precise.c - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt
precise.c (5791B)
      1{
      2	"precise: test 1",
      3	.insns = {
      4	BPF_MOV64_IMM(BPF_REG_0, 1),
      5	BPF_LD_MAP_FD(BPF_REG_6, 0),
      6	BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
      7	BPF_MOV64_REG(BPF_REG_2, BPF_REG_FP),
      8	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
      9	BPF_ST_MEM(BPF_DW, BPF_REG_FP, -8, 0),
     10	BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
     11	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
     12	BPF_EXIT_INSN(),
     13
     14	BPF_MOV64_REG(BPF_REG_9, BPF_REG_0),
     15
     16	BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
     17	BPF_MOV64_REG(BPF_REG_2, BPF_REG_FP),
     18	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
     19	BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
     20	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
     21	BPF_EXIT_INSN(),
     22
     23	BPF_MOV64_REG(BPF_REG_8, BPF_REG_0),
     24
     25	BPF_ALU64_REG(BPF_SUB, BPF_REG_9, BPF_REG_8), /* map_value_ptr -= map_value_ptr */
     26	BPF_MOV64_REG(BPF_REG_2, BPF_REG_9),
     27	BPF_JMP_IMM(BPF_JLT, BPF_REG_2, 8, 1),
     28	BPF_EXIT_INSN(),
     29
     30	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, 1), /* R2=scalar(umin=1, umax=8) */
     31	BPF_MOV64_REG(BPF_REG_1, BPF_REG_FP),
     32	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -8),
     33	BPF_MOV64_IMM(BPF_REG_3, 0),
     34	BPF_EMIT_CALL(BPF_FUNC_probe_read_kernel),
     35	BPF_EXIT_INSN(),
     36	},
     37	.prog_type = BPF_PROG_TYPE_TRACEPOINT,
     38	.fixup_map_array_48b = { 1 },
     39	.result = VERBOSE_ACCEPT,
     40	.errstr =
     41	"26: (85) call bpf_probe_read_kernel#113\
     42	last_idx 26 first_idx 20\
     43	regs=4 stack=0 before 25\
     44	regs=4 stack=0 before 24\
     45	regs=4 stack=0 before 23\
     46	regs=4 stack=0 before 22\
     47	regs=4 stack=0 before 20\
     48	parent didn't have regs=4 stack=0 marks\
     49	last_idx 19 first_idx 10\
     50	regs=4 stack=0 before 19\
     51	regs=200 stack=0 before 18\
     52	regs=300 stack=0 before 17\
     53	regs=201 stack=0 before 15\
     54	regs=201 stack=0 before 14\
     55	regs=200 stack=0 before 13\
     56	regs=200 stack=0 before 12\
     57	regs=200 stack=0 before 11\
     58	regs=200 stack=0 before 10\
     59	parent already had regs=0 stack=0 marks",
     60},
     61{
     62	"precise: test 2",
     63	.insns = {
     64	BPF_MOV64_IMM(BPF_REG_0, 1),
     65	BPF_LD_MAP_FD(BPF_REG_6, 0),
     66	BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
     67	BPF_MOV64_REG(BPF_REG_2, BPF_REG_FP),
     68	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
     69	BPF_ST_MEM(BPF_DW, BPF_REG_FP, -8, 0),
     70	BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
     71	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
     72	BPF_EXIT_INSN(),
     73
     74	BPF_MOV64_REG(BPF_REG_9, BPF_REG_0),
     75
     76	BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
     77	BPF_MOV64_REG(BPF_REG_2, BPF_REG_FP),
     78	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8),
     79	BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem),
     80	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
     81	BPF_EXIT_INSN(),
     82
     83	BPF_MOV64_REG(BPF_REG_8, BPF_REG_0),
     84
     85	BPF_ALU64_REG(BPF_SUB, BPF_REG_9, BPF_REG_8), /* map_value_ptr -= map_value_ptr */
     86	BPF_MOV64_REG(BPF_REG_2, BPF_REG_9),
     87	BPF_JMP_IMM(BPF_JLT, BPF_REG_2, 8, 1),
     88	BPF_EXIT_INSN(),
     89
     90	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, 1), /* R2=scalar(umin=1, umax=8) */
     91	BPF_MOV64_REG(BPF_REG_1, BPF_REG_FP),
     92	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -8),
     93	BPF_MOV64_IMM(BPF_REG_3, 0),
     94	BPF_EMIT_CALL(BPF_FUNC_probe_read_kernel),
     95	BPF_EXIT_INSN(),
     96	},
     97	.prog_type = BPF_PROG_TYPE_TRACEPOINT,
     98	.fixup_map_array_48b = { 1 },
     99	.result = VERBOSE_ACCEPT,
    100	.flags = BPF_F_TEST_STATE_FREQ,
    101	.errstr =
    102	"26: (85) call bpf_probe_read_kernel#113\
    103	last_idx 26 first_idx 22\
    104	regs=4 stack=0 before 25\
    105	regs=4 stack=0 before 24\
    106	regs=4 stack=0 before 23\
    107	regs=4 stack=0 before 22\
    108	parent didn't have regs=4 stack=0 marks\
    109	last_idx 20 first_idx 20\
    110	regs=4 stack=0 before 20\
    111	parent didn't have regs=4 stack=0 marks\
    112	last_idx 19 first_idx 17\
    113	regs=4 stack=0 before 19\
    114	regs=200 stack=0 before 18\
    115	regs=300 stack=0 before 17\
    116	parent already had regs=0 stack=0 marks",
    117},
    118{
    119	"precise: cross frame pruning",
    120	.insns = {
    121	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_get_prandom_u32),
    122	BPF_MOV64_IMM(BPF_REG_8, 0),
    123	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
    124	BPF_MOV64_IMM(BPF_REG_8, 1),
    125	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_get_prandom_u32),
    126	BPF_MOV64_IMM(BPF_REG_9, 0),
    127	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
    128	BPF_MOV64_IMM(BPF_REG_9, 1),
    129	BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
    130	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 1, 0, 4),
    131	BPF_JMP_IMM(BPF_JEQ, BPF_REG_8, 1, 1),
    132	BPF_LDX_MEM(BPF_B, BPF_REG_1, BPF_REG_2, 0),
    133	BPF_MOV64_IMM(BPF_REG_0, 0),
    134	BPF_EXIT_INSN(),
    135	BPF_JMP_IMM(BPF_JEQ, BPF_REG_1, 0, 0),
    136	BPF_EXIT_INSN(),
    137	},
    138	.prog_type = BPF_PROG_TYPE_XDP,
    139	.flags = BPF_F_TEST_STATE_FREQ,
    140	.errstr = "!read_ok",
    141	.result = REJECT,
    142},
    143{
    144	"precise: ST insn causing spi > allocated_stack",
    145	.insns = {
    146	BPF_MOV64_REG(BPF_REG_3, BPF_REG_10),
    147	BPF_JMP_IMM(BPF_JNE, BPF_REG_3, 123, 0),
    148	BPF_ST_MEM(BPF_DW, BPF_REG_3, -8, 0),
    149	BPF_LDX_MEM(BPF_DW, BPF_REG_4, BPF_REG_10, -8),
    150	BPF_MOV64_IMM(BPF_REG_0, -1),
    151	BPF_JMP_REG(BPF_JGT, BPF_REG_4, BPF_REG_0, 0),
    152	BPF_EXIT_INSN(),
    153	},
    154	.prog_type = BPF_PROG_TYPE_XDP,
    155	.flags = BPF_F_TEST_STATE_FREQ,
    156	.errstr = "5: (2d) if r4 > r0 goto pc+0\
    157	last_idx 5 first_idx 5\
    158	parent didn't have regs=10 stack=0 marks\
    159	last_idx 4 first_idx 2\
    160	regs=10 stack=0 before 4\
    161	regs=10 stack=0 before 3\
    162	regs=0 stack=1 before 2\
    163	last_idx 5 first_idx 5\
    164	parent didn't have regs=1 stack=0 marks",
    165	.result = VERBOSE_ACCEPT,
    166	.retval = -1,
    167},
    168{
    169	"precise: STX insn causing spi > allocated_stack",
    170	.insns = {
    171	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_get_prandom_u32),
    172	BPF_MOV64_REG(BPF_REG_3, BPF_REG_10),
    173	BPF_JMP_IMM(BPF_JNE, BPF_REG_3, 123, 0),
    174	BPF_STX_MEM(BPF_DW, BPF_REG_3, BPF_REG_0, -8),
    175	BPF_LDX_MEM(BPF_DW, BPF_REG_4, BPF_REG_10, -8),
    176	BPF_MOV64_IMM(BPF_REG_0, -1),
    177	BPF_JMP_REG(BPF_JGT, BPF_REG_4, BPF_REG_0, 0),
    178	BPF_EXIT_INSN(),
    179	},
    180	.prog_type = BPF_PROG_TYPE_XDP,
    181	.flags = BPF_F_TEST_STATE_FREQ,
    182	.errstr = "last_idx 6 first_idx 6\
    183	parent didn't have regs=10 stack=0 marks\
    184	last_idx 5 first_idx 3\
    185	regs=10 stack=0 before 5\
    186	regs=10 stack=0 before 4\
    187	regs=0 stack=1 before 3\
    188	last_idx 6 first_idx 6\
    189	parent didn't have regs=1 stack=0 marks\
    190	last_idx 5 first_idx 3\
    191	regs=1 stack=0 before 5",
    192	.result = VERBOSE_ACCEPT,
    193	.retval = -1,
    194},