extern crate goblin;
extern crate scroll;
use crate::{
ebpf,
error::{EbpfError, UserDefinedError},
jit::JitProgram,
vm::{Config, Executable, InstructionMeter, SyscallRegistry},
};
use byteorder::{ByteOrder, LittleEndian};
use goblin::{
elf::{header::*, reloc::*, section_header::*, Elf},
error::Error as GoblinError,
};
use std::{collections::HashMap, fmt::Debug, mem, ops::Range, str};
#[derive(Debug, thiserror::Error, PartialEq, Eq)]
pub enum ElfError {
#[error("Failed to parse ELF file: {0}")]
FailedToParse(String),
#[error("Entrypoint out of bounds")]
EntrypointOutOfBounds,
#[error("Invaid entrypoint")]
InvalidEntrypoint,
#[error("Failed to get section {0}")]
FailedToGetSection(String),
#[error("Unresolved symbol ({0}) at instruction #{1:?} (ELF file offset {2:#x})")]
UnresolvedSymbol(String, usize, usize),
#[error("Section not found: {0}")]
SectionNotFound(String),
#[error("Relative jump out of bounds at instruction #{0}")]
RelativeJumpOutOfBounds(usize),
#[error("Relocation hash collision while encoding instruction #{0}")]
RelocationHashCollision(usize),
#[error("Incompatible ELF: wrong endianess")]
WrongEndianess,
#[error("Incompatible ELF: wrong ABI")]
WrongAbi,
#[error("Incompatible ELF: wrong machine")]
WrongMachine,
#[error("Incompatible ELF: wrong class")]
WrongClass,
#[error("Multiple text sections, consider removing llc option: -function-sections")]
MultipleTextSections,
#[error(".bss section not supported")]
BssNotSupported,
#[error("Relocation failed, no loadable section contains virtual address {0:#x}")]
AddressOutsideLoadableSection(u64),
#[error("Relocation failed, invalid referenced virtual address {0:#x}")]
InvalidVirtualAddress(u64),
#[error("Relocation failed, unknown type {0:?}")]
UnknownRelocation(u32),
#[error("Failed to read relocation info")]
FailedToReadRelocationInfo,
#[error("Incompatible ELF: wrong type")]
WrongType,
#[error("Unknown symbol with index {0}")]
UnknownSymbol(usize),
#[error("Offset or value is out of bounds")]
OutOfBounds,
}
impl From<GoblinError> for ElfError {
fn from(error: GoblinError) -> Self {
match error {
GoblinError::Malformed(string) => Self::FailedToParse(format!("malformed: {}", string)),
GoblinError::BadMagic(magic) => Self::FailedToParse(format!("bad magic: {:#x}", magic)),
GoblinError::Scroll(error) => Self::FailedToParse(format!("read-write: {}", error)),
GoblinError::IO(error) => Self::FailedToParse(format!("io: {}", error)),
}
}
}
impl<E: UserDefinedError> From<GoblinError> for EbpfError<E> {
fn from(error: GoblinError) -> Self {
ElfError::from(error).into()
}
}
const BYTE_OFFSET_IMMEDIATE: usize = 4;
const BYTE_LENGTH_IMMEIDATE: usize = 4;
#[allow(non_camel_case_types)]
#[derive(Debug, PartialEq, Copy, Clone)]
enum BpfRelocationType {
R_Bpf_None = 0,
R_Bpf_64_Relative = 8,
R_Bpf_64_32 = 10,
}
impl BpfRelocationType {
fn from_x86_relocation_type(from: u32) -> Option<BpfRelocationType> {
match from {
R_X86_64_NONE => Some(BpfRelocationType::R_Bpf_None),
R_X86_64_RELATIVE => Some(BpfRelocationType::R_Bpf_64_Relative),
R_X86_64_32 => Some(BpfRelocationType::R_Bpf_64_32),
_ => None,
}
}
}
#[derive(Debug, PartialEq)]
struct SectionInfo {
vaddr: u64,
offset_range: Range<usize>,
}
#[derive(Debug, PartialEq)]
pub struct EBpfElf<E: UserDefinedError, I: InstructionMeter> {
config: Config,
elf_bytes: Vec<u8>,
entrypoint: usize,
text_section_info: SectionInfo,
ro_section_infos: Vec<SectionInfo>,
calls: HashMap<u32, usize>,
syscall_registry: SyscallRegistry,
compiled_program: Option<JitProgram<E, I>>,
}
impl<E: UserDefinedError, I: InstructionMeter> Executable<E, I> for EBpfElf<E, I> {
fn get_config(&self) -> &Config {
&self.config
}
fn get_text_bytes(&self) -> Result<(u64, &[u8]), EbpfError<E>> {
Ok((
self.text_section_info.vaddr,
&self
.elf_bytes
.get(self.text_section_info.offset_range.clone())
.ok_or(ElfError::OutOfBounds)?,
))
}
fn get_ro_sections(&self) -> Result<Vec<(u64, &[u8])>, EbpfError<E>> {
self.ro_section_infos
.iter()
.map(|section_info| {
Ok((
section_info.vaddr,
self.elf_bytes
.get(section_info.offset_range.clone())
.ok_or(ElfError::OutOfBounds)?,
))
})
.collect::<Result<Vec<_>, EbpfError<E>>>()
}
fn get_entrypoint_instruction_offset(&self) -> Result<usize, EbpfError<E>> {
Ok(self.entrypoint)
}
fn register_bpf_function(&mut self, hash: u32, pc: usize) {
self.calls.insert(hash, pc);
}
fn lookup_bpf_function(&self, hash: u32) -> Option<&usize> {
self.calls.get(&hash)
}
fn get_syscall_registry(&self) -> &SyscallRegistry {
&self.syscall_registry
}
fn set_syscall_registry(&mut self, syscall_registry: SyscallRegistry) {
self.syscall_registry = syscall_registry;
}
fn get_compiled_program(&self) -> Option<&JitProgram<E, I>> {
self.compiled_program.as_ref()
}
fn jit_compile(&mut self) -> Result<(), EbpfError<E>> {
self.compiled_program = Some(JitProgram::<E, I>::new(self)?);
Ok(())
}
fn report_unresolved_symbol(&self, insn_offset: usize) -> Result<u64, EbpfError<E>> {
let file_offset = insn_offset
.saturating_mul(ebpf::INSN_SIZE)
.saturating_add(self.text_section_info.offset_range.start as usize);
let mut name = "Unknown";
if let Ok(elf) = Elf::parse(&self.elf_bytes) {
for relocation in &elf.dynrels {
if let Some(BpfRelocationType::R_Bpf_64_32) =
BpfRelocationType::from_x86_relocation_type(relocation.r_type)
{
if relocation.r_offset as usize == file_offset {
let sym = elf
.dynsyms
.get(relocation.r_sym)
.ok_or(ElfError::UnknownSymbol(relocation.r_sym))?;
name = elf
.dynstrtab
.get(sym.st_name)
.ok_or(ElfError::UnknownSymbol(sym.st_name))?
.map_err(|_| ElfError::UnknownSymbol(sym.st_name))?;
}
}
}
}
Err(ElfError::UnresolvedSymbol(
name.to_string(),
file_offset / ebpf::INSN_SIZE + ebpf::ELF_INSN_DUMP_OFFSET,
file_offset,
)
.into())
}
fn get_symbols(&self) -> (HashMap<u32, String>, HashMap<usize, (String, usize)>) {
let mut syscalls = HashMap::new();
let mut bpf_functions = HashMap::new();
if let Ok(elf) = Elf::parse(&self.elf_bytes) {
for symbol in &elf.dynsyms {
if symbol.st_info != 0x10 {
continue;
}
let name = elf.dynstrtab.get(symbol.st_name).unwrap().unwrap();
let hash = ebpf::hash_symbol_name(&name.as_bytes());
syscalls.insert(hash, name.to_string());
}
for symbol in &elf.syms {
if symbol.st_info & 0xEF != 0x02 {
continue;
}
let name = elf.strtab.get(symbol.st_name).unwrap().unwrap();
bpf_functions.insert(
symbol.st_value as usize / ebpf::INSN_SIZE - ebpf::ELF_INSN_DUMP_OFFSET,
(name.to_string(), symbol.st_size as usize),
);
}
}
(syscalls, bpf_functions)
}
}
impl<'a, E: UserDefinedError, I: InstructionMeter> EBpfElf<E, I> {
pub fn new_from_text_bytes(config: Config, text_bytes: &[u8]) -> Self {
Self {
config,
elf_bytes: text_bytes.to_vec(),
entrypoint: 0,
text_section_info: SectionInfo {
vaddr: ebpf::MM_PROGRAM_START,
offset_range: Range {
start: 0,
end: text_bytes.len(),
},
},
ro_section_infos: vec![],
calls: HashMap::default(),
syscall_registry: SyscallRegistry::default(),
compiled_program: None,
}
}
pub fn load(config: Config, bytes: &[u8]) -> Result<Self, ElfError> {
let elf = Elf::parse(bytes)?;
let mut elf_bytes = bytes.to_vec();
Self::validate(&elf, &elf_bytes)?;
let mut calls = HashMap::default();
Self::relocate(&elf, &mut elf_bytes, &mut calls)?;
let text_section = Self::get_section(&elf, ".text")?;
let offset = elf.header.e_entry - text_section.sh_addr;
if offset % ebpf::INSN_SIZE as u64 != 0 {
return Err(ElfError::InvalidEntrypoint);
}
let entrypoint = offset as usize / ebpf::INSN_SIZE;
let text_section_info = SectionInfo {
vaddr: text_section.sh_addr.saturating_add(ebpf::MM_PROGRAM_START),
offset_range: text_section.file_range(),
};
let ro_section_infos = elf
.section_headers
.iter()
.filter_map(|section_header| {
if let Some(Ok(this_name)) = elf.shdr_strtab.get(section_header.sh_name) {
if this_name == ".rodata"
|| this_name == ".data.rel.ro"
|| this_name == ".eh_frame"
{
return Some(SectionInfo {
vaddr: section_header
.sh_addr
.saturating_add(ebpf::MM_PROGRAM_START),
offset_range: section_header.file_range(),
});
}
}
None
})
.collect();
Ok(Self {
config,
elf_bytes,
entrypoint,
text_section_info,
ro_section_infos,
calls,
syscall_registry: SyscallRegistry::default(),
compiled_program: None,
})
}
pub fn fixup_relative_calls(
calls: &mut HashMap<u32, usize>,
elf_bytes: &mut [u8],
) -> Result<(), ElfError> {
for i in 0..elf_bytes.len() / ebpf::INSN_SIZE {
let mut insn = ebpf::get_insn(elf_bytes, i);
if insn.opc == 0x85 && insn.imm != -1 {
let insn_idx = i as isize + 1 + insn.imm as isize;
if insn_idx < 0 || insn_idx >= (elf_bytes.len() / ebpf::INSN_SIZE) as isize {
return Err(ElfError::RelativeJumpOutOfBounds(
i + ebpf::ELF_INSN_DUMP_OFFSET,
));
}
let mut key = [0u8; mem::size_of::<i64>()];
LittleEndian::write_u64(&mut key, i as u64);
let hash = ebpf::hash_symbol_name(&key);
if calls.insert(hash, insn_idx as usize).is_some() {
return Err(ElfError::RelocationHashCollision(
i + ebpf::ELF_INSN_DUMP_OFFSET,
));
}
insn.imm = hash as i32;
let checked_slice = elf_bytes
.get_mut(i * ebpf::INSN_SIZE..(i * ebpf::INSN_SIZE) + ebpf::INSN_SIZE)
.ok_or(ElfError::OutOfBounds)?;
checked_slice.copy_from_slice(&insn.to_vec());
}
}
Ok(())
}
pub fn validate(elf: &Elf, elf_bytes: &[u8]) -> Result<(), ElfError> {
if elf.header.e_ident[EI_CLASS] != ELFCLASS64 {
return Err(ElfError::WrongClass);
}
if elf.header.e_ident[EI_DATA] != ELFDATA2LSB {
return Err(ElfError::WrongEndianess);
}
if elf.header.e_ident[EI_OSABI] != ELFOSABI_NONE {
return Err(ElfError::WrongAbi);
}
if elf.header.e_machine != EM_BPF {
return Err(ElfError::WrongMachine);
}
if elf.header.e_type != ET_DYN {
return Err(ElfError::WrongType);
}
let num_text_sections = elf.section_headers.iter().fold(0, |count, section_header| {
if let Some(Ok(this_name)) = elf.shdr_strtab.get(section_header.sh_name) {
if this_name == ".text" {
return count + 1;
}
}
count
});
if 1 != num_text_sections {
return Err(ElfError::MultipleTextSections);
}
for section_header in elf.section_headers.iter() {
if let Some(Ok(this_name)) = elf.shdr_strtab.get(section_header.sh_name) {
if this_name == ".bss" {
return Err(ElfError::BssNotSupported);
}
}
}
for section_header in &elf.section_headers {
let start = section_header.sh_offset as usize;
let end = section_header
.sh_offset
.checked_add(section_header.sh_size)
.ok_or(ElfError::OutOfBounds)? as usize;
let _ = elf_bytes.get(start..end).ok_or(ElfError::OutOfBounds)?;
}
let text_section = Self::get_section(elf, ".text")?;
if !text_section
.vm_range()
.contains(&(elf.header.e_entry as usize))
{
return Err(ElfError::EntrypointOutOfBounds);
}
Ok(())
}
fn get_section(elf: &Elf, name: &str) -> Result<SectionHeader, ElfError> {
match elf.section_headers.iter().find(|section_header| {
if let Some(Ok(this_name)) = elf.shdr_strtab.get(section_header.sh_name) {
return this_name == name;
}
false
}) {
Some(section) => Ok(section.clone()),
None => Err(ElfError::SectionNotFound(name.to_string())),
}
}
fn relocate(
elf: &Elf,
elf_bytes: &mut [u8],
calls: &mut HashMap<u32, usize>,
) -> Result<(), ElfError> {
let text_section = Self::get_section(elf, ".text")?;
Self::fixup_relative_calls(
calls,
&mut elf_bytes
.get_mut(text_section.file_range())
.ok_or(ElfError::OutOfBounds)?,
)?;
for relocation in &elf.dynrels {
let r_offset = relocation.r_offset as usize;
let imm_offset = r_offset.saturating_add(BYTE_OFFSET_IMMEDIATE);
match BpfRelocationType::from_x86_relocation_type(relocation.r_type) {
Some(BpfRelocationType::R_Bpf_64_Relative) => {
let checked_slice = elf_bytes
.get(imm_offset..imm_offset.saturating_add(BYTE_LENGTH_IMMEIDATE))
.ok_or(ElfError::OutOfBounds)?;
let refd_va = LittleEndian::read_u32(&checked_slice) as u64;
if refd_va == 0 {
return Err(ElfError::InvalidVirtualAddress(refd_va));
}
let refd_pa = ebpf::MM_PROGRAM_START.saturating_add(refd_va);
if text_section.file_range().contains(&r_offset) {
let mut checked_slice = elf_bytes
.get_mut(imm_offset..imm_offset.saturating_add(BYTE_LENGTH_IMMEIDATE))
.ok_or(ElfError::OutOfBounds)?;
LittleEndian::write_u32(&mut checked_slice, (refd_pa & 0xFFFFFFFF) as u32);
let mut checked_slice = elf_bytes
.get_mut(
imm_offset.saturating_add(ebpf::INSN_SIZE)
..imm_offset
.saturating_add(ebpf::INSN_SIZE + BYTE_LENGTH_IMMEIDATE),
)
.ok_or(ElfError::OutOfBounds)?;
LittleEndian::write_u32(&mut checked_slice, (refd_pa >> 32) as u32);
} else {
let mut checked_slice = elf_bytes
.get_mut(r_offset..r_offset.saturating_add(mem::size_of::<u64>()))
.ok_or(ElfError::OutOfBounds)?;
LittleEndian::write_u64(&mut checked_slice, refd_pa);
}
}
Some(BpfRelocationType::R_Bpf_64_32) => {
let sym = elf
.dynsyms
.get(relocation.r_sym)
.ok_or(ElfError::UnknownSymbol(relocation.r_sym))?;
let name = elf
.dynstrtab
.get(sym.st_name)
.ok_or(ElfError::UnknownSymbol(sym.st_name))?
.map_err(|_| ElfError::UnknownSymbol(sym.st_name))?;
let hash = ebpf::hash_symbol_name(&name.as_bytes());
let mut checked_slice = elf_bytes
.get_mut(imm_offset..imm_offset.saturating_add(BYTE_LENGTH_IMMEIDATE))
.ok_or(ElfError::OutOfBounds)?;
LittleEndian::write_u32(&mut checked_slice, hash);
let text_section = Self::get_section(elf, ".text")?;
if sym.is_function() && sym.st_value != 0 {
if !text_section.vm_range().contains(&(sym.st_value as usize)) {
return Err(ElfError::OutOfBounds);
}
calls.insert(
hash,
(sym.st_value - text_section.sh_addr) as usize / ebpf::INSN_SIZE,
);
}
}
_ => return Err(ElfError::UnknownRelocation(relocation.r_type)),
}
}
Ok(())
}
#[allow(dead_code)]
fn dump_data(name: &str, prog: &[u8]) {
let mut eight_bytes: Vec<u8> = Vec::new();
println!("{}", name);
for i in prog.iter() {
if eight_bytes.len() >= 7 {
println!("{:02X?}", eight_bytes);
eight_bytes.clear();
} else {
eight_bytes.push(*i);
}
}
}
}
#[cfg(test)]
mod test {
use super::*;
use crate::{
ebpf, elf::scroll::Pwrite, fuzz::fuzz, user_error::UserError, vm::DefaultInstructionMeter,
};
use rand::{distributions::Uniform, Rng};
use std::{collections::HashMap, fs::File, io::Read};
type ElfExecutable = EBpfElf<UserError, DefaultInstructionMeter>;
#[test]
fn test_validate() {
let mut file = File::open("tests/elfs/noop.so").expect("file open failed");
let mut bytes = Vec::new();
file.read_to_end(&mut bytes)
.expect("failed to read elf file");
let mut parsed_elf = Elf::parse(&bytes).unwrap();
let elf_bytes = bytes.to_vec();
ElfExecutable::validate(&parsed_elf, &elf_bytes).expect("validation failed");
parsed_elf.header.e_ident[EI_CLASS] = ELFCLASS32;
ElfExecutable::validate(&parsed_elf, &elf_bytes).expect_err("allowed bad class");
parsed_elf.header.e_ident[EI_CLASS] = ELFCLASS64;
ElfExecutable::validate(&parsed_elf, &elf_bytes).expect("validation failed");
parsed_elf.header.e_ident[EI_DATA] = ELFDATA2MSB;
ElfExecutable::validate(&parsed_elf, &elf_bytes).expect_err("allowed big endian");
parsed_elf.header.e_ident[EI_DATA] = ELFDATA2LSB;
ElfExecutable::validate(&parsed_elf, &elf_bytes).expect("validation failed");
parsed_elf.header.e_ident[EI_OSABI] = 1;
ElfExecutable::validate(&parsed_elf, &elf_bytes).expect_err("allowed wrong abi");
parsed_elf.header.e_ident[EI_OSABI] = ELFOSABI_NONE;
ElfExecutable::validate(&parsed_elf, &elf_bytes).expect("validation failed");
parsed_elf.header.e_machine = EM_QDSP6;
ElfExecutable::validate(&parsed_elf, &elf_bytes).expect_err("allowed wrong machine");
parsed_elf.header.e_machine = EM_BPF;
ElfExecutable::validate(&parsed_elf, &elf_bytes).expect("validation failed");
parsed_elf.header.e_type = ET_REL;
ElfExecutable::validate(&parsed_elf, &elf_bytes).expect_err("allowed wrong type");
parsed_elf.header.e_type = ET_DYN;
ElfExecutable::validate(&parsed_elf, &elf_bytes).expect("validation failed");
}
#[test]
fn test_load() {
let mut file = File::open("tests/elfs/noop.so").expect("file open failed");
let mut elf_bytes = Vec::new();
file.read_to_end(&mut elf_bytes)
.expect("failed to read elf file");
ElfExecutable::load(Config::default(), &elf_bytes).expect("validation failed");
}
#[test]
fn test_entrypoint() {
let mut file = File::open("tests/elfs/noop.so").expect("file open failed");
let mut elf_bytes = Vec::new();
file.read_to_end(&mut elf_bytes)
.expect("failed to read elf file");
let elf = ElfExecutable::load(Config::default(), &elf_bytes).expect("validation failed");
let mut parsed_elf = Elf::parse(&elf_bytes).unwrap();
let initial_e_entry = parsed_elf.header.e_entry;
let executable: &dyn Executable<UserError, DefaultInstructionMeter> = &elf;
assert_eq!(
0,
executable
.get_entrypoint_instruction_offset()
.expect("failed to get entrypoint")
);
parsed_elf.header.e_entry += 8;
let mut elf_bytes = elf_bytes.clone();
elf_bytes.pwrite(parsed_elf.header, 0).unwrap();
let elf = ElfExecutable::load(Config::default(), &elf_bytes).expect("validation failed");
let executable: &dyn Executable<UserError, DefaultInstructionMeter> = &elf;
assert_eq!(
1,
executable
.get_entrypoint_instruction_offset()
.expect("failed to get entrypoint")
);
parsed_elf.header.e_entry = 1;
let mut elf_bytes = elf_bytes;
elf_bytes.pwrite(parsed_elf.header, 0).unwrap();
assert_eq!(
Err(ElfError::EntrypointOutOfBounds),
ElfExecutable::load(Config::default(), &elf_bytes)
);
parsed_elf.header.e_entry = std::u64::MAX;
let mut elf_bytes = elf_bytes;
elf_bytes.pwrite(parsed_elf.header, 0).unwrap();
assert_eq!(
Err(ElfError::EntrypointOutOfBounds),
ElfExecutable::load(Config::default(), &elf_bytes)
);
parsed_elf.header.e_entry = initial_e_entry + ebpf::INSN_SIZE as u64 + 1;
let mut elf_bytes = elf_bytes;
elf_bytes.pwrite(parsed_elf.header, 0).unwrap();
assert_eq!(
Err(ElfError::InvalidEntrypoint),
ElfExecutable::load(Config::default(), &elf_bytes)
);
parsed_elf.header.e_entry = initial_e_entry;
let mut elf_bytes = elf_bytes;
elf_bytes.pwrite(parsed_elf.header, 0).unwrap();
let elf = ElfExecutable::load(Config::default(), &elf_bytes).expect("validation failed");
let executable: &dyn Executable<UserError, DefaultInstructionMeter> = &elf;
assert_eq!(
0,
executable
.get_entrypoint_instruction_offset()
.expect("failed to get entrypoint")
);
}
#[test]
fn test_fixup_relative_calls_back() {
let mut calls: HashMap<u32, usize> = HashMap::new();
#[rustfmt::skip]
let mut prog = vec![
0xb7, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xb7, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xb7, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xb7, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xb7, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x85, 0x10, 0x00, 0x00, 0xfe, 0xff, 0xff, 0xff];
ElfExecutable::fixup_relative_calls(&mut calls, &mut prog).unwrap();
let key = ebpf::hash_symbol_name(&[5, 0, 0, 0, 0, 0, 0, 0]);
let insn = ebpf::Insn {
opc: 0x85,
dst: 0,
src: 1,
off: 0,
imm: key as i32,
};
assert_eq!(insn.to_array(), prog[40..]);
assert_eq!(*calls.get(&key).unwrap(), 4);
let mut calls: HashMap<u32, usize> = HashMap::new();
prog.splice(44.., vec![0xfa, 0xff, 0xff, 0xff]);
ElfExecutable::fixup_relative_calls(&mut calls, &mut prog).unwrap();
let key = ebpf::hash_symbol_name(&[5, 0, 0, 0, 0, 0, 0, 0]);
let insn = ebpf::Insn {
opc: 0x85,
dst: 0,
src: 1,
off: 0,
imm: key as i32,
};
assert_eq!(insn.to_array(), prog[40..]);
assert_eq!(*calls.get(&key).unwrap(), 0);
}
#[test]
fn test_fixup_relative_calls_forward() {
let mut calls: HashMap<u32, usize> = HashMap::new();
#[rustfmt::skip]
let mut prog = vec![
0x85, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xb7, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xb7, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xb7, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xb7, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xb7, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00];
ElfExecutable::fixup_relative_calls(&mut calls, &mut prog).unwrap();
let key = ebpf::hash_symbol_name(&[0, 0, 0, 0, 0, 0, 0, 0]);
let insn = ebpf::Insn {
opc: 0x85,
dst: 0,
src: 1,
off: 0,
imm: key as i32,
};
assert_eq!(insn.to_array(), prog[..8]);
assert_eq!(*calls.get(&key).unwrap(), 1);
let mut calls: HashMap<u32, usize> = HashMap::new();
prog.splice(4..8, vec![0x04, 0x00, 0x00, 0x00]);
ElfExecutable::fixup_relative_calls(&mut calls, &mut prog).unwrap();
let key = ebpf::hash_symbol_name(&[0, 0, 0, 0, 0, 0, 0, 0]);
let insn = ebpf::Insn {
opc: 0x85,
dst: 0,
src: 1,
off: 0,
imm: key as i32,
};
assert_eq!(insn.to_array(), prog[..8]);
assert_eq!(*calls.get(&key).unwrap(), 5);
}
#[test]
#[should_panic(
expected = "called `Result::unwrap()` on an `Err` value: RelativeJumpOutOfBounds(29)"
)]
fn test_fixup_relative_calls_out_of_bounds_forward() {
let mut calls: HashMap<u32, usize> = HashMap::new();
#[rustfmt::skip]
let mut prog = vec![
0x85, 0x10, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00,
0xb7, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xb7, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xb7, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xb7, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xb7, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00];
ElfExecutable::fixup_relative_calls(&mut calls, &mut prog).unwrap();
let key = ebpf::hash_symbol_name(&[0]);
let insn = ebpf::Insn {
opc: 0x85,
dst: 0,
src: 1,
off: 0,
imm: key as i32,
};
assert_eq!(insn.to_array(), prog[..8]);
assert_eq!(*calls.get(&key).unwrap(), 1);
}
#[test]
#[should_panic(
expected = "called `Result::unwrap()` on an `Err` value: RelativeJumpOutOfBounds(34)"
)]
fn test_fixup_relative_calls_out_of_bounds_back() {
let mut calls: HashMap<u32, usize> = HashMap::new();
#[rustfmt::skip]
let mut prog = vec![
0xb7, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xb7, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xb7, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xb7, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0xb7, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x85, 0x10, 0x00, 0x00, 0xf9, 0xff, 0xff, 0xff];
ElfExecutable::fixup_relative_calls(&mut calls, &mut prog).unwrap();
let key = ebpf::hash_symbol_name(&[5]);
let insn = ebpf::Insn {
opc: 0x85,
dst: 0,
src: 1,
off: 0,
imm: key as i32,
};
assert_eq!(insn.to_array(), prog[40..]);
assert_eq!(*calls.get(&key).unwrap(), 4);
}
#[test]
#[ignore]
fn test_fuzz_load() {
let mut rng = rand::thread_rng();
let range = Uniform::new(0, 255);
println!("random bytes");
for _ in 0..1_000 {
let elf_bytes: Vec<u8> = (0..100).map(|_| rng.sample(&range)).collect();
let _ = ElfExecutable::load(Config::default(), &elf_bytes);
}
let mut file = File::open("tests/elfs/noop.so").expect("file open failed");
let mut elf_bytes = Vec::new();
file.read_to_end(&mut elf_bytes)
.expect("failed to read elf file");
let parsed_elf = Elf::parse(&elf_bytes).unwrap();
println!("mangle elf header");
fuzz(
&elf_bytes,
1_000_000,
100,
0..parsed_elf.header.e_ehsize as usize,
0..255,
|bytes: &mut [u8]| {
let _ = ElfExecutable::load(Config::default(), bytes);
},
);
println!("mangle section headers");
fuzz(
&elf_bytes,
1_000_000,
100,
parsed_elf.header.e_shoff as usize..elf_bytes.len(),
0..255,
|bytes: &mut [u8]| {
let _ = ElfExecutable::load(Config::default(), bytes);
},
);
println!("mangle whole elf");
fuzz(
&elf_bytes,
1_000_000,
100,
0..elf_bytes.len(),
0..255,
|bytes: &mut [u8]| {
let _ = ElfExecutable::load(Config::default(), bytes);
},
);
}
}