samsung-sm8650
/
android_kernel_samsung_sm8650_ksu


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104
							{
	"map element value store of cleared call register",
	.insns = {
	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
	BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0),
	BPF_LD_MAP_FD(BPF_REG_1, 0),
	BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
	BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 1),
	BPF_STX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 0),
	BPF_EXIT_INSN(),
	},
	.fixup_map_hash_48b = { 3 },
	.errstr_unpriv = "R1 !read_ok",
	.errstr = "R1 !read_ok",
	.result = REJECT,
	.result_unpriv = REJECT,
},
{
	"map element value with unaligned store",
	.insns = {
	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
	BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0),
	BPF_LD_MAP_FD(BPF_REG_1, 0),
	BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
	BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 17),
	BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 3),
	BPF_ST_MEM(BPF_DW, BPF_REG_0, 0, 42),
	BPF_ST_MEM(BPF_DW, BPF_REG_0, 2, 43),
	BPF_ST_MEM(BPF_DW, BPF_REG_0, -2, 44),
	BPF_MOV64_REG(BPF_REG_8, BPF_REG_0),
	BPF_ST_MEM(BPF_DW, BPF_REG_8, 0, 32),
	BPF_ST_MEM(BPF_DW, BPF_REG_8, 2, 33),
	BPF_ST_MEM(BPF_DW, BPF_REG_8, -2, 34),
	BPF_ALU64_IMM(BPF_ADD, BPF_REG_8, 5),
	BPF_ST_MEM(BPF_DW, BPF_REG_8, 0, 22),
	BPF_ST_MEM(BPF_DW, BPF_REG_8, 4, 23),
	BPF_ST_MEM(BPF_DW, BPF_REG_8, -7, 24),
	BPF_MOV64_REG(BPF_REG_7, BPF_REG_8),
	BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, 3),
	BPF_ST_MEM(BPF_DW, BPF_REG_7, 0, 22),
	BPF_ST_MEM(BPF_DW, BPF_REG_7, 4, 23),
	BPF_ST_MEM(BPF_DW, BPF_REG_7, -4, 24),
	BPF_EXIT_INSN(),
	},
	.fixup_map_hash_48b = { 3 },
	.errstr_unpriv = "R0 leaks addr",
	.result = ACCEPT,
	.result_unpriv = REJECT,
	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
},
{
	"map element value with unaligned load",
	.insns = {
	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
	BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0),
	BPF_LD_MAP_FD(BPF_REG_1, 0),
	BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
	BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 11),
	BPF_LDX_MEM(BPF_W, BPF_REG_1, BPF_REG_0, 0),
	BPF_JMP_IMM(BPF_JGE, BPF_REG_1, MAX_ENTRIES, 9),
	BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 3),
	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0),
	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 2),
	BPF_MOV64_REG(BPF_REG_8, BPF_REG_0),
	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_8, 0),
	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_8, 2),
	BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 5),
	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0),
	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 4),
	BPF_EXIT_INSN(),
	},
	.fixup_map_hash_48b = { 3 },
	.errstr_unpriv = "R0 leaks addr",
	.result = ACCEPT,
	.result_unpriv = REJECT,
	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
},
{
	"map element value is preserved across register spilling",
	.insns = {
	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
	BPF_ST_MEM(BPF_DW, BPF_REG_2, 0, 0),
	BPF_LD_MAP_FD(BPF_REG_1, 0),
	BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
	BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 7),
	BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, offsetof(struct test_val, foo)),
	BPF_ST_MEM(BPF_DW, BPF_REG_0, 0, 42),
	BPF_MOV64_REG(BPF_REG_1, BPF_REG_10),
	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -184),
	BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 0),
	BPF_LDX_MEM(BPF_DW, BPF_REG_3, BPF_REG_1, 0),
	BPF_ST_MEM(BPF_DW, BPF_REG_3, 0, 42),
	BPF_EXIT_INSN(),
	},
	.fixup_map_hash_48b = { 3 },
	.errstr_unpriv = "R0 leaks addr",
	.result = ACCEPT,
	.result_unpriv = REJECT,
	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
},