1*4882a593Smuzhiyun { 2*4882a593Smuzhiyun "PTR_TO_STACK store/load", 3*4882a593Smuzhiyun .insns = { 4*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), 5*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -10), 6*4882a593Smuzhiyun BPF_ST_MEM(BPF_DW, BPF_REG_1, 2, 0xfaceb00c), 7*4882a593Smuzhiyun BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 2), 8*4882a593Smuzhiyun BPF_EXIT_INSN(), 9*4882a593Smuzhiyun }, 10*4882a593Smuzhiyun .result = ACCEPT, 11*4882a593Smuzhiyun .retval = 0xfaceb00c, 12*4882a593Smuzhiyun }, 13*4882a593Smuzhiyun { 14*4882a593Smuzhiyun "PTR_TO_STACK store/load - bad alignment on off", 15*4882a593Smuzhiyun .insns = { 16*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), 17*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -8), 18*4882a593Smuzhiyun BPF_ST_MEM(BPF_DW, BPF_REG_1, 2, 0xfaceb00c), 19*4882a593Smuzhiyun BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 2), 20*4882a593Smuzhiyun BPF_EXIT_INSN(), 21*4882a593Smuzhiyun }, 22*4882a593Smuzhiyun .result = REJECT, 23*4882a593Smuzhiyun .errstr = "misaligned stack access off (0x0; 0x0)+-8+2 size 8", 24*4882a593Smuzhiyun }, 25*4882a593Smuzhiyun { 26*4882a593Smuzhiyun "PTR_TO_STACK store/load - bad alignment on reg", 27*4882a593Smuzhiyun .insns = { 28*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), 29*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -10), 30*4882a593Smuzhiyun BPF_ST_MEM(BPF_DW, BPF_REG_1, 8, 0xfaceb00c), 31*4882a593Smuzhiyun BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 8), 32*4882a593Smuzhiyun BPF_EXIT_INSN(), 33*4882a593Smuzhiyun }, 34*4882a593Smuzhiyun .result = REJECT, 35*4882a593Smuzhiyun .errstr = "misaligned stack access off (0x0; 0x0)+-10+8 size 8", 36*4882a593Smuzhiyun }, 37*4882a593Smuzhiyun { 38*4882a593Smuzhiyun "PTR_TO_STACK store/load - out of bounds low", 39*4882a593Smuzhiyun .insns = { 40*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), 41*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -80000), 42*4882a593Smuzhiyun BPF_ST_MEM(BPF_DW, BPF_REG_1, 8, 0xfaceb00c), 43*4882a593Smuzhiyun BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 8), 44*4882a593Smuzhiyun BPF_EXIT_INSN(), 45*4882a593Smuzhiyun }, 46*4882a593Smuzhiyun .result = REJECT, 47*4882a593Smuzhiyun .errstr = "invalid write to stack R1 off=-79992 size=8", 48*4882a593Smuzhiyun .errstr_unpriv = "R1 stack pointer arithmetic goes out of range", 49*4882a593Smuzhiyun }, 50*4882a593Smuzhiyun { 51*4882a593Smuzhiyun "PTR_TO_STACK store/load - out of bounds high", 52*4882a593Smuzhiyun .insns = { 53*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), 54*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -8), 55*4882a593Smuzhiyun BPF_ST_MEM(BPF_DW, BPF_REG_1, 8, 0xfaceb00c), 56*4882a593Smuzhiyun BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 8), 57*4882a593Smuzhiyun BPF_EXIT_INSN(), 58*4882a593Smuzhiyun }, 59*4882a593Smuzhiyun .result = REJECT, 60*4882a593Smuzhiyun .errstr = "invalid write to stack R1 off=0 size=8", 61*4882a593Smuzhiyun }, 62*4882a593Smuzhiyun { 63*4882a593Smuzhiyun "PTR_TO_STACK check high 1", 64*4882a593Smuzhiyun .insns = { 65*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), 66*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -1), 67*4882a593Smuzhiyun BPF_ST_MEM(BPF_B, BPF_REG_1, 0, 42), 68*4882a593Smuzhiyun BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 0), 69*4882a593Smuzhiyun BPF_EXIT_INSN(), 70*4882a593Smuzhiyun }, 71*4882a593Smuzhiyun .result = ACCEPT, 72*4882a593Smuzhiyun .retval = 42, 73*4882a593Smuzhiyun }, 74*4882a593Smuzhiyun { 75*4882a593Smuzhiyun "PTR_TO_STACK check high 2", 76*4882a593Smuzhiyun .insns = { 77*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), 78*4882a593Smuzhiyun BPF_ST_MEM(BPF_B, BPF_REG_1, -1, 42), 79*4882a593Smuzhiyun BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, -1), 80*4882a593Smuzhiyun BPF_EXIT_INSN(), 81*4882a593Smuzhiyun }, 82*4882a593Smuzhiyun .result = ACCEPT, 83*4882a593Smuzhiyun .retval = 42, 84*4882a593Smuzhiyun }, 85*4882a593Smuzhiyun { 86*4882a593Smuzhiyun "PTR_TO_STACK check high 3", 87*4882a593Smuzhiyun .insns = { 88*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), 89*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 0), 90*4882a593Smuzhiyun BPF_ST_MEM(BPF_B, BPF_REG_1, -1, 42), 91*4882a593Smuzhiyun BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, -1), 92*4882a593Smuzhiyun BPF_EXIT_INSN(), 93*4882a593Smuzhiyun }, 94*4882a593Smuzhiyun .errstr_unpriv = "R1 stack pointer arithmetic goes out of range", 95*4882a593Smuzhiyun .result_unpriv = REJECT, 96*4882a593Smuzhiyun .result = ACCEPT, 97*4882a593Smuzhiyun .retval = 42, 98*4882a593Smuzhiyun }, 99*4882a593Smuzhiyun { 100*4882a593Smuzhiyun "PTR_TO_STACK check high 4", 101*4882a593Smuzhiyun .insns = { 102*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), 103*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 0), 104*4882a593Smuzhiyun BPF_ST_MEM(BPF_B, BPF_REG_1, 0, 42), 105*4882a593Smuzhiyun BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 0), 106*4882a593Smuzhiyun BPF_EXIT_INSN(), 107*4882a593Smuzhiyun }, 108*4882a593Smuzhiyun .errstr_unpriv = "R1 stack pointer arithmetic goes out of range", 109*4882a593Smuzhiyun .errstr = "invalid write to stack R1 off=0 size=1", 110*4882a593Smuzhiyun .result = REJECT, 111*4882a593Smuzhiyun }, 112*4882a593Smuzhiyun { 113*4882a593Smuzhiyun "PTR_TO_STACK check high 5", 114*4882a593Smuzhiyun .insns = { 115*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), 116*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, (1 << 29) - 1), 117*4882a593Smuzhiyun BPF_ST_MEM(BPF_B, BPF_REG_1, 0, 42), 118*4882a593Smuzhiyun BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 0), 119*4882a593Smuzhiyun BPF_EXIT_INSN(), 120*4882a593Smuzhiyun }, 121*4882a593Smuzhiyun .result = REJECT, 122*4882a593Smuzhiyun .errstr_unpriv = "R1 stack pointer arithmetic goes out of range", 123*4882a593Smuzhiyun .errstr = "invalid write to stack R1", 124*4882a593Smuzhiyun }, 125*4882a593Smuzhiyun { 126*4882a593Smuzhiyun "PTR_TO_STACK check high 6", 127*4882a593Smuzhiyun .insns = { 128*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), 129*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, (1 << 29) - 1), 130*4882a593Smuzhiyun BPF_ST_MEM(BPF_B, BPF_REG_1, SHRT_MAX, 42), 131*4882a593Smuzhiyun BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, SHRT_MAX), 132*4882a593Smuzhiyun BPF_EXIT_INSN(), 133*4882a593Smuzhiyun }, 134*4882a593Smuzhiyun .result = REJECT, 135*4882a593Smuzhiyun .errstr_unpriv = "R1 stack pointer arithmetic goes out of range", 136*4882a593Smuzhiyun .errstr = "invalid write to stack", 137*4882a593Smuzhiyun }, 138*4882a593Smuzhiyun { 139*4882a593Smuzhiyun "PTR_TO_STACK check high 7", 140*4882a593Smuzhiyun .insns = { 141*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), 142*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, (1 << 29) - 1), 143*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, (1 << 29) - 1), 144*4882a593Smuzhiyun BPF_ST_MEM(BPF_B, BPF_REG_1, SHRT_MAX, 42), 145*4882a593Smuzhiyun BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, SHRT_MAX), 146*4882a593Smuzhiyun BPF_EXIT_INSN(), 147*4882a593Smuzhiyun }, 148*4882a593Smuzhiyun .result = REJECT, 149*4882a593Smuzhiyun .errstr_unpriv = "R1 stack pointer arithmetic goes out of range", 150*4882a593Smuzhiyun .errstr = "fp pointer offset", 151*4882a593Smuzhiyun }, 152*4882a593Smuzhiyun { 153*4882a593Smuzhiyun "PTR_TO_STACK check low 1", 154*4882a593Smuzhiyun .insns = { 155*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), 156*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -512), 157*4882a593Smuzhiyun BPF_ST_MEM(BPF_B, BPF_REG_1, 0, 42), 158*4882a593Smuzhiyun BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 0), 159*4882a593Smuzhiyun BPF_EXIT_INSN(), 160*4882a593Smuzhiyun }, 161*4882a593Smuzhiyun .result = ACCEPT, 162*4882a593Smuzhiyun .retval = 42, 163*4882a593Smuzhiyun }, 164*4882a593Smuzhiyun { 165*4882a593Smuzhiyun "PTR_TO_STACK check low 2", 166*4882a593Smuzhiyun .insns = { 167*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), 168*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -513), 169*4882a593Smuzhiyun BPF_ST_MEM(BPF_B, BPF_REG_1, 1, 42), 170*4882a593Smuzhiyun BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 1), 171*4882a593Smuzhiyun BPF_EXIT_INSN(), 172*4882a593Smuzhiyun }, 173*4882a593Smuzhiyun .result_unpriv = REJECT, 174*4882a593Smuzhiyun .errstr_unpriv = "R1 stack pointer arithmetic goes out of range", 175*4882a593Smuzhiyun .result = ACCEPT, 176*4882a593Smuzhiyun .retval = 42, 177*4882a593Smuzhiyun }, 178*4882a593Smuzhiyun { 179*4882a593Smuzhiyun "PTR_TO_STACK check low 3", 180*4882a593Smuzhiyun .insns = { 181*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), 182*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -513), 183*4882a593Smuzhiyun BPF_ST_MEM(BPF_B, BPF_REG_1, 0, 42), 184*4882a593Smuzhiyun BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 0), 185*4882a593Smuzhiyun BPF_EXIT_INSN(), 186*4882a593Smuzhiyun }, 187*4882a593Smuzhiyun .errstr_unpriv = "R1 stack pointer arithmetic goes out of range", 188*4882a593Smuzhiyun .errstr = "invalid write to stack R1 off=-513 size=1", 189*4882a593Smuzhiyun .result = REJECT, 190*4882a593Smuzhiyun }, 191*4882a593Smuzhiyun { 192*4882a593Smuzhiyun "PTR_TO_STACK check low 4", 193*4882a593Smuzhiyun .insns = { 194*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), 195*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, INT_MIN), 196*4882a593Smuzhiyun BPF_ST_MEM(BPF_B, BPF_REG_1, 0, 42), 197*4882a593Smuzhiyun BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 0), 198*4882a593Smuzhiyun BPF_EXIT_INSN(), 199*4882a593Smuzhiyun }, 200*4882a593Smuzhiyun .result = REJECT, 201*4882a593Smuzhiyun .errstr = "math between fp pointer", 202*4882a593Smuzhiyun }, 203*4882a593Smuzhiyun { 204*4882a593Smuzhiyun "PTR_TO_STACK check low 5", 205*4882a593Smuzhiyun .insns = { 206*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), 207*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -((1 << 29) - 1)), 208*4882a593Smuzhiyun BPF_ST_MEM(BPF_B, BPF_REG_1, 0, 42), 209*4882a593Smuzhiyun BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 0), 210*4882a593Smuzhiyun BPF_EXIT_INSN(), 211*4882a593Smuzhiyun }, 212*4882a593Smuzhiyun .result = REJECT, 213*4882a593Smuzhiyun .errstr_unpriv = "R1 stack pointer arithmetic goes out of range", 214*4882a593Smuzhiyun .errstr = "invalid write to stack", 215*4882a593Smuzhiyun }, 216*4882a593Smuzhiyun { 217*4882a593Smuzhiyun "PTR_TO_STACK check low 6", 218*4882a593Smuzhiyun .insns = { 219*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), 220*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -((1 << 29) - 1)), 221*4882a593Smuzhiyun BPF_ST_MEM(BPF_B, BPF_REG_1, SHRT_MIN, 42), 222*4882a593Smuzhiyun BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, SHRT_MIN), 223*4882a593Smuzhiyun BPF_EXIT_INSN(), 224*4882a593Smuzhiyun }, 225*4882a593Smuzhiyun .result = REJECT, 226*4882a593Smuzhiyun .errstr = "invalid write to stack", 227*4882a593Smuzhiyun .errstr_unpriv = "R1 stack pointer arithmetic goes out of range", 228*4882a593Smuzhiyun }, 229*4882a593Smuzhiyun { 230*4882a593Smuzhiyun "PTR_TO_STACK check low 7", 231*4882a593Smuzhiyun .insns = { 232*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), 233*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -((1 << 29) - 1)), 234*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -((1 << 29) - 1)), 235*4882a593Smuzhiyun BPF_ST_MEM(BPF_B, BPF_REG_1, SHRT_MIN, 42), 236*4882a593Smuzhiyun BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, SHRT_MIN), 237*4882a593Smuzhiyun BPF_EXIT_INSN(), 238*4882a593Smuzhiyun }, 239*4882a593Smuzhiyun .result = REJECT, 240*4882a593Smuzhiyun .errstr_unpriv = "R1 stack pointer arithmetic goes out of range", 241*4882a593Smuzhiyun .errstr = "fp pointer offset", 242*4882a593Smuzhiyun }, 243*4882a593Smuzhiyun { 244*4882a593Smuzhiyun "PTR_TO_STACK mixed reg/k, 1", 245*4882a593Smuzhiyun .insns = { 246*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), 247*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -3), 248*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_2, -3), 249*4882a593Smuzhiyun BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_2), 250*4882a593Smuzhiyun BPF_ST_MEM(BPF_B, BPF_REG_1, 0, 42), 251*4882a593Smuzhiyun BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 0), 252*4882a593Smuzhiyun BPF_EXIT_INSN(), 253*4882a593Smuzhiyun }, 254*4882a593Smuzhiyun .result = ACCEPT, 255*4882a593Smuzhiyun .retval = 42, 256*4882a593Smuzhiyun }, 257*4882a593Smuzhiyun { 258*4882a593Smuzhiyun "PTR_TO_STACK mixed reg/k, 2", 259*4882a593Smuzhiyun .insns = { 260*4882a593Smuzhiyun BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), 261*4882a593Smuzhiyun BPF_ST_MEM(BPF_DW, BPF_REG_10, -16, 0), 262*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), 263*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -3), 264*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_2, -3), 265*4882a593Smuzhiyun BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_2), 266*4882a593Smuzhiyun BPF_ST_MEM(BPF_B, BPF_REG_1, 0, 42), 267*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_5, BPF_REG_10), 268*4882a593Smuzhiyun BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_5, -6), 269*4882a593Smuzhiyun BPF_EXIT_INSN(), 270*4882a593Smuzhiyun }, 271*4882a593Smuzhiyun .result = ACCEPT, 272*4882a593Smuzhiyun .retval = 42, 273*4882a593Smuzhiyun }, 274*4882a593Smuzhiyun { 275*4882a593Smuzhiyun "PTR_TO_STACK mixed reg/k, 3", 276*4882a593Smuzhiyun .insns = { 277*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), 278*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -3), 279*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_2, -3), 280*4882a593Smuzhiyun BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_2), 281*4882a593Smuzhiyun BPF_ST_MEM(BPF_B, BPF_REG_1, 0, 42), 282*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 283*4882a593Smuzhiyun BPF_EXIT_INSN(), 284*4882a593Smuzhiyun }, 285*4882a593Smuzhiyun .result = ACCEPT, 286*4882a593Smuzhiyun .retval = -3, 287*4882a593Smuzhiyun }, 288*4882a593Smuzhiyun { 289*4882a593Smuzhiyun "PTR_TO_STACK reg", 290*4882a593Smuzhiyun .insns = { 291*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), 292*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_2, -3), 293*4882a593Smuzhiyun BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_2), 294*4882a593Smuzhiyun BPF_ST_MEM(BPF_B, BPF_REG_1, 0, 42), 295*4882a593Smuzhiyun BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_1, 0), 296*4882a593Smuzhiyun BPF_EXIT_INSN(), 297*4882a593Smuzhiyun }, 298*4882a593Smuzhiyun .result = ACCEPT, 299*4882a593Smuzhiyun .retval = 42, 300*4882a593Smuzhiyun }, 301*4882a593Smuzhiyun { 302*4882a593Smuzhiyun "stack pointer arithmetic", 303*4882a593Smuzhiyun .insns = { 304*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_1, 4), 305*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JA, 0, 0, 0), 306*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_7, BPF_REG_10), 307*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -10), 308*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -10), 309*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_7), 310*4882a593Smuzhiyun BPF_ALU64_REG(BPF_ADD, BPF_REG_2, BPF_REG_1), 311*4882a593Smuzhiyun BPF_ST_MEM(0, BPF_REG_2, 4, 0), 312*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_7), 313*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, 8), 314*4882a593Smuzhiyun BPF_ST_MEM(0, BPF_REG_2, 4, 0), 315*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 0), 316*4882a593Smuzhiyun BPF_EXIT_INSN(), 317*4882a593Smuzhiyun }, 318*4882a593Smuzhiyun .result = ACCEPT, 319*4882a593Smuzhiyun }, 320*4882a593Smuzhiyun { 321*4882a593Smuzhiyun "store PTR_TO_STACK in R10 to array map using BPF_B", 322*4882a593Smuzhiyun .insns = { 323*4882a593Smuzhiyun /* Load pointer to map. */ 324*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), 325*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), 326*4882a593Smuzhiyun BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0), 327*4882a593Smuzhiyun BPF_LD_MAP_FD(BPF_REG_1, 0), 328*4882a593Smuzhiyun BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), 329*4882a593Smuzhiyun BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2), 330*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 2), 331*4882a593Smuzhiyun BPF_EXIT_INSN(), 332*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_1, BPF_REG_0), 333*4882a593Smuzhiyun /* Copy R10 to R9. */ 334*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_9, BPF_REG_10), 335*4882a593Smuzhiyun /* Pollute other registers with unaligned values. */ 336*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_2, -1), 337*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_3, -1), 338*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_4, -1), 339*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_5, -1), 340*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_6, -1), 341*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_7, -1), 342*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_8, -1), 343*4882a593Smuzhiyun /* Store both R9 and R10 with BPF_B and read back. */ 344*4882a593Smuzhiyun BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_10, 0), 345*4882a593Smuzhiyun BPF_LDX_MEM(BPF_B, BPF_REG_2, BPF_REG_1, 0), 346*4882a593Smuzhiyun BPF_STX_MEM(BPF_B, BPF_REG_1, BPF_REG_9, 0), 347*4882a593Smuzhiyun BPF_LDX_MEM(BPF_B, BPF_REG_3, BPF_REG_1, 0), 348*4882a593Smuzhiyun /* Should read back as same value. */ 349*4882a593Smuzhiyun BPF_JMP_REG(BPF_JEQ, BPF_REG_2, BPF_REG_3, 2), 350*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 1), 351*4882a593Smuzhiyun BPF_EXIT_INSN(), 352*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 42), 353*4882a593Smuzhiyun BPF_EXIT_INSN(), 354*4882a593Smuzhiyun }, 355*4882a593Smuzhiyun .fixup_map_array_48b = { 3 }, 356*4882a593Smuzhiyun .result = ACCEPT, 357*4882a593Smuzhiyun .retval = 42, 358*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_SCHED_CLS, 359*4882a593Smuzhiyun }, 360