1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* Copyright (c) 2020 Facebook */ |
3 | |
4 | #include "vmlinux.h" |
5 | #include <bpf/bpf_helpers.h> |
6 | #include <bpf/bpf_tracing.h> |
7 | #include <bpf/bpf_core_read.h> |
8 | |
9 | #define MAX_LEN 256 |
10 | |
11 | char buf_in1[MAX_LEN] = {}; |
12 | char buf_in2[MAX_LEN] = {}; |
13 | |
14 | int test_pid = 0; |
15 | bool capture = false; |
16 | |
17 | /* .bss */ |
18 | __u64 payload1_len1 = 0; |
19 | __u64 payload1_len2 = 0; |
20 | __u64 total1 = 0; |
21 | char payload1[MAX_LEN + MAX_LEN] = {}; |
22 | __u64 ret_bad_read = 0; |
23 | |
24 | /* .data */ |
25 | int payload2_len1 = -1; |
26 | int payload2_len2 = -1; |
27 | int total2 = -1; |
28 | char payload2[MAX_LEN + MAX_LEN] = { 1 }; |
29 | |
30 | int payload3_len1 = -1; |
31 | int payload3_len2 = -1; |
32 | int total3= -1; |
33 | char payload3[MAX_LEN + MAX_LEN] = { 1 }; |
34 | |
35 | int payload4_len1 = -1; |
36 | int payload4_len2 = -1; |
37 | int total4= -1; |
38 | char payload4[MAX_LEN + MAX_LEN] = { 1 }; |
39 | |
40 | char payload_bad[5] = { 0x42, 0x42, 0x42, 0x42, 0x42 }; |
41 | |
42 | SEC("raw_tp/sys_enter" ) |
43 | int handler64_unsigned(void *regs) |
44 | { |
45 | int pid = bpf_get_current_pid_tgid() >> 32; |
46 | void *payload = payload1; |
47 | long len; |
48 | |
49 | /* ignore irrelevant invocations */ |
50 | if (test_pid != pid || !capture) |
51 | return 0; |
52 | |
53 | len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]); |
54 | if (len >= 0) { |
55 | payload += len; |
56 | payload1_len1 = len; |
57 | } |
58 | |
59 | len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]); |
60 | if (len >= 0) { |
61 | payload += len; |
62 | payload1_len2 = len; |
63 | } |
64 | |
65 | total1 = payload - (void *)payload1; |
66 | |
67 | ret_bad_read = bpf_probe_read_kernel_str(payload_bad + 2, 1, (void *) -1); |
68 | |
69 | return 0; |
70 | } |
71 | |
72 | SEC("raw_tp/sys_exit" ) |
73 | int handler64_signed(void *regs) |
74 | { |
75 | int pid = bpf_get_current_pid_tgid() >> 32; |
76 | void *payload = payload3; |
77 | long len; |
78 | |
79 | /* ignore irrelevant invocations */ |
80 | if (test_pid != pid || !capture) |
81 | return 0; |
82 | |
83 | len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]); |
84 | if (len >= 0) { |
85 | payload += len; |
86 | payload3_len1 = len; |
87 | } |
88 | len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]); |
89 | if (len >= 0) { |
90 | payload += len; |
91 | payload3_len2 = len; |
92 | } |
93 | total3 = payload - (void *)payload3; |
94 | |
95 | return 0; |
96 | } |
97 | |
98 | SEC("tp/raw_syscalls/sys_enter" ) |
99 | int handler32_unsigned(void *regs) |
100 | { |
101 | int pid = bpf_get_current_pid_tgid() >> 32; |
102 | void *payload = payload2; |
103 | u32 len; |
104 | |
105 | /* ignore irrelevant invocations */ |
106 | if (test_pid != pid || !capture) |
107 | return 0; |
108 | |
109 | len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]); |
110 | if (len <= MAX_LEN) { |
111 | payload += len; |
112 | payload2_len1 = len; |
113 | } |
114 | |
115 | len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]); |
116 | if (len <= MAX_LEN) { |
117 | payload += len; |
118 | payload2_len2 = len; |
119 | } |
120 | |
121 | total2 = payload - (void *)payload2; |
122 | |
123 | return 0; |
124 | } |
125 | |
126 | SEC("tp/raw_syscalls/sys_exit" ) |
127 | int handler32_signed(void *regs) |
128 | { |
129 | int pid = bpf_get_current_pid_tgid() >> 32; |
130 | void *payload = payload4; |
131 | long len; |
132 | |
133 | /* ignore irrelevant invocations */ |
134 | if (test_pid != pid || !capture) |
135 | return 0; |
136 | |
137 | len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]); |
138 | if (len >= 0) { |
139 | payload += len; |
140 | payload4_len1 = len; |
141 | } |
142 | len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]); |
143 | if (len >= 0) { |
144 | payload += len; |
145 | payload4_len2 = len; |
146 | } |
147 | total4 = payload - (void *)payload4; |
148 | |
149 | return 0; |
150 | } |
151 | |
152 | SEC("tp/syscalls/sys_exit_getpid" ) |
153 | int handler_exit(void *regs) |
154 | { |
155 | long bla; |
156 | |
157 | if (bpf_probe_read_kernel(&bla, sizeof(bla), 0)) |
158 | return 1; |
159 | else |
160 | return 0; |
161 | } |
162 | |
163 | char LICENSE[] SEC("license" ) = "GPL" ; |
164 | |