162306a36Sopenharmony_ci/* Common tests */ 262306a36Sopenharmony_ci{ 362306a36Sopenharmony_ci "map_kptr: BPF_ST imm != 0", 462306a36Sopenharmony_ci .insns = { 562306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 662306a36Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_6, 0), 762306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), 862306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4), 962306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 1062306a36Sopenharmony_ci BPF_ST_MEM(BPF_W, BPF_REG_2, 0, 0), 1162306a36Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 1262306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 1362306a36Sopenharmony_ci BPF_EXIT_INSN(), 1462306a36Sopenharmony_ci BPF_ST_MEM(BPF_DW, BPF_REG_0, 0, 1), 1562306a36Sopenharmony_ci BPF_EXIT_INSN(), 1662306a36Sopenharmony_ci }, 1762306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 1862306a36Sopenharmony_ci .fixup_map_kptr = { 1 }, 1962306a36Sopenharmony_ci .result = REJECT, 2062306a36Sopenharmony_ci .errstr = "BPF_ST imm must be 0 when storing to kptr at off=0", 2162306a36Sopenharmony_ci}, 2262306a36Sopenharmony_ci{ 2362306a36Sopenharmony_ci "map_kptr: size != bpf_size_to_bytes(BPF_DW)", 2462306a36Sopenharmony_ci .insns = { 2562306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 2662306a36Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_6, 0), 2762306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), 2862306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4), 2962306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 3062306a36Sopenharmony_ci BPF_ST_MEM(BPF_W, BPF_REG_2, 0, 0), 3162306a36Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 3262306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 3362306a36Sopenharmony_ci BPF_EXIT_INSN(), 3462306a36Sopenharmony_ci BPF_ST_MEM(BPF_W, BPF_REG_0, 0, 0), 3562306a36Sopenharmony_ci BPF_EXIT_INSN(), 3662306a36Sopenharmony_ci }, 3762306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 3862306a36Sopenharmony_ci .fixup_map_kptr = { 1 }, 3962306a36Sopenharmony_ci .result = REJECT, 4062306a36Sopenharmony_ci .errstr = "kptr access size must be BPF_DW", 4162306a36Sopenharmony_ci}, 4262306a36Sopenharmony_ci{ 4362306a36Sopenharmony_ci "map_kptr: map_value non-const var_off", 4462306a36Sopenharmony_ci .insns = { 4562306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 4662306a36Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_6, 0), 4762306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), 4862306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4), 4962306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 5062306a36Sopenharmony_ci BPF_ST_MEM(BPF_W, BPF_REG_2, 0, 0), 5162306a36Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 5262306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 5362306a36Sopenharmony_ci BPF_EXIT_INSN(), 5462306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_3, BPF_REG_0), 5562306a36Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_0, 0), 5662306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_2, 0, 1), 5762306a36Sopenharmony_ci BPF_EXIT_INSN(), 5862306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_2, 0), 5962306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JLE, BPF_REG_2, 4, 1), 6062306a36Sopenharmony_ci BPF_EXIT_INSN(), 6162306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JGE, BPF_REG_2, 0, 1), 6262306a36Sopenharmony_ci BPF_EXIT_INSN(), 6362306a36Sopenharmony_ci BPF_ALU64_REG(BPF_ADD, BPF_REG_3, BPF_REG_2), 6462306a36Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_3, 0), 6562306a36Sopenharmony_ci BPF_EXIT_INSN(), 6662306a36Sopenharmony_ci }, 6762306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 6862306a36Sopenharmony_ci .fixup_map_kptr = { 1 }, 6962306a36Sopenharmony_ci .result = REJECT, 7062306a36Sopenharmony_ci .errstr = "kptr access cannot have variable offset", 7162306a36Sopenharmony_ci .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 7262306a36Sopenharmony_ci}, 7362306a36Sopenharmony_ci{ 7462306a36Sopenharmony_ci "map_kptr: bpf_kptr_xchg non-const var_off", 7562306a36Sopenharmony_ci .insns = { 7662306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 7762306a36Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_6, 0), 7862306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), 7962306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4), 8062306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 8162306a36Sopenharmony_ci BPF_ST_MEM(BPF_W, BPF_REG_2, 0, 0), 8262306a36Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 8362306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 8462306a36Sopenharmony_ci BPF_EXIT_INSN(), 8562306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_3, BPF_REG_0), 8662306a36Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_0, 0), 8762306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_2, 0, 1), 8862306a36Sopenharmony_ci BPF_EXIT_INSN(), 8962306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_2, 0), 9062306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JLE, BPF_REG_2, 4, 1), 9162306a36Sopenharmony_ci BPF_EXIT_INSN(), 9262306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JGE, BPF_REG_2, 0, 1), 9362306a36Sopenharmony_ci BPF_EXIT_INSN(), 9462306a36Sopenharmony_ci BPF_ALU64_REG(BPF_ADD, BPF_REG_3, BPF_REG_2), 9562306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_3), 9662306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_2, 0), 9762306a36Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_kptr_xchg), 9862306a36Sopenharmony_ci BPF_EXIT_INSN(), 9962306a36Sopenharmony_ci }, 10062306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 10162306a36Sopenharmony_ci .fixup_map_kptr = { 1 }, 10262306a36Sopenharmony_ci .result = REJECT, 10362306a36Sopenharmony_ci .errstr = "R1 doesn't have constant offset. kptr has to be at the constant offset", 10462306a36Sopenharmony_ci}, 10562306a36Sopenharmony_ci{ 10662306a36Sopenharmony_ci "map_kptr: unaligned boundary load/store", 10762306a36Sopenharmony_ci .insns = { 10862306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 10962306a36Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_6, 0), 11062306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), 11162306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4), 11262306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 11362306a36Sopenharmony_ci BPF_ST_MEM(BPF_W, BPF_REG_2, 0, 0), 11462306a36Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 11562306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 11662306a36Sopenharmony_ci BPF_EXIT_INSN(), 11762306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 7), 11862306a36Sopenharmony_ci BPF_ST_MEM(BPF_DW, BPF_REG_0, 0, 0), 11962306a36Sopenharmony_ci BPF_EXIT_INSN(), 12062306a36Sopenharmony_ci }, 12162306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 12262306a36Sopenharmony_ci .fixup_map_kptr = { 1 }, 12362306a36Sopenharmony_ci .result = REJECT, 12462306a36Sopenharmony_ci .errstr = "kptr access misaligned expected=0 off=7", 12562306a36Sopenharmony_ci .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 12662306a36Sopenharmony_ci}, 12762306a36Sopenharmony_ci{ 12862306a36Sopenharmony_ci "map_kptr: reject var_off != 0", 12962306a36Sopenharmony_ci .insns = { 13062306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 13162306a36Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_6, 0), 13262306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), 13362306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4), 13462306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 13562306a36Sopenharmony_ci BPF_ST_MEM(BPF_W, BPF_REG_2, 0, 0), 13662306a36Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 13762306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 13862306a36Sopenharmony_ci BPF_EXIT_INSN(), 13962306a36Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 0), 14062306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 1), 14162306a36Sopenharmony_ci BPF_EXIT_INSN(), 14262306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 0), 14362306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JLE, BPF_REG_2, 4, 1), 14462306a36Sopenharmony_ci BPF_EXIT_INSN(), 14562306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JGE, BPF_REG_2, 0, 1), 14662306a36Sopenharmony_ci BPF_EXIT_INSN(), 14762306a36Sopenharmony_ci BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_2), 14862306a36Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 0), 14962306a36Sopenharmony_ci BPF_EXIT_INSN(), 15062306a36Sopenharmony_ci }, 15162306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 15262306a36Sopenharmony_ci .fixup_map_kptr = { 1 }, 15362306a36Sopenharmony_ci .result = REJECT, 15462306a36Sopenharmony_ci .errstr = "variable untrusted_ptr_ access var_off=(0x0; 0x7) disallowed", 15562306a36Sopenharmony_ci}, 15662306a36Sopenharmony_ci/* Tests for unreferened PTR_TO_BTF_ID */ 15762306a36Sopenharmony_ci{ 15862306a36Sopenharmony_ci "map_kptr: unref: reject btf_struct_ids_match == false", 15962306a36Sopenharmony_ci .insns = { 16062306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 16162306a36Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_6, 0), 16262306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), 16362306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4), 16462306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 16562306a36Sopenharmony_ci BPF_ST_MEM(BPF_W, BPF_REG_2, 0, 0), 16662306a36Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 16762306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 16862306a36Sopenharmony_ci BPF_EXIT_INSN(), 16962306a36Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 0), 17062306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 1), 17162306a36Sopenharmony_ci BPF_EXIT_INSN(), 17262306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4), 17362306a36Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 0), 17462306a36Sopenharmony_ci BPF_EXIT_INSN(), 17562306a36Sopenharmony_ci }, 17662306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 17762306a36Sopenharmony_ci .fixup_map_kptr = { 1 }, 17862306a36Sopenharmony_ci .result = REJECT, 17962306a36Sopenharmony_ci .errstr = "invalid kptr access, R1 type=untrusted_ptr_prog_test_ref_kfunc expected=ptr_prog_test", 18062306a36Sopenharmony_ci}, 18162306a36Sopenharmony_ci{ 18262306a36Sopenharmony_ci "map_kptr: unref: loaded pointer marked as untrusted", 18362306a36Sopenharmony_ci .insns = { 18462306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 18562306a36Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_6, 0), 18662306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), 18762306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4), 18862306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 18962306a36Sopenharmony_ci BPF_ST_MEM(BPF_W, BPF_REG_2, 0, 0), 19062306a36Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 19162306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 19262306a36Sopenharmony_ci BPF_EXIT_INSN(), 19362306a36Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0), 19462306a36Sopenharmony_ci BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, 0), 19562306a36Sopenharmony_ci BPF_EXIT_INSN(), 19662306a36Sopenharmony_ci }, 19762306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 19862306a36Sopenharmony_ci .fixup_map_kptr = { 1 }, 19962306a36Sopenharmony_ci .result = REJECT, 20062306a36Sopenharmony_ci .errstr = "R0 invalid mem access 'untrusted_ptr_or_null_'", 20162306a36Sopenharmony_ci}, 20262306a36Sopenharmony_ci{ 20362306a36Sopenharmony_ci "map_kptr: unref: correct in kernel type size", 20462306a36Sopenharmony_ci .insns = { 20562306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 20662306a36Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_6, 0), 20762306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), 20862306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4), 20962306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 21062306a36Sopenharmony_ci BPF_ST_MEM(BPF_W, BPF_REG_2, 0, 0), 21162306a36Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 21262306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 21362306a36Sopenharmony_ci BPF_EXIT_INSN(), 21462306a36Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0), 21562306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 21662306a36Sopenharmony_ci BPF_EXIT_INSN(), 21762306a36Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 32), 21862306a36Sopenharmony_ci BPF_EXIT_INSN(), 21962306a36Sopenharmony_ci }, 22062306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 22162306a36Sopenharmony_ci .fixup_map_kptr = { 1 }, 22262306a36Sopenharmony_ci .result = REJECT, 22362306a36Sopenharmony_ci .errstr = "access beyond struct prog_test_ref_kfunc at off 32 size 8", 22462306a36Sopenharmony_ci}, 22562306a36Sopenharmony_ci{ 22662306a36Sopenharmony_ci "map_kptr: unref: inherit PTR_UNTRUSTED on struct walk", 22762306a36Sopenharmony_ci .insns = { 22862306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 22962306a36Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_6, 0), 23062306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), 23162306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4), 23262306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 23362306a36Sopenharmony_ci BPF_ST_MEM(BPF_W, BPF_REG_2, 0, 0), 23462306a36Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 23562306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 23662306a36Sopenharmony_ci BPF_EXIT_INSN(), 23762306a36Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0), 23862306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 23962306a36Sopenharmony_ci BPF_EXIT_INSN(), 24062306a36Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 16), 24162306a36Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_this_cpu_ptr), 24262306a36Sopenharmony_ci BPF_EXIT_INSN(), 24362306a36Sopenharmony_ci }, 24462306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 24562306a36Sopenharmony_ci .fixup_map_kptr = { 1 }, 24662306a36Sopenharmony_ci .result = REJECT, 24762306a36Sopenharmony_ci .errstr = "R1 type=untrusted_ptr_ expected=percpu_ptr_", 24862306a36Sopenharmony_ci}, 24962306a36Sopenharmony_ci{ 25062306a36Sopenharmony_ci "map_kptr: unref: no reference state created", 25162306a36Sopenharmony_ci .insns = { 25262306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 25362306a36Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_6, 0), 25462306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), 25562306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4), 25662306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 25762306a36Sopenharmony_ci BPF_ST_MEM(BPF_W, BPF_REG_2, 0, 0), 25862306a36Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 25962306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 26062306a36Sopenharmony_ci BPF_EXIT_INSN(), 26162306a36Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0), 26262306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 26362306a36Sopenharmony_ci BPF_EXIT_INSN(), 26462306a36Sopenharmony_ci BPF_EXIT_INSN(), 26562306a36Sopenharmony_ci }, 26662306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 26762306a36Sopenharmony_ci .fixup_map_kptr = { 1 }, 26862306a36Sopenharmony_ci .result = ACCEPT, 26962306a36Sopenharmony_ci}, 27062306a36Sopenharmony_ci{ 27162306a36Sopenharmony_ci "map_kptr: unref: bpf_kptr_xchg rejected", 27262306a36Sopenharmony_ci .insns = { 27362306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 27462306a36Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_6, 0), 27562306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), 27662306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4), 27762306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 27862306a36Sopenharmony_ci BPF_ST_MEM(BPF_W, BPF_REG_2, 0, 0), 27962306a36Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 28062306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 28162306a36Sopenharmony_ci BPF_EXIT_INSN(), 28262306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), 28362306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_2, 0), 28462306a36Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_kptr_xchg), 28562306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 28662306a36Sopenharmony_ci BPF_EXIT_INSN(), 28762306a36Sopenharmony_ci }, 28862306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 28962306a36Sopenharmony_ci .fixup_map_kptr = { 1 }, 29062306a36Sopenharmony_ci .result = REJECT, 29162306a36Sopenharmony_ci .errstr = "off=0 kptr isn't referenced kptr", 29262306a36Sopenharmony_ci}, 29362306a36Sopenharmony_ci/* Tests for referenced PTR_TO_BTF_ID */ 29462306a36Sopenharmony_ci{ 29562306a36Sopenharmony_ci "map_kptr: ref: loaded pointer marked as untrusted", 29662306a36Sopenharmony_ci .insns = { 29762306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 29862306a36Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_6, 0), 29962306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), 30062306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4), 30162306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 30262306a36Sopenharmony_ci BPF_ST_MEM(BPF_W, BPF_REG_2, 0, 0), 30362306a36Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 30462306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 30562306a36Sopenharmony_ci BPF_EXIT_INSN(), 30662306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_1, 0), 30762306a36Sopenharmony_ci BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 8), 30862306a36Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_this_cpu_ptr), 30962306a36Sopenharmony_ci BPF_EXIT_INSN(), 31062306a36Sopenharmony_ci }, 31162306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 31262306a36Sopenharmony_ci .fixup_map_kptr = { 1 }, 31362306a36Sopenharmony_ci .result = REJECT, 31462306a36Sopenharmony_ci .errstr = "R1 type=rcu_ptr_or_null_ expected=percpu_ptr_", 31562306a36Sopenharmony_ci}, 31662306a36Sopenharmony_ci{ 31762306a36Sopenharmony_ci "map_kptr: ref: reject off != 0", 31862306a36Sopenharmony_ci .insns = { 31962306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 32062306a36Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_6, 0), 32162306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), 32262306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4), 32362306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 32462306a36Sopenharmony_ci BPF_ST_MEM(BPF_W, BPF_REG_2, 0, 0), 32562306a36Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 32662306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 32762306a36Sopenharmony_ci BPF_EXIT_INSN(), 32862306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 32962306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_7, BPF_REG_0), 33062306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), 33162306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_2, 0), 33262306a36Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_kptr_xchg), 33362306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 33462306a36Sopenharmony_ci BPF_EXIT_INSN(), 33562306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_7), 33662306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 8), 33762306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 33862306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_0), 33962306a36Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_kptr_xchg), 34062306a36Sopenharmony_ci BPF_EXIT_INSN(), 34162306a36Sopenharmony_ci }, 34262306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 34362306a36Sopenharmony_ci .fixup_map_kptr = { 1 }, 34462306a36Sopenharmony_ci .result = REJECT, 34562306a36Sopenharmony_ci .errstr = "invalid kptr access, R2 type=ptr_prog_test_ref_kfunc expected=ptr_prog_test_member", 34662306a36Sopenharmony_ci}, 34762306a36Sopenharmony_ci{ 34862306a36Sopenharmony_ci "map_kptr: ref: reference state created and released on xchg", 34962306a36Sopenharmony_ci .insns = { 35062306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 35162306a36Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_6, 0), 35262306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), 35362306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4), 35462306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 35562306a36Sopenharmony_ci BPF_ST_MEM(BPF_W, BPF_REG_2, 0, 0), 35662306a36Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 35762306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 35862306a36Sopenharmony_ci BPF_EXIT_INSN(), 35962306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 36062306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_7, BPF_REG_0), 36162306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), 36262306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -8), 36362306a36Sopenharmony_ci BPF_ST_MEM(BPF_DW, BPF_REG_1, 0, 0), 36462306a36Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, BPF_PSEUDO_KFUNC_CALL, 0, 0), 36562306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 36662306a36Sopenharmony_ci BPF_EXIT_INSN(), 36762306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_7), 36862306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_0), 36962306a36Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_kptr_xchg), 37062306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 37162306a36Sopenharmony_ci BPF_EXIT_INSN(), 37262306a36Sopenharmony_ci }, 37362306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 37462306a36Sopenharmony_ci .fixup_map_kptr = { 1 }, 37562306a36Sopenharmony_ci .result = REJECT, 37662306a36Sopenharmony_ci .errstr = "Unreleased reference id=5 alloc_insn=20", 37762306a36Sopenharmony_ci .fixup_kfunc_btf_id = { 37862306a36Sopenharmony_ci { "bpf_kfunc_call_test_acquire", 15 }, 37962306a36Sopenharmony_ci } 38062306a36Sopenharmony_ci}, 38162306a36Sopenharmony_ci{ 38262306a36Sopenharmony_ci "map_kptr: ref: reject STX", 38362306a36Sopenharmony_ci .insns = { 38462306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 38562306a36Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_6, 0), 38662306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), 38762306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4), 38862306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 38962306a36Sopenharmony_ci BPF_ST_MEM(BPF_W, BPF_REG_2, 0, 0), 39062306a36Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 39162306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 39262306a36Sopenharmony_ci BPF_EXIT_INSN(), 39362306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, 0), 39462306a36Sopenharmony_ci BPF_STX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 8), 39562306a36Sopenharmony_ci BPF_EXIT_INSN(), 39662306a36Sopenharmony_ci }, 39762306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 39862306a36Sopenharmony_ci .fixup_map_kptr = { 1 }, 39962306a36Sopenharmony_ci .result = REJECT, 40062306a36Sopenharmony_ci .errstr = "store to referenced kptr disallowed", 40162306a36Sopenharmony_ci}, 40262306a36Sopenharmony_ci{ 40362306a36Sopenharmony_ci "map_kptr: ref: reject ST", 40462306a36Sopenharmony_ci .insns = { 40562306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 40662306a36Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_6, 0), 40762306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), 40862306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4), 40962306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 41062306a36Sopenharmony_ci BPF_ST_MEM(BPF_W, BPF_REG_2, 0, 0), 41162306a36Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 41262306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 41362306a36Sopenharmony_ci BPF_EXIT_INSN(), 41462306a36Sopenharmony_ci BPF_ST_MEM(BPF_DW, BPF_REG_0, 8, 0), 41562306a36Sopenharmony_ci BPF_EXIT_INSN(), 41662306a36Sopenharmony_ci }, 41762306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 41862306a36Sopenharmony_ci .fixup_map_kptr = { 1 }, 41962306a36Sopenharmony_ci .result = REJECT, 42062306a36Sopenharmony_ci .errstr = "store to referenced kptr disallowed", 42162306a36Sopenharmony_ci}, 42262306a36Sopenharmony_ci{ 42362306a36Sopenharmony_ci "map_kptr: reject helper access to kptr", 42462306a36Sopenharmony_ci .insns = { 42562306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 42662306a36Sopenharmony_ci BPF_LD_MAP_FD(BPF_REG_6, 0), 42762306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), 42862306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4), 42962306a36Sopenharmony_ci BPF_MOV64_IMM(BPF_REG_0, 0), 43062306a36Sopenharmony_ci BPF_ST_MEM(BPF_W, BPF_REG_2, 0, 0), 43162306a36Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 43262306a36Sopenharmony_ci BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 43362306a36Sopenharmony_ci BPF_EXIT_INSN(), 43462306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), 43562306a36Sopenharmony_ci BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 2), 43662306a36Sopenharmony_ci BPF_MOV64_REG(BPF_REG_2, BPF_REG_0), 43762306a36Sopenharmony_ci BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_delete_elem), 43862306a36Sopenharmony_ci BPF_EXIT_INSN(), 43962306a36Sopenharmony_ci }, 44062306a36Sopenharmony_ci .prog_type = BPF_PROG_TYPE_SCHED_CLS, 44162306a36Sopenharmony_ci .fixup_map_kptr = { 1 }, 44262306a36Sopenharmony_ci .result = REJECT, 44362306a36Sopenharmony_ci .errstr = "kptr cannot be accessed indirectly by helper", 44462306a36Sopenharmony_ci}, 445