kprobe_syntax_errors.tc - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt
kprobe_syntax_errors.tc (4110B)
      1#!/bin/sh
      2# SPDX-License-Identifier: GPL-2.0
      3# description: Kprobe event parser error log check
      4# requires: kprobe_events error_log
      5
      6check_error() { # command-with-error-pos-by-^
      7    ftrace_errlog_check 'trace_kprobe' "$1" 'kprobe_events'
      8}
      9
     10if grep -q 'r\[maxactive\]' README; then
     11check_error 'p^100 vfs_read'		# MAXACT_NO_KPROBE
     12check_error 'r^1a111 vfs_read'		# BAD_MAXACT
     13check_error 'r^100000 vfs_read'		# MAXACT_TOO_BIG
     14fi
     15
     16check_error 'p ^non_exist_func'		# BAD_PROBE_ADDR (enoent)
     17check_error 'p ^hoge-fuga'		# BAD_PROBE_ADDR (bad syntax)
     18check_error 'p ^hoge+1000-1000'		# BAD_PROBE_ADDR (bad syntax)
     19check_error 'r ^vfs_read+10'		# BAD_RETPROBE
     20check_error 'p:^/bar vfs_read'		# NO_GROUP_NAME
     21check_error 'p:^12345678901234567890123456789012345678901234567890123456789012345/bar vfs_read'	# GROUP_TOO_LONG
     22
     23check_error 'p:^foo.1/bar vfs_read'	# BAD_GROUP_NAME
     24check_error 'p:foo/^ vfs_read'		# NO_EVENT_NAME
     25check_error 'p:foo/^12345678901234567890123456789012345678901234567890123456789012345 vfs_read'	# EVENT_TOO_LONG
     26check_error 'p:foo/^bar.1 vfs_read'	# BAD_EVENT_NAME
     27
     28check_error 'p vfs_read ^$retval'	# RETVAL_ON_PROBE
     29check_error 'p vfs_read ^$stack10000'	# BAD_STACK_NUM
     30
     31if grep -q '$arg<N>' README; then
     32check_error 'p vfs_read ^$arg10000'	# BAD_ARG_NUM
     33fi
     34
     35check_error 'p vfs_read ^$none_var'	# BAD_VAR
     36
     37check_error 'p vfs_read ^%none_reg'	# BAD_REG_NAME
     38check_error 'p vfs_read ^@12345678abcde'	# BAD_MEM_ADDR
     39check_error 'p vfs_read ^@+10'		# FILE_ON_KPROBE
     40
     41grep -q "imm-value" README && \
     42check_error 'p vfs_read arg1=\^x'	# BAD_IMM
     43grep -q "imm-string" README && \
     44check_error 'p vfs_read arg1=\"abcd^'	# IMMSTR_NO_CLOSE
     45
     46check_error 'p vfs_read ^+0@0)'		# DEREF_NEED_BRACE
     47check_error 'p vfs_read ^+0ab1(@0)'	# BAD_DEREF_OFFS
     48check_error 'p vfs_read +0(+0(@0^)'	# DEREF_OPEN_BRACE
     49
     50if grep -A1 "fetcharg:" README | grep -q '\$comm' ; then
     51check_error 'p vfs_read +0(^$comm)'	# COMM_CANT_DEREF
     52fi
     53
     54check_error 'p vfs_read ^&1'		# BAD_FETCH_ARG
     55
     56
     57# We've introduced this limitation with array support
     58if grep -q ' <type>\\\[<array-size>\\\]' README; then
     59check_error 'p vfs_read +0(^+0(+0(+0(+0(+0(+0(+0(+0(+0(+0(+0(+0(+0(@0))))))))))))))'	# TOO_MANY_OPS?
     60check_error 'p vfs_read +0(@11):u8[10^'		# ARRAY_NO_CLOSE
     61check_error 'p vfs_read +0(@11):u8[10]^a'	# BAD_ARRAY_SUFFIX
     62check_error 'p vfs_read +0(@11):u8[^10a]'	# BAD_ARRAY_NUM
     63check_error 'p vfs_read +0(@11):u8[^256]'	# ARRAY_TOO_BIG
     64fi
     65
     66check_error 'p vfs_read @11:^unknown_type'	# BAD_TYPE
     67check_error 'p vfs_read $stack0:^string'	# BAD_STRING
     68check_error 'p vfs_read @11:^b10@a/16'		# BAD_BITFIELD
     69
     70check_error 'p vfs_read ^arg123456789012345678901234567890=@11'	# ARG_NAME_TOO_LOG
     71check_error 'p vfs_read ^=@11'			# NO_ARG_NAME
     72check_error 'p vfs_read ^var.1=@11'		# BAD_ARG_NAME
     73check_error 'p vfs_read var1=@11 ^var1=@12'	# USED_ARG_NAME
     74check_error 'p vfs_read ^+1234567(+1234567(+1234567(+1234567(+1234567(+1234567(@1234))))))'	# ARG_TOO_LONG
     75check_error 'p vfs_read arg1=^'			# NO_ARG_BODY
     76
     77# instruction boundary check is valid on x86 (at this moment)
     78case $(uname -m) in
     79  x86_64|i[3456]86)
     80    echo 'p vfs_read' > kprobe_events
     81    if grep -q FTRACE ../kprobes/list ; then
     82	check_error 'p ^vfs_read+3'		# BAD_INSN_BNDRY (only if function-tracer is enabled)
     83    fi
     84    ;;
     85esac
     86
     87# multiprobe errors
     88if grep -q "Create/append/" README && grep -q "imm-value" README; then
     89echo "p:kprobes/testevent $FUNCTION_FORK" > kprobe_events
     90check_error '^r:kprobes/testevent do_exit'	# DIFF_PROBE_TYPE
     91
     92# Explicitly use printf "%s" to not interpret \1
     93printf "%s" "p:kprobes/testevent $FUNCTION_FORK abcd=\\1" > kprobe_events
     94check_error "p:kprobes/testevent $FUNCTION_FORK ^bcd=\\1"	# DIFF_ARG_TYPE
     95check_error "p:kprobes/testevent $FUNCTION_FORK ^abcd=\\1:u8"	# DIFF_ARG_TYPE
     96check_error "p:kprobes/testevent $FUNCTION_FORK ^abcd=\\\"foo\"" # DIFF_ARG_TYPE
     97check_error "^p:kprobes/testevent $FUNCTION_FORK abcd=\\1"	# SAME_PROBE
     98fi
     99
    100# %return suffix errors
    101if grep -q "place (kretprobe): .*%return.*" README; then
    102check_error 'p vfs_read^%hoge'		# BAD_ADDR_SUFFIX
    103check_error 'p ^vfs_read+10%return'	# BAD_RETPROBE
    104fi
    105
    106exit 0