Loading...
1// SPDX-License-Identifier: GPL-2.0
2/* Copyright (c) 2020 Facebook */
3
4#include "vmlinux.h"
5#include <bpf/bpf_helpers.h>
6#include <bpf/bpf_tracing.h>
7#include <bpf/bpf_core_read.h>
8
9#define MAX_LEN 256
10
11char buf_in1[MAX_LEN] = {};
12char buf_in2[MAX_LEN] = {};
13
14int test_pid = 0;
15bool capture = false;
16
17/* .bss */
18__u64 payload1_len1 = 0;
19__u64 payload1_len2 = 0;
20__u64 total1 = 0;
21char payload1[MAX_LEN + MAX_LEN] = {};
22__u64 ret_bad_read = 0;
23
24/* .data */
25int payload2_len1 = -1;
26int payload2_len2 = -1;
27int total2 = -1;
28char payload2[MAX_LEN + MAX_LEN] = { 1 };
29
30int payload3_len1 = -1;
31int payload3_len2 = -1;
32int total3= -1;
33char payload3[MAX_LEN + MAX_LEN] = { 1 };
34
35int payload4_len1 = -1;
36int payload4_len2 = -1;
37int total4= -1;
38char payload4[MAX_LEN + MAX_LEN] = { 1 };
39
40char payload_bad[5] = { 0x42, 0x42, 0x42, 0x42, 0x42 };
41
42SEC("raw_tp/sys_enter")
43int handler64_unsigned(void *regs)
44{
45 int pid = bpf_get_current_pid_tgid() >> 32;
46 void *payload = payload1;
47 long len;
48
49 /* ignore irrelevant invocations */
50 if (test_pid != pid || !capture)
51 return 0;
52
53 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]);
54 if (len >= 0) {
55 payload += len;
56 payload1_len1 = len;
57 }
58
59 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]);
60 if (len >= 0) {
61 payload += len;
62 payload1_len2 = len;
63 }
64
65 total1 = payload - (void *)payload1;
66
67 ret_bad_read = bpf_probe_read_kernel_str(payload_bad + 2, 1, (void *) -1);
68
69 return 0;
70}
71
72SEC("raw_tp/sys_exit")
73int handler64_signed(void *regs)
74{
75 int pid = bpf_get_current_pid_tgid() >> 32;
76 void *payload = payload3;
77 long len;
78
79 /* ignore irrelevant invocations */
80 if (test_pid != pid || !capture)
81 return 0;
82
83 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]);
84 if (len >= 0) {
85 payload += len;
86 payload3_len1 = len;
87 }
88 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]);
89 if (len >= 0) {
90 payload += len;
91 payload3_len2 = len;
92 }
93 total3 = payload - (void *)payload3;
94
95 return 0;
96}
97
98SEC("tp/raw_syscalls/sys_enter")
99int handler32_unsigned(void *regs)
100{
101 int pid = bpf_get_current_pid_tgid() >> 32;
102 void *payload = payload2;
103 u32 len;
104
105 /* ignore irrelevant invocations */
106 if (test_pid != pid || !capture)
107 return 0;
108
109 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]);
110 if (len <= MAX_LEN) {
111 payload += len;
112 payload2_len1 = len;
113 }
114
115 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]);
116 if (len <= MAX_LEN) {
117 payload += len;
118 payload2_len2 = len;
119 }
120
121 total2 = payload - (void *)payload2;
122
123 return 0;
124}
125
126SEC("tp/raw_syscalls/sys_exit")
127int handler32_signed(void *regs)
128{
129 int pid = bpf_get_current_pid_tgid() >> 32;
130 void *payload = payload4;
131 long len;
132
133 /* ignore irrelevant invocations */
134 if (test_pid != pid || !capture)
135 return 0;
136
137 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]);
138 if (len >= 0) {
139 payload += len;
140 payload4_len1 = len;
141 }
142 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]);
143 if (len >= 0) {
144 payload += len;
145 payload4_len2 = len;
146 }
147 total4 = payload - (void *)payload4;
148
149 return 0;
150}
151
152SEC("tp/syscalls/sys_exit_getpid")
153int handler_exit(void *regs)
154{
155 long bla;
156
157 if (bpf_probe_read_kernel(&bla, sizeof(bla), 0))
158 return 1;
159 else
160 return 0;
161}
162
163char LICENSE[] SEC("license") = "GPL";
1// SPDX-License-Identifier: GPL-2.0
2/* Copyright (c) 2020 Facebook */
3
4#include "vmlinux.h"
5#include <bpf/bpf_helpers.h>
6#include <bpf/bpf_tracing.h>
7#include <bpf/bpf_core_read.h>
8
9#define MAX_LEN 256
10
11char buf_in1[MAX_LEN] = {};
12char buf_in2[MAX_LEN] = {};
13
14int test_pid = 0;
15bool capture = false;
16
17/* .bss */
18__u64 payload1_len1 = 0;
19__u64 payload1_len2 = 0;
20__u64 total1 = 0;
21char payload1[MAX_LEN + MAX_LEN] = {};
22
23/* .data */
24int payload2_len1 = -1;
25int payload2_len2 = -1;
26int total2 = -1;
27char payload2[MAX_LEN + MAX_LEN] = { 1 };
28
29int payload3_len1 = -1;
30int payload3_len2 = -1;
31int total3= -1;
32char payload3[MAX_LEN + MAX_LEN] = { 1 };
33
34int payload4_len1 = -1;
35int payload4_len2 = -1;
36int total4= -1;
37char payload4[MAX_LEN + MAX_LEN] = { 1 };
38
39SEC("raw_tp/sys_enter")
40int handler64_unsigned(void *regs)
41{
42 int pid = bpf_get_current_pid_tgid() >> 32;
43 void *payload = payload1;
44 u64 len;
45
46 /* ignore irrelevant invocations */
47 if (test_pid != pid || !capture)
48 return 0;
49
50 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]);
51 if (len <= MAX_LEN) {
52 payload += len;
53 payload1_len1 = len;
54 }
55
56 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]);
57 if (len <= MAX_LEN) {
58 payload += len;
59 payload1_len2 = len;
60 }
61
62 total1 = payload - (void *)payload1;
63
64 return 0;
65}
66
67SEC("raw_tp/sys_exit")
68int handler64_signed(void *regs)
69{
70 int pid = bpf_get_current_pid_tgid() >> 32;
71 void *payload = payload3;
72 long len;
73
74 /* ignore irrelevant invocations */
75 if (test_pid != pid || !capture)
76 return 0;
77
78 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]);
79 if (len >= 0) {
80 payload += len;
81 payload3_len1 = len;
82 }
83 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]);
84 if (len >= 0) {
85 payload += len;
86 payload3_len2 = len;
87 }
88 total3 = payload - (void *)payload3;
89
90 return 0;
91}
92
93SEC("tp/raw_syscalls/sys_enter")
94int handler32_unsigned(void *regs)
95{
96 int pid = bpf_get_current_pid_tgid() >> 32;
97 void *payload = payload2;
98 u32 len;
99
100 /* ignore irrelevant invocations */
101 if (test_pid != pid || !capture)
102 return 0;
103
104 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]);
105 if (len <= MAX_LEN) {
106 payload += len;
107 payload2_len1 = len;
108 }
109
110 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]);
111 if (len <= MAX_LEN) {
112 payload += len;
113 payload2_len2 = len;
114 }
115
116 total2 = payload - (void *)payload2;
117
118 return 0;
119}
120
121SEC("tp/raw_syscalls/sys_exit")
122int handler32_signed(void *regs)
123{
124 int pid = bpf_get_current_pid_tgid() >> 32;
125 void *payload = payload4;
126 int len;
127
128 /* ignore irrelevant invocations */
129 if (test_pid != pid || !capture)
130 return 0;
131
132 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]);
133 if (len >= 0) {
134 payload += len;
135 payload4_len1 = len;
136 }
137 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]);
138 if (len >= 0) {
139 payload += len;
140 payload4_len2 = len;
141 }
142 total4 = payload - (void *)payload4;
143
144 return 0;
145}
146
147SEC("tp/syscalls/sys_exit_getpid")
148int handler_exit(void *regs)
149{
150 long bla;
151
152 if (bpf_probe_read_kernel(&bla, sizeof(bla), 0))
153 return 1;
154 else
155 return 0;
156}
157
158char LICENSE[] SEC("license") = "GPL";