1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Minimal BPF JIT image disassembler
4 *
5 * Disassembles BPF JIT compiler emitted opcodes back to asm insn's for
6 * debugging or verification purposes.
7 *
8 * To get the disassembly of the JIT code, do the following:
9 *
10 * 1) `echo 2 > /proc/sys/net/core/bpf_jit_enable`
11 * 2) Load a BPF filter (e.g. `tcpdump -p -n -s 0 -i eth1 host 192.168.20.0/24`)
12 * 3) Run e.g. `bpf_jit_disasm -o` to read out the last JIT code
13 *
14 * Copyright 2013 Daniel Borkmann <borkmann@redhat.com>
15 */
16
17#include <stdint.h>
18#include <stdio.h>
19#include <stdlib.h>
20#include <assert.h>
21#include <unistd.h>
22#include <string.h>
23#include <bfd.h>
24#include <dis-asm.h>
25#include <regex.h>
26#include <fcntl.h>
27#include <sys/klog.h>
28#include <sys/types.h>
29#include <sys/stat.h>
30#include <limits.h>
31#include <tools/dis-asm-compat.h>
32
33#define CMD_ACTION_SIZE_BUFFER 10
34#define CMD_ACTION_READ_ALL 3
35
36static void get_exec_path(char *tpath, size_t size)
37{
38 char *path;
39 ssize_t len;
40
41 snprintf(tpath, size, "/proc/%d/exe", (int) getpid());
42 tpath[size - 1] = 0;
43
44 path = strdup(tpath);
45 assert(path);
46
47 len = readlink(path, tpath, size);
48 tpath[len] = 0;
49
50 free(path);
51}
52
53static void get_asm_insns(uint8_t *image, size_t len, int opcodes)
54{
55 int count, i, pc = 0;
56 char tpath[PATH_MAX];
57 struct disassemble_info info;
58 disassembler_ftype disassemble;
59 bfd *bfdf;
60
61 memset(tpath, 0, sizeof(tpath));
62 get_exec_path(tpath, sizeof(tpath));
63
64 bfdf = bfd_openr(tpath, NULL);
65 assert(bfdf);
66 assert(bfd_check_format(bfdf, bfd_object));
67
68 init_disassemble_info_compat(&info, stdout,
69 (fprintf_ftype) fprintf,
70 fprintf_styled);
71 info.arch = bfd_get_arch(bfdf);
72 info.mach = bfd_get_mach(bfdf);
73 info.buffer = image;
74 info.buffer_length = len;
75
76 disassemble_init_for_target(&info);
77
78#ifdef DISASM_FOUR_ARGS_SIGNATURE
79 disassemble = disassembler(info.arch,
80 bfd_big_endian(bfdf),
81 info.mach,
82 bfdf);
83#else
84 disassemble = disassembler(bfdf);
85#endif
86 assert(disassemble);
87
88 do {
89 printf("%4x:\t", pc);
90
91 count = disassemble(pc, &info);
92
93 if (opcodes) {
94 printf("\n\t");
95 for (i = 0; i < count; ++i)
96 printf("%02x ", (uint8_t) image[pc + i]);
97 }
98 printf("\n");
99
100 pc += count;
101 } while(count > 0 && pc < len);
102
103 bfd_close(bfdf);
104}
105
106static char *get_klog_buff(unsigned int *klen)
107{
108 int ret, len;
109 char *buff;
110
111 len = klogctl(CMD_ACTION_SIZE_BUFFER, NULL, 0);
112 if (len < 0)
113 return NULL;
114
115 buff = malloc(len);
116 if (!buff)
117 return NULL;
118
119 ret = klogctl(CMD_ACTION_READ_ALL, buff, len);
120 if (ret < 0) {
121 free(buff);
122 return NULL;
123 }
124
125 *klen = ret;
126 return buff;
127}
128
129static char *get_flog_buff(const char *file, unsigned int *klen)
130{
131 int fd, ret, len;
132 struct stat fi;
133 char *buff;
134
135 fd = open(file, O_RDONLY);
136 if (fd < 0)
137 return NULL;
138
139 ret = fstat(fd, &fi);
140 if (ret < 0 || !S_ISREG(fi.st_mode))
141 goto out;
142
143 len = fi.st_size + 1;
144 buff = malloc(len);
145 if (!buff)
146 goto out;
147
148 memset(buff, 0, len);
149 ret = read(fd, buff, len - 1);
150 if (ret <= 0)
151 goto out_free;
152
153 close(fd);
154 *klen = ret;
155 return buff;
156out_free:
157 free(buff);
158out:
159 close(fd);
160 return NULL;
161}
162
163static char *get_log_buff(const char *file, unsigned int *klen)
164{
165 return file ? get_flog_buff(file, klen) : get_klog_buff(klen);
166}
167
168static void put_log_buff(char *buff)
169{
170 free(buff);
171}
172
173static uint8_t *get_last_jit_image(char *haystack, size_t hlen,
174 unsigned int *ilen)
175{
176 char *ptr, *pptr, *tmp;
177 off_t off = 0;
178 unsigned int proglen;
179 int ret, flen, pass, ulen = 0;
180 regmatch_t pmatch[1];
181 unsigned long base;
182 regex_t regex;
183 uint8_t *image;
184
185 if (hlen == 0)
186 return NULL;
187
188 ret = regcomp(&regex, "flen=[[:alnum:]]+ proglen=[[:digit:]]+ "
189 "pass=[[:digit:]]+ image=[[:xdigit:]]+", REG_EXTENDED);
190 assert(ret == 0);
191
192 ptr = haystack;
193 memset(pmatch, 0, sizeof(pmatch));
194
195 while (1) {
196 ret = regexec(&regex, ptr, 1, pmatch, 0);
197 if (ret == 0) {
198 ptr += pmatch[0].rm_eo;
199 off += pmatch[0].rm_eo;
200 assert(off < hlen);
201 } else
202 break;
203 }
204
205 ptr = haystack + off - (pmatch[0].rm_eo - pmatch[0].rm_so);
206 ret = sscanf(ptr, "flen=%d proglen=%u pass=%d image=%lx",
207 &flen, &proglen, &pass, &base);
208 if (ret != 4) {
209 regfree(&regex);
210 return NULL;
211 }
212 if (proglen > 1000000) {
213 printf("proglen of %d too big, stopping\n", proglen);
214 return NULL;
215 }
216
217 image = malloc(proglen);
218 if (!image) {
219 printf("Out of memory\n");
220 return NULL;
221 }
222 memset(image, 0, proglen);
223
224 tmp = ptr = haystack + off;
225 while ((ptr = strtok(tmp, "\n")) != NULL && ulen < proglen) {
226 tmp = NULL;
227 if (!strstr(ptr, "JIT code"))
228 continue;
229 pptr = ptr;
230 while ((ptr = strstr(pptr, ":")))
231 pptr = ptr + 1;
232 ptr = pptr;
233 do {
234 image[ulen++] = (uint8_t) strtoul(pptr, &pptr, 16);
235 if (ptr == pptr) {
236 ulen--;
237 break;
238 }
239 if (ulen >= proglen)
240 break;
241 ptr = pptr;
242 } while (1);
243 }
244
245 assert(ulen == proglen);
246 printf("%u bytes emitted from JIT compiler (pass:%d, flen:%d)\n",
247 proglen, pass, flen);
248 printf("%lx + <x>:\n", base);
249
250 regfree(&regex);
251 *ilen = ulen;
252 return image;
253}
254
255static void usage(void)
256{
257 printf("Usage: bpf_jit_disasm [...]\n");
258 printf(" -o Also display related opcodes (default: off).\n");
259 printf(" -O <file> Write binary image of code to file, don't disassemble to stdout.\n");
260 printf(" -f <file> Read last image dump from file or stdin (default: klog).\n");
261 printf(" -h Display this help.\n");
262}
263
264int main(int argc, char **argv)
265{
266 unsigned int len, klen, opt, opcodes = 0;
267 char *kbuff, *file = NULL;
268 char *ofile = NULL;
269 int ofd;
270 ssize_t nr;
271 uint8_t *pos;
272 uint8_t *image = NULL;
273
274 while ((opt = getopt(argc, argv, "of:O:")) != -1) {
275 switch (opt) {
276 case 'o':
277 opcodes = 1;
278 break;
279 case 'O':
280 ofile = optarg;
281 break;
282 case 'f':
283 file = optarg;
284 break;
285 default:
286 usage();
287 return -1;
288 }
289 }
290
291 bfd_init();
292
293 kbuff = get_log_buff(file, klen: &klen);
294 if (!kbuff) {
295 fprintf(stderr, "Could not retrieve log buffer!\n");
296 return -1;
297 }
298
299 image = get_last_jit_image(kbuff, klen, &len);
300 if (!image) {
301 fprintf(stderr, "No JIT image found!\n");
302 goto done;
303 }
304 if (!ofile) {
305 get_asm_insns(image, len, opcodes);
306 goto done;
307 }
308
309 ofd = open(ofile, O_WRONLY | O_CREAT | O_TRUNC, DEFFILEMODE);
310 if (ofd < 0) {
311 fprintf(stderr, "Could not open file %s for writing: ", ofile);
312 perror(NULL);
313 goto done;
314 }
315 pos = image;
316 do {
317 nr = write(ofd, pos, len);
318 if (nr < 0) {
319 fprintf(stderr, "Could not write data to %s: ", ofile);
320 perror(NULL);
321 goto done;
322 }
323 len -= nr;
324 pos += nr;
325 } while (len);
326 close(ofd);
327
328done:
329 put_log_buff(buff: kbuff);
330 free(image);
331 return 0;
332}
333

source code of linux/tools/bpf/bpf_jit_disasm.c