1*4882a593Smuzhiyun { 2*4882a593Smuzhiyun "precise: test 1", 3*4882a593Smuzhiyun .insns = { 4*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 1), 5*4882a593Smuzhiyun BPF_LD_MAP_FD(BPF_REG_6, 0), 6*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), 7*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_FP), 8*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 9*4882a593Smuzhiyun BPF_ST_MEM(BPF_DW, BPF_REG_FP, -8, 0), 10*4882a593Smuzhiyun BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 11*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 12*4882a593Smuzhiyun BPF_EXIT_INSN(), 13*4882a593Smuzhiyun 14*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_9, BPF_REG_0), 15*4882a593Smuzhiyun 16*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), 17*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_FP), 18*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 19*4882a593Smuzhiyun BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 20*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 21*4882a593Smuzhiyun BPF_EXIT_INSN(), 22*4882a593Smuzhiyun 23*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_8, BPF_REG_0), 24*4882a593Smuzhiyun 25*4882a593Smuzhiyun BPF_ALU64_REG(BPF_SUB, BPF_REG_9, BPF_REG_8), /* map_value_ptr -= map_value_ptr */ 26*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_9), 27*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JLT, BPF_REG_2, 8, 1), 28*4882a593Smuzhiyun BPF_EXIT_INSN(), 29*4882a593Smuzhiyun 30*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, 1), /* R2=inv(umin=1, umax=8) */ 31*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_FP), 32*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -8), 33*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_3, 0), 34*4882a593Smuzhiyun BPF_EMIT_CALL(BPF_FUNC_probe_read_kernel), 35*4882a593Smuzhiyun BPF_EXIT_INSN(), 36*4882a593Smuzhiyun }, 37*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_TRACEPOINT, 38*4882a593Smuzhiyun .fixup_map_array_48b = { 1 }, 39*4882a593Smuzhiyun .result = VERBOSE_ACCEPT, 40*4882a593Smuzhiyun .errstr = 41*4882a593Smuzhiyun "26: (85) call bpf_probe_read_kernel#113\ 42*4882a593Smuzhiyun last_idx 26 first_idx 20\ 43*4882a593Smuzhiyun regs=4 stack=0 before 25\ 44*4882a593Smuzhiyun regs=4 stack=0 before 24\ 45*4882a593Smuzhiyun regs=4 stack=0 before 23\ 46*4882a593Smuzhiyun regs=4 stack=0 before 22\ 47*4882a593Smuzhiyun regs=4 stack=0 before 20\ 48*4882a593Smuzhiyun parent didn't have regs=4 stack=0 marks\ 49*4882a593Smuzhiyun last_idx 19 first_idx 10\ 50*4882a593Smuzhiyun regs=4 stack=0 before 19\ 51*4882a593Smuzhiyun regs=200 stack=0 before 18\ 52*4882a593Smuzhiyun regs=300 stack=0 before 17\ 53*4882a593Smuzhiyun regs=201 stack=0 before 15\ 54*4882a593Smuzhiyun regs=201 stack=0 before 14\ 55*4882a593Smuzhiyun regs=200 stack=0 before 13\ 56*4882a593Smuzhiyun regs=200 stack=0 before 12\ 57*4882a593Smuzhiyun regs=200 stack=0 before 11\ 58*4882a593Smuzhiyun regs=200 stack=0 before 10\ 59*4882a593Smuzhiyun parent already had regs=0 stack=0 marks", 60*4882a593Smuzhiyun }, 61*4882a593Smuzhiyun { 62*4882a593Smuzhiyun "precise: test 2", 63*4882a593Smuzhiyun .insns = { 64*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 1), 65*4882a593Smuzhiyun BPF_LD_MAP_FD(BPF_REG_6, 0), 66*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), 67*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_FP), 68*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 69*4882a593Smuzhiyun BPF_ST_MEM(BPF_DW, BPF_REG_FP, -8, 0), 70*4882a593Smuzhiyun BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 71*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 72*4882a593Smuzhiyun BPF_EXIT_INSN(), 73*4882a593Smuzhiyun 74*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_9, BPF_REG_0), 75*4882a593Smuzhiyun 76*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_6), 77*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_FP), 78*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 79*4882a593Smuzhiyun BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 80*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 81*4882a593Smuzhiyun BPF_EXIT_INSN(), 82*4882a593Smuzhiyun 83*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_8, BPF_REG_0), 84*4882a593Smuzhiyun 85*4882a593Smuzhiyun BPF_ALU64_REG(BPF_SUB, BPF_REG_9, BPF_REG_8), /* map_value_ptr -= map_value_ptr */ 86*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_9), 87*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JLT, BPF_REG_2, 8, 1), 88*4882a593Smuzhiyun BPF_EXIT_INSN(), 89*4882a593Smuzhiyun 90*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, 1), /* R2=inv(umin=1, umax=8) */ 91*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_FP), 92*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -8), 93*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_3, 0), 94*4882a593Smuzhiyun BPF_EMIT_CALL(BPF_FUNC_probe_read_kernel), 95*4882a593Smuzhiyun BPF_EXIT_INSN(), 96*4882a593Smuzhiyun }, 97*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_TRACEPOINT, 98*4882a593Smuzhiyun .fixup_map_array_48b = { 1 }, 99*4882a593Smuzhiyun .result = VERBOSE_ACCEPT, 100*4882a593Smuzhiyun .flags = BPF_F_TEST_STATE_FREQ, 101*4882a593Smuzhiyun .errstr = 102*4882a593Smuzhiyun "26: (85) call bpf_probe_read_kernel#113\ 103*4882a593Smuzhiyun last_idx 26 first_idx 22\ 104*4882a593Smuzhiyun regs=4 stack=0 before 25\ 105*4882a593Smuzhiyun regs=4 stack=0 before 24\ 106*4882a593Smuzhiyun regs=4 stack=0 before 23\ 107*4882a593Smuzhiyun regs=4 stack=0 before 22\ 108*4882a593Smuzhiyun parent didn't have regs=4 stack=0 marks\ 109*4882a593Smuzhiyun last_idx 20 first_idx 20\ 110*4882a593Smuzhiyun regs=4 stack=0 before 20\ 111*4882a593Smuzhiyun parent didn't have regs=4 stack=0 marks\ 112*4882a593Smuzhiyun last_idx 19 first_idx 17\ 113*4882a593Smuzhiyun regs=4 stack=0 before 19\ 114*4882a593Smuzhiyun regs=200 stack=0 before 18\ 115*4882a593Smuzhiyun regs=300 stack=0 before 17\ 116*4882a593Smuzhiyun parent already had regs=0 stack=0 marks", 117*4882a593Smuzhiyun }, 118*4882a593Smuzhiyun { 119*4882a593Smuzhiyun "precise: cross frame pruning", 120*4882a593Smuzhiyun .insns = { 121*4882a593Smuzhiyun BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_get_prandom_u32), 122*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_8, 0), 123*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 124*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_8, 1), 125*4882a593Smuzhiyun BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_get_prandom_u32), 126*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_9, 0), 127*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1), 128*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_9, 1), 129*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), 130*4882a593Smuzhiyun BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 1, 0, 4), 131*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JEQ, BPF_REG_8, 1, 1), 132*4882a593Smuzhiyun BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_2, 0), 133*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 0), 134*4882a593Smuzhiyun BPF_EXIT_INSN(), 135*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JEQ, BPF_REG_1, 0, 0), 136*4882a593Smuzhiyun BPF_EXIT_INSN(), 137*4882a593Smuzhiyun }, 138*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_XDP, 139*4882a593Smuzhiyun .flags = BPF_F_TEST_STATE_FREQ, 140*4882a593Smuzhiyun .errstr = "!read_ok", 141*4882a593Smuzhiyun .result = REJECT, 142*4882a593Smuzhiyun }, 143*4882a593Smuzhiyun { 144*4882a593Smuzhiyun "precise: ST insn causing spi > allocated_stack", 145*4882a593Smuzhiyun .insns = { 146*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_3, BPF_REG_10), 147*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JNE, BPF_REG_3, 123, 0), 148*4882a593Smuzhiyun BPF_ST_MEM(BPF_DW, BPF_REG_3, -8, 0), 149*4882a593Smuzhiyun BPF_LDX_MEM(BPF_DW, BPF_REG_4, BPF_REG_10, -8), 150*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, -1), 151*4882a593Smuzhiyun BPF_JMP_REG(BPF_JGT, BPF_REG_4, BPF_REG_0, 0), 152*4882a593Smuzhiyun BPF_EXIT_INSN(), 153*4882a593Smuzhiyun }, 154*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_XDP, 155*4882a593Smuzhiyun .flags = BPF_F_TEST_STATE_FREQ, 156*4882a593Smuzhiyun .errstr = "5: (2d) if r4 > r0 goto pc+0\ 157*4882a593Smuzhiyun last_idx 5 first_idx 5\ 158*4882a593Smuzhiyun parent didn't have regs=10 stack=0 marks\ 159*4882a593Smuzhiyun last_idx 4 first_idx 2\ 160*4882a593Smuzhiyun regs=10 stack=0 before 4\ 161*4882a593Smuzhiyun regs=10 stack=0 before 3\ 162*4882a593Smuzhiyun regs=0 stack=1 before 2\ 163*4882a593Smuzhiyun last_idx 5 first_idx 5\ 164*4882a593Smuzhiyun parent didn't have regs=1 stack=0 marks", 165*4882a593Smuzhiyun .result = VERBOSE_ACCEPT, 166*4882a593Smuzhiyun .retval = -1, 167*4882a593Smuzhiyun }, 168*4882a593Smuzhiyun { 169*4882a593Smuzhiyun "precise: STX insn causing spi > allocated_stack", 170*4882a593Smuzhiyun .insns = { 171*4882a593Smuzhiyun BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_get_prandom_u32), 172*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_3, BPF_REG_10), 173*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JNE, BPF_REG_3, 123, 0), 174*4882a593Smuzhiyun BPF_STX_MEM(BPF_DW, BPF_REG_3, BPF_REG_0, -8), 175*4882a593Smuzhiyun BPF_LDX_MEM(BPF_DW, BPF_REG_4, BPF_REG_10, -8), 176*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, -1), 177*4882a593Smuzhiyun BPF_JMP_REG(BPF_JGT, BPF_REG_4, BPF_REG_0, 0), 178*4882a593Smuzhiyun BPF_EXIT_INSN(), 179*4882a593Smuzhiyun }, 180*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_XDP, 181*4882a593Smuzhiyun .flags = BPF_F_TEST_STATE_FREQ, 182*4882a593Smuzhiyun .errstr = "last_idx 6 first_idx 6\ 183*4882a593Smuzhiyun parent didn't have regs=10 stack=0 marks\ 184*4882a593Smuzhiyun last_idx 5 first_idx 3\ 185*4882a593Smuzhiyun regs=10 stack=0 before 5\ 186*4882a593Smuzhiyun regs=10 stack=0 before 4\ 187*4882a593Smuzhiyun regs=0 stack=1 before 3\ 188*4882a593Smuzhiyun last_idx 6 first_idx 6\ 189*4882a593Smuzhiyun parent didn't have regs=1 stack=0 marks\ 190*4882a593Smuzhiyun last_idx 5 first_idx 3\ 191*4882a593Smuzhiyun regs=1 stack=0 before 5", 192*4882a593Smuzhiyun .result = VERBOSE_ACCEPT, 193*4882a593Smuzhiyun .retval = -1, 194*4882a593Smuzhiyun }, 195