1*4882a593Smuzhiyun { 2*4882a593Smuzhiyun "regalloc basic", 3*4882a593Smuzhiyun .insns = { 4*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_6, BPF_REG_1), 5*4882a593Smuzhiyun BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), 6*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 7*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 8*4882a593Smuzhiyun BPF_LD_MAP_FD(BPF_REG_1, 0), 9*4882a593Smuzhiyun BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 10*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 8), 11*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_7, BPF_REG_0), 12*4882a593Smuzhiyun BPF_EMIT_CALL(BPF_FUNC_get_prandom_u32), 13*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_0), 14*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JSGT, BPF_REG_0, 20, 4), 15*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JSLT, BPF_REG_2, 0, 3), 16*4882a593Smuzhiyun BPF_ALU64_REG(BPF_ADD, BPF_REG_7, BPF_REG_0), 17*4882a593Smuzhiyun BPF_ALU64_REG(BPF_ADD, BPF_REG_7, BPF_REG_2), 18*4882a593Smuzhiyun BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_7, 0), 19*4882a593Smuzhiyun BPF_EXIT_INSN(), 20*4882a593Smuzhiyun }, 21*4882a593Smuzhiyun .fixup_map_hash_48b = { 4 }, 22*4882a593Smuzhiyun .result = ACCEPT, 23*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_TRACEPOINT, 24*4882a593Smuzhiyun }, 25*4882a593Smuzhiyun { 26*4882a593Smuzhiyun "regalloc negative", 27*4882a593Smuzhiyun .insns = { 28*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_6, BPF_REG_1), 29*4882a593Smuzhiyun BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), 30*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 31*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 32*4882a593Smuzhiyun BPF_LD_MAP_FD(BPF_REG_1, 0), 33*4882a593Smuzhiyun BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 34*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 8), 35*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_7, BPF_REG_0), 36*4882a593Smuzhiyun BPF_EMIT_CALL(BPF_FUNC_get_prandom_u32), 37*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_0), 38*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JSGT, BPF_REG_0, 24, 4), 39*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JSLT, BPF_REG_2, 0, 3), 40*4882a593Smuzhiyun BPF_ALU64_REG(BPF_ADD, BPF_REG_7, BPF_REG_0), 41*4882a593Smuzhiyun BPF_ALU64_REG(BPF_ADD, BPF_REG_7, BPF_REG_2), 42*4882a593Smuzhiyun BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_7, 0), 43*4882a593Smuzhiyun BPF_EXIT_INSN(), 44*4882a593Smuzhiyun }, 45*4882a593Smuzhiyun .fixup_map_hash_48b = { 4 }, 46*4882a593Smuzhiyun .result = REJECT, 47*4882a593Smuzhiyun .errstr = "invalid access to map value, value_size=48 off=48 size=1", 48*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_TRACEPOINT, 49*4882a593Smuzhiyun }, 50*4882a593Smuzhiyun { 51*4882a593Smuzhiyun "regalloc src_reg mark", 52*4882a593Smuzhiyun .insns = { 53*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_6, BPF_REG_1), 54*4882a593Smuzhiyun BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), 55*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 56*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 57*4882a593Smuzhiyun BPF_LD_MAP_FD(BPF_REG_1, 0), 58*4882a593Smuzhiyun BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 59*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 9), 60*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_7, BPF_REG_0), 61*4882a593Smuzhiyun BPF_EMIT_CALL(BPF_FUNC_get_prandom_u32), 62*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_0), 63*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JSGT, BPF_REG_0, 20, 5), 64*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_3, 0), 65*4882a593Smuzhiyun BPF_JMP_REG(BPF_JSGE, BPF_REG_3, BPF_REG_2, 3), 66*4882a593Smuzhiyun BPF_ALU64_REG(BPF_ADD, BPF_REG_7, BPF_REG_0), 67*4882a593Smuzhiyun BPF_ALU64_REG(BPF_ADD, BPF_REG_7, BPF_REG_2), 68*4882a593Smuzhiyun BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_7, 0), 69*4882a593Smuzhiyun BPF_EXIT_INSN(), 70*4882a593Smuzhiyun }, 71*4882a593Smuzhiyun .fixup_map_hash_48b = { 4 }, 72*4882a593Smuzhiyun .result = ACCEPT, 73*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_TRACEPOINT, 74*4882a593Smuzhiyun }, 75*4882a593Smuzhiyun { 76*4882a593Smuzhiyun "regalloc src_reg negative", 77*4882a593Smuzhiyun .insns = { 78*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_6, BPF_REG_1), 79*4882a593Smuzhiyun BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), 80*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 81*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 82*4882a593Smuzhiyun BPF_LD_MAP_FD(BPF_REG_1, 0), 83*4882a593Smuzhiyun BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 84*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 9), 85*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_7, BPF_REG_0), 86*4882a593Smuzhiyun BPF_EMIT_CALL(BPF_FUNC_get_prandom_u32), 87*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_0), 88*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JSGT, BPF_REG_0, 22, 5), 89*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_3, 0), 90*4882a593Smuzhiyun BPF_JMP_REG(BPF_JSGE, BPF_REG_3, BPF_REG_2, 3), 91*4882a593Smuzhiyun BPF_ALU64_REG(BPF_ADD, BPF_REG_7, BPF_REG_0), 92*4882a593Smuzhiyun BPF_ALU64_REG(BPF_ADD, BPF_REG_7, BPF_REG_2), 93*4882a593Smuzhiyun BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_7, 0), 94*4882a593Smuzhiyun BPF_EXIT_INSN(), 95*4882a593Smuzhiyun }, 96*4882a593Smuzhiyun .fixup_map_hash_48b = { 4 }, 97*4882a593Smuzhiyun .result = REJECT, 98*4882a593Smuzhiyun .errstr = "invalid access to map value, value_size=48 off=44 size=8", 99*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_TRACEPOINT, 100*4882a593Smuzhiyun }, 101*4882a593Smuzhiyun { 102*4882a593Smuzhiyun "regalloc and spill", 103*4882a593Smuzhiyun .insns = { 104*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_6, BPF_REG_1), 105*4882a593Smuzhiyun BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), 106*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 107*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 108*4882a593Smuzhiyun BPF_LD_MAP_FD(BPF_REG_1, 0), 109*4882a593Smuzhiyun BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 110*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 11), 111*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_7, BPF_REG_0), 112*4882a593Smuzhiyun BPF_EMIT_CALL(BPF_FUNC_get_prandom_u32), 113*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_0), 114*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JSGT, BPF_REG_0, 20, 7), 115*4882a593Smuzhiyun /* r0 has upper bound that should propagate into r2 */ 116*4882a593Smuzhiyun BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -8), /* spill r2 */ 117*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 0), 118*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_2, 0), /* clear r0 and r2 */ 119*4882a593Smuzhiyun BPF_LDX_MEM(BPF_DW, BPF_REG_3, BPF_REG_10, -8), /* fill r3 */ 120*4882a593Smuzhiyun BPF_JMP_REG(BPF_JSGE, BPF_REG_0, BPF_REG_3, 2), 121*4882a593Smuzhiyun /* r3 has lower and upper bounds */ 122*4882a593Smuzhiyun BPF_ALU64_REG(BPF_ADD, BPF_REG_7, BPF_REG_3), 123*4882a593Smuzhiyun BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_7, 0), 124*4882a593Smuzhiyun BPF_EXIT_INSN(), 125*4882a593Smuzhiyun }, 126*4882a593Smuzhiyun .fixup_map_hash_48b = { 4 }, 127*4882a593Smuzhiyun .result = ACCEPT, 128*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_TRACEPOINT, 129*4882a593Smuzhiyun }, 130*4882a593Smuzhiyun { 131*4882a593Smuzhiyun "regalloc and spill negative", 132*4882a593Smuzhiyun .insns = { 133*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_6, BPF_REG_1), 134*4882a593Smuzhiyun BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), 135*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 136*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 137*4882a593Smuzhiyun BPF_LD_MAP_FD(BPF_REG_1, 0), 138*4882a593Smuzhiyun BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 139*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 11), 140*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_7, BPF_REG_0), 141*4882a593Smuzhiyun BPF_EMIT_CALL(BPF_FUNC_get_prandom_u32), 142*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_0), 143*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JSGT, BPF_REG_0, 48, 7), 144*4882a593Smuzhiyun /* r0 has upper bound that should propagate into r2 */ 145*4882a593Smuzhiyun BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -8), /* spill r2 */ 146*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 0), 147*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_2, 0), /* clear r0 and r2 */ 148*4882a593Smuzhiyun BPF_LDX_MEM(BPF_DW, BPF_REG_3, BPF_REG_10, -8), /* fill r3 */ 149*4882a593Smuzhiyun BPF_JMP_REG(BPF_JSGE, BPF_REG_0, BPF_REG_3, 2), 150*4882a593Smuzhiyun /* r3 has lower and upper bounds */ 151*4882a593Smuzhiyun BPF_ALU64_REG(BPF_ADD, BPF_REG_7, BPF_REG_3), 152*4882a593Smuzhiyun BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_7, 0), 153*4882a593Smuzhiyun BPF_EXIT_INSN(), 154*4882a593Smuzhiyun }, 155*4882a593Smuzhiyun .fixup_map_hash_48b = { 4 }, 156*4882a593Smuzhiyun .result = REJECT, 157*4882a593Smuzhiyun .errstr = "invalid access to map value, value_size=48 off=48 size=8", 158*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_TRACEPOINT, 159*4882a593Smuzhiyun }, 160*4882a593Smuzhiyun { 161*4882a593Smuzhiyun "regalloc three regs", 162*4882a593Smuzhiyun .insns = { 163*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_6, BPF_REG_1), 164*4882a593Smuzhiyun BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), 165*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 166*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 167*4882a593Smuzhiyun BPF_LD_MAP_FD(BPF_REG_1, 0), 168*4882a593Smuzhiyun BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 169*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 10), 170*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_7, BPF_REG_0), 171*4882a593Smuzhiyun BPF_EMIT_CALL(BPF_FUNC_get_prandom_u32), 172*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_0), 173*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_4, BPF_REG_2), 174*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JSGT, BPF_REG_0, 12, 5), 175*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JSLT, BPF_REG_2, 0, 4), 176*4882a593Smuzhiyun BPF_ALU64_REG(BPF_ADD, BPF_REG_7, BPF_REG_0), 177*4882a593Smuzhiyun BPF_ALU64_REG(BPF_ADD, BPF_REG_7, BPF_REG_2), 178*4882a593Smuzhiyun BPF_ALU64_REG(BPF_ADD, BPF_REG_7, BPF_REG_4), 179*4882a593Smuzhiyun BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_7, 0), 180*4882a593Smuzhiyun BPF_EXIT_INSN(), 181*4882a593Smuzhiyun }, 182*4882a593Smuzhiyun .fixup_map_hash_48b = { 4 }, 183*4882a593Smuzhiyun .result = ACCEPT, 184*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_TRACEPOINT, 185*4882a593Smuzhiyun }, 186*4882a593Smuzhiyun { 187*4882a593Smuzhiyun "regalloc after call", 188*4882a593Smuzhiyun .insns = { 189*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_6, BPF_REG_1), 190*4882a593Smuzhiyun BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), 191*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 192*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 193*4882a593Smuzhiyun BPF_LD_MAP_FD(BPF_REG_1, 0), 194*4882a593Smuzhiyun BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 195*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 10), 196*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_7, BPF_REG_0), 197*4882a593Smuzhiyun BPF_EMIT_CALL(BPF_FUNC_get_prandom_u32), 198*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_8, BPF_REG_0), 199*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_9, BPF_REG_0), 200*4882a593Smuzhiyun BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 1, 0, 6), 201*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JSGT, BPF_REG_8, 20, 4), 202*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JSLT, BPF_REG_9, 0, 3), 203*4882a593Smuzhiyun BPF_ALU64_REG(BPF_ADD, BPF_REG_7, BPF_REG_8), 204*4882a593Smuzhiyun BPF_ALU64_REG(BPF_ADD, BPF_REG_7, BPF_REG_9), 205*4882a593Smuzhiyun BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_7, 0), 206*4882a593Smuzhiyun BPF_EXIT_INSN(), 207*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 0), 208*4882a593Smuzhiyun BPF_EXIT_INSN(), 209*4882a593Smuzhiyun }, 210*4882a593Smuzhiyun .fixup_map_hash_48b = { 4 }, 211*4882a593Smuzhiyun .result = ACCEPT, 212*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_TRACEPOINT, 213*4882a593Smuzhiyun }, 214*4882a593Smuzhiyun { 215*4882a593Smuzhiyun "regalloc in callee", 216*4882a593Smuzhiyun .insns = { 217*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_6, BPF_REG_1), 218*4882a593Smuzhiyun BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), 219*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 220*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 221*4882a593Smuzhiyun BPF_LD_MAP_FD(BPF_REG_1, 0), 222*4882a593Smuzhiyun BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 223*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 6), 224*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_7, BPF_REG_0), 225*4882a593Smuzhiyun BPF_EMIT_CALL(BPF_FUNC_get_prandom_u32), 226*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), 227*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_0), 228*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_3, BPF_REG_7), 229*4882a593Smuzhiyun BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 1, 0, 1), 230*4882a593Smuzhiyun BPF_EXIT_INSN(), 231*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JSGT, BPF_REG_1, 20, 5), 232*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JSLT, BPF_REG_2, 0, 4), 233*4882a593Smuzhiyun BPF_ALU64_REG(BPF_ADD, BPF_REG_3, BPF_REG_1), 234*4882a593Smuzhiyun BPF_ALU64_REG(BPF_ADD, BPF_REG_3, BPF_REG_2), 235*4882a593Smuzhiyun BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_3, 0), 236*4882a593Smuzhiyun BPF_EXIT_INSN(), 237*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 0), 238*4882a593Smuzhiyun BPF_EXIT_INSN(), 239*4882a593Smuzhiyun }, 240*4882a593Smuzhiyun .fixup_map_hash_48b = { 4 }, 241*4882a593Smuzhiyun .result = ACCEPT, 242*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_TRACEPOINT, 243*4882a593Smuzhiyun }, 244*4882a593Smuzhiyun { 245*4882a593Smuzhiyun "regalloc, spill, JEQ", 246*4882a593Smuzhiyun .insns = { 247*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_6, BPF_REG_1), 248*4882a593Smuzhiyun BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), 249*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 250*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 251*4882a593Smuzhiyun BPF_LD_MAP_FD(BPF_REG_1, 0), 252*4882a593Smuzhiyun BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 253*4882a593Smuzhiyun BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -8), /* spill r0 */ 254*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 0), 255*4882a593Smuzhiyun /* The verifier will walk the rest twice with r0 == 0 and r0 == map_value */ 256*4882a593Smuzhiyun BPF_EMIT_CALL(BPF_FUNC_get_prandom_u32), 257*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_0), 258*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JEQ, BPF_REG_2, 20, 0), 259*4882a593Smuzhiyun /* The verifier will walk the rest two more times with r0 == 20 and r0 == unknown */ 260*4882a593Smuzhiyun BPF_LDX_MEM(BPF_DW, BPF_REG_3, BPF_REG_10, -8), /* fill r3 with map_value */ 261*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JEQ, BPF_REG_3, 0, 1), /* skip ldx if map_value == NULL */ 262*4882a593Smuzhiyun /* Buggy verifier will think that r3 == 20 here */ 263*4882a593Smuzhiyun BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_3, 0), /* read from map_value */ 264*4882a593Smuzhiyun BPF_EXIT_INSN(), 265*4882a593Smuzhiyun }, 266*4882a593Smuzhiyun .fixup_map_hash_48b = { 4 }, 267*4882a593Smuzhiyun .result = ACCEPT, 268*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_TRACEPOINT, 269*4882a593Smuzhiyun }, 270