1// SPDX-License-Identifier: GPL-2.0
2/* Copyright 2022 Sony Group Corporation */
3#include <vmlinux.h>
4
5#include <bpf/bpf_core_read.h>
6#include <bpf/bpf_helpers.h>
7#include <bpf/bpf_tracing.h>
8#include "bpf_misc.h"
9
10int arg1 = 0;
11unsigned long arg2 = 0;
12unsigned long arg3 = 0;
13unsigned long arg4_cx = 0;
14unsigned long arg4 = 0;
15unsigned long arg5 = 0;
16
17int arg1_core = 0;
18unsigned long arg2_core = 0;
19unsigned long arg3_core = 0;
20unsigned long arg4_core_cx = 0;
21unsigned long arg4_core = 0;
22unsigned long arg5_core = 0;
23
24int option_syscall = 0;
25unsigned long arg2_syscall = 0;
26unsigned long arg3_syscall = 0;
27unsigned long arg4_syscall = 0;
28unsigned long arg5_syscall = 0;
29
30const volatile pid_t filter_pid = 0;
31
32SEC("kprobe/" SYS_PREFIX "sys_prctl")
33int BPF_KPROBE(handle_sys_prctl)
34{
35 struct pt_regs *real_regs;
36 pid_t pid = bpf_get_current_pid_tgid() >> 32;
37 unsigned long tmp = 0;
38
39 if (pid != filter_pid)
40 return 0;
41
42 real_regs = PT_REGS_SYSCALL_REGS(ctx);
43
44 /* test for PT_REGS_PARM */
45
46#if !defined(bpf_target_arm64) && !defined(bpf_target_s390)
47 bpf_probe_read_kernel(&tmp, sizeof(tmp), &PT_REGS_PARM1_SYSCALL(real_regs));
48#endif
49 arg1 = tmp;
50 bpf_probe_read_kernel(&arg2, sizeof(arg2), &PT_REGS_PARM2_SYSCALL(real_regs));
51 bpf_probe_read_kernel(&arg3, sizeof(arg3), &PT_REGS_PARM3_SYSCALL(real_regs));
52 bpf_probe_read_kernel(&arg4_cx, sizeof(arg4_cx), &PT_REGS_PARM4(real_regs));
53 bpf_probe_read_kernel(&arg4, sizeof(arg4), &PT_REGS_PARM4_SYSCALL(real_regs));
54 bpf_probe_read_kernel(&arg5, sizeof(arg5), &PT_REGS_PARM5_SYSCALL(real_regs));
55
56 /* test for the CORE variant of PT_REGS_PARM */
57 arg1_core = PT_REGS_PARM1_CORE_SYSCALL(real_regs);
58 arg2_core = PT_REGS_PARM2_CORE_SYSCALL(real_regs);
59 arg3_core = PT_REGS_PARM3_CORE_SYSCALL(real_regs);
60 arg4_core_cx = PT_REGS_PARM4_CORE(real_regs);
61 arg4_core = PT_REGS_PARM4_CORE_SYSCALL(real_regs);
62 arg5_core = PT_REGS_PARM5_CORE_SYSCALL(real_regs);
63
64 return 0;
65}
66
67SEC("ksyscall/prctl")
68int BPF_KSYSCALL(prctl_enter, int option, unsigned long arg2,
69 unsigned long arg3, unsigned long arg4, unsigned long arg5)
70{
71 pid_t pid = bpf_get_current_pid_tgid() >> 32;
72
73 if (pid != filter_pid)
74 return 0;
75
76 option_syscall = option;
77 arg2_syscall = arg2;
78 arg3_syscall = arg3;
79 arg4_syscall = arg4;
80 arg5_syscall = arg5;
81 return 0;
82}
83
84__u64 splice_fd_in;
85__u64 splice_off_in;
86__u64 splice_fd_out;
87__u64 splice_off_out;
88__u64 splice_len;
89__u64 splice_flags;
90
91SEC("ksyscall/splice")
92int BPF_KSYSCALL(splice_enter, int fd_in, loff_t *off_in, int fd_out,
93 loff_t *off_out, size_t len, unsigned int flags)
94{
95 pid_t pid = bpf_get_current_pid_tgid() >> 32;
96
97 if (pid != filter_pid)
98 return 0;
99
100 splice_fd_in = fd_in;
101 splice_off_in = (__u64)off_in;
102 splice_fd_out = fd_out;
103 splice_off_out = (__u64)off_out;
104 splice_len = len;
105 splice_flags = flags;
106
107 return 0;
108}
109
110char _license[] SEC("license") = "GPL";
111

source code of linux/tools/testing/selftests/bpf/progs/bpf_syscall_macro.c