Support ARCH_X86_64 in asm

Author: david942j

.codeclimate.yml

@@ -6,9 +6,11 @@ plugins:
     exclude_paths:
     - spec/
 checks:
-  method-lines:
+  file-lines:
     enabled: false
   method-count:
     enabled: false
+  method-complexity:
+    enabled: false
 exclude_patterns:
 - spec/

README.md

@@ -167,7 +167,7 @@ $ seccomp-tools asm
 $ cat spec/data/libseccomp.asm
 # # check if arch is X86_64
 # A = arch
-# A == 0xc000003e ? next : dead
+# A == ARCH_X86_64 ? next : dead
 # A = sys_number
 # A >= 0x40000000 ? dead : next
 # A == write ? ok : next

lib/seccomp-tools/asm/compiler.rb

@@ -42,7 +42,6 @@ def process(line)
         else
           @insts << res
         end
-        res
       end
 
       # @return [Array<SeccompTools::BPF>]
@@ -84,11 +83,10 @@ def emit(*args, k: 0, jt: 0, jf: 0)
       # mem[i] = <A|X>
       def compile_assign(dst, src)
         # misc txa / tax
-        return emit(:misc, :txa) if dst == :a && src == :x
-        return emit(:misc, :tax) if dst == :x && src == :a
-        src = evaluate(src)
+        return compile_assign_misc(dst, src) if (dst == :a && src == :x) || (dst == :x && src == :a)
         # case of st / stx
-        return emit(src == :x ? :stx : :st, k: dst.last) if dst[0] == :mem
+        return emit(src == :x ? :stx : :st, k: dst.last) if dst.is_a?(Array) && dst.first == :mem
+        src = evaluate(src)
         ld = dst == :x ? :ldx : :ld
         # <A|X> = <immi>
         return emit(ld, :imm, k: src) if src.is_a?(Integer)
@@ -99,6 +97,10 @@ def compile_assign(dst, src)
         emit(ld, :abs, k: src.last)
       end
 
+      def compile_assign_misc(dst, _src)
+        emit(:misc, dst == :a ? :txa : :tax)
+      end
+
       def compile_alu(op, val)
         val = evaluate(val)
         src = val == :x ? :x : :k
@@ -138,13 +140,17 @@ def evaluate(val)
               when 'arch' then [:data, 4]
               else val
               end
-        return Const::Syscall.const_get(@arch.upcase.to_sym)[val.to_sym] if val.is_a?(String)
+        return eval_constants(val) if val.is_a?(String)
         # remains are [:mem/:data/:args, <num>]
         # first convert args to data
         val = [:data, val.last * 8 + 16] if val.first == :args
         val
       end
 
+      def eval_constants(str)
+        Const::Syscall.const_get(@arch.upcase.to_sym)[str.to_sym] || Const::Audit::ARCH[str]
+      end
+
       attr_reader :token
 
       # A <comparison> <sys_str|X|Integer> ? <label|Integer> : <label|Integer>

lib/seccomp-tools/asm/tokenizer.rb

@@ -40,7 +40,7 @@ def fetch!(type)
         res = case type
               when String then fetch_str(type) || raise_expected("token #{type.inspect}")
               when :comparison then fetch_strs(COMPARISON).to_sym || raise_expected('a comparison operator')
-              when :sys_num_x then fetch_sys_num_x || raise_expected("a syscall number or 'X'")
+              when :sys_num_x then fetch_sys_num_arch_x || raise_expected("a syscall number or 'X'")
               when :goto then fetch_number || fetch_label || raise_expected('a number or label name')
               when :ret then fetch_return || raise(ArgumentError, <<-EOS)
 Invalid return type: #{cur.inspect}.
@@ -74,9 +74,9 @@ def fetch_ax
         nil
       end
 
-      def fetch_sys_num_x
+      def fetch_sys_num_arch_x
         return :x if fetch_str('X')
-        fetch_number || fetch_syscall
+        fetch_number || fetch_syscall || fetch_arch
       end
 
       # Currently only supports 10-based decimal numbers.
@@ -92,6 +92,10 @@ def fetch_syscall
         fetch_strs(sys.keys.map(&:to_s).sort_by(&:size).reverse)
       end
 
+      def fetch_arch
+        fetch_strs(Const::Audit::ARCH.keys)
+      end
+
       def fetch_regexp(regexp)
         idx = cur =~ regexp
         return nil if idx.nil? || idx != 0

lib/seccomp-tools/cli/emu.rb

@@ -44,7 +44,6 @@ def handle
         return CLI.show(parser.help) if option[:ifile].nil?
         raw = input
         insts = SeccompTools::Disasm.to_bpf(raw, option[:arch]).map(&:inst)
-        disasm = SeccompTools::Disasm.disasm(raw, arch: option[:arch])
         sys, *args = argv
         sys = Integer(sys) if sys
         args.map! { |v| Integer(v) }
@@ -54,26 +53,36 @@ def handle
         end
 
         if option[:verbose] >= 1
-          disasm = disasm.lines
-          output { disasm.shift }
-          output { disasm.shift }
-          disasm.each_with_index do |line, idx|
-            output do
-              next line if trace.member?(idx)
-              Util.colorize(line, t: :gray)
-            end
-            # Too much remain, omit them.
-            rem = disasm.size - idx - 1
-            break output { Util.colorize("... (omitting #{rem} lines)\n", t: :gray) } if rem > 3 && idx > res[:pc] + 4
-          end
-          output { "\n" }
+          disasm = SeccompTools::Disasm.disasm(raw, arch: option[:arch]).lines
+          output_emulate_path(disasm, trace, res)
         end
         output do
           ret_type = Const::BPF::ACTION.invert[res[:ret] & 0x7fff0000]
           errno = ret_type == :ERRNO ? "(#{res[:ret] & 0xffff})" : ''
           format("return %s%s at line %04d\n", ret_type, errno, res[:pc])
         end
       end
+
+      private
+
+      # output the path during emulation
+      # @param [Array<String>] disasm
+      # @param [Set] trace
+      # @param [{Symbol => Object}] result
+      def output_emulate_path(disasm, trace, result)
+        output { disasm.shift }
+        output { disasm.shift }
+        disasm.each_with_index do |line, idx|
+          output do
+            next line if trace.member?(idx)
+            Util.colorize(line, t: :gray)
+          end
+          # Too much remain, omit them.
+          rem = disasm.size - idx - 1
+          break output { Util.colorize("... (omitting #{rem} lines)\n", t: :gray) } if rem > 3 && idx > result[:pc] + 4
+        end
+        output { "\n" }
+      end
     end
   end
 end

lib/seccomp-tools/instruction/jmp.rb

@@ -9,14 +9,13 @@ class JMP < Base
       def decompile
         return goto(k) if jop == :none
         # if jt == 0 && jf == 0 => no-op # should not happen
-        # jt == 0 => if(!) goto jf
+        # jt == 0 => if(!) goto jf;
         # jf == 0 => if() goto jt;
         # otherwise => if () goto jt; else goto jf;
         return '/* no-op */' if jt.zero? && jf.zero?
         return goto(jt) if jt == jf
-        return if_str + goto(jt) + ' else ' + goto(jf) unless jt.zero? || jf.zero?
-        return if_str + goto(jt) if jf.zero?
-        if_str(true) + goto(jf)
+        return if_str(true) + goto(jf) if jt.zero?
+        if_str + goto(jt) + (jf.zero? ? '' : ' else ' + goto(jf))
       end
 
       # See {Instruction::Base#symbolize}.

spec/data/libseccomp.asm

@@ -1,6 +1,6 @@
 # check if arch is X86_64
 A = arch
-A == 0xc000003e ? next : dead
+A == ARCH_X86_64 ? next : dead
 A = sys_number
 A >= 0x40000000 ? dead : next
 A == write ? ok : next