cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

twfw.c (1158B)

      1// SPDX-License-Identifier: GPL-2.0
      2/* Copyright (c) 2021 Facebook */
      3#include <linux/types.h>
      4#include <bpf/bpf_helpers.h>
      5#include <linux/bpf.h>
      6#include <stdint.h>
      7
      8#define TWFW_MAX_TIERS (64)
      9/*
     10 * load is successful
     11 * #define TWFW_MAX_TIERS (64u)$
     12 */
     13
     14struct twfw_tier_value {
     15	unsigned long mask[1];
     16};
     17
     18struct rule {
     19	uint8_t seqnum;
     20};
     21
     22struct rules_map {
     23	__uint(type, BPF_MAP_TYPE_ARRAY);
     24	__type(key, __u32);
     25	__type(value, struct rule);
     26	__uint(max_entries, 1);
     27};
     28
     29struct tiers_map {
     30	__uint(type, BPF_MAP_TYPE_ARRAY);
     31	__type(key, __u32);
     32	__type(value, struct twfw_tier_value);
     33	__uint(max_entries, 1);
     34};
     35
     36struct rules_map rules SEC(".maps");
     37struct tiers_map tiers SEC(".maps");
     38
     39SEC("cgroup_skb/ingress")
     40int twfw_verifier(struct __sk_buff* skb)
     41{
     42	const uint32_t key = 0;
     43	const struct twfw_tier_value* tier = bpf_map_lookup_elem(&tiers, &key);
     44	if (!tier)
     45		return 1;
     46
     47	struct rule* rule = bpf_map_lookup_elem(&rules, &key);
     48	if (!rule)
     49		return 1;
     50
     51	if (rule && rule->seqnum < TWFW_MAX_TIERS) {
     52		/* rule->seqnum / 64 should always be 0 */
     53		unsigned long mask = tier->mask[rule->seqnum / 64];
     54		if (mask)
     55			return 0;
     56	}
     57	return 1;
     58}