Sopenharmony_ci{ 338c2ecf20Sopenharmony_ci "ARG_PTR_TO_LONG half-uninitialized", 348c2ecf20Sopenharmony_ci .insns = { 358c2ecf20Sopenharmony_ci /* bpf_strtoul arg1 (buf) */ 368c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_7, BPF_REG_10), 378c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8), 388c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0x00303036), 398c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0), 408c2ecf20Sopenharmony_ci 418c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_7), 428c2ecf20Sopenharmony_ci 438c2ecf20Sopenharmony_ci /* bpf_strtoul arg2 (buf_len) */ 448c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_2, 4), 458c2ecf20Sopenharmony_ci 468c2ecf20Sopenharmony_ci /* bpf_strtoul arg3 (flags) */ 478c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_3, 0), 488c2ecf20Sopenharmony_ci 498c2ecf20Sopenharmony_ci /* bpf_strtoul arg4 (res) */ 508c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8), 518c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_7, BPF_REG_0, 0), 528c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_4, BPF_REG_7), 538c2ecf20Sopenharmony_ci 548c2ecf20Sopenharmony_ci /* bpf_strtoul() */ 558c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_strtoul), 568c2ecf20Sopenharmony_ci 578c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 1), 588c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 598c2ecf20Sopenharmony_ci }, 608c2ecf20Sopenharmony_ci .result = REJECT, 618c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SYSCTL, 628c2ecf20Sopenharmony_ci .errstr = "invalid indirect read from stack R4 off -16+4 size 8", 638c2ecf20Sopenharmony_ci}, 648c2ecf20Sopenharmony_ci{ 658c2ecf20Sopenharmony_ci "ARG_PTR_TO_LONG misaligned", 668c2ecf20Sopenharmony_ci .insns = { 678c2ecf20Sopenharmony_ci /* bpf_strtoul arg1 (buf) */ 688c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_7, BPF_REG_10), 698c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8), 708c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0x00303036), 718c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0), 728c2ecf20Sopenharmony_ci 738c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_7), 748c2ecf20Sopenharmony_ci 758c2ecf20Sopenharmony_ci /* bpf_strtoul arg2 (buf_len) */ 768c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_2, 4), 778c2ecf20Sopenharmony_ci 788c2ecf20Sopenharmony_ci /* bpf_strtoul arg3 (flags) */ 798c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_3, 0), 808c2ecf20Sopenharmony_ci 818c2ecf20Sopenharmony_ci /* bpf_strtoul arg4 (res) */ 828c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -12), 838c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 848c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_7, BPF_REG_0, 0), 858c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 4), 868c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_4, BPF_REG_7), 878c2ecf20Sopenharmony_ci 888c2ecf20Sopenharmony_ci /* bpf_strtoul() */ 898c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_strtoul), 908c2ecf20Sopenharmony_ci 918c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 1), 928c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 938c2ecf20Sopenharmony_ci }, 948c2ecf20Sopenharmony_ci .result = REJECT, 958c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SYSCTL, 968c2ecf20Sopenharmony_ci .errstr = "misaligned stack access off (0x0; 0x0)+-20+0 size 8", 978c2ecf20Sopenharmony_ci}, 988c2ecf20Sopenharmony_ci{ 998c2ecf20Sopenharmony_ci "ARG_PTR_TO_LONG size < sizeof(long)", 1008c2ecf20Sopenharmony_ci .insns = { 1018c2ecf20Sopenharmony_ci /* bpf_strtoul arg1 (buf) */ 1028c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_7, BPF_REG_10), 1038c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -16), 1048c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0x00303036), 1058c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0), 1068c2ecf20Sopenharmony_ci 1078c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_7), 1088c2ecf20Sopenharmony_ci 1098c2ecf20Sopenharmony_ci /* bpf_strtoul arg2 (buf_len) */ 1108c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_2, 4), 1118c2ecf20Sopenharmony_ci 1128c2ecf20Sopenharmony_ci /* bpf_strtoul arg3 (flags) */ 1138c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_3, 0), 1148c2ecf20Sopenharmony_ci 1158c2ecf20Sopenharmony_ci /* bpf_strtoul arg4 (res) */ 1168c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, 12), 1178c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_W, BPF_REG_7, BPF_REG_0, 0), 1188c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_4, BPF_REG_7), 1198c2ecf20Sopenharmony_ci 1208c2ecf20Sopenharmony_ci /* bpf_strtoul() */ 1218c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_strtoul), 1228c2ecf20Sopenharmony_ci 1238c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 1), 1248c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1258c2ecf20Sopenharmony_ci }, 1268c2ecf20Sopenharmony_ci .result = REJECT, 1278c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SYSCTL, 1288c2ecf20Sopenharmony_ci .errstr = "invalid indirect access to stack R4 off=-4 size=8", 1298c2ecf20Sopenharmony_ci}, 1308c2ecf20Sopenharmony_ci{ 1318c2ecf20Sopenharmony_ci "ARG_PTR_TO_LONG initialized", 1328c2ecf20Sopenharmony_ci .insns = { 1338c2ecf20Sopenharmony_ci /* bpf_strtoul arg1 (buf) */ 1348c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_7, BPF_REG_10), 1358c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8), 1368c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0x00303036), 1378c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0), 1388c2ecf20Sopenharmony_ci 1398c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_7), 1408c2ecf20Sopenharmony_ci 1418c2ecf20Sopenharmony_ci /* bpf_strtoul arg2 (buf_len) */ 1428c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_2, 4), 1438c2ecf20Sopenharmony_ci 1448c2ecf20Sopenharmony_ci /* bpf_strtoul arg3 (flags) */ 1458c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_3, 0), 1468c2ecf20Sopenharmony_ci 1478c2ecf20Sopenharmony_ci /* bpf_strtoul arg4 (res) */ 1488c2ecf20Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8), 1498c2ecf20Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0), 1508c2ecf20Sopenharmony_ci BPF_MOV64_REG(BPF_REG_4, BPF_REG_7), 1518c2ecf20Sopenharmony_ci 1528c2ecf20Sopenharmony_ci /* bpf_strtoul() */ 1538c2ecf20Sopenharmony_ci BPF_EMIT_CALL(BPF_FUNC_strtoul), 1548c2ecf20Sopenharmony_ci 1558c2ecf20Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 1), 1568c2ecf20Sopenharmony_ci BPF_EXIT_INSN(), 1578c2ecf20Sopenharmony_ci }, 1588c2ecf20Sopenharmony_ci .result = ACCEPT, 1598c2ecf20Sopenharmony_ci .prog_type = BPF_PROG_TYPE_CGROUP_SYSCTL, 1608c2ecf20Sopenharmony_ci}, 161