aboutsummaryrefslogtreecommitdiffstats
path: root/tools/net/bpf_jit_disasm.c (follow)
AgeCommit message (Collapse)AuthorFilesLines
2017-10-04tools: rename tools/net directory to tools/bpfJakub Kicinski1-320/+0
We currently only have BPF tools in the tools/net directory. We are about to add more BPF tools there, not necessarily networking related, rename the directory and related Makefile targets to bpf. Suggested-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: Simon Horman <simon.horman@netronome.com> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-06-14tools: bpf_jit_disasm: Handle large images.David Daney1-11/+26
Dynamically allocate memory so that JIT images larger than the size of the statically allocated array can be handled. Signed-off-by: David Daney <david.daney@cavium.com> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-04-13tools: bpf_jit_disasm: Add option to dump JIT image to a file.David Daney1-4/+36
When debugging the JIT on an embedded platform or cross build environment, libbfd may not be available, making it impossible to run bpf_jit_disasm natively. Add an option to emit a binary image of the JIT code to a file. This file can then be disassembled off line. Typical usage in this case might be (pasting mips64 dmesg output to cat command): $ cat > jit.raw $ bpf_jit_disasm -f jit.raw -O jit.bin $ mips64-linux-gnu-objdump -D -b binary -m mips:isa64r2 -EB jit.bin Signed-off-by: David Daney <david.daney@cavium.com> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2016-05-08tools: bpf_jit_disasm: check for klogctl failureColin Ian King1-0/+3
klogctl can fail and return -ve len, so check for this and return NULL to avoid passing a (size_t)-1 to malloc. Signed-off-by: Colin Ian King <colin.king@canonical.com> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-28tools: bpf_jit_disasm: make get_last_jit_image return unsignedAndrzej Hajda1-2/+2
The function returns always non-negative values. The problem has been detected using proposed semantic patch scripts/coccinelle/tests/assign_signed_to_unsigned.cocci [1]. [1]: http://permalink.gmane.org/gmane.linux.kernel/2046107 Signed-off-by: Andrzej Hajda <a.hajda@samsung.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-07-31bpf_jit_disasm: also support reading jit dump from fileDaniel Borkmann1-19/+90
This patch adds support to read the dmesg BPF JIT dump also from a file instead of the klog buffer. I found this quite useful when going through some 'before/after patch' logs. It also fixes a regex leak found by valgrind when no image dump was found. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2015-05-27tools: bpf_jit_disasm: fix segfault on disabled debugging log outputDaniel Borkmann1-0/+2
With recent debugging, I noticed that bpf_jit_disasm segfaults when there's no debugging output from the JIT compiler to the kernel log. Reason is that when regexec(3) doesn't match on anything, start/end offsets are not being filled out and contain some uninitialized garbage from stack. Thus, we need zero out offsets first. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2014-05-16tools: bpf_jit_disasm: increase image buffer sizeAlexei Starovoitov1-1/+1
JITed seccomp filters can be quite large if they check a lot of syscalls Simply increase buffer size Signed-off-by: Alexei Starovoitov <ast@plumgrid.com> Acked-by: Daniel Borkmann <dborkman@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2014-05-16tools: bpf_jit_disasm: ignore image address for disasmAlexei Starovoitov1-10/+8
seccomp filters use kernel JIT image addresses, so bpf_jit_enable=2 prints [ 20.146438] flen=3 proglen=82 pass=0 image=0000000000000000 [ 20.146442] JIT code: 00000000: 55 48 89 e5 48 81 ec 28 02 00 00 ... ignore image address, so that seccomp filters can be disassembled Signed-off-by: Alexei Starovoitov <ast@plumgrid.com> Acked-by: Daniel Borkmann <dborkman@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2013-03-21filter: add minimal BPF JIT image disassemblerDaniel Borkmann1-0/+199
This is a minimal stand-alone user space helper, that allows for debugging or verification of emitted BPF JIT images. This is in particular useful for emitted opcode debugging, since minor bugs in the JIT compiler can be fatal. The disassembler is architecture generic and uses libopcodes and libbfd. How to get to the disassembly, example: 1) `echo 2 > /proc/sys/net/core/bpf_jit_enable` 2) Load a BPF filter (e.g. `tcpdump -p -n -s 0 -i eth1 host 192.168.20.0/24`) 3) Run e.g. `bpf_jit_disasm -o` to disassemble the most recent JIT code output `bpf_jit_disasm -o` will display the related opcodes to a particular instruction as well. Example for x86_64: $ ./bpf_jit_disasm 94 bytes emitted from JIT compiler (pass:3, flen:9) ffffffffa0356000 + <x>: 0: push %rbp 1: mov %rsp,%rbp 4: sub $0x60,%rsp 8: mov %rbx,-0x8(%rbp) c: mov 0x68(%rdi),%r9d 10: sub 0x6c(%rdi),%r9d 14: mov 0xe0(%rdi),%r8 1b: mov $0xc,%esi 20: callq 0xffffffffe0d01b71 25: cmp $0x86dd,%eax 2a: jne 0x000000000000003d 2c: mov $0x14,%esi 31: callq 0xffffffffe0d01b8d 36: cmp $0x6,%eax [...] 5c: leaveq 5d: retq $ ./bpf_jit_disasm -o 94 bytes emitted from JIT compiler (pass:3, flen:9) ffffffffa0356000 + <x>: 0: push %rbp 55 1: mov %rsp,%rbp 48 89 e5 4: sub $0x60,%rsp 48 83 ec 60 8: mov %rbx,-0x8(%rbp) 48 89 5d f8 c: mov 0x68(%rdi),%r9d 44 8b 4f 68 10: sub 0x6c(%rdi),%r9d 44 2b 4f 6c [...] 5c: leaveq c9 5d: retq c3 Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.