diff --git a/Ghidra/Features/Base/src/main/java/ghidra/app/util/opinion/ElfProgramBuilder.java b/Ghidra/Features/Base/src/main/java/ghidra/app/util/opinion/ElfProgramBuilder.java index ddbdd50868..c883e70a35 100644 --- a/Ghidra/Features/Base/src/main/java/ghidra/app/util/opinion/ElfProgramBuilder.java +++ b/Ghidra/Features/Base/src/main/java/ghidra/app/util/opinion/ElfProgramBuilder.java @@ -879,7 +879,7 @@ class ElfProgramBuilder extends MemorySectionResolver implements ElfLoadHelper { } monitor.initialize(totalCount); - ElfRelocationContext context = ElfRelocationContext.getRelocationContext(this, symbolMap); + ElfRelocationContext context = ElfRelocationContext.getRelocationContext(this, symbolMap); try { for (ElfRelocationTable relocationTable : relocationTables) { monitor.checkCancelled(); @@ -894,7 +894,7 @@ class ElfProgramBuilder extends MemorySectionResolver implements ElfLoadHelper { } private void processRelocationTable(ElfRelocationTable relocationTable, - ElfRelocationContext context, TaskMonitor monitor) throws CancelledException { + ElfRelocationContext context, TaskMonitor monitor) throws CancelledException { Address defaultBase = getDefaultAddress(elf.adjustAddressForPrelink(0)); AddressSpace defaultSpace = defaultBase.getAddressSpace(); @@ -953,7 +953,7 @@ class ElfProgramBuilder extends MemorySectionResolver implements ElfLoadHelper { } private void processRelocationTableEntries(ElfRelocationTable relocationTable, - ElfRelocationContext context, AddressSpace relocationSpace, long baseWordOffset, + ElfRelocationContext context, AddressSpace relocationSpace, long baseWordOffset, TaskMonitor monitor) throws CancelledException { if (context != null) { diff --git a/Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/program/database/data/DataTypeManagerDB.java b/Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/program/database/data/DataTypeManagerDB.java index bbb429b9c5..bac085064a 100644 --- a/Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/program/database/data/DataTypeManagerDB.java +++ b/Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/program/database/data/DataTypeManagerDB.java @@ -1243,7 +1243,8 @@ abstract public class DataTypeManagerDB implements DataTypeManager { sourceArchive.getArchiveType() == ArchiveType.BUILT_IN) { resolvedDataType = resolveBuiltIn(dataType); } - else if (sourceArchive == null || dataType.getUniversalID() == null) { + else if (sourceArchive == null || dataType.getUniversalID() == null || + sourceArchive.getArchiveType() == ArchiveType.TEMPORARY) { // if the dataType has no source or it has no ID (datatypes with no ID are // always local i.e. pointers) resolvedDataType = resolveDataTypeNoSource(dataType); diff --git a/Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/program/model/data/ArchiveType.java b/Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/program/model/data/ArchiveType.java index 9c375d62e4..020a0ebb6e 100644 --- a/Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/program/model/data/ArchiveType.java +++ b/Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/program/model/data/ArchiveType.java @@ -21,7 +21,7 @@ public enum ArchiveType { FILE, PROJECT, PROGRAM, - TEST; + TEMPORARY; //@formatter:on public boolean isBuiltIn() { diff --git a/Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/program/model/data/StandAloneDataTypeManager.java b/Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/program/model/data/StandAloneDataTypeManager.java index d698bb9074..de06af07b5 100644 --- a/Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/program/model/data/StandAloneDataTypeManager.java +++ b/Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/program/model/data/StandAloneDataTypeManager.java @@ -923,7 +923,7 @@ public class StandAloneDataTypeManager extends DataTypeManagerDB implements Clos @Override public ArchiveType getType() { - return ArchiveType.TEST; + return ArchiveType.TEMPORARY; } /** diff --git a/Ghidra/Processors/eBPF/src/main/java/ghidra/app/plugin/core/analysis/eBPFAnalyzer.java b/Ghidra/Processors/eBPF/src/main/java/ghidra/app/plugin/core/analysis/eBPFAnalyzer.java deleted file mode 100644 index a37a512570..0000000000 --- a/Ghidra/Processors/eBPF/src/main/java/ghidra/app/plugin/core/analysis/eBPFAnalyzer.java +++ /dev/null @@ -1,1169 +0,0 @@ -/* ### - * IP: GHIDRA - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package ghidra.app.plugin.core.analysis; - -import ghidra.app.cmd.function.SetFunctionNameCmd; -import ghidra.app.cmd.function.SetFunctionVarArgsCommand; -import ghidra.app.cmd.function.SetReturnDataTypeCmd; -import ghidra.app.plugin.core.analysis.ConstantPropagationAnalyzer; -import ghidra.app.plugin.core.analysis.ConstantPropagationContextEvaluator; -import ghidra.util.exception.CancelledException; -import ghidra.util.task.TaskMonitor; -import ghidra.program.model.address.*; -import ghidra.program.model.data.CharDataType; -import ghidra.program.model.data.DataType; -import ghidra.program.model.lang.Processor; -import ghidra.program.model.listing.Program; -import ghidra.program.model.symbol.SourceType; -import ghidra.program.model.symbol.SymbolIterator; -import ghidra.program.model.symbol.SymbolTable; -import ghidra.program.util.*; -import ghidra.program.model.data.IntegerDataType; -import ghidra.program.model.data.PointerDataType; -import ghidra.program.model.data.SignedQWordDataType; -import ghidra.program.model.data.StructureDataType; -import ghidra.program.model.data.UnsignedCharDataType; -import ghidra.program.model.data.UnsignedIntegerDataType; -import ghidra.program.model.data.UnsignedLongDataType; -import ghidra.program.model.data.UnsignedShortDataType; -import ghidra.program.model.data.VoidDataType; -import ghidra.program.model.listing.BookmarkManager; -import ghidra.program.model.listing.CodeUnit; -import ghidra.program.model.listing.Function; -import ghidra.app.cmd.function.AddMemoryParameterCommand; - -public class eBPFAnalyzer extends ConstantPropagationAnalyzer { - private final static String PROCESSOR_NAME = "eBPF"; - - public eBPFAnalyzer() { - super(PROCESSOR_NAME); - } - - @Override - public boolean canAnalyze(Program program) { - return program.getLanguage().getProcessor().equals( - Processor.findOrPossiblyCreateProcessor(PROCESSOR_NAME)); - } - - @Override - public AddressSet flowConstants(final Program program, Address flowStart, AddressSetView flowSet, final SymbolicPropogator symEval, final TaskMonitor monitor) - throws CancelledException { - ContextEvaluator eval = new ConstantPropagationContextEvaluator(monitor, trustWriteMemOption); - AddressSet resultSet = symEval.flowConstants(flowStart, flowSet, eval, true, monitor); - - BookmarkManager bmmanager = program.getBookmarkManager(); - bmmanager.removeBookmarks("Error", "Bad Instruction", monitor); - - SymbolTable table = program.getSymbolTable(); - boolean includeDynamicSymbols = true; - SymbolIterator symbols = table.getAllSymbols(includeDynamicSymbols); - - for (ghidra.program.model.symbol.Symbol s: symbols) { - if (s.getName().contains("syscall")) { - Function func = program.getFunctionManager().getFunctionAt(s.getAddress()); - - //Definitions for datatypes - DataType dstruct = null; - DataType dvoid = new VoidDataType(); - DataType dint = new IntegerDataType(); - DataType dchar = new CharDataType(); - DataType duint = new UnsignedIntegerDataType(); - DataType dulong = new UnsignedLongDataType(); - DataType dushort = new UnsignedShortDataType(); - DataType dslong = new SignedQWordDataType(); - DataType duchar = new UnsignedCharDataType(); - DataType dvp = new PointerDataType(dvoid, 0); - DataType dcp = new PointerDataType(dchar, 0); - DataType dsp; //DataType for struct-pointer - //Command-vars - SetFunctionNameCmd cmdName; - SetReturnDataTypeCmd cmdRet; - AddMemoryParameterCommand cmdArg1; - AddMemoryParameterCommand cmdArg2; - AddMemoryParameterCommand cmdArg3; - AddMemoryParameterCommand cmdArg4; - AddMemoryParameterCommand cmdArg5; - SetFunctionVarArgsCommand cmdVar = new SetFunctionVarArgsCommand(func, true); - - String location = s.getName().substring(14); //Getting address of helper - int helper_id = Integer.parseInt(location, 16); - switch (helper_id) { - case(0x0): - //void bpf_unspec() - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_unspec", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dvoid, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - program.flushEvents(); - break; - case (0x1): - //void *bpf_map_lookup_elem(struct bpf_map *map, const void *key) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_map_lookup_elem", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dvp, SourceType.ANALYSIS); - dstruct = new StructureDataType("struct bpf_map", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "map", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "key", dvp, 1, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - program.flushEvents(); - break; - case (0x2): - //int bpf_map_update_elem(struct bpf_map *map, const void *key, const void *value, u64 flags) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_map_update_elem", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - dstruct = new StructureDataType("struct bpf_map", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "map", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "key", dvp, 1, SourceType.ANALYSIS); - cmdArg3 = new AddMemoryParameterCommand(func, s.getAddress(), "value", dvp, 2, SourceType.ANALYSIS); - cmdArg4 = new AddMemoryParameterCommand(func, s.getAddress(), "flags", dulong, 3, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - cmdArg3.applyTo(program); - cmdArg4.applyTo(program); - program.flushEvents(); - break; - case (0x3): - //int bpf_map_delete_elem(struct bpf_map *map, const void *key) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_map_delete_elem", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - dstruct = new StructureDataType("struct bpf_map", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "map", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "key", dvp, 1, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - program.flushEvents(); - break; - case (0x4): - //int bpf_probe_read(void *dst, u32 size, const void *src) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_probe_read", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "dst", dvp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "size", duint, 1, SourceType.ANALYSIS); - cmdArg3 = new AddMemoryParameterCommand(func, s.getAddress(), "src", dvp, 2, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - cmdArg3.applyTo(program); - program.flushEvents(); - break; - case (0x5): - //u64 bpf_ktime_get_ns(void) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_ktime_get_ns", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dulong, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - program.flushEvents(); - break; - case (0x6): - //int bpf_trace_printk(const char *fmt, u32 fmt_size, ...) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_trace_printk", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "fmt", dcp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "fmt_size", duint, 1, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - program.flushEvents(); - break; - case (0x7): - //u32 bpf_get_prandom_u32(void) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_get_prandom_u32", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), duint, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - program.flushEvents(); - break; - case (0x8): - //u32 bpf_get_smp_processor_id(void) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_get_smp_processor_id", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), duint, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - program.flushEvents(); - break; - case (0x9): - //int bpf_skb_store_bytes(struct sk_buff *skb, u32 offset, const void *from, u32 len, u64 flags) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_skb_store_bytes", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdVar.applyTo(program); - //If we'll set all arguments for this func (as always), it will give rise nasty errors such "Removing unreachable block at (address)" - //int bpf_skb_store_bytes(struct sk_buff *skb, u32 offset, const void *from, u32 len, u64 flags) - program.flushEvents(); - break; - case (0xa): - //int bpf_l3_csum_replace(struct sk_buff *skb, u32 offset, u64 from, u64 to, u64 size) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_l3_csum_replace", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - - dstruct = new StructureDataType("struct sk_buff", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "skb", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "offset", duint, 1, SourceType.ANALYSIS); - cmdArg3 = new AddMemoryParameterCommand(func, s.getAddress(), "from", dulong, 2, SourceType.ANALYSIS); - cmdArg4 = new AddMemoryParameterCommand(func, s.getAddress(), "to", dulong, 3, SourceType.ANALYSIS); - cmdArg5 = new AddMemoryParameterCommand(func, s.getAddress(), "size", dulong, 4, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - cmdArg3.applyTo(program); - cmdArg4.applyTo(program); - cmdArg5.applyTo(program); - program.flushEvents(); - break; - case (0xb): - //int bpf_l4_csum_replace(struct sk_buff *skb, u32 offset, u64 from, u64 to, u64 flags) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_l4_csum_replace", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - - dstruct = new StructureDataType("struct sk_buff", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "skb", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "offset", duint, 1, SourceType.ANALYSIS); - cmdArg3 = new AddMemoryParameterCommand(func, s.getAddress(), "from", dulong, 2, SourceType.ANALYSIS); - cmdArg4 = new AddMemoryParameterCommand(func, s.getAddress(), "to", dulong, 3, SourceType.ANALYSIS); - cmdArg5 = new AddMemoryParameterCommand(func, s.getAddress(), "flags", dulong, 4, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - cmdArg3.applyTo(program); - cmdArg4.applyTo(program); - cmdArg5.applyTo(program); - program.flushEvents(); - break; - case (0xc): - //int bpf_tail_call(void *ctx, struct bpf_map *prog_array_map, u32 index) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_tail_call", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - - dstruct = new StructureDataType("struct bpf_map", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "ctx", dvp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "prog_array_map", dsp, 1, SourceType.ANALYSIS); - cmdArg3 = new AddMemoryParameterCommand(func, s.getAddress(), "index", duint, 2, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - cmdArg3.applyTo(program); - program.flushEvents(); - break; - case (0xd): - //int bpf_clone_redirect(struct sk_buff *skb, u32 ifindex, u64 flags) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_clone_redirect", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - - dstruct = new StructureDataType("struct sk_buff", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "skb", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "ifindex", duint, 1, SourceType.ANALYSIS); - cmdArg3 = new AddMemoryParameterCommand(func, s.getAddress(), "flags", dulong, 2, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - cmdArg3.applyTo(program); - program.flushEvents(); - break; - case (0xe): - //u64 bpf_get_current_pid_tgid(void) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_get_current_pid_tgid", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dulong, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - program.flushEvents(); - break; - case (0xf): - //u64 bpf_get_current_uid_gid(void) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_get_current_uid_gid", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dulong, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - program.flushEvents(); - break; - case (0x10): - //int bpf_get_current_comm(char *buf, u32 size_of_buf) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_get_current_comm", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "buf", dcp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "size_of_buf", duint, 1, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - program.flushEvents(); - break; - case (0x11): - //u32 bpf_get_cgroup_classid(struct sk_buff *skb) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_get_cgroup_classid", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), duint, SourceType.ANALYSIS); - - dstruct = new StructureDataType("struct sk_buff", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "skb", dsp, 0, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - program.flushEvents(); - break; - case (0x12): - //int bpf_skb_vlan_push(struct sk_buff *skb, __be16 vlan_proto, u16 vlan_tci) - //In ghidra Api conditions we must equate__be16 with unsigned short type. - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_skb_vlan_push", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - - dstruct = new StructureDataType("struct sk_buff", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "skb", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "vlan_proto", dushort, 1, SourceType.ANALYSIS); - cmdArg3 = new AddMemoryParameterCommand(func, s.getAddress(), "vlan_tci", dushort, 2, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - cmdArg3.applyTo(program); - program.flushEvents(); - break; - case (0x13): - //int bpf_skb_vlan_pop(struct sk_buff *skb) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_skb_vlan_pop", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - - dstruct = new StructureDataType("struct sk_buff", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "skb", dsp, 0, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - program.flushEvents(); - break; - case (0x14): - //int bpf_skb_get_tunnel_key(struct sk_buff *skb, struct bpf_tunnel_key *key, u32 size, u64 flags) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_skb_get_tunnel_key", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - - dstruct = new StructureDataType("struct sk_buff", 0); - dsp = new PointerDataType(dstruct, 0); - DataType dstruct2 = new StructureDataType("struct bpf_tunnel_key", 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "skb", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "key", new PointerDataType(dstruct2, 0), 1, SourceType.ANALYSIS); - cmdArg3 = new AddMemoryParameterCommand(func, s.getAddress(), "size", duint, 2, SourceType.ANALYSIS); - cmdArg4 = new AddMemoryParameterCommand(func, s.getAddress(), "flags", dulong, 3, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - cmdArg3.applyTo(program); - cmdArg4.applyTo(program); - program.flushEvents(); - break; - case (0x15): - //int bpf_skb_set_tunnel_key(struct sk_buff *skb, struct bpf_tunnel_key *key, u32 size, u64 flags) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_skb_set_tunnel_key", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - - dstruct = new StructureDataType("struct sk_buff", 0); - dsp = new PointerDataType(dstruct, 0); - dstruct2 = new StructureDataType("struct bpf_tunnel_key", 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "skb", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "key", new PointerDataType(dstruct2, 0), 1, SourceType.ANALYSIS); - cmdArg3 = new AddMemoryParameterCommand(func, s.getAddress(), "size", duint, 2, SourceType.ANALYSIS); - cmdArg4 = new AddMemoryParameterCommand(func, s.getAddress(), "flags", dulong, 3, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - cmdArg3.applyTo(program); - cmdArg4.applyTo(program); - program.flushEvents(); - break; - case (0x16): - //u64 bpf_perf_event_read(struct bpf_map *map, u64 flags) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_perf_event_read", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dulong, SourceType.ANALYSIS); - - dstruct = new StructureDataType("struct bpf_map", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "map", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "flags", dulong, 1, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - program.flushEvents(); - break; - case (0x17): - //int bpf_redirect(u32 ifindex, u64 flags) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_redirect", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "ifindex", duint, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "flags", dulong, 1, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - program.flushEvents(); - break; - case (0x18): - //u32 bpf_get_route_realm(struct sk_buff *skb) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_get_route_realm", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), duint, SourceType.ANALYSIS); - - dstruct = new StructureDataType("struct sk_buff", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "skb", dsp, 0, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - program.flushEvents(); - break; - case (0x19): - //int bpf_perf_event_output(struct pt_reg *ctx, struct bpf_map *map, u64 flags, void *data, u64 size) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_perf_event_output", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - - dstruct = new StructureDataType("struct pt_reg", 0); - dsp = new PointerDataType(dstruct, 0); - dstruct2 = new StructureDataType("struct bpf_map", 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "ctx", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "map", new PointerDataType(dstruct2, 0), 1, SourceType.ANALYSIS); - cmdArg3 = new AddMemoryParameterCommand(func, s.getAddress(), "flags", dulong, 2, SourceType.ANALYSIS); - cmdArg4 = new AddMemoryParameterCommand(func, s.getAddress(), "data", dvp, 3, SourceType.ANALYSIS); - cmdArg5 = new AddMemoryParameterCommand(func, s.getAddress(), "size", dulong, 4, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - cmdArg3.applyTo(program); - cmdArg4.applyTo(program); - cmdArg5.applyTo(program); - program.flushEvents(); - break; - case (0x1a): - //int bpf_skb_load_bytes(const struct sk_buff *skb, u32 offset, void *to, u32 len) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_skb_load_bytes", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - - dstruct = new StructureDataType("struct sk_buff", 0); - dsp = new PointerDataType(dstruct, 0); - dstruct2 = new StructureDataType("struct bpf_map", 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "skb", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "offset", duint, 1, SourceType.ANALYSIS); - cmdArg3 = new AddMemoryParameterCommand(func, s.getAddress(), "to", dvp, 2, SourceType.ANALYSIS); - cmdArg4 = new AddMemoryParameterCommand(func, s.getAddress(), "len", duint, 3, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - cmdArg3.applyTo(program); - cmdArg4.applyTo(program); - program.flushEvents(); - break; - case (0x1b): - //int bpf_get_stackid(struct pt_reg *ctx, struct bpf_map *map, u64 flags) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_get_stackid", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - - dstruct = new StructureDataType("struct pt_reg", 0); - dsp = new PointerDataType(dstruct, 0); - dstruct2 = new StructureDataType("struct bpf_map", 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "ctx", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "map", new PointerDataType(dstruct2, 0), 1, SourceType.ANALYSIS); - cmdArg3 = new AddMemoryParameterCommand(func, s.getAddress(), "flags", dulong, 2, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - cmdArg3.applyTo(program); - program.flushEvents(); - break; - case (0x1c): - //s64 bpf_csum_diff(__be32 *from, u32 from_size, __be32 *to, u32 to_size, __wsum seed) - //In ghidra Api conditions we must equate __be32 and __wsum with u32 (knowing typedef). - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_csum_diff", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dslong, SourceType.ANALYSIS); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "from", new PointerDataType(duint, 0), 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "from_size", duint, 1, SourceType.ANALYSIS); - cmdArg3 = new AddMemoryParameterCommand(func, s.getAddress(), "to", new PointerDataType(duint, 0), 2, SourceType.ANALYSIS); - cmdArg4 = new AddMemoryParameterCommand(func, s.getAddress(), "to_size", duint, 3, SourceType.ANALYSIS); - cmdArg5 = new AddMemoryParameterCommand(func, s.getAddress(), "seed", duint, 4, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - cmdArg3.applyTo(program); - cmdArg4.applyTo(program); - cmdArg5.applyTo(program); - program.flushEvents(); - break; - case (0x1d): - //int bpf_skb_get_tunnel_opt(struct sk_buff *skb, u8 *opt, u32 size) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_skb_get_tunnel_opt", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - - dstruct = new StructureDataType("struct sk_buff", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "skb", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "opt", new PointerDataType(duchar, 0), 1, SourceType.ANALYSIS); - cmdArg3 = new AddMemoryParameterCommand(func, s.getAddress(), "size", duint, 2, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - cmdArg3.applyTo(program); - program.flushEvents(); - break; - case (0x1e): - //int bpf_skb_set_tunnel_opt(struct sk_buff *skb, u8 *opt, u32 size) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_skb_set_tunnel_opt", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - - dstruct = new StructureDataType("struct sk_buff", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "skb", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "opt", new PointerDataType(duchar, 0), 1, SourceType.ANALYSIS); - cmdArg3 = new AddMemoryParameterCommand(func, s.getAddress(), "size", duint, 2, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - cmdArg3.applyTo(program); - program.flushEvents(); - break; - case (0x1f): - //int bpf_skb_change_proto(struct sk_buff *skb, __be16 proto, u64 flags) - //__be16 equals u16 for big-endian - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_skb_change_proto", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - - dstruct = new StructureDataType("struct sk_buff", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "skb", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "proto", dushort, 1, SourceType.ANALYSIS); - cmdArg3 = new AddMemoryParameterCommand(func, s.getAddress(), "flags", dulong, 2, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - cmdArg3.applyTo(program); - program.flushEvents(); - break; - case (0x20): - //int bpf_skb_change_type(struct sk_buff *skb, u32 type) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_skb_change_type", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - - dstruct = new StructureDataType("struct sk_buff", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "skb", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "type", duint, 1, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - program.flushEvents(); - break; - case (0x21): - //int bpf_skb_under_cgroup(struct sk_buff *skb, struct bpf_map *map, u32 index) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_skb_under_cgroup", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - - dstruct = new StructureDataType("struct sk_buff", 0); - dsp = new PointerDataType(dstruct, 0); - dstruct2 = new StructureDataType("struct bpf_map", 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "skb", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "map", new PointerDataType(dstruct2, 0), 1, SourceType.ANALYSIS); - cmdArg3 = new AddMemoryParameterCommand(func, s.getAddress(), "index", duint, 2, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - cmdArg3.applyTo(program); - program.flushEvents(); - break; - case (0x22): - //u32 bpf_get_hash_recalc(struct sk_buff *skb) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_get_hash_recalc", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), duint, SourceType.ANALYSIS); - dstruct = new StructureDataType("struct sk_buff", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "skb", dsp, 0, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - program.flushEvents(); - break; - case (0x23): - //u64 bpf_get_current_task(void) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_get_current_task", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dulong, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - program.flushEvents(); - break; - case (0x24): - //int bpf_probe_write_user(void *dst, const void *src, u32 len) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_probe_write_user", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "dst", dvp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "src", dvp, 1, SourceType.ANALYSIS); - cmdArg3 = new AddMemoryParameterCommand(func, s.getAddress(), "len", duint, 2, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - cmdArg3.applyTo(program); - program.flushEvents(); - break; - case (0x25): - //int bpf_current_task_under_cgroup(struct bpf_map *map, u32 index) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_current_task_under_cgroup", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - - dstruct = new StructureDataType("struct bpf_map", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "map", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "index", duint, 1, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - program.flushEvents(); - break; - case (0x26): - //int bpf_skb_change_tail(struct sk_buff *skb, u32 len, u64 flags) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_skb_change_tail", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - - dstruct = new StructureDataType("struct sk_buff", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "skb", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "len", duint, 1, SourceType.ANALYSIS); - cmdArg3 = new AddMemoryParameterCommand(func, s.getAddress(), "flags", dulong, 2, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - cmdArg3.applyTo(program); - program.flushEvents(); - break; - case (0x27): - //int bpf_skb_pull_data(struct sk_buff *skb, u32 len) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_skb_pull_data", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - - dstruct = new StructureDataType("struct sk_buff", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "skb", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "len", duint, 1, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - program.flushEvents(); - break; - case (0x28): - //s64 bpf_csum_update(struct sk_buff *skb, __wsum csum) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_csum_update", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dslong, SourceType.ANALYSIS); - - dstruct = new StructureDataType("struct sk_buff", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "skb", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "csum", duint, 1, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - program.flushEvents(); - break; - case (0x29): - //void bpf_set_hash_invalid(struct sk_buff *skb) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_set_hash_invalid", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dvoid, SourceType.ANALYSIS); - - dstruct = new StructureDataType("struct sk_buff", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "skb", dsp, 0, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - program.flushEvents(); - break; - case (0x2a): - //int bpf_get_numa_node_id(void) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_get_numa_node_id", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - program.flushEvents(); - break; - case (0x2b): - //int bpf_skb_change_head(struct sk_buff *skb, u32 len, u64 flags) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_skb_change_head", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - - dstruct = new StructureDataType("struct sk_buff", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "skb", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "len", duint, 1, SourceType.ANALYSIS); - cmdArg3 = new AddMemoryParameterCommand(func, s.getAddress(), "flags", dulong, 2, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - cmdArg3.applyTo(program); - program.flushEvents(); - break; - case (0x2c): - //int bpf_xdp_adjust_head(struct xdp_buff *xdp_md, int delta) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_xdp_adjust_head", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - - dstruct = new StructureDataType("struct xdp_buff", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "xdp_md", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "delta", dint, 1, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - program.flushEvents(); - break; - case (0x2d): - //int bpf_probe_read_str(void *dst, u32 size, const void *unsafe_ptr) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_probe_read_str", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - - dstruct = new StructureDataType("struct xdp_buff", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "dst", dvp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "size", duint, 1, SourceType.ANALYSIS); - cmdArg3 = new AddMemoryParameterCommand(func, s.getAddress(), "unsafe_ptr", dvp, 2, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - cmdArg3.applyTo(program); - program.flushEvents(); - break; - case (0x2e): - //u64 bpf_get_socket_cookie(struct sk_buff *skb) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_get_socket_cookie", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dulong, SourceType.ANALYSIS); - dstruct = new StructureDataType("struct sk_buff", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "skb", dsp, 0, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - program.flushEvents(); - break; - case (0x2f): - //u64 bpf_get_socket_cookie(struct bpf_sock_addr *ctx) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_get_socket_cookie", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dulong, SourceType.ANALYSIS); - dstruct = new StructureDataType("struct bpf_sock_addr", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "ctx", dsp, 0, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - program.flushEvents(); - break; - case (0x30): - //u64 bpf_get_socket_cookie(struct bpf_sock_ops *ctx) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_get_socket_cookie", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dulong, SourceType.ANALYSIS); - dstruct = new StructureDataType("struct bpf_sock_ops", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "ctx", dsp, 0, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - program.flushEvents(); - break; - case (0x31): - //u32 bpf_get_socket_uid(struct sk_buff *skb) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_get_socket_uid", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), duint, SourceType.ANALYSIS); - dstruct = new StructureDataType("struct sk_buff", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "skb", dsp, 0, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - program.flushEvents(); - break; - case (0x32): - //int bpf_set_hash(struct sk_buff *skb, u32 hash) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_set_hash", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - dstruct = new StructureDataType("struct sk_buff", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "skb", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "hash", duint, 1, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - program.flushEvents(); - break; - case (0x33): - //int bpf_setsockopt(void *bpf_socket, int level, int optname, void *optval, int optlen) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_setsockopt", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdVar.applyTo(program); - program.flushEvents(); - break; - case (0x34): - //int bpf_skb_adjust_room(struct sk_buff *skb, s32 len_diff, u32 mode, u64 flags) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_skb_adjust_room", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - dstruct = new StructureDataType("struct sk_buff", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "skb", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "len_diff", dint, 1, SourceType.ANALYSIS); - cmdArg3 = new AddMemoryParameterCommand(func, s.getAddress(), "mode", duint, 2, SourceType.ANALYSIS); - cmdArg4 = new AddMemoryParameterCommand(func, s.getAddress(), "flags", dulong, 3, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - cmdArg3.applyTo(program); - cmdArg4.applyTo(program); - program.flushEvents(); - break; - case (0x35): - //int bpf_redirect_map(struct bpf_map *map, u32 key, u64 flags) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_redirect_map", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - dstruct = new StructureDataType("struct bpf_map", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "map", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "key", duint, 1, SourceType.ANALYSIS); - cmdArg3 = new AddMemoryParameterCommand(func, s.getAddress(), "flags", dulong, 2, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - cmdArg3.applyTo(program); - program.flushEvents(); - break; - case (0x36): - //int bpf_sk_redirect_map(struct sk_buff *skb, struct bpf_map *map, u32 key, u64 flags) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_sk_redirect_map", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - dstruct = new StructureDataType("struct sk_buff", 0); - dsp = new PointerDataType(dstruct, 0); - dstruct2 = new StructureDataType("struct bpf_map", 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "skb", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "map", new PointerDataType(dstruct2, 0), 1, SourceType.ANALYSIS); - cmdArg3 = new AddMemoryParameterCommand(func, s.getAddress(), "key", duint, 2, SourceType.ANALYSIS); - cmdArg4 = new AddMemoryParameterCommand(func, s.getAddress(), "flags", dulong, 3, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - cmdArg3.applyTo(program); - cmdArg4.applyTo(program); - program.flushEvents(); - break; - case (0x37): - //int bpf_sock_map_update(struct bpf_sock_ops *skops, struct bpf_map *map, void *key, u64 flags) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_sock_map_update", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - dstruct = new StructureDataType("struct bpf_sock_ops", 0); - dsp = new PointerDataType(dstruct, 0); - dstruct2 = new StructureDataType("struct bpf_map", 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "skops", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "map", new PointerDataType(dstruct2, 0), 1, SourceType.ANALYSIS); - cmdArg3 = new AddMemoryParameterCommand(func, s.getAddress(), "key", dvp, 2, SourceType.ANALYSIS); - cmdArg4 = new AddMemoryParameterCommand(func, s.getAddress(), "flags", dulong, 3, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - cmdArg3.applyTo(program); - cmdArg4.applyTo(program); - program.flushEvents(); - break; - case (0x38): - //int bpf_xdp_adjust_meta(struct xdp_buff *xdp_md, int delta) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_xdp_adjust_meta", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - dstruct = new StructureDataType("struct xdp_buff", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "xdp_md", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "delta", dint, 1, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - program.flushEvents(); - break; - case (0x39): - //int bpf_perf_event_read_value(struct bpf_map *map, u64 flags, struct bpf_perf_event_value *buf, u32 buf_size) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_perf_event_read_value", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - dstruct = new StructureDataType("struct bpf_map", 0); - dsp = new PointerDataType(dstruct, 0); - dstruct2 = new StructureDataType("struct bpf_perf_event_value", 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "map", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "flags", dulong, 1, SourceType.ANALYSIS); - cmdArg3 = new AddMemoryParameterCommand(func, s.getAddress(), "buf", new PointerDataType(dstruct2, 0), 2, SourceType.ANALYSIS); - cmdArg4 = new AddMemoryParameterCommand(func, s.getAddress(), "buf_size", duint, 3, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - cmdArg3.applyTo(program); - cmdArg4.applyTo(program); - program.flushEvents(); - break; - case (0x3a): - //int bpf_perf_prog_read_value(struct bpf_perf_event_data *ctx, struct bpf_perf_event_value *buf, u32 buf_size) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_perf_prog_read_value", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - dstruct = new StructureDataType("struct bpf_perf_event_data", 0); - dsp = new PointerDataType(dstruct, 0); - dstruct2 = new StructureDataType("struct bpf_perf_event_value", 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "ctx", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "buf", new PointerDataType(dstruct2, 0), 1, SourceType.ANALYSIS); - cmdArg3 = new AddMemoryParameterCommand(func, s.getAddress(), "buf_size", duint, 2, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - cmdArg3.applyTo(program); - program.flushEvents(); - break; - case (0x3b): - //int bpf_getsockopt(void *bpf_socket, int level, int optname, void *optval, int optlen) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_getsockopt", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdVar.applyTo(program); - program.flushEvents(); - break; - case (0x3c): - //int bpf_override_return(struct pt_regs *regs, u64 rc) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_override_return", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - dstruct = new StructureDataType("struct pt_regs", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "regs", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "rc", dulong, 1, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - program.flushEvents(); - break; - case (0x3d): - //int bpf_sock_ops_cb_flags_set(struct bpf_sock_ops *bpf_sock, int argval) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_sock_ops_cb_flags_set", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - dstruct = new StructureDataType("struct bpf_sock_ops", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "bpf_sock", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "argval", dint, 1, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - program.flushEvents(); - break; - case (0x3e): - //int bpf_msg_redirect_map(struct sk_msg_buff *msg, struct bpf_map *map, u32 key, u64 flags) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_msg_redirect_map", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - dstruct = new StructureDataType("struct sk_msg_buff", 0); - dsp = new PointerDataType(dstruct, 0); - dstruct2 = new StructureDataType("struct bpf_map", 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "msg", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "map", new PointerDataType(dstruct2, 0), 1, SourceType.ANALYSIS); - cmdArg3 = new AddMemoryParameterCommand(func, s.getAddress(), "key", duint, 2, SourceType.ANALYSIS); - cmdArg4 = new AddMemoryParameterCommand(func, s.getAddress(), "flags", dulong, 3, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - cmdArg3.applyTo(program); - cmdArg4.applyTo(program); - program.flushEvents(); - break; - case (0x3f): - //int bpf_msg_apply_bytes(struct sk_msg_buff *msg, u32 bytes) - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_msg_apply_bytes", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dint, SourceType.ANALYSIS); - dstruct = new StructureDataType("struct sk_msg_buff", 0); - dsp = new PointerDataType(dstruct, 0); - - cmdArg1 = new AddMemoryParameterCommand(func, s.getAddress(), "msg", dsp, 0, SourceType.ANALYSIS); - cmdArg2 = new AddMemoryParameterCommand(func, s.getAddress(), "bytes", duint, 1, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - cmdArg1.applyTo(program); - cmdArg2.applyTo(program); - program.flushEvents(); - break; - default: - //void bpf_undef() - cmdName = new SetFunctionNameCmd(s.getAddress(), "bpf_undef", SourceType.ANALYSIS); - cmdRet = new SetReturnDataTypeCmd(s.getAddress(), dvoid, SourceType.ANALYSIS); - - cmdName.applyTo(program); - cmdRet.applyTo(program); - program.flushEvents(); - break; - } - bmmanager.setBookmark(s.getAddress(), "Analysis", "eBPF-helpers", "eBPF-helper Identified"); - } - } - return resultSet; - } -} diff --git a/Ghidra/Processors/eBPF/src/main/java/ghidra/app/plugin/core/analysis/eBPFHelperDataTypes.java b/Ghidra/Processors/eBPF/src/main/java/ghidra/app/plugin/core/analysis/eBPFHelperDataTypes.java new file mode 100644 index 0000000000..695f152931 --- /dev/null +++ b/Ghidra/Processors/eBPF/src/main/java/ghidra/app/plugin/core/analysis/eBPFHelperDataTypes.java @@ -0,0 +1,426 @@ +/* ### + * IP: GHIDRA + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package ghidra.app.plugin.core.analysis; + +import java.io.Closeable; +import java.io.IOException; + +import ghidra.app.plugin.core.analysis.TransientProgramProperties.SCOPE; +import ghidra.app.util.cparser.C.CParser; +import ghidra.app.util.cparser.C.ParseException; +import ghidra.app.util.importer.MessageLog; +import ghidra.docking.settings.Settings; +import ghidra.program.model.data.*; +import ghidra.program.model.listing.Program; +import ghidra.util.Msg; + +public class eBPFHelperDataTypes implements Closeable { + + private static final String EBPF_DATATYPE_MGR_PROPERTY_KEY = "eBPFDataTypes"; + + /** + * Ordered list of BPF helper functions. Array index corresponds to helper ID. + * A null may be substituted for a missing/unknown function definition. + * + * References: + * https://github.com/torvalds/linux/blob/master/include/uapi/linux/bpf.h + * https://man7.org/linux/man-pages/man7/bpf-helpers.7.html + */ + private static final String[] bpfHelperSignatures = new String[] { + // Helper IDs: 0..9 + "void bpf_unspec()", + "void *bpf_map_lookup_elem(struct bpf_map *map, const void *key)", + "int bpf_map_update_elem(struct bpf_map *map, const void *key, const void *value, u64 flags)", + "int bpf_map_delete_elem(struct bpf_map *map, const void *key)", + "int bpf_probe_read(void *dst, u32 size, const void *src)", + "u64 bpf_ktime_get_ns(void)", + "int bpf_trace_printk(const char *fmt, u32 fmt_size, ...)", + "u32 bpf_get_prandom_u32(void)", + "u32 bpf_get_smp_processor_id(void)", + "int bpf_skb_store_bytes(struct sk_buff *skb, u32 offset, const void *from, u32 len, u64 flags)", + + // Helper IDs: 10..19 + "int bpf_l3_csum_replace(struct sk_buff *skb, u32 offset, u64 from, u64 to, u64 size)", + "int bpf_l4_csum_replace(struct sk_buff *skb, u32 offset, u64 from, u64 to, u64 flags)", + "int bpf_tail_call(void *ctx, struct bpf_map *prog_array_map, u32 index)", + "int bpf_clone_redirect(struct sk_buff *skb, u32 ifindex, u64 flags)", + "u64 bpf_get_current_pid_tgid(void)", + "u64 bpf_get_current_uid_gid(void)", + "int bpf_get_current_comm(char *buf, u32 size_of_buf)", + "u32 bpf_get_cgroup_classid(struct sk_buff *skb)", + "int bpf_skb_vlan_push(struct sk_buff *skb, __be16 vlan_proto, u16 vlan_tci)", + "int bpf_skb_vlan_pop(struct sk_buff *skb)", + + // Helper IDs: 20..29 + "int bpf_skb_get_tunnel_key(struct sk_buff *skb, struct bpf_tunnel_key *key, u32 size, u64 flags)", + "int bpf_skb_set_tunnel_key(struct sk_buff *skb, struct bpf_tunnel_key *key, u32 size, u64 flags)", + "u64 bpf_perf_event_read(struct bpf_map *map, u64 flags)", + "int bpf_redirect(u32 ifindex, u64 flags)", + "u32 bpf_get_route_realm(struct sk_buff *skb)", + "int bpf_perf_event_output(struct pt_reg *ctx, struct bpf_map *map, u64 flags, void *data, u64 size)", + "int bpf_skb_load_bytes(const struct sk_buff *skb, u32 offset, void *to, u32 len)", + "int bpf_get_stackid(struct pt_reg *ctx, struct bpf_map *map, u64 flags)", + "s64 bpf_csum_diff(__be32 *from, u32 from_size, __be32 *to, u32 to_size, __wsum seed)", + "int bpf_skb_get_tunnel_opt(struct sk_buff *skb, u8 *opt, u32 size)", + + // Helper IDs: 30..39 + "int bpf_skb_set_tunnel_opt(struct sk_buff *skb, u8 *opt, u32 size)", + "int bpf_skb_change_proto(struct sk_buff *skb, __be16 proto, u64 flags)", + "int bpf_skb_change_type(struct sk_buff *skb, u32 type)", + "int bpf_skb_under_cgroup(struct sk_buff *skb, struct bpf_map *map, u32 index)", + "u32 bpf_get_hash_recalc(struct sk_buff *skb)", + "u64 bpf_get_current_task(void)", + "int bpf_probe_write_user(void *dst, const void *src, u32 len)", + "int bpf_current_task_under_cgroup(struct bpf_map *map, u32 index)", + "int bpf_skb_change_tail(struct sk_buff *skb, u32 len, u64 flags)", + "int bpf_skb_pull_data(struct sk_buff *skb, u32 len)", + + // Helper IDs: 40..49 + "s64 bpf_csum_update(struct sk_buff *skb, __wsum csum)", + "void bpf_set_hash_invalid(struct sk_buff *skb)", + "int bpf_get_numa_node_id(void)", + "int bpf_skb_change_head(struct sk_buff *skb, u32 len, u64 flags)", + "int bpf_xdp_adjust_head(struct xdp_buff *xdp_md, int delta)", + "int bpf_probe_read_str(void *dst, u32 size, const void *unsafe_ptr)", + // NOTE: bpf_get_socket_cookie function is overloaded based upon program type so + // we define the argument as a void pointer within the generic function definition + // u64 bpf_get_socket_cookie(struct sk_buff *skb) + // u64 bpf_get_socket_cookie(struct bpf_sock_addr *ctx) + // u64 bpf_get_socket_cookie(struct bpf_sock_ops *ctx) + // u64 bpf_get_socket_cookie(struct sock *sk) + "u64 bpf_get_socket_cookie(void *ctx)", + "u32 bpf_get_socket_uid(struct sk_buff *skb)", + "int bpf_set_hash(struct sk_buff *skb, u32 hash)", + "int bpf_setsockopt(void *bpf_socket, int level, int optname, void *optval, int optlen)", + + // Helper IDs: 50..59 + "int bpf_skb_adjust_room(struct sk_buff *skb, s32 len_diff, u32 mode, u64 flags)", + "int bpf_redirect_map(struct bpf_map *map, u32 key, u64 flags)", + "int bpf_sk_redirect_map(struct sk_buff *skb, struct bpf_map *map, u32 key, u64 flags)", + "int bpf_sock_map_update(struct bpf_sock_ops *skops, struct bpf_map *map, void *key, u64 flags)", + "int bpf_xdp_adjust_meta(struct xdp_buff *xdp_md, int delta)", + "int bpf_perf_event_read_value(struct bpf_map *map, u64 flags, struct bpf_perf_event_value *buf, u32 buf_size)", + "int bpf_perf_prog_read_value(struct bpf_perf_event_data *ctx, struct bpf_perf_event_value *buf, u32 buf_size)", + "int bpf_getsockopt(void *bpf_socket, int level, int optname, void *optval, int optlen)", + "int bpf_override_return(struct pt_regs *regs, u64 rc)", + "int bpf_sock_ops_cb_flags_set(struct bpf_sock_ops *bpf_sock, int argval)", + + // Helper IDs: 60..69 + "int bpf_msg_redirect_map(struct sk_msg_buff *msg, struct bpf_map *map, u32 key, u64 flags)", + "int bpf_msg_apply_bytes(struct sk_msg_buff *msg, u32 bytes)", + "long bpf_msg_cork_bytes(struct sk_msg_buff *msg, u32 bytes)", + "long bpf_msg_pull_data(struct sk_msg_buff *msg, u32 start, u32 end, u64 flags)", + "long bpf_bind(struct bpf_sock_addr *ctx, struct sockaddr *addr, int addr_len)", + "long bpf_xdp_adjust_tail(struct xdp_buff *xdp_md, int delta)", + "long bpf_skb_get_xfrm_state(struct sk_buff *skb, u32 index, struct bpf_xfrm_state *xfrm_state, u32 size, u64 flags)", + "long bpf_get_stack(void *ctx, void *buf, u32 size, u64 flags)", + "long bpf_skb_load_bytes_relative(const void *skb, u32 offset, void *to, u32 len, u32 start_header)", + "long bpf_fib_lookup(void *ctx, struct bpf_fib_lookup *params, int plen, u32 flags)", + + // Helper IDs: 70..79 + "long bpf_sock_hash_update(struct bpf_sock_ops *skops, struct bpf_map *map, void *key, u64 flags)", + "long bpf_msg_redirect_hash(struct sk_msg_buff *msg, struct bpf_map *map, void *key, u64 flags)", + "long bpf_sk_redirect_hash(struct sk_buff *skb, struct bpf_map *map, void *key, u64 flags)", + "long bpf_lwt_push_encap(struct sk_buff *skb, u32 type, void *hdr, u32 len)", + "long bpf_lwt_seg6_store_bytes(struct sk_buff *skb, u32 offset, const void *from, u32 len)", + "long bpf_lwt_seg6_adjust_srh(struct sk_buff *skb, u32 offset, s32 delta)", + "long bpf_lwt_seg6_action(struct sk_buff *skb, u32 action, void *param, u32 param_len)", + "long bpf_rc_repeat(void *ctx)", + "long bpf_rc_keydown(void *ctx, u32 protocol, u64 scancode, u32 toggle)", + "u64 bpf_skb_cgroup_id(struct sk_buff *skb)", + + // Helper IDs: 80..89 + "u64 bpf_get_current_cgroup_id(void)", + "void *bpf_get_local_storage(void *map, u64 flags)", + "long bpf_sk_select_reuseport(struct sk_reuseport_md *reuse, struct bpf_map *map, void *key, u64 flags)", + "u64 bpf_skb_ancestor_cgroup_id(struct sk_buff *skb, int ancestor_level)", + "struct bpf_sock *bpf_sk_lookup_tcp(void *ctx, struct bpf_sock_tuple *tuple, u32 tuple_size, u64 netns, u64 flags)", + "struct bpf_sock *bpf_sk_lookup_udp(void *ctx, struct bpf_sock_tuple *tuple, u32 tuple_size, u64 netns, u64 flags)", + "long bpf_sk_release(void *sock)", + "long bpf_map_push_elem(struct bpf_map *map, const void *value, u64 flags)", + "long bpf_map_pop_elem(struct bpf_map *map, void *value)", + "long bpf_map_peek_elem(struct bpf_map *map, void *value)", + + // Helper IDs: 90..99 + "long bpf_msg_push_data(struct sk_msg_buff *msg, u32 start, u32 len, u64 flags)", + "long bpf_msg_pop_data(struct sk_msg_buff *msg, u32 start, u32 len, u64 flags)", + "long bpf_rc_pointer_rel(void *ctx, s32 rel_x, s32 rel_y)", + "long bpf_spin_lock(struct bpf_spin_lock *lock)", + "long bpf_spin_unlock(struct bpf_spin_lock *lock)", + "struct bpf_sock *bpf_sk_fullsock(struct bpf_sock *sk)", + "struct bpf_tcp_sock *bpf_tcp_sock(struct bpf_sock *sk)", + "long bpf_skb_ecn_set_ce(struct sk_buff *skb)", + "struct bpf_sock *bpf_get_listener_sock(struct bpf_sock *sk)", + "struct bpf_sock *bpf_skc_lookup_tcp(void *ctx, struct bpf_sock_tuple *tuple, u32 tuple_size, u64 netns, u64 flags)", + + // Helper IDs: 100..109 + "long bpf_tcp_check_syncookie(void *sk, void *iph, u32 iph_len, struct tcphdr *th, u32 th_len)", + "long bpf_sysctl_get_name(struct bpf_sysctl *ctx, char *buf, size_t buf_len, u64 flags)", + "long bpf_sysctl_get_current_value(struct bpf_sysctl *ctx, char *buf, size_t buf_len)", + "long bpf_sysctl_get_new_value(struct bpf_sysctl *ctx, char *buf, size_t buf_len)", + "long bpf_sysctl_set_new_value(struct bpf_sysctl *ctx, const char *buf, size_t buf_len)", + "long bpf_strtol(const char *buf, size_t buf_len, u64 flags, long *res)", + "long bpf_strtoul(const char *buf, size_t buf_len, u64 flags, unsigned long *res)", + "void *bpf_sk_storage_get(struct bpf_map *map, void *sk, void *value, u64 flags)", + "long bpf_sk_storage_delete(struct bpf_map *map, void *sk)", + "long bpf_send_signal(u32 sig)", + + // Helper IDs: 110..119 + "s64 bpf_tcp_gen_syncookie(void *sk, void *iph, u32 iph_len, struct tcphdr *th, u32 th_len)", + "long bpf_skb_output(void *ctx, struct bpf_map *map, u64 flags, void *data, u64 size)", + "long bpf_probe_read_user(void *dst, u32 size, const void *unsafe_ptr)", + "long bpf_probe_read_kernel(void *dst, u32 size, const void *unsafe_ptr)", + "long bpf_probe_read_user_str(void *dst, u32 size, const void *unsafe_ptr)", + "long bpf_probe_read_kernel_str(void *dst, u32 size, const void *unsafe_ptr)", + "long bpf_tcp_send_ack(void *tp, u32 rcv_nxt)", + "long bpf_send_signal_thread(u32 sig)", + "u64 bpf_jiffies64(void)", + "long bpf_read_branch_records(struct bpf_perf_event_data *ctx, void *buf, u32 size, u64 flags)", + // Helper IDs: 120..129 + "long bpf_get_ns_current_pid_tgid(u64 dev, u64 ino, struct bpf_pidns_info *nsdata, u32 size)", + "long bpf_xdp_output(void *ctx, struct bpf_map *map, u64 flags, void *data, u64 size)", + "u64 bpf_get_netns_cookie(void *ctx)", + "u64 bpf_get_current_ancestor_cgroup_id(int ancestor_level)", + "long bpf_sk_assign(struct bpf_sk_lookup *ctx, struct bpf_sock *sk, u64 flags)", + "u64 bpf_ktime_get_boot_ns(void)", + "long bpf_seq_printf(struct seq_file *m, const char *fmt, u32 fmt_size, const void *data, u32 data_len)", + "long bpf_seq_write(struct seq_file *m, const void *data, u32 len)", + "u64 bpf_sk_cgroup_id(void *sk)", + "u64 bpf_sk_ancestor_cgroup_id(void *sk, int ancestor_level)", + + // Helper IDs: 130..139 + "long bpf_ringbuf_output(void *ringbuf, void *data, u64 size, u64 flags)", + "void *bpf_ringbuf_reserve(void *ringbuf, u64 size, u64 flags)", + "void bpf_ringbuf_submit(void *data, u64 flags)", + "void bpf_ringbuf_discard(void *data, u64 flags)", + "u64 bpf_ringbuf_query(void *ringbuf, u64 flags)", + "long bpf_csum_level(struct sk_buff *skb, u64 level)", + "struct tcp6_sock *bpf_skc_to_tcp6_sock(void *sk)", + "struct tcp_sock *bpf_skc_to_tcp_sock(void *sk)", + "struct tcp_timewait_sock *bpf_skc_to_tcp_timewait_sock(void *sk)", + "struct tcp_request_sock *bpf_skc_to_tcp_request_sock(void *sk)", + + // Helper IDs: 140..149 + "struct udp6_sock *bpf_skc_to_udp6_sock(void *sk)", + "long bpf_get_task_stack(struct task_struct *task, void *buf, u32 size, u64 flags)", + "long bpf_load_hdr_opt(struct bpf_sock_ops *skops, void *searchby_res, u32 len, u64 flags)", + "long bpf_store_hdr_opt(struct bpf_sock_ops *skops, const void *from, u32 len, u64 flags)", + "long bpf_reserve_hdr_opt(struct bpf_sock_ops *skops, u32 len, u64 flags)", + "void *bpf_inode_storage_get(struct bpf_map *map, void *inode, void *value, u64 flags)", + "int bpf_inode_storage_delete(struct bpf_map *map, void *inode)", + "long bpf_d_path(struct path *path, char *buf, u32 sz)", + "long bpf_copy_from_user(void *dst, u32 size, const void *user_ptr)", + "long bpf_snprintf_btf(char *str, u32 str_size, struct btf_ptr *ptr, u32 btf_ptr_size, u64 flags)", + + // Helper IDs: 150..159 + "long bpf_seq_printf_btf(struct seq_file *m, struct btf_ptr *ptr, u32 ptr_size, u64 flags)", + "u64 bpf_skb_cgroup_classid(struct sk_buff *skb)", + "long bpf_redirect_neigh(u32 ifindex, struct bpf_redir_neigh *params, int plen, u64 flags)", + "void *bpf_per_cpu_ptr(const void *percpu_ptr, u32 cpu)", + "void *bpf_this_cpu_ptr(const void *percpu_ptr)", + "long bpf_redirect_peer(u32 ifindex, u64 flags)", + "void *bpf_task_storage_get(struct bpf_map *map, struct task_struct *task, void *value, u64 flags)", + "long bpf_task_storage_delete(struct bpf_map *map, struct task_struct *task)", + "struct task_struct *bpf_get_current_task_btf(void)", + "long bpf_bprm_opts_set(struct linux_binprm *bprm, u64 flags)", + + // Helper IDs: 160..169 + "u64 bpf_ktime_get_coarse_ns(void)", + "long bpf_ima_inode_hash(struct inode *inode, void *dst, u32 size)", + "struct socket *bpf_sock_from_file(struct file *file)", + "long bpf_check_mtu(void *ctx, u32 ifindex, u32 *mtu_len, s32 len_diff, u64 flags)", + "long bpf_for_each_map_elem(struct bpf_map *map, void *callback_fn, void *callback_ctx, u64 flags)", + "long bpf_snprintf(char *str, u32 str_size, const char *fmt, u64 *data, u32 data_len)", + "long bpf_sys_bpf(u32 cmd, void *attr, u32 attr_size)", + "long bpf_btf_find_by_name_kind(char *name, int name_sz, u32 kind, int flags)", + "long bpf_sys_close(u32 fd)", + "long bpf_timer_init(struct bpf_timer *timer, struct bpf_map *map, u64 flags)", + + // Helper IDs: 170..179 + "long bpf_timer_set_callback(struct bpf_timer *timer, void *callback_fn)", + "long bpf_timer_start(struct bpf_timer *timer, u64 nsecs, u64 flags)", + "long bpf_timer_cancel(struct bpf_timer *timer)", + "u64 bpf_get_func_ip(void *ctx)", + "u64 bpf_get_attach_cookie(void *ctx)", + "long bpf_task_pt_regs(struct task_struct *task)", + "long bpf_get_branch_snapshot(void *entries, u32 size, u64 flags)", + "long bpf_trace_vprintk(const char *fmt, u32 fmt_size, const void *data, u32 data_len)", + "struct unix_sock *bpf_skc_to_unix_sock(void *sk)", + "long bpf_kallsyms_lookup_name(const char *name, int name_sz, int flags, u64 *res)", + + // Helper IDs: 180..189 + "long bpf_find_vma(struct task_struct *task, u64 addr, void *callback_fn, void *callback_ctx, u64 flags)", + "long bpf_loop(u32 nr_loops, void *callback_fn, void *callback_ctx, u64 flags)", + "long bpf_strncmp(const char *s1, u32 s1_sz, const char *s2)", + "long bpf_get_func_arg(void *ctx, u32 n, u64 *value)", + "long bpf_get_func_ret(void *ctx, u64 *value)", + "long bpf_get_func_arg_cnt(void *ctx)", + "int bpf_get_retval(void)", + "int bpf_set_retval(int retval)", + "u64 bpf_xdp_get_buff_len(struct xdp_buff *xdp_md)", + "long bpf_xdp_load_bytes(struct xdp_buff *xdp_md, u32 offset, void *buf, u32 len)", + + // Helper IDs: 190..199 + "long bpf_xdp_store_bytes(struct xdp_buff *xdp_md, u32 offset, void *buf, u32 len)", + "long bpf_copy_from_user_task(void *dst, u32 size, const void *user_ptr, struct task_struct *tsk, u64 flags)", + "long bpf_skb_set_tstamp(struct sk_buff *skb, u64 tstamp, u32 tstamp_type)", + "long bpf_ima_file_hash(struct file *file, void *dst, u32 size)", + "void *bpf_kptr_xchg(void *map_value, void *ptr)", + "void *bpf_map_lookup_percpu_elem(struct bpf_map *map, const void *key, u32 cpu)", + "struct mptcp_sock *bpf_skc_to_mptcp_sock(void *sk)", + "long bpf_dynptr_from_mem(void *data, u32 size, u64 flags, struct bpf_dynptr *ptr)", + "long bpf_ringbuf_reserve_dynptr(void *ringbuf, u32 size, u64 flags, struct bpf_dynptr *ptr)", + "void bpf_ringbuf_submit_dynptr(struct bpf_dynptr *ptr, u64 flags)", + + // Helper IDs: 200..209 + "void bpf_ringbuf_discard_dynptr(struct bpf_dynptr *ptr, u64 flags)", + "long bpf_dynptr_read(void *dst, u32 len, const struct bpf_dynptr *src, u32 offset, u64 flags)", + "long bpf_dynptr_write(const struct bpf_dynptr *dst, u32 offset, void *src, u32 len, u64 flags)", + "void *bpf_dynptr_data(const struct bpf_dynptr *ptr, u32 offset, u32 len)", + "s64 bpf_tcp_raw_gen_syncookie_ipv4(struct iphdr *iph, struct tcphdr *th, u32 th_len)", + "s64 bpf_tcp_raw_gen_syncookie_ipv6(struct ipv6hdr *iph, struct tcphdr *th, u32 th_len)", + "long bpf_tcp_raw_check_syncookie_ipv4(struct iphdr *iph, struct tcphdr *th)", + "long bpf_tcp_raw_check_syncookie_ipv6(struct ipv6hdr *iph, struct tcphdr *th)", + "u64 bpf_ktime_get_tai_ns(void)", + "long bpf_user_ringbuf_drain(struct bpf_map *map, void *callback_fn, void *ctx, u64 flags)", + + // Helper IDs: 210.. + "void *bpf_cgrp_storage_get(struct bpf_map *map, struct cgroup *cgroup, void *value, u64 flags)", + "long bpf_cgrp_storage_delete(struct bpf_map *map, struct cgroup *cgroup)" + }; + + private DataTypeManager dtm; + private FunctionDefinition[] helperFunctionDefs; + + private eBPFHelperDataTypes(DataTypeManager dtm, FunctionDefinition[] helperFunctionDefs) { + this.dtm = dtm; + this.helperFunctionDefs = helperFunctionDefs; + } + + @Override + public void close() throws IOException { + helperFunctionDefs = null; + dtm.close(); + } + + /** + * Get eBPF helper function definition for the specified ID. + * + * @param id helper function ID + * @return eBPF helper function definition or null + */ + FunctionDefinition getHelperFunctionDef(int id) { + if (id >= 0 && id < helperFunctionDefs.length) { + return helperFunctionDefs[id]; + } + return null; + } + + /******************* + * Static Methods + *******************/ + + /** + * Get the BPF helper datatypes which has been populated with helper function + * definitions and related dependency datatypes. All structure dependencies are defined + * as empty structures. In addition, the big-endian typedefs {@code __be16} and + * {@code __be32} will be prepopulated within the program's datatype manager with + * big-endian default setting enabled. + * + * @param program target program + * @param log analysis message log + * @return BPF helper datatype or null if failed to initialize. + */ + static synchronized eBPFHelperDataTypes get(Program program, MessageLog log) { + + boolean previouslyParsed = TransientProgramProperties.hasProperty(program, + EBPF_DATATYPE_MGR_PROPERTY_KEY); + eBPFHelperDataTypes instance = TransientProgramProperties.getProperty(program, + EBPF_DATATYPE_MGR_PROPERTY_KEY, SCOPE.ANALYSIS_SESSION, eBPFHelperDataTypes.class, + () -> parseHelpFunctionDefs(program)); + if (instance == null && !previouslyParsed) { + log.appendMsg("Failed to parse eBPF helper function definitions (see log for details)"); + } + return instance; + } + + private static eBPFHelperDataTypes parseHelpFunctionDefs(Program program) { + + FunctionDefinition[] helperFunctionDefs = new FunctionDefinition[bpfHelperSignatures.length]; + + DataType be16; + DataType be32; + + boolean success = false; + DataTypeManager dtm = new StandAloneDataTypeManager("BPF", DataOrganizationImpl.getDefaultOrganization()); + int txId = dtm.startTransaction("Parse Types"); + try { + + // Populate typedef dependencies (based upon eBPF.cspec and little-endian) + dtm.addDataType(new TypedefDataType("u8", UnsignedCharDataType.dataType), null); + dtm.addDataType(new TypedefDataType("u16", UnsignedShortDataType.dataType), null); + dtm.addDataType(new TypedefDataType("u32", UnsignedIntegerDataType.dataType), null); + dtm.addDataType(new TypedefDataType("s32", IntegerDataType.dataType), null); + dtm.addDataType(new TypedefDataType("u64", UnsignedLongDataType.dataType), null); + dtm.addDataType(new TypedefDataType("s64", LongDataType.dataType), null); + dtm.addDataType(new TypedefDataType("__wsum", IntegerDataType.dataType), null); + dtm.addDataType(new TypedefDataType("__sum16", ShortDataType.dataType), null); + dtm.addDataType(new TypedefDataType("size_t", UnsignedLongDataType.dataType), null); + + // Define big-endian typedefs - limited support within little-endian program + be16 = dtm.addDataType(new TypedefDataType("__be16", UnsignedShortDataType.dataType), null); + be32 = dtm.addDataType(new TypedefDataType("__be32", UnsignedIntegerDataType.dataType), null); + + CParser parser = new CParser(dtm, true, null); + try { + int id = 0; + for (String def : bpfHelperSignatures) { + helperFunctionDefs[id++] = def != null ? + (FunctionDefinition) parser.parse(def + ";") : null; + } + } + catch (ParseException e) { + Msg.error(eBPFHelperDataTypes.class, "eBPF datatype parse error: " + + e.getMessage() + "\n\n" + parser.getParseMessages()); + return null; + } + + success = true; + } + finally { + dtm.endTransaction(txId, true); + if (!success) { + dtm.close(); + } + } + + // Add big-endian datatypes to program and set default setting. + // This is done since endian settings do not carry through resolve + program.withTransaction("Add BPF big-endian typedefs", () -> { + ProgramBasedDataTypeManager programDtm = program.getDataTypeManager(); + setBigEndianFormat(programDtm.addDataType(be16, null)); + setBigEndianFormat(programDtm.addDataType(be32, null)); + }); + + return new eBPFHelperDataTypes(dtm, helperFunctionDefs); + } + + private static void setBigEndianFormat(DataType beDt) { + Settings defaultSettings = beDt.getDefaultSettings(); + EndianSettingsDefinition.DEF.setBigEndian(defaultSettings, true); + } + +} diff --git a/Ghidra/Processors/eBPF/src/main/java/ghidra/app/plugin/core/analysis/eBPFSyscallAnalyzer.java b/Ghidra/Processors/eBPF/src/main/java/ghidra/app/plugin/core/analysis/eBPFSyscallAnalyzer.java new file mode 100644 index 0000000000..71dbc10fd2 --- /dev/null +++ b/Ghidra/Processors/eBPF/src/main/java/ghidra/app/plugin/core/analysis/eBPFSyscallAnalyzer.java @@ -0,0 +1,106 @@ +/* ### + * IP: GHIDRA + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package ghidra.app.plugin.core.analysis; + +import ghidra.app.cmd.function.ApplyFunctionSignatureCmd; +import ghidra.app.services.*; +import ghidra.app.util.importer.MessageLog; +import ghidra.program.model.address.AddressSetView; +import ghidra.program.model.address.AddressSpace; +import ghidra.program.model.data.FunctionDefinition; +import ghidra.program.model.listing.*; +import ghidra.program.model.symbol.SourceType; +import ghidra.util.exception.*; +import ghidra.util.task.TaskMonitor; + +public class eBPFSyscallAnalyzer extends AbstractAnalyzer { + + private final static String PROCESSOR_NAME = "eBPF"; + private final static String SYSCALL_ADDRSPACE_NAME = "syscall"; + + private final static String NAME = "eBPF Syscall Functions"; + private final static String DESCRIPTION = "Apply eBPF syscall Functions"; + + public eBPFSyscallAnalyzer() { + super(NAME, DESCRIPTION, AnalyzerType.FUNCTION_ANALYZER); + setPriority(AnalysisPriority.FUNCTION_ID_ANALYSIS.before()); + setDefaultEnablement(true); + } + + @Override + public boolean canAnalyze(Program program) { + return PROCESSOR_NAME.equals(program.getLanguage().getProcessor().toString()); + } + + /** + * Following the creation of a function this analyzer applies a function signature to default + * function if contains within the syscall space. + * @throws CancelledException if analysis is cancelled + */ + @Override + public boolean added(Program program, AddressSetView set, TaskMonitor monitor, MessageLog log) + throws CancelledException { + + AddressSpace syscallSpace = program.getAddressFactory().getAddressSpace(SYSCALL_ADDRSPACE_NAME); + + AddressSetView syscallSet = set.intersectRange(syscallSpace.getMinAddress(), syscallSpace.getMaxAddress()); + if (syscallSet.isEmpty()) { + return true; + } + + // Clear disassembly errors within syscall space + BookmarkManager bookmarkMgr = program.getBookmarkManager(); + bookmarkMgr.removeBookmarks(syscallSet, BookmarkType.ERROR, monitor); + + eBPFHelperDataTypes helperDataTypes = eBPFHelperDataTypes.get(program, log); + if (helperDataTypes == null) { + return false; + } + + for (Function f : program.getFunctionManager().getFunctions(syscallSet, true)) { + monitor.checkCancelled(); + if (f.getSymbol().getSource() != SourceType.DEFAULT) { + continue; + } + applySyscallSignature(f, helperDataTypes); + } + return true; + } + + private void applySyscallSignature(Function func, eBPFHelperDataTypes helperDataTypes) { + + Program program = func.getProgram(); + + int helperId = (int) func.getEntryPoint().getOffset(); + + FunctionDefinition helperDef = helperDataTypes.getHelperFunctionDef(helperId); + + if (helperDef == null) { + try { + func.setName("bpf_undef_0x" + Integer.toHexString(helperId), SourceType.ANALYSIS); + } + catch (DuplicateNameException | InvalidInputException e) { + // ignore + } + } + else { + ApplyFunctionSignatureCmd cmd = new ApplyFunctionSignatureCmd(func.getEntryPoint(), helperDef, SourceType.ANALYSIS); + cmd.applyTo(program); + } + + + } +} diff --git a/Ghidra/Processors/eBPF/src/main/java/ghidra/app/util/bin/format/elf/relocation/eBPF_ElfRelocationHandler.java b/Ghidra/Processors/eBPF/src/main/java/ghidra/app/util/bin/format/elf/relocation/eBPF_ElfRelocationHandler.java index ece40995c6..629820fcf4 100644 --- a/Ghidra/Processors/eBPF/src/main/java/ghidra/app/util/bin/format/elf/relocation/eBPF_ElfRelocationHandler.java +++ b/Ghidra/Processors/eBPF/src/main/java/ghidra/app/util/bin/format/elf/relocation/eBPF_ElfRelocationHandler.java @@ -53,12 +53,12 @@ public class eBPF_ElfRelocationHandler return RelocationResult.SKIPPED; } - int symbolIndex = relocation.getSymbolIndex(); - long new_value = 0; - int byteLength = 8; + long new_value; + int byteLength; switch (type) { case R_BPF_64_64: { + byteLength = 12; new_value = symbolAddr.getAddressableWordOffset(); Byte dst = memory.getByte(relocationAddress.add(0x1)); memory.setLong(relocationAddress.add(0x4), new_value); @@ -66,7 +66,8 @@ public class eBPF_ElfRelocationHandler break; } case R_BPF_64_32: { - + byteLength = 8; + // if we have, e.g, non-static function, it will be marked in the relocation table // and indexed in the symbol table and it's easy to calculate the pc-relative offset long instr_next = relocationAddress.add(0x8).getAddressableWordOffset(); @@ -92,14 +93,24 @@ public class eBPF_ElfRelocationHandler int offset = (int) (func_addr - instr_next); memory.setInt(relocationAddress.add(0x4), offset); } +// else { +// markAsUnhandled(program, relocationAddress, type, relocation.getSymbolIndex(), +// symbolName, elfRelocationContext.getLog()); +// return RelocationResult.UNSUPPORTED; +// } } +// else { +// markAsUnhandled(program, relocationAddress, type, relocation.getSymbolIndex(), +// symbolName, elfRelocationContext.getLog()); +// return RelocationResult.UNSUPPORTED; +// } break; } default: { - if (symbolIndex == 0) { - markAsWarning(program, relocationAddress, type, symbolName, symbolIndex, - "applied relocation with symbol-index of 0", elfRelocationContext.getLog()); - } +// TODO: it may be appropriate to bookmark unsupported relocations +// Relocation treatment for .BTF sections may differ +// markAsUnhandled(program, relocationAddress, type, relocation.getSymbolIndex(), +// symbolName, elfRelocationContext.getLog()); return RelocationResult.UNSUPPORTED; } }