bounds_deduction.c - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt
bounds_deduction.c (3894B)
      1{
      2	"check deducing bounds from const, 1",
      3	.insns = {
      4		BPF_MOV64_IMM(BPF_REG_0, 1),
      5		BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 1, 0),
      6		BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
      7		BPF_EXIT_INSN(),
      8	},
      9	.errstr_unpriv = "R1 has pointer with unsupported alu operation",
     10	.errstr = "R0 tried to subtract pointer from scalar",
     11	.result = REJECT,
     12},
     13{
     14	"check deducing bounds from const, 2",
     15	.insns = {
     16		BPF_MOV64_IMM(BPF_REG_0, 1),
     17		BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 1, 1),
     18		BPF_EXIT_INSN(),
     19		BPF_JMP_IMM(BPF_JSLE, BPF_REG_0, 1, 1),
     20		BPF_EXIT_INSN(),
     21		BPF_ALU64_REG(BPF_SUB, BPF_REG_1, BPF_REG_0),
     22		BPF_EXIT_INSN(),
     23	},
     24	.errstr_unpriv = "R1 has pointer with unsupported alu operation",
     25	.result_unpriv = REJECT,
     26	.result = ACCEPT,
     27	.retval = 1,
     28},
     29{
     30	"check deducing bounds from const, 3",
     31	.insns = {
     32		BPF_MOV64_IMM(BPF_REG_0, 0),
     33		BPF_JMP_IMM(BPF_JSLE, BPF_REG_0, 0, 0),
     34		BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
     35		BPF_EXIT_INSN(),
     36	},
     37	.errstr_unpriv = "R1 has pointer with unsupported alu operation",
     38	.errstr = "R0 tried to subtract pointer from scalar",
     39	.result = REJECT,
     40},
     41{
     42	"check deducing bounds from const, 4",
     43	.insns = {
     44		BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
     45		BPF_MOV64_IMM(BPF_REG_0, 0),
     46		BPF_JMP_IMM(BPF_JSLE, BPF_REG_0, 0, 1),
     47		BPF_EXIT_INSN(),
     48		BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 0, 1),
     49		BPF_EXIT_INSN(),
     50		BPF_ALU64_REG(BPF_SUB, BPF_REG_6, BPF_REG_0),
     51		BPF_EXIT_INSN(),
     52	},
     53	.errstr_unpriv = "R6 has pointer with unsupported alu operation",
     54	.result_unpriv = REJECT,
     55	.result = ACCEPT,
     56},
     57{
     58	"check deducing bounds from const, 5",
     59	.insns = {
     60		BPF_MOV64_IMM(BPF_REG_0, 0),
     61		BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 1, 1),
     62		BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
     63		BPF_EXIT_INSN(),
     64	},
     65	.errstr_unpriv = "R1 has pointer with unsupported alu operation",
     66	.errstr = "R0 tried to subtract pointer from scalar",
     67	.result = REJECT,
     68},
     69{
     70	"check deducing bounds from const, 6",
     71	.insns = {
     72		BPF_MOV64_IMM(BPF_REG_0, 0),
     73		BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 0, 1),
     74		BPF_EXIT_INSN(),
     75		BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
     76		BPF_EXIT_INSN(),
     77	},
     78	.errstr_unpriv = "R1 has pointer with unsupported alu operation",
     79	.errstr = "R0 tried to subtract pointer from scalar",
     80	.result = REJECT,
     81},
     82{
     83	"check deducing bounds from const, 7",
     84	.insns = {
     85		BPF_MOV64_IMM(BPF_REG_0, ~0),
     86		BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 0, 0),
     87		BPF_ALU64_REG(BPF_SUB, BPF_REG_1, BPF_REG_0),
     88		BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
     89			    offsetof(struct __sk_buff, mark)),
     90		BPF_EXIT_INSN(),
     91	},
     92	.errstr_unpriv = "R1 has pointer with unsupported alu operation",
     93	.errstr = "dereference of modified ctx ptr",
     94	.result = REJECT,
     95	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
     96},
     97{
     98	"check deducing bounds from const, 8",
     99	.insns = {
    100		BPF_MOV64_IMM(BPF_REG_0, ~0),
    101		BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 0, 1),
    102		BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_0),
    103		BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
    104			    offsetof(struct __sk_buff, mark)),
    105		BPF_EXIT_INSN(),
    106	},
    107	.errstr_unpriv = "R1 has pointer with unsupported alu operation",
    108	.errstr = "negative offset ctx ptr R1 off=-1 disallowed",
    109	.result = REJECT,
    110	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
    111},
    112{
    113	"check deducing bounds from const, 9",
    114	.insns = {
    115		BPF_MOV64_IMM(BPF_REG_0, 0),
    116		BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 0, 0),
    117		BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
    118		BPF_EXIT_INSN(),
    119	},
    120	.errstr_unpriv = "R1 has pointer with unsupported alu operation",
    121	.errstr = "R0 tried to subtract pointer from scalar",
    122	.result = REJECT,
    123},
    124{
    125	"check deducing bounds from const, 10",
    126	.insns = {
    127		BPF_MOV64_IMM(BPF_REG_0, 0),
    128		BPF_JMP_IMM(BPF_JSLE, BPF_REG_0, 0, 0),
    129		/* Marks reg as unknown. */
    130		BPF_ALU64_IMM(BPF_NEG, BPF_REG_0, 0),
    131		BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
    132		BPF_EXIT_INSN(),
    133	},
    134	.errstr = "math between ctx pointer and register with unbounded min value is not allowed",
    135	.result = REJECT,
    136},