summaryrefslogtreecommitdiff
path: root/bpf_comp.c
diff options
context:
space:
mode:
authorDaniel Borkmann <dborkman@redhat.com>2013-05-27 12:08:38 +0200
committerDaniel Borkmann <dborkman@redhat.com>2013-05-27 12:12:15 +0200
commit9085c6a5d166186d95f3bca16436e58abe9127b4 (patch)
tree626931438eb0f42c4af5f200b4288a64feb4c8c0 /bpf_comp.c
parente29522d56811b780fa9a8244dcbbd38f77274aa4 (diff)
bpf: add minimal BPF JIT emitted image disassembler
This is a minimal stand-alone user space helper, that allows for debugging or verification of emitted BPF JIT images. This is in particular useful for emitted opcode debugging, since minor bugs in the JIT compiler can be fatal. The disassembler is architecture generic and uses libopcodes and libbfd. How to get to the disassembly, example: 1) `echo 2 > /proc/sys/net/core/bpf_jit_enable` 2) Load a BPF filter (e.g. `tcpdump -p -n -s 0 -i eth1 host 192.168.20.0/24`) 3) Run e.g. `bpf_jit_disasm -o` to disassemble the most recent JIT code output `bpf_jit_disasm -o` will display the related opcodes to a particular instruction as well. Example for x86_64: $./bpf_jit_disasm 94 bytes emitted from JIT compiler (pass:3, flen:9) ffffffffa0356000 + <x>: 0: push %rbp 1: mov %rsp,%rbp 4: sub $0x60,%rsp 8: mov %rbx,-0x8(%rbp) c: mov 0x68(%rdi),%r9d 10: sub 0x6c(%rdi),%r9d 14: mov 0xe0(%rdi),%r8 1b: mov $0xc,%esi 20: callq 0xffffffffe0d01b71 25: cmp $0x86dd,%eax 2a: jne 0x000000000000003d 2c: mov $0x14,%esi 31: callq 0xffffffffe0d01b8d 36: cmp $0x6,%eax [...] 5c: leaveq 5d: retq $ ./bpf_jit_disasm -o 94 bytes emitted from JIT compiler (pass:3, flen:9) ffffffffa0356000 + <x>: 0: push %rbp 55 1: mov %rsp,%rbp 48 89 e5 4: sub $0x60,%rsp 48 83 ec 60 8: mov %rbx,-0x8(%rbp) 48 89 5d f8 c: mov 0x68(%rdi),%r9d 44 8b 4f 68 10: sub 0x6c(%rdi),%r9d 44 2b 4f 6c [...] 5c: leaveq c9 5d: retq c3 Note that this is also part of the Linux kernel source tree under tools/net/. We also keep a copy of it here, since it is quite useful in conjunction with bpfc for debugging purposes. However, we do not integrate this small helper into the main build process. People who care to have this need to compile it on their own which is not a big deal. Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Diffstat (limited to 'bpf_comp.c')
0 files changed, 0 insertions, 0 deletions