spin_lock.c - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt
spin_lock.c (10833B)
      1{
      2	"spin_lock: test1 success",
      3	.insns = {
      4	BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
      5	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
      6	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
      7	BPF_LD_MAP_FD(BPF_REG_1,
      8		      0),
      9	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
     10	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
     11	BPF_EXIT_INSN(),
     12	BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
     13	BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
     14	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
     15	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
     16	BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
     17	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
     18	BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_6, 0),
     19	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
     20	BPF_MOV64_IMM(BPF_REG_0, 0),
     21	BPF_EXIT_INSN(),
     22	},
     23	.fixup_map_spin_lock = { 3 },
     24	.result = ACCEPT,
     25	.result_unpriv = REJECT,
     26	.errstr_unpriv = "",
     27	.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
     28},
     29{
     30	"spin_lock: test2 direct ld/st",
     31	.insns = {
     32	BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
     33	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
     34	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
     35	BPF_LD_MAP_FD(BPF_REG_1,
     36		      0),
     37	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
     38	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
     39	BPF_EXIT_INSN(),
     40	BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
     41	BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
     42	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
     43	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
     44	BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
     45	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
     46	BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 0),
     47	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
     48	BPF_MOV64_IMM(BPF_REG_0, 0),
     49	BPF_EXIT_INSN(),
     50	},
     51	.fixup_map_spin_lock = { 3 },
     52	.result = REJECT,
     53	.errstr = "cannot be accessed directly",
     54	.result_unpriv = REJECT,
     55	.errstr_unpriv = "",
     56	.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
     57},
     58{
     59	"spin_lock: test3 direct ld/st",
     60	.insns = {
     61	BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
     62	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
     63	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
     64	BPF_LD_MAP_FD(BPF_REG_1,
     65		      0),
     66	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
     67	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
     68	BPF_EXIT_INSN(),
     69	BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
     70	BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
     71	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
     72	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
     73	BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
     74	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
     75	BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_6, 1),
     76	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
     77	BPF_MOV64_IMM(BPF_REG_0, 0),
     78	BPF_EXIT_INSN(),
     79	},
     80	.fixup_map_spin_lock = { 3 },
     81	.result = REJECT,
     82	.errstr = "cannot be accessed directly",
     83	.result_unpriv = REJECT,
     84	.errstr_unpriv = "",
     85	.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
     86	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
     87},
     88{
     89	"spin_lock: test4 direct ld/st",
     90	.insns = {
     91	BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
     92	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
     93	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
     94	BPF_LD_MAP_FD(BPF_REG_1,
     95		      0),
     96	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
     97	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
     98	BPF_EXIT_INSN(),
     99	BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
    100	BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
    101	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
    102	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
    103	BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
    104	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
    105	BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_6, 3),
    106	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
    107	BPF_MOV64_IMM(BPF_REG_0, 0),
    108	BPF_EXIT_INSN(),
    109	},
    110	.fixup_map_spin_lock = { 3 },
    111	.result = REJECT,
    112	.errstr = "cannot be accessed directly",
    113	.result_unpriv = REJECT,
    114	.errstr_unpriv = "",
    115	.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
    116	.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
    117},
    118{
    119	"spin_lock: test5 call within a locked region",
    120	.insns = {
    121	BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
    122	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
    123	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
    124	BPF_LD_MAP_FD(BPF_REG_1,
    125		      0),
    126	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
    127	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
    128	BPF_EXIT_INSN(),
    129	BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
    130	BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
    131	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
    132	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
    133	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_get_prandom_u32),
    134	BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
    135	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
    136	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
    137	BPF_MOV64_IMM(BPF_REG_0, 0),
    138	BPF_EXIT_INSN(),
    139	},
    140	.fixup_map_spin_lock = { 3 },
    141	.result = REJECT,
    142	.errstr = "calls are not allowed",
    143	.result_unpriv = REJECT,
    144	.errstr_unpriv = "",
    145	.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
    146},
    147{
    148	"spin_lock: test6 missing unlock",
    149	.insns = {
    150	BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
    151	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
    152	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
    153	BPF_LD_MAP_FD(BPF_REG_1,
    154		      0),
    155	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
    156	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
    157	BPF_EXIT_INSN(),
    158	BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
    159	BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
    160	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
    161	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
    162	BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
    163	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
    164	BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_6, 0),
    165	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
    166	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
    167	BPF_MOV64_IMM(BPF_REG_0, 0),
    168	BPF_EXIT_INSN(),
    169	},
    170	.fixup_map_spin_lock = { 3 },
    171	.result = REJECT,
    172	.errstr = "unlock is missing",
    173	.result_unpriv = REJECT,
    174	.errstr_unpriv = "",
    175	.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
    176},
    177{
    178	"spin_lock: test7 unlock without lock",
    179	.insns = {
    180	BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
    181	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
    182	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
    183	BPF_LD_MAP_FD(BPF_REG_1,
    184		      0),
    185	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
    186	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
    187	BPF_EXIT_INSN(),
    188	BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
    189	BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
    190	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
    191	BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 1),
    192	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
    193	BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
    194	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
    195	BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_6, 0),
    196	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
    197	BPF_MOV64_IMM(BPF_REG_0, 0),
    198	BPF_EXIT_INSN(),
    199	},
    200	.fixup_map_spin_lock = { 3 },
    201	.result = REJECT,
    202	.errstr = "without taking a lock",
    203	.result_unpriv = REJECT,
    204	.errstr_unpriv = "",
    205	.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
    206},
    207{
    208	"spin_lock: test8 double lock",
    209	.insns = {
    210	BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
    211	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
    212	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
    213	BPF_LD_MAP_FD(BPF_REG_1,
    214		      0),
    215	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
    216	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
    217	BPF_EXIT_INSN(),
    218	BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
    219	BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
    220	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
    221	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
    222	BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
    223	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
    224	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
    225	BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
    226	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
    227	BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_6, 0),
    228	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
    229	BPF_MOV64_IMM(BPF_REG_0, 0),
    230	BPF_EXIT_INSN(),
    231	},
    232	.fixup_map_spin_lock = { 3 },
    233	.result = REJECT,
    234	.errstr = "calls are not allowed",
    235	.result_unpriv = REJECT,
    236	.errstr_unpriv = "",
    237	.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
    238},
    239{
    240	"spin_lock: test9 different lock",
    241	.insns = {
    242	BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
    243	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
    244	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
    245	BPF_LD_MAP_FD(BPF_REG_1,
    246		      0),
    247	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
    248	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
    249	BPF_EXIT_INSN(),
    250	BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
    251	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
    252	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
    253	BPF_LD_MAP_FD(BPF_REG_1,
    254		      0),
    255	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
    256	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
    257	BPF_EXIT_INSN(),
    258	BPF_MOV64_REG(BPF_REG_7, BPF_REG_0),
    259	BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
    260	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
    261	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
    262	BPF_MOV64_REG(BPF_REG_1, BPF_REG_7),
    263	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
    264	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
    265	BPF_MOV64_IMM(BPF_REG_0, 0),
    266	BPF_EXIT_INSN(),
    267	},
    268	.fixup_map_spin_lock = { 3, 11 },
    269	.result = REJECT,
    270	.errstr = "unlock of different lock",
    271	.result_unpriv = REJECT,
    272	.errstr_unpriv = "",
    273	.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
    274},
    275{
    276	"spin_lock: test10 lock in subprog without unlock",
    277	.insns = {
    278	BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
    279	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
    280	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
    281	BPF_LD_MAP_FD(BPF_REG_1,
    282		      0),
    283	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
    284	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
    285	BPF_EXIT_INSN(),
    286	BPF_MOV64_REG(BPF_REG_6, BPF_REG_0),
    287	BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
    288	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
    289	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 1, 0, 5),
    290	BPF_MOV64_REG(BPF_REG_1, BPF_REG_6),
    291	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
    292	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
    293	BPF_MOV64_IMM(BPF_REG_0, 1),
    294	BPF_EXIT_INSN(),
    295	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
    296	BPF_MOV64_IMM(BPF_REG_0, 0),
    297	BPF_EXIT_INSN(),
    298	},
    299	.fixup_map_spin_lock = { 3 },
    300	.result = REJECT,
    301	.errstr = "unlock is missing",
    302	.result_unpriv = REJECT,
    303	.errstr_unpriv = "",
    304	.prog_type = BPF_PROG_TYPE_CGROUP_SKB,
    305},
    306{
    307	"spin_lock: test11 ld_abs under lock",
    308	.insns = {
    309	BPF_MOV64_REG(BPF_REG_6, BPF_REG_1),
    310	BPF_ST_MEM(BPF_W, BPF_REG_10, -4, 0),
    311	BPF_MOV64_REG(BPF_REG_2, BPF_REG_10),
    312	BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4),
    313	BPF_LD_MAP_FD(BPF_REG_1,
    314		      0),
    315	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem),
    316	BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 1),
    317	BPF_EXIT_INSN(),
    318	BPF_MOV64_REG(BPF_REG_7, BPF_REG_0),
    319	BPF_MOV64_REG(BPF_REG_1, BPF_REG_0),
    320	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
    321	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_lock),
    322	BPF_LD_ABS(BPF_B, 0),
    323	BPF_MOV64_REG(BPF_REG_1, BPF_REG_7),
    324	BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 4),
    325	BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_spin_unlock),
    326	BPF_MOV64_IMM(BPF_REG_0, 0),
    327	BPF_EXIT_INSN(),
    328	},
    329	.fixup_map_spin_lock = { 4 },
    330	.result = REJECT,
    331	.errstr = "inside bpf_spin_lock",
    332	.prog_type = BPF_PROG_TYPE_SCHED_CLS,
    333},