1*4882a593Smuzhiyun { 2*4882a593Smuzhiyun "invalid and of negative number", 3*4882a593Smuzhiyun .insns = { 4*4882a593Smuzhiyun BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), 5*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 6*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 7*4882a593Smuzhiyun BPF_LD_MAP_FD(BPF_REG_1, 0), 8*4882a593Smuzhiyun BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 9*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 4), 10*4882a593Smuzhiyun BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_0, 0), 11*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_AND, BPF_REG_1, -4), 12*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_LSH, BPF_REG_1, 2), 13*4882a593Smuzhiyun BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_1), 14*4882a593Smuzhiyun BPF_ST_MEM(BPF_DW, BPF_REG_0, 0, offsetof(struct test_val, foo)), 15*4882a593Smuzhiyun BPF_EXIT_INSN(), 16*4882a593Smuzhiyun }, 17*4882a593Smuzhiyun .fixup_map_hash_48b = { 3 }, 18*4882a593Smuzhiyun .errstr = "R0 max value is outside of the allowed memory range", 19*4882a593Smuzhiyun .result = REJECT, 20*4882a593Smuzhiyun .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 21*4882a593Smuzhiyun }, 22*4882a593Smuzhiyun { 23*4882a593Smuzhiyun "invalid range check", 24*4882a593Smuzhiyun .insns = { 25*4882a593Smuzhiyun BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), 26*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 27*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 28*4882a593Smuzhiyun BPF_LD_MAP_FD(BPF_REG_1, 0), 29*4882a593Smuzhiyun BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), 30*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 12), 31*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 0), 32*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_9, 1), 33*4882a593Smuzhiyun BPF_ALU32_IMM(BPF_MOD, BPF_REG_1, 2), 34*4882a593Smuzhiyun BPF_ALU32_IMM(BPF_ADD, BPF_REG_1, 1), 35*4882a593Smuzhiyun BPF_ALU32_REG(BPF_AND, BPF_REG_9, BPF_REG_1), 36*4882a593Smuzhiyun BPF_ALU32_IMM(BPF_ADD, BPF_REG_9, 1), 37*4882a593Smuzhiyun BPF_ALU32_IMM(BPF_RSH, BPF_REG_9, 1), 38*4882a593Smuzhiyun BPF_MOV32_IMM(BPF_REG_3, 1), 39*4882a593Smuzhiyun BPF_ALU32_REG(BPF_SUB, BPF_REG_3, BPF_REG_9), 40*4882a593Smuzhiyun BPF_ALU32_IMM(BPF_MUL, BPF_REG_3, 0x10000000), 41*4882a593Smuzhiyun BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_3), 42*4882a593Smuzhiyun BPF_STX_MEM(BPF_W, BPF_REG_0, BPF_REG_3, 0), 43*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_0, 0), 44*4882a593Smuzhiyun BPF_EXIT_INSN(), 45*4882a593Smuzhiyun }, 46*4882a593Smuzhiyun .fixup_map_hash_48b = { 3 }, 47*4882a593Smuzhiyun .errstr = "R0 max value is outside of the allowed memory range", 48*4882a593Smuzhiyun .result = REJECT, 49*4882a593Smuzhiyun .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 50*4882a593Smuzhiyun }, 51*4882a593Smuzhiyun { 52*4882a593Smuzhiyun "check known subreg with unknown reg", 53*4882a593Smuzhiyun .insns = { 54*4882a593Smuzhiyun BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_get_prandom_u32), 55*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_LSH, BPF_REG_0, 32), 56*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 1), 57*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_AND, BPF_REG_0, 0xFFFF1234), 58*4882a593Smuzhiyun /* Upper bits are unknown but AND above masks out 1 zero'ing lower bits */ 59*4882a593Smuzhiyun BPF_JMP32_IMM(BPF_JLT, BPF_REG_0, 1, 1), 60*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_1, 512), 61*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 0), 62*4882a593Smuzhiyun BPF_EXIT_INSN(), 63*4882a593Smuzhiyun }, 64*4882a593Smuzhiyun .errstr_unpriv = "R1 !read_ok", 65*4882a593Smuzhiyun .result_unpriv = REJECT, 66*4882a593Smuzhiyun .result = ACCEPT, 67*4882a593Smuzhiyun .retval = 0 68*4882a593Smuzhiyun }, 69