| // Copyright 2019 Google LLC |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // https://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| #include "sandboxed_api/sandbox2/bpfdisassembler.h" |
| |
| #include <linux/bpf_common.h> |
| // IWYU pragma: no_include <asm/int-ll64.h> |
| #include <linux/filter.h> |
| #include <linux/seccomp.h> |
| #include <sys/sysinfo.h> |
| |
| #include <cstddef> |
| #include <string> |
| |
| #include "absl/strings/str_cat.h" |
| #include "absl/types/span.h" |
| |
| #define INSIDE_FIELD(what, field) \ |
| ((offsetof(seccomp_data, field) == 0 || \ |
| (what) >= offsetof(seccomp_data, field)) && \ |
| ((what) < (offsetof(seccomp_data, field) + sizeof(seccomp_data::field)))) |
| |
| #ifndef SECCOMP_RET_USER_NOTIF |
| #define SECCOMP_RET_USER_NOTIF 0x7fc00000U /* notifies userspace */ |
| #endif |
| |
| #ifndef SECCOMP_RET_LOG |
| #define SECCOMP_RET_LOG 0x7ffc0000U /* allow after logging */ |
| #endif |
| |
| #ifndef SECCOMP_RET_KILL_PROCESS |
| #define SECCOMP_RET_KILL_PROCESS 0x80000000U /* kill the process */ |
| #endif |
| |
| #ifndef SECCOMP_RET_ACTION_FULL |
| #define SECCOMP_RET_ACTION_FULL 0xffff0000U |
| #endif |
| |
| namespace sandbox2 { |
| namespace bpf { |
| namespace { |
| |
| std::string OperandToString(int op) { |
| switch (op) { |
| case BPF_ADD: |
| return "+"; |
| case BPF_SUB: |
| return "-"; |
| case BPF_MUL: |
| return "*"; |
| case BPF_DIV: |
| return "/"; |
| case BPF_XOR: |
| return "^"; |
| case BPF_AND: |
| return "&"; |
| case BPF_OR: |
| return "|"; |
| case BPF_RSH: |
| return ">>"; |
| case BPF_LSH: |
| return "<<"; |
| default: |
| return absl::StrCat("[unknown op ", op, "]"); |
| } |
| } |
| |
| std::string ComparisonToString(int op) { |
| switch (op) { |
| case BPF_JGE: |
| return ">="; |
| case BPF_JGT: |
| return ">"; |
| case BPF_JEQ: |
| return "=="; |
| case BPF_JSET: |
| return "&"; |
| default: |
| return absl::StrCat("[unknown cmp ", op, "]"); |
| } |
| } |
| |
| std::string NegatedComparisonToString(int op) { |
| switch (op) { |
| case BPF_JGE: |
| return "<"; |
| case BPF_JGT: |
| return "<="; |
| case BPF_JEQ: |
| return "!="; |
| default: |
| return absl::StrCat("[unknown neg cmp ", op, "]"); |
| } |
| } |
| |
| } // namespace |
| |
| std::string DecodeInstruction(const sock_filter& inst, int pc) { |
| constexpr auto kArgSize = sizeof(seccomp_data::args[0]); |
| const int op = BPF_OP(inst.code); |
| const int true_target = inst.jt + pc + 1; |
| const int false_target = inst.jf + pc + 1; |
| switch (inst.code) { |
| case BPF_LD | BPF_W | BPF_ABS: |
| if (inst.k & 3) { |
| return absl::StrCat("A := data[0x", absl::Hex(inst.k), |
| "] (misaligned load)"); |
| } |
| if (INSIDE_FIELD(inst.k, nr)) { |
| return "A := syscall number"; |
| } |
| if (INSIDE_FIELD(inst.k, arch)) { |
| return "A := architecture"; |
| } |
| if (INSIDE_FIELD(inst.k, instruction_pointer)) { |
| // TODO(swiecki) handle big-endian. |
| if (inst.k != offsetof(seccomp_data, instruction_pointer)) { |
| return "A := instruction pointer high"; |
| } |
| return "A := instruction pointer low"; |
| } |
| if (INSIDE_FIELD(inst.k, args)) { |
| const int argno = (inst.k - offsetof(seccomp_data, args)) / kArgSize; |
| // TODO(swiecki) handle big-endian. |
| if (inst.k != (offsetof(seccomp_data, args) + argno * kArgSize)) { |
| return absl::StrCat("A := arg ", argno, " high"); |
| } |
| return absl::StrCat("A := arg ", argno, " low"); |
| } |
| return absl::StrCat("A := data[0x", absl::Hex(inst.k), |
| "] (invalid load)"); |
| case BPF_LD | BPF_W | BPF_LEN: |
| return "A := sizeof(seccomp_data)"; |
| case BPF_LDX | BPF_W | BPF_LEN: |
| return "X := sizeof(seccomp_data)"; |
| case BPF_LD | BPF_IMM: |
| return absl::StrCat("A := 0x", absl::Hex(inst.k)); |
| case BPF_LDX | BPF_IMM: |
| return absl::StrCat("X := 0x", absl::Hex(inst.k)); |
| case BPF_MISC | BPF_TAX: |
| return "X := A"; |
| case BPF_MISC | BPF_TXA: |
| return "A := X"; |
| case BPF_LD | BPF_MEM: |
| return absl::StrCat("A := M[", inst.k, "]"); |
| case BPF_LDX | BPF_MEM: |
| return absl::StrCat("X := M[", inst.k, "]"); |
| case BPF_ST: |
| return absl::StrCat("M[", inst.k, "] := A"); |
| case BPF_STX: |
| return absl::StrCat("M[", inst.k, "] := X"); |
| case BPF_RET | BPF_K: { |
| __u32 data = inst.k & SECCOMP_RET_DATA; |
| switch (inst.k & SECCOMP_RET_ACTION_FULL) { |
| case SECCOMP_RET_KILL_PROCESS: |
| return "KILL_PROCESS"; |
| case SECCOMP_RET_LOG: |
| return "LOG"; |
| case SECCOMP_RET_USER_NOTIF: |
| return "USER_NOTIF"; |
| case SECCOMP_RET_KILL: |
| return "KILL"; |
| case SECCOMP_RET_ALLOW: |
| return "ALLOW"; |
| case SECCOMP_RET_TRAP: |
| return absl::StrCat("TRAP 0x", absl::Hex(data)); |
| case SECCOMP_RET_ERRNO: |
| return absl::StrCat("ERRNO 0x", absl::Hex(data)); |
| case SECCOMP_RET_TRACE: |
| return absl::StrCat("TRACE 0x", absl::Hex(data)); |
| default: |
| return absl::StrCat("return 0x", absl::Hex(inst.k)); |
| } |
| } |
| case BPF_RET | BPF_A: |
| return "return A"; |
| case BPF_ALU | BPF_ADD | BPF_K: |
| case BPF_ALU | BPF_SUB | BPF_K: |
| case BPF_ALU | BPF_MUL | BPF_K: |
| case BPF_ALU | BPF_DIV | BPF_K: |
| case BPF_ALU | BPF_AND | BPF_K: |
| case BPF_ALU | BPF_OR | BPF_K: |
| case BPF_ALU | BPF_XOR | BPF_K: |
| case BPF_ALU | BPF_LSH | BPF_K: |
| case BPF_ALU | BPF_RSH | BPF_K: |
| return absl::StrCat("A := A ", OperandToString(op), " 0x", |
| absl::Hex(inst.k)); |
| case BPF_ALU | BPF_ADD | BPF_X: |
| case BPF_ALU | BPF_SUB | BPF_X: |
| case BPF_ALU | BPF_MUL | BPF_X: |
| case BPF_ALU | BPF_DIV | BPF_X: |
| case BPF_ALU | BPF_AND | BPF_X: |
| case BPF_ALU | BPF_OR | BPF_X: |
| case BPF_ALU | BPF_XOR | BPF_X: |
| case BPF_ALU | BPF_LSH | BPF_X: |
| case BPF_ALU | BPF_RSH | BPF_X: |
| return absl::StrCat("A := A ", OperandToString(op), " X"); |
| case BPF_ALU | BPF_NEG: |
| return "A := -A"; |
| case BPF_JMP | BPF_JA: |
| return absl::StrCat("jump to ", inst.k + pc + 1); |
| case BPF_JMP | BPF_JEQ | BPF_K: |
| case BPF_JMP | BPF_JGE | BPF_K: |
| case BPF_JMP | BPF_JGT | BPF_K: |
| case BPF_JMP | BPF_JSET | BPF_K: |
| if (inst.jf == 0) { |
| return absl::StrCat("if A ", ComparisonToString(op), " 0x", |
| absl::Hex(inst.k), " goto ", true_target); |
| } |
| if (inst.jt == 0 && op != BPF_JSET) { |
| return absl::StrCat("if A ", NegatedComparisonToString(op), " 0x", |
| absl::Hex(inst.k), " goto ", false_target); |
| } |
| return absl::StrCat("if A ", ComparisonToString(op), " 0x", |
| absl::Hex(inst.k), " then ", true_target, " else ", |
| false_target); |
| case BPF_JMP | BPF_JEQ | BPF_X: |
| case BPF_JMP | BPF_JGE | BPF_X: |
| case BPF_JMP | BPF_JGT | BPF_X: |
| case BPF_JMP | BPF_JSET | BPF_X: |
| if (inst.jf == 0) { |
| return absl::StrCat("if A ", ComparisonToString(op), " X goto ", |
| true_target); |
| } |
| if (inst.jt == 0 && op != BPF_JSET) { |
| return absl::StrCat("if A ", NegatedComparisonToString(op), " X goto ", |
| false_target); |
| } |
| return absl::StrCat("if A ", ComparisonToString(op), " X then ", |
| true_target, " else ", false_target); |
| default: |
| return absl::StrCat("Invalid instruction ", inst.code); |
| } |
| } |
| |
| std::string Disasm(absl::Span<const sock_filter> prog) { |
| std::string rv; |
| for (size_t i = 0; i < prog.size(); ++i) { |
| absl::StrAppend(&rv, absl::Dec(i, absl::kZeroPad3), ": ", |
| DecodeInstruction(prog[i], i), "\n"); |
| } |
| return rv; |
| } |
| |
| } // namespace bpf |
| } // namespace sandbox2 |
