Skip to content

Commit

Permalink
Update BPF arch (#2568)
Browse files Browse the repository at this point in the history
  • Loading branch information
Roeegg2 authored Dec 15, 2024
1 parent 2c4b05f commit 812e654
Show file tree
Hide file tree
Showing 23 changed files with 1,471 additions and 753 deletions.
1 change: 1 addition & 0 deletions Mapping.c
Original file line number Diff line number Diff line change
Expand Up @@ -353,6 +353,7 @@ DEFINE_get_detail_op(mips, Mips);
DEFINE_get_detail_op(riscv, RISCV);
DEFINE_get_detail_op(systemz, SystemZ);
DEFINE_get_detail_op(xtensa, Xtensa);
DEFINE_get_detail_op(bpf, BPF);

/// Returns true if for this architecture the
/// alias operands should be filled.
Expand Down
5 changes: 5 additions & 0 deletions Mapping.h
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,7 @@ DECL_get_detail_op(mips, Mips);
DECL_get_detail_op(riscv, RISCV);
DECL_get_detail_op(systemz, SystemZ);
DECL_get_detail_op(xtensa, Xtensa);
DECL_get_detail_op(bpf, BPF);

/// Increments the detail->arch.op_count by one.
#define DEFINE_inc_detail_op_count(arch, ARCH) \
Expand Down Expand Up @@ -182,6 +183,8 @@ DEFINE_inc_detail_op_count(systemz, SystemZ);
DEFINE_dec_detail_op_count(systemz, SystemZ);
DEFINE_inc_detail_op_count(xtensa, Xtensa);
DEFINE_dec_detail_op_count(xtensa, Xtensa);
DEFINE_inc_detail_op_count(bpf, BPF);
DEFINE_dec_detail_op_count(bpf, BPF);

/// Returns true if a memory operand is currently edited.
static inline bool doing_mem(const MCInst *MI)
Expand Down Expand Up @@ -214,6 +217,7 @@ DEFINE_get_arch_detail(mips, Mips);
DEFINE_get_arch_detail(riscv, RISCV);
DEFINE_get_arch_detail(systemz, SystemZ);
DEFINE_get_arch_detail(xtensa, Xtensa);
DEFINE_get_arch_detail(bpf, BPF);

#define DEFINE_check_safe_inc(Arch, ARCH) \
static inline void Arch##_check_safe_inc(const MCInst *MI) { \
Expand All @@ -230,6 +234,7 @@ DEFINE_check_safe_inc(LoongArch, LOONGARCH);
DEFINE_check_safe_inc(RISCV, RISCV);
DEFINE_check_safe_inc(SystemZ, SYSTEMZ);
DEFINE_check_safe_inc(Mips, MIPS);
DEFINE_check_safe_inc(BPF, BPF);

static inline bool detail_is_set(const MCInst *MI)
{
Expand Down
46 changes: 46 additions & 0 deletions SStream.c
Original file line number Diff line number Diff line change
Expand Up @@ -331,6 +331,22 @@ void printInt16(SStream *ss, int16_t val)
}
}

void printInt16HexOffset(SStream *ss, int16_t val)
{
assert(ss);
SSTREAM_RETURN_IF_CLOSED(ss);
if (val >= 0) {
SStream_concat(ss, "+0x%" PRIx16, val);
} else {
if (val == INT16_MIN)
SStream_concat(ss, "-0x%" PRIx16,
(uint16_t)INT16_MAX + 1);
else
SStream_concat(ss, "-0x%" PRIx16, (int16_t)-val);
}
}


void printInt32(SStream *ss, int32_t val)
{
assert(ss);
Expand All @@ -352,6 +368,36 @@ void printInt32(SStream *ss, int32_t val)
}
}

void printInt32HexOffset(SStream *ss, int32_t val)
{
assert(ss);
SSTREAM_RETURN_IF_CLOSED(ss);
if (val >= 0) {
SStream_concat(ss, "+0x%" PRIx32, val);
} else {
if (val == INT32_MIN)
SStream_concat(ss, "-0x%" PRIx32,
(uint32_t)INT32_MAX + 1);
else
SStream_concat(ss, "-0x%" PRIx32, (int32_t)-val);
}
}

void printInt32Hex(SStream *ss, int32_t val)
{
assert(ss);
SSTREAM_RETURN_IF_CLOSED(ss);
if (val >= 0) {
SStream_concat(ss, "0x%" PRIx32, val);
} else {
if (val == INT32_MIN)
SStream_concat(ss, "-0x%" PRIx32,
(uint32_t)INT32_MAX + 1);
else
SStream_concat(ss, "-0x%" PRIx32, (int32_t)-val);
}
}

void printUInt32Bang(SStream *ss, uint32_t val)
{
assert(ss);
Expand Down
4 changes: 4 additions & 0 deletions SStream.h
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,11 @@ void printInt32Bang(SStream *O, int32_t val);

void printInt8(SStream *O, int8_t val);
void printInt16(SStream *O, int16_t val);
void printInt16HexOffset(SStream *O, int16_t val);

void printInt32(SStream *O, int32_t val);
void printInt32Hex(SStream *ss, int32_t val);
void printInt32HexOffset(SStream *ss, int32_t val);

void printUInt32Bang(SStream *O, uint32_t val);

Expand Down
125 changes: 70 additions & 55 deletions arch/BPF/BPFConstants.h
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
/* Capstone Disassembly Engine */
/* BPF Backend by david942j <david942j@gmail.com>, 2019 */
/* SPDX-FileCopyrightText: 2024 Roee Toledano <roeetoledano10@gmail.com> */
/* SPDX-License-Identifier: BSD-3 */

/* This file defines constants and macros used for parsing a BPF instruction */

Expand All @@ -9,80 +11,93 @@
#define BPF_CLASS(code) ((code) & 0x7)

///< Instruction classes
#define BPF_CLASS_LD 0x00
#define BPF_CLASS_LDX 0x01
#define BPF_CLASS_ST 0x02
#define BPF_CLASS_STX 0x03
#define BPF_CLASS_ALU 0x04
#define BPF_CLASS_JMP 0x05
#define BPF_CLASS_RET 0x06 ///< cBPF only
#define BPF_CLASS_MISC 0x07 ///< cBPF only
#define BPF_CLASS_ALU64 0x07 ///< eBPF only
#define BPF_CLASS_LD 0x00
#define BPF_CLASS_LDX 0x01
#define BPF_CLASS_ST 0x02
#define BPF_CLASS_STX 0x03
#define BPF_CLASS_ALU 0x04
#define BPF_CLASS_JMP 0x05
#define BPF_CLASS_RET 0x06 ///< cBPF only
#define BPF_CLASS_JMP32 0x06 ///< eBPF only
#define BPF_CLASS_MISC 0x07 ///< cBPF only
#define BPF_CLASS_ALU64 0x07 ///< eBPF only

#define BPF_OP(code) ((code) & 0xf0)

///< Types of ALU instruction
#define BPF_ALU_ADD 0x00
#define BPF_ALU_SUB 0x10
#define BPF_ALU_MUL 0x20
#define BPF_ALU_DIV 0x30
#define BPF_ALU_OR 0x40
#define BPF_ALU_AND 0x50
#define BPF_ALU_LSH 0x60
#define BPF_ALU_RSH 0x70
#define BPF_ALU_NEG 0x80
#define BPF_ALU_MOD 0x90
#define BPF_ALU_XOR 0xa0
#define BPF_ALU_MOV 0xb0 ///< eBPF only: mov reg to reg
#define BPF_ALU_ARSH 0xc0 ///< eBPF only: sign extending shift right
#define BPF_ALU_END 0xd0 ///< eBPF only: endianness conversion
#define BPF_ALU_ADD 0x00
#define BPF_ALU_SUB 0x10
#define BPF_ALU_MUL 0x20
#define BPF_ALU_DIV 0x30
#define BPF_ALU_OR 0x40
#define BPF_ALU_AND 0x50
#define BPF_ALU_LSH 0x60
#define BPF_ALU_RSH 0x70
#define BPF_ALU_NEG 0x80
#define BPF_ALU_MOD 0x90
#define BPF_ALU_XOR 0xa0
#define BPF_ALU_MOV 0xb0 ///< eBPF only: mov reg to reg
#define BPF_ALU_ARSH 0xc0 ///< eBPF only: sign extending shift right
#define BPF_ALU_END 0xd0 ///< eBPF only: endianness conversion

///< Types of jmp instruction
#define BPF_JUMP_JA 0x00 ///< goto
#define BPF_JUMP_JEQ 0x10 ///< '=='
#define BPF_JUMP_JGT 0x20 ///< unsigned '>'
#define BPF_JUMP_JGE 0x30 ///< unsigned '>='
#define BPF_JUMP_JSET 0x40 ///< '&'
#define BPF_JUMP_JNE 0x50 ///< eBPF only: '!=' */
#define BPF_JUMP_JSGT 0x60 ///< eBPF only: signed '>'
#define BPF_JUMP_JSGE 0x70 ///< eBPF only: signed '>='
#define BPF_JUMP_CALL 0x80 ///< eBPF only: function call
#define BPF_JUMP_EXIT 0x90 ///< eBPF only: exit
#define BPF_JUMP_JLT 0xa0 ///< eBPF only: unsigned '<'
#define BPF_JUMP_JLE 0xb0 ///< eBPF only: unsigned '<='
#define BPF_JUMP_JSLT 0xc0 ///< eBPF only: signed '<'
#define BPF_JUMP_JSLE 0xd0 ///< eBPF only: signed '<='
#define BPF_JUMP_JA 0x00 ///< goto
#define BPF_JUMP_JEQ 0x10 ///< '=='
#define BPF_JUMP_JGT 0x20 ///< unsigned '>'
#define BPF_JUMP_JGE 0x30 ///< unsigned '>='
#define BPF_JUMP_JSET 0x40 ///< '&'
#define BPF_JUMP_JNE 0x50 ///< eBPF only: '!=' */
#define BPF_JUMP_JSGT 0x60 ///< eBPF only: signed '>'
#define BPF_JUMP_JSGE 0x70 ///< eBPF only: signed '>='
#define BPF_JUMP_CALL 0x80 ///< eBPF only: function call
#define BPF_JUMP_EXIT 0x90 ///< eBPF only: exit
#define BPF_JUMP_JLT 0xa0 ///< eBPF only: unsigned '<'
#define BPF_JUMP_JLE 0xb0 ///< eBPF only: unsigned '<='
#define BPF_JUMP_JSLT 0xc0 ///< eBPF only: signed '<'
#define BPF_JUMP_JSLE 0xd0 ///< eBPF only: signed '<='

///< Types of complex atomic instructions
#define BPF_ATOMIC_XCHG 0xe0 ///< eBPF only: atomic exchange
#define BPF_ATOMIC_CMPXCHG 0xf0 ///< eBPF only: atomic compare and exchange

#define BPF_SRC(code) ((code) & 0x08)
#define BPF_RVAL(code) ((code) & 0x18) /* cBPF only: for return types */
///< Source operand
#define BPF_SRC_K 0x00
#define BPF_SRC_X 0x08
#define BPF_SRC_A 0x10 /* cBPF only */
#define BPF_SRC_K 0x00
#define BPF_SRC_X 0x08
#define BPF_SRC_A 0x10 /* cBPF only */

#define BPF_SRC_LITTLE BPF_SRC_K
#define BPF_SRC_BIG BPF_SRC_X
#define BPF_SRC_LITTLE BPF_SRC_K
#define BPF_SRC_BIG BPF_SRC_X

#define BPF_SIZE(code) ((code) & 0x18)
///< Size modifier
#define BPF_SIZE_W 0x00 ///< word
#define BPF_SIZE_H 0x08 ///< half word
#define BPF_SIZE_B 0x10 ///< byte
#define BPF_SIZE_DW 0x18 ///< eBPF only: double word
#define BPF_SIZE_W 0x00 ///< word
#define BPF_SIZE_H 0x08 ///< half word
#define BPF_SIZE_B 0x10 ///< byte
#define BPF_SIZE_DW 0x18 ///< eBPF only: double word

#define BPF_MODE(code) ((code) & 0xe0)
///< Mode modifier
#define BPF_MODE_IMM 0x00 ///< used for 32-bit mov in cBPF and 64-bit in eBPF
#define BPF_MODE_ABS 0x20
#define BPF_MODE_IND 0x40
#define BPF_MODE_MEM 0x60
#define BPF_MODE_LEN 0x80 ///< cBPF only, reserved in eBPF
#define BPF_MODE_MSH 0xa0 ///< cBPF only, reserved in eBPF
#define BPF_MODE_XADD 0xc0 ///< eBPF only: exclusive add
#define BPF_MODE_IMM 0x00 ///< used for 32-bit mov in cBPF and 64-bit in eBPF
#define BPF_MODE_ABS \
0x20 ///< absolute indexing of socket buffer. eBPF only, but deprecated in new versions
#define BPF_MODE_IND \
0x40 ///< indirect indexing of socket buffer. eBPF only, but deprecated in new versions
#define BPF_MODE_MEM 0x60
#define BPF_MODE_LEN 0x80 ///< cBPF only, reserved in eBPF
#define BPF_MODE_MSH 0xa0 ///< cBPF only, reserved in eBPF
#define BPF_MODE_ATOMIC \
0xc0 ///< eBPF only: atomic operations. Originally BPF_MODE_XADD

#define BPF_MODE_FETCH \
0x01 /* eBPF only: overwrite 'src' with what was in the modified mem address before it was modified.
NOTE: in contrast to regular modifiers, this one is encoded in the 'imm' field, not opcode!
Must be used for BPF_XCHG and BPF_CMPXCHG. Optional for the other atomic operations. */

#define BPF_MISCOP(code) ((code) & 0x80)
///< Operation of misc
#define BPF_MISCOP_TAX 0x00
#define BPF_MISCOP_TXA 0x80
#define BPF_MISCOP_TAX 0x00
#define BPF_MISCOP_TXA 0x80

#endif
Loading

0 comments on commit 812e654

Please sign in to comment.