1 /* Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file.
4 */
5
6 #include <stdint.h>
7 #include <stdio.h>
8 #include <stdlib.h>
9 #include <string.h>
10
11 #include "bpf.h"
12
13 /* Architecture validation. */
bpf_validate_arch(struct sock_filter * filter)14 size_t bpf_validate_arch(struct sock_filter *filter)
15 {
16 struct sock_filter *curr_block = filter;
17 set_bpf_stmt(curr_block++, BPF_LD+BPF_W+BPF_ABS, arch_nr);
18 set_bpf_jump(curr_block++,
19 BPF_JMP+BPF_JEQ+BPF_K, ARCH_NR, SKIP, NEXT);
20 set_bpf_ret_kill(curr_block++);
21 return curr_block - filter;
22 }
23
24 /* Syscall number eval functions. */
bpf_allow_syscall(struct sock_filter * filter,int nr)25 size_t bpf_allow_syscall(struct sock_filter *filter, int nr)
26 {
27 struct sock_filter *curr_block = filter;
28 set_bpf_jump(curr_block++, BPF_JMP+BPF_JEQ+BPF_K, nr, NEXT, SKIP);
29 set_bpf_stmt(curr_block++, BPF_RET+BPF_K, SECCOMP_RET_ALLOW);
30 return curr_block - filter;
31 }
32
bpf_allow_syscall_args(struct sock_filter * filter,int nr,unsigned int id)33 size_t bpf_allow_syscall_args(struct sock_filter *filter,
34 int nr, unsigned int id)
35 {
36 struct sock_filter *curr_block = filter;
37 set_bpf_jump(curr_block++, BPF_JMP+BPF_JEQ+BPF_K, nr, NEXT, SKIP);
38 set_bpf_jump_lbl(curr_block++, id);
39 return curr_block - filter;
40 }
41
42 /* Size-aware arg loaders. */
43 #if defined(BITS32)
bpf_load_arg(struct sock_filter * filter,int argidx)44 size_t bpf_load_arg(struct sock_filter *filter, int argidx)
45 {
46 set_bpf_stmt(filter, BPF_LD+BPF_W+BPF_ABS, LO_ARG(argidx));
47 return 1U;
48 }
49 #elif defined(BITS64)
bpf_load_arg(struct sock_filter * filter,int argidx)50 size_t bpf_load_arg(struct sock_filter *filter, int argidx)
51 {
52 struct sock_filter *curr_block = filter;
53 set_bpf_stmt(curr_block++, BPF_LD+BPF_W+BPF_ABS, LO_ARG(argidx));
54 set_bpf_stmt(curr_block++, BPF_ST, 0); /* lo -> M[0] */
55 set_bpf_stmt(curr_block++, BPF_LD+BPF_W+BPF_ABS, HI_ARG(argidx));
56 set_bpf_stmt(curr_block++, BPF_ST, 1); /* hi -> M[1] */
57 return curr_block - filter;
58 }
59 #endif
60
61 /* Size-aware equality comparison. */
bpf_comp_jeq32(struct sock_filter * filter,unsigned long c,unsigned char jt,unsigned char jf)62 size_t bpf_comp_jeq32(struct sock_filter *filter, unsigned long c,
63 unsigned char jt, unsigned char jf)
64 {
65 unsigned int lo = (unsigned int)(c & 0xFFFFFFFF);
66 set_bpf_jump(filter, BPF_JMP+BPF_JEQ+BPF_K, lo, jt, jf);
67 return 1U;
68 }
69
70 /*
71 * On 64 bits, we have to do two 32-bit comparisons.
72 * We jump true when *both* comparisons are true.
73 */
74 #if defined(BITS64)
bpf_comp_jeq64(struct sock_filter * filter,uint64_t c,unsigned char jt,unsigned char jf)75 size_t bpf_comp_jeq64(struct sock_filter *filter, uint64_t c,
76 unsigned char jt, unsigned char jf)
77 {
78 unsigned int lo = (unsigned int)(c & 0xFFFFFFFF);
79 unsigned int hi = (unsigned int)(c >> 32);
80
81 struct sock_filter *curr_block = filter;
82
83 /* bpf_load_arg leaves |hi| in A */
84 curr_block += bpf_comp_jeq32(curr_block, hi, NEXT, SKIPN(2) + jf);
85 set_bpf_stmt(curr_block++, BPF_LD+BPF_MEM, 0); /* swap in |lo| */
86 curr_block += bpf_comp_jeq32(curr_block, lo, jt, jf);
87
88 return curr_block - filter;
89 }
90 #endif
91
92 /* Size-aware bitwise AND. */
bpf_comp_jset32(struct sock_filter * filter,unsigned long mask,unsigned char jt,unsigned char jf)93 size_t bpf_comp_jset32(struct sock_filter *filter, unsigned long mask,
94 unsigned char jt, unsigned char jf)
95 {
96 unsigned int mask_lo = (unsigned int)(mask & 0xFFFFFFFF);
97 set_bpf_jump(filter, BPF_JMP+BPF_JSET+BPF_K, mask_lo, jt, jf);
98 return 1U;
99 }
100
101 /*
102 * On 64 bits, we have to do two 32-bit bitwise ANDs.
103 * We jump true when *either* bitwise AND is true (non-zero).
104 */
105 #if defined(BITS64)
bpf_comp_jset64(struct sock_filter * filter,uint64_t mask,unsigned char jt,unsigned char jf)106 size_t bpf_comp_jset64(struct sock_filter *filter, uint64_t mask,
107 unsigned char jt, unsigned char jf)
108 {
109 unsigned int mask_lo = (unsigned int)(mask & 0xFFFFFFFF);
110 unsigned int mask_hi = (unsigned int)(mask >> 32);
111
112 struct sock_filter *curr_block = filter;
113
114 /* bpf_load_arg leaves |hi| in A */
115 curr_block += bpf_comp_jset32(curr_block, mask_hi, SKIPN(2) + jt, NEXT);
116 set_bpf_stmt(curr_block++, BPF_LD+BPF_MEM, 0); /* swap in |lo| */
117 curr_block += bpf_comp_jset32(curr_block, mask_lo, jt, jf);
118
119 return curr_block - filter;
120 }
121 #endif
122
bpf_arg_comp(struct sock_filter ** pfilter,int op,int argidx,unsigned long c,unsigned int label_id)123 size_t bpf_arg_comp(struct sock_filter **pfilter,
124 int op, int argidx, unsigned long c, unsigned int label_id)
125 {
126 struct sock_filter *filter = calloc(BPF_ARG_COMP_LEN + 1,
127 sizeof(struct sock_filter));
128 struct sock_filter *curr_block = filter;
129 size_t (*comp_function)(struct sock_filter *filter, unsigned long k,
130 unsigned char jt, unsigned char jf);
131 int flip = 0;
132
133 /* Load arg */
134 curr_block += bpf_load_arg(curr_block, argidx);
135
136 /* Jump type */
137 switch (op) {
138 case EQ:
139 comp_function = bpf_comp_jeq;
140 flip = 0;
141 break;
142 case NE:
143 comp_function = bpf_comp_jeq;
144 flip = 1;
145 break;
146 case SET:
147 comp_function = bpf_comp_jset;
148 flip = 0;
149 break;
150 default:
151 *pfilter = NULL;
152 return 0;
153 }
154
155 /*
156 * It's easier for the rest of the code to have the true branch
157 * skip and the false branch fall through.
158 */
159 unsigned char jt = flip ? NEXT : SKIP;
160 unsigned char jf = flip ? SKIP : NEXT;
161 curr_block += comp_function(curr_block, c, jt, jf);
162 curr_block += set_bpf_jump_lbl(curr_block, label_id);
163
164 *pfilter = filter;
165 return curr_block - filter;
166 }
167
dump_bpf_filter(struct sock_filter * filter,unsigned short len)168 void dump_bpf_filter(struct sock_filter *filter, unsigned short len)
169 {
170 int i = 0;
171
172 printf("len == %d\n", len);
173 printf("filter:\n");
174 for (i = 0; i < len; i++) {
175 printf("%d: \t{ code=%#x, jt=%u, jf=%u, k=%#x \t}\n",
176 i, filter[i].code, filter[i].jt, filter[i].jf, filter[i].k);
177 }
178 }
179
dump_bpf_prog(struct sock_fprog * fprog)180 void dump_bpf_prog(struct sock_fprog *fprog)
181 {
182 struct sock_filter *filter = fprog->filter;
183 unsigned short len = fprog->len;
184 dump_bpf_filter(filter, len);
185 }
186
bpf_resolve_jumps(struct bpf_labels * labels,struct sock_filter * filter,size_t count)187 int bpf_resolve_jumps(struct bpf_labels *labels,
188 struct sock_filter *filter, size_t count)
189 {
190 struct sock_filter *begin = filter;
191 __u8 insn = count - 1;
192
193 if (count < 1)
194 return -1;
195 /*
196 * Walk it once, backwards, to build the label table and do fixups.
197 * Since backward jumps are disallowed by BPF, this is easy.
198 */
199 for (filter += insn; filter >= begin; --insn, --filter) {
200 if (filter->code != (BPF_JMP+BPF_JA))
201 continue;
202 switch ((filter->jt<<8)|filter->jf) {
203 case (JUMP_JT<<8)|JUMP_JF:
204 if (labels->labels[filter->k].location == 0xffffffff) {
205 fprintf(stderr, "Unresolved label: '%s'\n",
206 labels->labels[filter->k].label);
207 return 1;
208 }
209 filter->k = labels->labels[filter->k].location -
210 (insn + 1);
211 filter->jt = 0;
212 filter->jf = 0;
213 continue;
214 case (LABEL_JT<<8)|LABEL_JF:
215 if (labels->labels[filter->k].location != 0xffffffff) {
216 fprintf(stderr, "Duplicate label use: '%s'\n",
217 labels->labels[filter->k].label);
218 return 1;
219 }
220 labels->labels[filter->k].location = insn;
221 filter->k = 0; /* fall through */
222 filter->jt = 0;
223 filter->jf = 0;
224 continue;
225 }
226 }
227 return 0;
228 }
229
230 /* Simple lookup table for labels. */
bpf_label_id(struct bpf_labels * labels,const char * label)231 int bpf_label_id(struct bpf_labels *labels, const char *label)
232 {
233 struct __bpf_label *begin = labels->labels, *end;
234 int id;
235 if (labels->count == 0) {
236 begin->label = strndup(label, MAX_BPF_LABEL_LEN);
237 if (!begin->label) {
238 return -1;
239 }
240 begin->location = 0xffffffff;
241 labels->count++;
242 return 0;
243 }
244 end = begin + labels->count;
245 for (id = 0; begin < end; ++begin, ++id) {
246 if (!strcmp(label, begin->label))
247 return id;
248 }
249 begin->label = strndup(label, MAX_BPF_LABEL_LEN);
250 if (!begin->label) {
251 return -1;
252 }
253 begin->location = 0xffffffff;
254 labels->count++;
255 return id;
256 }
257
258 /* Free label strings. */
free_label_strings(struct bpf_labels * labels)259 void free_label_strings(struct bpf_labels *labels)
260 {
261 if (labels->count == 0)
262 return;
263
264 struct __bpf_label *begin = labels->labels, *end;
265
266 end = begin + labels->count;
267 for (; begin < end; ++begin) {
268 if (begin->label)
269 free((void*)(begin->label));
270 }
271 }
272