Initial public commit

Author: aengelke

.gitignore

@@ -0,0 +1,3 @@
+/*.sublime-*
+/build*
+/install

.gitmodules

@@ -0,0 +1,6 @@
+[submodule "subprojects/rellume"]
+	path = subprojects/rellume
+	url = https://github.com/aengelke/rellume.git
+[submodule "subprojects/fadec"]
+	path = subprojects/fadec
+	url = https://github.com/aengelke/fadec.git

LICENSE

@@ -0,0 +1,14 @@
+# Instrew — LLVM-based Dynamic Binary Instrumentation
+
+Instrew is a performance-targeted transparent dynamic binary rewriter/instrumenter based on LLVM targeting x86-64. The original code is lifted to LLVM-IR using [Rellume](https://github.com/aengelke/rellume), where it can be modified and from which new machine code is generated using LLVM's MCJIT compiler.
+
+### Architecture
+
+Instrew implements a two-process client/server architecture: the light-weight client contains the guest address space as well as the code cache and controls execution, querying rewritten objects as necessary from the server. The server performs lifting (requesting instruction bytes from the client when required), instrumentation, and code generation and sends back an ELF object file. When receiving a new object file, the client resolves missing symbols and applies relocations.
+
+### Publications
+
+- Alexis Engelke and Martin Schulz. 2020. Instrew: Leveraging LLVM for High Performance Dynamic Binary Instrumentation. In 16th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE ’20), March 17, 2020, Lausanne, Switzerland. *Accepted. Link will follow.*
+
+### License
+Instrew is licensed under LGPLv2.1+.

README.md

@@ -0,0 +1,88 @@
+
+#ifndef COMMON_H
+#define COMMON_H
+
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdint.h>
+
+#include <linux/errno.h>
+#include <linux/fcntl.h>
+#include <linux/time.h>
+#include <linux/unistd.h>
+
+#define ssize_t intptr_t
+#define off_t intptr_t
+
+extern char **environ;
+
+long syscall(long, long, long, long, long, long, long);
+__attribute__((noreturn)) void _exit(int status);
+int getpid(void);
+
+int clock_gettime(int clk_id, struct timespec* tp);
+
+int open(const char* pathname, int flags, int mode);
+int openat(int dirfd, const char* pathname, int flags, int mode);
+off_t lseek(int fd, off_t offset, int whence);
+ssize_t read(int fd, void* buf, size_t count);
+ssize_t write(int fd, const void* buf, size_t count);
+int close(int fd);
+int fcntl(int fd);
+
+ssize_t read_full(int fd, void* buf, size_t nbytes);
+ssize_t write_full(int fd, const void* buf, size_t nbytes);
+
+// sys/auxv.h
+unsigned long int getauxval(unsigned long int __type);
+
+// sys/mman.h
+void* mmap(void* addr, size_t length, int prot, int flags, int fd,
+           off_t offset);
+int munmap(void* addr, size_t length);
+int mprotect(void* addr, size_t len, int prot);
+
+// stdio.h
+int vsnprintf(char* str, size_t size, const char* restrict format, va_list args);
+int snprintf(char* str, size_t size, const char* restrict format, ...);
+int vdprintf(int fd, const char* restrict format, va_list args);
+int dprintf(int fd, const char* restrict format, ...);
+int printf(const char* restrict format, ...);
+int puts(const char* s);
+
+// strings.h
+size_t strlen(const char* s);
+int strcmp(const char* s1, const char* s2);
+int strncmp(const char* s1, const char* s2, size_t n);
+char* strchr(const char* s, int c);
+void* memset(void* s, int c, size_t n);
+int memcmp(const void* s1, const void* s2, size_t n);
+void* memcpy(void* dest, const void* src, size_t n);
+
+int execve(const char* filename, const char* const argv[], const char* const envp[]);
+int dup2(int oldfd, int newfd);
+int pipe2(int pipefd[2], int flags);
+int __clone(int (*func)(void *), void *stack, int flags, void *arg, ...);
+
+#define STRINGIFY_ARG(x) #x
+#define STRINGIFY(x) STRINGIFY_ARG(x)
+
+#define PASTE_ARGS(a,b) a ## b
+#define PASTE(a,b) PASTE_ARGS(a, b)
+
+#define ALIGN_DOWN(v,a) ((v) & ~((a)-1))
+#define ALIGN_UP(v,a) (((v) + (a - 1)) & ~((a)-1))
+
+#define LIKELY(x) __builtin_expect((x), 1)
+#define UNLIKELY(x) __builtin_expect((x), 0)
+
+#define ASM_BLOCK(...) __asm__(#__VA_ARGS__)
+
+#if __SIZEOF_POINTER__ == 8
+#define BAD_ADDR(a) (((uintptr_t) (a)) > 0xfffffffffffff000ULL)
+#else
+#define BAD_ADDR(a) (((uintptr_t) (a)) > 0xfffff000UL)
+#endif
+
+#endif

client/common.h

@@ -0,0 +1,248 @@
+
+#include <common.h>
+#include <elf.h>
+#include <linux/fcntl.h>
+#include <linux/fs.h>
+#include <linux/mman.h>
+
+#include <elf-loader.h>
+
+
+#define elf_check_arch(x) \
+        ((x)->e_machine == EM_X86_64)
+
+#define PAGESIZE ((size_t) 0x1000)
+
+static Elf_Phdr* load_elf_phdrs(Elf_Ehdr* elf_ex, int fd) {
+    Elf_Phdr* phdata = NULL;
+    int err = -1;
+
+    if (elf_ex->e_phentsize != sizeof(Elf_Phdr))
+        goto out;
+
+    if (elf_ex->e_phnum < 1 || elf_ex->e_phnum > 65536U / sizeof(Elf_Phdr))
+        goto out;
+
+    size_t size = sizeof(Elf_Phdr) * elf_ex->e_phnum;
+    if (size > 0x1000)
+        goto out;
+
+    phdata = mmap(NULL, 0x1000, PROT_READ|PROT_WRITE,
+                  MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
+    if (BAD_ADDR(phdata)) {
+        phdata = NULL;
+        goto out;
+    }
+
+    if (lseek(fd, elf_ex->e_phoff, SEEK_SET) == -1)
+        goto out;
+
+    if (read_full(fd, phdata, size) == -1)
+        goto out;
+
+    err = 0;
+
+out:
+    if (err && phdata != NULL) {
+        munmap(phdata, 0x1000);
+        phdata = NULL;
+    }
+
+    return phdata;
+}
+
+static size_t elf_mapping_size(Elf_Phdr* elf_phdata, size_t num_ph) {
+    unsigned has_first = 0;
+    uintptr_t start = 0;
+    uintptr_t end = 0;
+    for (size_t i = 0; i < num_ph; i++) {
+        if (elf_phdata[i].p_type != PT_LOAD)
+            continue;
+        if (!has_first) {
+            has_first = 1;
+            start = ALIGN_DOWN(elf_phdata[i].p_vaddr, PAGESIZE);
+        }
+        end = elf_phdata[i].p_vaddr + elf_phdata[i].p_memsz;
+    }
+    return end - start;
+}
+
+static int
+elf_map(uintptr_t addr, Elf_Phdr* elf_ppnt, int fd) {
+    int retval;
+
+    int prot = 0;
+    if (elf_ppnt->p_flags & PF_R)
+        prot |= PROT_READ;
+    if (elf_ppnt->p_flags & PF_W)
+        prot |= PROT_WRITE;
+    if (elf_ppnt->p_flags & PF_X) {
+        // Never map code as executable, since the host can't execute it.
+    }
+
+    uintptr_t mapstart = ALIGN_DOWN(addr, PAGESIZE);
+    uintptr_t mapend = ALIGN_UP(addr + elf_ppnt->p_filesz, PAGESIZE);
+    uintptr_t dataend = addr + elf_ppnt->p_filesz;
+    uintptr_t allocend = addr + elf_ppnt->p_memsz;
+    uintptr_t mapoff = ALIGN_DOWN(elf_ppnt->p_offset, PAGESIZE);
+
+    if (mapend > mapstart) {
+        void* mapret = mmap((void*) mapstart, mapend - mapstart, prot,
+                            MAP_PRIVATE|MAP_FIXED, fd, mapoff);
+        if (BAD_ADDR(mapret)) {
+            puts("map (file)");
+            retval = (int) (uintptr_t) mapret;
+            goto out;
+        }
+    }
+
+    if (allocend > dataend)
+    {
+        uintptr_t zeropage = ALIGN_UP(dataend, PAGESIZE);
+        if (allocend < zeropage)
+            zeropage = allocend;
+
+        if (zeropage > dataend)
+        {
+            // We have data at the last page of the segment that has to be
+            // zeroed. If necessary, we have to give write privileges
+            // temporarily.
+            if ((prot & PROT_WRITE) == 0) {
+                puts("zero (page end)");
+                retval = mprotect((void*) ALIGN_DOWN(dataend, PAGESIZE),
+                                  PAGESIZE, prot | PROT_WRITE);
+                if (retval < 0)
+                    goto out;
+            }
+            memset((void*) dataend, 0, zeropage - dataend);
+            if ((prot & PROT_WRITE) == 0) {
+                mprotect((void*) ALIGN_DOWN(dataend, PAGESIZE), PAGESIZE,
+                         prot);
+            }
+        }
+
+        // We have entire pages that have to be zeroed.
+        if (allocend > zeropage) {
+            void* mapret = mmap((void*) zeropage, allocend - zeropage, prot,
+                                MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0);
+            if (BAD_ADDR(mapret)) {
+                puts("map (zero)");
+                retval = (int) (uintptr_t) mapret;
+                goto out;
+            }
+        }
+    }
+
+    retval = 0;
+
+out:
+    return retval;
+}
+
+// static int
+// load_elf_interp(const char* filename)
+
+int load_elf_binary(const char* filename, BinaryInfo* out_info) {
+    int retval;
+    int i;
+    Elf_Phdr* elf_ppnt;
+
+    int fd = open(filename, O_RDONLY, 0);
+    if (fd < 0)     {
+        retval = fd;
+        goto out;
+    }
+
+    Elf_Ehdr elfhdr_ex;
+    retval = read_full(fd, &elfhdr_ex, sizeof(Elf_Ehdr));
+    if (retval < 0)
+        goto out_close;
+
+    retval = -ENOEXEC;
+    if (memcmp(&elfhdr_ex, ELFMAG, SELFMAG) != 0)
+        goto out_close;
+
+    if (elfhdr_ex.e_type != ET_EXEC && elfhdr_ex.e_type != ET_DYN)
+        goto out_close;
+
+    if (!elf_check_arch(&elfhdr_ex))
+        goto out_close;
+
+    Elf_Phdr* elf_phdata = load_elf_phdrs(&elfhdr_ex, fd);
+    if (elf_phdata == NULL) {
+        puts("Could not load phdata");
+        goto out_close;
+    }
+
+    for (i = 0, elf_ppnt = elf_phdata; i < elfhdr_ex.e_phnum; i++, elf_ppnt++) {
+        if (elf_ppnt->p_type == PT_INTERP) {
+            // TODO: Support ELF interpreters
+            puts("INTERP must not be set");
+            goto out_free_ph;
+        }
+    }
+
+    uintptr_t load_addr = 0;
+    unsigned load_addr_set = 0;
+    uintptr_t load_bias = 0;
+
+    // TODO: Support GNU_STACK and architecture specific program headers
+    // TODO: Support executable stack
+
+    for (i = 0, elf_ppnt = elf_phdata; i < elfhdr_ex.e_phnum; i++, elf_ppnt++) {
+        if (elf_ppnt->p_type != PT_LOAD)
+            continue;
+
+        if (elfhdr_ex.e_type == ET_DYN && !load_addr_set) {
+            // TODO: handle the case where we have an ELF interpreter.
+            // if (interpreter) {
+            // } else {
+            // Get a memory region that is large enough to hold the whole binary
+            uintptr_t total_size = elf_mapping_size(elf_phdata, elfhdr_ex.e_phnum);
+            if (total_size == 0) {
+                retval = -ENOEXEC;
+                goto out_free_ph;
+            }
+
+            void* load_bias_ptr = mmap(NULL, total_size, PROT_NONE,
+                                       MAP_PRIVATE|MAP_NORESERVE|MAP_ANONYMOUS,
+                                       -1, 0);
+            if (BAD_ADDR(load_bias_ptr)) {
+                retval = (int) (uintptr_t) load_bias_ptr;
+                goto out_free_ph;
+            }
+            munmap(load_bias_ptr, total_size);
+
+            load_bias = (uintptr_t) load_bias_ptr;
+            // }
+            load_bias = ALIGN_DOWN(load_bias - elf_ppnt->p_vaddr, PAGESIZE);
+        }
+
+        if (!load_addr_set) {
+            load_addr_set = 1;
+            load_addr = (elf_ppnt->p_vaddr-elf_ppnt->p_offset) + load_bias;
+        }
+
+        retval = elf_map(load_bias + elf_ppnt->p_vaddr, elf_ppnt, fd);
+        if (retval < 0)
+            goto out_free_ph;
+    }
+
+    if (out_info != NULL) {
+        out_info->entry = (void*) (load_bias + elfhdr_ex.e_entry);
+        out_info->phdr = (Elf_Phdr*) (load_addr + elfhdr_ex.e_phoff);
+        out_info->phnum = elfhdr_ex.e_phnum;
+        out_info->phent = elfhdr_ex.e_phentsize;
+    }
+
+    retval = 0;
+
+out_free_ph:
+    munmap(elf_phdata, 0x1000);
+
+out_close:
+    close(fd);
+
+out:
+    return retval;
+}

client/elf-loader.c

@@ -0,0 +1,25 @@
+
+#ifndef _INSTREW_ELF_LOADER_H
+#define _INSTREW_ELF_LOADER_H
+
+#include <elf.h>
+#include <stddef.h>
+
+
+#define Elf_Ehdr Elf64_Ehdr
+#define Elf_Phdr Elf64_Phdr
+#define Elf_Shdr Elf64_Shdr
+#define Elf_Note Elf64_Note
+
+struct BinaryInfo {
+    void* entry;
+    Elf_Phdr* phdr;
+    size_t phnum;
+    size_t phent;
+};
+
+typedef struct BinaryInfo BinaryInfo;
+
+int load_elf_binary(const char* filename, BinaryInfo* out_info);
+
+#endif