Powered by Linux
[PATCH] check_spectre: Add a switch to optionally use host data — Semantic Matching Tool

[PATCH] check_spectre: Add a switch to optionally use host data

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



check_spectre pattern can utilize smatch_kernel_host_data.c
to optionally search for potential spectre v1 gadgets in the
untrusted input provided for the host/VMM <-> VM guest attack
surface. This attack surface is important for confidential
cloud computing technologies where a VM guest does not trust
the host/VMM.

Signed-off-by: Elena Reshetova <elena.reshetova@xxxxxxxxx>
---
 check_spectre.c | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/check_spectre.c b/check_spectre.c
index 16301a2e..009c7f0b 100644
--- a/check_spectre.c
+++ b/check_spectre.c
@@ -22,7 +22,13 @@ static int my_id;
 extern int second_half_id;
 extern void set_spectre_first_half(struct expression *expr);
 
+enum kernel_data_types {
+	USER_DATA_TYPE = 0,
+	HOST_DATA_TYPE = 1,
+};
+
 static int suppress_multiple = 1;
+static int analyzed_data_type = USER_DATA_TYPE;
 
 static int is_write(struct expression *expr)
 {
@@ -173,8 +179,19 @@ static void array_check(struct expression *expr)
 	}
 
 	offset = get_array_offset(expr);
-	if (!is_user_rl(offset))
-		return;
+	switch(analyzed_data_type) {
+		case USER_DATA_TYPE:
+			if (!is_user_rl(offset))
+				return;
+			break;
+		case HOST_DATA_TYPE:
+			if (!is_host_rl(offset))
+				return;
+			break;
+		default:
+			return;
+	}
+
 	if (is_nospec(offset))
 		return;
 
@@ -208,6 +225,8 @@ void check_spectre(int id)
 	my_id = id;
 
 	suppress_multiple = getenv("FULL_SPECTRE") == NULL;
+	if (getenv("ANALYZE_HOST_DATA"))
+		analyzed_data_type = HOST_DATA_TYPE;
 
 	if (option_project != PROJ_KERNEL)
 		return;
-- 
2.25.1




[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux