bpf_jit_disasm.c 5.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273
  1. /*
  2. * Minimal BPF JIT image disassembler
  3. *
  4. * Disassembles BPF JIT compiler emitted opcodes back to asm insn's for
  5. * debugging or verification purposes.
  6. *
  7. * To get the disassembly of the JIT code, do the following:
  8. *
  9. * 1) `echo 2 > /proc/sys/net/core/bpf_jit_enable`
  10. * 2) Load a BPF filter (e.g. `tcpdump -p -n -s 0 -i eth1 host 192.168.20.0/24`)
  11. * 3) Run e.g. `bpf_jit_disasm -o` to read out the last JIT code
  12. *
  13. * Copyright 2013 Daniel Borkmann <[email protected]>
  14. * Licensed under the GNU General Public License, version 2.0 (GPLv2)
  15. */
  16. #include <stdint.h>
  17. #include <stdio.h>
  18. #include <stdlib.h>
  19. #include <assert.h>
  20. #include <unistd.h>
  21. #include <string.h>
  22. #include <bfd.h>
  23. #include <dis-asm.h>
  24. #include <regex.h>
  25. #include <fcntl.h>
  26. #include <sys/klog.h>
  27. #include <sys/types.h>
  28. #include <sys/stat.h>
  29. #define CMD_ACTION_SIZE_BUFFER 10
  30. #define CMD_ACTION_READ_ALL 3
  31. static void get_exec_path(char *tpath, size_t size)
  32. {
  33. char *path;
  34. ssize_t len;
  35. snprintf(tpath, size, "/proc/%d/exe", (int) getpid());
  36. tpath[size - 1] = 0;
  37. path = strdup(tpath);
  38. assert(path);
  39. len = readlink(path, tpath, size);
  40. tpath[len] = 0;
  41. free(path);
  42. }
  43. static void get_asm_insns(uint8_t *image, size_t len, int opcodes)
  44. {
  45. int count, i, pc = 0;
  46. char tpath[256];
  47. struct disassemble_info info;
  48. disassembler_ftype disassemble;
  49. bfd *bfdf;
  50. memset(tpath, 0, sizeof(tpath));
  51. get_exec_path(tpath, sizeof(tpath));
  52. bfdf = bfd_openr(tpath, NULL);
  53. assert(bfdf);
  54. assert(bfd_check_format(bfdf, bfd_object));
  55. init_disassemble_info(&info, stdout, (fprintf_ftype) fprintf);
  56. info.arch = bfd_get_arch(bfdf);
  57. info.mach = bfd_get_mach(bfdf);
  58. info.buffer = image;
  59. info.buffer_length = len;
  60. disassemble_init_for_target(&info);
  61. disassemble = disassembler(bfdf);
  62. assert(disassemble);
  63. do {
  64. printf("%4x:\t", pc);
  65. count = disassemble(pc, &info);
  66. if (opcodes) {
  67. printf("\n\t");
  68. for (i = 0; i < count; ++i)
  69. printf("%02x ", (uint8_t) image[pc + i]);
  70. }
  71. printf("\n");
  72. pc += count;
  73. } while(count > 0 && pc < len);
  74. bfd_close(bfdf);
  75. }
  76. static char *get_klog_buff(unsigned int *klen)
  77. {
  78. int ret, len;
  79. char *buff;
  80. len = klogctl(CMD_ACTION_SIZE_BUFFER, NULL, 0);
  81. if (len < 0)
  82. return NULL;
  83. buff = malloc(len);
  84. if (!buff)
  85. return NULL;
  86. ret = klogctl(CMD_ACTION_READ_ALL, buff, len);
  87. if (ret < 0) {
  88. free(buff);
  89. return NULL;
  90. }
  91. *klen = ret;
  92. return buff;
  93. }
  94. static char *get_flog_buff(const char *file, unsigned int *klen)
  95. {
  96. int fd, ret, len;
  97. struct stat fi;
  98. char *buff;
  99. fd = open(file, O_RDONLY);
  100. if (fd < 0)
  101. return NULL;
  102. ret = fstat(fd, &fi);
  103. if (ret < 0 || !S_ISREG(fi.st_mode))
  104. goto out;
  105. len = fi.st_size + 1;
  106. buff = malloc(len);
  107. if (!buff)
  108. goto out;
  109. memset(buff, 0, len);
  110. ret = read(fd, buff, len - 1);
  111. if (ret <= 0)
  112. goto out_free;
  113. close(fd);
  114. *klen = ret;
  115. return buff;
  116. out_free:
  117. free(buff);
  118. out:
  119. close(fd);
  120. return NULL;
  121. }
  122. static char *get_log_buff(const char *file, unsigned int *klen)
  123. {
  124. return file ? get_flog_buff(file, klen) : get_klog_buff(klen);
  125. }
  126. static void put_log_buff(char *buff)
  127. {
  128. free(buff);
  129. }
  130. static unsigned int get_last_jit_image(char *haystack, size_t hlen,
  131. uint8_t *image, size_t ilen)
  132. {
  133. char *ptr, *pptr, *tmp;
  134. off_t off = 0;
  135. int ret, flen, proglen, pass, ulen = 0;
  136. regmatch_t pmatch[1];
  137. unsigned long base;
  138. regex_t regex;
  139. if (hlen == 0)
  140. return 0;
  141. ret = regcomp(&regex, "flen=[[:alnum:]]+ proglen=[[:digit:]]+ "
  142. "pass=[[:digit:]]+ image=[[:xdigit:]]+", REG_EXTENDED);
  143. assert(ret == 0);
  144. ptr = haystack;
  145. memset(pmatch, 0, sizeof(pmatch));
  146. while (1) {
  147. ret = regexec(&regex, ptr, 1, pmatch, 0);
  148. if (ret == 0) {
  149. ptr += pmatch[0].rm_eo;
  150. off += pmatch[0].rm_eo;
  151. assert(off < hlen);
  152. } else
  153. break;
  154. }
  155. ptr = haystack + off - (pmatch[0].rm_eo - pmatch[0].rm_so);
  156. ret = sscanf(ptr, "flen=%d proglen=%d pass=%d image=%lx",
  157. &flen, &proglen, &pass, &base);
  158. if (ret != 4) {
  159. regfree(&regex);
  160. return 0;
  161. }
  162. tmp = ptr = haystack + off;
  163. while ((ptr = strtok(tmp, "\n")) != NULL && ulen < ilen) {
  164. tmp = NULL;
  165. if (!strstr(ptr, "JIT code"))
  166. continue;
  167. pptr = ptr;
  168. while ((ptr = strstr(pptr, ":")))
  169. pptr = ptr + 1;
  170. ptr = pptr;
  171. do {
  172. image[ulen++] = (uint8_t) strtoul(pptr, &pptr, 16);
  173. if (ptr == pptr || ulen >= ilen) {
  174. ulen--;
  175. break;
  176. }
  177. ptr = pptr;
  178. } while (1);
  179. }
  180. assert(ulen == proglen);
  181. printf("%d bytes emitted from JIT compiler (pass:%d, flen:%d)\n",
  182. proglen, pass, flen);
  183. printf("%lx + <x>:\n", base);
  184. regfree(&regex);
  185. return ulen;
  186. }
  187. static void usage(void)
  188. {
  189. printf("Usage: bpf_jit_disasm [...]\n");
  190. printf(" -o Also display related opcodes (default: off).\n");
  191. printf(" -f <file> Read last image dump from file or stdin (default: klog).\n");
  192. printf(" -h Display this help.\n");
  193. }
  194. int main(int argc, char **argv)
  195. {
  196. unsigned int len, klen, opt, opcodes = 0;
  197. static uint8_t image[32768];
  198. char *kbuff, *file = NULL;
  199. while ((opt = getopt(argc, argv, "of:")) != -1) {
  200. switch (opt) {
  201. case 'o':
  202. opcodes = 1;
  203. break;
  204. case 'f':
  205. file = optarg;
  206. break;
  207. default:
  208. usage();
  209. return -1;
  210. }
  211. }
  212. bfd_init();
  213. memset(image, 0, sizeof(image));
  214. kbuff = get_log_buff(file, &klen);
  215. if (!kbuff) {
  216. fprintf(stderr, "Could not retrieve log buffer!\n");
  217. return -1;
  218. }
  219. len = get_last_jit_image(kbuff, klen, image, sizeof(image));
  220. if (len > 0)
  221. get_asm_insns(image, len, opcodes);
  222. else
  223. fprintf(stderr, "No JIT image found!\n");
  224. put_log_buff(kbuff);
  225. return 0;
  226. }