From nobody Tue Oct 7 21:37:25 2025 Received: from mx-rz-2.rrze.uni-erlangen.de (mx-rz-2.rrze.uni-erlangen.de [131.188.11.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AC42920EB; Sat, 5 Jul 2025 19:14:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=131.188.11.21 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1751742861; cv=none; b=HrGp+JP66vrLUk97nWCVT/5vMVGuZGZasqqyFPaC564rsugglltdk2GcxXQ3QFQmNNQvG5WClJbyLf08aNlD25J1/WftwnCbjXv4RvO50Y9M+11blWKkZ3D1aVVsa6yUj9nSn262K0D+RmkwNB3qA/mCY6m45zB/NZ7wE5HbKSA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1751742861; c=relaxed/simple; bh=f/t8Y0biBNILt1TcPfRdwae49BloYJMPhwZYBhlCws0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=q8MtlJ7WyXQsHVwge25l5Bkmxm47E6hHiqzLwYn2BMpP+P6D8m1mPo+JqJKLLNvgmXI91u+vIXgjzUdxuwgAMIJgHgNMk0mRcHlG/HFeBMKdMTaiTRivM3jcTwnoraLw5RAvoi4cB1893NVx+lLIGdn3XFvYgHCcIZwsPbLQAhA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=fau.de; spf=pass smtp.mailfrom=fau.de; dkim=pass (2048-bit key) header.d=fau.de header.i=@fau.de header.b=hMRgpz9W; arc=none smtp.client-ip=131.188.11.21 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=fau.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=fau.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=fau.de header.i=@fau.de header.b="hMRgpz9W" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fau.de; s=fau-2021; t=1751742851; bh=tGc9qEYISS2QKrzN5rOm8FTQvpFY/de4X5tDeezVhOY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:To:CC: Subject; b=hMRgpz9W8Jyph8G/QOm/h7mP4GNA3UXfYPwEOP+ey1mwqvJD8kP0FqmW4rwXYTkP5 1/ZkHo35TvTY8nMSFLndJ7MabeDz0fPfe4N6wSfnE6Cy4Of1Yt/qtbEhciT3rMYTKv gYCcHWnh56NJXtfboV2X8yn5g4TMiaqiulW2tJOLFC9SY4AthBlF++3CzkRx8jbA1K 8/YkidhOzJk22qeEgFdec5naanqBgK0c69k1kNe0DLs12PST/ADjT/tXDHgb+iZubk A/c4Uok+6uIX/lxc/aVzlZnOrF8y1ci7wzfudYJnTLkRAr+8n27ORXvitP+MutgUr4 klRMGjS/dQXlg== Received: from mx-rz-smart.rrze.uni-erlangen.de (mx-rz-smart.rrze.uni-erlangen.de [IPv6:2001:638:a000:1025::1e]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-rz-2.rrze.uni-erlangen.de (Postfix) with ESMTPS id 4bZKtW0pdSzPjsp; Sat, 5 Jul 2025 21:14:11 +0200 (CEST) X-Virus-Scanned: amavisd-new at boeck4.rrze.uni-erlangen.de (RRZE) X-RRZE-Flag: Not-Spam X-RRZE-Submit-IP: 2001:9e8:362a:3200:5d43:2d8a:dc0e:5715 Received: from luis-tp.fritz.box (unknown [IPv6:2001:9e8:362a:3200:5d43:2d8a:dc0e:5715]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: U2FsdGVkX1/w9J2NDsL0lKKfz7kNTzxFY1SqXcjrFp8=) by smtp-auth.uni-erlangen.de (Postfix) with ESMTPSA id 4bZKtR6ZVFzPjy4; Sat, 5 Jul 2025 21:14:07 +0200 (CEST) From: Luis Gerhorst To: Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Mykola Lysenko , Shuah Khan , Kumar Kartikeya Dwivedi , Peilin Ye , Luis Gerhorst , Saket Kumar Bhaskar , Viktor Malik , Ihor Solodrai , Daniel Xu , bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, Paul Chaignon Cc: syzbot+dc27c5fb8388e38d2d37@syzkaller.appspotmail.com Subject: [PATCH bpf-next v3 1/2] bpf: Fix aux usage after do_check_insn() Date: Sat, 5 Jul 2025 21:09:07 +0200 Message-ID: <20250705190908.1756862-2-luis.gerhorst@fau.de> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250705190908.1756862-1-luis.gerhorst@fau.de> References: <20250705190908.1756862-1-luis.gerhorst@fau.de> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" We must terminate the speculative analysis if the just-analyzed insn had nospec_result set. Using cur_aux() here is wrong because insn_idx might have been incremented by do_check_insn(). Therefore, introduce and use insn_aux variable. Also change cur_aux(env)->nospec in case do_check_insn() ever manages to increment insn_idx but still fail. Change the warning to check the insn class (which prevents it from triggering for ldimm64, for which nospec_result would not be problematic) and use verifier_bug_if(). In line with Eduard's suggestion, do not introduce prev_aux() because that requires one to understand that after do_check_insn() call what was current became previous. This would at-least require a comment. Fixes: d6f1c85f2253 ("bpf: Fall back to nospec for Spectre v1") Reported-by: Paul Chaignon Reported-by: Eduard Zingerman Reported-by: syzbot+dc27c5fb8388e38d2d37@syzkaller.appspotmail.com Link: https://lore.kernel.org/bpf/685b3c1b.050a0220.2303ee.0010.GAE@google.= com/ Link: https://lore.kernel.org/bpf/4266fd5de04092aa4971cbef14f1b4b96961f432.= camel@gmail.com/ Suggested-by: Eduard Zingerman Signed-off-by: Luis Gerhorst Acked-by: Eduard Zingerman --- kernel/bpf/verifier.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 0f6cc2275695..96c737b41c3f 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -19923,6 +19923,7 @@ static int do_check(struct bpf_verifier_env *env) =20 for (;;) { struct bpf_insn *insn; + struct bpf_insn_aux_data *insn_aux; int err; =20 /* reset current history entry on each new instruction */ @@ -19936,6 +19937,7 @@ static int do_check(struct bpf_verifier_env *env) } =20 insn =3D &insns[env->insn_idx]; + insn_aux =3D &env->insn_aux_data[env->insn_idx]; =20 if (++env->insn_processed > BPF_COMPLEXITY_LIMIT_INSNS) { verbose(env, @@ -20012,7 +20014,7 @@ static int do_check(struct bpf_verifier_env *env) /* Reduce verification complexity by stopping speculative path * verification when a nospec is encountered. */ - if (state->speculative && cur_aux(env)->nospec) + if (state->speculative && insn_aux->nospec) goto process_bpf_exit; =20 err =3D do_check_insn(env, &do_print_state); @@ -20020,11 +20022,11 @@ static int do_check(struct bpf_verifier_env *env) /* Prevent this speculative path from ever reaching the * insn that would have been unsafe to execute. */ - cur_aux(env)->nospec =3D true; + insn_aux->nospec =3D true; /* If it was an ADD/SUB insn, potentially remove any * markings for alu sanitization. */ - cur_aux(env)->alu_state =3D 0; + insn_aux->alu_state =3D 0; goto process_bpf_exit; } else if (err < 0) { return err; @@ -20033,7 +20035,7 @@ static int do_check(struct bpf_verifier_env *env) } WARN_ON_ONCE(err); =20 - if (state->speculative && cur_aux(env)->nospec_result) { + if (state->speculative && insn_aux->nospec_result) { /* If we are on a path that performed a jump-op, this * may skip a nospec patched-in after the jump. This can * currently never happen because nospec_result is only @@ -20042,8 +20044,15 @@ static int do_check(struct bpf_verifier_env *env) * never skip the following insn. Still, add a warning * to document this in case nospec_result is used * elsewhere in the future. + * + * All non-branch instructions have a single + * fall-through edge. For these, nospec_result should + * already work. */ - WARN_ON_ONCE(env->insn_idx !=3D prev_insn_idx + 1); + if (verifier_bug_if(BPF_CLASS(insn->code) =3D=3D BPF_JMP || + BPF_CLASS(insn->code) =3D=3D BPF_JMP32, env, + "speculation barrier after jump instruction may not have the desi= red effect")) + return -EFAULT; process_bpf_exit: mark_verifier_state_scratched(env); err =3D update_branch_counts(env, env->cur_state); --=20 2.49.0 From nobody Tue Oct 7 21:37:25 2025 Received: from mx-rz-2.rrze.uni-erlangen.de (mx-rz-2.rrze.uni-erlangen.de [131.188.11.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7926D13D51E; Sat, 5 Jul 2025 19:17:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=131.188.11.21 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1751743074; cv=none; b=IGtuXqXHOp3efToQrWC/QW2/rQ1HMh/s9HEDjBwrd9kWB/6ZzK5phax22wMX8Emt1yjitF6EH9FyUSuxGwJX3y2R5oDBwUaxS9OHUDoboN8NgTjEvxsB97xeV7tNsCA4LNX0pdOVDElae/76EmJdPQDilaS7FzrqBeZG4+R8DTU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1751743074; c=relaxed/simple; bh=j5uG22crsJ/y1C4GRAvazUHPXZblpH8KK8NGEVxoY9U=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=iefpIp0p7PcA7HMwsdAxsWxYpA+cgV4V4yC+K+KNalTbacL3ANknkz2I753CUAwaeHQ4zwOO0TEk/biuWR4iNhf1EIxWbCNfao4zCPidf5jDmUQw2o/JQmfMZN2A+PzGjCgzvVIlg2ey8a+ZesQGaJEs1VOCYOCIYHeqEaWBynY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=fau.de; spf=pass smtp.mailfrom=fau.de; dkim=pass (2048-bit key) header.d=fau.de header.i=@fau.de header.b=GVV+PEpr; arc=none smtp.client-ip=131.188.11.21 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=fau.de Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=fau.de Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=fau.de header.i=@fau.de header.b="GVV+PEpr" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fau.de; s=fau-2021; t=1751743070; bh=Evj+fG6s9N1k9Y/Qtzg3/jI7/hNykybGp/AZeC09P5M=; h=From:To:Subject:Date:In-Reply-To:References:From:To:CC:Subject; b=GVV+PEpraLfjiS10Z79BLtwcPednaN0ufSwq2zfQuHlT2Bx4AeUUKP59q9Y11Ri9T InA2C0PF4BsOi4Tm+5qzU22GbHFSO5fGw2njK9dnqmnxIad2ZlPMqacHVds34atZHu 00bgB1ZmUPEyZGjDVk9g4OIuq6DWcyQEZWaJjAdJL1GEyY+KWc41QpTT5Tf2k+B/KA PTHSkhAEP3LBt9dkaoYwKH4vsA7AuoVfej/IfJCmAz6KIPFmLn6isovi65ExxwZbXy Rml98dZBh59IkfFwNVLZ1OIIcE51Bg+f2v5iEugTHzq+HH7soSSXe1R8cxhB+NqA8y 6/P4bL0mse5Rw== Received: from mx-rz-smart.rrze.uni-erlangen.de (mx-rz-smart.rrze.uni-erlangen.de [IPv6:2001:638:a000:1025::1e]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-rz-2.rrze.uni-erlangen.de (Postfix) with ESMTPS id 4bZKyk4TLrzPk3F; Sat, 5 Jul 2025 21:17:50 +0200 (CEST) X-Virus-Scanned: amavisd-new at boeck4.rrze.uni-erlangen.de (RRZE) X-RRZE-Flag: Not-Spam X-RRZE-Submit-IP: 2001:9e8:362a:3200:5d43:2d8a:dc0e:5715 Received: from luis-tp.fritz.box (unknown [IPv6:2001:9e8:362a:3200:5d43:2d8a:dc0e:5715]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: U2FsdGVkX19Gnp/zcJw7nqVyYmTP7aRe88QKECjNvxQ=) by smtp-auth.uni-erlangen.de (Postfix) with ESMTPSA id 4bZKyg0tsFzPjyc; Sat, 5 Jul 2025 21:17:47 +0200 (CEST) From: Luis Gerhorst To: Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , Mykola Lysenko , Shuah Khan , Kumar Kartikeya Dwivedi , Peilin Ye , Luis Gerhorst , Saket Kumar Bhaskar , Viktor Malik , Ihor Solodrai , Daniel Xu , bpf@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, Paul Chaignon Subject: [PATCH bpf-next v3 2/2] selftests/bpf: Add Spectre v4 tests Date: Sat, 5 Jul 2025 21:09:08 +0200 Message-ID: <20250705190908.1756862-3-luis.gerhorst@fau.de> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250705190908.1756862-1-luis.gerhorst@fau.de> References: <20250705190908.1756862-1-luis.gerhorst@fau.de> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add the following tests: 1. A test with an (unimportant) ldimm64 (16 byte insn) and a Spectre-v4--induced nospec that clarifies and serves as a basic Spectre v4 test. 2. Make sure a Spectre v4 nospec_result does not prevent a Spectre v1 nospec from being added before the dangerous instruction (tests that [1] is fixed). 3. Combine the two, which is the combination that triggers the warning in [2]. This is because the unanalyzed stack write has nospec_result set, but the ldimm64 (which was just analyzed) had incremented insn_idx by 2. That violates the assertion that nospec_result is only used after insns that increment insn_idx by 1 (i.e., stack writes). [1] https://lore.kernel.org/bpf/4266fd5de04092aa4971cbef14f1b4b96961f432.ca= mel@gmail.com/ [2] https://lore.kernel.org/bpf/685b3c1b.050a0220.2303ee.0010.GAE@google.co= m/ Signed-off-by: Luis Gerhorst --- tools/testing/selftests/bpf/progs/bpf_misc.h | 4 + .../selftests/bpf/progs/verifier_unpriv.c | 149 ++++++++++++++++++ 2 files changed, 153 insertions(+) diff --git a/tools/testing/selftests/bpf/progs/bpf_misc.h b/tools/testing/s= elftests/bpf/progs/bpf_misc.h index 20dce508d8e0..530752ddde8e 100644 --- a/tools/testing/selftests/bpf/progs/bpf_misc.h +++ b/tools/testing/selftests/bpf/progs/bpf_misc.h @@ -237,4 +237,8 @@ #define SPEC_V1 #endif =20 +#if defined(__TARGET_ARCH_x86) +#define SPEC_V4 +#endif + #endif diff --git a/tools/testing/selftests/bpf/progs/verifier_unpriv.c b/tools/te= sting/selftests/bpf/progs/verifier_unpriv.c index 4470541b5e71..28b4f7035ceb 100644 --- a/tools/testing/selftests/bpf/progs/verifier_unpriv.c +++ b/tools/testing/selftests/bpf/progs/verifier_unpriv.c @@ -801,4 +801,153 @@ l2_%=3D: \ : __clobber_all); } =20 +SEC("socket") +__description("unpriv: ldimm64 before Spectre v4 barrier") +__success __success_unpriv +__retval(0) +#ifdef SPEC_V4 +__xlated_unpriv("r1 =3D 0x2020200005642020") /* should not matter */ +__xlated_unpriv("*(u64 *)(r10 -8) =3D r1") +__xlated_unpriv("nospec") +#endif +__naked void unpriv_ldimm64_spectre_v4(void) +{ + asm volatile (" \ + r1 =3D 0x2020200005642020 ll; \ + *(u64 *)(r10 -8) =3D r1; \ + r0 =3D 0; \ + exit; \ +" ::: __clobber_all); +} + +SEC("socket") +__description("unpriv: Spectre v1 and v4 barrier") +__success __success_unpriv +__retval(0) +#ifdef SPEC_V1 +#ifdef SPEC_V4 +/* starts with r0 =3D=3D r8 =3D=3D r9 =3D=3D 0 */ +__xlated_unpriv("if r8 !=3D 0x0 goto pc+1") +__xlated_unpriv("goto pc+2") +__xlated_unpriv("if r9 =3D=3D 0x0 goto pc+4") +__xlated_unpriv("r2 =3D r0") +/* Following nospec required to prevent following dangerous `*(u64 *)(NOT_= FP -64) + * =3D r1` iff `if r9 =3D=3D 0 goto pc+4` was mispredicted because of Spec= tre v1. The + * test therefore ensures the Spectre-v4--induced nospec does not prevent = the + * Spectre-v1--induced speculative path from being fully analyzed. + */ +__xlated_unpriv("nospec") /* Spectre v1 */ +__xlated_unpriv("*(u64 *)(r2 -64) =3D r1") /* could be used to leak r2 */ +__xlated_unpriv("nospec") /* Spectre v4 */ +#endif +#endif +__naked void unpriv_spectre_v1_and_v4(void) +{ + asm volatile (" \ + r1 =3D 0; \ + *(u64*)(r10 - 8) =3D r1; \ + r2 =3D r10; \ + r2 +=3D -8; \ + r1 =3D %[map_hash_8b] ll; \ + call %[bpf_map_lookup_elem]; \ + r8 =3D r0; \ + r2 =3D r10; \ + r2 +=3D -8; \ + r1 =3D %[map_hash_8b] ll; \ + call %[bpf_map_lookup_elem]; \ + r9 =3D r0; \ + r0 =3D r10; \ + r1 =3D 0; \ + r2 =3D r10; \ + if r8 !=3D 0 goto l0_%=3D; \ + if r9 !=3D 0 goto l0_%=3D; \ + r0 =3D 0; \ +l0_%=3D: if r8 !=3D 0 goto l1_%=3D; \ + goto l2_%=3D; \ +l1_%=3D: if r9 =3D=3D 0 goto l3_%=3D; \ + r2 =3D r0; \ +l2_%=3D: *(u64 *)(r2 -64) =3D r1; \ +l3_%=3D: r0 =3D 0; \ + exit; \ +" : + : __imm(bpf_map_lookup_elem), + __imm_addr(map_hash_8b) + : __clobber_all); +} + +SEC("socket") +__description("unpriv: Spectre v1 and v4 barrier (simple)") +__success __success_unpriv +__retval(0) +#ifdef SPEC_V1 +#ifdef SPEC_V4 +__xlated_unpriv("if r8 !=3D 0x0 goto pc+1") +__xlated_unpriv("goto pc+2") +__xlated_unpriv("goto pc-1") /* if r9 =3D=3D 0 goto l3_%=3D */ +__xlated_unpriv("goto pc-1") /* r2 =3D r0 */ +__xlated_unpriv("nospec") +__xlated_unpriv("*(u64 *)(r2 -64) =3D r1") +__xlated_unpriv("nospec") +#endif +#endif +__naked void unpriv_spectre_v1_and_v4_simple(void) +{ + asm volatile (" \ + r8 =3D 0; \ + r9 =3D 0; \ + r0 =3D r10; \ + r1 =3D 0; \ + r2 =3D r10; \ + if r8 !=3D 0 goto l0_%=3D; \ + if r9 !=3D 0 goto l0_%=3D; \ + r0 =3D 0; \ +l0_%=3D: if r8 !=3D 0 goto l1_%=3D; \ + goto l2_%=3D; \ +l1_%=3D: if r9 =3D=3D 0 goto l3_%=3D; \ + r2 =3D r0; \ +l2_%=3D: *(u64 *)(r2 -64) =3D r1; \ +l3_%=3D: r0 =3D 0; \ + exit; \ +" ::: __clobber_all); +} + +SEC("socket") +__description("unpriv: ldimm64 before Spectre v1 and v4 barrier (simple)") +__success __success_unpriv +__retval(0) +#ifdef SPEC_V1 +#ifdef SPEC_V4 +__xlated_unpriv("if r8 !=3D 0x0 goto pc+1") +__xlated_unpriv("goto pc+4") +__xlated_unpriv("goto pc-1") /* if r9 =3D=3D 0 goto l3_%=3D */ +__xlated_unpriv("goto pc-1") /* r2 =3D r0 */ +__xlated_unpriv("goto pc-1") /* r1 =3D 0x2020200005642020 ll */ +__xlated_unpriv("goto pc-1") /* second part of ldimm64 */ +__xlated_unpriv("nospec") +__xlated_unpriv("*(u64 *)(r2 -64) =3D r1") +__xlated_unpriv("nospec") +#endif +#endif +__naked void unpriv_ldimm64_spectre_v1_and_v4_simple(void) +{ + asm volatile (" \ + r8 =3D 0; \ + r9 =3D 0; \ + r0 =3D r10; \ + r1 =3D 0; \ + r2 =3D r10; \ + if r8 !=3D 0 goto l0_%=3D; \ + if r9 !=3D 0 goto l0_%=3D; \ + r0 =3D 0; \ +l0_%=3D: if r8 !=3D 0 goto l1_%=3D; \ + goto l2_%=3D; \ +l1_%=3D: if r9 =3D=3D 0 goto l3_%=3D; \ + r2 =3D r0; \ + r1 =3D 0x2020200005642020 ll; \ +l2_%=3D: *(u64 *)(r2 -64) =3D r1; \ +l3_%=3D: r0 =3D 0; \ + exit; \ +" ::: __clobber_all); +} + char _license[] SEC("license") =3D "GPL"; --=20 2.49.0