1 {
2 	"spin_lock: test1 success",
3 	.insns = {
4 	BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
5 	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
6 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
7 	BPF_LD_MAP_FD(BPF_REG_1,
8 		      0),
9 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
10 	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
11 	BPF_EXIT_INSN(),
12 	BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
13 	BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
14 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
15 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
16 	BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
17 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
18 	BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_6, 0),
19 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
20 	BPF_MOV64_IMM(BPF_REG_0, 0),
21 	BPF_EXIT_INSN(),
22 	},
23 	.fixup_map_spin_lock = { 3 },
24 	.result = ACCEPT,
25 	.result_unpriv = REJECT,
26 	.errstr_unpriv = "",
27 	.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
28 },
29 {
30 	"spin_lock: test2 direct ld/st",
31 	.insns = {
32 	BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
33 	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
34 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
35 	BPF_LD_MAP_FD(BPF_REG_1,
36 		      0),
37 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
38 	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
39 	BPF_EXIT_INSN(),
40 	BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
41 	BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
42 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
43 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
44 	BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
45 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
46 	BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 0),
47 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
48 	BPF_MOV64_IMM(BPF_REG_0, 0),
49 	BPF_EXIT_INSN(),
50 	},
51 	.fixup_map_spin_lock = { 3 },
52 	.result = REJECT,
53 	.errstr = "cannot be accessed directly",
54 	.result_unpriv = REJECT,
55 	.errstr_unpriv = "",
56 	.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
57 },
58 {
59 	"spin_lock: test3 direct ld/st",
60 	.insns = {
61 	BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
62 	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
63 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
64 	BPF_LD_MAP_FD(BPF_REG_1,
65 		      0),
66 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
67 	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
68 	BPF_EXIT_INSN(),
69 	BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
70 	BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
71 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
72 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
73 	BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
74 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
75 	BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_6, 1),
76 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
77 	BPF_MOV64_IMM(BPF_REG_0, 0),
78 	BPF_EXIT_INSN(),
79 	},
80 	.fixup_map_spin_lock = { 3 },
81 	.result = REJECT,
82 	.errstr = "cannot be accessed directly",
83 	.result_unpriv = REJECT,
84 	.errstr_unpriv = "",
85 	.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
86 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
87 },
88 {
89 	"spin_lock: test4 direct ld/st",
90 	.insns = {
91 	BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
92 	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
93 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
94 	BPF_LD_MAP_FD(BPF_REG_1,
95 		      0),
96 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
97 	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
98 	BPF_EXIT_INSN(),
99 	BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
100 	BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
101 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
102 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
103 	BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
104 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
105 	BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_6, 3),
106 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
107 	BPF_MOV64_IMM(BPF_REG_0, 0),
108 	BPF_EXIT_INSN(),
109 	},
110 	.fixup_map_spin_lock = { 3 },
111 	.result = REJECT,
112 	.errstr = "cannot be accessed directly",
113 	.result_unpriv = REJECT,
114 	.errstr_unpriv = "",
115 	.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
116 	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
117 },
118 {
119 	"spin_lock: test5 call within a locked region",
120 	.insns = {
121 	BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
122 	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
123 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
124 	BPF_LD_MAP_FD(BPF_REG_1,
125 		      0),
126 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
127 	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
128 	BPF_EXIT_INSN(),
129 	BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
130 	BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
131 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
132 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
133 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_get_prandom_u32),
134 	BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
135 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
136 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
137 	BPF_MOV64_IMM(BPF_REG_0, 0),
138 	BPF_EXIT_INSN(),
139 	},
140 	.fixup_map_spin_lock = { 3 },
141 	.result = REJECT,
142 	.errstr = "calls are not allowed",
143 	.result_unpriv = REJECT,
144 	.errstr_unpriv = "",
145 	.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
146 },
147 {
148 	"spin_lock: test6 missing unlock",
149 	.insns = {
150 	BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
151 	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
152 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
153 	BPF_LD_MAP_FD(BPF_REG_1,
154 		      0),
155 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
156 	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
157 	BPF_EXIT_INSN(),
158 	BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
159 	BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
160 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
161 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
162 	BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
163 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
164 	BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_6, 0),
165 	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
166 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
167 	BPF_MOV64_IMM(BPF_REG_0, 0),
168 	BPF_EXIT_INSN(),
169 	},
170 	.fixup_map_spin_lock = { 3 },
171 	.result = REJECT,
172 	.errstr = "unlock is missing",
173 	.result_unpriv = REJECT,
174 	.errstr_unpriv = "",
175 	.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
176 },
177 {
178 	"spin_lock: test7 unlock without lock",
179 	.insns = {
180 	BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
181 	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
182 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
183 	BPF_LD_MAP_FD(BPF_REG_1,
184 		      0),
185 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
186 	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
187 	BPF_EXIT_INSN(),
188 	BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
189 	BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
190 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
191 	BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 1),
192 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
193 	BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
194 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
195 	BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_6, 0),
196 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
197 	BPF_MOV64_IMM(BPF_REG_0, 0),
198 	BPF_EXIT_INSN(),
199 	},
200 	.fixup_map_spin_lock = { 3 },
201 	.result = REJECT,
202 	.errstr = "without taking a lock",
203 	.result_unpriv = REJECT,
204 	.errstr_unpriv = "",
205 	.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
206 },
207 {
208 	"spin_lock: test8 double lock",
209 	.insns = {
210 	BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
211 	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
212 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
213 	BPF_LD_MAP_FD(BPF_REG_1,
214 		      0),
215 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
216 	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
217 	BPF_EXIT_INSN(),
218 	BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
219 	BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
220 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
221 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
222 	BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
223 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
224 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
225 	BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
226 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
227 	BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_6, 0),
228 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
229 	BPF_MOV64_IMM(BPF_REG_0, 0),
230 	BPF_EXIT_INSN(),
231 	},
232 	.fixup_map_spin_lock = { 3 },
233 	.result = REJECT,
234 	.errstr = "calls are not allowed",
235 	.result_unpriv = REJECT,
236 	.errstr_unpriv = "",
237 	.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
238 },
239 {
240 	"spin_lock: test9 different lock",
241 	.insns = {
242 	BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
243 	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
244 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
245 	BPF_LD_MAP_FD(BPF_REG_1,
246 		      0),
247 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
248 	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
249 	BPF_EXIT_INSN(),
250 	BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
251 	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
252 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
253 	BPF_LD_MAP_FD(BPF_REG_1,
254 		      0),
255 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
256 	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
257 	BPF_EXIT_INSN(),
258 	BPF_MOV64_REG(BPF_REG_7, BPF_REG_0),
259 	BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
260 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
261 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
262 	BPF_MOV64_REG(BPF_REG_1, BPF_REG_7),
263 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
264 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
265 	BPF_MOV64_IMM(BPF_REG_0, 0),
266 	BPF_EXIT_INSN(),
267 	},
268 	.fixup_map_spin_lock = { 3, 11 },
269 	.result = REJECT,
270 	.errstr = "unlock of different lock",
271 	.result_unpriv = REJECT,
272 	.errstr_unpriv = "",
273 	.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
274 },
275 {
276 	"spin_lock: test10 lock in subprog without unlock",
277 	.insns = {
278 	BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
279 	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
280 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
281 	BPF_LD_MAP_FD(BPF_REG_1,
282 		      0),
283 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
284 	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
285 	BPF_EXIT_INSN(),
286 	BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
287 	BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
288 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
289 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 1, 0, 5),
290 	BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
291 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
292 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
293 	BPF_MOV64_IMM(BPF_REG_0, 1),
294 	BPF_EXIT_INSN(),
295 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
296 	BPF_MOV64_IMM(BPF_REG_0, 0),
297 	BPF_EXIT_INSN(),
298 	},
299 	.fixup_map_spin_lock = { 3 },
300 	.result = REJECT,
301 	.errstr = "unlock is missing",
302 	.result_unpriv = REJECT,
303 	.errstr_unpriv = "",
304 	.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
305 },
306 {
307 	"spin_lock: test11 ld_abs under lock",
308 	.insns = {
309 	BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
310 	BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
311 	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
312 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
313 	BPF_LD_MAP_FD(BPF_REG_1,
314 		      0),
315 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
316 	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
317 	BPF_EXIT_INSN(),
318 	BPF_MOV64_REG(BPF_REG_7, BPF_REG_0),
319 	BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
320 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
321 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
322 	BPF_LD_ABS(BPF_B, 0),
323 	BPF_MOV64_REG(BPF_REG_1, BPF_REG_7),
324 	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
325 	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
326 	BPF_MOV64_IMM(BPF_REG_0, 0),
327 	BPF_EXIT_INSN(),
328 	},
329 	.fixup_map_spin_lock = { 4 },
330 	.result = REJECT,
331 	.errstr = "inside bpf_spin_lock",
332 	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
333 },
334