1 // SPDX-License-Identifier: GPL-2.0 2 /* Copyright (c) 2020 Facebook */ 3 4 #include "vmlinux.h" 5 #include <bpf/bpf_helpers.h> 6 #include <bpf/bpf_tracing.h> 7 #include <bpf/bpf_core_read.h> 8 9 #define MAX_LEN 256 10 11 char buf_in1[MAX_LEN] = {}; 12 char buf_in2[MAX_LEN] = {}; 13 14 int test_pid = 0; 15 bool capture = false; 16 17 /* .bss */ 18 __u64 payload1_len1 = 0; 19 __u64 payload1_len2 = 0; 20 __u64 total1 = 0; 21 char payload1[MAX_LEN + MAX_LEN] = {}; 22 __u64 ret_bad_read = 0; 23 24 /* .data */ 25 int payload2_len1 = -1; 26 int payload2_len2 = -1; 27 int total2 = -1; 28 char payload2[MAX_LEN + MAX_LEN] = { 1 }; 29 30 int payload3_len1 = -1; 31 int payload3_len2 = -1; 32 int total3= -1; 33 char payload3[MAX_LEN + MAX_LEN] = { 1 }; 34 35 int payload4_len1 = -1; 36 int payload4_len2 = -1; 37 int total4= -1; 38 char payload4[MAX_LEN + MAX_LEN] = { 1 }; 39 40 char payload_bad[5] = { 0x42, 0x42, 0x42, 0x42, 0x42 }; 41 42 SEC("raw_tp/sys_enter") 43 int handler64_unsigned(void *regs) 44 { 45 int pid = bpf_get_current_pid_tgid() >> 32; 46 void *payload = payload1; 47 long len; 48 49 /* ignore irrelevant invocations */ 50 if (test_pid != pid || !capture) 51 return 0; 52 53 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]); 54 if (len >= 0) { 55 payload += len; 56 payload1_len1 = len; 57 } 58 59 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]); 60 if (len >= 0) { 61 payload += len; 62 payload1_len2 = len; 63 } 64 65 total1 = payload - (void *)payload1; 66 67 ret_bad_read = bpf_probe_read_kernel_str(payload_bad + 2, 1, (void *) -1); 68 69 return 0; 70 } 71 72 SEC("raw_tp/sys_exit") 73 int handler64_signed(void *regs) 74 { 75 int pid = bpf_get_current_pid_tgid() >> 32; 76 void *payload = payload3; 77 long len; 78 79 /* ignore irrelevant invocations */ 80 if (test_pid != pid || !capture) 81 return 0; 82 83 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]); 84 if (len >= 0) { 85 payload += len; 86 payload3_len1 = len; 87 } 88 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]); 89 if (len >= 0) { 90 payload += len; 91 payload3_len2 = len; 92 } 93 total3 = payload - (void *)payload3; 94 95 return 0; 96 } 97 98 SEC("tp/raw_syscalls/sys_enter") 99 int handler32_unsigned(void *regs) 100 { 101 int pid = bpf_get_current_pid_tgid() >> 32; 102 void *payload = payload2; 103 u32 len; 104 105 /* ignore irrelevant invocations */ 106 if (test_pid != pid || !capture) 107 return 0; 108 109 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]); 110 if (len <= MAX_LEN) { 111 payload += len; 112 payload2_len1 = len; 113 } 114 115 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]); 116 if (len <= MAX_LEN) { 117 payload += len; 118 payload2_len2 = len; 119 } 120 121 total2 = payload - (void *)payload2; 122 123 return 0; 124 } 125 126 SEC("tp/raw_syscalls/sys_exit") 127 int handler32_signed(void *regs) 128 { 129 int pid = bpf_get_current_pid_tgid() >> 32; 130 void *payload = payload4; 131 long len; 132 133 /* ignore irrelevant invocations */ 134 if (test_pid != pid || !capture) 135 return 0; 136 137 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]); 138 if (len >= 0) { 139 payload += len; 140 payload4_len1 = len; 141 } 142 len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]); 143 if (len >= 0) { 144 payload += len; 145 payload4_len2 = len; 146 } 147 total4 = payload - (void *)payload4; 148 149 return 0; 150 } 151 152 SEC("tp/syscalls/sys_exit_getpid") 153 int handler_exit(void *regs) 154 { 155 long bla; 156 157 if (bpf_probe_read_kernel(&bla, sizeof(bla), 0)) 158 return 1; 159 else 160 return 0; 161 } 162 163 char LICENSE[] SEC("license") = "GPL"; 164