162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0 262306a36Sopenharmony_ci/* Copyright (c) 2020 Facebook */ 362306a36Sopenharmony_ci 462306a36Sopenharmony_ci#include "vmlinux.h" 562306a36Sopenharmony_ci#include <bpf/bpf_helpers.h> 662306a36Sopenharmony_ci#include <bpf/bpf_tracing.h> 762306a36Sopenharmony_ci#include <bpf/bpf_core_read.h> 862306a36Sopenharmony_ci 962306a36Sopenharmony_ci#define MAX_LEN 256 1062306a36Sopenharmony_ci 1162306a36Sopenharmony_cichar buf_in1[MAX_LEN] = {}; 1262306a36Sopenharmony_cichar buf_in2[MAX_LEN] = {}; 1362306a36Sopenharmony_ci 1462306a36Sopenharmony_ciint test_pid = 0; 1562306a36Sopenharmony_cibool capture = false; 1662306a36Sopenharmony_ci 1762306a36Sopenharmony_ci/* .bss */ 1862306a36Sopenharmony_ci__u64 payload1_len1 = 0; 1962306a36Sopenharmony_ci__u64 payload1_len2 = 0; 2062306a36Sopenharmony_ci__u64 total1 = 0; 2162306a36Sopenharmony_cichar payload1[MAX_LEN + MAX_LEN] = {}; 2262306a36Sopenharmony_ci__u64 ret_bad_read = 0; 2362306a36Sopenharmony_ci 2462306a36Sopenharmony_ci/* .data */ 2562306a36Sopenharmony_ciint payload2_len1 = -1; 2662306a36Sopenharmony_ciint payload2_len2 = -1; 2762306a36Sopenharmony_ciint total2 = -1; 2862306a36Sopenharmony_cichar payload2[MAX_LEN + MAX_LEN] = { 1 }; 2962306a36Sopenharmony_ci 3062306a36Sopenharmony_ciint payload3_len1 = -1; 3162306a36Sopenharmony_ciint payload3_len2 = -1; 3262306a36Sopenharmony_ciint total3= -1; 3362306a36Sopenharmony_cichar payload3[MAX_LEN + MAX_LEN] = { 1 }; 3462306a36Sopenharmony_ci 3562306a36Sopenharmony_ciint payload4_len1 = -1; 3662306a36Sopenharmony_ciint payload4_len2 = -1; 3762306a36Sopenharmony_ciint total4= -1; 3862306a36Sopenharmony_cichar payload4[MAX_LEN + MAX_LEN] = { 1 }; 3962306a36Sopenharmony_ci 4062306a36Sopenharmony_cichar payload_bad[5] = { 0x42, 0x42, 0x42, 0x42, 0x42 }; 4162306a36Sopenharmony_ci 4262306a36Sopenharmony_ciSEC("raw_tp/sys_enter") 4362306a36Sopenharmony_ciint handler64_unsigned(void *regs) 4462306a36Sopenharmony_ci{ 4562306a36Sopenharmony_ci int pid = bpf_get_current_pid_tgid() >> 32; 4662306a36Sopenharmony_ci void *payload = payload1; 4762306a36Sopenharmony_ci long len; 4862306a36Sopenharmony_ci 4962306a36Sopenharmony_ci /* ignore irrelevant invocations */ 5062306a36Sopenharmony_ci if (test_pid != pid || !capture) 5162306a36Sopenharmony_ci return 0; 5262306a36Sopenharmony_ci 5362306a36Sopenharmony_ci len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]); 5462306a36Sopenharmony_ci if (len >= 0) { 5562306a36Sopenharmony_ci payload += len; 5662306a36Sopenharmony_ci payload1_len1 = len; 5762306a36Sopenharmony_ci } 5862306a36Sopenharmony_ci 5962306a36Sopenharmony_ci len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]); 6062306a36Sopenharmony_ci if (len >= 0) { 6162306a36Sopenharmony_ci payload += len; 6262306a36Sopenharmony_ci payload1_len2 = len; 6362306a36Sopenharmony_ci } 6462306a36Sopenharmony_ci 6562306a36Sopenharmony_ci total1 = payload - (void *)payload1; 6662306a36Sopenharmony_ci 6762306a36Sopenharmony_ci ret_bad_read = bpf_probe_read_kernel_str(payload_bad + 2, 1, (void *) -1); 6862306a36Sopenharmony_ci 6962306a36Sopenharmony_ci return 0; 7062306a36Sopenharmony_ci} 7162306a36Sopenharmony_ci 7262306a36Sopenharmony_ciSEC("raw_tp/sys_exit") 7362306a36Sopenharmony_ciint handler64_signed(void *regs) 7462306a36Sopenharmony_ci{ 7562306a36Sopenharmony_ci int pid = bpf_get_current_pid_tgid() >> 32; 7662306a36Sopenharmony_ci void *payload = payload3; 7762306a36Sopenharmony_ci long len; 7862306a36Sopenharmony_ci 7962306a36Sopenharmony_ci /* ignore irrelevant invocations */ 8062306a36Sopenharmony_ci if (test_pid != pid || !capture) 8162306a36Sopenharmony_ci return 0; 8262306a36Sopenharmony_ci 8362306a36Sopenharmony_ci len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]); 8462306a36Sopenharmony_ci if (len >= 0) { 8562306a36Sopenharmony_ci payload += len; 8662306a36Sopenharmony_ci payload3_len1 = len; 8762306a36Sopenharmony_ci } 8862306a36Sopenharmony_ci len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]); 8962306a36Sopenharmony_ci if (len >= 0) { 9062306a36Sopenharmony_ci payload += len; 9162306a36Sopenharmony_ci payload3_len2 = len; 9262306a36Sopenharmony_ci } 9362306a36Sopenharmony_ci total3 = payload - (void *)payload3; 9462306a36Sopenharmony_ci 9562306a36Sopenharmony_ci return 0; 9662306a36Sopenharmony_ci} 9762306a36Sopenharmony_ci 9862306a36Sopenharmony_ciSEC("tp/raw_syscalls/sys_enter") 9962306a36Sopenharmony_ciint handler32_unsigned(void *regs) 10062306a36Sopenharmony_ci{ 10162306a36Sopenharmony_ci int pid = bpf_get_current_pid_tgid() >> 32; 10262306a36Sopenharmony_ci void *payload = payload2; 10362306a36Sopenharmony_ci u32 len; 10462306a36Sopenharmony_ci 10562306a36Sopenharmony_ci /* ignore irrelevant invocations */ 10662306a36Sopenharmony_ci if (test_pid != pid || !capture) 10762306a36Sopenharmony_ci return 0; 10862306a36Sopenharmony_ci 10962306a36Sopenharmony_ci len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]); 11062306a36Sopenharmony_ci if (len <= MAX_LEN) { 11162306a36Sopenharmony_ci payload += len; 11262306a36Sopenharmony_ci payload2_len1 = len; 11362306a36Sopenharmony_ci } 11462306a36Sopenharmony_ci 11562306a36Sopenharmony_ci len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]); 11662306a36Sopenharmony_ci if (len <= MAX_LEN) { 11762306a36Sopenharmony_ci payload += len; 11862306a36Sopenharmony_ci payload2_len2 = len; 11962306a36Sopenharmony_ci } 12062306a36Sopenharmony_ci 12162306a36Sopenharmony_ci total2 = payload - (void *)payload2; 12262306a36Sopenharmony_ci 12362306a36Sopenharmony_ci return 0; 12462306a36Sopenharmony_ci} 12562306a36Sopenharmony_ci 12662306a36Sopenharmony_ciSEC("tp/raw_syscalls/sys_exit") 12762306a36Sopenharmony_ciint handler32_signed(void *regs) 12862306a36Sopenharmony_ci{ 12962306a36Sopenharmony_ci int pid = bpf_get_current_pid_tgid() >> 32; 13062306a36Sopenharmony_ci void *payload = payload4; 13162306a36Sopenharmony_ci long len; 13262306a36Sopenharmony_ci 13362306a36Sopenharmony_ci /* ignore irrelevant invocations */ 13462306a36Sopenharmony_ci if (test_pid != pid || !capture) 13562306a36Sopenharmony_ci return 0; 13662306a36Sopenharmony_ci 13762306a36Sopenharmony_ci len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]); 13862306a36Sopenharmony_ci if (len >= 0) { 13962306a36Sopenharmony_ci payload += len; 14062306a36Sopenharmony_ci payload4_len1 = len; 14162306a36Sopenharmony_ci } 14262306a36Sopenharmony_ci len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]); 14362306a36Sopenharmony_ci if (len >= 0) { 14462306a36Sopenharmony_ci payload += len; 14562306a36Sopenharmony_ci payload4_len2 = len; 14662306a36Sopenharmony_ci } 14762306a36Sopenharmony_ci total4 = payload - (void *)payload4; 14862306a36Sopenharmony_ci 14962306a36Sopenharmony_ci return 0; 15062306a36Sopenharmony_ci} 15162306a36Sopenharmony_ci 15262306a36Sopenharmony_ciSEC("tp/syscalls/sys_exit_getpid") 15362306a36Sopenharmony_ciint handler_exit(void *regs) 15462306a36Sopenharmony_ci{ 15562306a36Sopenharmony_ci long bla; 15662306a36Sopenharmony_ci 15762306a36Sopenharmony_ci if (bpf_probe_read_kernel(&bla, sizeof(bla), 0)) 15862306a36Sopenharmony_ci return 1; 15962306a36Sopenharmony_ci else 16062306a36Sopenharmony_ci return 0; 16162306a36Sopenharmony_ci} 16262306a36Sopenharmony_ci 16362306a36Sopenharmony_cichar LICENSE[] SEC("license") = "GPL"; 164