1 { 2 "ARG_PTR_TO_LONG uninitialized", 3 .insns = { 4 /* bpf_strtoul arg1 (buf) */ 5 BPF_MOV64_REG(BPF_REG_7, BPF_REG_10), 6 BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8), 7 BPF_MOV64_IMM(BPF_REG_0, 0x00303036), 8 BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0), 9 10 BPF_MOV64_REG(BPF_REG_1, BPF_REG_7), 11 12 /* bpf_strtoul arg2 (buf_len) */ 13 BPF_MOV64_IMM(BPF_REG_2, 4), 14 15 /* bpf_strtoul arg3 (flags) */ 16 BPF_MOV64_IMM(BPF_REG_3, 0), 17 18 /* bpf_strtoul arg4 (res) */ 19 BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8), 20 BPF_MOV64_REG(BPF_REG_4, BPF_REG_7), 21 22 /* bpf_strtoul() */ 23 BPF_EMIT_CALL(BPF_FUNC_strtoul), 24 25 BPF_MOV64_IMM(BPF_REG_0, 1), 26 BPF_EXIT_INSN(), 27 }, 28 .result = REJECT, 29 .prog_type = BPF_PROG_TYPE_CGROUP_SYSCTL, 30 .errstr = "invalid indirect read from stack R4 off -16+0 size 8", 31 }, 32 { 33 "ARG_PTR_TO_LONG half-uninitialized", 34 .insns = { 35 /* bpf_strtoul arg1 (buf) */ 36 BPF_MOV64_REG(BPF_REG_7, BPF_REG_10), 37 BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8), 38 BPF_MOV64_IMM(BPF_REG_0, 0x00303036), 39 BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0), 40 41 BPF_MOV64_REG(BPF_REG_1, BPF_REG_7), 42 43 /* bpf_strtoul arg2 (buf_len) */ 44 BPF_MOV64_IMM(BPF_REG_2, 4), 45 46 /* bpf_strtoul arg3 (flags) */ 47 BPF_MOV64_IMM(BPF_REG_3, 0), 48 49 /* bpf_strtoul arg4 (res) */ 50 BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8), 51 BPF_STX_MEM(BPF_W, BPF_REG_7, BPF_REG_0, 0), 52 BPF_MOV64_REG(BPF_REG_4, BPF_REG_7), 53 54 /* bpf_strtoul() */ 55 BPF_EMIT_CALL(BPF_FUNC_strtoul), 56 57 BPF_MOV64_IMM(BPF_REG_0, 1), 58 BPF_EXIT_INSN(), 59 }, 60 .result = REJECT, 61 .prog_type = BPF_PROG_TYPE_CGROUP_SYSCTL, 62 .errstr = "invalid indirect read from stack R4 off -16+4 size 8", 63 }, 64 { 65 "ARG_PTR_TO_LONG misaligned", 66 .insns = { 67 /* bpf_strtoul arg1 (buf) */ 68 BPF_MOV64_REG(BPF_REG_7, BPF_REG_10), 69 BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8), 70 BPF_MOV64_IMM(BPF_REG_0, 0x00303036), 71 BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0), 72 73 BPF_MOV64_REG(BPF_REG_1, BPF_REG_7), 74 75 /* bpf_strtoul arg2 (buf_len) */ 76 BPF_MOV64_IMM(BPF_REG_2, 4), 77 78 /* bpf_strtoul arg3 (flags) */ 79 BPF_MOV64_IMM(BPF_REG_3, 0), 80 81 /* bpf_strtoul arg4 (res) */ 82 BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -12), 83 BPF_MOV64_IMM(BPF_REG_0, 0), 84 BPF_STX_MEM(BPF_W, BPF_REG_7, BPF_REG_0, 0), 85 BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 4), 86 BPF_MOV64_REG(BPF_REG_4, BPF_REG_7), 87 88 /* bpf_strtoul() */ 89 BPF_EMIT_CALL(BPF_FUNC_strtoul), 90 91 BPF_MOV64_IMM(BPF_REG_0, 1), 92 BPF_EXIT_INSN(), 93 }, 94 .result = REJECT, 95 .prog_type = BPF_PROG_TYPE_CGROUP_SYSCTL, 96 .errstr = "misaligned stack access off (0x0; 0x0)+-20+0 size 8", 97 }, 98 { 99 "ARG_PTR_TO_LONG size < sizeof(long)", 100 .insns = { 101 /* bpf_strtoul arg1 (buf) */ 102 BPF_MOV64_REG(BPF_REG_7, BPF_REG_10), 103 BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -16), 104 BPF_MOV64_IMM(BPF_REG_0, 0x00303036), 105 BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0), 106 107 BPF_MOV64_REG(BPF_REG_1, BPF_REG_7), 108 109 /* bpf_strtoul arg2 (buf_len) */ 110 BPF_MOV64_IMM(BPF_REG_2, 4), 111 112 /* bpf_strtoul arg3 (flags) */ 113 BPF_MOV64_IMM(BPF_REG_3, 0), 114 115 /* bpf_strtoul arg4 (res) */ 116 BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, 12), 117 BPF_STX_MEM(BPF_W, BPF_REG_7, BPF_REG_0, 0), 118 BPF_MOV64_REG(BPF_REG_4, BPF_REG_7), 119 120 /* bpf_strtoul() */ 121 BPF_EMIT_CALL(BPF_FUNC_strtoul), 122 123 BPF_MOV64_IMM(BPF_REG_0, 1), 124 BPF_EXIT_INSN(), 125 }, 126 .result = REJECT, 127 .prog_type = BPF_PROG_TYPE_CGROUP_SYSCTL, 128 .errstr = "invalid indirect access to stack R4 off=-4 size=8", 129 }, 130 { 131 "ARG_PTR_TO_LONG initialized", 132 .insns = { 133 /* bpf_strtoul arg1 (buf) */ 134 BPF_MOV64_REG(BPF_REG_7, BPF_REG_10), 135 BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8), 136 BPF_MOV64_IMM(BPF_REG_0, 0x00303036), 137 BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0), 138 139 BPF_MOV64_REG(BPF_REG_1, BPF_REG_7), 140 141 /* bpf_strtoul arg2 (buf_len) */ 142 BPF_MOV64_IMM(BPF_REG_2, 4), 143 144 /* bpf_strtoul arg3 (flags) */ 145 BPF_MOV64_IMM(BPF_REG_3, 0), 146 147 /* bpf_strtoul arg4 (res) */ 148 BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8), 149 BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0), 150 BPF_MOV64_REG(BPF_REG_4, BPF_REG_7), 151 152 /* bpf_strtoul() */ 153 BPF_EMIT_CALL(BPF_FUNC_strtoul), 154 155 BPF_MOV64_IMM(BPF_REG_0, 1), 156 BPF_EXIT_INSN(), 157 }, 158 .result = ACCEPT, 159 .prog_type = BPF_PROG_TYPE_CGROUP_SYSCTL, 160 }, 161