linux/tools/testing/selftests/bpf/progs/verifier_loops1.c

// SPDX-License-Identifier: GPL-2.0
/* Converted from tools/testing/selftests/bpf/verifier/loops1.c */

#include <linux/bpf.h>
#include <bpf/bpf_helpers.h>
#include "bpf_misc.h"

SEC("xdp")
__description("bounded loop, count to 4")
__success __retval(4)
__naked void bounded_loop_count_to_4(void)
{
	asm volatile ("					\
	r0 = 0;						\
l0_%=:	r0 += 1;					\
	if r0 < 4 goto l0_%=;				\
	exit;						\
"	::: __clobber_all);
}

SEC("tracepoint")
__description("bounded loop, count to 20")
__success
__naked void bounded_loop_count_to_20(void)
{
	asm volatile ("					\
	r0 = 0;						\
l0_%=:	r0 += 3;					\
	if r0 < 20 goto l0_%=;				\
	exit;						\
"	::: __clobber_all);
}

SEC("tracepoint")
__description("bounded loop, count from positive unknown to 4")
__success
__naked void from_positive_unknown_to_4(void)
{
	asm volatile ("					\
	call %[bpf_get_prandom_u32];			\
	if r0 s< 0 goto l0_%=;				\
l1_%=:	r0 += 1;					\
	if r0 < 4 goto l1_%=;				\
l0_%=:	exit;						\
"	:
	: __imm(bpf_get_prandom_u32)
	: __clobber_all);
}

SEC("tracepoint")
__description("bounded loop, count from totally unknown to 4")
__success
__naked void from_totally_unknown_to_4(void)
{
	asm volatile ("					\
	call %[bpf_get_prandom_u32];			\
l0_%=:	r0 += 1;					\
	if r0 < 4 goto l0_%=;				\
	exit;						\
"	:
	: __imm(bpf_get_prandom_u32)
	: __clobber_all);
}

SEC("tracepoint")
__description("bounded loop, count to 4 with equality")
__success
__naked void count_to_4_with_equality(void)
{
	asm volatile ("					\
	r0 = 0;						\
l0_%=:	r0 += 1;					\
	if r0 != 4 goto l0_%=;				\
	exit;						\
"	::: __clobber_all);
}

SEC("socket")
__description("bounded loop, start in the middle")
__success
__failure_unpriv __msg_unpriv("back-edge")
__naked void loop_start_in_the_middle(void)
{
	asm volatile ("					\
	r0 = 0;						\
	goto l0_%=;					\
l1_%=:	r0 += 1;					\
l0_%=:	if r0 < 4 goto l1_%=;				\
	exit;						\
"	::: __clobber_all);
}

SEC("xdp")
__description("bounded loop containing a forward jump")
__success __retval(4)
__naked void loop_containing_a_forward_jump(void)
{
	asm volatile ("					\
	r0 = 0;						\
l1_%=:	r0 += 1;					\
	if r0 == r0 goto l0_%=;				\
l0_%=:	if r0 < 4 goto l1_%=;				\
	exit;						\
"	::: __clobber_all);
}

SEC("tracepoint")
__description("bounded loop that jumps out rather than in")
__success
__naked void jumps_out_rather_than_in(void)
{
	asm volatile ("					\
	r6 = 0;						\
l1_%=:	r6 += 1;					\
	if r6 > 10000 goto l0_%=;			\
	call %[bpf_get_prandom_u32];			\
	goto l1_%=;					\
l0_%=:	exit;						\
"	:
	: __imm(bpf_get_prandom_u32)
	: __clobber_all);
}

SEC("tracepoint")
__description("infinite loop after a conditional jump")
__failure __msg("program is too large")
__naked void loop_after_a_conditional_jump(void)
{
	asm volatile ("					\
	r0 = 5;						\
	if r0 < 4 goto l0_%=;				\
l1_%=:	r0 += 1;					\
	goto l1_%=;					\
l0_%=:	exit;						\
"	::: __clobber_all);
}

SEC("tracepoint")
__description("bounded recursion")
__failure
/* verifier limitation in detecting max stack depth */
__msg("the call stack of 8 frames is too deep !")
__naked void bounded_recursion(void)
{
	asm volatile ("					\
	r1 = 0;						\
	call bounded_recursion__1;			\
	exit;						\
"	::: __clobber_all);
}

static __naked __noinline __attribute__((used))
void bounded_recursion__1(void)
{
	asm volatile ("					\
	r1 += 1;					\
	r0 = r1;					\
	if r1 < 4 goto l0_%=;				\
	exit;						\
l0_%=:	call bounded_recursion__1;			\
	exit;						\
"	::: __clobber_all);
}

SEC("tracepoint")
__description("infinite loop in two jumps")
__failure __msg("loop detected")
__naked void infinite_loop_in_two_jumps(void)
{
	asm volatile ("					\
	r0 = 0;						\
l1_%=:	goto l0_%=;					\
l0_%=:	if r0 < 4 goto l1_%=;				\
	exit;						\
"	::: __clobber_all);
}

SEC("tracepoint")
__description("infinite loop: three-jump trick")
__failure __msg("loop detected")
__naked void infinite_loop_three_jump_trick(void)
{
	asm volatile ("					\
	r0 = 0;						\
l2_%=:	r0 += 1;					\
	r0 &= 1;					\
	if r0 < 2 goto l0_%=;				\
	exit;						\
l0_%=:	r0 += 1;					\
	r0 &= 1;					\
	if r0 < 2 goto l1_%=;				\
	exit;						\
l1_%=:	r0 += 1;					\
	r0 &= 1;					\
	if r0 < 2 goto l2_%=;				\
	exit;						\
"	::: __clobber_all);
}

SEC("xdp")
__description("not-taken loop with back jump to 1st insn")
__success __retval(123)
__naked void back_jump_to_1st_insn_1(void)
{
	asm volatile ("					\
l0_%=:	r0 = 123;					\
	if r0 == 4 goto l0_%=;				\
	exit;						\
"	::: __clobber_all);
}

SEC("xdp")
__description("taken loop with back jump to 1st insn")
__success __retval(55)
__naked void back_jump_to_1st_insn_2(void)
{
	asm volatile ("					\
	r1 = 10;					\
	r2 = 0;						\
	call back_jump_to_1st_insn_2__1;		\
	exit;						\
"	::: __clobber_all);
}

static __naked __noinline __attribute__((used))
void back_jump_to_1st_insn_2__1(void)
{
	asm volatile ("					\
l0_%=:	r2 += r1;					\
	r1 -= 1;					\
	if r1 != 0 goto l0_%=;				\
	r0 = r2;					\
	exit;						\
"	::: __clobber_all);
}

SEC("xdp")
__description("taken loop with back jump to 1st insn, 2")
__success __retval(55)
__naked void jump_to_1st_insn_2(void)
{
	asm volatile ("					\
	r1 = 10;					\
	r2 = 0;						\
	call jump_to_1st_insn_2__1;			\
	exit;						\
"	::: __clobber_all);
}

static __naked __noinline __attribute__((used))
void jump_to_1st_insn_2__1(void)
{
	asm volatile ("					\
l0_%=:	r2 += r1;					\
	r1 -= 1;					\
	if w1 != 0 goto l0_%=;				\
	r0 = r2;					\
	exit;						\
"	::: __clobber_all);
}

SEC("xdp")
__success
__naked void not_an_inifinite_loop(void)
{
	asm volatile ("					\
	call %[bpf_get_prandom_u32];			\
	r0 &= 0xff;					\
	*(u64 *)(r10 - 8) = r0;				\
	r0 = 0;						\
loop_%=:						\
	r0 = *(u64 *)(r10 - 8);				\
	if r0 > 10 goto exit_%=;			\
	r0 += 1;					\
	*(u64 *)(r10 - 8) = r0;				\
	r0 = 0;						\
	goto loop_%=;					\
exit_%=:						\
	r0 = 0;						\
	exit;						\
"	:
	: __imm(bpf_get_prandom_u32)
	: __clobber_all);
}

char _license[] SEC("license") = "GPL";