From a85de0848e0fa376e2251aeb571e7f98b7752f94 Mon Sep 17 00:00:00 2001
From: jkim <jkim@FreeBSD.org>
Date: Fri, 29 Aug 2008 02:12:45 +0000
Subject: [PATCH] Merge bpf_filter.c r182425 and add test cases for jump range
 checks.

While I am here, fix stupid typos in test0080.h and make it JIT compiler only.
---
 tools/regression/bpf/bpf_filter/Makefile      |  3 +-
 tools/regression/bpf/bpf_filter/bpf_test.c    | 13 +++----
 .../bpf/bpf_filter/tests/test0080.h           | 38 ++++++++++---------
 .../bpf/bpf_filter/tests/test0081.h           | 37 ++++++++++++++++++
 .../bpf/bpf_filter/tests/test0082.h           | 37 ++++++++++++++++++
 .../bpf/bpf_filter/tests/test0083.h           | 34 +++++++++++++++++
 6 files changed, 136 insertions(+), 26 deletions(-)
 create mode 100644 tools/regression/bpf/bpf_filter/tests/test0081.h
 create mode 100644 tools/regression/bpf/bpf_filter/tests/test0082.h
 create mode 100644 tools/regression/bpf/bpf_filter/tests/test0083.h

diff --git a/tools/regression/bpf/bpf_filter/Makefile b/tools/regression/bpf/bpf_filter/Makefile
index 7f0c99854402..665cf8305cb1 100644
--- a/tools/regression/bpf/bpf_filter/Makefile
+++ b/tools/regression/bpf/bpf_filter/Makefile
@@ -19,7 +19,8 @@ TEST_CASES?=	test0001 test0002 test0003 test0004	\
 		test0065 test0066 test0067 test0068	\
 		test0069 test0070 test0071 test0072	\
 		test0073 test0074 test0075 test0076	\
-		test0077 test0078 test0079 test0080
+		test0077 test0078 test0079 test0080	\
+		test0081 test0082
 
 SYSDIR?=	${.CURDIR}/../../../../sys
 
diff --git a/tools/regression/bpf/bpf_filter/bpf_test.c b/tools/regression/bpf/bpf_filter/bpf_test.c
index 91386d7e09ff..a9f077ecf7a1 100644
--- a/tools/regression/bpf/bpf_filter/bpf_test.c
+++ b/tools/regression/bpf/bpf_filter/bpf_test.c
@@ -145,14 +145,13 @@ bpf_validate(const struct bpf_insn *f, int len)
 		 * the code block.
 		 */
 		if (BPF_CLASS(p->code) == BPF_JMP) {
-			register int from = i + 1;
+			register u_int offset;
 
-			if (BPF_OP(p->code) == BPF_JA) {
-				if (from >= len || p->k >= (u_int)len - from)
-					return (0);
-			}
-			else if (from >= len || p->jt >= len - from ||
-				 p->jf >= len - from)
+			if (BPF_OP(p->code) == BPF_JA)
+				offset = p->k;
+			else
+				offset = p->jt > p->jf ? p->jt : p->jf;
+			if (offset >= (u_int)(len - i) - 1)
 				return (0);
 		}
 		/*
diff --git a/tools/regression/bpf/bpf_filter/tests/test0080.h b/tools/regression/bpf/bpf_filter/tests/test0080.h
index 55dcfeae1410..69bed7322374 100644
--- a/tools/regression/bpf/bpf_filter/tests/test0080.h
+++ b/tools/regression/bpf/bpf_filter/tests/test0080.h
@@ -1,45 +1,47 @@
 /*-
- * Test 0080:	Check uninitialized scratch memory.
- *
- * Note:	This behavior is not guaranteed with bpf_filter(9).
+ * Test 0080:	Check uninitialized scratch memory (only for JIT compiler).
  *
  * $FreeBSD$
  */
 
 /* BPF program */
 struct bpf_insn pc[] = {
+#ifdef BPF_JIT_COMPILER
 	BPF_STMT(BPF_LDX+BPF_IMM, 0xffffffff),
 	BPF_STMT(BPF_LD+BPF_MEM, 0),
-	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 30, 0, 0),
+	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 29, 0),
 	BPF_STMT(BPF_LD+BPF_MEM, 1),
-	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 28, 0, 0),
+	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 27, 0),
 	BPF_STMT(BPF_LD+BPF_MEM, 2),
-	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 26, 0, 0),
+	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 25, 0),
 	BPF_STMT(BPF_LD+BPF_MEM, 3),
-	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 24, 0, 0),
+	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 23, 0),
 	BPF_STMT(BPF_LD+BPF_MEM, 4),
-	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 22, 0, 0),
+	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 21, 0),
 	BPF_STMT(BPF_LD+BPF_MEM, 5),
-	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 20, 0, 0),
+	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 19, 0),
 	BPF_STMT(BPF_LD+BPF_MEM, 6),
-	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 18, 0, 0),
+	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 17, 0),
 	BPF_STMT(BPF_LD+BPF_MEM, 7),
-	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 16, 0, 0),
+	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 15, 0),
 	BPF_STMT(BPF_LD+BPF_MEM, 8),
-	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 14, 0, 0),
+	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 13, 0),
 	BPF_STMT(BPF_LD+BPF_MEM, 9),
-	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 12, 0, 0),
+	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 11, 0),
 	BPF_STMT(BPF_LD+BPF_MEM, 10),
-	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 10, 0, 0),
+	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 9, 0),
 	BPF_STMT(BPF_LD+BPF_MEM, 11),
-	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 8, 0, 0),
+	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 7, 0),
 	BPF_STMT(BPF_LD+BPF_MEM, 12),
-	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 6, 0, 0),
+	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 5, 0),
 	BPF_STMT(BPF_LD+BPF_MEM, 13),
-	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 4, 0, 0),
+	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 3, 0),
 	BPF_STMT(BPF_LD+BPF_MEM, 14),
-	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 2, 0, 0),
+	BPF_JUMP(BPF_JMP+BPF_JSET+BPF_X, 0, 1, 0),
 	BPF_STMT(BPF_LD+BPF_MEM, 15),
+#else
+	BPF_STMT(BPF_LD+BPF_IMM, 0),
+#endif
 	BPF_STMT(BPF_RET+BPF_A, 0),
 };
 
diff --git a/tools/regression/bpf/bpf_filter/tests/test0081.h b/tools/regression/bpf/bpf_filter/tests/test0081.h
new file mode 100644
index 000000000000..85d1a31cf516
--- /dev/null
+++ b/tools/regression/bpf/bpf_filter/tests/test0081.h
@@ -0,0 +1,37 @@
+/*-
+ * Test 0081:	Check unconditional jump range.
+ *
+ * $FreeBSD$
+ */
+
+/* BPF program */
+struct bpf_insn pc[] = {
+	BPF_STMT(BPF_LD+BPF_IMM, 0),
+	BPF_JUMP(BPF_JMP+BPF_JA, 2, 0, 0),
+	BPF_STMT(BPF_LD+BPF_IMM, 0xdeadc0de),
+	BPF_STMT(BPF_RET+BPF_A, 0),
+};
+
+/* Packet */
+u_char	pkt[] = {
+	0x00,
+};
+
+/* Packet length seen on wire */
+u_int	wirelen =	sizeof(pkt);
+
+/* Packet length passed on buffer */
+u_int	buflen =	sizeof(pkt);
+
+/* Invalid instruction */
+int	invalid =	1;
+
+/* Expected return value */
+u_int	expect =	0;
+
+/* Expected signal */
+#ifdef BPF_JIT_COMPILER
+int	expect_signal =	SIGSEGV;
+#else
+int	expect_signal =	SIGABRT;
+#endif
diff --git a/tools/regression/bpf/bpf_filter/tests/test0082.h b/tools/regression/bpf/bpf_filter/tests/test0082.h
new file mode 100644
index 000000000000..be7d63d5f572
--- /dev/null
+++ b/tools/regression/bpf/bpf_filter/tests/test0082.h
@@ -0,0 +1,37 @@
+/*-
+ * Test 0082:	Check conditional jump ranges.
+ *
+ * $FreeBSD$
+ */
+
+/* BPF program */
+struct bpf_insn pc[] = {
+	BPF_STMT(BPF_LD+BPF_IMM, 0),
+	BPF_JUMP(BPF_JMP+BPF_JGT+BPF_K, 0, 1, 2),
+	BPF_STMT(BPF_LD+BPF_IMM, 0xdeadc0de),
+	BPF_STMT(BPF_RET+BPF_A, 0),
+};
+
+/* Packet */
+u_char	pkt[] = {
+	0x00,
+};
+
+/* Packet length seen on wire */
+u_int	wirelen =	sizeof(pkt);
+
+/* Packet length passed on buffer */
+u_int	buflen =	sizeof(pkt);
+
+/* Invalid instruction */
+int	invalid =	1;
+
+/* Expected return value */
+u_int	expect =	0;
+
+/* Expected signal */
+#ifdef BPF_JIT_COMPILER
+int	expect_signal =	SIGSEGV;
+#else
+int	expect_signal =	SIGABRT;
+#endif
diff --git a/tools/regression/bpf/bpf_filter/tests/test0083.h b/tools/regression/bpf/bpf_filter/tests/test0083.h
new file mode 100644
index 000000000000..debe719e6705
--- /dev/null
+++ b/tools/regression/bpf/bpf_filter/tests/test0083.h
@@ -0,0 +1,34 @@
+/*-
+ * Test 0083:	Check that the last instruction is BPF_RET.
+ *
+ * $FreeBSD$
+ */
+
+/* BPF program */
+struct bpf_insn pc[] = {
+	BPF_JUMP(BPF_JMP+BPF_JA, 0, 0, 0),
+};
+
+/* Packet */
+u_char	pkt[] = {
+	0x00,
+};
+
+/* Packet length seen on wire */
+u_int	wirelen =	sizeof(pkt);
+
+/* Packet length passed on buffer */
+u_int	buflen =	sizeof(pkt);
+
+/* Invalid instruction */
+int	invalid =	1;
+
+/* Expected return value */
+u_int	expect =	0;
+
+/* Expected signal */
+#ifdef BPF_JIT_COMPILER
+int	expect_signal =	SIGSEGV;
+#else
+int	expect_signal =	SIGABRT;
+#endif