forked from ~ljy/RK356X_SDK_RELEASE

blame | history | patch | commit | commitdiff
hc
2024-01-03 2f7c68cb55ecb7331f2381deb497c27155f32faf 
 kernel/tools/testing/selftests/bpf/verifier/spill_fill.c
....@@ -29,6 +29,36 @@
2929 	.result_unpriv = ACCEPT,
3030 },
3131 {
32
+	"check valid spill/fill, ptr to mem",
33
+	.insns = {
34
+	/* reserve 8 byte ringbuf memory */
35
+	BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
36
+	BPF_LD_MAP_FD(BPF_REG_1, 0),
37
+	BPF_MOV64_IMM(BPF_REG_2, 8),
38
+	BPF_MOV64_IMM(BPF_REG_3, 0),
39
+	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_ringbuf_reserve),
40
+	/* store a pointer to the reserved memory in R6 */
41
+	BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
42
+	/* check whether the reservation was successful */
43
+	BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 6),
44
+	/* spill R6(mem) into the stack */
45
+	BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_6, -8),
46
+	/* fill it back in R7 */
47
+	BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_10, -8),
48
+	/* should be able to access *(R7) = 0 */
49
+	BPF_ST_MEM(BPF_DW, BPF_REG_7, 0, 0),
50
+	/* submit the reserved ringbuf memory */
51
+	BPF_MOV64_REG(BPF_REG_1, BPF_REG_7),
52
+	BPF_MOV64_IMM(BPF_REG_2, 0),
53
+	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_ringbuf_submit),
54
+	BPF_MOV64_IMM(BPF_REG_0, 0),
55
+	BPF_EXIT_INSN(),
56
+	},
57
+	.fixup_map_ringbuf = { 1 },
58
+	.result = ACCEPT,
59
+	.result_unpriv = ACCEPT,
60
+},
61
+{
3262 	"check corrupted spill/fill",
3363 	.insns = {
3464 	/* spill R1(ctx) into stack */