map_ptr.c - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt
map_ptr.c (2994B)
      1{
      2	"bpf_map_ptr: read with negative offset rejected",
      3	.insns = {
      4	BPF_MOV64_REG(BPF_REG_1, BPF_REG_10),
      5	BPF_LD_MAP_FD(BPF_REG_1, 0),
      6	BPF_LDX_MEM(BPF_DW, BPF_REG_6, BPF_REG_1, -8),
      7	BPF_MOV64_IMM(BPF_REG_0, 1),
      8	BPF_EXIT_INSN(),
      9	},
     10	.fixup_map_array_48b = { 1 },
     11	.result_unpriv = REJECT,
     12	.errstr_unpriv = "bpf_array access is allowed only to CAP_PERFMON and CAP_SYS_ADMIN",
     13	.result = REJECT,
     14	.errstr = "R1 is bpf_array invalid negative access: off=-8",
     15},
     16{
     17	"bpf_map_ptr: write rejected",
     18	.insns = {
     19	BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
     20	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
     21	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
     22	BPF_LD_MAP_FD(BPF_REG_1, 0),
     23	BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_2, 0),
     24	BPF_MOV64_IMM(BPF_REG_0, 1),
     25	BPF_EXIT_INSN(),
     26	},
     27	.fixup_map_array_48b = { 3 },
     28	.result_unpriv = REJECT,
     29	.errstr_unpriv = "bpf_array access is allowed only to CAP_PERFMON and CAP_SYS_ADMIN",
     30	.result = REJECT,
     31	.errstr = "only read from bpf_array is supported",
     32},
     33{
     34	"bpf_map_ptr: read non-existent field rejected",
     35	.insns = {
     36	BPF_MOV64_IMM(BPF_REG_6, 0),
     37	BPF_LD_MAP_FD(BPF_REG_1, 0),
     38	BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1, 1),
     39	BPF_MOV64_IMM(BPF_REG_0, 1),
     40	BPF_EXIT_INSN(),
     41	},
     42	.fixup_map_array_48b = { 1 },
     43	.result_unpriv = REJECT,
     44	.errstr_unpriv = "bpf_array access is allowed only to CAP_PERFMON and CAP_SYS_ADMIN",
     45	.result = REJECT,
     46	.errstr = "cannot access ptr member ops with moff 0 in struct bpf_map with off 1 size 4",
     47	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
     48},
     49{
     50	"bpf_map_ptr: read ops field accepted",
     51	.insns = {
     52	BPF_MOV64_IMM(BPF_REG_6, 0),
     53	BPF_LD_MAP_FD(BPF_REG_1, 0),
     54	BPF_LDX_MEM(BPF_DW, BPF_REG_6, BPF_REG_1, 0),
     55	BPF_MOV64_IMM(BPF_REG_0, 1),
     56	BPF_EXIT_INSN(),
     57	},
     58	.fixup_map_array_48b = { 1 },
     59	.result_unpriv = REJECT,
     60	.errstr_unpriv = "bpf_array access is allowed only to CAP_PERFMON and CAP_SYS_ADMIN",
     61	.result = ACCEPT,
     62	.retval = 1,
     63},
     64{
     65	"bpf_map_ptr: r = 0, map_ptr = map_ptr + r",
     66	.insns = {
     67	BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
     68	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
     69	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
     70	BPF_MOV64_IMM(BPF_REG_0, 0),
     71	BPF_LD_MAP_FD(BPF_REG_1, 0),
     72	BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_0),
     73	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
     74	BPF_MOV64_IMM(BPF_REG_0, 0),
     75	BPF_EXIT_INSN(),
     76	},
     77	.fixup_map_hash_16b = { 4 },
     78	.result_unpriv = REJECT,
     79	.errstr_unpriv = "R1 has pointer with unsupported alu operation",
     80	.result = ACCEPT,
     81},
     82{
     83	"bpf_map_ptr: r = 0, r = r + map_ptr",
     84	.insns = {
     85	BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0),
     86	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
     87	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
     88	BPF_MOV64_IMM(BPF_REG_1, 0),
     89	BPF_LD_MAP_FD(BPF_REG_0, 0),
     90	BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_0),
     91	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
     92	BPF_MOV64_IMM(BPF_REG_0, 0),
     93	BPF_EXIT_INSN(),
     94	},
     95	.fixup_map_hash_16b = { 4 },
     96	.result_unpriv = REJECT,
     97	.errstr_unpriv = "R0 has pointer with unsupported alu operation",
     98	.result = ACCEPT,
     99},