1// SPDX-License-Identifier: GPL-2.0 2/* Copyright (c) 2020 Facebook */ 3 4#include "vmlinux.h" 5#include <bpf/bpf_helpers.h> 6#include <bpf/bpf_tracing.h> 7#include <bpf/bpf_core_read.h> 8 9#define MAX_LEN 256 10 11char buf_in1[MAX_LEN] = {}; 12char buf_in2[MAX_LEN] = {}; 13 14int test_pid = 0; 15bool capture = false; 16 17/* .bss */ 18__u64 payload1_len1 = 0; 19__u64 payload1_len2 = 0; 20__u64 total1 = 0; 21char payload1[MAX_LEN + MAX_LEN] = {}; 22__u64 ret_bad_read = 0; 23 24/* .data */ 25int payload2_len1 = -1; 26int payload2_len2 = -1; 27int total2 = -1; 28char payload2[MAX_LEN + MAX_LEN] = { 1 }; 29 30int payload3_len1 = -1; 31int payload3_len2 = -1; 32int total3= -1; 33char payload3[MAX_LEN + MAX_LEN] = { 1 }; 34 35int payload4_len1 = -1; 36int payload4_len2 = -1; 37int total4= -1; 38char payload4[MAX_LEN + MAX_LEN] = { 1 }; 39 40char payload_bad[5] = { 0x42, 0x42, 0x42, 0x42, 0x42 }; 41 42SEC("raw_tp/sys_enter") 43int handler64_unsigned(void *regs) 44{ 45 int pid = bpf_get_current_pid_tgid() >> 32; 46 void *payload = payload1; 47 long len; 48 49 /* ignore irrelevant invocations */ 50 if (test_pid != pid || !capture) 51 return 0; 52 53 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]); 54 if (len >= 0) { 55 payload += len; 56 payload1_len1 = len; 57 } 58 59 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]); 60 if (len >= 0) { 61 payload += len; 62 payload1_len2 = len; 63 } 64 65 total1 = payload - (void *)payload1; 66 67 ret_bad_read = bpf_probe_read_kernel_str(payload_bad + 2, 1, (void *) -1); 68 69 return 0; 70} 71 72SEC("raw_tp/sys_exit") 73int handler64_signed(void *regs) 74{ 75 int pid = bpf_get_current_pid_tgid() >> 32; 76 void *payload = payload3; 77 long len; 78 79 /* ignore irrelevant invocations */ 80 if (test_pid != pid || !capture) 81 return 0; 82 83 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]); 84 if (len >= 0) { 85 payload += len; 86 payload3_len1 = len; 87 } 88 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]); 89 if (len >= 0) { 90 payload += len; 91 payload3_len2 = len; 92 } 93 total3 = payload - (void *)payload3; 94 95 return 0; 96} 97 98SEC("tp/raw_syscalls/sys_enter") 99int handler32_unsigned(void *regs) 100{ 101 int pid = bpf_get_current_pid_tgid() >> 32; 102 void *payload = payload2; 103 u32 len; 104 105 /* ignore irrelevant invocations */ 106 if (test_pid != pid || !capture) 107 return 0; 108 109 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]); 110 if (len <= MAX_LEN) { 111 payload += len; 112 payload2_len1 = len; 113 } 114 115 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]); 116 if (len <= MAX_LEN) { 117 payload += len; 118 payload2_len2 = len; 119 } 120 121 total2 = payload - (void *)payload2; 122 123 return 0; 124} 125 126SEC("tp/raw_syscalls/sys_exit") 127int handler32_signed(void *regs) 128{ 129 int pid = bpf_get_current_pid_tgid() >> 32; 130 void *payload = payload4; 131 long len; 132 133 /* ignore irrelevant invocations */ 134 if (test_pid != pid || !capture) 135 return 0; 136 137 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]); 138 if (len >= 0) { 139 payload += len; 140 payload4_len1 = len; 141 } 142 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]); 143 if (len >= 0) { 144 payload += len; 145 payload4_len2 = len; 146 } 147 total4 = payload - (void *)payload4; 148 149 return 0; 150} 151 152SEC("tp/syscalls/sys_exit_getpid") 153int handler_exit(void *regs) 154{ 155 long bla; 156 157 if (bpf_probe_read_kernel(&bla, sizeof(bla), 0)) 158 return 1; 159 else 160 return 0; 161} 162 163char LICENSE[] SEC("license") = "GPL"; 164