add support for bpf syscall

2024-11-27 21:30:33 +00:00 · 2015-11-29 11:05:08 +01:00 · 2015-11-29 11:05:08 +01:00 · 9d1895c1bd
commit 9d1895c1bd
parent 83ec77a110
7 changed files with 597 additions and 426 deletions
--- a/executor/syscalls.h
+++ b/executor/syscalls.h
@ -9,6 +9,9 @@ struct call_t {
 #ifndef __NR_memfd_create
 #define __NR_memfd_create 319
 #endif
+#ifndef __NR_bpf
+#define __NR_bpf 321
+#endif

 #define __NR_syz_openpts	1000001
 #define __NR_syz_dri_open	1000002
@ -111,6 +114,7 @@ call_t syscalls[] = {
 	{"setsockopt$sock_cred", __NR_setsockopt},
 	{"getsockopt$sock_timeval", __NR_getsockopt},
 	{"setsockopt$sock_timeval", __NR_setsockopt},
+	{"setsockopt$sock_attach_bpf", __NR_setsockopt},
 	{"getsockopt$tcp_int", __NR_getsockopt},
 	{"setsockopt$tcp_int", __NR_setsockopt},
 	{"getsockopt$tcp_buf", __NR_getsockopt},
@ -534,4 +538,14 @@ call_t syscalls[] = {
 	{"write$fuse_notify_delete", __NR_write},
 	{"write$fuse_notify_store", __NR_write},
 	{"write$fuse_notify_retrieve", __NR_write},
+	{"bpf$MAP_CREATE", __NR_bpf},
+	{"bpf$MAP_LOOKUP_ELEM", __NR_bpf},
+	{"bpf$MAP_UPDATE_ELEM", __NR_bpf},
+	{"bpf$MAP_DELETE_ELEM", __NR_bpf},
+	{"bpf$MAP_GET_NEXT_KEY", __NR_bpf},
+	{"bpf$PROG_LOAD", __NR_bpf},
+	{"bpf$OBJ_PIN_MAP", __NR_bpf},
+	{"bpf$OBJ_PIN_PROG", __NR_bpf},
+	{"bpf$OBJ_GET_MAP", __NR_bpf},
+	{"bpf$OBJ_GET_PROG", __NR_bpf},
 };
--- a/prog/consts.go
+++ b/prog/consts.go
@ -26,6 +26,25 @@ const (
 	AT_REMOVEDIR                         = 512
 	AT_SYMLINK_FOLLOW                    = 1024
 	AT_SYMLINK_NOFOLLOW                  = 256
+	BPF_ANY                              = 0
+	BPF_EXIST                            = 2
+	BPF_MAP_CREATE                       = 0
+	BPF_MAP_DELETE_ELEM                  = 3
+	BPF_MAP_GET_NEXT_KEY                 = 4
+	BPF_MAP_LOOKUP_ELEM                  = 1
+	BPF_MAP_TYPE_ARRAY                   = 2
+	BPF_MAP_TYPE_HASH                    = 1
+	BPF_MAP_TYPE_PERF_EVENT_ARRAY        = 4
+	BPF_MAP_TYPE_PROG_ARRAY              = 3
+	BPF_MAP_UPDATE_ELEM                  = 2
+	BPF_NOEXIST                          = 1
+	BPF_OBJ_GET                          = 7
+	BPF_OBJ_PIN                          = 6
+	BPF_PROG_LOAD                        = 5
+	BPF_PROG_TYPE_KPROBE                 = 2
+	BPF_PROG_TYPE_SCHED_ACT              = 4
+	BPF_PROG_TYPE_SCHED_CLS              = 3
+	BPF_PROG_TYPE_SOCKET_FILTER          = 1
 	CLOCK_BOOTTIME                       = 7
 	CLOCK_MONOTONIC                      = 1
 	CLOCK_MONOTONIC_COARSE               = 6
@ -806,6 +825,7 @@ const (
 	SOCK_STREAM                          = 1
 	SOL_SOCKET                           = 1
 	SO_ACCEPTCONN                        = 30
+	SO_ATTACH_BPF                        = 50
 	SO_BINDTODEVICE                      = 25
 	SO_BROADCAST                         = 6
 	SO_DEBUG                             = 1
--- a/prog/rand.go
+++ b/prog/rand.go
@ -227,7 +227,7 @@ func (r *randGen) randString(s *state) []byte {
 		"posix_acl_access", "mime_type", "md5sum", "nodev", "self",
 		"bdev", "proc", "cgroup", "cpuset",
 		"lo", "eth0", "eth1", "em0", "em1", "wlan0", "wlan1", "ppp0", "ppp1",
-		"vboxnet0", "vboxnet1", "vmnet0", "vmnet1"}
+		"vboxnet0", "vboxnet1", "vmnet0", "vmnet1", "GPL"}
 	punct := []byte{'!', '@', '#', '$', '%', '^', '&', '*', '(', ')', '-', '+', '\\',
 		'/', ':', '.', ',', '-', '\'', '[', ']', '{', '}'}
 	buf := new(bytes.Buffer)
--- a/sys/decl.go
+++ b/sys/decl.go
@ -73,6 +73,8 @@ const (
 	FdDRI
 	FdFuse
 	FdKdbus
+	FdBpfMap
+	FdBpfProg

 	IPCMsq
 	IPCSem
@ -125,7 +127,8 @@ func (t ResourceType) SpecialValues() []uintptr {
 		return []uintptr{0, ^uintptr(0)}
 	case ResKey:
 		// KEY_SPEC_THREAD_KEYRING values
-		return []uintptr{0, ^uintptr(0), ^uintptr(0) - 1, ^uintptr(0) - 2, ^uintptr(0) - 3, ^uintptr(0) - 4, ^uintptr(0) - 5, ^uintptr(0) - 6, ^uintptr(0) - 7}
+		return []uintptr{0, ^uintptr(0), ^uintptr(0) - 1, ^uintptr(0) - 2, ^uintptr(0) - 3,
+			^uintptr(0) - 4, ^uintptr(0) - 5, ^uintptr(0) - 6, ^uintptr(0) - 7}
 	case ResInotifyDesc:
 		return []uintptr{0}
 	case ResPid:
@ -169,7 +172,8 @@ func (t ResourceType) Size() uintptr {
 func (t ResourceType) SubKinds() []ResourceSubkind {
 	switch t.Kind {
 	case ResFD:
-		return []ResourceSubkind{FdFile, FdSock, FdPipe, FdSignal, FdEvent, FdTimer, FdEpoll, FdDir, FdMq, FdInotify, FdFanotify, FdTty, FdDRI, FdFuse, FdKdbus}
+		return []ResourceSubkind{FdFile, FdSock, FdPipe, FdSignal, FdEvent, FdTimer, FdEpoll,
+			FdDir, FdMq, FdInotify, FdFanotify, FdTty, FdDRI, FdFuse, FdKdbus, FdBpfMap, FdBpfProg}
 	case ResIPC:
 		return []ResourceSubkind{IPCMsq, IPCSem, IPCShm}
 	case ResIOCtx, ResKey, ResInotifyDesc, ResPid, ResUid, ResGid, ResTimerid:
--- a/sys/sys.go
+++ b/sys/sys.go
--- a/sys/sys.txt
+++ b/sys/sys.txt
@ -193,6 +193,7 @@ getsockopt$sock_cred(fd fd[sock], level const[SOL_SOCKET], optname const[SO_PEER
 setsockopt$sock_cred(fd fd[sock], level const[SOL_SOCKET], optname const[SO_PEERCRED], optval ptr[in, ucred], optlen len[optval])
 getsockopt$sock_timeval(fd fd[sock], level const[SOL_SOCKET], optname flags[sockopt_opt_sock_timeval], optval ptr[out, timeval], optlen ptr[inout, len[optval, int32]])
 setsockopt$sock_timeval(fd fd[sock], level const[SOL_SOCKET], optname flags[sockopt_opt_sock_timeval], optval ptr[in, timeval], optlen len[optval])
+setsockopt$sock_attach_bpf(fd fd[sock], level const[SOL_SOCKET], optname const[SO_ATTACH_BPF], optval ptr[in, fd[bpf_prog]], optlen len[optval])
 getsockopt$tcp_int(fd fd[sock], level const[IPPROTO_TCP], optname flags[sockopt_opt_tcp_int], optval ptr[out, int32], optlen ptr[inout, len[optval, int32]])
 setsockopt$tcp_int(fd fd[sock], level const[IPPROTO_TCP], optname flags[sockopt_opt_tcp_int], optval ptr[in, int32], optlen len[optval])
 getsockopt$tcp_buf(fd fd[sock], level const[IPPROTO_TCP], optname const[TCP_INFO], optval buffer[out], optlen ptr[inout, len[optval, int32]])
@ -2327,3 +2328,117 @@ fuse_notify_retrieve_out {
 	size	int32
 	pad	const[0, int32]
 }
+
+
+
+
+# BPF
+
+bpf$MAP_CREATE(cmd const[BPF_MAP_CREATE], arg ptr[in, bpf_map_create_arg], size len[arg]) fd[bpf_map]
+bpf$MAP_LOOKUP_ELEM(cmd const[BPF_MAP_LOOKUP_ELEM], arg ptr[in, bpf_map_lookup_arg], size len[arg])
+bpf$MAP_UPDATE_ELEM(cmd const[BPF_MAP_UPDATE_ELEM], arg ptr[in, bpf_map_update_arg], size len[arg])
+bpf$MAP_DELETE_ELEM(cmd const[BPF_MAP_DELETE_ELEM], arg ptr[in, bpf_map_delete_arg], size len[arg])
+bpf$MAP_GET_NEXT_KEY(cmd const[BPF_MAP_GET_NEXT_KEY], arg ptr[in, bpf_map_get_next_arg], size len[arg])
+bpf$PROG_LOAD(cmd const[BPF_PROG_LOAD], arg ptr[in, bpf_prog], size len[arg]) fd[bpf_prog]
+bpf$OBJ_PIN_MAP(cmd const[BPF_OBJ_PIN], arg ptr[in, bpf_obj_pin_map], size len[arg])
+bpf$OBJ_PIN_PROG(cmd const[BPF_OBJ_PIN], arg ptr[in, bpf_obj_pin_prog], size len[arg])
+bpf$OBJ_GET_MAP(cmd const[BPF_OBJ_GET], arg ptr[in, bpf_obj_get], size len[arg]) fd[bpf_map]
+bpf$OBJ_GET_PROG(cmd const[BPF_OBJ_GET], arg ptr[in, bpf_obj_get], size len[arg]) fd[bpf_prog]
+
+bpf_map_create_arg {
+	type	flags[bpf_map_type, int32]
+	ksize	int32
+	vsize	int32
+	max	int32
+}
+
+bpf_map_lookup_arg {
+	map	fd[bpf_map]
+	pad	const[0, int32]
+	key	buffer[in]
+	val	buffer[out]
+}
+
+bpf_map_update_arg {
+	map	fd[bpf_map]
+	pad	const[0, int32]
+	key	buffer[in]
+	val	buffer[in]
+	flags	flags[bpf_map_flags, int64]
+}
+
+bpf_map_delete_arg {
+	map	fd[bpf_map]
+	pad	const[0, int32]
+	key	buffer[in]
+}
+
+bpf_map_get_next_arg {
+	map	fd[bpf_map]
+	pad	const[0, int32]
+	key	buffer[in]
+	next	buffer[out]
+}
+
+bpf_prog {
+	type	flags[bpf_prog_type, int32]
+	ninsn	len[insns, int32]
+	insns	ptr[in, array[bpf_insn]]
+	license	string
+	loglev	int32
+	logsize	len[log, int32]
+	log	buffer[out]
+	kver	int32
+}
+
+bpf_insn {
+	code	int8
+	dst	int8
+	src	int8
+	off	int16
+	imm	int32
+}
+
+bpf_obj_pin_map {
+	path	filename
+	fd	fd[bpf_map]
+}
+
+bpf_obj_pin_prog {
+	path	filename
+	fd	fd[bpf_prog]
+}
+
+bpf_obj_get {
+	path	filename
+	fd	const[0, int32]
+}
+
+bpf_map_type = BPF_MAP_TYPE_HASH, BPF_MAP_TYPE_ARRAY, BPF_MAP_TYPE_PROG_ARRAY, BPF_MAP_TYPE_PERF_EVENT_ARRAY
+bpf_map_flags = BPF_ANY, BPF_NOEXIST, BPF_EXIST
+bpf_prog_type = BPF_PROG_TYPE_SOCKET_FILTER, BPF_PROG_TYPE_KPROBE, BPF_PROG_TYPE_SCHED_CLS, BPF_PROG_TYPE_SCHED_ACT
+
+define BPF_MAP_CREATE			0
+define BPF_MAP_LOOKUP_ELEM		1
+define BPF_MAP_UPDATE_ELEM		2
+define BPF_MAP_DELETE_ELEM		3
+define BPF_MAP_GET_NEXT_KEY		4
+define BPF_PROG_LOAD			5
+define BPF_OBJ_PIN			6
+define BPF_OBJ_GET			7
+
+define BPF_MAP_TYPE_HASH		1
+define BPF_MAP_TYPE_ARRAY		2
+define BPF_MAP_TYPE_PROG_ARRAY		3
+define BPF_MAP_TYPE_PERF_EVENT_ARRAY	4
+
+define BPF_ANY				0
+define BPF_NOEXIST			1
+define BPF_EXIST			2
+
+define BPF_PROG_TYPE_SOCKET_FILTER	1
+define BPF_PROG_TYPE_KPROBE		2
+define BPF_PROG_TYPE_SCHED_CLS		3
+define BPF_PROG_TYPE_SCHED_ACT		4
+
+define SO_ATTACH_BPF			50
--- a/sysgen/sysgen.go
+++ b/sysgen/sysgen.go
@ -332,6 +332,10 @@ func fmtFdKind(s string) string {
 		return "FdFuse"
 	case "kdbus":
 		return "FdKdbus"
+	case "bpf_map":
+		return "FdBpfMap"
+	case "bpf_prog":
+		return "FdBpfProg"
 	default:
 		failf("bad fd type %v", s)
 		return ""
@ -418,6 +422,9 @@ struct call_t {
 #ifndef __NR_memfd_create
 #define __NR_memfd_create 319
 #endif
+#ifndef __NR_bpf
+#define __NR_bpf 321
+#endif

 #define __NR_syz_openpts	1000001
 #define __NR_syz_dri_open	1000002