cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

int_ptr.c (4090B)

      1{
      2	"ARG_PTR_TO_LONG uninitialized",
      3	.insns = {
      4		/* bpf_strtoul arg1 (buf) */
      5		BPF_MOV64_REG(BPF_REG_7, BPF_REG_10),
      6		BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8),
      7		BPF_MOV64_IMM(BPF_REG_0, 0x00303036),
      8		BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0),
      9
     10		BPF_MOV64_REG(BPF_REG_1, BPF_REG_7),
     11
     12		/* bpf_strtoul arg2 (buf_len) */
     13		BPF_MOV64_IMM(BPF_REG_2, 4),
     14
     15		/* bpf_strtoul arg3 (flags) */
     16		BPF_MOV64_IMM(BPF_REG_3, 0),
     17
     18		/* bpf_strtoul arg4 (res) */
     19		BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8),
     20		BPF_MOV64_REG(BPF_REG_4, BPF_REG_7),
     21
     22		/* bpf_strtoul() */
     23		BPF_EMIT_CALL(BPF_FUNC_strtoul),
     24
     25		BPF_MOV64_IMM(BPF_REG_0, 1),
     26		BPF_EXIT_INSN(),
     27	},
     28	.result = REJECT,
     29	.prog_type = BPF_PROG_TYPE_CGROUP_SYSCTL,
     30	.errstr = "invalid indirect read from stack R4 off -16+0 size 8",
     31},
     32{
     33	"ARG_PTR_TO_LONG half-uninitialized",
     34	.insns = {
     35		/* bpf_strtoul arg1 (buf) */
     36		BPF_MOV64_REG(BPF_REG_7, BPF_REG_10),
     37		BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8),
     38		BPF_MOV64_IMM(BPF_REG_0, 0x00303036),
     39		BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0),
     40
     41		BPF_MOV64_REG(BPF_REG_1, BPF_REG_7),
     42
     43		/* bpf_strtoul arg2 (buf_len) */
     44		BPF_MOV64_IMM(BPF_REG_2, 4),
     45
     46		/* bpf_strtoul arg3 (flags) */
     47		BPF_MOV64_IMM(BPF_REG_3, 0),
     48
     49		/* bpf_strtoul arg4 (res) */
     50		BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8),
     51		BPF_STX_MEM(BPF_W, BPF_REG_7, BPF_REG_0, 0),
     52		BPF_MOV64_REG(BPF_REG_4, BPF_REG_7),
     53
     54		/* bpf_strtoul() */
     55		BPF_EMIT_CALL(BPF_FUNC_strtoul),
     56
     57		BPF_MOV64_IMM(BPF_REG_0, 1),
     58		BPF_EXIT_INSN(),
     59	},
     60	.result = REJECT,
     61	.prog_type = BPF_PROG_TYPE_CGROUP_SYSCTL,
     62	.errstr = "invalid indirect read from stack R4 off -16+4 size 8",
     63},
     64{
     65	"ARG_PTR_TO_LONG misaligned",
     66	.insns = {
     67		/* bpf_strtoul arg1 (buf) */
     68		BPF_MOV64_REG(BPF_REG_7, BPF_REG_10),
     69		BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8),
     70		BPF_MOV64_IMM(BPF_REG_0, 0x00303036),
     71		BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0),
     72
     73		BPF_MOV64_REG(BPF_REG_1, BPF_REG_7),
     74
     75		/* bpf_strtoul arg2 (buf_len) */
     76		BPF_MOV64_IMM(BPF_REG_2, 4),
     77
     78		/* bpf_strtoul arg3 (flags) */
     79		BPF_MOV64_IMM(BPF_REG_3, 0),
     80
     81		/* bpf_strtoul arg4 (res) */
     82		BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -12),
     83		BPF_MOV64_IMM(BPF_REG_0, 0),
     84		BPF_STX_MEM(BPF_W, BPF_REG_7, BPF_REG_0, 0),
     85		BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 4),
     86		BPF_MOV64_REG(BPF_REG_4, BPF_REG_7),
     87
     88		/* bpf_strtoul() */
     89		BPF_EMIT_CALL(BPF_FUNC_strtoul),
     90
     91		BPF_MOV64_IMM(BPF_REG_0, 1),
     92		BPF_EXIT_INSN(),
     93	},
     94	.result = REJECT,
     95	.prog_type = BPF_PROG_TYPE_CGROUP_SYSCTL,
     96	.errstr = "misaligned stack access off (0x0; 0x0)+-20+0 size 8",
     97},
     98{
     99	"ARG_PTR_TO_LONG size < sizeof(long)",
    100	.insns = {
    101		/* bpf_strtoul arg1 (buf) */
    102		BPF_MOV64_REG(BPF_REG_7, BPF_REG_10),
    103		BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -16),
    104		BPF_MOV64_IMM(BPF_REG_0, 0x00303036),
    105		BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0),
    106
    107		BPF_MOV64_REG(BPF_REG_1, BPF_REG_7),
    108
    109		/* bpf_strtoul arg2 (buf_len) */
    110		BPF_MOV64_IMM(BPF_REG_2, 4),
    111
    112		/* bpf_strtoul arg3 (flags) */
    113		BPF_MOV64_IMM(BPF_REG_3, 0),
    114
    115		/* bpf_strtoul arg4 (res) */
    116		BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, 12),
    117		BPF_STX_MEM(BPF_W, BPF_REG_7, BPF_REG_0, 0),
    118		BPF_MOV64_REG(BPF_REG_4, BPF_REG_7),
    119
    120		/* bpf_strtoul() */
    121		BPF_EMIT_CALL(BPF_FUNC_strtoul),
    122
    123		BPF_MOV64_IMM(BPF_REG_0, 1),
    124		BPF_EXIT_INSN(),
    125	},
    126	.result = REJECT,
    127	.prog_type = BPF_PROG_TYPE_CGROUP_SYSCTL,
    128	.errstr = "invalid indirect access to stack R4 off=-4 size=8",
    129},
    130{
    131	"ARG_PTR_TO_LONG initialized",
    132	.insns = {
    133		/* bpf_strtoul arg1 (buf) */
    134		BPF_MOV64_REG(BPF_REG_7, BPF_REG_10),
    135		BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8),
    136		BPF_MOV64_IMM(BPF_REG_0, 0x00303036),
    137		BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0),
    138
    139		BPF_MOV64_REG(BPF_REG_1, BPF_REG_7),
    140
    141		/* bpf_strtoul arg2 (buf_len) */
    142		BPF_MOV64_IMM(BPF_REG_2, 4),
    143
    144		/* bpf_strtoul arg3 (flags) */
    145		BPF_MOV64_IMM(BPF_REG_3, 0),
    146
    147		/* bpf_strtoul arg4 (res) */
    148		BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, -8),
    149		BPF_STX_MEM(BPF_DW, BPF_REG_7, BPF_REG_0, 0),
    150		BPF_MOV64_REG(BPF_REG_4, BPF_REG_7),
    151
    152		/* bpf_strtoul() */
    153		BPF_EMIT_CALL(BPF_FUNC_strtoul),
    154
    155		BPF_MOV64_IMM(BPF_REG_0, 1),
    156		BPF_EXIT_INSN(),
    157	},
    158	.result = ACCEPT,
    159	.prog_type = BPF_PROG_TYPE_CGROUP_SYSCTL,
    160},