1*4882a593Smuzhiyun { 2*4882a593Smuzhiyun "bounded loop, count to 4", 3*4882a593Smuzhiyun .insns = { 4*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 0), 5*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 1), 6*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JLT, BPF_REG_0, 4, -2), 7*4882a593Smuzhiyun BPF_EXIT_INSN(), 8*4882a593Smuzhiyun }, 9*4882a593Smuzhiyun .result = ACCEPT, 10*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_TRACEPOINT, 11*4882a593Smuzhiyun .retval = 4, 12*4882a593Smuzhiyun }, 13*4882a593Smuzhiyun { 14*4882a593Smuzhiyun "bounded loop, count to 20", 15*4882a593Smuzhiyun .insns = { 16*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 0), 17*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 3), 18*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JLT, BPF_REG_0, 20, -2), 19*4882a593Smuzhiyun BPF_EXIT_INSN(), 20*4882a593Smuzhiyun }, 21*4882a593Smuzhiyun .result = ACCEPT, 22*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_TRACEPOINT, 23*4882a593Smuzhiyun }, 24*4882a593Smuzhiyun { 25*4882a593Smuzhiyun "bounded loop, count from positive unknown to 4", 26*4882a593Smuzhiyun .insns = { 27*4882a593Smuzhiyun BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_get_prandom_u32), 28*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JSLT, BPF_REG_0, 0, 2), 29*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 1), 30*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JLT, BPF_REG_0, 4, -2), 31*4882a593Smuzhiyun BPF_EXIT_INSN(), 32*4882a593Smuzhiyun }, 33*4882a593Smuzhiyun .result = ACCEPT, 34*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_TRACEPOINT, 35*4882a593Smuzhiyun .retval = 4, 36*4882a593Smuzhiyun }, 37*4882a593Smuzhiyun { 38*4882a593Smuzhiyun "bounded loop, count from totally unknown to 4", 39*4882a593Smuzhiyun .insns = { 40*4882a593Smuzhiyun BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_get_prandom_u32), 41*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 1), 42*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JLT, BPF_REG_0, 4, -2), 43*4882a593Smuzhiyun BPF_EXIT_INSN(), 44*4882a593Smuzhiyun }, 45*4882a593Smuzhiyun .result = ACCEPT, 46*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_TRACEPOINT, 47*4882a593Smuzhiyun }, 48*4882a593Smuzhiyun { 49*4882a593Smuzhiyun "bounded loop, count to 4 with equality", 50*4882a593Smuzhiyun .insns = { 51*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 0), 52*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 1), 53*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 4, -2), 54*4882a593Smuzhiyun BPF_EXIT_INSN(), 55*4882a593Smuzhiyun }, 56*4882a593Smuzhiyun .result = ACCEPT, 57*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_TRACEPOINT, 58*4882a593Smuzhiyun }, 59*4882a593Smuzhiyun { 60*4882a593Smuzhiyun "bounded loop, start in the middle", 61*4882a593Smuzhiyun .insns = { 62*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 0), 63*4882a593Smuzhiyun BPF_JMP_A(1), 64*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 1), 65*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JLT, BPF_REG_0, 4, -2), 66*4882a593Smuzhiyun BPF_EXIT_INSN(), 67*4882a593Smuzhiyun }, 68*4882a593Smuzhiyun .result = REJECT, 69*4882a593Smuzhiyun .errstr = "back-edge", 70*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_TRACEPOINT, 71*4882a593Smuzhiyun .retval = 4, 72*4882a593Smuzhiyun }, 73*4882a593Smuzhiyun { 74*4882a593Smuzhiyun "bounded loop containing a forward jump", 75*4882a593Smuzhiyun .insns = { 76*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 0), 77*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 1), 78*4882a593Smuzhiyun BPF_JMP_REG(BPF_JEQ, BPF_REG_0, BPF_REG_0, 0), 79*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JLT, BPF_REG_0, 4, -3), 80*4882a593Smuzhiyun BPF_EXIT_INSN(), 81*4882a593Smuzhiyun }, 82*4882a593Smuzhiyun .result = ACCEPT, 83*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_TRACEPOINT, 84*4882a593Smuzhiyun .retval = 4, 85*4882a593Smuzhiyun }, 86*4882a593Smuzhiyun { 87*4882a593Smuzhiyun "bounded loop that jumps out rather than in", 88*4882a593Smuzhiyun .insns = { 89*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_6, 0), 90*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_6, 1), 91*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JGT, BPF_REG_6, 10000, 2), 92*4882a593Smuzhiyun BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_get_prandom_u32), 93*4882a593Smuzhiyun BPF_JMP_A(-4), 94*4882a593Smuzhiyun BPF_EXIT_INSN(), 95*4882a593Smuzhiyun }, 96*4882a593Smuzhiyun .result = ACCEPT, 97*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_TRACEPOINT, 98*4882a593Smuzhiyun }, 99*4882a593Smuzhiyun { 100*4882a593Smuzhiyun "infinite loop after a conditional jump", 101*4882a593Smuzhiyun .insns = { 102*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 5), 103*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JLT, BPF_REG_0, 4, 2), 104*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 1), 105*4882a593Smuzhiyun BPF_JMP_A(-2), 106*4882a593Smuzhiyun BPF_EXIT_INSN(), 107*4882a593Smuzhiyun }, 108*4882a593Smuzhiyun .result = REJECT, 109*4882a593Smuzhiyun .errstr = "program is too large", 110*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_TRACEPOINT, 111*4882a593Smuzhiyun }, 112*4882a593Smuzhiyun { 113*4882a593Smuzhiyun "bounded recursion", 114*4882a593Smuzhiyun .insns = { 115*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_1, 0), 116*4882a593Smuzhiyun BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 1, 0, 1), 117*4882a593Smuzhiyun BPF_EXIT_INSN(), 118*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 1), 119*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_0, BPF_REG_1), 120*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JLT, BPF_REG_1, 4, 1), 121*4882a593Smuzhiyun BPF_EXIT_INSN(), 122*4882a593Smuzhiyun BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 1, 0, -5), 123*4882a593Smuzhiyun BPF_EXIT_INSN(), 124*4882a593Smuzhiyun }, 125*4882a593Smuzhiyun .result = REJECT, 126*4882a593Smuzhiyun .errstr = "back-edge", 127*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_TRACEPOINT, 128*4882a593Smuzhiyun }, 129*4882a593Smuzhiyun { 130*4882a593Smuzhiyun "infinite loop in two jumps", 131*4882a593Smuzhiyun .insns = { 132*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 0), 133*4882a593Smuzhiyun BPF_JMP_A(0), 134*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JLT, BPF_REG_0, 4, -2), 135*4882a593Smuzhiyun BPF_EXIT_INSN(), 136*4882a593Smuzhiyun }, 137*4882a593Smuzhiyun .result = REJECT, 138*4882a593Smuzhiyun .errstr = "loop detected", 139*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_TRACEPOINT, 140*4882a593Smuzhiyun }, 141*4882a593Smuzhiyun { 142*4882a593Smuzhiyun "infinite loop: three-jump trick", 143*4882a593Smuzhiyun .insns = { 144*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 0), 145*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 1), 146*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_AND, BPF_REG_0, 1), 147*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JLT, BPF_REG_0, 2, 1), 148*4882a593Smuzhiyun BPF_EXIT_INSN(), 149*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 1), 150*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_AND, BPF_REG_0, 1), 151*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JLT, BPF_REG_0, 2, 1), 152*4882a593Smuzhiyun BPF_EXIT_INSN(), 153*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 1), 154*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_AND, BPF_REG_0, 1), 155*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JLT, BPF_REG_0, 2, -11), 156*4882a593Smuzhiyun BPF_EXIT_INSN(), 157*4882a593Smuzhiyun }, 158*4882a593Smuzhiyun .result = REJECT, 159*4882a593Smuzhiyun .errstr = "loop detected", 160*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_TRACEPOINT, 161*4882a593Smuzhiyun }, 162*4882a593Smuzhiyun { 163*4882a593Smuzhiyun "not-taken loop with back jump to 1st insn", 164*4882a593Smuzhiyun .insns = { 165*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 123), 166*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 4, -2), 167*4882a593Smuzhiyun BPF_EXIT_INSN(), 168*4882a593Smuzhiyun }, 169*4882a593Smuzhiyun .result = ACCEPT, 170*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_XDP, 171*4882a593Smuzhiyun .retval = 123, 172*4882a593Smuzhiyun }, 173*4882a593Smuzhiyun { 174*4882a593Smuzhiyun "taken loop with back jump to 1st insn", 175*4882a593Smuzhiyun .insns = { 176*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_1, 10), 177*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_2, 0), 178*4882a593Smuzhiyun BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 1, 0, 1), 179*4882a593Smuzhiyun BPF_EXIT_INSN(), 180*4882a593Smuzhiyun BPF_ALU64_REG(BPF_ADD, BPF_REG_2, BPF_REG_1), 181*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_SUB, BPF_REG_1, 1), 182*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, -3), 183*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 184*4882a593Smuzhiyun BPF_EXIT_INSN(), 185*4882a593Smuzhiyun }, 186*4882a593Smuzhiyun .result = ACCEPT, 187*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_XDP, 188*4882a593Smuzhiyun .retval = 55, 189*4882a593Smuzhiyun }, 190*4882a593Smuzhiyun { 191*4882a593Smuzhiyun "taken loop with back jump to 1st insn, 2", 192*4882a593Smuzhiyun .insns = { 193*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_1, 10), 194*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_2, 0), 195*4882a593Smuzhiyun BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 1, 0, 1), 196*4882a593Smuzhiyun BPF_EXIT_INSN(), 197*4882a593Smuzhiyun BPF_ALU64_REG(BPF_ADD, BPF_REG_2, BPF_REG_1), 198*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_SUB, BPF_REG_1, 1), 199*4882a593Smuzhiyun BPF_JMP32_IMM(BPF_JNE, BPF_REG_1, 0, -3), 200*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 201*4882a593Smuzhiyun BPF_EXIT_INSN(), 202*4882a593Smuzhiyun }, 203*4882a593Smuzhiyun .result = ACCEPT, 204*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_XDP, 205*4882a593Smuzhiyun .retval = 55, 206*4882a593Smuzhiyun }, 207