18c2ecf20Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0 28c2ecf20Sopenharmony_ci/* Copyright (c) 2020 Facebook */ 38c2ecf20Sopenharmony_ci 48c2ecf20Sopenharmony_ci#include "vmlinux.h" 58c2ecf20Sopenharmony_ci#include <bpf/bpf_helpers.h> 68c2ecf20Sopenharmony_ci#include <bpf/bpf_tracing.h> 78c2ecf20Sopenharmony_ci#include <bpf/bpf_core_read.h> 88c2ecf20Sopenharmony_ci 98c2ecf20Sopenharmony_ci#define MAX_LEN 256 108c2ecf20Sopenharmony_ci 118c2ecf20Sopenharmony_cichar buf_in1[MAX_LEN] = {}; 128c2ecf20Sopenharmony_cichar buf_in2[MAX_LEN] = {}; 138c2ecf20Sopenharmony_ci 148c2ecf20Sopenharmony_ciint test_pid = 0; 158c2ecf20Sopenharmony_cibool capture = false; 168c2ecf20Sopenharmony_ci 178c2ecf20Sopenharmony_ci/* .bss */ 188c2ecf20Sopenharmony_ci__u64 payload1_len1 = 0; 198c2ecf20Sopenharmony_ci__u64 payload1_len2 = 0; 208c2ecf20Sopenharmony_ci__u64 total1 = 0; 218c2ecf20Sopenharmony_cichar payload1[MAX_LEN + MAX_LEN] = {}; 228c2ecf20Sopenharmony_ci 238c2ecf20Sopenharmony_ci/* .data */ 248c2ecf20Sopenharmony_ciint payload2_len1 = -1; 258c2ecf20Sopenharmony_ciint payload2_len2 = -1; 268c2ecf20Sopenharmony_ciint total2 = -1; 278c2ecf20Sopenharmony_cichar payload2[MAX_LEN + MAX_LEN] = { 1 }; 288c2ecf20Sopenharmony_ci 298c2ecf20Sopenharmony_ciint payload3_len1 = -1; 308c2ecf20Sopenharmony_ciint payload3_len2 = -1; 318c2ecf20Sopenharmony_ciint total3= -1; 328c2ecf20Sopenharmony_cichar payload3[MAX_LEN + MAX_LEN] = { 1 }; 338c2ecf20Sopenharmony_ci 348c2ecf20Sopenharmony_ciint payload4_len1 = -1; 358c2ecf20Sopenharmony_ciint payload4_len2 = -1; 368c2ecf20Sopenharmony_ciint total4= -1; 378c2ecf20Sopenharmony_cichar payload4[MAX_LEN + MAX_LEN] = { 1 }; 388c2ecf20Sopenharmony_ci 398c2ecf20Sopenharmony_ciSEC("raw_tp/sys_enter") 408c2ecf20Sopenharmony_ciint handler64_unsigned(void *regs) 418c2ecf20Sopenharmony_ci{ 428c2ecf20Sopenharmony_ci int pid = bpf_get_current_pid_tgid() >> 32; 438c2ecf20Sopenharmony_ci void *payload = payload1; 448c2ecf20Sopenharmony_ci u64 len; 458c2ecf20Sopenharmony_ci 468c2ecf20Sopenharmony_ci /* ignore irrelevant invocations */ 478c2ecf20Sopenharmony_ci if (test_pid != pid || !capture) 488c2ecf20Sopenharmony_ci return 0; 498c2ecf20Sopenharmony_ci 508c2ecf20Sopenharmony_ci len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]); 518c2ecf20Sopenharmony_ci if (len <= MAX_LEN) { 528c2ecf20Sopenharmony_ci payload += len; 538c2ecf20Sopenharmony_ci payload1_len1 = len; 548c2ecf20Sopenharmony_ci } 558c2ecf20Sopenharmony_ci 568c2ecf20Sopenharmony_ci len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]); 578c2ecf20Sopenharmony_ci if (len <= MAX_LEN) { 588c2ecf20Sopenharmony_ci payload += len; 598c2ecf20Sopenharmony_ci payload1_len2 = len; 608c2ecf20Sopenharmony_ci } 618c2ecf20Sopenharmony_ci 628c2ecf20Sopenharmony_ci total1 = payload - (void *)payload1; 638c2ecf20Sopenharmony_ci 648c2ecf20Sopenharmony_ci return 0; 658c2ecf20Sopenharmony_ci} 668c2ecf20Sopenharmony_ci 678c2ecf20Sopenharmony_ciSEC("raw_tp/sys_exit") 688c2ecf20Sopenharmony_ciint handler64_signed(void *regs) 698c2ecf20Sopenharmony_ci{ 708c2ecf20Sopenharmony_ci int pid = bpf_get_current_pid_tgid() >> 32; 718c2ecf20Sopenharmony_ci void *payload = payload3; 728c2ecf20Sopenharmony_ci long len; 738c2ecf20Sopenharmony_ci 748c2ecf20Sopenharmony_ci /* ignore irrelevant invocations */ 758c2ecf20Sopenharmony_ci if (test_pid != pid || !capture) 768c2ecf20Sopenharmony_ci return 0; 778c2ecf20Sopenharmony_ci 788c2ecf20Sopenharmony_ci len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]); 798c2ecf20Sopenharmony_ci if (len >= 0) { 808c2ecf20Sopenharmony_ci payload += len; 818c2ecf20Sopenharmony_ci payload3_len1 = len; 828c2ecf20Sopenharmony_ci } 838c2ecf20Sopenharmony_ci len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]); 848c2ecf20Sopenharmony_ci if (len >= 0) { 858c2ecf20Sopenharmony_ci payload += len; 868c2ecf20Sopenharmony_ci payload3_len2 = len; 878c2ecf20Sopenharmony_ci } 888c2ecf20Sopenharmony_ci total3 = payload - (void *)payload3; 898c2ecf20Sopenharmony_ci 908c2ecf20Sopenharmony_ci return 0; 918c2ecf20Sopenharmony_ci} 928c2ecf20Sopenharmony_ci 938c2ecf20Sopenharmony_ciSEC("tp/raw_syscalls/sys_enter") 948c2ecf20Sopenharmony_ciint handler32_unsigned(void *regs) 958c2ecf20Sopenharmony_ci{ 968c2ecf20Sopenharmony_ci int pid = bpf_get_current_pid_tgid() >> 32; 978c2ecf20Sopenharmony_ci void *payload = payload2; 988c2ecf20Sopenharmony_ci u32 len; 998c2ecf20Sopenharmony_ci 1008c2ecf20Sopenharmony_ci /* ignore irrelevant invocations */ 1018c2ecf20Sopenharmony_ci if (test_pid != pid || !capture) 1028c2ecf20Sopenharmony_ci return 0; 1038c2ecf20Sopenharmony_ci 1048c2ecf20Sopenharmony_ci len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]); 1058c2ecf20Sopenharmony_ci if (len <= MAX_LEN) { 1068c2ecf20Sopenharmony_ci payload += len; 1078c2ecf20Sopenharmony_ci payload2_len1 = len; 1088c2ecf20Sopenharmony_ci } 1098c2ecf20Sopenharmony_ci 1108c2ecf20Sopenharmony_ci len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]); 1118c2ecf20Sopenharmony_ci if (len <= MAX_LEN) { 1128c2ecf20Sopenharmony_ci payload += len; 1138c2ecf20Sopenharmony_ci payload2_len2 = len; 1148c2ecf20Sopenharmony_ci } 1158c2ecf20Sopenharmony_ci 1168c2ecf20Sopenharmony_ci total2 = payload - (void *)payload2; 1178c2ecf20Sopenharmony_ci 1188c2ecf20Sopenharmony_ci return 0; 1198c2ecf20Sopenharmony_ci} 1208c2ecf20Sopenharmony_ci 1218c2ecf20Sopenharmony_ciSEC("tp/raw_syscalls/sys_exit") 1228c2ecf20Sopenharmony_ciint handler32_signed(void *regs) 1238c2ecf20Sopenharmony_ci{ 1248c2ecf20Sopenharmony_ci int pid = bpf_get_current_pid_tgid() >> 32; 1258c2ecf20Sopenharmony_ci void *payload = payload4; 1268c2ecf20Sopenharmony_ci int len; 1278c2ecf20Sopenharmony_ci 1288c2ecf20Sopenharmony_ci /* ignore irrelevant invocations */ 1298c2ecf20Sopenharmony_ci if (test_pid != pid || !capture) 1308c2ecf20Sopenharmony_ci return 0; 1318c2ecf20Sopenharmony_ci 1328c2ecf20Sopenharmony_ci len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]); 1338c2ecf20Sopenharmony_ci if (len >= 0) { 1348c2ecf20Sopenharmony_ci payload += len; 1358c2ecf20Sopenharmony_ci payload4_len1 = len; 1368c2ecf20Sopenharmony_ci } 1378c2ecf20Sopenharmony_ci len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]); 1388c2ecf20Sopenharmony_ci if (len >= 0) { 1398c2ecf20Sopenharmony_ci payload += len; 1408c2ecf20Sopenharmony_ci payload4_len2 = len; 1418c2ecf20Sopenharmony_ci } 1428c2ecf20Sopenharmony_ci total4 = payload - (void *)payload4; 1438c2ecf20Sopenharmony_ci 1448c2ecf20Sopenharmony_ci return 0; 1458c2ecf20Sopenharmony_ci} 1468c2ecf20Sopenharmony_ci 1478c2ecf20Sopenharmony_ciSEC("tp/syscalls/sys_exit_getpid") 1488c2ecf20Sopenharmony_ciint handler_exit(void *regs) 1498c2ecf20Sopenharmony_ci{ 1508c2ecf20Sopenharmony_ci long bla; 1518c2ecf20Sopenharmony_ci 1528c2ecf20Sopenharmony_ci if (bpf_probe_read_kernel(&bla, sizeof(bla), 0)) 1538c2ecf20Sopenharmony_ci return 1; 1548c2ecf20Sopenharmony_ci else 1558c2ecf20Sopenharmony_ci return 0; 1568c2ecf20Sopenharmony_ci} 1578c2ecf20Sopenharmony_ci 1588c2ecf20Sopenharmony_cichar LICENSE[] SEC("license") = "GPL"; 159