libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE

Linux kernel 4.13 introduced 4 more jump class variants.

  commit 92b31a9af73b3a3fc801899335d6c47966351830
  Author: Daniel Borkmann <daniel@iogearbox.net>
  Date:   Thu Aug 10 01:39:55 2017 +0200

    bpf: add BPF_J{LT,LE,SLT,SLE} instructions

For conditional jumping on unsigned and signed < and <= between a register
and another register or immediate.

Add these new constants to bpf.h, recognize them in bpf_disasm and update
the testfile-bpf-dis1.expect file.

Signed-off-by: Mark Wielaard <mark@klomp.org>

6 files changed, 43 insertions, 1 deletions

diff --git a/lib/ChangeLog b/lib/ChangeLog
index 86a53d2c..0914b2c6 100644
--- a/lib/ChangeLog
+++ b/lib/ChangeLog
@@ -1,3 +1,7 @@
+2018-11-04  Mark Wielaard  <mark@klomp.org>
+
+	* bpf.h: Add BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE.
+
 2018-07-04  Ross Burton <ross.burton@intel.com>
 
 	* color.c: Remove error.h, add system.h include.
diff --git a/lib/bpf.h b/lib/bpf.h
index db80a51e..efb26f8f 100644
--- a/lib/bpf.h
+++ b/lib/bpf.h
@@ -23,6 +23,10 @@
 #define BPF_JSGE 0x70
 #define BPF_CALL 0x80
 #define BPF_EXIT 0x90
+#define BPF_JLT  0xa0
+#define BPF_JLE  0xb0
+#define BPF_JSLT 0xc0
+#define BPF_JSLE 0xd0
 
 #define BPF_W 0x00
 #define BPF_H 0x08
diff --git a/libcpu/ChangeLog b/libcpu/ChangeLog
index 86d29478..adebbef8 100644
--- a/libcpu/ChangeLog
+++ b/libcpu/ChangeLog
@@ -1,3 +1,8 @@
+2018-11-04  Mark Wielaard  <mark@klomp.org>
+
+	* bpf_disasm.c (bpf_disasm): Recognize BPF_JLT, BPF_JLE, BPF_JSLT
+	and BPF_JSLE.
+
 2018-02-09  Joshua Watt  <JPEWhacker@gmail.com>
 
 	* i386_disasm.c (i386_disasm): Use FALLTHOUGH macro instead of
diff --git a/libcpu/bpf_disasm.c b/libcpu/bpf_disasm.c
index 054aba2b..3d92d014 100644
--- a/libcpu/bpf_disasm.c
+++ b/libcpu/bpf_disasm.c
@@ -1,5 +1,5 @@
 /* Disassembler for BPF.
-   Copyright (C) 2016 Red Hat, Inc.
+   Copyright (C) 2016, 2018 Red Hat, Inc.
    This file is part of elfutils.
 
    This file is free software; you can redistribute it and/or modify
@@ -346,6 +346,18 @@ bpf_disasm (Ebl *ebl, const uint8_t **startp, const uint8_t *end,
 	case BPF_JMP | BPF_JSGE | BPF_K:
 	  code_fmt = J64(REGS(1), >=, IMMS(2));
 	  goto do_dst_imm_jmp;
+	case BPF_JMP | BPF_JLT | BPF_K:
+	  code_fmt = J64(REG(1), <, IMMS(2));
+	  goto do_dst_imm_jmp;
+	case BPF_JMP | BPF_JLE | BPF_K:
+	  code_fmt = J64(REG(1), <=, IMMS(2));
+	  goto do_dst_imm_jmp;
+	case BPF_JMP | BPF_JSLT | BPF_K:
+	  code_fmt = J64(REGS(1), <, IMMS(2));
+	  goto do_dst_imm_jmp;
+	case BPF_JMP | BPF_JSLE | BPF_K:
+	  code_fmt = J64(REGS(1), <=, IMMS(2));
+	  goto do_dst_imm_jmp;
 
 	case BPF_JMP | BPF_JEQ | BPF_X:
 	  code_fmt = J64(REG(1), ==, REG(2));
@@ -368,6 +380,18 @@ bpf_disasm (Ebl *ebl, const uint8_t **startp, const uint8_t *end,
 	case BPF_JMP | BPF_JSGE | BPF_X:
 	  code_fmt = J64(REGS(1), >=, REGS(2));
 	  goto do_dst_src_jmp;
+	case BPF_JMP | BPF_JLT | BPF_X:
+	  code_fmt = J64(REG(1), <, REG(2));
+	  goto do_dst_src_jmp;
+	case BPF_JMP | BPF_JLE | BPF_X:
+	  code_fmt = J64(REG(1), <=, REG(2));
+	  goto do_dst_src_jmp;
+	case BPF_JMP | BPF_JSLT | BPF_X:
+	  code_fmt = J64(REGS(1), <, REGS(2));
+	  goto do_dst_src_jmp;
+	case BPF_JMP | BPF_JSLE | BPF_X:
+	  code_fmt = J64(REGS(1), <=, REGS(2));
+	  goto do_dst_src_jmp;
 
 	case BPF_LDX | BPF_MEM | BPF_B:
 	  code_fmt = LOAD(u8);
diff --git a/tests/ChangeLog b/tests/ChangeLog
index b0da4c79..92dfb95d 100644
--- a/tests/ChangeLog
+++ b/tests/ChangeLog
@@ -1,3 +1,8 @@
+2018-11-04  Mark Wielaard  <mark@klomp.org>
+
+	* testfile-bpf-reloc.expect.bz2: Update with new expected jump
+	variants.
+
 2018-10-20  Mark Wielaard  <mark@klomp.org>
 
 	* run-readelf-compressed.sh: New test.
diff --git a/tests/testfile-bpf-dis1.expect.bz2 b/tests/testfile-bpf-dis1.expect.bz2
index 21b55e94..61a8afb1 100644
--- a/tests/testfile-bpf-dis1.expect.bz2
+++ b/tests/testfile-bpf-dis1.expect.bz2